CN112788709B - Access control method and device based on closed access group - Google Patents
Access control method and device based on closed access group Download PDFInfo
- Publication number
- CN112788709B CN112788709B CN201911090226.4A CN201911090226A CN112788709B CN 112788709 B CN112788709 B CN 112788709B CN 201911090226 A CN201911090226 A CN 201911090226A CN 112788709 B CN112788709 B CN 112788709B
- Authority
- CN
- China
- Prior art keywords
- cag
- terminal
- access
- list
- target cell
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
- H04W48/10—Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/20—Selecting an access point
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/18—Management of setup rejection or failure
Abstract
The application discloses a method and a device for controlling access based on a closed access group, wherein the method comprises the following steps: a base station receives a context establishment request message sent by a core network; the base station determines whether a first closed access group identification (CAG ID) list and a second CAG ID list supported by a target cell accessed by the terminal have the same CAG ID, and determines whether to access the terminal to the target cell according to a judgment result; the first CAG ID list is a CAG ID list supported in the terminal subscription process. The method and the device are used for solving the technical problem that the cell access is unsuccessful to a certain extent in the closed access group access control method in the prior art.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for access control based on a closed access group.
Background
At present, a private Network deployed based on a Public Land Mobile Network (PLMN) may be implemented by using technical means such as slicing, but a slicing method cannot prevent a terminal from initially accessing a Network, so that a CAG (Closed Access Group) method is used for Access control, and only a user terminal authorized to Access a CAG cell can normally Access the private Network. There is a unique CAG ID under the PLMN to uniquely identify a CAG.
In the prior art, the user access of the private network deployed based on the public PLMN network may be that, after the terminal supporting CAG selects a CAG cell, a specific procedure of user access and authentication process is initiated (as shown in fig. 1):
step 101, UE (User Equipment) sends MSG5 to a base station; the NAS (Non-Access Stratum) message of the MSG5 includes CAG related information of the UE;
102, the base station transparently transmits the NAS message to a core network in the initial UE message;
103, the core network performs access control, compares whether the CAG ID selected by the UE is in a CAG ID list allowed by the user, and rejects the user access if the CAG ID is not in the list; if the access request is in the list, the subsequent access process is triggered.
Step 104, NAS message process, which may specifically include authentication, encryption and other flows;
step 105, the core network sends a context establishment request message to the base station, wherein the request message comprises a CAG ID list allowed by the UE;
step 106, the base station sends an air interface message to the terminal, which may be an encryption and RRC reconfiguration process;
step 107, the base station sends a context establishment response to the core network, and completes the context establishment.
In the existing admission control flow based on the CAG, the core network judges whether the CAG ID selected by the UE access is in the CAG ID list allowed by the user, so as to perform access control. That is to say, the core network can only determine whether the UE can access the core network according to the CAG ID provided when the UE accesses and the originally stored CAG ID list supported by the UE, but many factors besides the UE itself may affect whether the UE can successfully access when the UE specifically accesses, so that the problem of unsuccessful cell access may occur to some extent in this manner.
Disclosure of Invention
The embodiment of the application provides a method and a device for access control based on a closed access group, which are used for solving the technical problem that the access control method of the closed access group in the prior art has unsuccessful cell access to a certain extent.
In a first aspect, an embodiment of the present application provides an access control method based on a closed access group, including:
a base station receives a context establishment request message sent by a core network;
the base station judges whether a first closed access group identification CAG ID list and a second CAG ID list supported by a target cell accessed by the terminal have the same CAG ID, and determines whether to access the terminal to the target cell according to a judgment result; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
In one possible implementation, the determining whether to access the terminal to the target cell according to the determination result includes:
if the first CAG ID list and the second CAG ID list have the same CAG ID, the terminal is accessed to the target cell; and if not, rejecting the terminal to access the target cell.
In a possible implementation manner, after the rejecting the terminal to access the target cell, the method further includes:
the base station feeds back a context establishment failure message to a core network, and the context establishment failure message carries a failure reason; wherein the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In a possible implementation manner, the context setup request message includes the first CAG ID list.
In a possible implementation manner, before the base station receives a context setup request message sent by a core network and allowing a terminal to access a target cell, the method further includes:
the base station carries a CAG ID list supported by a cell supporting CAG access control in a broadcast message for broadcasting; and enabling the target terminal to select the CAG ID to be used to access the cell according to the broadcast message.
In a second aspect, a closed access group-based access control method is provided, including:
a core network sends a context establishment request message to a base station;
receiving a context establishment failure message fed back by the base station; wherein, the context establishment failure message carries a failure reason; the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In a third aspect, a base station based on closed access group access control is provided, the base station includes a processor and a memory, the memory is used for storing programs executable by the processor, and the processor is used for reading the programs in the memory and executing the following steps:
receiving a context establishment request message sent by a core network;
judging whether a first closed access group identification (CAG ID) list and a second CAG ID list supported by a target cell accessed by a terminal have the same CAG ID, and determining whether the terminal is accessed to the target cell according to a judgment result; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
In a possible implementation manner, the processor is specifically configured to access the terminal to the target cell if the first CAG ID list and the second CAG ID list have the same CAG ID; and if not, rejecting the terminal to access the target cell.
In a possible implementation manner, the processor is further configured to feed back a context setup failure message to a core network after the terminal is denied to access the target cell, and carry a failure reason in the context setup failure message; wherein the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In a possible implementation manner, the context setup request message includes the first CAG ID list.
In a possible implementation manner, the processor is further configured to carry a CAG ID list supported by a cell supporting CAG access control in a broadcast message; and enabling the target terminal to select the CAG ID to be used to access the cell according to the broadcast message.
In a fourth aspect, a core network device based on closed access group access control is provided, where the core network device includes a processor and a memory, the memory is used to store a program executable by the processor, and the processor is used to read the program in the memory and execute the following steps:
a context establishment request message sent to the base station;
receiving a context establishment failure message fed back by the base station; wherein, the context establishment failure message carries a failure reason; the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In a fifth aspect, an apparatus for closed access group access control is provided, including:
a receiving unit, configured to receive a context establishment request message sent by a core network;
a determining unit, configured to determine whether a first closed access group identifier CAG ID list and a second CAG ID list supported by a target cell to which a terminal is accessed have the same CAG ID, and determine whether to access the terminal to the target cell according to a determination result; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
In an optional implementation manner, the determining unit is specifically configured to access the terminal to the target cell if the first CAG ID list and the second CAG ID list have the same CAG ID; and if not, rejecting the terminal to access the target cell.
In an alternative embodiment, the apparatus further comprises:
a sending unit, configured to feed back a context setup failure message to a core network, where the context setup failure message carries a failure reason; wherein the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In an optional embodiment, the context setup request message includes the first CAG ID list.
The sending unit is further configured to send a broadcast message, where the broadcast message carries a CAG ID list supported by a cell supporting CAG access control; and enabling the target terminal to select the CAG ID to be used to access the cell according to the broadcast message.
In a sixth aspect, an apparatus for access control based on closed access group is provided, which includes:
a sending unit, configured to send a context establishment request message to a base station;
a receiving unit, configured to receive a context setup failure message fed back by the base station; wherein, the context establishment failure message carries a failure reason; the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In a seventh aspect, a computer-readable storage medium is provided, on which a computer program is stored, which, when executed by a processor, implements the method for closed access group access control based on the first aspect, the second aspect and any possible implementation manner of the first aspect and the second aspect.
In the method and the device provided by the embodiment of the application, in order to support access control based on the CAG, besides the access control based on the CAG ID list allowed by the user of the core network, secondary access control based on the access cell is also performed on the base station (whether the first CAG ID list and the second CAG ID list have the same CAG ID is judged), and whether the terminal allowed to be accessed by the core network can be accessed to the target cell is further determined. By the method, the condition that an illegal user accesses an unsupported cell can be effectively avoided.
In addition, secondary access control based on CAG access is carried out in the process of establishing the context, if the CAG ID list supported by the cell and the CAG ID list in the context establishing request message have the same CAG ID, the user is allowed to access, otherwise, the context establishing failure is replied. And a new failure cause value is added in the context establishment failure message to mark the CAG ID check failure. The core network can determine the terminal which is accessed according to the failure cause value, and the specific reason that the terminal cannot be accessed is caused when the terminal is accessed into a specific cell, so that an analysis basis is provided for the follow-up check for determining the access failure of the terminal.
Drawings
Fig. 1 is a schematic flow chart of user access of a private network deployed based on a public PLMN network in the prior art;
fig. 2 is a flowchart of an access control method based on a closed access group according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a base station based on closed access group access control according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a core network device based on closed access group access control according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus based on closed access group access control according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an apparatus based on closed access group access control according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a base station device according to an embodiment of the present invention.
Detailed Description
The technical solution in the present application will be described below with reference to the accompanying drawings.
It should be understood that the technical solution of the embodiment of the present invention may be applied to a Long Term Evolution (LTE) architecture, and may also be applied to a Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access Network (UTRAN) architecture, or a Radio Access Network (GSM EDGE Radio Access Network, GERAN) architecture of a Global System for Mobile communications (GSM)/Enhanced Data Rate GSM Evolution (Enhanced Data Rate for GSM Evolution, EDGE) System. In the UTRAN architecture or/GERAN architecture, the function of MME is completed by Serving GPRS Support Node (SGSN), and the function of SGW/PGW is completed by Gateway GPRS Support Node (GGSN). The technical solution of the embodiment of the present invention may also be applied to other communication systems, such as a Public Land Mobile Network (PLMN) system, and even a future 5G communication system or a communication system after 5G, and the like, which is not limited in the embodiment of the present invention.
In the existing UE access process of a private network deployed based on a public PLMN network, a base station broadcasts a PLMN and a CAG ID supported by a cell, and the UE selects a CAG ID used by the UE according to the CAG ID broadcast by the base station; in this way, the CAG ID selected by the UE must be supported by both the cell and the UE. But the terminal may force to select a CAG ID not supported by the cell for access based on various reasons;
based on the existing access checking mechanism, after the UE selects the CAG ID and sends the selected result to the core network, the core network judges whether the CAG ID selected by the UE access is in a CAG ID list allowed by the user to determine whether the UE is accessed. According to the access judgment method, it can be determined that the core network does not consider the situation of the cell when judging whether to access the UE, and only judges whether the CAG ID selected by the UE meets the subscription requirement of the UE itself, but in the prior art, the factor of the UE itself only determines a part of the factors whether the UE can access, and in addition, the situation of the cell needs to be combined to determine whether the UE can access successfully, for example, the combination of the access types of different types of cells and terminals corresponds to multiple access situations corresponding to the following table 1:
TABLE 1
For the various access situations provided in table 1 and the existing determination mechanism of the core network, if the core network determines that the core network is CAG access, since the core network cannot know the specific information of the cell level and cannot know the CAG ID list supported by the cells configured by each cell, the core network may only determine that the CAG ID selected by the UE meets the UE subscription requirement, but based on the above-mentioned UE, the core network may forcibly select a CAG ID not supported by the cell for access, and may not determine whether the UE may access a specific cell (because whether the cell supports the CAG ID selected by the UE or not the core network is not determined). That is, the core network can only determine whether the UE can access the core network, but cannot determine whether the UE can access the cell, so that the base station may sometimes determine that the UE can access the cell, but finally the access fails.
In view of the above problems, an embodiment of the present application provides an access control method based on a closed access group, where in the method, except for determining whether a UE can be accessed by a core network, a terminal is determined to be accessible by a core network CAG access control, and then after sending a context establishment request message to a base station, the base station determines whether a first closed access group identifier (CAG ID) list and a second CAG ID list supported by a target cell to which the terminal is accessed have the same CAG ID, and determines whether to access the terminal to the target cell according to a determination result; wherein the first CAG ID list is a CAG ID list supported in the terminal subscription process.
That is, in the embodiment of the present application, after the core network determines that the UE can access according to the CAG ID provided when the UE accesses, the base station device further performs a CAG access control judgment again according to the CAG ID supported by the terminal and the CAG ID supported by the cell, whether the CAG ID selected by the terminal can simultaneously satisfy the conditions of the UE and the cell, and if so, the UE is allowed to access the cell. By the method, the condition that an illegal user accesses an unsupported cell can be effectively avoided.
According to the general description of the implementation of the method, the device related to the method provided by the embodiment of the application can include:
the embodiment of the invention relates to terminal equipment. The terminal device may be a device that includes a wireless transceiving function and may cooperate with the network device to provide a communication service to a user. In particular, a terminal device may refer to a User Equipment (UE), an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote terminal, a mobile device, a User terminal, a wireless communication device, a User agent, or a User Equipment. For example, the terminal device may be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device with a Wireless communication function, a computing device or other processing device connected to a Wireless modem, a vehicle-mounted device, a wearable device, a terminal device in a future 5G network or a network after 5G, and the like, which are not limited in this embodiment of the present invention.
The embodiment of the invention also relates to network equipment. The network device may be a device for communicating with the terminal device, and for example, may be a Base Transceiver Station (BTS) in a GSM system or a CDMA system, a Base Station (NodeB, NB) in a WCDMA system, an evolved Node B (eNB, or eNodeB) in an LTE system, or may be a relay Station, an access point, a vehicle-mounted device, a wearable device, and a network device in a future 5G network or a network after 5G network or a network device in a future evolved PLMN network.
The Network device related in the embodiment of the present invention may also be referred to as a Radio Access Network (RAN) device. The RAN equipment is connected with the terminal equipment and used for receiving data of the terminal equipment and sending the data to the core network equipment. RAN devices correspond to different devices in different communication systems, for example, a base station and a base station Controller in a 2G system, a base station and a Radio Network Controller (RNC) in a 3G system, an evolved Node B (eNB) in a 4G system, and an Access Network device (e.g., gbb, CU, DU) in a 5G system, such as a New Radio Access Technology (NR).
In view of the above applicable scenarios of the method in the embodiment of the present application, the following describes in detail a method for controlling access based on closed access group provided in the embodiment of the present application, and in order to reduce occurrence of duplicate description, the following describes a method for controlling access based on closed access group provided in the embodiment of the present application in an interactive manner among a terminal device, a base station, and a core network device, and the method may include steps (as shown in fig. 2):
step 201, after allowing the terminal to access, the core network device sends a context establishment request message to the base station;
in the embodiment of the application, a core network performs first access control according to the CAG ID reported by the UE, compares whether the CAG ID selected by the UE is in a CAG ID list allowed by a user, and rejects the user access if the CAG ID selected by the UE is not in the CAG ID list; if the context request message is in the list, the subsequent access triggering process is sent to the base station;
in this embodiment, the core network device synchronizes information of the terminal (UE) with the base station, so that the context setup request message carries a first CAG ID list supported by the terminal; the first CAG ID list is CAG ID list information which is stored by core network equipment and supported in a user subscription process;
step 202, a base station receives a context establishment request message sent by a core network;
in the prior art, if the core network performs the access control step of step 201 to determine that the UE can be accessed, and then sends a context establishment request message to the base station, the base station will access the UE to the corresponding cell; it is not concerned whether the UEs of the target cells to be accessed simultaneously satisfy the CAG access control conditions. However, the method provided in this embodiment of the present application further needs to perform secondary access control determination on the base station after the core network access control determination is performed (that is, the core network determines that the UE can access), and specifically further performs the following steps (the above steps 201 and 202 are related to the prior art, and this description is added in this embodiment to describe the scenario of this embodiment in more detail):
step 203, the base station determines whether the first closed access group identification CAG ID list and a second CAG ID list supported by a target cell accessed by the terminal have the same CAG ID, and if so, the step 204 is executed; otherwise, go to step 205;
in this example, both the first and second CAG ID lists may include a plurality of CAG IDs; therefore, the first CAG ID list and the second CAG ID list can be regarded as two sets including a plurality of CAG IDs, and when it is determined whether the first CAG ID list and the second CAG ID list have the same CAG ID, the determination can be made by determining whether the two sets have an intersection, so that the determination step is easier to implement.
Based on the method provided by the embodiment, after the core network performs the first CAG access control, the base station performs the second access control judgment through the first CAG ID and the second CAG ID, so that the illegal forced access of the access terminal to the target cell can be reduced to a certain extent. The specific access judgment realized according to the judgment result can be realized by the following steps:
step 204, accessing the terminal to the target cell; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
In this embodiment, the base station carries a CAG ID list supported by a cell supporting CAG access control in advance in a broadcast message for broadcasting; when the terminal initiates an access request, the terminal selects a cell and a CAG ID supported by the terminal according to an existing access mechanism, and certainly the CAG ID selected by the terminal sometimes is not the CAG ID meeting the requirements of the terminal and the cell due to various reasons.
Step 205, rejecting the terminal to access the target cell.
In the prior art, for the maintenance of the network and the debugging of the terminal access control, a specific failure reason is generally fed back to the core network after the terminal access fails. For example: in table 1, the terminal is a CAG-ONLY terminal, and the target cell is a cell that does not support CAG users, so the terminal cannot access the target cell. Under the condition, the corresponding failure reason value is corresponding to the condition in the context establishment failure message, so that the core network can determine the specific reason of the access failure of the terminal at this time after receiving the context establishment failure message. Based on the flow, the method provided by the embodiment of the present application also combines the context establishment failure message and the specific implementation format of the failure reason in the failure message, and adds the corresponding failure reason in the context establishment failure message, and the specific implementation manner may be:
step 206, the base station feeds back a context establishment failure message to a core network, and carries a failure reason in the context establishment failure message; wherein the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
Certainly, based on the implementation of the above embodiment, the core network may receive the context establishment failure message fed back by the base station; determining the reason of the terminal access failure according to the establishment failure message; wherein, the context establishment failure message carries a failure reason; the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In this example, to support the CAG-based access control, in addition to the access control performed by the core network based on the CAG ID list allowed by the user, the base station may perform secondary access control based on the access cell (determine whether the first CAG ID list and the second CAG ID list have the same CAG ID), and further determine whether the terminal allowed to access by the core network can access the target cell. By the method, the condition that an illegal user accesses an unsupported cell can be effectively avoided.
In a specific application scenario, the method provided by this embodiment may be implemented by adding a related procedure and method to an NG interface between a base station and a core network.
In addition, during the process of establishing the context, the CAG access-based secondary access control is carried out, if the CAG ID list supported by the cell and the CAG ID list in the context establishing request message have the same CAG ID, the user is allowed to access, otherwise, the context establishing failure is replied. And a new failure cause value is added in the context establishment failure message to mark the CAG ID check failure. The core network can determine the terminal which is accessed according to the failure cause value, and the specific reason that the terminal cannot be accessed is caused when the terminal is accessed into a specific cell, so that an analysis basis is provided for the follow-up check for determining the access failure of the terminal.
Based on the same inventive concept, as shown in fig. 3, an embodiment of the present application further provides a base station based on closed access group access control, where the base station includes a processor 301 and a memory 302, the memory 302 is configured to store a program executable by the processor 301, and the processor 301 is configured to read the program in the memory 302 and perform the following steps:
receiving a context establishment request message sent by a core network;
in a possible implementation manner, the context setup request message may further include the first CAG ID list.
Judging whether a first closed access group identification (CAG ID) list and a second CAG ID list supported by a target cell accessed by a terminal have the same CAG ID, and determining whether to access the terminal to the target cell according to a judgment result; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
In a possible implementation manner, the processor 301 is specifically configured to access the terminal to the target cell if the first CAG ID list and the second CAG ID list have the same CAG ID; and if not, refusing the terminal to access the target cell.
In a possible implementation manner, the processor 301 is further configured to feed back a context setup failure message to a core network after rejecting the terminal to access the target cell, where the context setup failure message carries a failure reason; wherein the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In a possible implementation manner, the processor 301 is further configured to carry a list of CAG IDs supported by a cell supporting CAG access control in a broadcast message; and enabling the target terminal to select the CAG ID to be used to access the cell according to the broadcast message.
The above-mentioned base station apparatus structure is used for implementing all steps executed by the base station in the method shown in fig. 2, and different specific examples may be implemented when a specific module is divided or a structural function is implemented.
Based on the same inventive concept, as shown in fig. 4, an embodiment of the present application further provides a core network device based on closed access group access control, where the core network device includes a processor 401 and a memory 402, where the memory 402 is configured to store a program executable by the processor 401, and the processor 401 is configured to read the program in the memory 402 and execute the following steps:
a context establishment request message sent to the base station;
receiving a context establishment failure message fed back by the base station; wherein, the context establishment failure message carries a failure reason; the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
After receiving a context establishment failure message sent by a base station, a core network determines a failure reason from the failure message; in the embodiment of the present application, the failure reason may be a failure cause value newly added in the failure message by the method provided in the embodiment of the present application; the failure cause value indicates a CAG ID check failure. The core network can determine the terminal which is accessed according to the failure cause value, and the specific reason that the terminal cannot be accessed is caused when the terminal is accessed into a specific cell, so that an analysis basis is provided for the follow-up check for determining the access failure of the terminal.
The core network device is configured to implement all method steps executed by the core network in the method shown in fig. 2, and different specific examples may be implemented when specific modules are divided or structural functions are implemented.
Based on the same inventive concept, as shown in fig. 5, an embodiment of the present application further provides an apparatus based on closed access group access control, where the apparatus is disposed in a base station, and the apparatus includes:
a receiving unit 501, configured to receive a context establishment request message sent by a core network;
a determining unit 502, configured to determine whether a first closed access group identifier CAG ID list and a second CAG ID list supported by a target cell to which a terminal is accessed have the same CAG ID, and determine whether to access the terminal to the target cell according to a determination result; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
In an optional implementation manner, the determining unit 502 is specifically configured to access the terminal to the target cell if the first CAG ID list and the second CAG ID list have the same CAG ID; and if not, rejecting the terminal to access the target cell.
In an alternative embodiment, the apparatus further comprises:
a sending unit 503, configured to feed back a context setup failure message to a core network, where the context setup failure message carries a failure reason; wherein the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
In an optional embodiment, the context setup request message includes the first CAG ID list.
In an optional implementation manner, after the determining unit determines to reject the terminal to access the target cell, the sending unit 503 is further configured to send a broadcast message, where the broadcast message carries a CAG ID list supported by a cell supporting CAG access control; and enabling the target terminal to select the CAG ID to be used to access the cell according to the broadcast message.
Based on the same inventive concept, as shown in fig. 6, an embodiment of the present application further provides another apparatus based on closed access group access control, where the apparatus is disposed in a core network device, and includes:
a sending unit 601, configured to send a context setup request message to a base station;
a receiving unit 602, configured to receive a context setup failure message fed back by the base station; wherein, the context establishment failure message carries a failure reason; the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
It should be noted that the memory described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
The division of the modules in the embodiments of the present application is schematic, and is only a logical function division, and in actual implementation, there may be another division manner, and in addition, each functional module in each embodiment of the present application may be integrated in one processor, or may exist alone physically, or two or more modules are integrated in one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
When the integrated module may be implemented in a hardware form, the base station device may be as shown in fig. 7, and include:
the processor 702 may be a Central Processing Unit (CPU), a digital processing module, or the like.
A communication interface 701, where the communication interface 701 may be a transceiver, an interface circuit such as a transceiver circuit, a transceiver chip, or the like.
A memory 703 for storing programs executed by the processor 701. The memory 703 may be a nonvolatile memory such as a Hard Disk Drive (HDD) or a solid-state drive (SSD), and may also be a volatile memory (RAM), such as a random-access memory (RAM). The memory 703 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such.
The processor 702 is configured to execute the program code stored in the memory 703, and is specifically configured to execute various actions performed by the base station in fig. 2, which is not described herein again.
In the embodiment of the present application, a specific connection medium among the communication interface 701, the processor 702, and the memory 703 is not limited. In the embodiment of the present application, the memory 703, the processor 702, and the communication interface 701 are connected by the bus 704 in fig. 7, the bus is represented by a thick line in fig. 7, and the connection manner between other components is merely schematic illustration and is not limited thereto. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 7, but that does not indicate only one bus or one type of bus.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (12)
1. A method for controlling access based on a closed access group (CLOS) is characterized by comprising the following steps:
a base station receives a context establishment request message sent by a core network; the context establishment request message is sent by the core network after performing first access control according to a closed access group identity (CAG ID) reported by a terminal and determining that the terminal is allowed to access, and the context establishment request message carries a first CAG ID list;
the base station judges whether the first CAG ID list and a second CAG ID list supported by a target cell accessed by the terminal have the same CAG ID, and determines whether to access the terminal to the target cell according to the judgment result; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
2. The method of claim 1, wherein determining whether to access the terminal to the target cell based on the determination comprises:
if the first CAG ID list and the second CAG ID list have the same CAG ID, the terminal is accessed to the target cell; and if not, rejecting the terminal to access the target cell.
3. The method of claim 2, wherein after denying the terminal access to the target cell, further comprising:
the base station feeds back a context establishment failure message to a core network, and the context establishment failure message carries a failure reason; wherein the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
4. A method according to any of claims 1 to 3, wherein the first CAG ID list is included in the context setup request message.
5. The method according to any of claims 1 to 3, wherein before the base station receives the context setup request message sent by the core network for allowing the terminal to access the target cell, the method further comprises:
the base station carries a CAG ID list supported by a cell supporting CAG access control in a broadcast message for broadcasting; and enabling the target terminal to select the CAG ID to be used to access the cell according to the broadcast message.
6. A base station based on closed access group access control, comprising a processor and a memory, wherein the memory is used for storing programs executable by the processor, and the processor is used for reading the programs in the memory and executing the following steps:
receiving a context establishment request message sent by a core network; the context establishment request message is sent by the core network after performing first access control according to a closed access group identity (CAG ID) reported by a terminal and determining that the terminal is allowed to access, and the context establishment request message carries a first CAG ID list;
judging whether the first CAG ID list and a second CAG ID list supported by a target cell accessed by the terminal have the same CAG ID, and determining whether the terminal is accessed to the target cell according to the judgment result; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
7. The base station of claim 6, wherein the processor is specifically configured to access the terminal to the target cell if the first list of CAG IDs and the second list of CAG IDs have the same CAG ID; and if not, refusing the terminal to access the target cell.
8. The base station of claim 7, wherein the processor is further configured to feed back a context setup failure message to a core network after rejecting the terminal to access the target cell, and carry a failure cause in the context setup failure message; wherein the failure reason indicates that CAG verification fails, and the target cell does not support the CAG ID allowed by the terminal.
9. A base station according to any of claims 6 to 8, wherein the context setup request message includes the first CAG ID list.
10. The base station of any of claims 6 to 8, wherein the processor is further configured to carry a list of CAG IDs supported by cells supporting CAG access control in a broadcast message; and enabling the target terminal to select the CAG ID to be used to access the cell according to the broadcast message.
11. An apparatus for access control based on closed access group, comprising:
a receiving unit, configured to receive a context establishment request message sent by a core network; the context establishment request message is sent by the core network after performing first access control according to a closed access group identity (CAG ID) reported by a terminal and determining that the terminal is allowed to access, and the context establishment request message carries a first CAG ID list;
a determining unit, configured to determine whether a first CAG ID list and a second CAG ID list supported by a target cell to which the terminal is accessed have the same CAG ID, and determine whether to access the terminal to the target cell according to a determination result; the first CAG ID list is a CAG ID list supported in the terminal subscription process.
12. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out a closed access group access control method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911090226.4A CN112788709B (en) | 2019-11-08 | 2019-11-08 | Access control method and device based on closed access group |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911090226.4A CN112788709B (en) | 2019-11-08 | 2019-11-08 | Access control method and device based on closed access group |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112788709A CN112788709A (en) | 2021-05-11 |
| CN112788709B true CN112788709B (en) | 2022-09-02 |
Family
ID=75748986
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911090226.4A Active CN112788709B (en) | 2019-11-08 | 2019-11-08 | Access control method and device based on closed access group |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112788709B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873725A (en) * | 2009-04-24 | 2010-10-27 | 中兴通讯股份有限公司 | Access control method and core network |
| CN109151802A (en) * | 2017-06-15 | 2019-01-04 | 维沃移动通信有限公司 | A kind of connection control method, base station and terminal |
| CN110213808A (en) * | 2019-05-06 | 2019-09-06 | 腾讯科技(深圳)有限公司 | Access control method, device, computer-readable medium and electronic equipment |
-
2019
- 2019-11-08 CN CN201911090226.4A patent/CN112788709B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873725A (en) * | 2009-04-24 | 2010-10-27 | 中兴通讯股份有限公司 | Access control method and core network |
| CN109151802A (en) * | 2017-06-15 | 2019-01-04 | 维沃移动通信有限公司 | A kind of connection control method, base station and terminal |
| CN110213808A (en) * | 2019-05-06 | 2019-09-06 | 腾讯科技(深圳)有限公司 | Access control method, device, computer-readable medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112788709A (en) | 2021-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11641601B2 (en) | Method, apparatus and device for allowing terminal to move between 4G and 5G networks | |
| EP2341737B1 (en) | Method of setting radio access capability in a wireless communications system and related communication device | |
| CN110278619B (en) | PDU session establishment method and device | |
| CN114430547B (en) | Wireless communication method and device | |
| EP3596985B1 (en) | Method and apparatus for protection of privacy in paging of user equipment | |
| EP3136800B1 (en) | Method for updating rplmn information, and user equipment | |
| CN112492653B (en) | Communication method, access network equipment and terminal | |
| CN101730179A (en) | Method of handling an inter rat handover in wireless communication system and related communication device | |
| DE102011000134A1 (en) | Apparatus and methods for coordinating operations between circuit switched (CS) and packet switched (PS) services with different subscriber identity cards, and a machine readable storage medium | |
| CN108293259B (en) | NAS message processing and cell list updating method and equipment | |
| US11134408B2 (en) | Establishing a voice call | |
| EP3119130B1 (en) | Restriction control device and restriction control method | |
| US10313957B2 (en) | Method and apparatus for access controlling | |
| CN105101167A (en) | Data service transmission method and user terminal | |
| WO2021156347A1 (en) | Guti reallocation for mt-edt | |
| CN105472677A (en) | Switching method and user equipment | |
| CN102811462A (en) | Overload processing method and system for mobility management entity | |
| EP3879897B1 (en) | Wireless communication methods, terminal device and network device | |
| CN113207153B (en) | Method and device for controlling terminal mobility and terminal | |
| CN100488314C (en) | A method for restricting the access of the user terminal in the 3G network | |
| JP6994040B2 (en) | Connection release method and equipment | |
| CN112788709B (en) | Access control method and device based on closed access group | |
| CN114642014B (en) | Communication method, device and equipment | |
| KR101876362B1 (en) | Mobility management procedure initiation method and device | |
| CN113207187A (en) | Information transmission method and device, terminal equipment and network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |