CN113055342B - Information processing method and communication device - Google Patents

Information processing method and communication device Download PDF

Info

Publication number
CN113055342B
CN113055342B CN201911371692.XA CN201911371692A CN113055342B CN 113055342 B CN113055342 B CN 113055342B CN 201911371692 A CN201911371692 A CN 201911371692A CN 113055342 B CN113055342 B CN 113055342B
Authority
CN
China
Prior art keywords
terminal device
network
terminal equipment
entity
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911371692.XA
Other languages
Chinese (zh)
Other versions
CN113055342A (en
Inventor
李飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201911371692.XA priority Critical patent/CN113055342B/en
Priority to PCT/CN2020/139385 priority patent/WO2021129803A1/en
Publication of CN113055342A publication Critical patent/CN113055342A/en
Application granted granted Critical
Publication of CN113055342B publication Critical patent/CN113055342B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses an information processing method and a communication device, wherein the method comprises the following steps: an access and mobility management function (AMF) entity refuses the terminal equipment to access a network; the AMF entity sends registration rejection information to the unified data management UDM entity, wherein the registration rejection information is used for indicating that the terminal equipment is rejected to access the network; recording registration rejection state information of the terminal equipment by the UDM entity; and the UDM entity determines whether to mark the terminal equipment as illegal terminal equipment or not according to the registration rejection state information. Therefore, by implementing the method described in the application, the UDM entity can accurately mark illegal terminal equipment. And then when the illegal terminal equipment registers the network subsequently, the UDM entity can refuse the illegal terminal equipment to access the network. Therefore, by implementing the method described in the application, the management and control capability of the UDM entity on the network registration can be increased.

Description

Information processing method and communication device
Technical Field
The present invention relates to the field of communications, and in particular, to an information processing method and a communication apparatus.
Background
In the existing network registration procedure, a terminal device first sends a registration request for registering a network to an access and mobility management function (AMF) entity. After receiving the registration request, the AMF entity sends an authentication request to a Unified Data Management (UDM) entity. And after receiving the authentication request, the UDM entity performs primary authentication on the terminal equipment. After the terminal equipment passes the main authentication, the AMF entity determines whether to allow the terminal equipment to access the network. In the existing network registration process, the UDM entity cannot manage and control network registration, which causes problems of network resource waste and computing resource waste. Therefore, how to enhance the management and control capability of the UDM entity on network registration is a problem to be solved urgently.
Disclosure of Invention
The application provides an information processing method and a communication device, which are beneficial to enhancing the network registration control capability of a UDM entity.
In a first aspect, the present application provides an information processing method, including: an access and mobility management function (AMF) entity refuses the terminal equipment to access a network; the AMF entity sends registration rejection information to the unified data management UDM entity, wherein the registration rejection information is used for indicating that the terminal equipment is rejected to access the network; recording registration rejection state information of the terminal equipment by the UDM entity; and the UDM entity determines whether to mark the terminal equipment as illegal terminal equipment or not according to the registration rejection state information.
It can be seen that by implementing the method described in the first aspect, the UDM entity can accurately mark illegal terminal devices. And then when the illegal terminal equipment registers the network subsequently, the UDM entity can refuse the illegal terminal equipment to access the network. It can be seen that, by implementing the method described in the first aspect, it is beneficial to increase the network registration management and control capability of the UDM entity.
In one possible implementation, the registration rejection status information includes a number of rejections of the terminal device to access the network and/or a time of rejection of the terminal device to access the network. Based on the possible implementation, the UDM entity can record the number of times the terminal device is denied access to the network and/or the time for the terminal device to be denied access to the network, and based on the number of times the terminal device is denied access to the network and/or the time for the terminal device to be denied access to the network, the UDM entity can accurately determine whether to mark the terminal device as an illegal terminal device.
In a possible implementation, a specific implementation manner of the AMF entity rejecting the terminal device to access the network is as follows: the AMF entity refuses the terminal equipment to access a closed access group CAG network; wherein the registration rejection information includes at least one of a user permanent identity SUPI of the terminal device, a registration rejection cause value, an identity of the CAG network. Based on this possible implementation, the AMF entity may indicate to the UDM entity one or more of the terminal device that was denied access to the network, the reason the terminal device was denied access to the CAG network, or the CAG network that the terminal device was denied access to.
In a possible implementation, a specific implementation manner of the AMF entity rejecting the terminal device to access the network is as follows: the AMF entity refuses the terminal equipment to access a Public Land Mobile Network (PLMN); wherein the registration rejection information comprises one or more of a user permanent identity SUPI of the terminal device, a registration rejection cause value, an identity of a PLMN or an identity of an AMF entity. Based on the possible implementation, the AMF entity may indicate to the UDM entity one or more of the terminal device denied access to the network, the reason why the terminal device was denied access to the PLMN, the PLMN that the terminal device was denied access to, or the AMF entity that denied the terminal device access to the network.
In a possible implementation, the specific implementation manner that the UDM entity determines whether to mark the terminal device as an illegal terminal device according to the registration rejection status information is as follows: and when the refusing times of the terminal equipment refusing to access the network reach the preset times, the UDM entity marks the terminal equipment as illegal terminal equipment. Based on this possible implementation, illegal terminal devices can be accurately marked.
In one possible implementation, the method further comprises: an AMF entity receives a registration request sent by terminal equipment; the AMF entity sends an authentication request to the UDM entity; the authentication request is used for requesting the main authentication of the terminal equipment; and if the terminal equipment is marked as illegal terminal equipment, the UDM entity sends an authentication rejection message to the AMF entity. Based on the possible realization, the terminal equipment can be refused to access the network in time, thereby saving network resources and computing resources and reducing network processing load.
In one possible implementation, when the time length for which the terminal device is marked as an illegal terminal device reaches a preset time length, the UDM entity cancels the marking of the terminal device as an illegal terminal device. Based on the possible realization, the situation that the terminal equipment can not be accessed to the network all the time can be avoided.
In a possible implementation, after the AMF entity rejects the terminal device to access the network, the AMF entity may send registration rejection information to the UDM entity when the registration rejection reason is a preset reason. That is, the AMF entity does not necessarily send registration rejection information to the UDM entity each time the terminal device is rejected from accessing the network.
In one possible implementation, the UDM entity may further adjust the number of rejections of the terminal device to the network based on the time of rejection of the terminal device to the network. This is advantageous for more accurately marking illegal terminal devices. The second to fourth aspects are the same, and will not be described later.
In a second aspect, the present application provides an information processing method, including: a Unified Data Management (UDM) entity receives registration rejection information sent by an access and mobility management function (AMF) entity, wherein the registration rejection information is used for indicating that terminal equipment is rejected to access a network; recording registration rejection state information of the terminal equipment by the UDM entity; and the UDM entity determines whether to mark the terminal equipment as illegal terminal equipment or not according to the registration rejection state information.
In one possible implementation, the registration rejection status information includes a number of rejections of the terminal device to access the network and/or a time of rejection of the terminal device to access the network.
In one possible implementation, the registration rejection information includes one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, or an identity of a closed access group, CAG, network to which the terminal device is denied access.
In a possible implementation, the registration rejection information comprises one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, an identity of a public land mobile network, PLMN, or an identity of an AMF entity, the PLMN being a network to which the terminal device is denied access.
In a possible implementation, the specific implementation manner of determining, by the UDM entity, whether to mark the terminal device as an illegal terminal device according to the registration rejection status information is as follows: and when the rejection times of the terminal equipment which is rejected to access the network reach the preset times, the UDM entity marks the terminal equipment as illegal terminal equipment.
In a possible implementation, the UDM entity may further receive an authentication request sent by the AMF entity, where the authentication request is used to request primary authentication of the terminal device; and if the terminal equipment is marked as illegal terminal equipment, the UDM entity sends an authentication rejection message to the AMF entity.
In one possible implementation, when the time length for which the terminal device is marked as an illegal terminal device reaches a preset time length, the UDM entity cancels the marking of the terminal device as an illegal terminal device.
For the beneficial effects of the second aspect, reference is made to the beneficial effects of the first aspect, which are not described herein in detail.
In a third aspect, the present application provides an information processing method, including: the AMF entity sends first information to the UDM entity, wherein the first information comprises the SUPI of the terminal equipment and the identification of the CAG network; the UDM entity searches whether the identification of the CAG network exists in the subscription data of the terminal equipment; if the identification of the CAG network does not exist in the subscription data of the terminal equipment, the UDM entity refuses the terminal equipment to access the CAG network; recording registration rejection state information of the terminal equipment by the UDM entity; the UDM entity determines whether to mark the terminal device as an illegal terminal device based on the registration rejection status information.
It can be seen that by implementing the method described in the third aspect, the UDM entity can accurately mark illegal terminal devices. And then when the illegal terminal equipment registers the network subsequently, the UDM entity can refuse the illegal terminal equipment to access the network. It can be seen that, by implementing the method described in the third aspect, it is beneficial to increase the capability of the UDM entity to manage and control network registration.
In a possible implementation, the specific implementation manner of determining, by the UDM entity, whether to mark the terminal device as an illegal terminal device according to the registration rejection status information is as follows: and when the rejection times of the terminal equipment which is rejected to access the network reach the preset times, the UDM entity marks the terminal equipment as illegal terminal equipment. Based on this possible implementation, illegal terminal devices can be accurately marked.
In one possible implementation, the method further comprises: an AMF entity receives a registration request sent by terminal equipment; the AMF entity sends an authentication request to the UDM entity; the authentication request is used for requesting the main authentication of the terminal equipment; and if the terminal equipment is marked as illegal terminal equipment, the UDM entity sends an authentication refusing message to the AMF entity. Based on the possible realization, the terminal equipment can be refused to access the network in time, thereby saving network resources and computing resources and reducing network processing load.
In one possible implementation, when the time length for which the terminal device is marked as an illegal terminal device reaches a preset time length, the UDM entity cancels the marking of the terminal device as an illegal terminal device. Based on the possible implementation, the terminal equipment can be prevented from being unable to access the network all the time.
In a fourth aspect, the present application provides an information processing method, including: the UDM entity receives first information sent by the AMF entity, wherein the first information comprises the SUPI of the terminal equipment and the identification of the CAG network; the UDM entity searches whether the identification of the CAG network exists in the subscription data of the terminal equipment; if the identification of the CAG network does not exist in the subscription data of the terminal equipment, the UDM entity refuses the terminal equipment to access the CAG network; recording registration rejection state information of the terminal equipment by the UDM entity; the UDM entity determines whether to mark the terminal device as an illegal terminal device based on the registration rejection status information.
In a possible implementation, the specific implementation manner of determining, by the UDM entity, whether to mark the terminal device as an illegal terminal device according to the registration rejection status information is as follows: and when the rejection times of the terminal equipment which is rejected to access the network reach the preset times, the UDM entity marks the terminal equipment as illegal terminal equipment.
In a possible implementation, the UDM entity may further receive an authentication request sent by the AMF entity, where the authentication request is used to request primary authentication of the terminal device; and if the terminal equipment is marked as illegal terminal equipment, the UDM entity sends an authentication rejection message to the AMF entity.
In one possible implementation, when the time length for which the terminal device is marked as an illegal terminal device reaches a preset time length, the UDM entity cancels the marking of the terminal device as an illegal terminal device.
For the beneficial effects of the fourth aspect, reference is made to the beneficial effects of the third aspect, which are not described herein in detail.
In a fifth aspect, a communication device is provided, which may be a UDM entity, a device in the UDM entity, or a device capable of being used in cooperation with the UDM entity. Wherein, the communication device can also be a chip system. The communication device may perform the method of the second or fourth aspect. The functions of the communication device can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more units corresponding to the above functions. The unit may be software and/or hardware. The operations and advantageous effects performed by the communication device may refer to the methods and advantageous effects described in the second aspect or the fourth aspect, and repeated details are omitted.
In a sixth aspect, the present application provides a communication device comprising a processor, wherein the method performed by the UDM entity in the method according to the second or fourth aspect is performed when the processor invokes a computer program in a memory.
In a seventh aspect, the present application provides a communications apparatus comprising a processor and a memory, the memory for storing computer-executable instructions; the processor is configured to execute computer-executable instructions stored by the memory to cause the communication device to perform a method as performed by the UDM entity in the method of the second or fourth aspect.
In an eighth aspect, the present application provides a communication device comprising a processor, a memory, and a transceiver for receiving signals or transmitting signals; the memory for storing program code; the processor is configured to call the program code from the memory to execute a method performed by the UDM entity in the method according to the second or fourth aspect.
In a ninth aspect, the present application provides a communication device comprising a processor and an interface circuit for receiving code instructions and transmitting the code instructions to the processor; the processor executes the code instructions to perform the method performed by the UDM entity in the method according to the second or fourth aspect.
In a tenth aspect, the present application provides a computer-readable storage medium for storing instructions that, when executed, cause a method performed by a UDM entity in a method according to the second or fourth aspect to be implemented.
In an eleventh aspect, the present application provides a computer program product comprising instructions that, when executed, cause a method performed by a UDM entity in a method according to the second or fourth aspect to be implemented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a diagram illustrating a system architecture according to an embodiment of the present application;
fig. 2 is a schematic flowchart of an information processing method according to an embodiment of the present application;
FIG. 3 is a schematic flow chart diagram of another information processing method provided in the embodiments of the present application;
FIG. 4 is a schematic flow chart diagram illustrating another information processing method provided in the embodiment of the present application;
FIG. 5 is a schematic flow chart diagram of another information processing method provided in the embodiments of the present application;
fig. 6 is a schematic structural diagram of a communication device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another communication device according to an embodiment of the present application.
Detailed Description
The terms "first," "second," "third," and "fourth," etc. in the description and claims of the invention and in the accompanying drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
"plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
At present, a UDM entity cannot manage and control a terminal equipment registration network. In order to enhance the management and control capability of a UDM entity on network registration, an embodiment of the present application provides an information processing method and a communication apparatus. For the purpose of understanding the embodiments of the present application, the following describes the system architecture of the embodiments of the present application:
the technical scheme of the embodiment of the application can be applied to various communication systems, for example: a fifth generation (5G) system or a New Radio (NR) or future communication system, etc.
Fig. 1 is a schematic diagram of a network architecture suitable for the method provided by the embodiment of the present application. As shown in fig. 1, the network architecture of the embodiment of the present application may include the following network elements:
1. user equipment (user equipment, UE): may be referred to as a terminal device, terminal, access terminal, subscriber unit, subscriber station, mobile, remote station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user equipment. The UE may also be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device with wireless communication capability, a computing device or other processing device connected to a wireless modem, a vehicle mounted device, a wearable device, a terminal device in a 5G network or a terminal device in a future communication system, etc. The UE may also be an end device, a logic entity, an intelligent device, such as a terminal device like a mobile phone or an intelligent terminal, or a communication device like a server, a gateway, a base station or a controller, or an Internet of things (IoT) device like a sensor, an electric meter or a water meter. The UE may also be a wired device such as a computer, laptop, etc. The embodiments of the present application do not limit this. In the embodiments of the present application, UE is taken as an example to be described below.
2. Access Network (AN) device: the terminal device is to access the operator network, first via the access network device, and then may be connected to a service node of the operator network via the access network device.
3. Access and mobility management function (AMF) entity: the control plane network function provided by the operator network is responsible for access control and mobility management of terminal equipment accessing the operator network, and includes functions of mobility state management, user temporary identity distribution, user authentication and authorization and the like.
4. Unified Data Management (UDM) entity: also referred to as UDM network functions or UDM network function entities. The control plane function is provided by an operator and is responsible for storing information such as a subscriber permanent identifier (SUPI), a credential (trusted agent), a security context (security context), and subscription data of a subscribed user in an operator network. The SUPI is encrypted during transmission, and the encrypted SUPI is called a hidden subscriber identifier (SUCI). These information stored by the UDM entity can be used for authentication and authorization of the terminal device to access the operator network. The subscriber of the operator network may be specifically a user using a service provided by the operator network, for example, a user using a mobile phone core card of china telecommunications, or a user using a mobile phone core card of china mobile, and the like. The permanent subscription identity SUPI of the subscriber may be the number of the core card of the mobile phone. The credentials and security context of the subscriber may be a small file stored with an encryption key of the core card of the mobile phone or information related to encryption of the core card of the mobile phone, and used for authentication and/or authorization. The security context may be data (cookie) or token (token) stored on the user's local terminal (e.g., cell phone), etc. The subscription data of the subscriber may be a service associated with the core card of the mobile phone, such as a traffic package of the core card of the mobile phone or a network to which the subscriber is allowed to access.
Optionally, as shown in fig. 1, the network architecture according to the embodiment of the present invention may further include one or more of a network open function (NEF) entity, a network storage function (NRF) entity, a Policy Control Function (PCF) entity, an Application Function (AF) entity, an authentication server function (AUSF) entity, a Session Management Function (SMF) entity, or a User Plane Function (UPF) entity. The functions of other network elements not introduced in fig. 1 may refer to the functions defined in the 3GPP standard protocol, which are not described herein again.
The above nomenclature is only used for distinguishing different functions, and does not mean that the network elements are separate physical devices, and the present application does not limit the specific form of the above network elements, for example, the network elements may be integrated in the same physical device, or may be different physical devices. Moreover, the above nomenclature is used merely to distinguish between different functions, and should not be construed as limiting the application, which does not preclude the possibility of employing other nomenclature in future networks. For example, in a 6G network, some or all of the above network elements may follow the terminology in 5G, and may also adopt other names, etc. The description is unified here, and will not be repeated below.
In the network architecture, an N1 interface is a reference point between the terminal equipment and the AMF entity; the N2 interface is a reference point of AN and AMF entities, and is used for sending non-access stratum (NAS) messages and the like; the N3 interface is a reference point between (R) AN and UPF entities, for transmitting user plane data, etc.; the N4 interface is a reference point between the SMF entity and the UPF entity, and is used to transmit information such as tunnel identification information, data buffer indication information, and downlink data notification message of the N3 connection. The name of the interface between each network element in fig. 1 is only an example, and the name of the interface in the specific implementation may be other names, which is not specifically limited in this application.
It should be understood that the network architecture applied to the embodiment of the present application is only an exemplary network architecture described in the service architecture, and the network architecture to which the embodiment of the present application is applied is not limited thereto, and any network architecture capable of implementing the functions of the network elements described above is applicable to the embodiment of the present application.
The following describes the information processing method and the communication device provided by the present application in detail:
referring to fig. 2, fig. 2 is a schematic flowchart of an information processing method according to an embodiment of the present disclosure. As shown in fig. 2, the information processing method includes the following steps 201 to 204. The method execution subjects shown in fig. 2 may be an AMF entity and a UDM entity. Alternatively, the method execution subjects shown in fig. 2 may be a chip in the AMF entity and a chip in the UDM entity. Fig. 2 illustrates an example of an AMF entity and a UDM entity. Wherein:
201. and the AMF entity refuses the terminal equipment to access the network.
In the embodiment of the application, the terminal device may send a registration request to the AMF entity. And after receiving the registration request, the AMF entity sends an authentication request to the UDM entity, wherein the authentication request is used for requesting the primary authentication of the terminal equipment. And after receiving the authentication request, the UDM entity performs primary authentication on the terminal equipment. After the primary authentication between the UDM entity and the terminal device passes, the AMF entity may in some cases deny the terminal device access to the network.
For example, after the primary authentication between the UDM entity and the terminal device passes, the AMF entity obtains subscription data of the terminal device from the UDM entity. And if the network which the terminal equipment requests to access does not exist in the subscription data of the terminal equipment, the AMF entity refuses the terminal equipment to access the network. For example, the subscription data of the terminal device includes Closed Access Group (CAG) networks that the terminal device is allowed to access, which are a CAG network 1, a CAG network 2, and a CAG network 3. The terminal device requests access to the CAG network 4. Since the subscription data of the terminal device does not have the CAG network 4 to which the terminal device requests to access, the AMF entity rejects the terminal device to access the CAG network 4. The CAG network is a network that only allows some users with specific rights to access. Users that can access CAG networks are restricted, conditional.
For another example, after the primary authentication between the UDM entity and the terminal device passes, the AMF entity obtains the subscription data of the terminal device from the UDM entity. And if the network supported by the access network equipment to which the terminal equipment belongs does not exist in the subscription data of the terminal equipment, the AMF entity refuses the terminal equipment to access the network. For example, the subscription data of the terminal device includes CAG networks that the terminal device is allowed to access, which are CAG network 1, CAG network 2, and CAG network 3, respectively. The access network device to which the terminal device belongs supports a CAG network 4 and a CAG network 5. Because the subscription data of the terminal equipment does not have the network supported by the access network equipment to which the terminal equipment belongs, the AMF entity refuses the terminal equipment to access the network.
For another example, after the main authentication between the UDM entity and the terminal device passes, if the Security Mode Command (SMC) procedure fails to be executed, the AMF entity may also deny the terminal device to access the network. Alternatively, the AMF entity may also deny the terminal device access to the network for other reasons.
202. The AMF entity sends registration rejection information to the UDM entity.
In the embodiment of the application, after the AMF entity refuses the terminal equipment to access the network, registration refusing information is sent to the UDM entity. The registration rejection information is used to indicate that the terminal device is denied access to the network.
In a possible implementation, after the AMF entity rejects the terminal device to access the network, the AMF entity may send registration rejection information to the UDM entity when the registration rejection reason is a preset reason. That is, the AMF entity does not necessarily send registration rejection information to the UDM entity each time the terminal device is rejected from accessing the network. For example, when the registration rejection reason is that no network requested to be accessed by the terminal device exists in the subscription data of the terminal device, the AMF entity sends registration rejection information to the UDM entity.
In a possible implementation, the network to which the AMF entity denies the terminal device to access may be a CAG network, and the AMF entity may send registration denial information to the UDM entity when denying the terminal device to access the CAG network.
In one possible implementation, the network to which the AMF entity denies the terminal device access may be a Public Land Mobile Network (PLMN). The AMF entity may send registration rejection information to the UDM entity when rejecting the terminal device to access the PLMN network.
In a possible implementation, the AMF entity may send registration rejection information to the UDM entity when the terminal device is rejected from accessing the CAG network. Or when the terminal equipment is refused to access the PLMN network, registration refusing information can be sent to the UDM entity.
In one possible implementation, when the AMF entity rejects the terminal device to access the CAG network, the registration rejection information includes at least one of SUPI of the terminal device, a registration rejection cause value, and an identity of the CAG network. Based on the possible implementation, the AMF entity may indicate to the UDM entity one or more of the terminal device that was denied access to the network, the reason the terminal device was denied access to the CAG network, or the CAG network that the terminal device was denied access to.
For example, the registration rejection information includes SUPI of the terminal device. Alternatively, the registration rejection information includes the SUPI of the terminal device and the registration rejection cause value. Alternatively, the registration rejection information includes the SUPI of the terminal device and the identity of the CAG network. Alternatively, the registration rejection information includes the SUPI of the terminal device, a registration rejection cause value, and an identity of the CAG network. Wherein the SUPI of the terminal device is used to indicate the terminal device that is denied access to the network. The terminal device SUCI may be carried in a registration request sent by the terminal device to the AMF entity. The AMF entity may obtain the SUPI of the terminal device based on the sui of the terminal device. The registration rejection cause value is used to indicate the reason why the terminal device is rejected to access the CAG network. For example, the registration denial reason value may be that there is no CAG network requested by the terminal device to access in the subscription data, or the terminal device is not allowed or authorized to access the CAG network. Alternatively, the registration rejection cause value may be an SMC procedure failure. Alternatively, the registration rejection cause value may be for other reasons. The identification of the CAG network is used for indicating the CAG network which the terminal device is refused to access.
In one possible implementation, when the AMF entity rejects the terminal device to access the PLMN, the registration rejection information includes one or more of a SUPI of the terminal device, a registration rejection cause value, an identity of the PLMN, or an identity of the AMF entity. Based on the possible implementation, the AMF entity may indicate to the UDM entity one or more of the terminal device denied access to the network, the reason why the terminal device was denied access to the PLMN, the PLMN that the terminal device was denied access to, or the AMF entity that denied the terminal device access to the network.
For example, the registration rejection information includes SUPI of the terminal device. Alternatively, the registration rejection information includes the SUPI of the terminal device and the registration rejection cause value. Alternatively, the registration rejection information includes the SUPI of the terminal device and the identity of the PLMN. Alternatively, the registration rejection information includes the SUPI of the terminal device, the registration rejection cause value, and the identity of the PLMN. Alternatively, the identity of the PLMN may be replaced by the identity of the AMF entity. After receiving the identity of the AMF entity, the UDM entity may determine a PLMN to which the terminal device is denied access, based on the identity of the AMF entity. Wherein the SUPI of the terminal device is used to indicate the terminal device that is denied access to the network. The registration rejection cause value may be that no PLMN the terminal device requests to access exists in the subscription data, or that the terminal device is not allowed or authorized to access the PLMN. Alternatively, the registration rejection cause value may be an SMC procedure failure. Alternatively, the registration rejection cause value may be for other reasons. The identifier of the PLMN is used to indicate the PLMN to which the terminal device is denied access. The identity of the AMF entity is used for indicating the AMF entity which rejects the terminal equipment to access the network.
203. And the UDM entity records the registration rejection state information of the terminal equipment.
In the embodiment of the present application, after receiving the registration rejection information, the UDM entity may record registration rejection status information of the terminal device.
In one possible implementation, the registration rejection status information includes a number of rejections of the terminal device to access the network and/or a time of rejection of the terminal device to access the network. Based on the possible implementation, the UDM entity can record the refusal times of the terminal equipment refused to access the network and/or the refusal time of the terminal equipment refused to access the network, and the UDM entity can accurately determine whether the terminal equipment is marked as illegal terminal equipment or not based on the refusal times of the terminal equipment refused to access the network and/or the refusal time of the terminal equipment refused to access the network.
Optionally, the number of times of denial may be a total number of times of denial that the terminal device is denied to access multiple networks, or the number of times of denial may be a number of times of denial that the terminal device is denied to access a certain network. Optionally, if the number of rejections is a total number of rejections that the terminal device is rejected to access multiple networks, the UDM entity may record the number of rejections that the terminal device is rejected to access networks specifically as follows: and recording the corresponding relation between the SUPI of the terminal equipment and the total rejection times. If the number of rejections is the number of rejections corresponding to the terminal device being refused to access a certain network, the UDM entity may specifically record the number of rejections of the terminal device being refused to access the network as follows: the corresponding relation between the SUPI of the terminal equipment, the network refused to access and the refusing times is recorded.
For example, the number of rejections is taken as the total number of rejections of the terminal device to be rejected to access multiple networks. In the first network registration process, the AMF entity rejects the terminal device to access the CAG network 1. The AMF entity sends registration rejection status information to the UDM entity to indicate that the terminal device is rejected to access the network. And after receiving the registration rejection state information, the UDM entity records the rejection times of the terminal equipment which is rejected to access the network as 1. That is, the UDM entity records the number of rejects corresponding to the SUPI of the terminal device as 1.
In the second network registration process, the AMF entity rejects the terminal device to access the CAG network 2. The AMF entity sends registration rejection status information to the UDM entity to indicate that the terminal device is rejected to access the network. And after receiving the registration rejection state information, the UDM entity records the rejection times of the terminal equipment which is rejected to access the network as 2. That is, the UDM entity records the number of rejects corresponding to the SUPI of the terminal device as 2. And analogizing in sequence, in the nth network registration process, if the AMF entity refuses the terminal equipment to access the network. And the UDM entity records the refusal times of the terminal equipment refused to access the network as N, wherein N is more than 2. That is, the UDM entity records the number of rejects corresponding to the SUPI of the terminal device as N times.
As another example, the number of times of denial is taken as the number of times of denial that the terminal device is denied to access a certain network. In the first network registration process, the AMF entity rejects the terminal device to access the CAG network 1. The AMF entity sends registration rejection status information to the UDM entity to indicate that the terminal device is rejected from accessing the network. The registration rejection status information carries an identification of the CAG network 1. After receiving the registration rejection state information, the UDM entity records the number of rejections of the terminal device to access the CAG network 1 as 1. Namely, the UDM entity records the number of times of refusal corresponding to the SUPI of the terminal device and the identity of the CAG network 1 as 1.
In the second network registration process, the AMF entity refuses the terminal device to access the CAG network 1. The AMF entity sends registration rejection status information to the UDM entity to indicate that the terminal device is rejected from accessing the network. The registration rejection status information carries the identity of the CAG network 1. And after receiving the registration rejection state information, the UDM entity records the rejection times of the terminal equipment which is rejected to access the CAG network 1 as 2. Namely, the UDM entity records the number of rejects corresponding to the SUPI of the terminal device and the identity of the CAG network 1 as 2.
In the third network registration process, the AMF entity rejects the terminal device to access the CAG network 2. The AMF entity sends registration rejection status information to the UDM entity to indicate that the terminal device is rejected to access the network. The registration rejection status information carries the identity of the CAG network 2. After receiving the registration rejection state information, the UDM entity records the number of rejections of the terminal device to access the CAG network 2 as 1. That is, the UDM entity records the number of times of refusal corresponding to the SUPI of the terminal device and the identity of the CAG network 2 as 1 time. That is, the UDM entity records the number of rejections of different networks, respectively. The AMF entity rejects the terminal device to access the PLMN for the same reason, which is not described herein again.
204. And the UDM entity determines whether to mark the terminal equipment as illegal terminal equipment or not according to the registration rejection state information.
In the embodiment of the application, after the UDM entity records the registration rejection state information of the terminal device, whether the terminal device is marked as an illegal terminal device is determined according to the registration rejection state information. An illegal terminal device may also be referred to as a malicious terminal device.
In a possible implementation, the specific implementation manner that the UDM entity determines whether to mark the terminal device as an illegal terminal device according to the registration rejection status information is as follows: and when the rejection times of the terminal equipment which is rejected to access the network reach the preset times, the UDM entity marks the terminal equipment as illegal terminal equipment. Or, when the number of refusal times of the terminal device to be refused to access the network is greater than the preset number, the UDM entity marks the terminal device as an illegal terminal device. Based on this possible implementation, illegal terminal devices can be accurately marked. Optionally, the specific way for the UDM entity to mark the terminal device as the illegal terminal device is that the UDM entity marks the SUPI of the terminal device as the illegal terminal device.
For example, the predetermined number is 2. In the first network registration process, the AMF entity rejects the terminal device to access the CAG network 1. The AMF entity sends registration rejection status information to the UDM entity to indicate that the terminal device is rejected to access the network. The registration rejection state information carries the SUPI of the terminal device and the identity of the CAG network 1. After receiving the registration rejection state information, the UDM entity records the number of rejections corresponding to the SUPI of the terminal device and the identity 1 of the CAG network 1 as 1. And the UDM entity determines that the rejection times corresponding to the SUPI of the terminal equipment and the identification 1 of the CAG network 1 are less than 2 times, and then the SUPI of the terminal equipment is not marked as illegal terminal equipment.
In the second network registration process, the AMF entity refuses the terminal device to access the CAG network 1. The AMF entity sends registration rejection status information to the UDM entity to indicate that the terminal device is rejected to access the network. The registration rejection state information carries the SUPI of the terminal device and the identity of the CAG network 1. After receiving the registration rejection state information, the UDM entity records the number of rejections corresponding to the SUPI of the terminal device and the identity 1 of the CAG network 1 as 2. And the UDM entity determines that the rejection times corresponding to the SUPI of the terminal equipment and the identification 1 of the CAG network 1 reach 2 times, and then the SUPI marked by the terminal equipment is the illegal terminal equipment.
In one possible implementation, the UDM entity may further adjust the number of rejections of the terminal device to the network based on the time of rejection of the terminal device to the network. For example, the UDM entity may determine from the recorded rejection times a target number of rejection times, which is a rejection time with a time interval from the current time greater than a preset interval. And subtracting the number of the target rejection time from the recorded rejection times to update the rejection times of the terminal device refused to access the network. For example, the number of times that the terminal device currently recorded by the UDM entity is rejected to access the CAG network 1 is 3. The time interval between the time of the rejection of the first time the terminal device is rejected to access the CAG network 1 and the current time is 10 minutes. The time interval between the refusal time when the terminal device is refused to access the CAG network 1 for the second time and the current time is 2 minutes. The time interval between the refusal time when the terminal device is refused to access the CAG network 1 for the third time and the current time is 1 minute. If the preset interval is 5 minutes, because the time interval between the rejection time when the terminal device is rejected to access the CAG network 1 for the first time and the current time is greater than 5 minutes, the UDM entity subtracts 1 from the recorded rejection times corresponding to the SUPI of the terminal device and the identifier 1 of the CAG network 1, and the UDM entity updates 2 the recorded rejection times corresponding to the SUPI of the terminal device and the identifier 1 of the CAG network 1.
It can be seen that by implementing the method described in fig. 2, the UDM entity can accurately mark illegal terminal devices. And then when the illegal terminal equipment registers the network subsequently, the UDM entity can refuse the illegal terminal equipment to access the network. It can be seen that, by implementing the method described in fig. 2, it is beneficial to increase the capability of the UDM entity to manage and control network registration.
Referring to fig. 3, fig. 3 is a schematic flow chart of another information processing method according to an embodiment of the present application. As shown in fig. 3, the information processing method includes steps 301 to 307 as follows. The method execution subjects shown in fig. 3 may be an AMF entity and a UDM entity. Alternatively, the method execution subjects shown in fig. 3 may be a chip in the AMF entity and a chip in the UDM entity. Fig. 3 illustrates an example of an AMF entity and a UDM entity. Wherein:
301. and the AMF entity refuses the terminal equipment to access the network.
302. The AMF entity sends registration rejection information to the UDM entity.
Wherein the registration rejection information is used for indicating that the terminal device is rejected to access the network.
303. And the UDM entity records the registration rejection state information of the terminal equipment.
304. And the UDM entity determines whether to mark the terminal equipment as illegal terminal equipment or not according to the registration rejection state information.
For specific implementation manners of step 301 to step 304, reference may be made to the above-mentioned specific implementation manners of step 201 to step 204, which are not described herein again.
305. The terminal equipment sends a registration request to the AMF entity.
In the embodiment of the application, after the UDM entity marks the terminal device as an illegal terminal device according to the registration rejection state information, or after the UDM entity does not mark the terminal device as an illegal terminal device according to the registration rejection state information, the AMF entity receives the registration request sent by the terminal device. Optionally, the SUCI of the terminal device may be carried in the registration request.
306. The AMF entity sends an authentication request to the UDM entity.
After receiving the registration request, the AMF entity sends an authentication request to the UDM entity, wherein the authentication request is used for requesting to perform primary authentication on the terminal equipment. Optionally, the sui of the terminal device may be carried in the authentication request.
307. And if the terminal equipment is marked as illegal terminal equipment, the UDM entity sends an authentication rejection message to the AMF entity.
In the embodiment of the application, after the UDM entity receives the authentication request, if the terminal device is marked as an illegal terminal device, the UDM entity sends an authentication rejection message to the AMF entity. And if the terminal equipment is not marked as illegal terminal equipment, the UDM entity performs main authentication on the terminal equipment.
For example, in the first network registration process, the terminal device sends a registration request to the AMF entity, where the registration request carries the SUCI of the terminal device and the identifier of the CAG network 1. The AMF entity sends an authentication request to the UDM entity, wherein the authentication request carries the SUCI. The UDM entity receives the authentication request, converts the SUCI to the SUPI, and determines whether the SUPI is marked as an illegitimate terminal device. And if the terminal equipment is not marked as illegal terminal equipment, the UDM entity performs main authentication on the terminal equipment. And after the main authentication between the UDM entity and the terminal equipment is completed, the AMF entity acquires the subscription data of the terminal equipment from the UDM entity. The identification of the CAG network 1 does not exist in the subscription data of the terminal device. The AMF entity rejects the terminal equipment to access the CAG network 1 and sends registration rejection information to the UDM entity, wherein the registration rejection information carries the SUPI of the terminal equipment, the registration rejection reason value and the identification of the CAG network 1. The UDM entity records the number of times of refusal corresponding to the SUPI of the terminal equipment and the identification of the CAG network 1 as 1 time.
In the second network registration process, the terminal device sends a registration request to the AMF entity, where the registration request carries the SUCI of the terminal device and the identifier of the CAG network 1. The second network registration process is similar to the first network registration process. The identification of the CAG network 1 does not exist in the subscription data of the terminal equipment. Therefore, the AMF entity rejects the terminal device to access the CAG network 1 and transmits registration rejection information carrying the SUPI of the terminal device, the registration rejection cause value, and the identity of the CAG network 1 to the UDM entity. The UDM entity records the reject times corresponding to the SUPI of the terminal equipment and the identification of the CAG network 1 as 2 times. Since the number of times of refusal corresponding to the SUPI of the terminal device and the identification of the CAG network 1 reaches a preset number (i.e., 2 times), the UDM entity marks the SUPI of the terminal device as an illegal terminal device.
In the third network registration process, the terminal device sends a registration request to the AMF entity, where the registration request carries the SUCI of the terminal device and the identifier of the CAG network 1. And the AMF entity sends an authentication request to the UDM entity, wherein the authentication request carries the SUCI. The UDM entity, upon receiving the authentication request, converts the SUCI to a SUPI, and determines that the SUPI is marked as an illegitimate terminal device. Therefore, the UDM entity sends an authentication reject message to the AMF entity.
In one possible implementation, when the time length for which the terminal device is marked as an illegal terminal device reaches a preset time length, the UDM entity cancels the marking of the terminal device as an illegal terminal device. This can prevent the terminal device from being unable to access the network all the time.
It can be seen that, by implementing the method described in fig. 3, if the terminal device is marked as an illegal terminal device, the UDM entity can refuse to perform the main authentication on the terminal device before performing the main authentication on the terminal device, thereby refusing the terminal device to access the network. It can be seen that by implementing the method described in fig. 3, the terminal device can be denied access to the network in time, so that network resources and computing resources can be saved, and the network processing load can be reduced.
Referring to fig. 4, fig. 4 is a schematic flowchart of another information processing method according to an embodiment of the present disclosure. As shown in fig. 4, the information processing method includes the following steps 401 to 405. The method execution subjects shown in fig. 4 may be an AMF entity and a UDM entity. Alternatively, the method execution subjects shown in fig. 4 may be a chip in the AMF entity and a chip in the UDM entity. Fig. 4 illustrates an example of a UDM entity and an AMF entity. Wherein:
401. the AMF entity transmits first information to the UDM entity, wherein the first information comprises the SUPI of the terminal equipment and the identification of the CAG network.
In the embodiment of the application, the terminal device may send a registration request to the AMF entity. And after receiving the registration request, the AMF entity sends an authentication request to the UDM entity, wherein the authentication request is used for requesting the primary authentication of the terminal equipment. And after receiving the authentication request, the UDM entity performs primary authentication on the terminal equipment. After the primary authentication between the UDM entity and the terminal device passes, the AMF entity sends the first information to the UDM entity.
The registration request may carry the sui of the terminal device. The AMF entity may obtain the SUPI of the terminal device based on the SUCI of the terminal device. The identification of the CAG network in the first information is the identification of the network which the terminal equipment requests to access. The registration request can also carry the identification of the CAG network which the terminal equipment requests to access. Or, the AMF entity may obtain, after the primary authentication between the UDM entity and the terminal device passes, the identifier of the CAG network to which the terminal device requests to access, in another manner.
402. And the UDM entity searches whether the identification of the CAG network exists in the subscription data of the terminal equipment.
403. And if the identification of the CAG network does not exist in the subscription data of the terminal equipment, the UDM entity refuses the terminal equipment to access the CAG network.
In this embodiment of the application, after receiving the first information, the UDM entity searches whether the identifier of the CAG network exists in subscription data of the terminal device. The subscription data of the terminal device includes an identifier of a CAG network that the terminal device is allowed to access. For example, the identifiers of the CAG networks allowing the terminal device to access, which are included in the subscription data of the terminal device, are the identifier of the CAG network 1, the identifier of the CAG network 2, and the identifier of the CAG network 3, respectively. The identification of the CAG network carried in the first information is the identification of the CAG network 4. Therefore, the identifier of the CAG network 4 does not exist in the subscription data of the terminal device, and the UDM entity rejects the terminal device to access the CAG network.
Optionally, if the identifier of the CAG network exists in the subscription data of the terminal device, the UDM entity allows the terminal device to access the CAG network. For example, the UDM entity may send indication information to the AMF entity indicating that the terminal device is allowed to access the CAG network.
404. And the UDM entity records registration rejection state information of the terminal equipment.
In the embodiment of the application, after the UDM entity rejects the terminal device to access the CAG network, the UDM entity records registration rejection status information of the terminal device. For the description of the registration rejection status information and the description of how to record the registration rejection status information of the terminal device, reference may be made to the description in the embodiment corresponding to fig. 2, which is not described herein again.
405. The UDM entity determines whether to mark the terminal device as an illegal terminal device based on the registration rejection status information.
In the embodiment of the application, after the UDM entity records the registration rejection state information of the terminal device, the UDM entity determines whether to mark the terminal device as an illegal terminal device based on the registration rejection state information. The specific implementation manner of step 405 is the same as that of step 204, and is not described herein again.
It can be seen that by implementing the method described in fig. 4, the UDM entity can accurately mark illegal terminal devices. And then when the illegal terminal equipment registers the network subsequently, the UDM entity can refuse the illegal terminal equipment to access the network. It can be seen that, by implementing the method described in fig. 4, it is beneficial to increase the capability of the UDM entity to manage and control network registration.
Referring to fig. 5, fig. 5 is a schematic flowchart of another information processing method according to an embodiment of the present disclosure. As shown in fig. 5, the information processing method includes the following steps 501 to 508. The method execution subjects shown in fig. 5 may be an AMF entity and a UDM entity. Alternatively, the method execution subjects shown in fig. 5 may be a chip in the AMF entity and a chip in the UDM entity. Fig. 5 illustrates an example of a UDM entity and an AMF entity. Wherein:
501. the AMF entity transmits first information to the UDM entity, wherein the first information comprises the SUPI of the terminal equipment and the identification of the CAG network.
502. And the UDM entity searches whether the identification of the CAG network exists in the subscription data of the terminal equipment.
503. And if the identification of the CAG network does not exist in the subscription data of the terminal equipment, the UDM entity refuses the terminal equipment to access the CAG network.
504. And the UDM entity records the registration rejection state information of the terminal equipment.
505. The UDM entity determines whether to mark the terminal device as an illegal terminal device based on the registration rejection status information.
506. The terminal equipment sends a registration request to the AMF entity.
507. The AMF entity sends an authentication request to the UDM entity.
508. And if the terminal equipment is marked as illegal terminal equipment, the UDM entity sends an authentication rejection message to the AMF entity.
The specific implementation manners of steps 506 to 508 may refer to the specific implementation manners of steps 305 to 307, which are not described herein again.
In one possible implementation, when the time length for which the terminal device is marked as an illegal terminal device reaches a preset time length, the UDM entity cancels the marking of the terminal device as an illegal terminal device. This can prevent the terminal device from being unable to access the network all the time.
It can be seen that, by implementing the method described in fig. 5, if the terminal device is marked as an illegal terminal device, the UDM entity can refuse to perform the main authentication on the terminal device before performing the main authentication on the terminal device, thereby refusing the terminal device to access the network. It can be seen that by implementing the method described in fig. 5, the terminal device can be denied access to the network in time, so that network resources and computing resources can be saved, and network processing load can be reduced.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a communication device according to an embodiment of the present application. Communication shown in fig. 6 the communication device shown in fig. 6 may be used to implement part or all of the functionality of the UDM entity in the method embodiments described in fig. 2 and 3 above. The apparatus may be a UDM entity, an apparatus in the UDM entity, or an apparatus capable of being used in cooperation with the UDM entity. The communication device can also be a chip system. The communication apparatus shown in fig. 6 may include a communication unit 601 and a processing unit 602. Wherein:
a communication unit 601, configured to receive registration rejection information sent by an access and mobility management function AMF entity, where the registration rejection information is used to indicate that a terminal device is rejected from accessing a network; a processing unit 602, configured to record registration rejection status information of the terminal device; the processing unit 602 is further configured to determine whether to mark the terminal device as an illegal terminal device according to the registration rejection status information.
In one possible implementation, the registration rejection status information includes a number of rejections of the terminal device to access the network and/or a time of rejection of the terminal device to access the network.
In one possible implementation, the registration rejection information includes one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, or an identity of a closed access group, CAG, network to which the terminal device is denied access.
In a possible implementation, the registration rejection information includes one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, an identity of a public land mobile network, PLMN, or an identity of an AMF entity, the PLMN being the network to which the terminal device is denied access.
In a possible implementation, the way that the processing unit 602 determines whether to mark the terminal device as an illegal terminal device according to the registration rejection status information is specifically: and when the refusing times of the terminal equipment refusing to access the network reach the preset times, marking the terminal equipment as illegal terminal equipment.
In a possible implementation, the communication unit 601 is further configured to receive an authentication request sent by the AMF entity, where the authentication request is used to request primary authentication of the terminal device; the communication unit 601 is further configured to send an authentication reject message to the AMF entity if the terminal device is marked as an illegal terminal device.
In a possible implementation, the processing unit 602 is further configured to cancel the terminal device being marked as an illegal terminal device when a duration in which the terminal device is marked as an illegal terminal device reaches a preset duration.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a communication device according to an embodiment of the present application. Communication shown in fig. 6 the communication means shown in fig. 6 may be used to implement part or all of the functionality of the UDM entity in the method embodiments described in fig. 4 and 5 above. The apparatus may be a UDM entity, an apparatus in the UDM entity, or an apparatus capable of being used in cooperation with the UDM entity. The communication device can also be a chip system. The communication apparatus shown in fig. 6 may include a communication unit 601 and a processing unit 602. Wherein:
a communication unit 601, configured to receive first information sent by an AMF entity, where the first information includes the SUPI of the terminal device and an identity of a CAG network; the processing unit 602 is configured to search in the subscription data of the terminal device whether the identifier of the CAG network exists. The processing unit 602 is further configured to reject the terminal device to access the CAG network if the identification of the CAG network does not exist in the subscription data of the terminal device. The processing unit 602 is further configured to record registration rejection status information of the terminal device. The processing unit 602 is further configured to determine whether to mark the terminal device as an illegal terminal device based on the registration rejection status information.
In one possible implementation, the registration denial state information includes a number of denials of the terminal device to access the network and/or a denial time of the terminal device to access the network.
In a possible implementation, the way that the processing unit 602 determines whether to mark the terminal device as an illegal terminal device according to the registration rejection status information is specifically: and when the refusing times of the terminal equipment refusing to access the network reach the preset times, marking the terminal equipment as illegal terminal equipment.
In a possible implementation, the communication unit 601 is further configured to receive an authentication request sent by the AMF entity, where the authentication request is used to request primary authentication of the terminal device; the communication unit 601 is further configured to send an authentication reject message to the AMF entity if the terminal device is marked as an illegal terminal device.
In a possible implementation, the processing unit 602 is further configured to cancel the terminal device being marked as an illegal terminal device when a duration that the terminal device is marked as an illegal terminal device reaches a preset duration.
Fig. 7 shows a communication apparatus 70 provided in the embodiment of the present application, which is used to implement the functions of the AMF entity or the UDM entity in the foregoing method embodiments. The apparatus may be an AMF entity or a UDM entity. Alternatively, the apparatus may be an apparatus for an AMF entity or a UDM entity. The means for the AMF entity or the UDM entity may be a chip system or a chip within the AMF entity or the UDM entity. The chip system may be composed of a chip, or may include a chip and other discrete devices.
The communication device 70 includes at least one processor 720 for implementing the data processing function of the AMF entity or the UDM entity in the method provided in the embodiment of the present application. The apparatus 70 may further include a communication interface 710 for implementing transceiving operations of the AMF entity or the UDM entity in the method provided by the embodiment of the present application. In embodiments of the present application, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface for communicating with other devices over a transmission medium. For example, the communication interface 710 is used for devices in the apparatus 70 to communicate with other devices. The processor 720 utilizes the communication interface 710 to send and receive data and is configured to implement the methods described in the method embodiments above.
The apparatus 70 may also include at least one memory 730 for storing program instructions and/or data. Memory 730 is coupled to processor 720. The coupling in the embodiments of the present application is an indirect coupling or a communication connection between devices, units or modules, and may be an electrical, mechanical or other form for information interaction between the devices, units or modules. Processor 720 may cooperate with memory 730. Processor 720 may execute program instructions stored in memory 730. At least one of the at least one memory may be included in the processor.
The specific connection medium among the communication interface 710, the processor 720 and the memory 730 is not limited in the embodiments of the present application. In the embodiment of the present application, the memory 730, the communication interface 77 and the communication interface 710 are connected by the bus 740 in fig. 7, the bus is represented by a thick line in fig. 7, and the connection manner between other components is merely illustrative and not limited. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
Where the apparatus 70 is specifically an apparatus for an AMF entity or a UDM entity, such as where the apparatus 70 is specifically a chip or a system of chips, the output or reception by the communication interface 710 may be a baseband signal. When the device 70 is specifically an AMF entity or a UDM entity, the communication interface 710 may output or receive radio frequency signals. In the embodiments of the present application, the processor may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor.
Embodiments of the present application further provide a computer-readable storage medium, which stores instructions for executing the method performed by the AMF entity in the above method embodiments when the computer-readable storage medium is executed on a processor.
Embodiments of the present application further provide a computer-readable storage medium, in which instructions are stored, and when the computer-readable storage medium is executed on a processor, the computer-readable storage medium is configured to perform the method performed by the UDM entity in the foregoing method embodiments.
Embodiments of the present application further provide a computer program product, when the computer program product is run on a processor, configured to perform the method performed by the AMF entity in the above method embodiments.
Embodiments of the present application further provide a computer program product, when the computer program product runs on a processor, configured to execute the method performed by the UDM entity in the foregoing method embodiment.
The embodiment of the application also provides a communication system, which comprises an AMF entity and a UDM entity. The AMF entity is configured to perform the method performed by the AMF entity in fig. 2 or fig. 3 in the above method embodiment. The UDM entity is configured to perform the method performed by the UDM entity in fig. 2 or fig. 3 in the above method embodiment. Alternatively, the AMF entity is configured to perform the method performed by the AMF entity in fig. 4 or fig. 5 in the above method embodiment. The UDM entity is configured to perform the method performed by the UDM entity in fig. 4 or fig. 5 in the above method embodiment.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to the related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a memory and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
Those skilled in the art will appreciate that all or part of the steps of the methods of the above embodiments may be implemented by a program, which is stored in a computer-readable memory, the memory including: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above embodiments of the present invention are described in detail, and the principle and the implementation of the present invention are explained by applying specific embodiments, and the above description of the embodiments is only used to help understanding the method of the present invention and the core idea thereof; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in view of the above, the content of the present specification should not be construed as a limitation to the present invention.

Claims (21)

1. An information processing method, characterized in that the method comprises:
an access and mobility management function (AMF) entity refuses the terminal equipment to access a network;
the AMF entity sends registration rejection information to a Unified Data Management (UDM) entity, wherein the registration rejection information is used for indicating that the terminal equipment is rejected to access a network;
the UDM entity records registration rejection state information of the terminal equipment;
and the UDM entity determines whether to mark the terminal equipment as illegal terminal equipment or not according to the registration rejection state information.
2. The method of claim 1, wherein the registration rejection status information comprises a number of rejections of the terminal device to the network and/or a time of rejection of the terminal device to the network.
3. The method according to claim 1 or 2, wherein the AMF entity denies the terminal device access to the network, comprising:
the AMF entity refuses the terminal equipment to access a closed access group CAG network;
wherein the registration rejection information includes at least one of a user permanent identity (SUPI) of the terminal device, a registration rejection cause value, and an identity of the CAG network.
4. The method according to claim 1 or 2, wherein the AMF entity denies the terminal device access to the network, comprising:
the AMF entity refuses the terminal equipment to access the public land mobile network PLMN;
wherein the registration rejection information comprises one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, an identity of the PLMN, or an identity of the AMF entity.
5. The method according to claim 1 or 2, wherein the UDM entity determines whether to mark the terminal device as an illegal terminal device according to the registration rejection status information, including:
and when the rejection times of the terminal equipment which is rejected to access the network reach preset times, the UDM entity marks the terminal equipment as illegal terminal equipment.
6. The method according to claim 1 or 2, characterized in that the method further comprises:
the AMF entity receives a registration request sent by the terminal equipment;
the AMF entity sends an authentication request to the UDM entity; the authentication request is used for requesting the main authentication of the terminal equipment;
and if the terminal equipment is marked as illegal terminal equipment, the UDM entity sends an authentication rejection message to the AMF entity.
7. The method according to claim 1 or 2, characterized in that the method further comprises:
and when the time length of the terminal equipment marked as illegal terminal equipment reaches a preset time length, the UDM entity cancels the marking of the terminal equipment as illegal terminal equipment.
8. An information processing method, characterized in that the method comprises:
a Unified Data Management (UDM) entity receives registration rejection information sent by an access and mobility management function (AMF) entity, wherein the registration rejection information is used for indicating that terminal equipment is rejected to access a network;
the UDM entity records registration rejection state information of the terminal equipment;
and the UDM entity determines whether to mark the terminal equipment as illegal terminal equipment or not according to the registration rejection state information.
9. The method according to claim 8, wherein the registration rejection status information comprises the number of rejections of the terminal device to the network and/or the time of rejection of the terminal device to the network.
10. The method according to claim 8 or 9, wherein the registration rejection information comprises one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, or an identity of a closed access group, CAG, network, the CAG network being a network to which the terminal device is denied access.
11. The method according to claim 8 or 9, wherein the registration rejection information comprises one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, an identity of a public land mobile network, PLMN, or an identity of the AMF entity, the PLMN being a network to which the terminal device is denied access.
12. The method according to claim 8 or 9, wherein the UDM entity determining whether to mark the terminal device as an illegal terminal device according to the registration rejection status information comprises:
and when the rejection times of the terminal equipment which is rejected to access the network reach preset times, the UDM entity marks the terminal equipment as illegal terminal equipment.
13. The method according to claim 8 or 9, characterized in that the method further comprises:
the UDM entity receives an authentication request sent by the AMF entity, wherein the authentication request is used for requesting to carry out main authentication on the terminal equipment;
and if the terminal equipment is marked as illegal terminal equipment, the UDM entity sends an authentication refusing message to the AMF entity.
14. The method according to claim 8 or 9, characterized in that the method further comprises:
and when the time length of the terminal equipment marked as illegal terminal equipment reaches a preset time length, the UDM entity cancels the marking of the terminal equipment as illegal terminal equipment.
15. A communication apparatus, characterized in that the communication apparatus comprises:
the communication unit is used for receiving registration rejection information sent by an access and mobility management function (AMF) entity, wherein the registration rejection information is used for indicating that the terminal equipment is rejected to access a network;
the processing unit is used for recording registration rejection state information of the terminal equipment;
the processing unit is further configured to determine whether to mark the terminal device as an illegal terminal device according to the registration rejection status information.
16. The apparatus according to claim 15, wherein the registration rejection status information includes a number of rejections of the terminal device to access the network and/or a rejection time of the terminal device to access the network.
17. A communication apparatus according to claim 15 or 16, wherein the registration rejection information comprises one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, or an identity of a closed access group, CAG, network to which the terminal device is denied access.
18. Communication apparatus according to claim 15 or 16, wherein the registration rejection information comprises one or more of a user permanent identity, SUPI, of the terminal device, a registration rejection cause value, an identity of a public land mobile network, PLMN, or an identity of the AMF entity, the PLMN being the network to which the terminal device is denied access.
19. The communication apparatus according to claim 15 or 16, wherein the manner for the processing unit to determine whether to mark the terminal device as an illegal terminal device according to the registration rejection status information is specifically:
and when the refusing times of the terminal equipment refusing to access the network reach the preset times, marking the terminal equipment as illegal terminal equipment.
20. The communication device according to claim 15 or 16,
the communication unit is further configured to receive an authentication request sent by the AMF entity, where the authentication request is used to request a primary authentication of the terminal device;
the communication unit is further configured to send an authentication reject message to the AMF entity if the terminal device is marked as an illegal terminal device.
21. The communication device according to claim 15 or 16,
the processing unit is further configured to cancel the marking of the terminal device as an illegal terminal device when the time length for which the terminal device is marked as the illegal terminal device reaches a preset time length.
CN201911371692.XA 2019-12-26 2019-12-26 Information processing method and communication device Active CN113055342B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201911371692.XA CN113055342B (en) 2019-12-26 2019-12-26 Information processing method and communication device
PCT/CN2020/139385 WO2021129803A1 (en) 2019-12-26 2020-12-25 Information processing method and communication apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911371692.XA CN113055342B (en) 2019-12-26 2019-12-26 Information processing method and communication device

Publications (2)

Publication Number Publication Date
CN113055342A CN113055342A (en) 2021-06-29
CN113055342B true CN113055342B (en) 2022-08-26

Family

ID=76505730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911371692.XA Active CN113055342B (en) 2019-12-26 2019-12-26 Information processing method and communication device

Country Status (2)

Country Link
CN (1) CN113055342B (en)
WO (1) WO2021129803A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113811022B (en) * 2021-08-12 2024-03-12 天翼物联科技有限公司 Abnormal terminal rejection method, system, device and storage medium
CN113691521A (en) * 2021-08-19 2021-11-23 北京鼎普科技股份有限公司 Method for network access based on terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645817A (en) * 2008-08-05 2010-02-10 中兴通讯股份有限公司 Wireless network access system and method thereof for preventing illegal user from malicious access
CN101729504A (en) * 2008-11-03 2010-06-09 中兴通讯股份有限公司 Method for implementing improving success ratio of access authentication of AAA server
CN102892177A (en) * 2011-07-20 2013-01-23 中兴通讯股份有限公司 Terminal access control processing method and device
CN105992305A (en) * 2015-02-10 2016-10-05 中兴通讯股份有限公司 Network access management method and system thereof

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11190541B2 (en) * 2015-10-15 2021-11-30 Nec Corporation Monitor device, base station, monitoring method, control method, and non-transitory computer readable medium
CN109587742B (en) * 2017-09-28 2020-09-29 维沃移动通信有限公司 Method and apparatus for wireless communication
WO2019098496A1 (en) * 2017-11-16 2019-05-23 엘지전자 주식회사 Method for registering, to network system, terminal capable of accessing plurality of access networks
CN111615848B (en) * 2018-01-19 2022-12-23 Lg电子株式会社 Method for controlling access to network in wireless communication system and apparatus therefor
WO2019221563A1 (en) * 2018-05-18 2019-11-21 삼성전자 주식회사 Method and apparatus for controlling network access to restricted local operator services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645817A (en) * 2008-08-05 2010-02-10 中兴通讯股份有限公司 Wireless network access system and method thereof for preventing illegal user from malicious access
CN101729504A (en) * 2008-11-03 2010-06-09 中兴通讯股份有限公司 Method for implementing improving success ratio of access authentication of AAA server
CN102892177A (en) * 2011-07-20 2013-01-23 中兴通讯股份有限公司 Terminal access control processing method and device
CN105992305A (en) * 2015-02-10 2016-10-05 中兴通讯股份有限公司 Network access management method and system thereof

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
"Discussion whether a NAS reject message can be sent protected or unprotected by an AMF";Samsung;《3GPP TSG-CT WG1 Meeting #120 Portoroz (Slovenia), 7-11 October 2019》;20191001;全文 *
(Release 16)".《3GPP TR 33.819 V1.1.0 (2019-06)》.2019,20-22. *
3GPP."3rd Generation Partnership Project *
Security architecture and procedures for 5G system(Release 15)".《3GPP TS 33.501 V15.2.0 (2018-09)》.2018,33-39. *
Study on security for 5GS enhanced support of Vertical and LAN Services *
Technical Specification Group Services and System Aspects *

Also Published As

Publication number Publication date
WO2021129803A1 (en) 2021-07-01
CN113055342A (en) 2021-06-29

Similar Documents

Publication Publication Date Title
US11825307B2 (en) Systems and methods of supporting device triggered re-authentication of slice-specific secondary authentication and authorization
US11937177B2 (en) Method and apparatus for handling non-integrity protected reject messages in non-public networks
US20200374698A1 (en) Communication method and communications apparatus
CN110786034B (en) Method, user equipment and functional node for network slice privacy consideration
WO2020224622A1 (en) Information configuration method and device
US20200029217A1 (en) User Authentication Method and Apparatus
CN113498217A (en) Communication method and communication device
CN113055342B (en) Information processing method and communication device
CN113676904B (en) Slice authentication method and device
CN113498060A (en) Method, device, equipment and storage medium for controlling network slice authentication
WO2022083438A1 (en) Network registration method
CN115004635A (en) Subscription information acquisition method and device
CN114451016B (en) Method, device and system for updating configuration data
CN115412911A (en) Authentication method, communication device and system
WO2023011630A1 (en) Authorization verification method and apparatus
CN114691734B (en) Cache management and control method and device, computer readable medium and electronic equipment
WO2021233286A1 (en) Data processing method and apparatus, network device, and terminal
US20220232382A1 (en) Controlling provision of access to restricted local operator services by user equipment
CN111372250A (en) Base station determination method and apparatus, storage medium, and electronic apparatus
WO2023169206A1 (en) Authorization verification method and device
WO2023142097A1 (en) User equipment-to-network relay security for proximity based services
WO2024065502A1 (en) Authentication and key management for applications (akma) for roaming scenarios
KR20240064005A (en) State authentication methods and devices
CN117812590A (en) Communication method and device, computer readable storage medium and communication system
CN117858084A (en) Management method and device for group control charging pile of group management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant