CN113596830B - Communication method, communication apparatus, electronic device, storage medium, and program product - Google Patents
Communication method, communication apparatus, electronic device, storage medium, and program product Download PDFInfo
- Publication number
- CN113596830B CN113596830B CN202110849858.5A CN202110849858A CN113596830B CN 113596830 B CN113596830 B CN 113596830B CN 202110849858 A CN202110849858 A CN 202110849858A CN 113596830 B CN113596830 B CN 113596830B
- Authority
- CN
- China
- Prior art keywords
- network element
- bsf
- bsf network
- terminal
- candidate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/08—Testing, supervising or monitoring using real traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides a communication method, a communication device, an electronic device, a storage medium and a program product. The method comprises the following steps: the equipment management network element receives an authentication request from a terminal; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and comprises the following steps: the identification of the terminal and the identification of the target service; according to the identification of the target service and the identification of the terminal, whether the terminal has the use authority of the target service is authenticated; if the authentication result represents that the terminal has the use authority of the target service, a candidate BSF network element list with a bootstrap service function is sent to the terminal, wherein the candidate BSF network element list comprises information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: identification of candidate BSF network elements. The method and the device improve the efficiency of the BSF network element for feeding back the key to the terminal.
Description
Technical Field
The present application relates to communication engineering technologies, and in particular, to a communication method, an apparatus, an electronic device, a storage medium, and a program product.
Background
Before a project mark service, such as a Voice over Long-Term Evolution (VoLTE) service or a fifth Generation Mobile Communication Technology message (5 g message) service, is performed, the terminal needs to acquire a key required for data transmission with a target service server. After obtaining the key, the terminal may encrypt data of the target service transmitted between the terminal and the target service server using the key to perform the target service. Specifically, the terminal may obtain the key from a Home Subscriber Server (HSS) through a Bootstrapping Server Function (BSF) in a communication network in which the terminal is located.
Currently, a communication network includes a BSF network element, and the BSF network element is configured to provide keys corresponding to all services of each terminal for all terminals in the communication network. However, the existing communication method has the problem that the efficiency of feeding back the key to the terminal by the BSF network element is low.
Disclosure of Invention
The application provides a communication method, a communication device, an electronic device, a storage medium and a program product, which are used for overcoming the problem of low efficiency of the BSF network element in feeding back a key to a terminal.
In a first aspect, the present application provides a communication method, where the method is applied to a device management network element, and the method includes:
receiving an authentication request from a terminal; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and the authentication and certification request comprises: the identifier of the terminal and the identifier of the target service;
according to the identification of the target service and the identification of the terminal, whether the terminal has the use authority of the target service is authenticated;
if the authentication result represents that the terminal has the use permission of the target service, sending a candidate BSF network element list to the terminal, wherein the candidate BSF network element list comprises information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: and the identification of the candidate BSF network element.
Optionally, the sending the candidate BSF network element list to the terminal includes:
acquiring identifiers of a plurality of initial BSF network elements corresponding to the target service and load information of the plurality of initial BSF network elements from a BSF network element list according to the identifier of the target service; the BSF network element list comprises a mapping relation between services and BSF network elements;
determining candidate BSF network elements from the plurality of initial BSF network elements according to the load information of the plurality of initial BSF network elements;
generating the candidate BSF network element list according to the determined candidate BSF network elements;
and sending the candidate BSF network element list to the terminal.
Optionally, the loads of the candidate BSF network elements are all smaller than a first preset load threshold.
Optionally, the information of the candidate BSF network element further includes: load information of the candidate BSF network elements.
Optionally, the authenticating, according to the identifier of the target service and the identifier of the terminal, whether the terminal has the usage right of the target service includes:
sending an authentication request to a service support system, wherein the authentication request is used for requesting to authenticate the target service of the terminal; the authentication request includes: the identifier of the terminal and the identifier of the target service;
receiving an authentication result returned by the service support system; and the authentication result is used for representing whether the terminal has the use authority of the target service.
Optionally, after the sending the candidate BSF network element list to the terminal, the method further includes:
receiving fault indication information from the terminal; the fault indication information is used for indicating that the connection establishment between the terminal and the first BSF network element fails; the first BSF network element is any one of the candidate BSF network element list, and the fault indication information includes an identifier of the first BSF network element;
determining whether the first BSF network element has a fault;
if the first BSF network element is determined to have a fault, sending information of a second BSF network element to the terminal, and deleting the identifier of the first BSF network element from the BSF network element list; the second BSF network element is any one of the BSF network elements in the BSF network element list except the first BSF network element.
Optionally, the determining whether the first BSF network element has a fault includes:
judging whether the first BSF network element in the BSF network element list has a preset label, wherein the preset label is used for representing whether the first BSF network element has a fault;
if the first BSF network element has the preset label, determining that the first BSF network element has a fault; alternatively, the first and second electrodes may be,
if the first BSF network element does not have the preset label, acquiring a fault detection result of the first BSF network element, and determining whether the first BSF network element has a fault according to the fault detection result.
Optionally, the obtaining a fault detection result of the first BSF network element includes:
determining a fault detection result of the first BSF network element according to the communication connection state between the first BSF network element and the first BSF network element;
and/or the presence of a gas in the gas,
and acquiring a fault detection result of the BSF management network element aiming at the first BSF network element.
Optionally, after determining whether the first BSF network element has a fault according to the fault detection result, the method further includes:
if the first BSF network element is determined to have no fault, adding the preset label to the first BSF network element in the BSF network element list;
detecting whether the first BSF network element has a fault within a preset time length;
if the first BSF network element is detected to be fault-free within the preset time, deleting the preset label of the first BSF network element from the BSF network element list;
or, if it is detected within the preset time that the first BSF network element has a fault, deleting the identifier of the first BSF network element from the BSF network element list.
Optionally, the method further includes:
and updating the BSF network element list according to the service and load information corresponding to each BSF network element in the network.
Optionally, the updating the BSF network element list according to the service and load information corresponding to each BSF network element in the network includes:
and if the newly added BSF network elements exist in the network, determining the services corresponding to the newly added BSF network elements according to the services and the load information corresponding to each BSF network element in the network, and adding the newly added BSF network elements in the BSF network element list.
Optionally, the determining the service corresponding to the newly added BSF network element includes:
for any service in all services corresponding to all BSF network elements in the BSF network element list, acquiring the load of each BSF network element corresponding to the service for the service;
acquiring the average load of each BSF network element corresponding to the service aiming at the service according to the load of each BSF network element corresponding to the service aiming at the service;
and taking the service with the maximum average load as the service corresponding to the newly added BSF network element.
Optionally, the updating the BSF network element list according to the service and load information corresponding to each BSF network element in the network includes:
and regarding any BSF network element in the BSF network element list, if the load of the BSF network element is less than or equal to a second preset load threshold, taking the service with the maximum average load as a second service corresponding to the BSF network element.
Optionally, the updating the BSF network element list according to the service and load information corresponding to each BSF network element in the network includes:
deleting the invalid BSF network elements in the BSF network element list; the invalid BSF network element refers to a BSF network element which cannot establish connection with the equipment management network element.
In a second aspect, the present application provides a communication method, where the method is applied to a terminal, and the method includes:
sending an authentication request to a device management network element; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and the authentication and certification request comprises: the identifier of the terminal and the identifier of the target service;
receiving a candidate BSF network element list returned by the equipment management network element, wherein the candidate BSF network element list comprises information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: the identity of the candidate BSF network element;
sending an authentication request to a target BSF network element according to the identifier of the target BSF network element, wherein the target BSF network element is any one of the candidate BSF network element lists;
receiving a secret key returned by the target BSF network element after the terminal passes the authentication; the secret key is used for encrypting the data of the target service transmitted between the terminal and the target service server.
Optionally, the information of the candidate BSF network element further includes: load information of the candidate BSF network elements;
before the sending an authentication request to the target BSF network element according to the identifier of the target BSF network element, the method further includes:
and determining the target BSF network element according to the load information of the candidate BSF network elements.
Optionally, after receiving the candidate BSF network element list returned by the device management network element, the method further includes:
sending fault indication information to the equipment management network element; the fault indication information is used for indicating that the connection establishment between the terminal and the first BSF network element fails; the first BSF network element is any one of the candidate BSF network element list, and the fault indication information includes an identifier of the first BSF network element.
In a third aspect, the present application provides a communication apparatus, where the apparatus is applied to a device management network element, and the apparatus includes:
the receiving module is used for receiving an authentication request from a terminal; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and the authentication and certification request comprises: the identifier of the terminal and the identifier of the target service;
the processing module is used for authenticating whether the terminal has the use authority of the target service according to the identification of the target service and the identification of the terminal;
a sending module, configured to send a candidate BSF network element list to the terminal when the authentication result indicates that the terminal has the usage right of the target service, where the candidate BSF network element list includes information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: and the identification of the candidate BSF network element.
In a fourth aspect, the present application provides a communication apparatus, which is applied to a terminal, and includes:
a first sending module, configured to send an authentication and authorization request to an equipment management network element; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and the authentication and certification request comprises: the identifier of the terminal and the identifier of the target service;
a first receiving module, configured to receive a candidate BSF network element list of a bootstrapping service function BSF returned by the device management network element, where the candidate BSF network element list includes information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: the identity of the candidate BSF network element;
a second sending module, configured to send an authentication request to a target BSF network element according to an identifier of the target BSF network element, where the target BSF network element is any one of the candidate BSF network element lists;
a second receiving module, configured to receive a key returned by the target BSF network element after the terminal authentication passes; the secret key is used for encrypting the data of the target service transmitted between the terminal and the target service server.
In a fifth aspect, the present application provides a communication system comprising: a device management network element as claimed in any one of the first aspects, a terminal as claimed in any one of the second aspects, and at least two BSF network elements.
In a sixth aspect, the present application provides an electronic device, comprising: at least one processor, memory, receiver, transmitter;
the receiver and the transmitter are both coupled to the processor; the processor controls the receiving action of the receiver, and the processor controls the transmitting action of the transmitter;
the memory stores computer-executable instructions;
the at least one processor executes computer-executable instructions stored by the memory to cause the electronic device to perform the method of any of the first or second aspects.
In a seventh aspect, the present application provides a computer-readable storage medium having stored thereon computer-executable instructions that, when executed by a processor, implement the method of any one of the first or second aspects.
In an eighth aspect, the present application provides a computer program product comprising a computer program that, when executed by a processor, implements the method of any one of the first or second aspects.
According to the communication method, the communication device, the electronic equipment, the storage medium and the program product, the authentication request including the identification of the target service is sent to the equipment management network element through the terminal, and after the authentication on whether the terminal has the use permission of the target service is passed, the equipment management network element can send the candidate BSF network element list to the terminal. And the candidate BSF network elements in the candidate BSF network element list support the target service authentication of the terminal. Then, the terminal may send an authentication request to the target BSF network element based on the identifier of the target BSF network element in the candidate BSF network element list. By the method, the corresponding secret key can be provided for each target service of all terminals in the communication network through the plurality of BSF network elements. That is, a BSF network element may only provide a part of terminals with keys of services that the BSF network element supports authentication. Compared with the prior art that one BSF network element needs to provide keys corresponding to all services for all terminals, the communication method provided by the application reduces the load of the BSF network element, improves the efficiency of the BSF network element feeding the keys back to the terminals, and further improves the efficiency of the terminals in performing target services.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the prior art, the following briefly introduces the drawings needed to be used in the description of the embodiments or the prior art, and obviously, the drawings in the following description are some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without inventive labor.
Fig. 1 is a schematic diagram of a network architecture of a conventional communication system;
fig. 2 is a schematic diagram of a network architecture of a communication system provided in the present application;
fig. 3 is a schematic flow chart of a communication method provided in the present application;
fig. 4 is a flow chart illustrating another communication method provided herein;
fig. 5 is a schematic structural diagram of a communication device 300 provided in the present application;
fig. 6 is a schematic structural diagram of a communication device 400 provided in the present application;
fig. 7 is a schematic structural diagram of an electronic device provided in the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
To make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the present application will be clearly and completely described below with reference to the drawings in the present application, and it is obvious that the described embodiments are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a schematic diagram of a network architecture of a conventional communication system. As shown in fig. 1, the network architecture of the communication system includes: user Equipment (UE), a BSF network element, an HSS, and a service server. Wherein UE is equivalent to the terminal referred to in this application. The terminal is connected with the BSF network element in a wireless mode, and the terminal is connected with the service server in a wireless mode. The BSF network element is connected with the HSS in a wireless or wired mode. The terminals may be fixed or mobile. Fig. 1 is a schematic diagram, and the communication system may further include other network devices, such as a wireless relay device and a wireless backhaul device, which are not shown in fig. 1. In the communication system, the number of BSF network elements is 1, and the number of terminals, service servers, and HSS included in the communication system is not limited in the present application.
Such a terminal can also be referred to as an access terminal, subscriber unit, subscriber station, mobile, remote station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user equipment, among others. The terminal device may also be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device with wireless communication function, a computing device or other processing device connected to a wireless modem, a vehicle device such as a vehicle, a boat, or an airplane, a vehicle-mounted device, a wearable device, a terminal device in a future 5G network, a terminal device in a future evolved Public Land Mobile Network (PLMN), or the like.
The services may be, for example, services in various communication systems. The communication system may be, for example, a Long Term Evolution (LTE) system, a Frequency Division Duplex (FDD) system, a Time Division Duplex (TDD) system, a Universal Mobile Telecommunications System (UMTS), a universal microwave access (WiMAX) communication system, a future generation (5 g) system or a New Radio (NR) system, a Vehicle-to-other device (Vehicle-to-network-X V X), wherein V2X may include a Vehicle-to-Internet (Vehicle-to-network, V2N), vehicle-to-Vehicle (V2V), vehicle-to-infrastructure (V2I), vehicle-to-pedestrian (V2P), etc., long Term Evolution of Vehicle-to-Vehicle (LTE-V), internet of vehicles (Internet of vehicles, ioT), long Term Evolution of Machine-to-Machine (LTE-M), machine-to-Machine (M2M), non-terrestrial (non-terrestrial) communication (NTN) system, which may also be referred to as a satellite communication system, or other communication system that evolves in the future, etc.
Based on the communication system, the terminal can obtain a key required by data transmission with the service server from the BSF network element. Specifically, the terminal may establish a connection with the BSF network element using an Internet Protocol (IP) address of the BSF network element, and may send an authentication request to the BSF network element. After the terminal is authenticated, the BSF network element may obtain the key required by the terminal to perform the service from the HSS, and send the key to the terminal. Accordingly, the terminal may receive the key sent by the BSF network element, and perform data transmission with the service server using the key.
At present, a communication network provided by the above communication system includes a BSF network element, where the BSF network element is configured to provide keys corresponding to all services of each terminal for all terminals in the communication network. However, the existing communication method has the problem that the efficiency of feeding back the key to the terminal by the BSF network element is low.
The inventor finds, through analysis and research, that the reason why the efficiency of feeding back the key from the BSF network element to the terminal is low is that only one BSF network element provides keys corresponding to all services of all terminals for all terminals in the communication network, which easily causes a large load on the BSF network element in the communication network, and further causes the efficiency of feeding back the key from the BSF network element to the terminal to be low.
Therefore, the present application provides a communication method for providing keys corresponding to target services for all terminals in a communication network based on a plurality of BSF network elements. Compared with the prior art that one BSF network element needs to provide keys corresponding to all services for all terminals, the communication method provided by the application reduces the load of a single BSF network element, improves the efficiency of the BSF network element feeding back the keys to the terminals, and further improves the efficiency of the terminals in performing target services.
To facilitate an understanding of the present application, a network architecture to which the present application relates is illustrated and described below. Fig. 2 is a schematic diagram of a network architecture of a communication system according to the present application. As shown in fig. 2, the communication network includes a terminal, a Device Management (DM) network element, an HSS, and at least two BSF network elements (fig. 2 shows only one BSF network element by way of example).
The device management network element is used for allocating a BSF network element in the communication network to the terminal according to the service to be executed by the terminal. After receiving the information of the candidate BSF network element sent by the device management network element, the terminal may connect with the BSF according to the information of the candidate BSF network element, so as to obtain, from the BSF, a key required for data transmission with the target service server.
It should be understood that fig. 2 only illustrates the devices related to the present application in the above-mentioned communication system, and the present application does not limit whether the communication system further includes other devices.
The communication method of the present application is described in detail below with reference to specific embodiments based on a communication network provided by the communication system shown in fig. 2. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. It should be understood that the following description takes the execution subject of the above-described communication method as a terminal, and a device management network element as an example. In specific implementation, the execution subject of the method executed by the terminal described below may be, for example, a chip having a processing function in the terminal. The execution main body of the method executed by the device management network element may also be, for example, a chip having a processing function in the device management network element.
Fig. 3 is a flowchart illustrating a communication method according to the present application. As shown in fig. 3, the method comprises the steps of:
s101, the terminal sends an authentication request to the equipment management network element.
And the authentication request is used for requesting authentication and authorization of the target service of the terminal. Specifically, the authentication request includes the identifier of the terminal and the identifier of the target service. The authentication refers to authenticating whether the terminal has the use authority of the target service.
Illustratively, the identifier of the terminal may be, for example, a unique identification code of the terminal. Or, taking the terminal has the target service usage right as an example, the identifier of the terminal may also be, for example, a user name and a password used by the terminal when the target service is opened. For example, the identifier of the target service may be pre-stored in the terminal. The identity of different target services is different. The terminal may store mapping relationships between a plurality of services and identifiers of the services, for example. The terminal may determine the identifier of the target service corresponding to the target service according to the service triggered by the user (i.e., the target service) and the mapping relationship between the service and the identifier of the service.
Correspondingly, the device management network element may receive the authentication request from the terminal.
S102, the equipment management network element authenticates whether the terminal has the use authority of the target service according to the identification of the target service and the identification of the terminal.
As a possible implementation manner, after receiving the authentication and authorization request, the device management network element may send an authorization request for requesting authorization to the target service of the terminal to a service support system (BSS), for example, and then receive an authorization result returned by the BSS. The authentication request may include an identifier of the terminal and an identifier of the target service. It should be understood that the present application is not limited to how the BSS verifies whether the terminal has the usage right of the target service.
Illustratively, the BSS may store the identities of all terminals having the target service usage right. In this implementation, the BSS may first determine a target service corresponding to the terminal according to the identifier of the target task. And then whether the identifier same as the identifier of the terminal exists in the identifiers of all the terminals with the target service use authority. If the terminal has the usage right of the target task, the BSS may send an authentication result representing that the terminal has the usage right of the target service to the device management network element. If the terminal does not have the use permission of the target task, the BSS may send an authentication result representing that the terminal does not have the use permission of the target service to the device management network element.
As another possible implementation manner, the device management network element may also obtain, for example, the identities of all terminals that have the target service usage right from the BSS. Then, the device management network element may authenticate whether the terminal has the usage right of the target service according to the identifiers of all terminals of the usage right of the target service and the identifier of the terminal, so as to obtain an authentication result.
When the authentication result represents that the terminal has the usage right of the target service, the device management network element executes step S103. When the authentication result represents that the terminal does not have the usage right of the target service, optionally, the device management network element may perform step S106.
S103, the equipment management network element sends a candidate BSF network element list to the terminal.
The candidate BSF network element list includes information of at least one candidate BSF network element. The information of the candidate BSF network element includes an identification of the candidate BSF network element. And each candidate BSF network element supports the target service authentication of the terminal. For example, the identifier of the candidate BSF network element may be a hostname of the candidate BSF network element, or an IP address of the candidate BSF network element.
As a possible implementation manner, the device management network element may first determine, according to the identifier of the target service, a plurality of initial BSF network elements that support authentication of the target service of the terminal from a BSF network element list. And then determining a candidate BSF network element list according to the load information of the initial BSF network elements. Compared with the prior art that one BSF network element needs to provide keys corresponding to all services for the terminal, the initial BSF network element in the implementation manner only needs to provide keys corresponding to the target service for the terminal, so that the load of the BSF network element is reduced, and the efficiency of feeding back the keys from the BSF network element to the terminal is improved. In addition, in the implementation manner, according to the load information of the initial BSF network element, the initial BSF network element with a smaller load can be used as a candidate BSF network element, thereby further improving the efficiency of the BSF network element feeding back the key to the terminal.
In specific implementation, the device management network element may first obtain, from the BSF network element list, identifiers of a plurality of initial BSF network elements corresponding to the target service and load information of the plurality of initial BSF network elements, based on the identifier of the target service. The identifier of each BSF network element in the BSF network element list may be pre-stored in the device management network element by the user. The device management network element may update the load information of each BSF network element in the BSF network element list according to a preset frequency. For example, the device management network element may obtain load information corresponding to each BSF network element from each BSF network element.
The BSF network element list includes a mapping relationship between the service and the BSF network element. The device management network element may determine, from the BSF network element list, a plurality of initial BSF network elements corresponding to the target service according to the identifier of the target service and the mapping relationship between the service and the BSF network element.
For example, the mapping relationship between the service and the BSF network element may be as shown in table 1 below:
TABLE 1
| Business | BSF network element |
| Service 1 | BSF network element 1 |
| Service 1 | BSF network element 2 |
| Service 1 | BSF network element 3 |
| Service 2 | BSF network element 4 |
| Service 2 | BSF network element 5 |
As shown in table 1, assuming that the target service is service 1, the initial BSF network elements corresponding to the target service are BSF network element 1, BSF network element 2, and BSF network element 3, respectively.
After determining the initial BSF network elements corresponding to the target service, the device management network element may obtain the identifiers of the initial BSF network elements and the load information of the initial BSF network elements from the BSF network element list.
Then, the device management network element may determine candidate BSF network elements from the plurality of initial BSF network elements according to the load information of the plurality of initial BSF network elements. Optionally, the device management network element may, for example, use an initial BSF network element whose load information is smaller than the first preset load threshold as the candidate BSF network element. The first preset load threshold may be, for example, pre-stored in the device management network element by the user. Or, the device management network element may further use, as the candidate BSF network element, the BSF network element with the minimum load information in the multiple initial BSF network elements.
After determining the candidate BSF network elements, the device management network element may generate a candidate BSF network element list according to the determined candidate BSF network elements. Specifically, the device management network element may add the identifier of each candidate BSF network element to the candidate BSF network element list. The device management network element may then send the list of candidate BSF network elements to the terminal.
As another possible implementation manner, the information of the candidate BSF network elements may further include load information of the candidate BSF network elements, so that the terminal may determine the target BSF network element according to the load information of each candidate BSF network element.
Accordingly, the terminal may receive the candidate BSF network element list returned by the device management network element.
And S104, the terminal sends an authentication request to the target BSF network element according to the identification of the target BSF network element.
The target BSF network element is any one of the candidate BSF network element lists. The authentication request refers to a Generic Bootstrapping Architecture (GBA) authentication request.
If the candidate BSF network element list only includes the identifier of one candidate BSF network element, the terminal may use the candidate BSF network element as the target BSF network element. If the candidate BSF network element list includes the identifiers of the candidate BSF network elements, optionally, the terminal may determine the target BSF network element according to the load information of the candidate BSF network elements. Specifically, the terminal may use the candidate BSF network element with the smallest load as the target BSF network element.
If the identifier of the target BSF network element is the host Name of the target BSF network element, optionally, the terminal may send the identifier of the target BSF network element to a Domain Name System (DNS) after acquiring the identifier of the target BSF network element, so as to acquire the IP address of the target BSF network element from the DNS. The terminal may then send an authentication request to the target BSF network element using the IP address of the target BSF network element.
If the identification of the target BSF network element is the IP address of the target BSF network element, the terminal can directly use the IP address of the target BSF network element to send an authentication request to the target BSF network element.
And S105, the terminal receives the key returned by the target BSF network element after the terminal passes the authentication.
The key is used for encrypting data of the target service transmitted between the terminal and the target service server.
It should be understood that the present application does not limit how the target BSF network element authenticates the terminal. As mentioned above, after receiving the authentication request sent by the terminal, the target BSF network element may obtain the key from the HSS network element and then send the key to the terminal.
S106, the equipment management network element sends indication information for indicating that the terminal does not have the use authority of the target service to the terminal.
Accordingly, the terminal may receive the indication information indicating that the terminal does not have the usage right of the target service. Then, the terminal may output the indication information to remind the user that the usage right of the target service is temporarily not opened. Illustratively, the terminal may output the above-mentioned indication information to a display device of the terminal, for example.
In this embodiment, the terminal sends an authentication request including an identifier of the target service to the device management network element, and after the authentication on whether the terminal has the usage right of the target service is passed, the device management network element may send a candidate BSF network element list to the terminal. And the candidate BSF network elements in the candidate BSF network element list support the target service authentication of the terminal. Then, the terminal may send an authentication request to the target BSF network element based on the identifier of the target BSF network element in the candidate BSF network element list. By the method, the corresponding secret key can be provided for each target service of all terminals in the communication network through the plurality of BSF network elements. That is, a BSF network element may only provide a part of terminals with keys of services that the BSF network element supports authentication. Compared with the prior art that one BSF network element needs to provide keys corresponding to all services for all terminals, the communication method provided by the application reduces the load of the BSF network element, improves the efficiency of the BSF network element feeding the keys back to the terminals, and further improves the efficiency of the terminals in performing target services.
As a possible implementation manner, after receiving the candidate BSF network element list returned by the device management network element, the terminal may further determine whether the first BSF network element fails, so as to ensure that the terminal and the BSF network element are successfully connected, thereby ensuring the efficiency of the terminal obtaining the secret key. The first BSF network element may be any one BSF network element in the candidate BSF network element list. The failure refers to a failure of establishing a connection between the terminal and the first BSF network element.
If the terminal determines that the first BSF network element has a fault, the terminal may send fault indication information for indicating that the connection between the terminal and the first BSF network element is failed to the device management network element, so as to notify the device management network element that the first BSF network element may have a fault. Wherein, the failure indication information includes the identifier of the first BSF network element. If the terminal determines that the first BSF network element has not failed, optionally, the terminal may send an authentication request to the first BSF network element according to the identifier of the first BSF.
Accordingly, the device management network element may receive the fault indication information from the terminal. Fig. 4 is a flowchart illustrating another communication method provided in the present application. As shown in fig. 4, the method comprises the steps of:
s201, the equipment management network element receives fault indication information from a terminal.
S202, the device management network element determines whether the first BSF network element has a fault.
As a first possible implementation manner, the device management network element may first determine whether the first BSF network element in the BSF network element list has a preset tag for representing that the first BSF network element has a fault. If the preset label exists in the first BSF network element, the device management network element determines that the first BSF network element has a fault, so as to improve the efficiency of judging whether the first BSF network element has the fault. If the preset tag does not exist in the first BSF network element, the device management network element may obtain a fault detection result of the first BSF network element, and determine whether the first BSF network element has a fault according to the fault detection result, so as to improve accuracy of determining whether the first BSF network element has a fault.
It should be understood that the form of the preset label is not limited in the present application. Illustratively, the preset tag may be, for example, a number or a letter.
How to obtain the fault detection result of the first BSF network element is described in detail below:
optionally, the device management network element may determine the fault detection result of the first BSF network element according to the communication connection state between the device management network element and the first BSF network element. In this implementation, if the time taken for the device management network element to establish the connection with the first BSF network element is greater than the preset time threshold, which indicates that the device management network element fails to establish the connection with the first BSF network element, the device management network element may determine that the fault detection result indicates that the first BSF network element has a fault. If the time taken for the device management network element to establish the connection with the first BSF network element is less than or equal to the preset time threshold, which indicates that the device management network element and the first BSF network element establish the connection successfully, the device management network element may determine that the fault detection result indicates that the first BSF network element has no fault.
Or, the device management network element may further obtain a fault detection result of the BSF management network element for the first BSF network element. In this implementation, the device management network element may send a fault detection request of the first BSF network element to the BSF management network element. And then acquiring a fault detection result of the BSF management network element aiming at the first BSF network element.
Or, the device management network element may further determine the fault detection result of the first BSF network element according to the communication connection state between the device management network element and the first BSF network element and the fault detection result of the BSF management network element for the first BSF network element. In this implementation, if the time taken for the device management network element to establish the connection with the first BSF network element is greater than the preset time threshold, or the BSF management network element represents that the first BSF network element has a fault with respect to the fault detection result of the first BSF network element, the device management network element may determine that the fault detection result of the first BSF network element is that the first BSF network element has a fault. If the time taken for the device management network element to establish the connection with the first BSF network element is less than or equal to the preset time threshold, and the fault detection result of the BSF management network element for the first BSF network element indicates that no fault exists in the first BSF network element, the device management network element may determine that the fault detection result of the first BSF network element is that no fault exists in the first BSF network element.
As a second possible implementation manner, the device management network element may also directly obtain a fault detection result of the first BSF network element, and determine whether the first BSF network element has a fault according to the fault detection result. In this implementation manner, for example, the method for the device management network element to obtain the fault detection result may refer to the method described in the foregoing embodiment, and details are not described here again.
If it is determined that the first BSF network element has a fault, step S203 is executed. If it is determined that the first BSF network element does not have a fault, optionally, the device management network element may perform step S204.
S203, the device management network element sends the information of the second BSF network element to the terminal, and deletes the identifier of the first BSF network element from the BSF network element list.
The second BSF network element is any BSF network element except the first BSF network element in the BSF network element list. By immediately sending the information of the second BSF network element to the terminal after the first BSF network element is determined to have the fault, the efficiency of the terminal for acquiring the target BSF network element is ensured. By deleting the identifier of the first BSF network element from the BSF network element list, the equipment management network element does not take the first BSF network element as a candidate BSF network element any more, so that the accuracy of the equipment management network element for subsequently determining the candidate BSF network element corresponding to the service is ensured, and the efficiency of each terminal for performing the target service is ensured.
And S204, the equipment management network element adds a preset label to the first BSF network element in the BSF network element list.
After performing this step S204, the device management network element may perform the following step S205 to perform further fault detection on the BSF network element having the preset label.
S205, the device management network element further detects whether the first BSF network element has a fault within a preset time period.
The preset duration may be pre-stored in the device management network element by the user.
It should be understood that, in the present application, there is no limitation on how the device management network element detects whether there is a fault in the first BSF network element within a preset time period. In a specific implementation, for example, the method for acquiring the fault detection result of the first BSF network element by the device management network element described in the foregoing embodiment may be referred to, and details are not described herein again.
If it is detected that the first BSF network element has no fault within the preset time period, which indicates that the reason for the connection failure between the terminal and the first BSF network element may be that the terminal has a fault, the device management network element may perform step S206. If it is detected that the first BSF network element has a fault within the preset time, the device management network element may execute step S207.
S206, the device management network element deletes the preset label of the first BSF network element from the BSF network element list.
Optionally, after determining that the first BSF network element has no fault, the device management network element may further send the information of the first BSF network element to the terminal again. By sending the information of the first BSF network element to the terminal, the time for the equipment management network element to reconfirm the new BSF network element is saved, and the efficiency for the terminal to acquire the target service is improved.
S207, the device management network element deletes the identifier of the first BSF network element from the BSF network element list.
By deleting the identifier of the first BSF network element from the BSF network element list, the equipment management network element does not take the first BSF network element as a candidate BSF network element any more, so that the accuracy of the equipment management network element for subsequently determining the candidate BSF network element corresponding to the service is ensured, and the efficiency of each terminal for performing the target service is ensured.
Optionally, if it is detected that the first BSF network element has a fault within the preset time, the device management network element may further send fault alarm information including an identifier of the first BSF network element to the BSF management network element.
As a possible implementation manner, the device management network element may further update the BSF network element list according to the service and load information corresponding to each BSF network element in the network, so as to improve the accuracy of determining the candidate BSF network element list by the device management network element, and further improve the efficiency of performing the target service by the terminal according to the candidate BSF network element list. How to update the BSF network element list according to the service and load information corresponding to each BSF network element in the network is provided for the device management network element, and several possible implementation manners are provided below for the present application.
In a first possible implementation manner, the device management network element may determine whether a newly added BSF network element exists in the network. For example, the device management network element may obtain a result of whether there is a newly added BSF network element in the network from the BSF management network element.
If a newly added BSF network element exists in the network, the device management network element may determine a service corresponding to the newly added BSF network element according to the service and load information corresponding to each BSF network element in the network, and add the newly added BSF network element in the BSF network element list. Specifically, the identification information of the newly added BSF network element may be added to the BSF network element list. Two possible implementation manners provided by the present application are as follows for how to determine the service corresponding to the newly added BSF network element:
optionally, for any service in all services corresponding to all BSF network elements in the BSF network element list, the device management network element may obtain a load of each BSF network element corresponding to the service for the service. And then, according to the load of each BSF network element corresponding to the service for the service, acquiring the average load of each BSF network element corresponding to the service for the service. And finally, the service with the maximum average load is used as the service corresponding to the newly added BSF network element, so that the efficiency of determining the candidate BSF network element list for the service with the maximum average load is improved.
For example, taking the service 1 in the foregoing table 1 as an example, the BSF network elements corresponding to the service 1 are BSF network element 1, BSF network element 2, and BSF network element 3. The load of each network element may be as shown in table 2 below, for example:
TABLE 2
| BSF network element | Load(s) |
| BSF network element 1 | 40% |
| BSF network element 2 | 50% |
| BSF network element 3 | 60% |
According to the load of each BSF network element corresponding to the service 1 shown in table 2, it can be determined that the average load of each BSF network element corresponding to the service 1 for the service 1 is (40% +50% + 60%)/3 =50%. Suppose there are service 2 and service 3 in the BSF network element list, and the average load of service 2 is 30% and the average load of service 3 is 33%. That is to say, the service with the largest average load in the BSF network element list is service 1, so the device management network element may use the service 1 as the service corresponding to the newly added BSF network element.
Or, for example, the device management network element may further use, as the service corresponding to the newly added BSF network element, the service corresponding to the BSF network element with the largest load in each BSF network element.
In a second possible implementation manner, for any BSF network element in the BSF network element list, if the load of the BSF network element is less than or equal to the second preset load threshold, it is indicated that the BSF network element has more residual computing resources, and can also bear more computing load and maintain higher computing efficiency. The device management network element may also set a second service for the BSF network element, so that the BSF network element may authenticate the second service of the terminal, thereby improving the efficiency of the terminal in executing the second service.
In a specific implementation, the device management network element may use the service with the largest average load as the second service corresponding to the BSF network element. Or, the device management network element may further use, as the second service corresponding to the BSF network element, the service occupying the largest load and corresponding to the BSF network element whose load is greater than or equal to the third preset load threshold. And the second preset load threshold is smaller than the third preset load threshold. The second preset load threshold and the third preset load threshold may be pre-stored in the device management network element by the user.
In a third possible implementation manner, the device management network element may further periodically detect whether a BSF network element that fails exists in the BSF network element list. The invalid BSF network element refers to a BSF network element that cannot establish a connection with the device management network element. For the invalid BSF network element, the device management network element may delete the invalid BSF network element from the BSF network element list, so as to improve the accuracy of the device management network element in determining the candidate BSF network element list, thereby improving the efficiency of the terminal in performing the target service.
Based on the foregoing embodiments, the following takes an example in which 3 BSF network elements are deployed in a network, and an exemplary description is provided for a technical solution of the present application. For example, each BSF network element supports authenticated services, load information corresponding to each service, time (delay) required for connecting to each BSF network element, and whether each BSF network element has a preset tag, for example, as shown in table 3 below:
TABLE 3
Taking the target service as the VoLTE service (for example, the terminal may set the VoLTE supplementary service), the terminal first sends an authentication request to the device management network element. The authentication and authorization request comprises the identification of the VoLTE service. And the equipment management network element acquires an authentication result for authenticating whether the terminal has the use authority of the VoLTE service from the BSS system according to the identification of the VoLTE service.
After the device management network element determines that the terminal has the use permission of the VoLTE service, a candidate BSF network element list corresponding to the VoLTE service may be determined. As shown in table 3, BSF network element 1, BSF network element 2, and BSF network element 3 both support authentication VoLTE service. The BSF network element corresponding to the VoLTE service with the minimum load is BSF network element 3. The BSF network element 3 may be used as a target BSF network element corresponding to the VoLTE service.
Taking the target service as a 5G Message service (for example, the target service may be the transmission of a file in a 5G Message), the terminal first sends an authentication and authentication request to the device management network element. The authentication request includes an identification of the 5G Message service. And the equipment management network element acquires an authentication result for authenticating whether the terminal has the use authority of the 5G Message service from the BSS system according to the identifier of the 5G Message service.
After the device management network element determines that the terminal has the usage right of the 5G Message service, a candidate BSF network element list corresponding to the 5G Message service may be determined. As shown in table 3, BSF network element 2 and BSF network element 3 support authentication 5G Message service. The BSF network element corresponding to the 5G Message service with the smallest load is BSF network element 2. The BSF network element 2 may be used as a target BSF network element corresponding to the 5G Message service.
Further, still taking the target service as the VoLTE service as an example, assuming that the preset time threshold is 1ms, the BSF network element 3 has a fault, and the BSF network element 1 and the BSF network element 2 have no fault. That is, there is a case where the terminal fails to connect with the BSF network element 3. The terminal may send to the device management network element fault indication information including the identity of the BSF network element 3.
After receiving the indication information indicating that the BSF network element 3 has the fault, the device management network element may determine whether the BSF network element 3 has the preset tag. As shown in table 3, the BSF network element 3 does not have a preset label. The device management network element may determine whether the BSF network element 3 has a failure according to the first detection result of the communication connection with the BSF network element 3. And if the BSF network element 3 is determined to have a fault according to the first detection result, the equipment management network element sends the information of the BSF network element 1 or the BSF network element 2 to the terminal. If the BSF network element 3 has no fault, the device management network element may add a preset tag to the BSF network element 3.
And then further detecting whether the BSF network element 3 has a fault within 10 minutes for the BSF network element 3. If it is detected within 10 minutes that the BSF network element 3 is not faulty, the device management network element may delete the preset tag of the BSF network element 3 from the BSF network element list. If it is detected within 10 minutes that the BSF network element 3 has a fault, the device management network element may delete the BSF network element 3 from the BSF network element list, and send fault alarm information including the identifier of the BSF network element 3 to the BSF management network element.
Fig. 5 is a schematic structural diagram of a communication device 300 according to the present application. The apparatus 300 is applied to a device management network element. As shown in fig. 5, the apparatus includes: a receiving module 301, a processing module 302, and a sending module 303.
A receiving module 301, configured to receive an authentication and authorization request from a terminal. Wherein, the authentication request is used to request authentication of the target service of the terminal, and the authentication request includes: the identification of the terminal and the identification of the target service.
A processing module 302, configured to authenticate whether the terminal has the usage right of the target service according to the identifier of the target service and the identifier of the terminal.
A sending module 303, configured to send a candidate BSF network element list to the terminal when the authentication result indicates that the terminal has the usage right of the target service. Wherein the candidate BSF network element list comprises information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: and the identification of the candidate BSF network element.
Optionally, the sending module 303 is specifically configured to obtain, from a BSF network element list, identifiers of a plurality of initial BSF network elements corresponding to the target service and load information of the plurality of initial BSF network elements according to the identifier of the target service; determining candidate BSF network elements from the plurality of initial BSF network elements according to the load information of the plurality of initial BSF network elements; generating the candidate BSF network element list according to the determined candidate BSF network elements; and sending the candidate BSF network element list to the terminal. The BSF network element list includes a mapping relationship between services and BSF network elements.
Optionally, the loads of the candidate BSF network elements are all smaller than a first preset load threshold.
Optionally, the information of the candidate BSF network element further includes: load information of the candidate BSF network element.
Optionally, the processing module 302 is specifically configured to send an authentication request to the service support system; receiving an authentication result returned by the service support system; and the authentication result is used for representing whether the terminal has the use authority of the target service. The authentication request is used for requesting the authentication of the target service of the terminal; the authentication request includes: the identifier of the terminal and the identifier of the target service;
optionally, the receiving module 301 is further configured to receive the fault indication information from the terminal after sending the candidate BSF network element list to the terminal. In this implementation, the processing module 302 is further configured to determine whether the first BSF network element has a failure. The sending module 303 is further configured to send information of a second BSF network element to the terminal when it is determined that the first BSF network element has a fault, and delete the identifier of the first BSF network element from the BSF network element list. The fault indication information is used for indicating that the connection establishment between the terminal and the first BSF network element fails; the first BSF network element is any one of the candidate BSF network element list, and the fault indication information includes an identifier of the first BSF network element; the second BSF network element is any one of the BSF network elements in the BSF network element list except the first BSF network element.
Optionally, the processing module 302 is specifically configured to determine whether the first BSF network element in the BSF network element list has a preset tag, where the preset tag is used to represent whether the first BSF network element has a fault; when the first BSF network element has the preset label, determining that the first BSF network element has a fault; or when the first BSF network element does not have the preset tag, obtaining a fault detection result of the first BSF network element, and determining whether the first BSF network element has a fault according to the fault detection result.
Optionally, the processing module 302 is specifically configured to determine a fault detection result of the first BSF network element according to a communication connection state between the first BSF network element and the first BSF network element; and/or acquiring a fault detection result of the BSF management network element aiming at the first BSF network element.
Optionally, the processing module 302 is further configured to, after determining whether the first BSF network element has a fault according to the fault detection result, add the preset tag to the first BSF network element in the BSF network element list when determining that the first BSF network element has no fault; detecting whether the first BSF network element has a fault within a preset time length; when detecting that the first BSF network element has no fault within the preset time, deleting the preset label of the first BSF network element from the BSF network element list; or, when it is detected that the first BSF network element has a fault within the preset time, deleting the identifier of the first BSF network element from the BSF network element list.
Optionally, the apparatus 300 may further include an updating module 304, configured to update the BSF network element list according to the service and load information corresponding to each BSF network element in the network.
Optionally, the updating module 304 is specifically configured to, when a newly added BSF network element exists in the network, determine a service corresponding to the newly added BSF network element according to the service and the load information corresponding to each BSF network element in the network, and add the newly added BSF network element to the BSF network element list.
Optionally, the updating module 304 is specifically configured to, for any service of all services corresponding to all BSF network elements in the BSF network element list, obtain a load of each BSF network element corresponding to the service for the service; acquiring the average load of each BSF network element corresponding to the service aiming at the service according to the load of each BSF network element corresponding to the service aiming at the service; and taking the service with the maximum average load as the service corresponding to the newly added BSF network element.
Optionally, the updating module 304 is specifically configured to, for any BSF network element in the BSF network element list, if the load of the BSF network element is less than or equal to a second preset load threshold, use the service with the largest average load as the second service corresponding to the BSF network element.
Optionally, the updating module 304 is specifically configured to delete the failed BSF network element in the BSF network element list. And the invalid BSF network element refers to a BSF network element which cannot establish connection with the equipment management network element.
The communication apparatus 300 provided in this embodiment is configured to execute the communication method embodiment executed by the device management network element, and the implementation principle and the technical effect are similar, which are not described again.
Fig. 6 is a schematic structural diagram of a communication device 400 provided in the present application. The device is applied to the terminal. As shown in fig. 6, the apparatus includes: a first sending module 401, a first receiving module 402, a second sending module 403, and a second receiving module 404. Wherein the content of the first and second substances,
a first sending module 401, configured to send an authentication and authorization request to a device management network element. Wherein, the authentication request is used to request authentication of the target service of the terminal, and the authentication request includes: the identification of the terminal and the identification of the target service.
A first receiving module 402, configured to receive a candidate BSF network element list returned by the device management network element. Wherein the candidate BSF network element list comprises information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: and the identification of the candidate BSF network element.
A second sending module 403, configured to send an authentication request to a target BSF network element according to the identifier of the target BSF network element. Wherein the target BSF network element is any one of the candidate BSF network element lists.
A second receiving module 404, configured to receive a key returned by the target BSF network element after the terminal authentication passes. The secret key is used for encrypting data of the target service transmitted between the terminal and the target service server.
Optionally, the information of the candidate BSF network element further includes: load information of the candidate BSF network element. In this implementation, the communication apparatus 400 may further include a processing module 405, configured to determine the target BSF network element according to the load information of the candidate BSF network element before sending the authentication request to the target BSF network element according to the identifier of the target BSF network element.
Optionally, the second sending module 403 is further configured to send fault indication information to the device management network element after receiving the candidate BSF network element list returned by the device management network element. The fault indication information is used for indicating that the connection establishment between the terminal and the first BSF network element fails; the first BSF network element is any one of the candidate BSF network element list, and the fault indication information includes an identifier of the first BSF network element.
The communication apparatus 400 provided in this embodiment is configured to implement the communication method embodiment executed by the terminal, and the implementation principle and the technical effect are similar, which are not described again.
Fig. 7 is a schematic structural diagram of an electronic device provided in the present application. The electronic device may be, for example, the device management network element or the terminal described above. As shown in fig. 7, the electronic device 500 may include: a receiver 5011, a transmitter 5012, at least one processor 501, and memory 502.
The receiver 5011 and the transmitter 5012 are both coupled to the processor 501. The processor 501 controls the receiving action of the receiver 5011 and controls the transmitting action of the transmitter 5012.
The memory 502 is used for storing programs. In particular, the program may include program code including computer operating instructions.
Memory 502 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 501 is configured to execute computer-executable instructions stored in the memory 502 to implement the communication methods described in the foregoing method embodiments. The processor 501 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement the embodiments of the present Application.
Optionally, the electronic device 500 may further include a communication interface 503. In a specific implementation, if the communication interface 503, the memory 502 and the processor 501 are implemented independently, the communication interface 503, the memory 502 and the processor 501 may be connected to each other through a bus and perform communication with each other. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. Buses may be classified as address buses, data buses, control buses, etc., but do not represent only one bus or type of bus.
Optionally, in a specific implementation, if the communication interface 503, the memory 502, and the processor 501 are integrated into a chip, the communication interface 503, the memory 502, and the processor 501 may complete communication through an internal interface.
The present application also provides a computer-readable storage medium, which may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and in particular, the computer-readable storage medium stores program instructions, and the program instructions are used in the method in the foregoing embodiments.
The present application also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the electronic device may read the execution instructions from the readable storage medium, and the execution of the execution instructions by the at least one processor causes the electronic device to implement the communication method provided by the various embodiments described above.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (19)
1. A communication method, applied to a device management network element, the method comprising:
receiving an authentication request from a terminal; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and the authentication and certification request comprises: the identifier of the terminal and the identifier of the target service;
according to the identification of the target service and the identification of the terminal, whether the terminal has the use authority of the target service is authenticated;
if the authentication result represents that the terminal has the use authority of the target service, a candidate BSF network element list with a Bootstrapping Service Function (BSF) is sent to the terminal, wherein the candidate BSF network element list comprises information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: the identity of the candidate BSF network element;
after the sending of the candidate BSF network element list to the terminal, the method further includes:
receiving fault indication information from the terminal; the fault indication information is used for indicating that the connection establishment between the terminal and the first BSF network element fails; the first BSF network element is any one of the candidate BSF network element list, and the fault indication information includes an identifier of the first BSF network element; determining whether the first BSF network element has a fault; if the first BSF network element is determined to have a fault, sending information of a second BSF network element to the terminal, and deleting the identifier of the first BSF network element from the BSF network element list; the second BSF network element is any one of the BSF network elements in the BSF network element list except the first BSF network element;
the determining whether the first BSF network element has a failure includes:
judging whether the first BSF network element in the BSF network element list has a preset label, wherein the preset label is used for representing whether the first BSF network element has a fault; if the first BSF network element has the preset label, determining that the first BSF network element has a fault; or, if the first BSF network element does not have the preset tag, obtaining a fault detection result of the first BSF network element, and determining whether the first BSF network element has a fault according to the fault detection result.
2. The method of claim 1, wherein the sending the terminal a list of candidate BSF network elements comprises:
acquiring identifiers of a plurality of initial BSF network elements corresponding to the target service and load information of the plurality of initial BSF network elements from a BSF network element list according to the identifier of the target service; the BSF network element list comprises a mapping relation between services and BSF network elements;
determining candidate BSF network elements from the plurality of initial BSF network elements according to the load information of the plurality of initial BSF network elements;
generating the candidate BSF network element list according to the determined candidate BSF network elements;
and sending the candidate BSF network element list to the terminal.
3. The method of claim 2, wherein the loads of the candidate BSF network elements are all less than a first preset load threshold.
4. The method according to any of claims 1-3, wherein the information of the candidate BSF network element further comprises: load information of the candidate BSF network element.
5. The method according to any one of claims 1 to 3, wherein the authenticating whether the terminal has the usage right of the target service according to the identifier of the target service and the identifier of the terminal comprises:
sending an authentication request to a service support system, wherein the authentication request is used for requesting to authenticate the target service of the terminal; the authentication request includes: the identifier of the terminal and the identifier of the target service;
receiving an authentication result returned by the service support system; and the authentication result is used for representing whether the terminal has the use authority of the target service.
6. The method of claim 1, wherein the obtaining the fault detection result of the first BSF network element comprises:
determining a fault detection result of the first BSF network element according to the communication connection state between the first BSF network element and the first BSF network element;
and/or the presence of a gas in the gas,
and acquiring a fault detection result of the BSF management network element aiming at the first BSF network element.
7. The method of claim 1, wherein after determining whether the first BSF network element has a failure according to the failure detection result, the method further comprises:
if the first BSF network element is determined to have no fault, adding the preset label to the first BSF network element in the BSF network element list;
detecting whether the first BSF network element has a fault within a preset time length;
if the first BSF network element is detected to be fault-free within the preset time, deleting the preset label of the first BSF network element from the BSF network element list;
or, if it is detected within the preset time that the first BSF network element has a fault, deleting the identifier of the first BSF network element from the BSF network element list.
8. The method according to any one of claims 1-3, further comprising:
and updating the BSF network element list according to the service and load information corresponding to each BSF network element in the network.
9. The method of claim 8, wherein the updating the BSF network element list according to the service and load information corresponding to each BSF network element in the network comprises:
and if the newly added BSF network elements exist in the network, determining the services corresponding to the newly added BSF network elements according to the services and the load information corresponding to each BSF network element in the network, and adding the newly added BSF network elements in the BSF network element list.
10. The method of claim 9, wherein the determining the service corresponding to the newly added BSF network element includes:
for any service in all services corresponding to all BSF network elements in the BSF network element list, acquiring the load of each BSF network element corresponding to the service for the service;
acquiring the average load of each BSF network element corresponding to the service aiming at the service according to the load of each BSF network element corresponding to the service aiming at the service;
and taking the service with the maximum average load as the service corresponding to the newly added BSF network element.
11. The method of claim 8, wherein the updating the BSF network element list according to the service and load information corresponding to each BSF network element in the network comprises:
and regarding any BSF network element in the BSF network element list, if the load of the BSF network element is less than or equal to a second preset load threshold, taking the service with the maximum average load as a second service corresponding to the BSF network element.
12. The method of claim 8, wherein the updating the BSF network element list according to the service and load information corresponding to each BSF network element in the network comprises:
deleting the invalid BSF network elements in the BSF network element list; the invalid BSF network element refers to a BSF network element which cannot establish connection with the equipment management network element.
13. A communication method, applied to a terminal, the method comprising:
sending an authentication request to a device management network element; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and the authentication and certification request comprises: the identifier of the terminal and the identifier of the target service;
receiving a candidate BSF network element list returned by the equipment management network element, wherein the candidate BSF network element list comprises information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: the identity of the candidate BSF network element;
sending an authentication request to a target BSF network element according to the identifier of the target BSF network element, wherein the target BSF network element is any one of the candidate BSF network element lists;
receiving a secret key returned by the target BSF network element after the terminal passes the authentication; the secret key is used for encrypting data of the target service transmitted between the terminal and the target service server;
after the receiving the candidate BSF network element list returned by the device management network element, the method further includes:
sending fault indication information to the equipment management network element; the fault indication information is used for indicating that the connection establishment between the terminal and the first BSF network element fails; the first BSF network element is any one of the candidate BSF network element list, and the fault indication information includes an identifier of the first BSF network element, so that the device management network element determines whether the first BSF network element has a fault.
14. The method of claim 13, wherein the information of the candidate BSF network element further comprises: load information of the candidate BSF network elements;
before the sending an authentication request to the target BSF network element according to the identifier of the target BSF network element, the method further includes:
and determining the target BSF network element according to the load information of the candidate BSF network elements.
15. A communication apparatus, wherein the apparatus is applied to a device management network element, and the apparatus comprises:
the receiving module is used for receiving an authentication request from a terminal; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and the authentication and certification request comprises: the identifier of the terminal and the identifier of the target service;
the processing module is used for authenticating whether the terminal has the use authority of the target service according to the identification of the target service and the identification of the terminal;
a sending module, configured to send a candidate BSF network element list to the terminal when the authentication result indicates that the terminal has the usage right of the target service, where the candidate BSF network element list includes information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: the identity of the candidate BSF network element;
the receiving module is further configured to receive fault indication information from the terminal; the fault indication information is used for indicating that the connection establishment between the terminal and the first BSF network element fails; the first BSF network element is any one of the candidate BSF network element list, and the fault indication information includes an identifier of the first BSF network element; determining whether the first BSF network element has a fault; if the first BSF network element is determined to have a fault, sending information of a second BSF network element to the terminal, and deleting the identifier of the first BSF network element from the BSF network element list; the second BSF network element is any one of the BSF network elements in the BSF network element list except the first BSF network element;
the processing module is specifically configured to determine whether the first BSF network element in the BSF network element list has a preset tag, where the preset tag is used to represent whether the first BSF network element has a fault; if the first BSF network element has the preset label, determining that the first BSF network element has a fault; or, if the first BSF network element does not have the preset tag, obtaining a fault detection result of the first BSF network element, and determining whether the first BSF network element has a fault according to the fault detection result.
16. A communication apparatus, wherein the apparatus is applied to a terminal, the apparatus comprising:
the first sending module is used for sending an authentication request to the equipment management network element; the authentication and certification request is used for requesting authentication and certification of the target service of the terminal, and the authentication and certification request comprises: the identifier of the terminal and the identifier of the target service;
a first receiving module, configured to receive a candidate BSF network element list of a bootstrapping service function BSF returned by the device management network element, where the candidate BSF network element list includes information of at least one candidate BSF network element; each candidate BSF network element supports the target service authentication of the terminal; the information of the candidate BSF network element includes: the identity of the candidate BSF network element;
a second sending module, configured to send an authentication request to a target BSF network element according to an identifier of the target BSF network element, where the target BSF network element is any one of the candidate BSF network element lists;
a second receiving module, configured to receive a key returned by the target BSF network element after the terminal authentication passes; the secret key is used for encrypting data of the target service transmitted between the terminal and the target service server;
the second sending module is further configured to send fault indication information to the device management network element after receiving the candidate BSF network element list returned by the device management network element; the fault indication information is used for indicating that the connection establishment between the terminal and the first BSF network element fails; the first BSF network element is any one of the candidate BSF network element list, and the fault indication information includes an identifier of the first BSF network element, so that the device management network element determines whether the first BSF network element has a fault.
17. A communication system, comprising: a device management network element capable of performing the method of any one of claims 1-12, a terminal capable of performing the method of any one of claims 13-14, and at least two BSF network elements.
18. An electronic device, comprising: at least one processor, memory, receiver, transmitter;
the receiver and the transmitter are both coupled to the processor; the processor controls the receiving action of the receiver, and the processor controls the transmitting action of the transmitter;
the memory stores computer-executable instructions;
the at least one processor executing the computer-executable instructions stored by the memory causes the electronic device to perform the method of any of claims 1-14.
19. A computer-readable storage medium having computer-executable instructions stored thereon which, when executed by a processor, implement the method of any one of claims 1-14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110849858.5A CN113596830B (en) | 2021-07-27 | 2021-07-27 | Communication method, communication apparatus, electronic device, storage medium, and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110849858.5A CN113596830B (en) | 2021-07-27 | 2021-07-27 | Communication method, communication apparatus, electronic device, storage medium, and program product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113596830A CN113596830A (en) | 2021-11-02 |
| CN113596830B true CN113596830B (en) | 2023-03-24 |
Family
ID=78250292
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110849858.5A Active CN113596830B (en) | 2021-07-27 | 2021-07-27 | Communication method, communication apparatus, electronic device, storage medium, and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113596830B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039311A (en) * | 2006-03-16 | 2007-09-19 | 华为技术有限公司 | Identification web page service network system and its authentication method |
| CN101729998A (en) * | 2008-10-29 | 2010-06-09 | 华为技术有限公司 | Information transmission, common guide architecture, and authentication method, system and device |
| CN102065421A (en) * | 2009-11-11 | 2011-05-18 | 中国移动通信集团公司 | Method, device and system for updating key |
| CN104219196A (en) * | 2013-05-29 | 2014-12-17 | 腾讯科技(深圳)有限公司 | Service locking method, service unlocking method, device and system |
| CN106714154A (en) * | 2015-07-13 | 2017-05-24 | 沃达方Ip许可有限公司 | Generic bootstrapping architecture protocol |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100563156C (en) * | 2005-02-05 | 2009-11-25 | 华为技术有限公司 | Realize that user profile reaches the method to subscriber terminal authority synchronously |
| CN101039181B (en) * | 2006-03-14 | 2010-09-08 | 华为技术有限公司 | Method for preventing service function entity of general authentication framework from attack |
| EP2308254B1 (en) * | 2008-07-31 | 2014-06-18 | Telefonaktiebolaget L M Ericsson (PUBL) | Methods, nodes, system, computer programs and computer program products for secure user subscription or registration |
| WO2011131220A1 (en) * | 2010-04-19 | 2011-10-27 | Nokia Siemens Networks Oy | Gba and ims authentication procedures |
| US8661257B2 (en) * | 2010-05-18 | 2014-02-25 | Nokia Corporation | Generic bootstrapping architecture usage with Web applications and Web pages |
| CN103313244B (en) * | 2012-03-14 | 2016-12-14 | 中国移动通信集团公司 | A kind of authentication method based on GBA and device |
| CN109995859A (en) * | 2019-03-26 | 2019-07-09 | 网宿科技股份有限公司 | A kind of dispatching method, dispatch server and computer readable storage medium |
-
2021
- 2021-07-27 CN CN202110849858.5A patent/CN113596830B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039311A (en) * | 2006-03-16 | 2007-09-19 | 华为技术有限公司 | Identification web page service network system and its authentication method |
| CN101729998A (en) * | 2008-10-29 | 2010-06-09 | 华为技术有限公司 | Information transmission, common guide architecture, and authentication method, system and device |
| CN102065421A (en) * | 2009-11-11 | 2011-05-18 | 中国移动通信集团公司 | Method, device and system for updating key |
| CN104219196A (en) * | 2013-05-29 | 2014-12-17 | 腾讯科技(深圳)有限公司 | Service locking method, service unlocking method, device and system |
| CN106714154A (en) * | 2015-07-13 | 2017-05-24 | 沃达方Ip许可有限公司 | Generic bootstrapping architecture protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113596830A (en) | 2021-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110139387B (en) | Uplink small data transmission method, network side DU and network side CU | |
| US11870765B2 (en) | Operation related to user equipment using secret identifier | |
| CN109845360B (en) | Communication method and device | |
| CN110166201B (en) | Method for indicating secondary link data and terminal equipment | |
| US10681546B2 (en) | Processing method for sim card equipped terminal access to 3GPP network and apparatus | |
| US10542433B2 (en) | Connection establishment method, device, and system | |
| CN110312259B (en) | Pseudo base station identification method, pseudo base station identification device, terminal and storage medium | |
| CN108293259B (en) | NAS message processing and cell list updating method and equipment | |
| WO2017166951A1 (en) | Network reselection control method and device of mobile terminal, and computer storage medium | |
| CN113852948B (en) | Method and device for transmitting application context migration information | |
| CN116033541A (en) | Network registration method and device | |
| CN114450991A (en) | Wireless communication method for registration procedure | |
| CN111448816A (en) | Network access method and equipment | |
| CN113784371A (en) | Communication method and device | |
| CN113302895B (en) | Method and apparatus for authenticating a group of wireless communication devices | |
| CN113596830B (en) | Communication method, communication apparatus, electronic device, storage medium, and program product | |
| CN113475134B (en) | Wireless communication method and terminal device | |
| CN111800889B (en) | Method for processing protocol data unit session, terminal equipment and network equipment | |
| CN114302386A (en) | Wireless network connection method, device, access point and storage medium | |
| JP2023506062A (en) | Methods for triggering discovery, terminal equipment and network equipment | |
| US11096058B2 (en) | Reconfiguration of communications devices | |
| WO2018120150A1 (en) | Method and apparatus for connection between network entities | |
| CN104348801A (en) | Authentication method, method for generating credential and correlative apparatus | |
| CN110913507A (en) | Communication method and device | |
| RU2704717C1 (en) | Processing method for terminal access to 3gpp network and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |