CN111182543A - Method and device for switching network - Google Patents
Method and device for switching network Download PDFInfo
- Publication number
- CN111182543A CN111182543A CN201811341598.5A CN201811341598A CN111182543A CN 111182543 A CN111182543 A CN 111182543A CN 201811341598 A CN201811341598 A CN 201811341598A CN 111182543 A CN111182543 A CN 111182543A
- Authority
- CN
- China
- Prior art keywords
- network
- amf
- identification information
- terminal device
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 352
- 238000013475 authorization Methods 0.000 claims abstract description 259
- 230000008569 process Effects 0.000 claims description 103
- 230000004044 response Effects 0.000 claims description 90
- 238000012545 processing Methods 0.000 claims description 73
- 238000013507 mapping Methods 0.000 claims description 6
- 230000015654 memory Effects 0.000 description 73
- 238000004590 computer program Methods 0.000 description 57
- 230000006870 function Effects 0.000 description 27
- 238000010586 diagram Methods 0.000 description 22
- 230000005540 biological transmission Effects 0.000 description 20
- 238000004891 communication Methods 0.000 description 20
- 230000011664 signaling Effects 0.000 description 14
- 238000013461 design Methods 0.000 description 7
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000004846 x-ray emission Methods 0.000 description 2
- GVVPGTZRZFNKDS-JXMROGBWSA-N geranyl diphosphate Chemical compound CC(C)=CCC\C(C)=C\CO[P@](O)(=O)OP(O)(O)=O GVVPGTZRZFNKDS-JXMROGBWSA-N 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0033—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0055—Transmission or use of information for re-establishing the radio link
- H04W36/0066—Transmission or use of information for re-establishing the radio link of control information between different types of networks in order to establish a new radio link in the target network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/14—Reselecting a network or an air interface
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides a method for switching networks, which can optimize the switching of UE between PLMN and NPN. The method comprises the following steps: the terminal equipment is accessed to a first network; when the terminal equipment determines that the terminal equipment needs to access a second network, the terminal equipment determines the identification information of the second network, wherein one of the first network and the second network is a public network, and the other one is a non-public network; the terminal device sends a first request message to a first access and mobility management function (AMF) of the first network, wherein the first request message carries identification information of a second network and first identification information of the terminal device, and the identification information of the second network and the first identification information of the terminal device are used for authentication and/or authorization of the terminal device in the second network.
Description
Technical Field
The present application relates to the field of wireless communications, and in particular, to a method and an apparatus for switching a network.
Background
The third generation partnership project (3 GPP) introduced the concept of non-public networks (NPN). The NPN architecture refers to the architecture of a 5G core network defined by 3GPP, that is, it is assumed that the NPN network also includes the same network element functions as the 5GC, such as access and mobility management function (AMF), Session Management Function (SMF), and User Plane Function (UPF). According to the existing mechanism, a User Equipment (UE) establishes a Protocol Data Unit (PDU) session in a Public Land Mobile Network (PLMN) to perform an application service of the public PLMN. When the UE moves to the coverage area of the NPN wireless signal, it may be considered that when the UE moves to the NPN network, if service continuity of the PDU session established in the PLMN is guaranteed, since the UE needs to access the NPN network first, it may be necessary to perform an access process of the UE in the NPN network, and reestablish or switch the PDU session for the service of the original PDU session in the NPN network. Or, if the UE establishes the PDU session in the NPN, the UE performs a non-public network (NPN) service. When the UE moves to the PLMN, if the UE wants to access the PLMN, the UE may also have to perform an access procedure at the PLMN and re-establish or switch the PDU session for the traffic of the original PDU session.
However, the related signaling procedures, such as authentication and authorization, involved in the access procedure from the PLMN to the NPN may cause a long time delay for the UE to switch from the PLMN to the NPN.
Disclosure of Invention
The application provides a method for switching networks, which can optimize the switching of UE between PLMN and NPN.
In a first aspect, the present application provides a method for switching a network, including: the terminal equipment is accessed to a first network; when the terminal equipment needs to access a second network, the terminal equipment determines the identification information of the second network, wherein one of the first network and the second network is a public network, and the other one is a non-public network; the terminal equipment sends a first request message to a first access and mobile management function (AMF) of a first network, wherein the first request message carries identification information of a second network and first identification information of the terminal equipment, and the identification information of the second network and the first identification information of the terminal equipment are used for authentication and/or authorization of the terminal equipment in the second network.
According to the technical scheme, when the terminal equipment is located in the first network, before the switching from the first network to the second network occurs, the authentication and/or authorization process in the second network is executed. Since the signaling procedure of authentication and/or authorization is already completed before the handover, the handover procedure can be directly performed when the terminal device moves to the second network, and the handover delay can be reduced.
In addition, the first identification information may be identification information of the terminal device in the first network and/or identification information in the second network. For example, the first identification information may be SUPI or SUCI of a public network. Also for example, the first identification information is an NPN-SUPI or NPN-SUCI of the non-public network.
The method for switching the network is suitable for switching from the public network (such as PLMN) to the non-public network (such as NPN) and also suitable for switching from the non-public network to the public network.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: the terminal device receives a response message of the first request message from the first AMF of the first network, wherein the response message of the first request message comprises authentication and/or authorization information, and the authentication and/or authorization information is used for indicating whether the terminal device passes the authentication and/or authorization of the second network.
Optionally, the response message of the first request message may also include admission information, where the admission information is used to indicate whether to allow the terminal device to access the second network. The admission information may also be authentication and/or authorization information.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: the terminal device receives a response message of a first request message from a first AMF of a first network, the response message of the first request message carries second identification information and/or third identification information of the terminal device, the second identification information is used for determining a first AMF of a second network, the third identification information is used for determining the first AMF of the first network, and the authentication and/or authorization information of the terminal device in the second network is stored in the first AMF of the second network or the first AMF of the first network.
Here, the second identification information and/or the third identification information may be a temporary identification of the terminal device, for example, a GUTI.
In addition, the first AMF of the second network allocates second identification information to the terminal device, so that in the process of switching the terminal device from the first network to the second network, the second AMF of the second network determines the first AMF of the second network according to the second identification information, and acquires authentication and/or authorization information of the terminal device from the first AMF.
Optionally, in the handover process, if the second AMF of the second network is the first AMF of the second network, the first AMF of the second network may determine whether the terminal device passes the authentication and/or authorization of the second network according to the stored authentication and/or authorization information of the terminal device.
As another implementation, the first AMF of the first network allocates third identification information to the terminal device, so that in a handover process of the terminal device from the first network to the second network, the second AMF of the first network determines the first AMF of the first network according to the third identification information, and acquires authentication and/or authorization information of the terminal device from the first AMF of the first network.
Optionally, in the handover process, if the second AMF of the first network is the first AMF of the first network, the first AMF of the first network may determine whether the terminal device passes the authentication and/or authorization of the second network according to the stored authentication and/or authorization information of the terminal device.
With reference to the first aspect, in certain implementations of the first aspect, after the terminal device sends the first request message to the first AMF of the first network, the method further includes: when the terminal device moves to the second network, the access network device of the first network is requested to switch the terminal device from the first network to the second network.
With reference to the first aspect, in some implementations of the first aspect, the requesting, by the terminal device, the access network device of the first network to handover the terminal device from the first network to the second network includes: the terminal device reports the identification information of the second network and/or the information of the access network of the second network to the access network device, so that the access network device determines to execute the switching from the terminal device to the second network; or the terminal device sends a first switching request to the access network device, where the first switching request is used to request to execute switching from the first network to the second network, and the first switching request carries information of the access network of the second network, and second identification information and/or third identification information of the terminal device.
With reference to the first aspect, in some implementations of the first aspect, the determining, by the terminal device, the identification information of the second network includes: the method comprises the steps that a terminal device receives a notification message from a first AMF of a first network, wherein the notification message is used for notifying the terminal device to execute authentication and/or authorization of a second network, and the notification message comprises identification information of the second network and/or information indicating a position area where the terminal device initiates the authentication and/or authorization of the second network; or the terminal device determines the identification information of the second network according to pre-stored configuration information and the current location area, wherein the configuration information includes a mapping relationship between the location area and the identification information of the second network.
In a second aspect, the present application provides a method for switching a network, the method comprising: a first access and mobile management function AMF of a first network determines that an authentication and/or authorization process is carried out on a second network aiming at a terminal device, wherein the terminal device is positioned in the first network, one of the first network and the second network is a public network, and the other one is a non-public network; and the first AMF of the first network sends a second request message to the first AMF of the second network, wherein the second request message carries the identification information of the second network and the first identification information of the terminal equipment, and the identification information of the second network and the first identification information of the terminal equipment are used for authentication and/or authorization of the terminal equipment in the second network.
Here, the identification information of the second network may be, for example, a cell identifier of the second network or identification information of the access network device.
With reference to the second aspect, in some implementations of the second aspect, the determining, by the first AMF of the first network, that the terminal device is to be authenticated and/or authorized in the second network includes: the first AMF of the first network receives a first request message from the terminal equipment, wherein the first request message is used for requesting to execute authentication and/or authorization of the terminal equipment in the second network, and the first request message carries identification information of the second network and position information of the terminal equipment.
With reference to the second aspect, in some implementations of the second aspect, before the first AMF of the first network sends the second request message to the first AMF of the second network, the method further includes: and the first AMF of the first network determines the first AMF of the second network according to the identification information of the second network and/or the position information of the terminal equipment.
With reference to the second aspect, in certain implementations of the second aspect, the method further includes: the first AMF of the first network receives a response message of the second request message from the first AMF of the second network, wherein the response message of the second request message comprises authentication and/or authorization information which is used for indicating whether the terminal equipment passes the authentication and/or authorization for accessing the second network.
With reference to the second aspect, in some implementations of the second aspect, the response message of the first request message further includes second identification information and/or third identification information of the terminal device, where the second identification information is used to determine the first AMF of the second network, and the third identification information is used to determine the first AMF of the first network, and the first AMF of the second network or the first AMF of the first network holds the authentication and/or authorization information.
With regard to the second identification information and the third identification information, the description in the first aspect may be referred to.
In a third aspect, the present application provides a method for switching a network, including: a second access and mobility management function (AMF) of the first network receives a second handover request from an access network device of the first network, wherein the second handover request is used for requesting to handover the terminal device to a second network, and the second handover request comprises third identification information of the terminal device and/or identification information of the second network, one of the first network and the second network is a public network, and the other one of the first network and the second network is a non-public network; the second AMF of the first network acquires authentication and/or authorization information of the terminal equipment in the second network from the first AMF of the first network according to the third identification information of the terminal equipment, wherein the authentication and/or authorization information is used for indicating whether the terminal equipment passes the authentication and/or authorization of the second network, and the first AMF of the first network is the AMF which executes the authentication and/or authorization process of the terminal equipment in the second network; and the second AMF of the first network performs the switching of the terminal equipment from the first network to the second network under the condition that the terminal equipment determines the authentication and/or authorization of the second network according to the authentication and/or authorization information.
Here, the second AMF of the first network is an AMF in the first network that performs handover of the terminal device from the first network to the second network. And the first AMF of the first network is an AMF in the first network that performs an authentication and/or authorization procedure of the terminal device in the second network. Due to the movement of the terminal device, the AMF performing the handover of the terminal device to the second network may not already be the AMF performing the authentication and/or authorization procedure of the terminal device at the second network. Therefore, the second AMF of the first network may determine the first AMF of the first network according to the third identification information, and obtain the authentication and/or authorization information of the terminal device from the first AMF of the first network, thereby determining whether the terminal device may be handed over to the second network.
With reference to the third aspect, in some implementations of the third aspect, the performing, by the second AMF of the first network, handover of the terminal from the first network to the second network includes: and the second AMF of the first network sends a third request message to the second AMF of the second network, wherein the third request message is used for requesting to establish a context for the terminal equipment, and the third request message carries the identification information of the access network equipment of the first network.
Specifically, the second AMF of the first network obtains the authentication and/or authorization information of the terminal device from the first AMF of the first network, and if the terminal device passes the authentication and/or authorization process of the second network, the second AMF of the first network sends a third request message to the second AMF of the second network, and requests the AMF of the second network to establish a context for the terminal device. The third request message may carry identification information of the access network device of the first network. Optionally, the third request message may also carry identification information of the AMF of the first network.
With reference to the third aspect, in some implementation manners of the third aspect, the third request message further carries context information of the terminal device.
In a fourth aspect, the present application provides a method for switching a network, including: a second AMF of a second network receives a third request message from a second AMF of a first network, wherein the third request message is used for requesting to switch the terminal equipment from the first network to the second network, the third request message carries identification information of the first AMF of the second network and/or second identification information of the terminal equipment, one of the first network and the second network is a public network, and the other one of the first network and the second network is a non-public network; the second AMF of the second network acquires the authentication and/or authorization information of the terminal equipment in the second network from the first AMF of the second network according to the identification information of the first AMF of the second network and/or the second identification information of the terminal equipment, wherein the authentication and/or authorization information is used for indicating whether the terminal equipment passes the authentication and/or authorization of the second network; and the second AMF of the second network executes the switching of the terminal equipment from the first network to the second network under the condition that the authentication and/or authorization of the terminal equipment through the second network is determined according to the authentication and/or authorization information.
In the third aspect described above, it is determined by the second AMF of the first network whether the terminal device passes authentication and/or authorization at the second network. The fourth aspect is implemented as another implementation manner, and determining, by a second AMF of the second network, whether the terminal device passes authentication and/or authorization of the second network. Specifically, the second AMF of the second network determines the first AMF of the second network (that is, the AMF performing authentication and/or authorization of the terminal device in the second network) according to the second identification information of the terminal device or the identification information of the first AMF of the second network, and obtains the authentication and/or authorization information of the terminal device from the first AMF of the second network, so as to determine whether the terminal device passes the authentication and/or authorization of the second network. If the terminal device passes the authentication and/or authorization of the second network, a handover of the terminal device from the first network to the second network is performed.
Optionally, if the second AMF of the second network described in the fourth aspect is the first AMF of the second network, the first AMF of the second network holds authentication and/or authorization information of the terminal device, so that it may also be determined whether the terminal device passes the authentication and/or authorization of the second network, thereby determining whether the terminal device may be handed over to the second network.
The following fifth and sixth aspects are methods of switching networks applicable to architecture two in the embodiment of the present application.
In a fifth aspect, the present application provides a method for switching a network, including: a first access and mobility management function (AMF) of the first network receives a fourth request message from the terminal equipment in the first network, wherein the fourth request message is used for requesting to execute authentication and/or authorization of the terminal equipment in a second network, one of the first network and the second network is a public network, and the other one is a non-public network; a first AMF of the first network sends a fifth request message to the interface device, where the fourth request message is used to request the initiation of authentication and/or authorization of the terminal device in the second network, and the fourth request message carries identification information of the second network and/or location information of the terminal device.
With reference to the fifth aspect, in certain implementations of the fifth aspect, the method further comprises: and the first AMF receives a response message of a fifth request message from the interface equipment, wherein the response message of the fifth request message comprises authentication and/or authorization information, and the authentication and/or authorization information is used for indicating whether the terminal equipment passes the authentication and/or authorization of the second network.
In a sixth aspect, the present application provides a method for switching a network, including: the interface device receives a fifth request message from a first AMF of a first network, wherein the fifth request message is used for requesting the terminal device in the first network to access a second network, and the fifth request message carries identification information of the second network and/or position information of the terminal device, wherein one of the first network and the second network is a public network, and the other one of the first network and the second network is a non-public network; the interface equipment determines a first AMF of the second network according to the identification information of the second network and/or the position information of the terminal equipment; the interface device sends a sixth request message to the first AMF of the second network, where the sixth request message is used to request to perform authentication and/or authorization of the terminal device in the second network.
With reference to the sixth aspect, in certain implementations of the sixth aspect, the method further comprises: the interface device receives a response message of a sixth request message from the first AMF of the second network, wherein the response message of the sixth request message comprises authentication and/or authorization information, and the authentication and/or authorization information is used for indicating whether the terminal device passes the authentication and/or authorization of the second network; and/or; the interface device sends a response message of a fifth request message to the first AMF of the first network, wherein the response message of the fifth request message comprises the authentication and/or authorization information.
With reference to the sixth aspect, in certain implementations of the sixth aspect, the method further comprises: the interface device stores authentication and/or authorization information of the terminal device in the second network.
In the fifth and sixth aspects, the first network and the second network do not communicate directly with each other, but communicate with each other via an interface, whereby security of communication can be provided.
In a seventh aspect, the present application provides a communication device configured to perform the method of the first aspect or any possible implementation manner of the first aspect. In particular, the communication device comprises means for performing the method of the first aspect or any possible implementation manner of the first aspect.
In an eighth aspect, the present application provides a communication device for performing the method of the second aspect or any possible implementation manner of the second aspect. In particular, the communication device comprises means for performing the method of the second aspect or any possible implementation of the second aspect.
In a ninth aspect, the present application provides a communications apparatus configured to perform the method of the third aspect or any possible implementation manner of the third aspect. In particular, the communication device comprises means for performing the method of the third aspect or any possible implementation manner of the third aspect.
In a tenth aspect, the present application provides a communication device for performing the method of the fourth aspect or any possible implementation manner of the fourth aspect. In particular, the communication device comprises means for performing the method of the fourth aspect or any possible implementation manner of the fourth aspect.
In an eleventh aspect, the present application provides a communication device for performing the method of the fifth aspect or any possible implementation manner of the fifth aspect. In particular, the communication device comprises means for performing the method of the fifth aspect or any possible implementation of the fifth aspect.
In a twelfth aspect, the present application provides a communication device for performing the method of the sixth aspect or any possible implementation manner of the sixth aspect. In particular, the communication device comprises means for performing the method of the sixth aspect or any possible implementation manner of the sixth aspect.
In a thirteenth aspect, the present application provides a terminal device comprising a transceiver, a processor, and a memory. The processor is configured to control the transceiver to transmit and receive signals, the memory is configured to store a computer program, and the processor is configured to call and execute the computer program stored in the memory, so that the terminal device executes the method in the first aspect and any possible implementation manner of the first aspect.
In a fourteenth aspect, the present application provides a network device comprising a transceiver, a processor, and a memory. The processor is configured to control the transceiver to transmit and receive signals, the memory is configured to store a computer program, and the processor is configured to call and execute the computer program stored in the memory, so that the terminal device executes the method in the second aspect and any possible implementation manner of the second aspect.
In a fifteenth aspect, the present application provides a network device comprising a transceiver, a processor, and a memory. The processor is configured to control the transceiver to transmit and receive signals, the memory is configured to store a computer program, and the processor is configured to call and execute the computer program stored in the memory, so that the terminal device executes the method in any possible implementation manner of the third aspect and the third aspect thereof.
In a sixteenth aspect, the present application provides a computer-readable storage medium having stored therein instructions that, when executed on a computer, cause the computer to perform the method of the first aspect or any possible implementation manner of the first aspect.
In a seventeenth aspect, the present application provides a computer-readable storage medium having stored therein instructions that, when executed on a computer, cause the computer to perform the method of the second aspect or any possible implementation manner of the second aspect.
In an eighteenth aspect, the present application provides a computer-readable storage medium having stored therein instructions, which, when executed on a computer, cause the computer to perform the method of the third aspect or any possible implementation manner of the third aspect.
In a nineteenth aspect, the present application provides a chip, which includes a memory and a processor, where the memory is used to store a computer program, and the processor is used to call and execute the computer program from the memory, so as to execute the method in the first aspect and any possible implementation manner of the first aspect.
In a twentieth aspect, the present application provides a chip comprising a memory for storing a computer program and a processor for calling and executing the computer program from the memory to perform the method of the second aspect and any possible implementation manner of the second aspect.
In a twenty-first aspect, the present application provides a chip, which includes a memory and a processor, where the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so as to execute the method in the third aspect and any possible implementation manner of the third aspect.
Optionally, in the above nineteenth aspect, in the twentieth aspect, the chip of the twentieth aspect includes only a processor, and the processor is configured to read and execute the computer program stored in the memory.
In a twenty-second aspect, the present application provides a computer program product comprising computer program code which, when run on a computer, causes the computer to perform the method of the above-mentioned first aspect or any possible implementation thereof.
In a twenty-third aspect, the present application provides a computer program product comprising computer program code which, when run on a computer, causes the computer to perform the method of the second aspect described above or any possible implementation thereof.
In a twenty-fourth aspect, the present application provides a computer program product comprising computer program code which, when run on a computer, causes the computer to perform the method of the above-mentioned third aspect or any possible implementation thereof.
In a twenty-fifth aspect, the present application further provides a communication system, including the terminal device in the first aspect, the first AMF of the first network in the second aspect, and/or the second AMF of the first network in the third aspect. Optionally, a first AMF of the second network and/or a second AMF of the second network may also be included.
According to the technical scheme, when the terminal equipment is located in the first network, before the switching from the first network to the second network occurs, the authentication and/or authorization process in the second network is executed. Because the signaling process of authentication and/or authorization is completed before the switching, when the terminal device moves to the second network, the switching process can be directly executed, packet loss or data packet transmission delay increase caused by overlarge switching delay is avoided, and the service continuity of the terminal device can be ensured, so that the switching of the terminal device between the first network and the second network can be optimized.
Drawings
Fig. 1 (a) and (b) are schematic diagrams of a UE accessing a public network and a non-public network, respectively.
Fig. 2 is a network architecture suitable for use with embodiments of the present application.
Fig. 3 is a schematic diagram of a method 200 for switching networks provided in the present application.
Fig. 4 is an example of a handover network provided herein.
Fig. 5 is another network architecture suitable for use with embodiments of the present application.
Fig. 6 is a schematic diagram of a method 500 for switching networks provided in the present application.
Fig. 7 is another example of a handover network provided herein.
Fig. 8 is a schematic block diagram of an apparatus 800 for switching a network provided herein.
Fig. 9 is a schematic block diagram of an apparatus 900 for switching a network provided in the present application.
Fig. 10 is a schematic block diagram of an apparatus 1000 for switching a network provided in the present application.
Fig. 11 is a schematic block diagram of an apparatus 2000 for switching a network provided in the present application.
Fig. 12 is a schematic configuration diagram of a terminal device 3000 provided in the present application.
Fig. 13 is a schematic structural diagram of a network device 4000 provided in the present application.
Fig. 14 is a schematic structural diagram of the network device 5000 provided in the present application.
Fig. 15 is a schematic structural diagram of a network device 6000 provided in the present application.
Fig. 16 is an example of the structure of a terminal device 7000 provided in the present application.
Detailed Description
The technical solution in the present application will be described below with reference to the accompanying drawings.
Currently, the 3GPP standards organization introduces the concept of non-public networks (NPN). Alternatively, the non-public network is also referred to as a private network. The network architecture of the NPN refers to the network architecture of a 5G core (5G core,5GC), and thus, the NPN also includes the functions of network elements similar to the 5GC, for example, the NPN also includes the functions of network elements such as AMF, SMF, UPF, AUSF, and UDM.
Referring to fig. 1, (a) and (b) of fig. 1 are schematic diagrams of a UE accessing a public network and a non-public network, respectively. The public network may be, for example, a Public Land Mobile Network (PLMN). As shown in fig. 1 (a), the UE obtains services provided by the PLMN through an access network and a core network of the PLMN. As shown in fig. 1 (b), the UE obtains a service provided by the non-public network through an access network and a core network of the non-public network. In fig. 1 (a) and (b), gNB denotes an access network device, and 5GC (5G core) denotes a 5G core network.
According to the existing mechanism, the UE establishes a PDU session in the PLMN to obtain the services provided by the PLMN. When the UE moves to the NPN network, that is, the UE is in an area covered by a wireless signal of the NPN network, the application data flow service in the PDU session established by the PLMN may still be performed through the NPN network device, and it is necessary to first perform an access process of the UE in the NPN network, where the access process includes an authentication and/or authorization process, and after the authentication and/or authorization process is passed, the NPN network may be considered to allow the UE to access the network, and then, a transmission path of the application data flow may be migrated to the NPN network through re-establishing the PDU session or a handover process, and the like. Accordingly, if the UE establishes a PDU session at the NPN, the service provided by the NPN is obtained. When the UE moves to the PLMN network, that is, the UE is within the coverage of the PLMN wireless signal, and the application data stream in the PDU session established by the UE in the original NPN may still be transmitted through the network device of the PLMN, then the UE also needs to perform an access process in the PLMN, including an authentication and/or authorization procedure, and then switch the data transmission channel of the PDU session to the PLMN network through the PDU session establishment process or the handover process.
In the above two scenarios, when the UE moves between the public network and the non-public network, the time delay of the UE accessing the network may be too long due to the authentication and/or authorization flows accessing the public network and the non-public network, which may cause the problems of packet loss and increased transmission delay of data packets, and thus may not meet the requirement of the service continuity of the UE.
Therefore, the application provides a method for switching networks, so that when the UE moves between a public network and a non-public network, the transmission delay of the service with continuous service connection requirements can be shortened, the packet loss is reduced, and the requirement of the service continuity of the UE is met.
Before describing the method for switching a network of the present application, a system architecture of the method for switching a network of the present application is first described. The present application proposes two network architectures, both of which can satisfy the requirement for UE to switch between public and non-public networks, which are described below.
Is constructed as
Referring to fig. 2, fig. 2 is a network architecture suitable for use in embodiments of the present application. As shown in fig. 2, in the first architecture, the functional device of the NPN core network and the functional device of the PLMN core network may communicate with each other through an interface. For example, the NPN AMF may interwork with the AMF of the PLMN, and the NPN UPF and the UPF of the PLMN may interwork through the N4 interface. Optionally, the SMF of the NPN and the SMF of the PLMN communicate with each other through their respective UPFs.
The following describes how to perform handover of a UE between a PLMN and an NPN in architecture one.
Referring to fig. 3, fig. 3 is a schematic diagram of a method 200 for switching networks provided in the present application. The method 200 involves a terminal device, a first AMF of a first network, a second AMF, and an AMF of a second network.
201. The terminal equipment accesses a first network.
202. The terminal device determines that access to the second network is required.
In steps 201 and 202, one of the first network and the second network is a public network (e.g., PLMN) and the other is a non-public network (e.g., NPN). The terminal device is located in the first network, or may consider that the UE determines that it needs to access the second network when the UE is located in the coverage area of the radio signal of the first network. Optionally, the terminal device determines that the second network needs to be accessed, which may include the following two ways.
The terminal device receives a notification message from the first AMF of the first network, the notification message being used for notifying the terminal device to execute an access procedure in the second network.
The notification message may include identification information of the second network determined by the first AMF, and/or be used to instruct the terminal device to initiate a procedure for accessing the second network.
Specifically, the first AMF may determine the second network according to a location area where the terminal device is currently located, and indicate the identification information of the second network to the terminal device through the notification message. Alternatively, the first AMF indicates to the terminal device location areas where authentication and/or authorization may be initiated and initiates a procedure to access the second network when the terminal device moves to these location areas. Optionally, the location area in the notification message for instructing the terminal device to initiate access to the second network may be one or more. When there are multiple location areas, there may be multiple second networks in the vicinity of the first network, and when the terminal device moves to the vicinity of one of the second networks, a process of accessing the second network is initiated.
Mode 2
And the terminal equipment determines to be accessed to the second network according to the pre-stored configuration information and the current position area.
The configuration information pre-stored by the terminal device may include a mapping relationship between the location area and the identification information of the second network. Alternatively, the pre-stored configuration information may be obtained from other network devices.
It should be noted that the configuration information includes mapping relationship between the identification information of the second network and the location area. For each given location area, one or more second networks corresponding to the location area may be determined. And when the terminal equipment determines that the second network needs to be accessed according to the current position area, the terminal equipment determines a second network identifier corresponding to the current position area through the configuration information. Optionally, if the location area where the terminal device is currently located corresponds to a plurality of second networks, the terminal device may select one of the plurality of second networks to perform the process of accessing the network.
203. The terminal device determines identification information of the second network.
The terminal device determines two ways to access the second network based on the two ways described in step 202, and correspondingly, the terminal device may include two ways to determine the identification information of the second network, but is not limited thereto. It is to be understood that the identification information of the second network, i.e. the second network performing the access procedure, is determined. For example, the terminal device may determine the identification information of the second network from the notification message sent by the first AMF. For another example, the terminal device determines the second network corresponding to the location area where the terminal device is located according to the mapping relationship between the location area where the terminal device is located and the second network.
The sequence of the step 202 and the step 203 is not limited.
204. The terminal device sends a first request message to a first AMF of a first network. A first AMF of a first network receives a first request message from a terminal device. The first request message may be a registration request message or uplink transmission signaling.
The first request message is used for requesting the first AMF of the first network to perform authentication and/or authorization of the terminal device in the second network. The first request message carries identification information of the second network and first identification information of the terminal device. The first request message may be, for example, a non-access stratum (NAS) message. If the first request message is an uplink transmission signaling, the signaling may further include registration request indication information, and the first network performs an access procedure, including an authentication and/or authorization procedure, to the UE in the second network according to the registration request indication information and the second network identification information.
Here, the first identification information of the terminal device may be identification information of the terminal device in the first network and/or identification information in the second network. For example, the first identification information may be a subscriber permanent subscription identifier (SUPI) of the public network. Or, for security, may be a subscription hidden identifier (SUCI). For another example, the first identifier may be a non-public network user permanent subscription identifier (NPN-SUPI), or may be a subscription hidden identifier (NPN-SUCI) for security reasons
Optionally, the first request message may be a trigger message for the terminal device to perform authentication and/or authorization in the second network. In this case, the first AMF of the first network receives the first request message, and then performs step 205. Optionally, as another implementation, the first request message may further carry first indication information, where the first indication information is used to indicate that the first AMF initiates an authentication and/or authorization procedure from the terminal device to the second network. In this case, the first AMF triggers step 205 to be executed according to the first indication information carried in the first request message.
205. The first AMF of the first network sends a second request message to the first AMF of the second network. The first AMF of the second network receives the second request message from the first AMF of the first network.
Wherein the second request message is used for requesting the first AMF of the second network to execute authentication and/or authorization of the terminal device in the second network. The second request message carries the first identification information of the terminal device. The first identification information may be SUPI and/or NPN-SUPI. Alternatively, SUCI or NPN-SUCI. Optionally, the second request message further carries identification information of the second network.
Further optionally, the second request message may also include second indication information, where the second indication information is used to instruct the first AMF of the second network to perform authentication and/or authorization of the terminal device in the second network. Or the first AMF of the second network executes the triggering message of the authentication and/or authorization of the terminal equipment in the second network according to the message name of the second request message. This application is not intended to be limiting.
206. The first AMF of the second network performs an authentication and/or authorization process of the UE at the second network.
Optionally, the first AMF of the second network may maintain authentication and/or authorization information of the UE. The authentication and/or authorization information is used to indicate whether the UE passes the authentication and/or authorization procedure of the second network. Further, when the first AMF of the second network stores the authentication and/or authorization information of the UE, the first AMF of the second network may assign second identification information to the terminal device, so as to obtain the authentication and/or authorization information of the UE from the first AMF of the second network during the handover procedure. The second identification information may be a temporary identification of the terminal device. As an example, in 5G, the second identification information of the terminal device may be a globally unique temporary UE identity (GUTI), which is hereinafter referred to as 5G-GUTI.
Further, the method 200 further includes step 207.
207. The first AMF of the first network receives a response message of the second request message from the first AMF of the second network.
And the response message of the second request message comprises admission information, and the admission information is used for indicating whether the terminal equipment can access the second network. Alternatively, the admission information is used to indicate authentication and/or authorization information of the terminal device at the second network. That is, the admission information may be authentication and/or authorization information for indicating an authentication and/or authorization result of the terminal device at the second network for determining whether the UE passes the authentication and/or authorization procedure.
Optionally, if the first AMF of the second network allocates the second identification information to the terminal device, the response message of the second request message also carries the second identification information. Or, the response message of the second request message includes the identification information of the first AMF of the second network.
Optionally, the first AMF of the first network may store the identification information of the first AMF of the second network and/or the second identification information of the terminal device.
Optionally, the first AMF of the first network may also allocate third identification information to the terminal device. For example, when the response message of the second request message includes the authentication and/or authorization information of the UE, the first AMF of the first network stores the authentication and/or authorization information of the UE in the second network, and allocates the third identification information to the terminal device. In order to obtain authentication and/or authorization information of the UE in the second network from the first AMF of the first network when performing a handover procedure for the UE.
Further, after the first AMF of the first network receives the response message of the second request message, step 208 is performed.
208. The first AMF of the first network transmits a response message of the first request message to the terminal device. The terminal device receives a response message of the first request message from the first AMF of the first network.
And the response message of the first request message comprises authentication and/or authorization information of the terminal equipment in the second network. Optionally, the response message of the first request message may include admission information.
Optionally, the response message of the first request message further carries second identification information and/or third identification information of the terminal device.
The above steps 201-208 complete the authentication and/or authorization process of the terminal device in the second network. Subsequently, when the terminal device moves to the second network, or when the terminal device moves into the coverage area of the wireless signal of the second network, the network side device (including the access network device and the core network device) may perform a handover procedure for the terminal device from the first network to the second network, as described in steps 209 to 214 below.
It should be noted that the above steps 201-208 are independent from the following steps 209-214. In other words, the authentication and/or authorization procedure and the handover procedure are two separate procedures.
209. An access network device of a first network performs a handover for a UE from the first network to a second network.
The specific implementation modes are two types:
the first method is as follows: the UE decides to trigger the handover procedure. And the UE sends a switching request message to the access network equipment of the first network, and the access network equipment of the first network executes a switching process from the first network to the second network according to the switching request message.
For example, the terminal device sends a first handover request to the access network device. The access network device receives a first handover request from the terminal device. The first switching request is used for requesting the access network equipment to initiate the switching from the terminal equipment to the second network. The first handover request may include information related to an access network of the second network, for example, a cell identifier or identification information of an access network device. The name of the first handover request message is not limited.
The second method comprises the following steps: the access network device triggers a handover procedure. Before determining the handover, the access network device of the first network receives relevant information, such as a cell identifier or identifier information of the access network device, of the access network of the second network, which is reported by the terminal device. And the access network equipment of the first network determines whether to execute the switching according to the relevant information of the access network of the second network and/or the information of the access network of the first network where the UE is currently located. For example, the access network of the first network determines the quality of the wireless channel of the first network where the access network currently exists, and if the quality of the wireless channel is lower than a certain threshold, the access network device of the first network may initiate to perform a handover procedure. When the access network device determines to perform handover, the following step 210 is performed.
Optionally, if the terminal device obtains second identification information allocated to the terminal device by the first AMF of the second network or third identification information allocated to the terminal device by the first AMF of the first network in the process of performing authentication and/or authorization, the UE carries the second identification information and/or the third identification information in the request or the message sent to the access network device. For example, in the first mode of step 209, the first handover request carries the second identification information and/or the third identification information of the terminal device. For another example, in the second mode of step 209, the terminal device reports the second identification information and/or the third identification information of the terminal device in addition to the relevant information of the access network of the second network.
In actual handover, after the access network device of the first network determines to perform handover, the first access network device may request the second AMF of the first network to perform a handover procedure. After the second AMF of the first network receives the message requesting to execute the handover procedure sent by the access network device of the first network, the second AMF of the first network and/or the second AMF of the second network determines whether the terminal device completes the authentication and/or authorization process in the second network, if the terminal device completes the authentication and/or authorization process successfully, the handover process continues to be executed, otherwise, the handover fails.
210. The access network device of the first network sends a second handover request to a second AMF of the first network. The second AMF of the first network receives a second handover request from the access network device.
And the second switching request carries information for identifying the terminal equipment. The access network device may determine the identification information of the access network device of the second network according to the relevant information of the access network of the second network received from the terminal device. Then, the second handover request may also carry identification information of the access network device of the second network.
Optionally, the second handover request further carries second identification information and/or third identification information of the terminal device.
Optionally, the second handover request further carries location information of the terminal device.
211. Optionally, the first network second AMF determines whether the terminal device passes the authentication and/or authorization process at the second network.
It should be noted that, due to the movement of the terminal device in the first network, the AMF performing the handover procedure in the first network may be an AMF performing authentication and/or authorization of the terminal device in the second network (i.e., the first AMF described above), or may be another AMF different from the first AMF in the first network. That is, the second AMF in steps 210-212 may be different from the first AMF of the first network described above, and it is also possible that the second AMF is the first AMF, which is not limited in this application.
The specific process of the second AMF of the first network determining whether the terminal device passes the authentication and/or authorization procedure of the second network may be:
the first condition is as follows: the second AMF of the first network is the same as the first AMF of the first network. Then, the second AMF of the first network may determine whether the UE is authenticated according to the authentication and/or authorization information of the UE stored by the second AMF of the first network. The authentication and/or authorization information of the UE may be obtained in the process described in step 207.
Case two: the second AMF of the first network is different from the first AMF of the first network. Then, the second AMF of the first network may determine the first AMF according to the second identification information of the UE. Then, the second AMF requests the first AMF to acquire the authentication and/or authorization information of the UE.
If the UE authentication and/or authorization is successful in step 211, the following step 212 is performed, otherwise the handover fails. And if the switching fails, the second AMF of the first network sends a response message to the access network equipment of the first network to indicate that the switching process fails.
212. The second AMF of the first network determines a second AMF of the second network and sends a third request message to the second AMF of the second network.
Specifically, the second AMF of the first network may determine the second AMF of the second network according to at least one of the identification information of the second network, the location information of the UE, and the identification information of the access network device of the second network, which are carried in the second handover request, and send a third request message to the second AMF of the second network, so as to establish a context for the terminal device in the AMF of the second network.
And the third request message sent by the second AMF of the first network to the second AMF of the second network carries the identification of the access network equipment of the first network. Optionally, the identification information of the SMF of the first network may also be included.
Optionally, the third request message may further include second identification information allocated by the first AMF of the second network to the UE, or further include identification information of the first AMF of the second network.
Subsequently, the second AMF of the second network sends a context creation request of the terminal device to the SMF of the second network, and enters a handover execution preparation phase. And then, establishing a data forwarding tunnel before the first network and the second network, and entering a switching execution stage.
Optionally, the third request message includes context information of the PDU session, including Quality of service (QOS) information of the PDU session, so that the second network performs corresponding QOS on the PDU session.
213. Optionally, a second AMF of the second network may determine whether the UE passes the authentication and/or authorization process of the second network.
Specifically, if the second AMF of the second network is the same as the first AMF of the second network, the second AMF of the second network holds authentication and/or authorization information of the UE. Thus, the second AMF of the second network may determine whether the UE passes the authentication and/or authorization procedure.
If the second AMF of the second network is different from the first AMF of the second network, the second AMF of the second network may determine the first AMF identity of the second network according to the identity information of the first AMF of the second network or the second identity information of the UE, which is carried in the third request message received in step 212.
The second AMF of the second network may request authentication and/or authorization information of the UE from the first AMF of the second network, so that the second AMF of the second network determines whether the UE passes the authentication and/or authorization procedure of the UE of the second network.
214. If the authentication and/or authorization process is passed, a handover process is subsequently performed.
The handover procedure is briefly described as follows:
(1) after the second AMF of the second network receives the message of the second AMF of the first network, the second AMF of the second network may select the SMF of the second network according to an SMF selection rule, such as location information, load condition, etc., and the AMF sends a create session context request message to the SMF, where the message includes a PDU session identifier and context information of the PDU session, such as QOS, etc.
(2) The SMF selects the UPF function device, and the SMF sends a message to the UPF to request to establish a user plane.
(3) The second AMF of the second network sends the handover request to the access network device of the second network, and the access network device of the second network is determined by the second AMF device of the second network according to the access network device information of the second network sent by the second AMF of the first network. The access network device of the second network sends a handover request acknowledge message to the second AMF of the second network. In this process, the access network allocates tunnel information of the user plane transmission channel to the user plane.
(4) And the second AMF of the second network sends a session context updating message to the second SMF so as to update the user plane transmission channel according to the data transmission channel information of the access network received in the step 3.
(5) After the above process, the data forwarding channel is successfully established. The second AMF of the second network sends the response message in step 1 above to the second AMF of the first network, and the message name may be a create context response message.
(6) And the second AMF of the first network sends a switching command to the access network equipment of the first network, and the access network equipment sends the switching command to the UE.
(7) The terminal device performs the handover. And sending the uplink data to the access network equipment of the second network.
(8) The access network of the second network sends a handover notification message to the AMF of the second network. The AMF of the second network notifies the AMF of the first network of the handover.
(9) The establishment of the transmission channel of the downlink data is successful.
(10) And the first network and the second AMF inform the access network equipment to delete the user context. If a data forwarding path is established, the data forwarding path may be deleted.
Through the above process, the handover process is completed. During this handover and after the handover is completed, the AMF of the first network and the AMF of the second network participate together in the management of the PDU session.
It should be noted that, in fig. 3, steps 213 to 214 are shown by dashed lines, which is an alternative implementation.
The application of the method for switching networks in the first architecture is described in detail above. A specific example of the method for switching the network provided by the present application in architecture one is given below with reference to fig. 4.
Referring to fig. 4, fig. 4 is an example of a handover network provided herein. As shown in fig. 4, the flow of the terminal device switching from the public network to the non-public network or switching from the non-public network to the public network is described in fig. 4 by taking the handover between the PLMN and the NPN as an example. It should be understood that the PLMN is an example of a public network and the NPN is an example of a non-public network. Fig. 3 illustrates an example of switching the terminal device from the PLMN to the NPN, that is, the first network is the PLMN and the second network is the NPN. When the terminal device switches from NPN to PLMN, the flow of the handover is similar.
301. The UE establishes a PDU session in the PLMN.
Step 301 may be the same as the existing mechanism for the UE to establish a PDU session in the PLMN.
302. The UE determines to perform an access procedure at the NPN before the handover procedure occurs.
Here, the advance may refer to a process in which the UE performs access to the NPN when not moving to the NPN. It should be noted that, if the UE moves to the NPN and initiates the handover process, then performs the signaling procedure accessing the NPN, including the authentication and/or authorization process, because the authentication and/or authorization process takes a long time, the time of the handover process is long, and packet loss or transmission delay may occur. The technical scheme of the application is that the UE completes the signaling process of accessing the NPN before executing the switching process from the PLMN to the NPN. The access signaling procedures (including authentication and/or authorization procedures) need not be performed at the time of handover, and the access procedures can be shortened, thereby enabling fast handover.
303. The UE determines identification information of the NPN.
The UE may determine the identification information of the NPN according to the current location area and/or subscription information of the UE.
Step 303 can be referred to the description of step 203 above, and is not described here again.
304. The UE sends a first request message to a first AMF of the PLMN, which receives the first request message from the UE. Specifically, the first request message may be a registration request message (registration request) or an Uplink transfer (Uplink transfer).
The first request message carries NPN identification information and first identification information of the UE. And when the first request message is a registration request message, the first AMF performs an authentication and/or authorization process of the NPN network on the UE according to the registration request message, the NPN identification, the UE identification information and the like. Or, when the first request message is an uplink signaling transmission message, the message may include registration request indication information, and the first AMF may perform an authentication and/or authorization process on the NPN with respect to the UE according to the registration request indication information, the NPN identity, the UE identity information, and the like.
It should be noted that the first identification information of the UE may be a permanent identification of the UE on the PLMN and/or a permanent identification of the UE on the NPN. For example, the first identification information may be SUPI and/or NPN-SUPI. Optionally, for security, the first identity information may also be a subscription hidden identity (suic) of the UE on the PLMN or NPN.
305. The first AMF of the PLMN determines a first AMF of the NPN.
Specifically, the first AMF of the PLMN may determine the first AMF of the NPN according to the identification information of the NPN and/or the location information of the UE carried in the received first request message. The identification information of the NPN may be, for example, an identification of a cell of the NPN, or may be identification information of an access network device of the NPN.
306. The first AMF of the PLMN sends a second request message to the first AMF of the NPN, and the first AMF of the NPN receives the second request message.
And the second request message is used for requesting the first AMF of the NPN to execute the authentication and/or authorization of the UE at the NPN. The second request message carries the identification information of the NPN and the first identification information of the UE.
307. The first AMF of the NPN performs an authentication and/or authorization process of the UE at the NPN.
In step 307, the process of performing authentication and/or authorization of 3GPP by the first AMF of NPN may refer to the prior art. Specifically, the first AMF, AUSF, UDM and UE of the NPN jointly complete the authentication and/or authorization process. The main procedures can be seen from the following description, which takes the authentication procedure of 5G Authentication and Key Agreement (AKA) as an example.
(1) After receiving the authentication and/or authorization request (e.g., the second request message in step 306), the first AMF of the NPN sends an authentication request message to the AUSF of the NPN, where the authentication request message includes sui or SUPI.
(2) And the AUSF sends an authentication acquisition request message to the UDM, wherein the request message comprises SUCI or SUPI.
(3) The UDM sends an authentication acquisition response message to the AUSF, wherein the response message contains a 5G home environment authentication vector (5G home environment authentication, 5G HE AV).
(4) AUSF temporarily saves XRES and SUPI or SUCI, and calculates HXRES.
(5) The AUSF sends an authentication response message to the first AMF of the NPN, wherein the authentication response message contains 5G SE AV (RAND, AUTN, HXRES).
(6) The first AMF of the NPN sends an authentication request message to the UE, and the authentication request message includes RAND (authentication random number) and AUTN (network authentication token). Specifically, the first AMF of the NPN may transmit the authentication request message to the UE through the first AMF of the PLMN.
(7) And the UE calculates RES according to the RAND and the AUTN.
(8) And the UE sends an authentication response message to the first AMF of the NPN, wherein the response message contains RES. The first AMF of the NPN calculates HRES and compares the calculated HRES with the HXRES received in step (5). If the NPN authentication is consistent, the AMF considers that the UE is successfully authenticated in the NPN. Specifically, the UE may send an authentication response message to the first AMF of the NPN through the first AMF of the PLMN.
(9) The first AMF of the NPN sends an authentication request message to the AUSF, and the request message contains RES. The AUSF compares RES with XRES and if the same, the AUSF considers the authentication process to be successful.
(10) The AUSF sends an authentication response message to the first AMF of the NPN, wherein the authentication response message contains authentication result information, and the authentication result information can be information indicating whether the UE is authenticated successfully. Such as the authentication and/or authorization information described above.
Through the above processes (1) to (10), the first AMF of the NPN may acquire the authentication result information of the UE. The UE also completes the authentication procedure with the network.
308. The first AMF of the NPN sends a response message to the first AMF of the PLMN for the second request message.
And the response message of the second request message contains the authentication and/or authorization information of the UE in the NPN.
Optionally, the response message of the second request message includes admission information, and the admission information is used to indicate whether the UE is allowed to access the NPN.
Optionally, if the first AMF of the NPN maintains the authentication and/or authorization information of the UE, the first AMF of the NPN may allocate the second identification information to the UE. And, the response message of the second request message may further include second identification information allocated to the UE by the first AMF of the NPN. In this embodiment of the present application, the second identification information is a temporary identification of the UE. Such as GUTI. Or, the response message of the second request message may also carry the identification information of the first AMF of the NPN. The first AMF of the PLMN may store the second identification information or the identification information of the first AMF of the NPN in the context of the UE.
309. The first AMF of the PLMN transmits a response message of the first request message to the UE. The UE receives a response message of the first request message from the first AMF of the PLMN. The response message of the first request message is used to instruct the UE to complete the authentication and/or authorization process at the NPN.
Optionally, the response message of the first request message further includes admission information.
Optionally, the first AMF of the PLMN may assign third identification information to the UE. The third identification information may also be a temporary identification of the UE.
Optionally, the response message of the first request message further carries second identification information and/or third identification information of the UE.
The above steps 301-309 describe the procedure that the UE performs authentication and/or authorization in the NPN in advance when located in the coverage of the wireless signal of the PLMN.
Subsequently, when the UE moves into the coverage of the NPN radio signal, the UE or the access network device of the PLMN may directly initiate a handover from the PLMN to the NPN. The authentication and/or authorization process of steps 301-309 indicates whether the UE can access the second network has completed the corresponding signaling process. Therefore, in the switching process, the network side equipment can determine whether to complete the authentication and/or authorization process according to the authentication and/or authorization result, so that the time delay caused by executing the authentication and/or authorization process of the UE when the network side equipment moves to the NPN coverage range is avoided, the packet loss or the transmission time delay caused by the signaling process of the authentication and/or authorization can be avoided, and the user experience is improved.
310. The access network device of the PLMN determines to perform a handover to the NPN.
The access network device of the PLMN may determine to perform the handover procedure in two ways.
Mode 1: the UE decides to trigger the handover procedure. The UE sends a first switching request to access network equipment of the PLMN, and the access network equipment of the PLMN executes a switching process from the PLMN to the NPN according to the first switching request.
The first handover request includes identification information of the UE, for example, the second identification information and/or the third identification information. Optionally, the first handover request may include information related to an access network of the second network, for example, a cell identifier of the second network or identification information of the access network device. The first handover request may further include identification information of the second network.
Mode 2: the access network device triggers a handover procedure. Before determining the handover, the access network equipment of the PLMN receives the relevant information of the NPN access network reported by the UE. Such as cell identification or access network equipment identification information. The access network device of the PLMN may determine whether to initiate a handover procedure from the PLMN to the NPN according to information such as the quality of a wireless channel of the PLMN and/or the NPN. In case the access network device of the PLMN determines to perform a handover, step 311 is performed.
311. And the access network equipment of the PLMN sends a third switching request to the second AMF of the PLMN, and the second AMF of the PLMN receives the third switching request.
And the third switching request carries identification information of the UE and identification information of the NPN access network equipment. Optionally, the third handover request further includes second identification information of the UE.
312. Optionally, the second AMF of the PLMN determines whether the UE may access the NPN, i.e., whether the UE successfully passes the authentication and/or authorization process at the NPN.
Specifically, the second AMF of the PLMN may determine whether the UE may access the NPN in various ways:
mode 1: if the second AMF of the PLMN stores the authentication and/or authorization information of the UE, the second AMF of the PLMN determines whether the UE successfully passes the authentication and/or authorization of the NPN according to the authentication and/or authorization information of the UE. Specifically, when the second AMF of the PLMN is the same as the first AMF of the PLMN described in step 307, the first AMF of the PLMN acquires the authentication and/or authorization information of the UE from the first AMF of the NPN.
Mode 2: the second AMF of the PLMN obtains authentication and/or authorization information of the UE from the first AMF of the PLMN. Specifically, the second AMF of the PLMN determines the first AMF of the PLMN according to the temporary identifier of the UE, and then the second AMF of the PLMN requests the first AMF of the PLMN to acquire the authentication and/or authorization information of the UE. And determining whether the UE successfully passes the authentication and/or authorization of the NPN according to the authentication and/or authorization information of the UE.
313. The second AMF of the PLMN sends a third request message to the second AMF of the NPN requesting to create a context of the UE.
As an example, the third request message sent by the second AMF of the PLMN to the second AMF of the NPN may specifically be a naf _ communication _ create UE context request. The name of the message is not limited in this application.
And before the second AMF of the PLMN sends the third request message to the second AMF of the NPN, the second AMF of the PLMN determines the second AMF of the NPN according to the identification of the UE on the PLMN and/or the identification of the UE on the NPN network.
Optionally, the third request message sent by the second AMF of the PLMN to the second AMF of the NPN may include the second identification information of the UE or the identification information of the first AMF of the NPN.
314. Optionally, the second AMF of the NPN determines whether the UE passes authentication and/or authorization of the second network.
Specifically, if the second AMF of the NPN is the same as the first AMF of the NPN, the second AMF of the NPN holds the authentication and/or authorization information of the UE, and thus the second AMF of the NPN can determine whether the UE completes the authentication and/or authorization process at the NPN. Or, if the second AMF of the NPN is different from the first AMF of the NPN, the second AMF of the NPN may determine the first AMF of the NPN according to the temporary identity of the UE or the identity information of the first AMF of the NPN. The second AMF of the NPN may then request from the first AMF of the NPN whether the UE passes authentication and/or authorization of the second network. Optionally, the temporary identity of the UE may be the second identity information and/or the third identity information of the UE described above.
315. The second AMF of the NPN sends a request to the SMF of the NPN to update the UE context.
As an example, the request for updating the UE context may specifically be a Namf _ PDU session _ update _ sme context request.
The handover procedure is briefly described as follows:
(1) after the second AMF of the NPN receives the message of the second AMF of the PLMN, the second AMF of the NPN may select the SMF of the PLMN according to an SMF selection principle, such as location information, load condition, and the like, and the AMF sends a request message for creating a session context to the SMF, where the message includes a PDU session identifier and context information of the PDU session, such as QOS and other information.
(2) The SMF selects the UPF function device, and the SMF sends a message to the UPF to request to establish a user plane.
(3) The second NPN AMF sends the handover request to the NPN access network device, and the NPN access network device is determined by the second NPN access network device information sent by the second AMF of the PLMN. The access network device of the NPN sends a handover request acknowledge message to the second AMF of the NPN. In this process, the access network allocates tunnel information of the user plane transmission channel to the user plane.
(4) And the second AMF of the NPN sends a session context updating message to the second SMF so as to update the user plane transmission channel according to the data transmission channel information of the access network received in the step 3.
(5) After the above process, the data forwarding channel is successfully established. The second AMF of the NPN sends the response message in step 1 above to the second AMF of the PLMN, and the message name may be a create context response message.
(6) And the second AMF of the PLMN sends a switching command to the access network equipment of the PLMN, and the access network equipment sends the switching command to the UE.
(7) The terminal device performs the handover. And sending the uplink data to NPN access network equipment.
(8) The NPN access network sends a switching notification message to the NPN AMF. The NPN AMF informs the AMF of the PLMN of the handover.
(9) The establishment of the transmission channel of the downlink data is successful.
(10) And the PLMN original second AMF informs the access network equipment to delete the user context. If a data forwarding path is established, the data forwarding path may be deleted.
Through the above process, the handover process is completed. During and after the handover, the AMF of the PLMN and the AMF of the NPN participate in the management of the PDU session together.
316. And a switching preparation phase.
317. The PLMN and NPN establish a data forwarding tunnel.
318. And switching the execution phase.
Framework two
Referring to fig. 5, fig. 5 is another network architecture suitable for use with embodiments of the present application. As shown in fig. 5, in the second architecture, the NPN and the PLMN communicate with each other through the interface device. For example, the NPN AMF interworks with the AMF of the PLMN through the interface device. The UPF of NPN and UPF of PLMN can also communicate through interface device. The SMF of the NPN and the SMF of the PLMN are communicated with each other through interface equipment.
It should be noted that the interface device may be deployed in the first network or the second network, and the application is not limited thereto. In addition, the interface device may perform transparent forwarding, or may process and forward a received message, request, information, or the like.
In the second architecture, how to perform handover of the UE between the PLMN and the NPN will be described.
Referring to fig. 5, fig. 5 is a schematic diagram of a method 500 for switching networks provided in the present application. As shown in fig. 5, the method 500 involves a terminal device, a first AMF of a first network, a second AMF of the first network, an AMF of a second network, an interface device.
501. The terminal equipment accesses a first network.
502. The terminal device determines that access to the second network is required.
503. The terminal device determines identification information of the second network.
Steps 501-503 can refer to steps 201-203 in architecture one above, respectively, and are not described here again.
504. The terminal device sends a fourth request message to the first AMF of the first network. The first AMF of the first network receives the fourth request message from the terminal device.
The first AMF of the first network performs authentication and/or authorization of the terminal device in the second network according to the fourth request message. The fourth request message carries the identification information of the second network and the first identification information of the terminal device. For a description of the first identification information, see step 204 above.
Optionally, the fourth request message may be a trigger message for performing authentication and/or authorization of the terminal device in the second network. In this case, the first AMF receives the fourth request message, and then performs step 505. Optionally, as another implementation, the fourth request message carries third indication information, and the third indication information may be a trigger message for performing authentication and/or authorization of the terminal device in the second network. In this case, the first AMF triggers to execute step 505 according to the third indication information carried in the fourth request message.
505. The first AMF of the first network sends a fifth request message to the interface device. The interface device receives a fifth request message from the first AMF of the first network.
The fifth request message is used for requesting the interface device to initiate an authentication and/or authorization process of the terminal device in the second network. The fifth request message carries the identification information of the second network and the first identification information of the terminal device.
Optionally, the fifth request message may also carry location information of the UE.
506. The interface device sends a sixth request message to the first AMF of the second network. The sixth request message is used for requesting the first AMF of the second network to perform authentication and/or authorization of the terminal device in the second network.
Specifically, the interface device determines the first AMF of the second network according to the location information of the UE and/or the identification information of the second network.
Optionally, the sixth request message may further include indication information for indicating the first AMF of the second network to perform an authentication and/or authorization procedure of the UE in the second network. Alternatively, the sixth request message may also be used as a trigger message for the first AMF of the second network to perform an authentication and/or authorization procedure of the UE in the second network, which is not limited in this application.
507. The first AMF of the second network performs authentication and/or authorization of the terminal device in the second network.
Optionally, the first AMF of the second network may assign the second identification information to the terminal device.
508. The interface device receives a response message of the sixth request message from the first AMF of the second network.
And the response message of the sixth request message carries authorization and/or authorization information of the terminal equipment in the second network. Wherein the authentication and/or authorization information is used to indicate whether the terminal device passes the authentication and/or authorization procedure in the second network. Optionally, the response message of the sixth request message includes admission information, where the admission information is used to indicate whether to allow the UE to access the second network.
Optionally, if the first AMF of the second network allocates the second identification information to the terminal device, the response message in the sixth request message further includes the second identification information of the terminal device.
Optionally, the interface device stores second identification information of the terminal device.
509. The interface device transmits a response message of the fifth request message to the first AMF of the first network. The first AMF of the first network receives a response message of the fifth request message from the interface device.
And the response message of the fifth request message comprises authentication and/or authorization information of the terminal equipment in the second network.
Optionally, the response message of the fifth request message further includes second identification information of the terminal device.
Optionally, the first AMF of the first network stores authentication and/or authorization information of the terminal device in the second network. Optionally, if the first AMF of the first network stores the authentication and/or authorization information of the terminal device in the second network, the first AMF of the first network may further assign third identification information to the terminal device, so that during the handover of the terminal device from the first network to the second network, the first AMF of the first network is determined according to the third identification information, and the authentication and/or authorization information of the terminal device is obtained from the first AMF of the first network.
510. The first AMF of the first network sends a response message of the fourth request message to the terminal device. The terminal device receives a response message of the fourth request message.
And the response message of the fourth request message comprises the authentication and/or authorization information of the terminal equipment in the second network. Optionally. The response message of the fourth request message further includes second identification information and/or third identification information of the terminal device.
The above steps 501-510 complete the authentication and/or authorization process of the terminal device in the second network. Subsequently, when the terminal device moves into the coverage area of the wireless signal of the second network, the handover procedure can be directly initiated.
It should be noted that, as described in the first embodiment, the authentication and/or authorization process of the terminal device in the second network is independent from the handover process of the terminal device from the first network to the second network described below. The completion of the authentication and/or authorization process does not directly trigger the handover procedure.
The following describes the handover procedure in the second architecture.
511. An access network device of a first network performs a handover for a UE from the first network to a second network.
Specifically, step 511 may include the following two implementations.
The specific implementation modes are two types:
the first method is as follows: the UE decides to trigger the handover procedure. And the UE sends a switching request message to the access network equipment of the first network, and the access network equipment of the first network executes a switching process from the first network to the second network according to the switching request message.
For example, the terminal device sends a first handover request to the access network device. The access network device receives a first handover request from the terminal device. The first switching request is used for requesting the access network equipment to initiate the switching from the terminal equipment to the second network. The first handover request message may include information related to an access network of the second network, for example, a cell identifier or identification information of an access network device. The name of the first handover request message is not limited.
The second method comprises the following steps: the access network device triggers a handover procedure. Before determining the handover, the access network device of the first network receives relevant information, such as a cell identifier or identifier information of the access network device, of the access network of the second network, which is reported by the terminal device. And the access network equipment of the first network determines whether to execute the switching according to the relevant information of the access network of the second network and/or the information of the access network of the first network where the UE is currently located. For example, the access network of the first network determines the quality of the wireless channel of the first network where the access network currently exists, and if the quality of the wireless channel is lower than a certain threshold, the access network device of the first network may initiate to perform a handover procedure. When the access network device determines to perform handover, the following step 512 is performed.
Optionally, if the terminal device obtains second identification information allocated to the UE by the first AMF of the second network or third identification information allocated to the UE by the first AMF of the first network in the process of performing authentication and/or authorization, the UE carries the second identification information and/or the third identification information in the handover request message sent to the access network device. For example, in the first mode of step 511, the first handover request carries the second identification information and/or the third identification information of the terminal device. For another example, in the second mode of step 511, the terminal device reports the second identification information and/or the third identification information in addition to the related information of the access network of the second network.
In actual handover, after the access network device of the first network determines to perform handover, the first access network device may request the second AMF of the first network to perform a handover procedure. After the second AMF of the first network receives the message requesting to execute the handover process sent by the access network device of the first network, the second AMF of the first network and/or the second AMF of the second network determines whether the terminal device completes the authentication and/or authorization process in the second network, if the terminal device completes the authentication and/or authorization process successfully, the handover process continues to be executed, otherwise, the handover fails.
512. The access network device sends a handover request to a second AMF of the first network.
Wherein, the switching request carries information for identifying the terminal device. And the access network equipment determines the identification information of the access network equipment of the second network according to the relevant information of the access network of the second network received from the terminal equipment. Therefore, the handover request of step 512 may also carry identification information of the access network device of the second network.
Optionally, the handover request further carries second identification information and/or third identification information of the terminal device.
513. Optionally, the second AMF of the first network determines whether the terminal device passes the authentication and/or authorization process at the second network.
Due to the movement of the terminal device in the first network, the AMF performing the handover procedure in the first network may be an AMF performing authentication and/or authorization of the terminal device in the second network (i.e., the first AMF described above), or may be another AMF different from the first AMF in the first network. That is, the second AMF of the first network in steps 512-514 may be different from the first AMF of the first network in steps 501-510, or the second AMF may be the first AMF, which is not limited in this application.
The specific process of the second AMF of the first network determining whether the terminal device passes the authentication and/or authorization procedure of the second network may be:
the first condition is as follows: the second AMF of the first network is the same as the first AMF of the first network. At this time, the second AMF of the first network may determine whether the UE passes the authentication and/or authorization in the second network according to the authentication and/or authorization information of the UE stored therein. The authentication and/or authorization information of the UE may be obtained in the procedure described in step 509.
Case two: the second AMF of the first network is different from the first AMF of the first network. At this time, the second AMF of the first network may determine the first AMF according to the second identification information of the UE, and then the second AMF of the first network requests the first AMF of the first network to obtain the authentication and/or authorization information of the UE.
If step 513 succeeds in authenticating and/or authorizing the UE, the subsequent steps are performed, otherwise the handover fails. And if the switching fails, the second AMF of the first network sends a response message to the access network to indicate that the switching process fails.
514. The second AMF of the first network determines a second AMF of the second network and sends a seventh request message to the second AMF of the second network in order to establish a context for the terminal device at the AMF of the second network.
Specifically, the second AMF of the first network may determine the second AMF of the second network according to at least one of the identification information of the second network, the location information of the UE, and the identification information of the access network device of the second network, which are carried in the handover request received in step 512, and send the seventh request message to the second AMF of the second network.
And the seventh request message carries the identification information of the access network equipment of the first network. Optionally, the seventh request message may further include identification information of the SMF of the first network.
Optionally, the seventh request message may further include second identification information allocated by the first AMF of the second network to the UE and/or identification information of the first AMF of the second network.
Subsequently, the second AMF of the second network sends a context creation request of the terminal device to the SMF of the second network, and enters a handover execution preparation phase. And then, establishing a data forwarding tunnel before the first network and the second network, and entering a switching execution stage.
515. Optionally, a second AMF of the second network may determine whether the UE passes the authentication and/or authorization process of the second network.
Specifically, if the second AMF of the second network is the same as the first AMF of the second network, the second AMF of the second network holds authentication and/or authorization information of the UE, and thus, the second AMF of the second network may determine whether the UE passes the authentication and/or authorization procedure.
If the second AMF of the second network is different from the first AMF of the second network, the second AMF of the second network may determine the first AMF identity of the second network according to the identity information of the first AMF of the second network or the second identity information of the UE received in step 514.
Further, the second AMF of the second network may request authentication and/or authorization information of the UE from the first AMF of the second network, so that the second AMF of the second network determines whether the UE passes the authentication and/or authorization procedure of the UE of the second network.
516. If the authentication and/or authorization process is passed, a handover process is subsequently performed.
Similarly, steps 515-516 are shown in FIG. 6 with dashed lines, representing an alternative implementation.
After the handover execution phase is completed, the terminal device switches to the second network in the PDU session of the first network.
The above is a flow for the terminal device to switch from the first network to the second network in the second architecture. A specific example of the method for switching the network provided by the present application in architecture one is given below with reference to fig. 6.
Referring to fig. 7, fig. 7 is another example of a handover network provided herein. The interface device shown in fig. 7 is disposed in the PLMN, or may be disposed in the NPN, which is not limited in this application.
601. The UE establishes a PDU session in the PLMN.
602. The UE determines to perform an access procedure at the NPN before the handover procedure occurs.
603. The UE determines identification information of the NPN.
The specific implementation of steps 601-603 can refer to steps 301-303, respectively, and are not described herein again.
604. And the UE sends a fourth request message to the first AMF of the PLMN, and the first AMF receives the fourth request message sent by the UE.
Wherein, the fourth request message is used for the first AMF to execute the authentication and/or authorization of the UE at the NPN. The fourth request message carries the identification information of the NPN and the first identification information of the UE. Optionally, the fourth request message further carries location information of the UE. For the first identification information, see the description in step 204 above.
605. The first AMF sends a fifth request message to the interface device.
The fifth request message carries the identification information of the NPN and the first identification information of the UE. Optionally, the fifth request message may also carry location information of the UE.
606. The interface device determines a first AMF for the NPN.
Specifically, the interface device may determine the first AMF of the NPN according to the identification information of the NPN and/or the location information of the UE carried in the fifth request message.
607. The interface device sends a sixth request message to the first AMF of the NPN. The first AMF of the NPN receives the sixth request message from the interface device.
Wherein the sixth request message is used for requesting the first AMF of the NPN to perform an authentication and/or authorization process of the UE at the NPN.
608. The first AMF of the NPN executes the authentication and/or authorization process of the UE at the NPN.
Step 608 can refer to the description of step 307 above, and is not described here.
The above steps 601-608 complete the authentication and/or authorization process of the UE at the NPN.
Optionally, if the first AMF of the NPN maintains the authentication and/or authorization information of the UE at the NPN, the first AMF of the NPN may further allocate second identification information to the UE, so as to obtain the authentication and/or authorization information of the UE from the first AMF of the NPN during the handover.
609. The first AMF of the NPN sends a response message to the interface device for the sixth request message.
Wherein the response message of the sixth request message includes authentication and/or authorization information for the UE in the second network. Optionally, the response message of the sixth request message includes admission information, where the admission information is used to indicate whether the UE is allowed to access the NPN.
Optionally, if the second identification information is allocated to the UE by the first NPN AMF, the response message of the sixth request message may further include the second identification information allocated to the UE by the first NPN AMF. The second identification information is a temporary identification of the UE. Such as GUTI. Optionally, the sixth request message may also carry identification information of the first AMF of the NPN.
Optionally, the interface device stores authentication and/or authorization information of the UE at the NPN.
It should be understood that the interface device stores the authentication and/or authorization information of the UE in the NPN, which may facilitate that the interface device may directly send the response message of permission or non-permission to the PLMN when receiving the message requesting to access the UE to the NPN from the PLMN next time, without requesting the NPN to perform the procedure of authentication and/or authorization of the UE.
610. The interface device sends a response message to the first AMF of the PLMN to the fifth request message. The UE receives a response message of the fifth request message from the first AMF of the PLMN. The response message of the fifth request message is used to instruct the UE to complete the authentication and/or authorization process at the NPN.
Optionally, the response message of the fifth request message further includes admission information. The admission information is used to indicate whether the UE is allowed to access the NPN.
Optionally, the first AMF of the PLMN may assign third identification information to the UE. The third identification information may also be a temporary identification of the UE. Such as GUTI.
611. The first AMF of the PLMN transmits a response message to the UE for the fourth request message.
The response message of the fourth request message includes the authentication and/or authorization information of the terminal device in the NPN. Optionally, the fourth request message includes second identification information and/or third identification information of the terminal device.
Optionally, the response message of the fourth request message further includes admission information.
The above steps 601-611 complete the authentication and/or authorization procedure at the NPN when the UE is located at the PLMN. Subsequently, when the UE moves to the NPN, the handover procedure may be directly initiated. Through the authentication and/or authorization process of steps 601-611, the authentication and/or authorization whether the UE can access the second network has completed the corresponding signaling process, so as to avoid the time delay caused by the UE executing the authentication and/or authorization procedure when the UE moves to the NPN, thereby avoiding packet loss or transmission delay increase due to the authentication and/or authorization signaling procedure, and improving user experience.
612. The access network device of the PLMN determines to perform a handover of the terminal device to the NPN.
Step 612 can be seen in two ways in 310 above.
613. And the access network equipment of the PLMN sends a request message to a second AMF of the PLMN to request to execute the switching process from the UE to the NPN.
The request message carries identification information of the UE and identification information of the NPN access network. Optionally, the request message further includes second identification information and/or third identification information of the UE.
614. Optionally, the second AMF of the PLMN determines whether the UE successfully passes the NPN authentication and/or authorization process.
Specifically, the second AMF of the PLMN may determine whether the UE may access the network in various ways:
mode 1: and if the second AMF of the PLMN stores the authentication and/or authorization information of the UE, the second AMF of the PLMN determines whether the UE successfully passes the authentication and/or authorization according to the authentication and/or authorization information of the UE. Specifically, when the second AMF of the PLMN is the same as the first AMF of the PLMN described in steps 601-611, the authentication and/or authorization information of the UE is acquired from the interface device through step 610.
Mode 2: the second AMF of the PLMN obtains authentication and/or authorization information of the UE from the first AMF of the PLMN. Specifically, the second AMF of the PLMN determines the first AMF of the PLMN according to the third identification information of the UE, and then the second AMF of the PLMN requests the first AMF of the PLMN to acquire the authentication and/or authorization information of the UE. And determining whether the UE successfully passes the authentication and/or authorization of the UE according to the authentication and/or authorization information of the UE.
615. The second AMF of the PLMN sends a message to the interface device, and the interface device sends a seventh request message to the second AMF of the NPN requesting to create a context of the UE.
616. Optionally, the second AMF of the NPN determines whether the UE passes authentication and/or authorization of the second network.
Specifically, if the second AMF of the NPN is the same as the first AMF of the NPN, the second AMF of the NPN holds the authentication and/or authorization information of the UE, and thus the second AMF of the NPN can determine whether the UE completes the authentication and/or authorization process at the NPN. Or, if the second AMF of the NPN is different from the first AMF of the NPN, the second AMF of the NPN may determine the first AMF of the NPN according to the temporary identity of the UE or the identity information of the first AMF of the NPN. The second AMF of the NPN may request from the first AMF of the NPN whether the UE passes authentication and/or authorization of the second network. Alternatively, the temporary identity of the UE may be the second identity information of the UE described above.
617. The second AMF of the NPN sends a request to the SMF of the NPN to update the UE context.
Likewise, step 616 and step 617 are shown in dashed lines, representing an alternative implementation.
618. And a switching preparation phase.
619. The PLMN and NPN establish a data forwarding tunnel.
620. And switching the execution phase.
The method for switching the network provided by the present application is described in detail above, and the apparatus for switching the network provided by the present application is described below.
Referring to fig. 8, fig. 8 is a schematic block diagram of an apparatus 800 for switching a network provided in the present application. As shown in fig. 8, the apparatus 800 includes a processing unit 810 and a transceiving unit 820.
A processing unit 810 for accessing a first network;
the processing unit 810 is further configured to determine, when it is determined that a second network needs to be accessed, identification information of the second network, where one of the first network and the second network is a public network, and the other is a non-public network;
a transceiving unit 820, configured to send a first request message to a first access and mobility management function AMF of a first network, where the first request message carries identification information of a second network and first identification information of a terminal device, and the identification information of the second network and the first identification information of the terminal device are used for authentication and/or authorization of the terminal device in the second network.
The apparatus 800 fully corresponds to the terminal device in the method embodiments (e.g., the method 200 or the method 300 in the first architecture, and the method 500 or the method 600 in the second architecture). The corresponding units of the apparatus 800 are respectively configured to perform corresponding steps and/or procedures performed by the terminal device in the method embodiment. Wherein, the processing unit 810 is configured to execute the steps implemented by the terminal device in the method embodiment. The transceiving unit 820 performs the steps of transmitting or receiving in the method embodiments.
Processing unit 810 may be a processor, as one implementation. The transceiving unit 820 may be a transceiver. The transceiver includes a receiver and a transmitter, and has both receiving and transmitting functions.
For example, in architecture one, processing unit 810 is configured to perform steps 201-203 of FIG. 3 and perform steps 301-303 of FIG. 4. The transceiving unit 820 is configured to perform step 204, step 208 in fig. 3. In configuration two, the processing unit 810 is configured to perform steps 501-503 in fig. 6 and perform steps 601-603 in fig. 7. The transceiving unit 820 is configured to execute step 504, step 510 in fig. 6, and execute step 604, step 611 in fig. 7.
Alternatively, the processing unit 810 may be a processing device, and the above functions of the processing device may be partially or wholly implemented by software. When implemented entirely in software, the processing means may comprise a memory for storing a computer program and a processor for reading the computer program from the memory and executing the computer program to perform the steps and/or procedures performed by the terminal device in the method embodiment for switching networks.
In one possible design, when part or all of the processing means is implemented in software, the processing means includes a processor. The memory for storing the computer program is located outside the processing means, and the processor is connected to the memory by means of a circuit/wire for reading and executing the computer program stored in the memory for performing the steps and/or procedures performed by the terminal device in the method embodiment of switching the network.
In one possible design, when part or all of the above functions of the processing device are implemented by hardware, the processing device includes: input interface circuit, logic circuit and output interface circuit.
Alternatively, the processing means may be a chip or an integrated circuit.
Referring to fig. 9, fig. 9 is a schematic block diagram of an apparatus 900 for switching a network provided in the present application. As shown in fig. 9, the apparatus 900 includes a processing unit 910 and a transceiving unit 920.
A processing unit 910, configured to determine to perform an authentication and/or authorization process for a terminal device in a second network, where the terminal device is located in a first network, and one of the first network and the second network is a public network and the other is a non-public network;
the transceiving unit 920 is configured to send a second request message to the first AMF of the second network, where the second request message is used to request the first AMF of the second network to perform authentication and/or authorization of the terminal device in the second network, and the second request message carries identification information of the second network and the first identification information of the terminal device.
The apparatus 900 fully corresponds to the first AMF of the first network in the method embodiments (e.g., method 200 or method 300 in architecture one, method 500 or method 600 in architecture two). The respective elements of the apparatus 900 are respectively configured to perform the respective steps and/or flows performed by the first AMF of the first network in the method embodiment. Wherein the processing unit 910 is configured to perform the steps of the method embodiment that are implemented internally by the first AMF of the first network. The transceiving unit 920 is configured to implement the steps of transmitting or receiving performed by the first AMF of the first network in the method embodiment.
The apparatus 900 may also correspond to the first AMF of the first network in the second architecture. In this case, the processing unit 910 and the transceiving unit 920 of the apparatus 900 are specifically configured to:
a transceiving unit 920, configured to receive a fourth request message from a terminal device in a first network, where the fourth request message is used to request to perform authentication and/or authorization of the terminal device in a second network, and one of the first network and the second network is a public network and the other is a non-public network;
the transceiving unit 920 is further configured to send a fifth request message to the interface device, where the fifth request message is used to request the initiating terminal device to authenticate and/or authorize the second network, and the fifth request message carries identification information of the second network and/or location information of the terminal device.
Optionally, the transceiving unit 920 is further configured to receive a response message of a fifth request message from the receiving device, where the response message of the fifth request message includes authentication and/or authorization information, and the authentication and/or authorization information is used to indicate whether the terminal device passes authentication and/or authorization of the second network.
As one implementation, the processing unit 910 of the apparatus 900 may be a processor. The transceiving unit 920 may be a transceiver. The transceiver includes a receiver and a transmitter, and has both receiving and transmitting functions.
For example, in the first configuration, the transceiver 920 is configured to perform step 204, step 205, step 207 and step 208 in fig. 3. In fig. 4, the processing unit 910 performs step 305. The transceiving unit 920 performs step 306, step 308, step 309. For another example, in the second architecture, the transceiver 920 is configured to perform step 504, step 505, step 509, and step 510 in fig. 6. In fig. 7, the transceiving unit 920 is configured to perform step 604, step 605, step 610 and step 611.
Alternatively, the processing unit 910 may be a processing device, and the above functions of the processing device may be partially or completely implemented by software. When implemented entirely in software, the processing means may comprise a memory for storing a computer program and a processor for reading the computer program from the memory and executing the computer program to perform the steps and/or procedures performed by the first AMF of the first network in the method embodiment of switching networks.
In one possible design, when part or all of the processing means is implemented in software, the processing means includes a processor. The memory for storing the computer program is located outside the processing means, and the processor is connected to the memory by means of a circuit/wire for reading and executing the computer program stored in the memory for performing the steps and/or procedures performed by the first AMF of the first network in the method embodiment of the switching network.
In one possible design, when part or all of the above functions of the processing device are implemented by hardware, the processing device includes: input interface circuit, logic circuit and output interface circuit.
Alternatively, the processing means may be a chip or an integrated circuit.
Referring to fig. 10, fig. 10 is a schematic block diagram of an apparatus 1000 for switching a network provided in the present application. As shown in fig. 10, the apparatus 1000 includes a transceiving unit 1100 and a processing unit 1200.
A transceiver 1100, configured to receive a second handover request from an access network device of a first network, where the second handover request is used to request that a terminal device be handed over to a second network, and the second handover request includes third identification information of the terminal device and/or identification information of the second network, where one of the first network and the second network is a public network and the other is a non-public network;
a processing unit 1200, configured to obtain, according to third identification information of the terminal device, authentication and/or authorization information of the terminal device in the second network from a first AMF of the first network, where the authentication and/or authorization information is used to indicate whether the terminal device passes authentication and/or authorization of the second network, and the first AMF of the first network is an AMF of the first network that performs an authentication and/or authorization process of the terminal device in the second network;
the processing unit 1200 is further configured to perform handover of the terminal device from the first network to the second network when determining that the terminal device passes authentication and/or authorization of the second network according to the authentication and/or authorization information.
The apparatus 1000 and the second AMF of the first network in the method embodiments (e.g., the method 200 or the method 300 in architecture one, the method 500 or the method 600 in architecture two) fully correspond. The respective units of the apparatus 1000 are respectively adapted to perform the respective steps and/or flows performed by the second AMF of the first network in the method embodiment. Wherein the processing unit 1200 is adapted to perform the steps of the method embodiment that are implemented internally by the second AMF of the first network. The transceiving unit 1100 is used to implement the steps of transmitting or receiving performed by the second AMF of the first network in the method embodiment.
As one implementation, the transceiving unit 1100 may be a transceiver. The transceiver includes a receiver and a transmitter, and has both receiving and transmitting functions. The processing unit 1200 may be a processor.
For example, in the first configuration, in fig. 3, the transceiver unit 1100 is configured to perform step 210 and step 212. The processing unit 1200 is configured to execute step 211. In fig. 4, the transceiver unit 1100 is configured to perform step 311 and step 313. The processing unit 1200 is configured to execute step 312. For another example, in the second configuration, in fig. 6, the transceiver unit 1100 is configured to execute step 512, step 514, and the processing unit 1200 is configured to execute step 513. In fig. 7, the transceiver unit 1100 is configured to perform step 613, step 615. The processing unit 1200 is configured to execute step 614.
Alternatively, the processing unit 1200 may be a processing device, and the above functions of the processing device may be partially or wholly implemented by software. When implemented entirely in software, the processing means may comprise a memory for storing a computer program and a processor for reading the computer program from the memory and executing the computer program to perform the steps and/or procedures performed by the second AMF of the first network in the method embodiment of switching networks.
In one possible design, when part or all of the processing means is implemented in software, the processing means includes a processor. The memory for storing the computer program is located outside the processing means, and the processor is connected to the memory by means of a circuit/wire for reading and executing the computer program stored in the memory for performing the steps and/or procedures performed by the second AMF of the first network in the method embodiment of the switching network.
In one possible design, when part or all of the above functions of the processing device are implemented by hardware, the processing device includes: input interface circuit, logic circuit and output interface circuit.
Alternatively, the processing means may be a chip or an integrated circuit.
Referring to fig. 11, fig. 11 is a schematic block diagram of an apparatus 2000 for switching a network provided in the present application. The apparatus 2000 comprises a transceiver unit 2001 and a processing unit 2002.
A transceiving unit 2001, configured to receive a fifth request message from a first AMF of a first network, where the fifth request message carries identification information of a second network and/or location information of a terminal device, and one of the first network and the second network is a public network and the other is a non-public network;
a processing unit 2002, configured to determine a first AMF of the second network according to the identification information of the second network and/or the location information of the terminal device;
the transceiving unit 2001 is further configured to send a sixth request message to the first AMF of the second network, where the sixth request message is used to request to perform authentication and/or authorization of the terminal device in the second network.
The apparatus 2000 and the interface device in the method embodiment (method 500 or method 600 in architecture two) are fully corresponding. The respective units of the apparatus 2000 are adapted to perform the respective steps and/or procedures performed by the interface device. Wherein the processing unit 2002 is configured to perform the steps implemented internally by the interface device in the method embodiment. The transceiver unit 2002 is used to implement the steps of transmitting or receiving performed by the interface device in the method embodiments.
As an implementation, the transceiving unit 2001 may be a transceiver. The transceiver includes a receiver and a transmitter, and has both receiving and transmitting functions. The processing unit 2002 may be a processor.
For example, in the second configuration, in fig. 6, the transceiver 2001 is configured to perform step 605, step 607, step 609, step 610, and step 615. The processing unit 2002 is configured to perform step 606.
Referring to fig. 12, fig. 12 is a schematic structural diagram of a terminal device 3000 provided in the present application. As shown in fig. 12, the terminal device 3000 includes: one or more processors 3001, one or more memories 3002, and one or more transceivers 3003. The processor 3001 is configured to control the transceiver 3003 to transmit and receive signals, the memory 3002 is configured to store a computer program, and the processor 3001 is configured to call and execute the computer program from the memory 3002 to perform corresponding procedures and/or operations executed by the terminal device in the method embodiment of switching network provided by the present application (e.g., the method 200 or the method 300 in the first architecture, and the method 500 or the method 600 in the second architecture).
Referring to fig. 13, fig. 13 is a schematic structural diagram of a network device 4000 provided in the present application. As shown in fig. 13, the network device 4000 includes: one or more processors 4001, one or more memories 4002, one or more transceivers 4003. The processor 4001 is configured to control the transceiver 4003 to transmit and receive signals, the memory 4002 is configured to store a computer program, and the processor 4001 is configured to invoke and execute the computer program from the memory 4002 to execute the corresponding processes and/or operations performed by the first AMF of the first network in the embodiments of the method for switching networks provided in the present application (e.g., the method 200 or the method 300 in the first architecture, and the method 500 or the method 600 in the second architecture).
Referring to fig. 14, fig. 14 is a schematic structural diagram of a network device 5000 provided in the present application. As shown in fig. 14, the network device 5000 includes: one or more processors 5001, one or more memories 5002, one or more transceivers 5003. The processor 5001 is configured to control the transceiver 5003 to transmit and receive signals, the memory 5002 is configured to store a computer program, and the processor 5001 is configured to call and execute the computer program from the memory 5002 to perform the corresponding procedures and/or operations performed by the second AMF of the first network in the method embodiment (e.g., the method 200 or the method 300 in the first architecture, and the method 500 or the method 600 in the second architecture) of switching networks provided in the present application.
Referring to fig. 15, fig. 15 is a schematic structural diagram of a network device 6000 provided in the present application. As shown in fig. 15, the network device 6000 includes: one or more processors 6001, one or more memories 6002, and one or more transceivers 6003. The processor 6001 is configured to control the transceiver 6003 to send and receive signals, the memory 6002 is configured to store a computer program, and the processor 6001 is configured to call and execute the computer program from the memory 6002 to perform corresponding processes and/or operations executed by the interface device in the method embodiment of switching a network (e.g., the method 500 or the method 600 in the second architecture) provided by this application.
As a concrete implementation, an example of one structure of the terminal device referred to in the present application is given below. Referring to fig. 16, fig. 16 is an example of the structure of a terminal device 7000 provided in the present application.
As shown in fig. 16, the terminal device 7000 includes a processor 7001 and a transceiver 7002. Optionally, terminal device 7000 also includes a memory 7003. The processor 7001, the transceiver 7002, and the memory 7003 may communicate with each other via internal connection paths to transmit control and/or data signals. The memory 7003 is used for storing computer programs, and the processor 7001 is used for calling and executing the computer programs from the memory 7003 to control the transceiver 7002 to transmit and receive signals.
Optionally, the terminal device 7000 may further include an antenna 7004 for transmitting information or data output from the transceiver 7002 via a wireless signal.
The processor 7001 and the memory 7003 may be integrated into one processing apparatus, and the processor 7001 is configured to execute the program codes stored in the memory 7003 to implement the above-described functions. In particular implementations, the memory 7003 may also be integrated in the processor 7001 or separate from the processor 7001.
Specifically, the terminal device 7000 may correspond to a terminal device in a method (e.g., the method 200, the method 300, the method 500 or the method 600) according to an embodiment of the present application. The units and other operations and/or functions described above in terminal device 7000 are respectively intended to implement the corresponding operations and/or flows of the method embodiments (e.g. fig. 3-4, fig. 6 or fig. 7).
The processor 7001 described above may be used to perform the actions described in the previous method embodiments that are implemented internally by the terminal device, and the transceiver 7002 may be used to perform the actions described in the previous method embodiments that are performed by the terminal device for reception or transmission. Please refer to the description of the previous embodiment of the method, which is not repeated herein.
Optionally, the terminal device 7000 may further include a power supply 7005 for supplying power to various devices or circuits in the terminal device.
In addition to this, in order to further improve the functions of the terminal device, the terminal device 7000 may further include one or more of the input unit 7006, the display unit 7007, the audio circuit 7008, the camera 7009, the sensor 610, and the like. The audio circuitry may also include a speaker 70082, a microphone 70084, and the like.
The chip described in this embodiment of the present application may be a field-programmable gate array (FPGA), an Application Specific Integrated Circuit (ASIC), a system on chip (SoC), a Central Processing Unit (CPU), a Network Processor (NP), a digital signal processing circuit (DSP), a Microcontroller (MCU), a programmable logic controller (PLD), or other integrated chips.
The processor in the embodiment of the present application may be an integrated circuit chip having signal processing capability. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The processor may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an FPGA or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory in the embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable Programmable ROM (EPROM), an Electrically Erasable Programmable ROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM (ddr SDRAM), Enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
Alternatively, the memory and the storage may be physically separate units, or the memory and the processor may be integrated together.
In addition, the present application also provides a computer-readable storage medium, in which computer instructions are stored, and when the computer instructions are executed on a computer, the computer is enabled to execute corresponding operations and/or procedures executed by a terminal device in the method for switching a network provided by the present application.
The present application further provides a computer program product, which includes computer program code, when the computer program code runs on a computer, the computer is enabled to execute corresponding operations and/or procedures executed by a terminal device in the method for switching a network provided by the present application.
The present application further provides a chip including a memory and a processor, where the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory to execute corresponding operations and/or procedures executed by a terminal device in the method embodiment of switching networks. Optionally, the chip includes only a processor.
Furthermore, the present application provides a computer-readable storage medium having stored therein computer instructions, which, when run on a computer, cause the computer to perform the respective operations and/or procedures performed by the first AMF of the first network in the method embodiment of switching networks.
The present application further provides a computer program product comprising computer program code which, when run on a computer, causes the computer to perform the respective operations and/or procedures performed by the first AMF of the first network in the method embodiment of switching networks.
The present application also provides a chip comprising a memory for storing a computer program and a processor for calling and running the computer program from the memory to perform the corresponding operations and/or procedures performed by the first AMF of the first network in the method embodiment of switching networks. Optionally, the chip includes only a processor.
Furthermore, the present application provides a computer-readable storage medium having stored therein computer instructions, which, when run on a computer, cause the computer to perform the respective operations and/or procedures performed by the second AMF of the first network in the method embodiment of switching networks.
The present application further provides a computer program product comprising computer program code which, when run on a computer, causes the computer to perform the respective operations and/or procedures performed by the second AMF of the first network in the method embodiment of switching networks.
The present application also provides a chip comprising a memory for storing a computer program and a processor for calling and running the computer program from the memory to perform the corresponding operations and/or procedures performed by the second AMF of the first network in the method embodiment of switching networks.
The present application further provides a communication system, which includes the terminal device, the first AMF of the first network, the second AMF of the first network, the first AMF of the second network, and the second AMF of the second network described in the above method 200.
The present application further provides a communication system, which includes the terminal device, the first AMF of the first network, the second AMF of the first network, the first AMF of the second network, and the second AMF of the second network described in the method 500.
As used in this specification, the terms "unit," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components may reside within a process and/or thread of execution. A component may be located on one computer and/or distributed between two or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local and/or remote processes based on a signal having one or more data packets (e.g., data from two components interacting with another component in a local system, distributed system, and/or across a network, such as the internet with other systems by way of the signal).
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (28)
1. A method of switching networks, comprising:
the terminal equipment is accessed to a first network;
when the terminal equipment needs to access a second network, the terminal equipment determines the identification information of the second network, wherein one of the first network and the second network is a public network, and the other one is a non-public network;
the terminal device sends a first request message to a first access and mobility management function (AMF) of the first network, wherein the first request message carries identification information of the second network and first identification information of the terminal device, and the identification information of the second network and the first identification information of the terminal device are used for authentication and/or authorization of the terminal device in the second network.
2. The method of claim 1, further comprising:
the terminal device receives a response message of a first request message from a first AMF of the first network, wherein the response message of the first request message comprises authentication and/or authorization information, and the authentication and/or authorization information is used for indicating whether the terminal device passes the authentication and/or authorization of the second network.
3. The method of claim 1, further comprising:
the terminal device receives a response message of a first request message from a first AMF of the first network, wherein the response message of the first request message carries second identification information and/or third identification information of the terminal device, the second identification information is used for determining the first AMF of the second network, the third identification information is used for determining the first AMF of the first network, and the authentication and/or authorization information of the terminal device in the second network is stored in the first AMF of the second network or the first AMF of the first network.
4. A method according to any of claims 1-3, wherein after the terminal device sends a first request message to a first access and mobility management function, AMF, of the first network, the method further comprises:
and when the terminal equipment moves to the second network, requesting the access network equipment of the first network to switch the terminal equipment from the first network to the second network.
5. The method of claim 4, wherein the terminal device requesting an access network device of the first network to handover the terminal device from the first network to the second network comprises:
the terminal device reports the identification information of the second network and/or the information of the access network of the second network to the access network device, so that the access network device determines to execute the switching from the terminal device to the second network;
alternatively, the first and second electrodes may be,
and the terminal equipment sends a first switching request to the access network equipment, wherein the first switching request carries second identification information and/or third identification information of the terminal equipment.
6. The method according to any of claims 2-5, wherein the determining, by the terminal device, the identification information of the second network comprises:
the terminal device receives a notification message from a first AMF of the first network, wherein the notification message is used for notifying the terminal device to execute authentication and/or authorization in the second network, and the notification message comprises identification information of the second network and/or information indicating a location area for the terminal device to initiate authentication and/or authorization in the second network; alternatively, the first and second electrodes may be,
and the terminal equipment determines the identification information of the second network according to prestored configuration information and the current position area, wherein the configuration information comprises the mapping relation between the position area and the identification information of the second network.
7. A method of switching networks, comprising:
a first access and mobility management function (AMF) of a first network determines to execute an authentication and/or authorization process for a terminal device in a second network, wherein the terminal device is located in the first network, one of the first network and the second network is a public network, and the other one is a non-public network;
the first AMF of the first network sends a second request message to the first AMF of the second network, where the second request message is used to request the first AMF of the second network to execute authentication and/or authorization of the terminal device in the second network, and the second request message carries identification information of the second network and the first identification information of the terminal device.
8. The method of claim 7, wherein the determining, by the first AMF of the first network, to perform the authentication and/or authorization of the terminal device on the second network comprises:
a first AMF of the first network receives a first request message from the terminal device, where the first request message is used to request to execute authentication and/or authorization of the terminal device in the second network, and the first request message carries identification information of the second network and first identification information of the terminal device;
and the first AMF of the first network determines to execute the authentication and/or authorization of the terminal equipment in the second network according to the first request message.
9. The method according to claim 7 or 8, wherein before the first AMF of the first network sends the second request message to the first AMF of the second network, the method further comprises:
and the first AMF of the first network determines the first AMF of the second network according to the identification information of the second network and/or the position information of the terminal equipment.
10. The method according to any one of claims 7-9, further comprising:
and the first AMF of the first network receives a response message of the second request message from the first AMF of the second network, wherein the response message of the second request message comprises authentication and/or authorization information which is used for indicating whether the terminal equipment passes the authentication and/or authorization for accessing the second network.
11. The method according to claim 10, wherein the response message of the first request message further includes second identification information and/or third identification information of the terminal device, the second identification information is used for determining the first AMF of the second network, the third identification information is used for determining the first AMF of the first network, and the authentication and/or authorization information is stored in the first AMF of the second network or the first AMF of the first network.
12. A method of switching networks, comprising:
a second access and mobility management function (AMF) of a first network receives a second handover request from an access network device of the first network, wherein the second handover request is used for requesting a terminal device to be handed over to a second network, and the second handover request comprises third identification information of the terminal device and/or identification information of the second network, one of the first network and the second network is a public network, and the other one of the first network and the second network is a non-public network;
the second AMF of the first network acquires authentication and/or authorization information of the terminal equipment in the second network from the first AMF of the first network according to the third identification information of the terminal equipment, wherein the authentication and/or authorization information is used for indicating whether the terminal equipment passes the authentication and/or authorization of the second network, and the first AMF of the first network is the AMF which executes the authentication and/or authorization process of the terminal equipment in the second network;
and the second AMF of the first network determines that the terminal equipment passes the authentication and/or authorization of the second network according to the authentication and/or authorization information, and then executes the switching of the terminal equipment from the first network to the second network.
13. The method according to claim 12, wherein the second AMF of the first network performs handover of the terminal from the first network to the second network, comprising:
and the second AMF of the first network sends a third request message to the second AMF of the second network, wherein the third request message is used for requesting to establish a context for the terminal equipment, and the third request message carries the identification information of the access network equipment of the first network.
14. The method according to claim 13, wherein the third request message further carries context information of the terminal device.
15. An apparatus for switching a network, comprising:
a processing unit for accessing a first network;
the processing unit is further configured to determine, when it is determined that a second network needs to be accessed, identification information of the second network, where one of the first network and the second network is a public network and the other is a non-public network;
a transceiver unit, configured to determine to send a first request message to a first access and mobility management function AMF of the first network, where the first request message carries identification information of the second network and first identification information of the device, and the identification information of the second network and the first identification information of the device are used for authentication and/or authorization of the device in the second network.
16. The apparatus of claim 15, wherein the transceiver unit is further configured to:
receiving a response message of a first request message from a first AMF of the first network, the response message of the first request message including authentication and/or authorization information indicating whether the device passes authentication and/or authorization of the second network.
17. The apparatus of claim 15, wherein the transceiver unit is further configured to:
receiving a response message of a first request message from a first AMF of the first network, where the response message of the first request message carries second identification information and/or third identification information of the device, the second identification information is used to determine the first AMF of a second network, the third identification information is used to determine the first AMF of the first network, and the authentication and/or authorization information of the device in the second network is stored in the first AMF of the second network or the first AMF of the first network.
18. The apparatus according to any of claims 15-17, wherein the processing unit is further configured to determine a location at which the apparatus is located; the transceiver unit is further configured to request an access network device of the first network to handover the apparatus from the first network to the second network when the processing unit determines that the apparatus moves to the second network.
19. The apparatus according to claim 18, wherein the transceiver unit is specifically configured to:
reporting the identification information of the second network and/or the information of the access network of the second network to the access network equipment, so that the access network equipment determines to execute the switching of the device to the second network; alternatively, the first and second electrodes may be,
and sending a first switching request to the access network equipment, where the first switching request is used to request to execute switching of the device from the first network to the second network, and the first switching request carries information of an access network of the second network, and second identification information and/or third identification information of the device.
20. The apparatus according to any of claims 16-19, wherein the transceiver unit is further configured to receive a notification message from the first AMF of the first network, wherein the notification message is used to notify the terminal device to perform authentication and/or authorization in the second network, and wherein the notification message includes identification information of the second network and/or information indicating a location area where the terminal device initiates authentication and/or authorization in the second network; the processing unit is used for determining the identification information of the second network according to the notification message received by the receiving and sending unit; alternatively, the first and second electrodes may be,
the processing unit is further configured to determine, according to pre-stored configuration information and a location area where the device is currently located, identification information of the second network, where the configuration information includes a mapping relationship between the location area and the identification information of the second network.
21. An apparatus for switching a network, comprising:
the processing unit is used for determining to execute an authentication and/or authorization process aiming at a terminal device in a second network, wherein the terminal device is positioned in the first network, one of the first network and the second network is a public network, and the other one is a non-public network;
a transceiving unit, configured to send a second request message to a first AMF of the second network, where the second request message carries identification information of the second network and first identification information of the terminal device, and the identification information of the second network and the first identification information of the terminal device are used for authentication and/or authorization of the terminal device in the second network.
22. The apparatus of claim 21, wherein the transceiver unit is further configured to receive a first request message from the terminal device, where the first request message is used to request to perform authentication and/or authorization of the terminal device in the second network, and the first request message carries identification information of the second network and first identification information of the terminal device;
and the processing unit determines to execute authentication and/or authorization from the terminal equipment to the second network according to the first request message received by the transceiving unit.
23. The apparatus according to claim 21 or 22, wherein the processing unit is further configured to determine the first AMF of the second network according to identification information of the second network and/or location information of the terminal device.
24. The apparatus according to any of claims 21-23, wherein the transceiver unit is further configured to:
receiving a response message of the second request message from the first AMF of the second network, wherein the response message of the second request message comprises authentication and/or authorization information, and the authentication and/or authorization information is used for indicating whether the terminal equipment passes the authentication and/or authorization of accessing the second network.
25. The apparatus according to claim 24, wherein the response message of the first request message further includes second identification information and/or third identification information of the terminal device, the second identification information is used for determining the first AMF of the second network, the third identification information is used for determining the apparatus, and the authentication and/or authorization information is stored in the first AMF of the second network or the apparatus.
26. An apparatus for switching a network, comprising:
a transceiver unit, configured to receive a second handover request from an access network device of the first network, where the second handover request is used to request a terminal device to be handed over to a second network, and the second handover request includes third identification information of the terminal device and/or identification information of the second network, where one of the first network and the second network is a public network and the other is a non-public network;
a processing unit, configured to obtain, according to third identification information of the terminal device, authentication and/or authorization information of the terminal device in the second network from a first AMF of the first network, where the authentication and/or authorization information is used to indicate whether the terminal device passes authentication and/or authorization of the second network, and the first AMF of the first network is an AMF that performs an authentication and/or authorization process of the terminal device in the second network;
and the processing unit is further used for executing the switching of the terminal equipment from the first network to the second network after determining that the terminal equipment passes the authentication and/or authorization of the second network according to the authentication and/or authorization information.
27. The apparatus of claim 26, wherein the transceiver unit is further configured to send a third request message to a second AMF of the second network,
the third request message is used for requesting to establish a context for the terminal device, and the third request message carries identification information of the access network device of the first network.
28. The apparatus of claim 27, wherein the third request message further carries context information of the terminal device.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811341598.5A CN111182543B (en) | 2018-11-12 | 2018-11-12 | Method and device for switching network |
| PCT/CN2019/117182 WO2020098609A1 (en) | 2018-11-12 | 2019-11-11 | Method and apparatus for switching network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811341598.5A CN111182543B (en) | 2018-11-12 | 2018-11-12 | Method and device for switching network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111182543A true CN111182543A (en) | 2020-05-19 |
| CN111182543B CN111182543B (en) | 2021-10-19 |
Family
ID=70657289
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811341598.5A Active CN111182543B (en) | 2018-11-12 | 2018-11-12 | Method and device for switching network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111182543B (en) |
| WO (1) | WO2020098609A1 (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111182540A (en) * | 2018-12-14 | 2020-05-19 | 维沃移动通信有限公司 | Data transmission guaranteeing method and communication equipment |
| CN111465011A (en) * | 2019-01-18 | 2020-07-28 | 华为技术有限公司 | Cross-network access method, device, storage medium and communication system |
| CN111669214A (en) * | 2020-05-25 | 2020-09-15 | 南通先进通信技术研究院有限公司 | Onboard voice communication method and system based on airborne WiFi |
| CN112423301A (en) * | 2020-11-02 | 2021-02-26 | 中国联合网络通信集团有限公司 | Private network registration management method and AMF network element |
| WO2021235857A1 (en) * | 2020-05-21 | 2021-11-25 | 삼성전자 주식회사 | Method and apparatus retrieving and selecting server for terminal authentication and subscriber data transmission |
| CN113727342A (en) * | 2020-05-22 | 2021-11-30 | 华为技术有限公司 | Network registration method and device |
| CN113766500A (en) * | 2020-05-22 | 2021-12-07 | 华为技术有限公司 | Network access method, device and system |
| WO2022027171A1 (en) * | 2020-08-03 | 2022-02-10 | Oppo广东移动通信有限公司 | Wireless communication method and device |
| WO2022028030A1 (en) * | 2020-08-07 | 2022-02-10 | 华为技术有限公司 | Slice authentication method and corresponding apparatus |
| CN114079922A (en) * | 2020-08-12 | 2022-02-22 | 华为技术有限公司 | Terminal equipment authentication method, terminal equipment and access network equipment |
| CN114079992A (en) * | 2020-08-13 | 2022-02-22 | 阿里巴巴集团控股有限公司 | Network switching method, user equipment, network entity and storage medium |
| WO2022042598A1 (en) * | 2020-08-26 | 2022-03-03 | 华为技术有限公司 | Communication method and apparatus |
| WO2022067586A1 (en) * | 2020-09-29 | 2022-04-07 | Huawei Technologies Co., Ltd. | Apparatus and method for enabling a user equipment to access one or more second networks |
| WO2022088183A1 (en) * | 2020-11-02 | 2022-05-05 | 华为技术有限公司 | Communication method and apparatus |
| WO2022133808A1 (en) * | 2020-12-23 | 2022-06-30 | Zte Corporation | A method for service continuity |
| CN114765811A (en) * | 2021-01-11 | 2022-07-19 | 中国移动通信有限公司研究院 | Information processing method, device, equipment and readable storage medium |
| CN114786121A (en) * | 2022-04-07 | 2022-07-22 | 中国联合网络通信集团有限公司 | Positioning method, device, system and storage medium |
| WO2023273281A1 (en) * | 2021-06-29 | 2023-01-05 | 华为技术有限公司 | Network handover method and system, and related device |
| CN115835207A (en) * | 2021-09-19 | 2023-03-21 | 华为技术有限公司 | Communication method and communication device |
| WO2023071974A1 (en) * | 2021-10-29 | 2023-05-04 | 华为技术有限公司 | Communication system, communication method, and communication device |
| CN116114212A (en) * | 2020-08-06 | 2023-05-12 | 华为技术有限公司 | Auxiliary information configuration method and communication device |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113747547B (en) * | 2020-05-28 | 2023-05-05 | 维沃移动通信有限公司 | Service acquisition method, device, communication equipment and readable storage medium |
| CN113873520A (en) * | 2020-06-30 | 2021-12-31 | 华为技术有限公司 | Communication method, terminal equipment and wireless access network equipment |
| CN116567050A (en) * | 2022-01-29 | 2023-08-08 | 华为技术有限公司 | Authorization method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101998395A (en) * | 2009-08-27 | 2011-03-30 | 华为技术有限公司 | Authentication vector acquisition method, home server and network system |
| CN102905267A (en) * | 2012-10-11 | 2013-01-30 | 大唐移动通信设备有限公司 | ME (Mobile Equipment) identity authentication method, ME security mode control method, ME identity authentication device and ME security mode control device |
| CN103634929A (en) * | 2013-11-28 | 2014-03-12 | 中国联合网络通信集团有限公司 | Network switching method and system of MIFI equipment |
| CN107018542A (en) * | 2017-03-27 | 2017-08-04 | 中兴通讯股份有限公司 | The processing method of status information, device and storage medium in network system |
| CN108738086A (en) * | 2017-04-21 | 2018-11-02 | 华为技术有限公司 | A kind of method and device of user plane gravity treatment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108738015B (en) * | 2017-04-25 | 2021-04-09 | 华为技术有限公司 | Network security protection method, equipment and system |
-
2018
- 2018-11-12 CN CN201811341598.5A patent/CN111182543B/en active Active
-
2019
- 2019-11-11 WO PCT/CN2019/117182 patent/WO2020098609A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101998395A (en) * | 2009-08-27 | 2011-03-30 | 华为技术有限公司 | Authentication vector acquisition method, home server and network system |
| CN102905267A (en) * | 2012-10-11 | 2013-01-30 | 大唐移动通信设备有限公司 | ME (Mobile Equipment) identity authentication method, ME security mode control method, ME identity authentication device and ME security mode control device |
| CN103634929A (en) * | 2013-11-28 | 2014-03-12 | 中国联合网络通信集团有限公司 | Network switching method and system of MIFI equipment |
| CN107018542A (en) * | 2017-03-27 | 2017-08-04 | 中兴通讯股份有限公司 | The processing method of status information, device and storage medium in network system |
| CN108738086A (en) * | 2017-04-21 | 2018-11-02 | 华为技术有限公司 | A kind of method and device of user plane gravity treatment |
Non-Patent Citations (3)
| Title |
|---|
| INTERDIGITAL INC.: "Solution for supporting Non-standalone NPN,S2-1810275", 《3GPP》 * |
| INTERDIGITAL INC.: "Solution for supporting Non-standalone NPN,S2-1811027", 《3GPP》 * |
| INTERDIGITAL INC.: "Solution for supporting Non-standalone NPN,S2-1811375", 《3GPP》 * |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111182540A (en) * | 2018-12-14 | 2020-05-19 | 维沃移动通信有限公司 | Data transmission guaranteeing method and communication equipment |
| US11777859B2 (en) | 2018-12-14 | 2023-10-03 | Vivo Mobile Communication Co., Ltd. | Method for guaranteeing data transmission and communications device |
| CN111182540B (en) * | 2018-12-14 | 2022-04-22 | 维沃移动通信有限公司 | Data transmission guaranteeing method and communication equipment |
| CN111465011A (en) * | 2019-01-18 | 2020-07-28 | 华为技术有限公司 | Cross-network access method, device, storage medium and communication system |
| CN111465011B (en) * | 2019-01-18 | 2021-07-16 | 华为技术有限公司 | Cross-network access method, device, storage medium and communication system |
| WO2021235857A1 (en) * | 2020-05-21 | 2021-11-25 | 삼성전자 주식회사 | Method and apparatus retrieving and selecting server for terminal authentication and subscriber data transmission |
| CN113766500A (en) * | 2020-05-22 | 2021-12-07 | 华为技术有限公司 | Network access method, device and system |
| CN113727342A (en) * | 2020-05-22 | 2021-11-30 | 华为技术有限公司 | Network registration method and device |
| CN113727342B (en) * | 2020-05-22 | 2022-11-11 | 华为技术有限公司 | Network registration method and device |
| CN111669214A (en) * | 2020-05-25 | 2020-09-15 | 南通先进通信技术研究院有限公司 | Onboard voice communication method and system based on airborne WiFi |
| WO2022027171A1 (en) * | 2020-08-03 | 2022-02-10 | Oppo广东移动通信有限公司 | Wireless communication method and device |
| CN115699979A (en) * | 2020-08-03 | 2023-02-03 | Oppo广东移动通信有限公司 | Wireless communication method and apparatus |
| CN116114212A (en) * | 2020-08-06 | 2023-05-12 | 华为技术有限公司 | Auxiliary information configuration method and communication device |
| WO2022028030A1 (en) * | 2020-08-07 | 2022-02-10 | 华为技术有限公司 | Slice authentication method and corresponding apparatus |
| CN114079922A (en) * | 2020-08-12 | 2022-02-22 | 华为技术有限公司 | Terminal equipment authentication method, terminal equipment and access network equipment |
| CN114079922B (en) * | 2020-08-12 | 2024-07-05 | 华为技术有限公司 | Terminal equipment authentication method, terminal equipment and access network equipment |
| CN114079992A (en) * | 2020-08-13 | 2022-02-22 | 阿里巴巴集团控股有限公司 | Network switching method, user equipment, network entity and storage medium |
| WO2022042598A1 (en) * | 2020-08-26 | 2022-03-03 | 华为技术有限公司 | Communication method and apparatus |
| WO2022067586A1 (en) * | 2020-09-29 | 2022-04-07 | Huawei Technologies Co., Ltd. | Apparatus and method for enabling a user equipment to access one or more second networks |
| WO2022088183A1 (en) * | 2020-11-02 | 2022-05-05 | 华为技术有限公司 | Communication method and apparatus |
| CN112423301A (en) * | 2020-11-02 | 2021-02-26 | 中国联合网络通信集团有限公司 | Private network registration management method and AMF network element |
| CN112423301B (en) * | 2020-11-02 | 2023-12-22 | 中国联合网络通信集团有限公司 | Private network registration management method and AMF network element |
| WO2022133808A1 (en) * | 2020-12-23 | 2022-06-30 | Zte Corporation | A method for service continuity |
| CN114765811A (en) * | 2021-01-11 | 2022-07-19 | 中国移动通信有限公司研究院 | Information processing method, device, equipment and readable storage medium |
| CN114765811B (en) * | 2021-01-11 | 2024-04-19 | 中国移动通信有限公司研究院 | Information processing method, device, equipment and readable storage medium |
| WO2023273281A1 (en) * | 2021-06-29 | 2023-01-05 | 华为技术有限公司 | Network handover method and system, and related device |
| CN115835207A (en) * | 2021-09-19 | 2023-03-21 | 华为技术有限公司 | Communication method and communication device |
| WO2023071974A1 (en) * | 2021-10-29 | 2023-05-04 | 华为技术有限公司 | Communication system, communication method, and communication device |
| CN114786121B (en) * | 2022-04-07 | 2024-06-11 | 中国联合网络通信集团有限公司 | Positioning method, device, system and storage medium |
| CN114786121A (en) * | 2022-04-07 | 2022-07-22 | 中国联合网络通信集团有限公司 | Positioning method, device, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020098609A1 (en) | 2020-05-22 |
| CN111182543B (en) | 2021-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111182543B (en) | Method and device for switching network | |
| KR102264718B1 (en) | Methods of implementing security, and related devices and systems | |
| CN108574969B (en) | Connection processing method and device in multi-access scene | |
| ES2880099T3 (en) | Wireless communication methods and devices and related non-transient storage medium | |
| KR102106044B1 (en) | Service processing method, service processing device, and communication system | |
| US9668285B2 (en) | Methods and apparatus for standalone LTE RAN using unlicensed frequency band | |
| KR20190034283A (en) | Provisioning services by local operators | |
| US20190394684A1 (en) | Method and device for determining a bearer identifier, and storage medium therefor | |
| US9386454B2 (en) | Mechanism usable for validating a communication device for allowing usage of television radio bands/channels | |
| EP3737032B1 (en) | Key updating method and apparatus | |
| CN112105065B (en) | Communication method and communication device | |
| US11483744B2 (en) | Methods and computing device for splitting traffic across multiple accesses | |
| CN113055879B (en) | User identification access method and communication device | |
| CN111316233A (en) | Method and equipment for acquiring UE security capability | |
| WO2013004905A1 (en) | Trusted wireless local area network access | |
| CN110505662B (en) | Policy control method, device and system | |
| CN114762450A (en) | Conflict resolution for protocol data unit session registration and deregistration | |
| CN113630718A (en) | Communication method and device | |
| CN109936444B (en) | Key generation method and device | |
| CN116723507B (en) | Terminal security method and device for edge network | |
| CN115226052A (en) | Data processing method, block chain function device and storage medium | |
| WO2024060626A1 (en) | Authentication method, communication apparatus, and communication system | |
| CN107431919A (en) | Method and apparatus for multithread convergence | |
| CN114885441A (en) | Session management method | |
| WO2018157404A1 (en) | Switching control method, terminal and network side device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |