CN111669754B - Verification method and device - Google Patents

Verification method and device Download PDF

Info

Publication number
CN111669754B
CN111669754B CN202010443819.0A CN202010443819A CN111669754B CN 111669754 B CN111669754 B CN 111669754B CN 202010443819 A CN202010443819 A CN 202010443819A CN 111669754 B CN111669754 B CN 111669754B
Authority
CN
China
Prior art keywords
terminal
nssais
nssai
access network
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010443819.0A
Other languages
Chinese (zh)
Other versions
CN111669754A (en
Inventor
董秋丽
李静
冯毅
李福昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202010443819.0A priority Critical patent/CN111669754B/en
Publication of CN111669754A publication Critical patent/CN111669754A/en
Application granted granted Critical
Publication of CN111669754B publication Critical patent/CN111669754B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A verification method and a verification device relate to the technical field of communication and are used for solving the problem that in the prior art, the verification process of whether a terminal has authority to access a network slice is complicated. The method comprises the following steps: the access network equipment receives M first NSSAIs sent by a terminal, wherein the first NSSAI is the NSSAI requested by the terminal, and M is a positive integer; the access network equipment acquires N second NSSAIs, wherein the second NSSAI is the NSSAI configured by the access network equipment, and N is a positive integer; the access network equipment determines P third NSSAIs according to the M first NSSAIs and the N second NSSAIs, wherein the third NSSAI is both the first NSSAI and the second NSSAI, and P is less than M, N; the access network device sends P third NSSAIs to the terminal. The method is used in the verification process of the access authority of the network slice.

Description

Verification method and device
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a verification method and apparatus.
Background
With the continuous emergence of various communication services, the requirements of different communication services on network performance are significantly different, and the fifth-generation mobile communication (5G) system introduces the concept of Network Slice (NS) to cope with the difference of the requirements of different communication services on network performance. The network slicing technology provides mutually isolated network environments for different application scenes in a mode of simulating an independent logic network on the same network infrastructure, so that different application scenes can customize network functions and characteristics according to respective requirements, and requirements of different services are met.
A terminal device may access one or more network slices. When a network slice is deployed in a network and a terminal device needs to access to a slice, the terminal device may provide a requested Network Slice Selection Assistance Information (NSSAI) to the network, so that the network selects an appropriate access and mobility management function (AMF) entity for the terminal device to connect to an appropriate network slice. NSSAI is a set of single network slice selection assistance information (S-NSSAI).
In the prior art, after a terminal sends a request NSSAI to an access network device, the access network device needs to perform request authentication to a core network, and after receiving an indication that the core network authentication passes, the terminal may be allowed to access a network slice. Therefore, in the prior art, the process of verifying whether the terminal has the authority to access the network slice is complicated at the network side, so that resource waste is caused, and the service experience of the terminal equipment is finally influenced.
Disclosure of Invention
The embodiment of the invention provides a verification method and a verification device, which are used for optimizing a verification process of a terminal access network slice and reducing unnecessary resource waste.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, a verification method is provided, including: the method comprises the steps that access network equipment receives M pieces of first network slice selection auxiliary information NSSAI sent by a terminal, wherein the first NSSAI is NSSAI supported by the terminal, and M is a positive integer; the access network equipment acquires N second NSSAIs, wherein the second NSSAI is the NSSAI configured by the access network equipment, and N is a positive integer; the access network equipment determines P third NSSAIs according to the M first NSSAIs and the N second NSSAIs, wherein the third NSSAI is both the first NSSAI and the second NSSAI, and P is an integer smaller than M, N; finally, in case that P is not 0, the access network device sends P third NSSAIs to the terminal.
Based on the above technical solution, in the verification method provided by the present invention, first, the access network device receives M first network slice selection auxiliary information NSSAIs sent by the terminal, where the first NSSAI is an NSSAI supported by the terminal, and M is a positive integer. The access network device may then determine the network slice information requested by the end user. After that, the access network device obtains N second NSSAIs, where the second NSSAI is an NSSAI configured by the access network device, and N is a positive integer; therefore, the access network equipment can configure the network slices supported by the current base station without interacting with the AMF. Finally, the access network device determines P third NSSAIs according to the M first NSSAIs and the N second NSSAIs, where the third NSSAI is both the first NSSAI and the second NSSAI. Then, in case that P is not 0, the access network device sends P third NSSAIs to the terminal. The invention advances the verification process through the configuration of the access network side, so that the verification of the terminal access network slice can be completed on the access network side, and the verification can be completed without the indication of a core network, thereby reducing unnecessary resource waste and improving the service experience of the terminal equipment.
In a second aspect, there is provided an authentication apparatus comprising: the terminal comprises a receiving module, a selecting module and a selecting module, wherein the receiving module is used for receiving M pieces of first network slice selection auxiliary information NSSAI sent by the terminal, the first NSSAI is NSSAI supported by the terminal, and M is a positive integer; the acquisition module acquires N second NSSAIs, wherein the second NSSAIs are NSSAIs configured by the access network equipment, and N is a positive integer; a determining module, configured to determine P third NSSAIs according to the M first NSSAIs and the N second NSSAIs, where the third NSSAI is both the first NSSAI and the second NSSAI, and P is a positive integer less than M, N; and a sending module, configured to send the P third NSSAIs to the terminal.
In a third aspect, a communication device is provided that includes a memory, a processor, a bus, and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus; when the communication device is running, the processor executes the computer-executable instructions stored by the memory to cause the communication device to perform the authentication method as described in the first aspect and any one of the possible implementations of the first aspect.
In a fourth aspect, there is provided a computer-readable storage medium comprising computer-executable instructions that, when executed on a computer, cause the computer to perform the authentication method as described in the first aspect and any one of the possible implementations of the first aspect.
In a fifth aspect, the present invention provides a computer program product comprising instructions for causing a computer to perform the authentication method described in the first aspect and any one of the possible implementations of the first aspect, when the computer program product runs on a computer.
In a sixth aspect, an embodiment of the present invention provides a chip, where the chip includes a processor and a communication interface, where the communication interface is coupled to the processor, and the processor is configured to execute a computer program or instructions to implement the verification method as described in the first aspect and any possible implementation manner of the first aspect.
Drawings
FIG. 1 is a schematic flow chart of a prior art authentication method;
fig. 2 is a schematic diagram of a communication system architecture according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a network slice management system according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a verification method according to an embodiment of the present invention;
FIG. 5 is a flow chart of another verification method provided by the embodiment of the invention;
fig. 6 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a communication device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone.
The terms "first" and "second" and the like in the description of the present invention and the drawings are used for distinguishing different objects or for distinguishing different processes for the same object, and are not used for describing a specific order of the objects.
Furthermore, the terms "comprising" and "having" and any variations thereof as referred to in the description of the invention are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, in the embodiments of the present invention, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described as "exemplary" or "e.g.," an embodiment of the present invention is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the description of the present invention, the meaning of "a plurality" means two or more unless otherwise specified.
In order to facilitate understanding of the technical solutions of the present invention, the terms related to the present invention will be briefly described below.
1. Network slicing
A network slice refers to a different logical network, customized according to different service requirements, on top of a physical or virtual network infrastructure.
2. Network Slice Selection Assistance Information (NSSAI)
The NSSAI includes one or more S-NSSAIs, one for identifying a particular class of network slices. Wherein, the S-NSSAI is composed of a service type (SST) and a Slice Differentiator (SD). SST includes standardized and operator-defined types; SD is optional information that supplements SST to distinguish multiple network slices of the same SST.
3. Request (Requested) NSSAI
The Requested NSSAI is a terminal-Requested NSSAI, which comprises one or more S-NSSAIs.
4. Configuration (Configured) NSSAI
Configured NSSAI is Configured for the service network to the NSSAI used by the terminal, and represents a network slice supported by the network side.
5. Allowed (Allowed) NSSAI
Allowed NSSAI is an NSSAI that is Allowed for use by a terminal by a current registration area network provided by a serving network, and comprises one or more S-NSSAIs
6. Network Slice Management Function (NSMF)
The NSMF is mainly configured to receive parameter information of a network slice sent by a Communication Service Management Function (CSMF); the lifecycle (for example, creating a new network slice, or terminating an already established network slice, etc.), performance, failure, etc. of a network slice are managed (hereinafter, lifecycle, performance, failure management are simply referred to as management), and optionally, a network slice subnet management request may also be sent to each network slice subnet management function NSSMF.
7. Radio Resource Control (RRC)
The RRC is configured to allocate radio resources and send related signaling, thereby completing the management and allocation functions of the radio resources.
The above is an introduction of terms related to embodiments of the present invention, and the details are not described below.
As shown in fig. 1, a specific process of network slice configuration in the existing terminal registration process is as follows:
step 1, the terminal initiates a Registration Request (Registration Request), and sends the Registration Request carrying the identity identifier or the network slice selection information to the access network equipment.
And 2, after receiving the Registration Request sent by the terminal, the access network equipment selects the AMF.
Step 3, the AMF selects an authentication server function (AUSF) based on the International Mobile Subscriber Identity (IMSI) of the terminal, and performs access authentication for the terminal.
And 4, after the authentication is successful, the AMF initiates a position updating request to a Unified Data Management (UDM) module.
And 5, the AMF acquires a user subscription strategy from the UDM.
And step 6, if the terminal carries the session information in the registration request, the AMF updates the previous Session Management Function (SMF).
Step 7, the AMF sends a registration acceptance message to the terminal, and the registration acceptance message carries the NSSAI; the allowed NSSAI is an NSSAI that is allowed to be used by a terminal for a current registration area network provided by a serving network, and includes one or more S-NSSAIs.
It can be seen from the above process that, in the prior art, after the terminal sends the NSSAI request to the access network device, the access network device needs to perform authentication request to the core network, and after receiving an indication that the core network is authenticated, the terminal may be allowed to access the network slice. Therefore, in the prior art, the process of verifying whether the terminal has the authority to access the network slice is complicated at the network side, so that resource waste is caused, and the service experience of the terminal equipment is finally influenced.
As shown in fig. 2, a communication system provided in an embodiment of the present invention includes a terminal, an access network, and a network slice management system.
Wherein, the terminal can be: user Equipment (UE), access terminal, terminal unit, terminal station, mobile station, remote terminal, mobile device, wireless communication device, vehicular user equipment, terminal agent, or terminal device, etc. Optionally, the terminal may be various handheld devices, vehicle-mounted devices, wearable devices, and computers with communication functions, which is not limited in this embodiment of the present application. For example, the handheld device may be a smartphone. The in-vehicle device may be an in-vehicle navigation system. The wearable device may be a smart bracelet. The computer may be a Personal Digital Assistant (PDA) computer, a tablet computer, and a laptop computer.
The access network may be used to provide network access services to the terminal. In a specific implementation, the access network includes one or more access network devices, and the access network device may be a base station, where the base station may be a base station (enode B, gNB) in 5G communication, or may also be an evolved node B (evolved eNodeB) in evolved LTE, or other devices that support network slicing.
A network slice management system is a part for managing network slices in a communication network. Referring to fig. 3, the network slice management system may include a Communication Service Management Function (CSMF) module, a Network Slice Management Function (NSMF) module, and a Network Slice Subnet Management Function (NSSMF) module.
The CSMF module may be responsible for converting a communication service requirement of the operator and/or a third party customer into a requirement for a network (slicing), sending the requirement for the network slicing (such as a request for creating, terminating, and modifying an instance of the network slicing) to the NSMF through an interface with the NSMF, obtaining management data (such as performance, fault data) of the network slicing from the NSMF, generating management data of a communication service running on the instance of the network slicing, receiving a subscription requirement of the operator and/or the third party customer for the network slicing management data and/or the management data of the communication service, and the like.
The NSMF module may be responsible for receiving a network slice requirement sent by the CSMF, managing a life cycle, performance, and failure of a network slice instance (hereinafter, life cycle, performance, and failure management is referred to as management for short), arranging a composition of the network slice instance, decomposing the requirement of the network slice instance into a requirement of each network slice subnet instance and/or a network function, and sending a network slice subnet instance management request to each NSSMF.
The three modules are modules for network slice management in a management system, and the embodiment of the invention does not limit the positions of the three modules and whether the three modules exist independently.
The embodiments of the present invention will be specifically described below with reference to the drawings attached to the specification.
As shown in fig. 4, a verification method provided in an embodiment of the present invention includes:
s101, the access network equipment receives M first NSSAIs sent by the terminal.
Wherein M is a positive integer. The first NSSAI is a terminal-supported NSSAI. The first NSSAI may have other names, such as a Requested NSSAI, and the embodiments of the present invention are not limited thereto.
In the first implementation manner of step S101, in the registration process of the terminal, the access network device receives a registration request message sent by the terminal. Wherein, the registration request message includes M first NSSAIs.
In the second implementation manner of step S102, in the process of requesting to establish the RRC connection by the terminal, the access network device receives an RRC establishment request message sent by the terminal. Wherein, the RRC setup request message includes M first NSSAIs.
For example, an Information Element (IE) may be added to the RRC setup request message, where the IE is used to indicate the NSSAI requested by the terminal, and the request message with the IE is sent to the access network device. For example, an IE-added RRC establishment request code template is as follows:
Figure BDA0002504953830000071
in the RRC establishment request code template, S-NSSAI-List SEQUENCE (SIZE (1.. maxNrofS-NSSAI)) OF S-NSSAI OPTIONAL is a newly added IE.
It should be noted that, in the prior art, a verification process of whether the terminal has the right to access the network slice is generally performed in a registration procedure. Based on the second implementation manner of step S101, the present invention advances the verification process to the RRC connection procedure. Therefore, if the network side determines that the terminal does not have the authority to access the network slice, the network side may not perform RRC connection with the terminal or accept registration of the terminal, thereby saving corresponding signaling overhead.
S102, the access network equipment acquires N second NSSAIs.
Wherein N is a positive integer. The second NSSAI is an NSSAI configured for access network equipment. The second NSSAI may also have other names, such as Configured NSSAI, to which embodiments of the present invention are not limited.
In one possible design, the NSSMF in the network slice management system is preconfigured with network-supported slice identity Information (ID), and the access network device receives a network-supported slice ID list sent by the NSSMF, where the slice ID list is used to indicate N second NSSAIs.
It can be understood that the access network device may obtain the slice information supported by the network side by receiving the NSSAI configuration mode in the NSSMF, instead of obtaining the slice information supported by the network side only by interacting with the AMF in the access network device in the prior art. The present embodiment provides support for the access device to verify the access of the terminal through step S102.
S103, the access network equipment determines P third NSSAIs according to the M first NSSAIs and the N second NSSAIs.
Wherein P is an integer less than M, N. The third NSSAI is the NSSAI requested by the terminal and configured by the access network device. That is, the third NSSAI is both the first NSSAI and the second NSSAI. The third NSSAI may also have other names, such as Allowed NSSAI, for example, and embodiments of the present invention are not limited thereto.
For example, the access network device receives 4 first NSSAIs transmitted by the terminal, which are NSSAI #1, NSSAI #2, NSSAI #3, and NSSAI #4, respectively. The access network equipment acquires 3 second NSSAIs, NSSAI #1, NSSAI #2, and NSSAI #5, respectively. Thus, the access network device may determine NSSAI #1 and NSSAI #2 as the third NSSAI.
It should be noted that, in comparison with the prior art in which the core network element determines P third NSSAIs and then sends the third NSSAIs to the access network device, in the embodiment of the present invention, the access network device determines P third NSSAIs, which reduces interaction between the access network device and the core network element, thereby achieving the purposes of saving signaling overhead and reducing time delay.
And S104, when the P is not 0, the access network equipment sends P third NSSAIs to the terminal.
Based on the above technical solution, the authentication method provided by the present invention first receives M first NSSAIs sent by the terminal through the access network device, so that the access network device can determine the network slice information requested by the terminal user. After that, the access network device acquires N second NSSAIs, thereby configuring a network slice supported by the current base station. Finally, the access network device determines P third NSSAIs according to the M first NSSAIs and the N second NSSAIs, where the third NSSAI is both the first NSSAI and the second NSSAI, that is, a network slice to which the terminal can access. The invention advances the verification process through the configuration of the access network side, so that the verification of the terminal access network slice can be completed at the access network side, thereby reducing unnecessary resource waste and improving the service experience of the terminal equipment.
Further, on the basis of the implementation manner two adopted in step S101, as shown in fig. 5, the verification method provided in the embodiment of the present invention may further include:
and S105, the access network equipment sends an RRC connection rejection message to the terminal under the condition that the P is 0.
Wherein the RRC connection reject message is used to reject access of the terminal. Or, the RRC connection reject message is used to reject establishment of an RRC connection with the terminal.
It can be understood that, in the case that P is 0 (that is, there is no third NSSAI), the access network device cannot provide the terminal with the appropriate network slice, so that even if the terminal accesses the access network device, the terminal cannot access the network slice, which affects normal use of the terminal. For this purpose, the access network device sends an RRC connection reject message to the terminal to reject access of the terminal, so that the terminal can access other more suitable access network devices.
In the embodiment of the present invention, the network device may be divided into functional modules or functional units according to the above method examples, for example, each functional module or functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module may be implemented in a form of hardware, or may be implemented in a form of a software functional module or a functional unit. The division of the modules or units in the embodiments of the present invention is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
As shown in fig. 6, which is a schematic structural diagram of an authentication apparatus provided in an embodiment of the present invention, the apparatus includes: a receiving module 401, an obtaining module 402, a determining module 403, and a sending module 404, where the receiving module 401 is configured to receive M first NSSAIs sent by a terminal, where the first NSSAI is an NSSAI requested by the terminal, and M is a positive integer; the obtaining module 402 is configured to obtain N second NSSAIs, where the second NSSAI is an NSSAI configured by the access network device, and N is a positive integer; the determining module 403 is configured to determine P third NSSAIs according to the M first NSSAIs and the N second NSSAIs, where P is less than M, N, where the third NSSAI is an NSSAI requested by the terminal and configured by the access network device; the sending module 404 is configured to send the P third NSSAIs to the terminal.
In one possible design, the receiving module 401 is specifically configured to receive a registration message sent by the terminal, where the registration message includes M first NSSAIs.
In a possible design, the receiving module 401 is further configured to receive a radio resource control RRC setup request message sent by the terminal, where the RRC setup request message includes the M first NSSAIs.
In a possible design, the sending module 404 is further configured to send an RRC connection reject message to the terminal, where P is 0, and the RRC connection reject message is used to reject access of the terminal.
In the case where the authentication device shown in fig. 6 is implemented as the communication device shown in fig. 7, the processor 502 is configured to control and manage the actions of the device, e.g., perform the steps performed by the classification module, the determination module, and/or other processes for performing the techniques described herein. The memory 501 is used to store program code and data for the communication device, such as to perform the steps performed by the above-described memory modules, and/or other processes for performing the techniques described herein.
The communication device shown in fig. 7 may also include a communication interface 503 and a bus 504. The communication interface 503 is used to enable the communication apparatus to communicate with other devices.
The processor 502 may implement or execute various exemplary logical blocks, units and circuits described in connection with the present disclosure. The processor may be a central processing unit, general purpose processor, digital signal processor, application specific integrated circuit, field programmable gate array or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, units, and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, DSPs, and microprocessors, among others.
Memory 501 may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, a hard disk, or a solid state disk; the memory may also comprise a combination of memories of the kind described above.
The bus 504 may be an Extended Industry Standard Architecture (EISA) bus or the like. The bus 504 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
It can be clearly understood by those skilled in the art from the foregoing description of the embodiments that, for convenience and simplicity of description, only the division of each functional unit is illustrated, and in practical applications, the above function allocation may be completed by different functional units according to needs, that is, the internal structure of the device may be divided into different functional units to complete all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
The embodiment of the present invention further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by a computer, the computer executes each step in the method flow shown in the above method embodiment.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, and a hard disk. Random Access Memory (RAM), Read-Only Memory (ROM), Erasable Programmable Read-Only Memory (EPROM), registers, a hard disk, an optical fiber, a portable Compact disk Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium, in any suitable combination, or as appropriate in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuit (ASIC). In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions within the technical scope of the present invention are intended to be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A method of authentication, the method comprising:
the method comprises the steps that access network equipment receives M pieces of first network slice selection auxiliary information NSSAI sent by a terminal, wherein the first NSSAI is the NSSAI requested by the terminal, and M is a positive integer;
the access network equipment acquires N second NSSAIs, wherein the second NSSAI is the NSSAI configured by the access network equipment, and N is a positive integer;
the access network device determines P third NSSAIs according to the M first NSSAIs and the N second NSSAIs, where the third NSSAI is an NSSAI requested by the terminal and configured by the access network device, and P is an integer less than M, N;
and under the condition that P is not 0, the access network equipment sends the P third NSSAIs to the terminal.
2. The authentication method according to claim 1, wherein the receiving, by the access network device, the M first network slice selection assistance information NSSAIs sent by the terminal includes:
and the access network equipment receives a registration message sent by a terminal, wherein the registration message comprises the M first NSSAIs.
3. The authentication method according to claim 1, wherein the receiving, by the access network device, the M first network slice selection assistance information NSSAIs sent by the terminal includes:
and the access network equipment receives a Radio Resource Control (RRC) establishment request message sent by a terminal, wherein the RRC establishment request message comprises the M first NSSAIs.
4. The authentication method of claim 3, further comprising:
and under the condition that the P is 0, the access network equipment sends an RRC connection rejection message to the terminal, wherein the RRC connection rejection message is used for rejecting the access of the terminal.
5. An authentication apparatus, comprising:
a receiving module, configured to receive M first network slice selection auxiliary information NSSAIs sent by a terminal, where the first NSSAI is an NSSAI requested by the terminal, and M is a positive integer;
an obtaining module, configured to obtain N second NSSAIs, where the second NSSAI is an NSSAI configured by an access network device, and N is a positive integer;
a determining module, configured to determine P third NSSAIs according to the M first NSSAIs and the N second NSSAIs, where the third NSSAI is an NSSAI requested by the terminal and configured by the access network device, and P is an integer less than M, N;
a sending module, configured to send the P third NSSAIs to the terminal when P is not 0.
6. The authentication apparatus according to claim 5,
the receiving module is specifically configured to receive a registration message sent by a terminal, where the registration message includes the M first NSSAIs.
7. The authentication apparatus according to claim 5,
the receiving module is further configured to receive a radio resource control RRC establishment request message sent by the terminal, where the RRC establishment request message includes the M first NSSAIs.
8. The authentication device according to claim 7,
the sending module is further configured to send an RRC connection reject message to the terminal when P is 0, where the RRC connection reject message is used to reject access of the terminal.
9. A communications device comprising a processor and a memory, the memory storing program instructions which, when executed by the processor, are adapted to implement the authentication method of any one of claims 1 to 4.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises program instructions which, when executed by a computer, the computer is adapted to implement the authentication method of any one of claims 1 to 4.
CN202010443819.0A 2020-05-22 2020-05-22 Verification method and device Active CN111669754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010443819.0A CN111669754B (en) 2020-05-22 2020-05-22 Verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010443819.0A CN111669754B (en) 2020-05-22 2020-05-22 Verification method and device

Publications (2)

Publication Number Publication Date
CN111669754A CN111669754A (en) 2020-09-15
CN111669754B true CN111669754B (en) 2022-09-02

Family

ID=72384404

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010443819.0A Active CN111669754B (en) 2020-05-22 2020-05-22 Verification method and device

Country Status (1)

Country Link
CN (1) CN111669754B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259879B (en) * 2021-05-12 2022-08-12 中国联合网络通信集团有限公司 Roaming payment method, system, terminal device and storage medium based on block chain
CN114448643B (en) * 2022-02-14 2024-03-26 中国电信股份有限公司 Network slice data verification method and related equipment thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018166306A1 (en) * 2017-03-17 2018-09-20 华为技术有限公司 Core network control plane device selection method and apparatus
CN109462885A (en) * 2018-12-14 2019-03-12 维沃移动通信有限公司 A kind of network slice register method and terminal
CN109788493A (en) * 2017-11-13 2019-05-21 中国移动通信有限公司研究院 Network is sliced generation method, network side equipment and terminal
CN110662261A (en) * 2018-06-30 2020-01-07 华为技术有限公司 Resource allocation method and device for network slices
CN110800332A (en) * 2017-06-29 2020-02-14 华为国际有限公司 Network slice distribution method, equipment and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109964509B (en) * 2016-11-18 2021-10-29 Lg 电子株式会社 Method for selecting network node in wireless communication system and apparatus therefor
US11539699B2 (en) * 2018-08-13 2022-12-27 Lenovo (Singapore) Pte. Ltd. Network slice authentication
US11076347B2 (en) * 2018-10-01 2021-07-27 Zte Corporation Coexistent slicing group support in network slicing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018166306A1 (en) * 2017-03-17 2018-09-20 华为技术有限公司 Core network control plane device selection method and apparatus
CN108632808A (en) * 2017-03-17 2018-10-09 华为技术有限公司 Core network control surface device selection method and device
CN110800332A (en) * 2017-06-29 2020-02-14 华为国际有限公司 Network slice distribution method, equipment and system
CN109788493A (en) * 2017-11-13 2019-05-21 中国移动通信有限公司研究院 Network is sliced generation method, network side equipment and terminal
CN110662261A (en) * 2018-06-30 2020-01-07 华为技术有限公司 Resource allocation method and device for network slices
CN109462885A (en) * 2018-12-14 2019-03-12 维沃移动通信有限公司 A kind of network slice register method and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
S2-1901572 "Support of mutually exclusive access to Network Slices";Ericsson等;《3GPP tsg_sa\wg2_arch》;20190219;全文 *

Also Published As

Publication number Publication date
CN111669754A (en) 2020-09-15

Similar Documents

Publication Publication Date Title
US11032858B2 (en) Network access method, terminal, access network, and core network
CN110351828B (en) Positioning method and device
CN110691384B (en) Network slice using method and device
CN111225348B (en) Application instance migration method and multi-access edge computing host
CN109547231B (en) Network slice management method and device
CN114271016A (en) Session admission control method and device based on priority
CN111669754B (en) Verification method and device
CN111417111A (en) Data processing method and network equipment
CN110891266B (en) Network roaming method, device, terminal equipment and storage medium
WO2018045983A1 (en) Information processing method and device, and network system
CN111586716B (en) Network slice deployment method and device
CN110832909B (en) Network registration method, related equipment and system
CN112399523B (en) URSP checking method and device
CN111093160B (en) Calling method, equipment and system
CN112019378B (en) Troubleshooting method and device
CN114727361A (en) Processing method and device for network function selection and network equipment
CN114513799A (en) Strategy notification method, equipment and storage medium
CN110461023B (en) Cell residence method and device for voice service, storage medium and main base station
CN113422772B (en) Private network terminal access processing method and device and electronic equipment
CN112492592A (en) Authorization method under multiple NRF scenes
CN113923660B (en) Authentication method, equipment and storage medium for terminal to access local area network
CN116321112A (en) 5G terminal NSA (service oriented architecture) SA (SA upgrading method and device, computer equipment and storage medium
CN111885583B (en) Network sharing method and device
CN112566052B (en) Terminal determination method and device
CN114339720A (en) Cloud card authentication method, device, terminal and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant