CN112969175B - Network access method, device and computer readable storage medium - Google Patents
Network access method, device and computer readable storage medium Download PDFInfo
- Publication number
- CN112969175B CN112969175B CN201911189263.0A CN201911189263A CN112969175B CN 112969175 B CN112969175 B CN 112969175B CN 201911189263 A CN201911189263 A CN 201911189263A CN 112969175 B CN112969175 B CN 112969175B
- Authority
- CN
- China
- Prior art keywords
- characteristic information
- service
- network
- user
- authorized
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The disclosure provides a network access method, a network access device and a computer readable storage medium, and relates to the technical field of 5G networks. The network access method of the present disclosure includes: acquiring user access characteristic information, wherein the access characteristic information comprises user characteristic information, network characteristic information, service characteristic information and environment characteristic information; determining an authorized network slice and an authorized service according to the user access characteristic information based on a predetermined authentication strategy; and the user is accessed to the authorized network slice and provides authorized services. By the method, different network slices can be distributed according to different user, network, service and environment characteristics, so that dynamic customization and flexible selection of network slices and service selection are realized, and service differentiation requirements are met.
Description
Technical Field
The present disclosure relates to the field of 5G network technologies, and in particular, to a network access method, apparatus, and computer-readable storage medium.
Background
In order to meet the requirements of multi-scenario multi-service differentiated services, 5G introduces novel technologies such as network slicing, service architecture and the like, but no clear implementation standard exists on how to select slices and how to customize services.
Disclosure of Invention
It is an object of the present disclosure to improve the flexibility of network slicing, service selection.
According to an aspect of some embodiments of the present disclosure, there is provided a network access method, including: acquiring user access characteristic information, wherein the access characteristic information comprises user characteristic information, network characteristic information, service characteristic information and environment characteristic information; determining an authorized network slice and an authorized service according to the user access characteristic information based on a predetermined verification strategy; and the user is accessed to the authorized network slice and provides authorized services.
In some embodiments, the user characteristic information includes at least one of a user identification or a user rating; the service characteristic information includes at least one of a service identification or a service type.
In some embodiments, obtaining user access characteristic information comprises: and acquiring user access characteristic information based on the user identification and the slice selection auxiliary information NSSAI.
In some embodiments, determining the network slice and the authorized service according to the user access characteristic information based on the predetermined authentication policy comprises: traversing a preset logic operation tree according to the access characteristic information, wherein in the preset logic operation tree, leaf nodes are operation expressions taking the access characteristic as a variable, non-leaf nodes are logic operators for executing logic operation on a plurality of connected sub-nodes, and each node of the preset logic operation tree is associated with a service list; determining a path passing through verification from a root node to a leaf node; and determining the authorized network slice and the authorized service according to the service list associated with each node on the path passing the verification.
In some embodiments, the service list associated with each node is empty, an entry, or multiple entries, each entry including at least one of a network slice and an authorized service.
In some embodiments, the operator of the operational expression includes at least one of equal to, not equal to, greater than, less than, greater than or equal to, less than or equal to, within a set or interval, or not within a set or interval.
In some embodiments, the network access method further comprises: and in the case of the change of the user access characteristic information, the authorized network slice and the authorized service are obtained again based on the preset verification strategy.
By the method, different network slices can be distributed according to different user, network, service and environment characteristics, so that dynamic customization and flexible selection of network slices and service selection are realized, and the service differentiation requirements are met.
According to an aspect of some embodiments of the present disclosure, there is provided a network access apparatus, including: the information acquisition unit is configured to acquire user access characteristic information, wherein the access characteristic information comprises user characteristic information, network characteristic information, service characteristic information and environment characteristic information; an authentication unit configured to determine an authorized network slice and an authorized service according to the user access characteristic information based on a predetermined authentication policy; and the access unit is configured to access the user to the authorized network slice and provide the authorized service.
According to an aspect of some embodiments of the present disclosure, there is provided a network access apparatus, including: a memory; and a processor coupled to the memory, the processor configured to perform any of the above network access methods based on instructions stored in the memory.
The device can distribute different network slices according to different user, network, service and environment characteristics, thereby realizing dynamic customization and flexible selection of network slices and service selection and meeting the service differentiation requirements.
According to an aspect of some embodiments of the present disclosure, a computer-readable storage medium is proposed, on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of any of the above network access methods.
By executing the instructions on the computer-readable storage medium, different network slices can be allocated according to different user, network, service and environment characteristics, so that dynamic customization and flexible selection of network slices and service selection are realized, and service differentiation requirements are met.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this disclosure, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure and not to limit the disclosure. In the drawings:
fig. 1 is a flow chart of some embodiments of a network access method of the present disclosure.
Fig. 2 is a schematic diagram of other embodiments of a network access method of the present disclosure.
Fig. 3 is a schematic diagram of some embodiments of a logical operation tree verification-based network access method according to the present disclosure.
Fig. 4 is a schematic diagram of some embodiments of determining slices and services in the network access method of the present disclosure.
Fig. 5 is a schematic diagram of some embodiments of network access devices of the present disclosure.
Fig. 6 is a schematic diagram of other embodiments of a network access device of the present disclosure.
Fig. 7 is a schematic diagram of network access devices according to still other embodiments of the present disclosure.
Detailed Description
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
A flow diagram of some embodiments of a network access method of the present disclosure is shown in fig. 1.
In step 101, user access characteristic information is obtained, where the access characteristic information includes user characteristic information, network characteristic information, service characteristic information, and environment characteristic information. In some embodiments, the user characteristic information may include at least one of a user identification or a user rating; the service characteristic information may include at least one of a service identification or a service type.
In some embodiments, as shown in fig. 2, before the user accesses the network or session, based on the authentication, the policy-based network slice authentication and the dynamic selection of the network function service may be performed on the user for this access or session (as shown in the step within the bold line box in fig. 2). In some embodiments, the user access characteristic information may be obtained by a network slice selection function NSSF based on the user identity and the slice selection assistance information NSSAI, and authentication policies, as well as user attributes, traffic data, network status, environment parameters, etc. required by the policies, may be requested from the corresponding network functions, including but not limited to UDM, PCF.
In step 102, an authorized network slice and an authorized service are determined according to the user access characteristic information based on a predetermined authentication policy, wherein the authorized service can be a public network function service and a network function service of the accessed network slice.
In some embodiments, the authentication may be performed by traversing a logical operation tree to determine a network slice that is authenticated for the current access characteristic information as the network slice authorized for the user.
In step 103, the user is accessed to the authorized network slice and provides authorized services.
By the method, different network slices can be distributed according to different user, network, service and environment characteristics, so that dynamic customization and flexible selection of network slices and service selection are realized, and service differentiation requirements are met.
In some embodiments, access characteristic information verification may be performed based on a predetermined logical operation tree as shown in fig. 3. The predetermined logical tree shown in fig. 3 is only an example and does not constitute a limitation of the present invention. The parameters of each node on the logic operation tree can be set according to actual requirements. In the predetermined logical operation tree, leaf nodes are operation expressions using the access characteristics as variables, and non-leaf nodes are logical operators performing logical operations on the connected sub-nodes. In some embodiments, the operator of the operational expression comprises at least one of equal to, not equal to, greater than, less than, greater than or equal to, less than or equal to, within a set or interval, or not within a set or interval.
And traversing a predetermined logic operation tree according to the access characteristic information, and determining a path passing verification from the root node to the leaf node, wherein the path shown by a thick arrow in fig. 3 is the path passing verification. In some embodiments, the access characteristic information may be substituted into an operation expression to perform an operation, so as to obtain 0 and 1 (no/yes) information, and further, the operation result of the child node is substituted into the logic operation of the parent node, and if the operation result of the root node is 1 (yes), the verification is passed.
By the method, matched network slices and service query can be executed based on the logical operation tree, so that the operation difficulty is reduced; the slice and service distribution strategies can be adjusted conveniently by adjusting the logic operation tree, and the controllability of the network is improved.
In some embodiments, after traversing the entire logical operation tree, a service list associated with all paths passing verification is obtained, so as to provide as many network slice selections and services as possible; in other embodiments, the traversal operation may be stopped after the traversal is performed through one path, so that the computation amount is reduced and the computation efficiency is improved while the matched network slice and service are provided.
In some embodiments, each node of the predetermined logical operation tree is associated with a service list, and the service list tree that matches the predetermined logical operation tree may be constructed as shown in fig. 4. After the verification of the passed path from the root node to the leaf nodes is completed, the authorized network slices and the authorized services may be determined according to the service lists associated with the respective nodes on the verified path. In some embodiments, the service list associated with each node is empty, an entry, or multiple entries, each entry including at least one of a network slice and an authorized service, as shown in fig. 4 for a child node directly connected to the root node, and a part of the service list may include only slice information and not authorized services.
By the method, the dynamic selection of the network slice can be realized aiming at the user session, and the slice selection with finer granularity is provided compared with the authentication based on the access process;
based on user service, attribute, network state, environment parameter and other information, the method can provide flexible and dynamic selection of network slice for users, and provides more flexible strategy than that based on user ID and password.
Based on the information, slice selection can be realized, flexible customization of network function service can be further realized, and the requirement of differentiated scenes is met.
In some embodiments, as shown in fig. 4, a corresponding slice, a network function service, or a service list may be obtained on a path where the logical operation tree is successfully verified, and a final service list may be obtained after the service lists are spliced as shown by a thick arrow, so that omission is avoided, and user experience is improved.
In some embodiments, under the condition that the user access characteristic information changes, for example, the service type to be used by the user changes, the user level changes, the network state changes, and the like, the authorized network slice and the authorized service can be obtained again based on the predetermined verification policy mentioned above, so that the slice and the service provided for the user meet the requirement of real-time change of the network, the stability of the network is improved, and the user experience is ensured.
In some embodiments, in order to avoid an excessive burden on the system, a threshold may be set, and when the amount of change in the user access characteristic information exceeds the threshold of the corresponding entry, network slicing and service reselection are performed, otherwise, the current state is maintained.
A schematic diagram of some embodiments of the network access device of the present disclosure is shown in fig. 5.
The information obtaining unit 501 is capable of obtaining user access feature information, where the access feature information includes user feature information, network feature information, service feature information, and environment feature information. In some embodiments, the user characteristic information may include at least one of a user identification or a user rating; the service characteristic information may include at least one of a service identification or a service type.
The authentication unit 502 is capable of determining an authorized network slice and an authorized service from the user access characteristic information based on a predetermined authentication policy. In some embodiments, the verification may be performed by traversing a logical operation tree to determine a network slice that passes the verification for the current access characteristic information as the network slice authorized for the user.
The access unit 503 is capable of accessing the user to the authorized network slice and providing the authorized service.
The device can distribute different network slices according to different user, network, service and environment characteristics, thereby realizing dynamic customization and flexible selection of network slices and service selection and meeting the requirement of service differentiation.
Fig. 6 is a schematic structural diagram of an embodiment of the network access apparatus of the present disclosure. The network access device includes a memory 601 and a processor 602. Wherein: the memory 601 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is for storing instructions in the corresponding embodiments of the network access method above. Processor 602 is coupled to memory 601 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 602 is configured to execute instructions stored in the memory, and can implement dynamic customization and flexible selection of network slicing and service selection, thereby meeting the requirement of service differentiation.
In one embodiment, as also shown in fig. 7, the network access apparatus 700 includes a memory 701 and a processor 702. Processor 702 is coupled to memory 701 through BUS BUS 703. The network access device 700 may also be coupled to an external storage device 705 via a storage interface 704 for facilitating retrieval of external data, and may also be coupled to a network or another computer system (not shown) via a network interface 706. And will not be described in detail herein.
In the embodiment, the data instruction is stored in the memory, and the instruction is processed by the processor, so that dynamic customization and flexible selection of network slicing and service selection can be realized, and the requirement of service differentiation is met.
In another embodiment, a computer readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the corresponding embodiment of the network access method. As will be appreciated by one of skill in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Finally, it should be noted that: the above examples are intended only to illustrate the technical solutions of the present disclosure and not to limit them; although the present disclosure has been described in detail with reference to preferred embodiments, those of ordinary skill in the art will understand that: modifications to the specific embodiments of the disclosure or equivalent substitutions for parts of the technical features may still be made; all such modifications are intended to be included within the scope of the claims of this disclosure without departing from the spirit thereof.
Claims (9)
1. A network access method, comprising:
acquiring user access characteristic information, wherein the access characteristic information comprises user characteristic information, network characteristic information, service characteristic information and environment characteristic information;
determining an authorized network slice and an authorized service according to the user access characteristic information based on a predetermined authentication policy, comprising: traversing a predetermined logical operation tree according to the access characteristic information, wherein in the predetermined logical operation tree, leaf nodes are operation expressions taking the access characteristic as a variable, non-leaf nodes are logical operators performing logical operations on a plurality of connected sub-nodes, and each node of the predetermined logical operation tree is associated with a service list; determining a path passing through verification from a root node to a leaf node; determining authorized network slices and authorized services according to a service list associated with each node on a path passing the verification;
and accessing the user to the authorized network slice and providing authorized service.
2. The method of claim 1, wherein,
the user characteristic information comprises at least one of user identification or user grade;
the service characteristic information includes at least one of a service identification or a service type.
3. The method of claim 1, wherein the obtaining user access characteristic information comprises:
and acquiring the user access characteristic information based on the user identification and the slice selection auxiliary information NSSAI.
4. The method of claim 1, wherein the service list associated with each of the nodes is empty, an entry, or multiple entries, each entry including at least one of a network slice and an authorized service.
5. The method of claim 1, wherein an operator of the operational expression comprises at least one of equal to, not equal to, greater than, less than, greater than or equal to, less than or equal to, within a set or interval, or not within a set or interval.
6. The method of claim 1, further comprising:
and under the condition that the user access characteristic information is changed, the authorized network slice and the authorized service are re-acquired based on the preset verification strategy.
7. A network access device, comprising:
the information acquisition unit is configured to acquire user access characteristic information, wherein the access characteristic information comprises user characteristic information, network characteristic information, service characteristic information and environment characteristic information;
an authentication unit configured to determine an authorized network slice and an authorized service according to the user access characteristic information based on a predetermined authentication policy, comprising: traversing a predetermined logical operation tree according to the access characteristic information, wherein in the predetermined logical operation tree, leaf nodes are operation expressions taking the access characteristic as a variable, non-leaf nodes are logical operators performing logical operations on a plurality of connected sub-nodes, and each node of the predetermined logical operation tree is associated with a service list; determining a path through which verification passes from the root node to the leaf node; determining authorized network slices and authorized services according to a service list associated with each node on a path passing the verification;
an access unit configured to access a user to the authorized network slice and provide an authorized service.
8. A network access device, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-6 based on instructions stored in the memory.
9. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911189263.0A CN112969175B (en) | 2019-11-28 | 2019-11-28 | Network access method, device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911189263.0A CN112969175B (en) | 2019-11-28 | 2019-11-28 | Network access method, device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112969175A CN112969175A (en) | 2021-06-15 |
| CN112969175B true CN112969175B (en) | 2022-12-06 |
Family
ID=76270751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911189263.0A Active CN112969175B (en) | 2019-11-28 | 2019-11-28 | Network access method, device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112969175B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941211A (en) * | 2021-08-03 | 2023-04-07 | 中国移动通信有限公司研究院 | Network element selection method, information transmission method, device and network element |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105843603A (en) * | 2016-03-17 | 2016-08-10 | 广州爱九游信息技术有限公司 | Image processing method and device |
| CN107580360A (en) * | 2016-07-04 | 2018-01-12 | 中国移动通信有限公司研究院 | A kind of network is cut into slices method, equipment and the network architecture of selection |
| WO2018045877A1 (en) * | 2016-09-12 | 2018-03-15 | 华为技术有限公司 | Network slicing control method and related device |
| CN107846676A (en) * | 2016-09-20 | 2018-03-27 | 北京信威通信技术股份有限公司 | Safety communicating method and system based on network section security architecture |
| CN108632945A (en) * | 2017-03-20 | 2018-10-09 | 华为技术有限公司 | A kind of network slice selection method, user equipment and the network equipment |
-
2019
- 2019-11-28 CN CN201911189263.0A patent/CN112969175B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105843603A (en) * | 2016-03-17 | 2016-08-10 | 广州爱九游信息技术有限公司 | Image processing method and device |
| CN107580360A (en) * | 2016-07-04 | 2018-01-12 | 中国移动通信有限公司研究院 | A kind of network is cut into slices method, equipment and the network architecture of selection |
| WO2018045877A1 (en) * | 2016-09-12 | 2018-03-15 | 华为技术有限公司 | Network slicing control method and related device |
| CN107846676A (en) * | 2016-09-20 | 2018-03-27 | 北京信威通信技术股份有限公司 | Safety communicating method and system based on network section security architecture |
| CN108632945A (en) * | 2017-03-20 | 2018-10-09 | 华为技术有限公司 | A kind of network slice selection method, user equipment and the network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112969175A (en) | 2021-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108427886B (en) | Method, system, device and readable medium for setting access authority of application program | |
| US8301741B2 (en) | Cloning policy using templates and override cloned policy | |
| CN111049695A (en) | Cloud gateway configuration method and system | |
| CN105739956B (en) | The method and system of the building intelligent rules model of computer system | |
| CN112969175B (en) | Network access method, device and computer readable storage medium | |
| CN111209336B (en) | Data distribution method and device based on block chain and server | |
| CN111488135A (en) | Current limiting method and device for high-concurrency system, storage medium and equipment | |
| CN110297713A (en) | Configuration management system and method of cloud host | |
| CN113872951B (en) | Hybrid cloud security policy issuing method and device, electronic equipment and storage medium | |
| DE112018008066B4 (en) | Virtualized network functions | |
| DE112021005656T5 (en) | ANALYSIS OF ROLE REACHABILITY WITH TRANSITIVE TAGS | |
| CN114501636A (en) | Access and mobility policy update method and system | |
| WO2017088528A1 (en) | Configuration information management method and apparatus, and operation maintenance centre or base station | |
| Tran et al. | Quality improvement for video on-demand streaming over HTTP | |
| CN112532660A (en) | Data synchronization method, device and network management system | |
| CN114928537B (en) | Network equipment configuration method, device and storage medium | |
| US12039075B2 (en) | Methods and systems for data management in communication network | |
| US20210286896A1 (en) | Methods and systems for data management in communication network | |
| CN112752098B (en) | Video editing effect verification method and device | |
| CN111090500B (en) | Storage process management method and device | |
| CN112653937B (en) | Optical network access equipment management method and device | |
| CN109150577B (en) | Service management method and network management system | |
| US10355855B2 (en) | Communication control device, communication device, and computer program product | |
| CN116264583A (en) | Network access method, device and system and storage medium | |
| CN117806676A (en) | Automatic configuration-based application upgrading method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |