CN113766607B - Access control method and related equipment - Google Patents
Access control method and related equipment Download PDFInfo
- Publication number
- CN113766607B CN113766607B CN202010493488.1A CN202010493488A CN113766607B CN 113766607 B CN113766607 B CN 113766607B CN 202010493488 A CN202010493488 A CN 202010493488A CN 113766607 B CN113766607 B CN 113766607B
- Authority
- CN
- China
- Prior art keywords
- slice
- access control
- control information
- access
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
- H04W48/10—Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access, e.g. scheduled or random access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0895—Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
Abstract
The application relates to the technical field of communication and discloses an access control method and related equipment. The method comprises the following steps: the terminal device receives at least one piece of access control information from the network device, wherein the at least one piece of access control information corresponds to at least one slice supported by the network device. The terminal device determines to initiate a PDU session. Further, the terminal device performs access control using the first access control information. The first access control information corresponds to a first slice associated with the PDU session, and the at least one access control information includes the first access control information. Therefore, the access control method and the device define the access categories of the slices of different types by establishing the corresponding relation between the slices and the access control information, thereby realizing the access control facing to the network slices. Therefore, the method is not limited by the extensible bit in the access control information, and the flexibility of access category extension can be improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to an access control method and a related device.
Background
With the development of the 5th-generation (5G) mobile communication technology, various network services are provided, and the requirements of different network services on network functions, connection performance, network security, and the like are different. Based on this, in order to adapt to various network services with different requirements, network slicing (hereinafter referred to as slicing) is generated.
Slices are virtual sub-networks separated on the same set of physical network structures. A set of physical network structures can virtualize a plurality of slices. The network characteristics such as bandwidth, transmission delay, reliability, etc. between slices may be different. The terminal equipment can access the corresponding slice according to the service requirement. However, for network slicing, the current technology cannot provide a better access control mechanism.
Disclosure of Invention
The application provides an access control method and related equipment to realize network slice-oriented access control.
The embodiment of the application is applied to the mobile network. The mobile network comprises terminal equipment, access network equipment and core network equipment. The terminal device can access the network provided by the core network device through the access network device. The mobile network of the embodiment of the present application supports a network slicing technique (hereinafter referred to as slicing). The access network devices as well as the core network devices may be referred to as network devices. The terminal device may access slices supported by the network device.
In a first aspect, an embodiment of the present application provides an access control method, where the method includes: the method comprises the steps that terminal equipment receives at least one piece of access control information from network equipment, each piece of access control information in the at least one piece of access control information corresponds to a slice identifier, and the slice identifier is used for indicating at least one slice supported by the network equipment; the terminal equipment determines to initiate a Protocol Data Unit (PDU) session; the terminal device performs access control using first access control information, the first access control information corresponding to a first slice associated with the PDU session, the at least one access control information including the first access control information.
In some embodiments, the access control information comprises at least one access category. The terminal equipment can determine the access limiting parameters corresponding to each access category according to the access control information. Based on this, the access control information may be understood as index information of the access restriction parameter. In this embodiment, the network device may maintain the slices and access control information corresponding to each slice, where each access control information includes an access category supported by the corresponding slice. The slice described in this embodiment is at least one slice supported by the network device. In this way, the network side device defines the access categories of the slices of different types by establishing the corresponding relation between the slices and the access control information, thereby being not limited by the extension bit of the access category in the protocol, improving the expandability of the access control information and the flexibility of the access control facing the slices. Further, the network device may establish a correspondence between the slice and the access control information through the slice identifier. The slice identifier is used to indicate a slice. In turn, the terminal device may receive at least one access control information from the network device. The terminal device determines to initiate a PDU session, after which the terminal device may determine the slice from which the access attempt request was initiated and the slice identity of that slice. Then, the terminal device may further determine access control information corresponding to the slice identifier. Further, the terminal device determines an access restriction parameter according to an index function of the corresponding access control information, and performs access control according to the determined access restriction parameter. Therefore, the access control information can be maintained based on the slice, and the access control facing to the network slice is realized.
In an alternative design, the receiving, by the terminal device, at least one access control message from a network device includes: the terminal device receives at least one slice identifier from the network device and access control information corresponding to each slice identifier in the at least one slice identifier. In this embodiment, the access control information may correspond to the slice identifier in various forms, so as to establish a correspondence between the slices supported by the network device and the access control information corresponding to each slice, thereby implementing extension of the access control information oriented to the slice. The content of the at least one access control information may be different in different forms. Illustratively, the slice identity may correspond directly to the access control information. In this embodiment, the implementation form of the at least one piece of access control information may be a correspondence relationship formed by at least one piece of slice identifier and access control information corresponding to each piece of slice identifier in the at least one piece of slice identifier. In practical implementations, in some embodiments, each access control information of the at least one access control information may correspond to one slice identifier. In other embodiments, a plurality of access control information of the at least one access control information may correspond to one slice identifier. In other embodiments, each of the at least one access control information may correspond to a plurality of slice identifications. Therefore, by adopting the realization mode, the expandability of the access control information and the flexibility of the expansion mode are higher.
In an optional design, the method further comprises: the terminal device receives at least one slice identity. In this embodiment, the slice identifier may indirectly correspond to the access control information. For example, the slice identity corresponds to the access control information by a reference number. As another example, a rule corresponding to the slice identifier and the access control information is predefined, or a rule corresponding to the slice identifier and the access control information is defined by an operator. As another example, the correspondence between the slice identifier and the access control information is predefined, or the correspondence between the slice identifier and the access control information is defined by an operator. Accordingly, the at least one access control information received by the terminal device does not contain a slice identity. In this implementation scenario, the terminal device may further receive a slice identifier, so as to determine, according to the slice identifier, access control information corresponding to a slice associated with the PDU session, and perform access control. It should be noted that, in different embodiment scenarios, implementation forms of the correspondence between the slice identifier and the at least one access control information are different, and correspondingly, implementation forms of the at least one slice identifier in different embodiment scenarios are also different. By adopting the implementation mode, the access control information can correspond to the slice identifier in various forms, so that the corresponding relation between the slices supported by the network equipment and the access control information corresponding to each slice is established, and the expansion of the access control information facing the slices is realized.
In an alternative design, the slice identifier includes an RPID, and the method further includes: and the terminal equipment receives the corresponding relation between the RPID and the slice. In the present application, the slice identifier may be implemented as one or more of the following: slice ID, RAN area identity (RPID). The slice ID may include at least one of the following information: single network slice selection assistance information (S-NSSAI), slice type information, service type information, tenant information, user group information, slice instance information, and a Dedicated Core Network (DCN) identifier. RAN resources are in a one-to-many or many-to-many relationship with slices, and in an extreme case, a one-to-one ratio can be achieved, based on which, in a scenario where the slice identifier is an RPID, one RPID indicates at least one slice. Furthermore, in order to determine the first RPID from the slice associated with the PDU session, in a scenario where the slice identifier is an RPID, the terminal device may receive a correspondence between the RPID and the slice. By adopting the implementation mode, the access control information can correspond to the slice identifier in various forms, so that the corresponding relation between the slices supported by the network equipment and the access control information corresponding to each slice is established, and the expansion of the access control information facing the slices is realized.
In an optional design, the terminal device includes an access AS layer and a non-access NAS layer, the at least one access control information and the slice identifier are stored in the AS layer, and the determining, by the terminal device, to initiate a PDU session includes: the NAS layer determines to initiate the PDU session; the terminal device performs access control using the first access control information, including: the NAS layer sending a first slice identity to the AS layer, the first slice identity being a slice identity of a first slice associated with the PDU session; and the AS layer executes access control according to the first access control information corresponding to the first slice identifier.
In an optional design, the determining, by the NAS layer, to initiate the PDU session includes: if the first slice is a slice supported by the network device and an allowed slice of the terminal device, the NAS layer determines to initiate the PDU session; or, if the first slice is a remap slice of a second slice supported by the network device and an allowed slice of the terminal device, the NAS layer determines to initiate the PDU session, and the second slice is a slice initially requested by the NAS layer.
In an optional design, the terminal device includes an access AS layer and a non-access NAS layer, the at least one access control information and the slice identifier are stored in the AS layer, and the determining, by the terminal device, to initiate a PDU session includes: the NAS layer determines to initiate the PDU session; the terminal device performs access control using the first access control information, including: the NAS layer sends a second slice identifier to the AS layer, wherein the second slice identifier is the slice identifier of a second slice which is originally requested by the NAS layer; the AS layer determines a first slice identifier according to the second slice identifier, wherein the first slice identifier is a slice identifier of a first slice associated with the PDU session; and the AS layer executes access control according to the first access control information corresponding to the first slice identifier.
In an alternative design, the determining, by the AS layer, the first slice identifier according to the second slice identifier includes: if the second slice is a slice supported by the network device and a permitted slice of the terminal device, the AS layer determines that the second slice is the first slice and determines that the second slice identifier is the first slice identifier; or, if the second slice is a remapped slice of the first slice supported by the network device and a slice allowed by the terminal device, the AS layer determines that the slice identifier of the first slice is the first slice identifier.
In a second aspect, an embodiment of the present application further provides an access control apparatus, which includes a receiving module and a processing module, where the receiving module is configured to receive at least one access control information from a network device, where each access control information in the at least one access control information corresponds to a slice identifier, and the slice identifier is used to indicate at least one slice supported by the network device; the processing module is used for determining to initiate a Protocol Data Unit (PDU) session; the processing module is further configured to perform access control using first access control information, where the first access control information corresponds to a first slice associated with the PDU session, and the at least one piece of access control information includes the first access control information.
In an optional design, the receiving module is further configured to receive at least one slice identifier from the network device, and access control information corresponding to each slice identifier in the at least one slice identifier.
In an alternative design, the receiving module is further configured to receive at least one slice identifier.
In an optional design, the slice identifier includes an RPID, and the receiving module is further configured to receive a correspondence between the RPID and a slice.
In an optional design, the processing module includes an access AS module and a non-access NAS module, the at least one access control information and the slice identifier are stored in the AS module, and the NAS module is configured to determine to initiate the PDU session; the NAS module is further configured to send a first slice identifier to the AS module, where the first slice identifier is a slice identifier of a first slice associated with the PDU session; and the AS module is used for executing access control according to the first access control information corresponding to the first slice identifier.
In an optional design, the NAS module is further configured to determine to initiate the PDU session if the first slice is a slice supported by the network device and a slice allowed by the terminal device; and if the first slice is a remapped slice of a second slice supported by the network device and an allowed slice of the terminal device, determining to initiate the PDU session, wherein the second slice is a slice initially requested by the NAS module.
In an optional design, the processing module includes an access AS module and a non-access NAS module, the at least one access control information and the slice identifier are stored in the AS module, and the NAS module is configured to determine to initiate the PDU session; the NAS module is further configured to send a second slice identifier to the AS module, where the second slice identifier is a slice identifier of a second slice that the NAS module initiates an initial request; the AS module is configured to determine a first slice identifier according to the second slice identifier, where the first slice identifier is a slice identifier of a first slice associated with the PDU session; and the AS module is also used for executing access control according to the first access control information corresponding to the first slice identifier.
In an optional design, the AS module is further configured to determine that the second slice is the first slice and determine that the second slice identifier is the first slice identifier if the second slice is a slice supported by the network device and a slice allowed by the terminal device; and if the second slice is a remapped slice of the first slice supported by the network device and an allowed slice of the terminal device, determining that the slice identifier of the first slice is the first slice identifier.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a processor and a transceiver, where the transceiver is configured to receive at least one access control information from a network device, and each access control information in the at least one access control information corresponds to a slice identifier, where the slice identifier is used to indicate at least one slice supported by the network device; the processor is configured to determine to initiate a protocol data unit, PDU, session; the processor is further configured to perform access control using first access control information, the first access control information corresponding to a first slice associated with the PDU session, the at least one access control information including the first access control information.
In an alternative design, the transceiver is further configured to receive at least one slice identifier from the network device, and access control information corresponding to each of the at least one slice identifier.
In an alternative design, the transceiver is further configured to receive at least one slice identifier.
In an optional design, the transceiver is further configured to receive a correspondence between the RPID and a slice.
In an alternative design, the processor includes a first sub-processor and a second sub-processor, the at least one access control information and the slice identifier being stored in the second sub-processor, the first sub-processor to determine to initiate the PDU session; the first sub-processor further configured to send a first slice identification to the second sub-processor, the first slice identification being a slice identification of a first slice associated with the PDU session; and the second sub-processor is used for executing access control according to the first access control information corresponding to the first slice identifier.
In an optional design, the first sub-processor is further configured to determine to initiate the PDU session if the first slice is a slice supported by the network device and a slice allowed by the terminal device; and determining to initiate the PDU session if the first slice is a remapped slice of a second slice supported by the network device and an allowed slice of the terminal device, the second slice being a slice initially requested by the first sub-processor.
In an alternative design, the processor includes a first sub-processor and a second sub-processor, the at least one access control information and the slice identifier being stored in the second sub-processor, the first sub-processor to determine to initiate the PDU session; the first sub-processor is further configured to send a second slice identifier to the second sub-processor, where the second slice identifier is a slice identifier of a second slice for which the second sub-processor initiates an initial request; the second sub-processor is configured to determine a first slice identifier according to the second slice identifier, where the first slice identifier is a slice identifier of a first slice associated with the PDU session; and the second sub-processor is also used for executing access control according to the first access control information corresponding to the first slice identifier.
In an alternative design, the second sub-processor is further configured to determine that the second slice is the first slice and determine that the second slice identifier is the first slice identifier if the second slice is a slice supported by the network device and a slice allowed by the terminal device; and if the second slice is a remapped slice of the first slice supported by the network device and an allowed slice of the terminal device, determining that the slice identifier of the first slice is the first slice identifier.
In a fourth aspect, the present application further provides a chip system including at least one processor and an interface. The interface is coupled to the processor for receiving code instructions and transmitting the code instructions to the at least one processor. The at least one processor executes the code instructions and implements some or all of the steps of the access control method in the first aspect and various possible implementations of the first aspect.
In a fifth aspect, the present application provides a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to perform some or all of the steps of the access control method in the first aspect and various possible implementations of the first aspect.
In a sixth aspect, the present application provides a computer program product, which when run on a computer, causes the computer to perform some or all of the steps of the access control method in the first aspect and various possible implementations of the first aspect.
Drawings
In order to more clearly describe the technical solutions of the embodiments of the present application, the drawings required to be used in the embodiments are briefly described below, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1A is a schematic diagram of an exemplary structure of a mobile network 10 provided in an embodiment of the present application;
fig. 1B is an exemplary scene diagram of a slicing application scene 20 provided by an embodiment of the present application;
fig. 2A is an exemplary method flowchart of an access control method 100 provided in an embodiment of the present application;
fig. 2B is a flowchart of an exemplary method of an access control method 110 provided in an embodiment of the present application;
fig. 3 is an exemplary structural diagram of a network architecture 20 provided by an embodiment of the present application;
fig. 4A is an exemplary signaling interaction diagram of an access control method 200 provided in an embodiment of the present application;
fig. 4B is an exemplary signaling interaction diagram of an access control method 300 according to an embodiment of the present application;
fig. 4C is an exemplary signaling interaction diagram of an access control method 400 provided in an embodiment of the present application;
fig. 5A is an exemplary signaling interaction diagram of a signaling interaction method 1000 of an AS layer and an NAS layer provided in an embodiment of the present application;
fig. 5B is an exemplary signaling interaction diagram of a signaling interaction method 2000 for an AS layer and an NAS layer provided in an embodiment of the present application;
fig. 5C is an exemplary signaling interaction diagram of a signaling interaction method 3000 of an AS layer and an NAS layer provided in an embodiment of the present application;
fig. 6A is an exemplary signaling interaction diagram of an access control method 500 provided in an embodiment of the present application;
fig. 6B is an exemplary signaling interaction diagram of an access control method 600 according to an embodiment of the present application;
fig. 6C is an exemplary signaling interaction diagram of an access control method 700 provided in an embodiment of the present application;
fig. 7A is an exemplary signaling interaction diagram of a signaling interaction method 4000 of an AS layer and an NAS layer provided in an embodiment of the present application;
fig. 7B is an exemplary signaling interaction diagram of a signaling interaction method 5000 of the AS layer and the NAS layer provided in the embodiment of the present application;
fig. 7C is an exemplary signaling interaction diagram of a signaling interaction method 6000 of an AS layer and an NAS layer provided in an embodiment of the present application;
fig. 7D is an exemplary signaling interaction diagram of a signaling interaction method 7000 for the AS layer and the NAS layer according to the embodiment of the present application;
FIG. 7E is an exemplary signaling interaction diagram of a signaling interaction method 8000 of an AS layer and a NAS layer according to an embodiment of the present application;
fig. 7F is an exemplary signaling interaction diagram of a signaling interaction method 9000 of an AS layer and an NAS layer according to an embodiment of the present application;
fig. 8A is a schematic diagram illustrating an access control device 60 according to an embodiment of the present application;
fig. 8B is an exemplary structural diagram of an electronic device 61 provided in an embodiment of the present application;
fig. 8C is a schematic diagram of an exemplary structure of the chip system 62 provided in the embodiment of the present application.
Detailed Description
The technical solutions in the present application will be clearly described below with reference to the accompanying drawings in the present application.
The terminology used in the following examples of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that although the terms first, second, etc. may be used in the following embodiments to describe a class of objects, the objects should not be limited to these terms. These terms are only used to distinguish between particular objects of that class of objects. For example, the terms first, second, etc. may be used in the following embodiments to describe slice identifications, but the slice identifications should not be limited to these terms. These terms are only used to distinguish slice identifications corresponding to different slices. The following embodiments may adopt the terms first, second, etc. to describe other class objects in the same way, and are not described herein again. In addition, in the description of the following embodiments, "a plurality" means two or more.
The architecture and the service scenario described in this application are for more clearly illustrating the technical solution of the embodiment of the application, and do not form a limitation to the technical solution provided in this application, and it can be known by those skilled in the art that the technical solution provided in the embodiment of the application is also applicable to similar technical problems along with the evolution of the architecture and the appearance of a new service scenario.
The following describes an implementation scenario of the present application.
The present application applies to mobile networks, and fig. 1A shows a network architecture of a mobile network 10. The mobile network 10 includes: terminal equipment 11, access network equipment 12 and core network equipment 13. The terminal device 11 may access the network provided by the core network device 13 through the access network device 12.
The terminal equipment 12 according to the present application may also be referred to as User Equipment (UE) or Mobile Station (MS) in the wireless communication standard. The terminal equipment related in the embodiment of the application is equipment with a wireless transceiving function, can be deployed on land and comprises an indoor or outdoor, a handheld or a vehicle-mounted terminal; can also be deployed on the water surface (such as a ship and the like); and may also be deployed in the air (e.g., airplanes, balloons, satellites, etc.). The terminal device may include various types of mobile phones (mobile phones), tablet computers (pads), computers with wireless transceiving functions, wireless data cards, virtual Reality (VR) terminal devices, augmented Reality (AR) terminal devices, machine Type Communication (MTC) terminal devices, terminal devices in industrial control (industrial control), terminal devices in self-driving (self-driving), terminal devices in remote medical (remote medical), terminal devices in smart grid (smart grid), terminal devices in transportation safety (transportation safety), terminal devices in city (smart city), smart homes (home devices with wireless communication functions, such as refrigerators, televisions, wearable or washing machines, and the like), and smart band devices (such as smart watches, smart steppers, and the like). The terminal device, as referred to in this application, may also be arranged in a fixed location, a device having similar wireless communication capabilities as the terminal device described above. In systems using different radio access technologies, names of terminal devices having similar wireless communication functions may be different, and for convenience of description, in the embodiments of the present application, the above devices having wireless communication functions are collectively referred to as terminal devices.
The access network device 12 referred to in this application may also be referred to as a base station, and is a device deployed in a radio access network to provide wireless communication functions for terminal devices, including but not limited to: macro base stations of various forms, micro base stations (also referred to as small stations), relay stations, transmission Reception Points (TRPs), evolved node bs (enbs), radio Network Controllers (RNCs), node Bs (NBs), base Station Controllers (BSCs), base Transceiver Stations (BTSs), home base stations (e.g., home evolved node bs or home node bs), and Base Band Units (BBUs) that process communication data, and the like. In systems employing different radio access technologies, the names of radio access network devices having similar wireless communication functions may differ. For convenience of description, in all embodiments of the present application, the apparatus for providing a wireless communication function for a terminal device is referred to as a radio access network device.
The core network device 13 according to the present application may be a device having an access and mobility management network (AMF) function, a Session Management Function (SMF), a user plane network function, an authentication management network function, and the like.
It is understood that the terminal device 11, the access network device 12 and the core network device 13 in the mobile network 10 are all defined in a logical functional layer, and in an actual implementation, the mobile network may include at least one terminal device entity, at least one access network device entity and at least one core network device entity. And are not limited herein.
Further, with the continuous emergence of various communication system services, the requirements of different communication services on network performance are significantly different, and 5G introduces a concept of network slice to cope with the difference of the requirements of different communication services on network performance. In all embodiments of the present application, "network slice" is also described as "slice" (slice), and the terms "network slice" and "slice" appearing in the context of the present specification refer to network slices.
Exemplarily, referring to fig. 1B, 3 slices, respectively, a slice 1, a slice 2, and a slice 3 are shown in fig. 1B, and the slice 1, the slice 2, and the slice 3 may be network slices respectively serving enhanced mobile broadband (eMBB) traffic, ultra Reliable Low Latency Communication (URLLC) traffic, and massive machine type communication (mtc) traffic.
When the terminal device initiates a network slice request, the access network device selects a Session Management Function (SMF) and a network storage function (NRF) that support the network slice through an access and mobility management function (AMF) that can support the network slice, and the SMF further selects an UPF that supports the network slice, and optionally, the SMF also selects a Policy Control Function (PCF) that supports the slice, and provides the terminal with the service of the network slice through the selected network elements. For example, when the terminal device initiates a request of slice 1, the access network device selects the SMF and NRF supporting slice 1 through the AMF that can support slice 1, the SMF further selects the UPF supporting slice 1, and optionally, the SMF also selects the PCF supporting slice 1, and provides the service of slice 1 to the terminal through these selected network elements.
One way of implementation of slicing: network Function Virtualization (NFV) achieves virtualization of underlying physical resources, and loads a virtual Network Function (NF) to a common platform. Software Defined Network (SDN) technology implements logical connections between virtual machines, and constructs a path that carries signaling and data flows. The terminal device configures an end-to-end service chain through dynamic connection between NF of an access network (RAN) and NF of a Core Network (CN), thereby constructing a slice.
In actual implementation, the number of slices is large according to different tenants, service types and the like, the number of RAN resources is small due to factors such as limited air interface resources, RAN resources and slices are in a one-to-many or many-to-many relationship, and in an extreme case, a one-to-one ratio can be achieved.
The information about the slice is briefly described as follows:
slices can be identified and distinguished by single network slice selection assistance information (S-NSSAI). The S-NSSAI includes one or more of: a Slice Service Type (SST) for indicating characteristics of a slice and a traffic type of a slice service, and a Slice Differentiation (SD) for differentiating multiple slice instances of the same SST.
In practical implementation, the slice is set as a subscription slice, a default slice, a request slice, a permission slice, etc. according to different implementation scenarios. A subscription slice refers to a slice to which an end device subscribes. One or more of the subscription slices may be set as default slices according to operator policies. The request slice refers to an allowed slice carried in the registration request message by the terminal device. The allowed slice refers to a slice which is allowed to be requested by the network in the slices requested by the terminal equipment.
Furthermore, slice 1 traffic is implemented using slice 2, then slice 1 is considered remappable to slice 2, which is called slice remapping.
The following briefly describes the information related to access control, as follows:
in order to prevent the problems of heavy network load, congestion and the like caused by excessive access of terminal devices in a network, a network system needs to perform access control on the terminal devices to meet service requirements. Wherein the access control may proportionally limit the network access of the terminal device.
The 5G system provides Unified Access Control (UAC) technology to operators. The UAC technology is an access control implemented based on an access identity (access identity) and an Access Category (AC). Wherein, the access attempt (access attempt) of the terminal device corresponds to one or more access identifications and one or more access categories. The bit value corresponding to the access identifier determines whether the corresponding access attempt is allowed, for example, if the bit value corresponding to the access identifier is 0, it indicates that the corresponding access attempt is allowed, and if the bit value corresponding to the access identifier is 1, it indicates that the corresponding access attempt is not allowed.
The access class may be configured by the core network device. One access category may correspond to a set of access restriction parameters. The access limiting parameter is used for limiting the proportion of the terminal equipment accessing the network. The access restriction parameter may include an access restriction factor (barring factor), an access backoff time (back off time), and the like. The access restriction factor refers to the probability of the corresponding allowed access attempt of the terminal device during the access restriction check. The access back-off time refers to the shortest time length from the time when the access initiated by the terminal device is prohibited to the time before the next access attempt is initiated. The access category may correspond to a traffic type of the terminal device.
There are multiple access categories defined in UAC technology that can be maintained in a list. In the embodiment of the present application, the list for maintaining the access category is referred to as "access control information". As can be seen from the above description of the access categories, each access category essentially corresponds to a set of access restriction parameters, based on which the access control information essentially can be understood as an index of the access restriction parameters. An exemplary implementation of the conventional access control information is shown in table 1 below.
TABLE 1
In the access control information shown in table 1, the access category is indicated by the access category number. For example, the access class numbers 0 to 8 each correspond to a defined access class, and each access class corresponds to a set of access restriction parameters. For the access categories corresponding to the access category numbers 0 to 8, and the access restriction parameters corresponding to the respective access categories, etc., see the relevant definitions in the TS22.261 protocol, which are not detailed here. The access category numbers 9 to 63 in table 1 are reserved bits allowing the operator to customize the specific access categories, e.g. slices, applications and application servers etc.
In practical implementation, the terminal device obtains the access identifier and the access control information, and after determining the access category corresponding to the access attempt, the terminal device determines whether the access attempt is allowed according to the access identifier corresponding to the access category. After determining that the access attempt is allowed, the terminal device determines an access limiting parameter corresponding to a corresponding access category according to the access control information, and then executes the access attempt according to the corresponding access limiting parameter.
As can be seen from the above description of the slice, in practical implementation, there may be relatively more slice types, and there are relatively fewer reserved bits in the existing protocol that allow the operator to customize the access category. Therefore, the flexibility and the expandability are poor, and the setting of the access category for each slice type based on the existing protocol is difficult to realize, so that a network slice-oriented implementation scene is caused, and a good access control mechanism is not provided.
The embodiment of the application provides an access control method and related equipment, wherein each slice supported by network equipment corresponds to access control information, and each access control information comprises an access category supported by the slice corresponding to the access control information. The terminal device can determine access control information according to the slice for attempting access after receiving at least one piece of access control information, and then perform access control using the determined access control information. Therefore, network slice oriented access control can be realized, and the flexibility and the expandability are good.
It is understood that the embodiments of the present application are also applicable to other future-oriented communication technologies. The network architecture and the service scenario described in this application are for more clearly illustrating the technical solution of this application, and do not constitute a limitation to the technical solution provided in this application, and it can be known by those skilled in the art that the technical solution provided in this application is also applicable to similar technical problems along with the evolution of the network architecture and the appearance of new service scenarios.
The following describes an access control method according to an embodiment of the present application, as follows:
first, technical terms related to embodiments of the present application will be described.
The network device includes an access network device and a core network device. The access network device may be the access network device 12 as described in the embodiments above. The core network device may be the core network device 13 as described in the above embodiments.
The slice identifier is used to indicate at least one slice supported by a network device. The slice identifier described in this embodiment may be implemented as one or more of the following: slice ID, RAN area identity (RPID).
The slice ID may include at least one of the following information: S-NSSAI, slice type information, service type information, tenant (tent) information, user group information, slice instance information, a Dedicated Core Network (DCN) identity.
In some embodiments, the slice type information may be information indicating that the slice is an eMBB type, a URLLC type, or an mtc type. In still other embodiments, the network slice type information may also be information indicating an end-to-end network slice type, the end-to-end network slice type including at least one of a RAN-to-CN network slice type, a RAN-side network slice type, and a CN-side network slice type.
The service type information may be information indicating a service of the terminal device, for example, a video service, a car networking service, a voice service, and the like.
The tenant information is used to indicate the customer that created or rented the slice, such as the Tencent, the national grid, etc.
The user group information is used to indicate grouping information to which the user belongs. In a possible implementation, the operator may group the users into user groups according to some characteristics, such as the user level.
The slice group information is used to indicate grouping information to which a slice belongs. In a possible implementation manner, the core network device may group the slices into a slice group according to some features, for example, all slices that the terminal device can access.
The slice instance information may be an instance identification created for the slice and characteristic information.
The DCN identity is used to indicate a dedicated core network in a Long Term Evolution (LTE) system or an LTE system, for example, an internet of things dedicated core network. In a possible implementation manner, the DCN identifier and the slice ID have a mapping relationship.
It can be seen that, in the scene where the slice ID is slice ID, one slice ID indicates one slice.
In some embodiments, the RPID is a region identification. In this embodiment, the types of slices of the access network device included in the area indicated by one RPID are the same. In other embodiments, the RPID is an identification of a RAN resource, which may be one or more of a spectrum resource, a hardware resource, and a software resource. In this embodiment, one RAN resource is one resource or one combined resource, and the RPID is used to identify each RAN resource. Wherein a share of RAN resources may support one or more slices, based on which one RPID indicates at least one slice.
The terminal equipment related to the application comprises an Access Stratum (AS) layer and a non-access stratum (NAS) layer. From the protocol stack level, the access layer procedure includes Radio Resource Control (RRC) connection establishment, signaling establishment with core network equipment, call release, handover, and Serving Radio Network Subsystem (SRNS) relocation. Illustratively, the information sent by the access network device is maintained at the AS layer, for example, a mapping relationship between at least one access control information and the slice identifier, which is described below, is maintained at the AS layer. For another example, the RRC messages described below are maintained at the AS layer. The flow of the non-access layer mainly comprises the mobility management of the circuit domain, the call control of the circuit domain, the mobility management of the packet domain, the session management of the packet domain and the like. Illustratively, the allowed slices for the terminal device are maintained at the NAS layer.
As shown in fig. 2A, the present application provides a method flow diagram of an access control method 100. The access control method 100 (hereinafter referred to as the method 100) includes the following steps:
step S101, the terminal equipment receives at least one piece of access control information from the network equipment.
Wherein each access control information of the at least one access control information corresponds to a slice identifier. In some embodiments, the terminal device may receive at least one piece of access control information broadcasted by the access network device, where a slice identifier corresponding to the at least one piece of access control information is used to indicate at least one slice supported by the access network device.
Each piece of access control information comprises an access type, and the access type contained in each piece of access control information is the access type supported by the slice corresponding to the access control information. The at least one access control information may comprise a different number of access categories. In this embodiment, the presentation form of the access control information may be similar to that in table 1, and is not described in detail here.
In some embodiments, each of the at least one access control information may correspond to a slice identity. By adopting the implementation mode, the slice identification and the access control information are in one-to-one correspondence, for example, so that even if the network equipment only supports a slice scene, the access control information can be flexibly expanded. In other embodiments, a plurality of access control information of the at least one access control information may correspond to one slice identifier. As can be seen from the above description, one access control information includes 64 access categories. Optionally, when one slice identifier indicates that at least one slice supports more than 64 access categories, the network device may maintain all the access categories in the at least two access control information, so that the slice identifier may correspond to the at least two access control information. By adopting the implementation mode, the corresponding relation between the slices and the access control information can be flexibly maintained through the slice identification, and the expandability is better. In other embodiments, each of the at least one access control information may correspond to a plurality of slice identifications. Optionally, when the number of access categories supported by each slice in the plurality of slices is small, for example, each slice in the 3 slices supports 2 access categories, the network device may maintain the access categories supported by the plurality of slices through one access control information, so that each slice identifier of the plurality of slices corresponds to the access control information. Therefore, by adopting the implementation mode, the network equipment can maintain less access control information, thereby saving storage resources and transmission resources.
Further, the access control information may correspond to the slice identifier in various forms, and the content of the at least one access control information may be different in different forms. The following describes an exemplary correspondence relationship between the access control information and the slice identifier in conjunction with the slice identifier described above.
The implementation mode is as follows: the slice identity corresponds directly to the access control information. Correspondingly, in this embodiment, the at least one piece of access control information includes: at least one slice identifier, and access control information corresponding to each slice identifier in the at least one slice identifier. Illustratively, as shown in table 2, an example of presenting the slice identifier and the access control information in a table form is as follows:
TABLE 2
| Section mark | Access control information |
| Section mark 01 | Access control information 01 |
| Section mark 02 | Access control information 02 |
| …… | …… |
Table 2 presents partial information of the correspondence between each piece of access control information and different slice identifiers in the at least one piece of access control information. Each row in table 2 represents a correspondence relationship, for example, the slice identifier 01 corresponds to the access control information 01 of the row, and the slice identifier 02 corresponds to the access control information 02 of the row. The slice identifiers and the access control information in other rows not shown in table 2 are the same, and are not described herein again.
In some embodiments, the slice identification in table 2 may be a slice ID. In this embodiment, the at least one access control information and the slice ID may be presented as a corresponding relationship shown in table 2-1. In other embodiments, the slice identifier in table 2 may be an RPID. In this embodiment, the at least one piece of access control information and the RPID may be presented as a corresponding relationship shown in table 2-2.
TABLE 2-1
Tables 2 to 2
| RPID | Access control information |
| RPID 01 | Access control information 01 |
| RPID 02 | Access control information 02 |
| …… | …… |
It is understood that tables 2 through 2-2 are only illustrative and do not limit the embodiments of the present application. In other embodiments, each slice identification may also correspond to multiple access categories. In other embodiments, each access category may also correspond to multiple slice identifications. In addition, tables 2 to 2-2 are only for visually presenting the corresponding relationship between the access control information and the slice identifier to those skilled in the art, and in actual implementation, the presentation manner of the corresponding relationship between the access control information and the slice identifier is not limited thereto. And is not described in detail herein.
The implementation mode two is as follows: the slice identifier corresponds to the access control information by a label.
Each of the at least one access control information received by the terminal device may correspond to a label. In this embodiment, the network device may set that each slice identifier in the at least one slice identifier may correspond to one label. The slice identifiers corresponding to the same labels and the access control information are in a corresponding relationship. In some embodiments, at least two access control information corresponding to the same slice identification may correspond to the same reference number. In other embodiments, at least two slice identities corresponding to the same access control information may correspond to the same reference number.
In some embodiments, the elements included in the reference numbers may be at least one of letters and numbers, such as abc001. In other embodiments, the reference number may be a sequential number in the list where the reference number is located. For example, the order of the first line in the list is 1, and the number in this line is 1. The order of the second row in the list is 2 and the number in this row is 2.
Illustratively, as shown in table 3-1, an example of at least one access control information presented in tabular form is as follows:
TABLE 3-1
The access control information 01 in table 3-1 corresponds to the row index a 001. The access control information 02 corresponds to the row reference character a002. Access control information 03 and access control information 04 both correspond to reference character a 003. The correspondence between other access control information and reference numbers not shown in table 3-1 is the same, and is not described herein again.
An example of a list of slice identifications presented in tabular form, as shown in table 3-2, is as follows:
TABLE 3-2
The slice identification 01 in table 3-2 corresponds to the row index a 001. The slice identifier 02 and the slice identifier 03 both correspond to the reference character a002. The slice identification 04 corresponds to the line with the reference a 003. The correspondence between the slice identifiers and the reference numbers not shown in table 3-2 is the same, and the description thereof is omitted here.
Wherein, the access control information with any label in table 3-1 corresponds to the slice identifier with the label in table 3-2. For ease of understanding, the correspondence illustrated in tables 3-3 is detailed. Tables 3-3 are derived from the variations of tables 3-1 and 3-2.
Tables 3 to 3
Wherein, the correspondence between the first column and the second column in table 3-3 may be equivalent to table 3-1, and the correspondence between the second column and the third column in table 3-3 may be equivalent to table 3-2. As shown in table 3-3, the slice identifier 01 and the access control information 01 both correspond to the label a001, indicating that the slice identifier 01 corresponds to the access control information 01. Slice identifier 02, slice identifier 03, and access control information 02 all correspond to reference character a002, indicating that slice identifier 02 and slice identifier 03 all correspond to access control information 02. Slice identification 04, access control information 03, and access control information 04 all correspond to reference character a003, indicating that slice identification 04 corresponds to access control information 03 and access control information 04. The corresponding relationship of other information not shown in tables 3-3 is the same, and is not described herein again.
In some embodiments, the slice identifications in tables 3-2 and 3-3 may be implemented as slice IDs. In other embodiments, the slice identifications in tables 3-2 and 3-3 may be implemented as RPIDs. And is not described in detail herein.
It is understood that tables 3-1 to 3-3 are only illustrative and do not constitute a limitation on the embodiments of the present application. In other embodiments, the reference numbers may be implemented in other forms. In addition, tables 3-1 to 3-3 are only for visually presenting the correspondence between the access control information, the label and the slice identifier to those skilled in the art, and in actual implementation, the presentation manner of the correspondence between the access control information, the label and the slice identifier is not limited thereto. And is not described in detail herein.
The implementation mode is three: the corresponding rule of the slice identifier and the access control information is predefined, or the operator defines the corresponding rule of the slice identifier and the access control information.
In a possible implementation manner, at least one access control message received by the terminal device is maintained according to a certain sequence. The network device may, for example, maintain at least one slice identity in order. For example, it may be predefined that if the sequence bits of a certain slice identifier in at least one slice identifier are the same as the sequence bits of a certain access control information in at least one access control information, the slice identifier corresponds to the access control information. In practical implementation, the access control information and the slice identifier may be both ordered in the form of a stack or a sequence.
Illustratively, the presentation of the at least one access control information is, for example, as shown in table 4-1.
TABLE 4-1
Each of the at least one access control information is arranged in an order indicated in table 4-1. Wherein, as the ordering position in table 4-1 goes from top to bottom, the order bits of each access control information are sequentially from small to large. For example, the order of the access control information 01 in the at least one access control information is, for example, a first bit, the order of the access control information 02 in the at least one access control information is, for example, a second bit, and the order of the access control information 03 in the at least one access control information is, for example, a third bit. The access control information 04 and other sequential bits of access control information not shown in table 4-1, and so on, are not described herein.
Illustratively, the presentation of the at least one slice identifier is, for example, as shown in Table 4-2.
TABLE 4-2
| Section mark |
| Section mark 01 |
| Section mark 02 |
| Section mark 03 |
| Section mark 04 |
| …… |
Wherein the sequential bits of each slice identifier are sequentially smaller to larger as the ordering position is from top to bottom in table 4-2. For example, the order of the slice identifier 01 in the at least one slice identifier is, for example, the first bit, and the order of the slice identifier 02 in the at least one slice identifier is, for example, the second bit. Slice id 03, slice id 04, and other slice ids not shown in table 4-2, and so on, which are not described herein.
According to the predefined rule, the access control information of any sequence bit in table 4-1 corresponds to the slice id of the same sequence bit in table 4-2. That is, access control information 01 corresponds to slice identification 01, access control information 02 corresponds to slice identification 02, and so on.
In some embodiments, the slice identification in table 4-2 may be implemented as a slice ID. In other embodiments, the slice identification in table 4-2 may be implemented as an RPID. And is not described in detail herein.
It is noted that, in general, each access control information in the at least one access control information corresponds to an order bit, and each slice identifier in the at least one slice identifier also corresponds to an order bit. Based on this, in the scenario illustrated in the third implementation manner, one slice identifier may correspond to only one access control information.
The implementation mode is four: the corresponding relation between the slice identifier and the access control information is predefined, or the corresponding relation between the slice identifier and the access control information is defined by an operator.
In a fourth implementation, the at least one access control information may only include at least one access control information similar to that in table 1. The correspondence between the slice identifier and the access control information, which is predefined or operator-defined, may be similar to the correspondence illustrated in table 2. After determining the slice identifier of the attempted access slice, the terminal device may determine the access control information corresponding to the corresponding slice identifier according to a predefined or operator-defined correspondence between the slice identifier and the access control information.
Exemplary, the correspondence between the slice id and the access control information defined in advance is shown in table 5.
TABLE 5
In the correspondence illustrated in table 5, each row indicates a correspondence, for example, the slice identifier 01 corresponds to the access control information 01 of the row, and the slice identifier 02 corresponds to the access control information 02 of the row. The corresponding relationships of other rows in table 2 are the same, and are not described herein. Illustratively, the content of the access control information 02 in table 5 is, for example, null (null), and the access control information 01, the access control information 03, the access control information 04, and the access control information 05 all include access categories. Then, the terminal device may access the slice indicated by any one of the slice identifier 01, the slice identifier 03, the slice identifier 04, and the slice identifier 05 according to the corresponding relationship indicated in table 5.
In some embodiments, the slice identification in implementation four may be implemented as a slice ID. In other embodiments, the slice identification in implementation four may be implemented as an RPID. And are not described in detail herein.
Taking the above implementation manner one as an example, the data structure of the at least one access control information may include:
a first data structure: a common access control information data structure. Common access control information refers to an access control information data structure. As shown in Table 6-1:
TABLE 6-1
| >Public access control information: |
| >>slice identifier list: |
| >>>section mark |
| >>>Access control information list |
The data structure of the at least one access control information, illustrated in table 6-1, comprises three call levels. For example, the symbol ">" indicates the data of the first calling level. The symbol "> > >" indicates data of the second call level. The symbol "> > > >" indicates data of the third calling level. If the terminal device receives at least one piece of access control information indicated in table 6-1, the terminal device may execute three times of calls to read the corresponding relationship between the slice identifier and the access control information.
And a second data structure: an access control information data structure corresponding to a Public Land Mobile Network (PLMN). The PLMN refers to a wireless communication network provided by an operator and facing a land mobile communication device. Each PLMN may include at least one slice, and accordingly, a slice under each PLMN may correspond to access control information. The PLMN may be indicated by a PLMN identity. Each terminal device corresponds to a PLMN. The present embodiment may provide access control information for each PLMN. As shown in Table 6-2:
TABLE 6-2
| >Access control information for PLMN: |
| >>PLMN List: |
| >>>PLMN identification |
| >>>Slice identifier list: |
| >>>>section mark |
| >>>>Access control information list |
Table 6-2 illustrates a data structure of at least one access control message comprising four call levels. For example, the symbol ">" indicates data of the first call level. The symbol "> >" indicates data of the second call level. The symbol "> > > > > >" indicates data of the third calling level. The symbol "> > > > > > > > >" indicates data of the fourth calling level. In this embodiment, the at least one access control information received by the terminal device further includes at least one PLMN identifier, and each PLMN identifier may correspond to the at least one access control information. At least one piece of access control information corresponding to any PLMN identification corresponds to at least one slice contained in the PLMN.
It is understood that tables 6-1 and 6-2 are merely data structures that exemplify the above implementation one. At least one access control information illustrated in the second to fourth implementation manners may also be implemented as a data structure similar to table 6-1 or table 6-2. And are not described in detail herein.
It should be noted that, in the scenarios illustrated in the second implementation manner to the fourth implementation manner, the terminal device may further receive at least one slice identifier from the network device. In the scenario of the second implementation, the implementation form of at least one slice identifier may be as shown in table 3-2. In the scenario illustrated in the third implementation manner, an implementation form of at least one slice identifier may be as shown in table 4-2.
In some embodiments, if the slice identifier is implemented as a slice ID in a scenario illustrated in implementation manners two to four, the terminal device may receive at least one slice ID sent by the access network device. In other embodiments, if the slice identifier is implemented as an RPID in the scenario illustrated in the second implementation manner to the fourth implementation manner, the terminal device may receive a correspondence between the RPID and the slice sent by the network device. The correspondence between RPID and slice can be expressed as, for example, a correspondence between RPID and S-NSSAI, or a correspondence between RPID and slice ID. And are not limited herein. Further, in a possible implementation manner, the terminal device may further receive at least one RPID broadcast by the access network device.
As can be seen from the above description of the network device, the network device includes an access network device and a core network device. In some embodiments, the end device may receive a correspondence of RPID and slice from the access network device. Illustratively, the access network device may send the correspondence between the RPID and the slice to the terminal device through an RRC message. After receiving the RRC message, the terminal device may store the RRC message in the AS layer. In other embodiments, the terminal device may receive the correspondence between the RPID and the slice from the core network device. For example, the AMF network element of the core network device may send the correspondence between the RPID and the slice to the terminal device through the NAS message. After receiving the NAS message, the terminal device may save the NAS message in the NAS layer.
It is noted that during the execution of the operations involved in step S101, the terminal device does not establish a connection with the access network device. Based on this, the access network equipment entity broadcasting the at least one access control information may be the same as or different from the access network equipment entity sending the RRC message.
Step S102, the terminal device determines to initiate a Protocol Data Unit (PDU) session.
The PDU service is a service for exchanging PDU packets between the terminal device and the core network device. The purpose of initiating a PDU session by a terminal device is to request a PDU data transmission channel established between the terminal device and a core network device. The terminal device may attempt to access the network slice before initiating the PDU session.
Step S103, the terminal equipment uses the first access control information to execute access control, and the first access control information corresponds to the first slice related to the PDU conversation.
Wherein the at least one piece of access control information includes the first access control information. The first access control information corresponds to a first slice. The first slice is the slice that the terminal device determines the initiated PDU session association.
The terminal device may determine a service type corresponding to the PDU session, and further attempt to access a slice supporting the service type, which is referred to as a first slice in this embodiment of the present application. Then, the terminal device may obtain the slice identifier of the first slice, so as to obtain the first slice identifier. And then, the terminal equipment searches the access control information corresponding to the first slice identifier in at least one piece of access control information to obtain the first access control information. The first access control information comprises access categories supported by the first slice. Furthermore, the terminal device may determine an access restriction parameter corresponding to the corresponding access category through the first access control information, and then perform access control according to the determined access restriction parameter.
As can be seen from the above description of the slice identifier, when the slice identifier is a slice ID, the slice ID directly indicates the slice. When the slice identity is an RPID, the RPID indirectly indicates a slice. Based on this, if the implementation forms of the slice identifiers are different, the operation processes of the terminal device for determining the first access control information according to the first slice identifier are also different.
Taking a slice ID and an RPID as examples, and combining the implementation manner of the correspondence between the access control information and the slice identifier, the following describes an exemplary implementation of performing access control on the terminal device by using the first access control information.
Scene with slice ID as slice ID:
the first implementation method comprises the following steps: corresponding to the first implementation manner, that is, the slice ID directly corresponds to the access control information. In this embodiment, at least one access control message is shown in table 2-1, for example.
The terminal device determines, according to the service type corresponding to the PDU session to be initiated, that the slice initiating the access attempt is the slice identified by slice 02, that is, the slice identified by slice 02 is the first slice described in this embodiment, and correspondingly, the first identification is slice 02. The terminal equipment can also determine the access category according to the service type. Furthermore, the terminal device may find the access control information 02 corresponding to the slice 02 in at least one access control information shown in table 2-1, where the access control information 02 is the first access control information described in this embodiment. The terminal device may find the access category corresponding to the terminal device from the access categories included in the access control information 02, and then perform access control according to the access restriction parameters corresponding to the corresponding access attempt categories.
Embodiment two: corresponding to the second implementation manner, that is, the slice ID corresponds to the access control information through the label. In this embodiment, the terminal device receives at least one piece of access control information and at least one slice ID shown in table 3-1, and the presentation form of the at least one slice ID is similar to that shown in table 3-2.
The terminal device determines a first slice initiating the access attempt and a first slice identifier (also referred to as a first slice ID in this embodiment) according to the service type. Then, the terminal device determines the label corresponding to the first slice ID in the list corresponding to at least one slice ID, for example, obtains the label a002. Then, the terminal device may search for the access control information 02 corresponding to the reference character a002 in at least one access control information shown in table 3-1, further search for an access category corresponding to the terminal device from the access control information 02, and perform access control using the access restriction parameter corresponding to the corresponding access category.
The third embodiment is as follows: corresponding to the third implementation manner, that is, a rule corresponding to the slice ID and the access control information is predefined or defined by the operator, where the rule is, for example, a scene where the slice ID and the access control information have the same sequence order. In this embodiment, the terminal device receives at least one piece of access control information and at least one slice ID as shown in table 4-1, and the presentation form of the at least one slice ID is similar to that shown in table 4-2.
The terminal device determines, according to the service type, a first slice initiating an access attempt, a first slice identifier (also referred to as a first slice ID in this embodiment), and a sequence bit of the first slice ID in a slice ID list. Then, the terminal device searches for the access control information located in the corresponding sequence bit in at least one access control information shown in table 4-1 to obtain the first access control information. Furthermore, the terminal device determines the access category corresponding to the terminal device from the first access control information, and performs access control by using the access restriction parameter corresponding to the corresponding access category.
The fourth embodiment: corresponding to the fourth implementation manner, the corresponding relationship between the slice ID and the access control information is predefined or defined by the operator.
In this embodiment, after determining the first slice and the first slice identifier (also referred to as a first slice ID in this embodiment), the terminal device can directly determine the first access control information corresponding to the first slice ID according to a predefined or operator-defined correspondence relationship. And then, the terminal device searches the access category corresponding to the terminal device from the first access control information, and then the terminal device executes access control by using the access limiting parameter corresponding to the corresponding access category.
Scene with slice id as RPID:
in this embodiment, the terminal device receives a correspondence between an RPID and a slice from the network device. The correspondence of RPID to slices is implemented, for example, as a correspondence of RPID to S-NSSAI.
The fifth embodiment: corresponding to the first implementation manner, the RPID directly corresponds to the access control information. In this embodiment, at least one access control message is shown in table 2-2, for example.
In this embodiment, the terminal device determines, according to the service type, a first slice for initiating an access attempt and an S-NSSAI of the first slice, where the S-NSSAI of the first slice is referred to as a first S-NSSAI in this embodiment. Then, the terminal device determines the RPID corresponding to the first S-NSSAI from the correspondence between the RPID and the S-NSSAI, for example, obtains RPID02, where the RPID02 is the first slice identifier in this embodiment. Furthermore, the terminal device finds the access control information 02 corresponding to the RPID02 (i.e., the first slice identifier) in at least one access control information indicated in table 2-2, where the access control information 02 is the first access control information in this embodiment. Further, the terminal device determines an access restriction parameter used by the terminal device according to the access category contained in the access control information 02, and performs access control according to the determined access restriction parameter.
Embodiment six: corresponding to the second implementation manner, the RPID corresponds to the access control information through the label. In this embodiment, the terminal device receives at least one piece of access control information and at least one piece of RPID as shown in table 3-1, and the presentation form of the at least one piece of RPID is similar to that shown in table 3-2.
Similar to the fifth embodiment, the terminal device determines the first slice and the S-NSSAI of the first slice, and further, the terminal device determines the RPID corresponding to the S-NSSAI of the first slice from the correspondence between the RPID and the S-NSSAI to obtain the first RPID, that is, the first slice identifier of this embodiment. After that, the terminal device determines the label corresponding to the first RPID in the list corresponding to at least one RPID, for example, to obtain label a002. Further, the terminal device finds the access control information 02 corresponding to the reference character a002 in at least one access control information shown in table 3-1, where the access control information 02 is the first access control information of this embodiment. Further, the terminal device determines an access restriction parameter used by the terminal device according to the access category contained in the access control information 02, and performs access control according to the determined access restriction parameter.
Embodiment seven: corresponding to the third implementation manner, a rule for correspondence between the RPID and the access control information is defined in advance or defined by the operator, and the rule for correspondence is that, for example, the RPID with the same sequence order corresponds to the access control information. In this embodiment, the terminal device receives at least one piece of access control information and at least one piece of RPID as shown in table 4-1, and the presentation form of the at least one piece of RPID is similar to that shown in table 4-2.
Similar to the fifth embodiment and the sixth embodiment, the terminal device determines the first slice and the S-NSSAI of the first slice, and further, the terminal device determines the RPID corresponding to the S-NSSAI of the first slice from the correspondence between the RPID and the S-NSSAI to obtain the first RPID, that is, the first slice identifier in this embodiment. In a seventh embodiment, the terminal device determines the sequential bits of the first RPID in the RPID list. Then, the terminal device searches for the access control information located in the corresponding sequence bit in at least one access control information shown in table 4-1 to obtain the first access control information. Furthermore, the terminal device determines an access limiting parameter used by the terminal device according to the access category contained in the first access control information, and performs access control according to the determined access limiting parameter.
Embodiment eight: corresponding to the fourth implementation manner, that is, the corresponding relationship between the RPID and the access control information is predefined or defined by the operator. In the eighth embodiment, the terminal device determines the first slice and the S-NSSAI of the first slice, and determines the RPID corresponding to the S-NSSAI of the first slice from the correspondence between the RPID and the S-NSSAI to obtain the first RPID. Then, the terminal device determines access control information corresponding to the first RPID according to a predefined or operator-defined correspondence relationship, further determines an access restriction parameter according to the determined access control information, and performs access control using the determined access restriction parameter.
It is to be understood that the above-described embodiments are illustrative only and are not to be construed as limiting the examples of the present application. In other embodiments, the correspondence between RPID and slice may also be implemented as a correspondence between RPID and slice ID. Accordingly, the terminal device may determine the first RPID by the slice ID of the first slice. In some other embodiments, the end device may also receive the RPID list broadcast by the access network device. And is not described in detail herein.
In actual implementation, the NAS layer of the terminal device determines to initiate a PDU session, and the AS layer executes an access control procedure. In some embodiments, the NAS layer determines the slice that can be accessed, and initiates a request for an access attempt corresponding to the determined slice, and the NAS layer determines the slice that can be accessed, i.e., the first slice described in the above embodiments. Thereafter, the NAS layer transmits the first slice identity to the AS layer. And then, the AS layer executes access control based on the first access control information corresponding to the first slice identifier. In other embodiments, the NAS layer selects a slice corresponding to the traffic type from among the allowed slices of the terminal, and determines to initiate an access attempt based on the determined slice. The slice selected by the NAS layer is, for example, a second slice, and the slice identifier of the second slice is, for example, a second slice identifier. Thereafter, the NAS layer sends the second slice identification to the AS layer. And the AS layer determines a first slice identifier which accords with the initiated access control flow based on the second slice identifier, and then executes access control according to first access control information corresponding to the first slice identifier.
In a possible implementation manner, the NAS layer maintains the slice remapping policy information, or the NAS layer obtains the slice remapping policy information from the AS layer. Further, the NAS layer selects a slice attempting access, i.e., a second slice, according to the service type. And then the NAS layer detects whether the second slice is a slice supported by the network equipment and an allowed slice of the terminal equipment, and if the second slice is the slice supported by the network equipment and the allowed slice of the terminal equipment, the NAS layer initiates a request for accessing the slice based on the second slice. Accordingly, in this embodiment, the second slice is the first slice described above, and the second slice identifier is also the first slice identifier. If the second slice is a permitted slice of the terminal device, not a slice supported by the network device, but a remapped slice of the first slice supported by the network device, the NAS layer initiates a request for accessing the slice based on the first slice, and transmits the first slice identity to the AS layer. If the second slice is not the allowed slice of the terminal device, or is neither the slice supported by the network device nor the remapped slice of the other slices supported by the network device, the NAS layer does not initiate the access request.
In another possible implementation, the AS layer maintains the slice remapping policy information, or the AS layer obtains the slice remapping policy information from the NAS layer. In this embodiment, the NAS layer selects a slice attempting access, that is, a second slice, from the allowed slices of the terminal device according to the service type. Thereafter, the NAS layer may determine, based on the second slice, to initiate a request to access the slice, and transmit a second slice identification to the AS layer. And then, the AS layer detects whether the second slice is the slice supported by the network equipment, and then, the AS layer determines whether to initiate access control according to the detection result. Illustratively, if the second slice is a slice supported by the network device, the AS layer initiates access control based on the slice identification of the second slice. In this embodiment, the second slice is the first slice described above, and the second slice identifier is the first slice identifier. If the second slice is not a slice supported by the network device but is a remapped slice of the first slice supported by the network device, the AS layer initiates access control based on the first slice. If the second slice is neither a slice supported by the network device nor a remapped slice of other slices supported by the network device, the AS layer does not initiate access control.
In a third possible implementation manner, the AS layer maintains the slice remapping policy information, or the AS layer obtains the slice remapping policy information from the NAS layer, and the AS layer obtains the allowed slice of the terminal device from the NAS layer. In this embodiment, the NAS layer selects a slice attempting to access, i.e., a second slice, according to the service type. Thereafter, the NAS layer may determine to initiate a request to access the slice based on the second slice, and transmit a second slice identification to the AS layer. Furthermore, in this embodiment, the AS layer may detect whether the second slice is a slice supported by the network device and a slice allowed by the terminal device, and then determine whether to initiate access control according to a detection result. Illustratively, if the second slice is a slice supported by the network device and an allowed slice of the terminal device, the AS layer initiates access control based on the slice identification of the second slice. In this embodiment, the second slice is the first slice described above, and the second slice identifier is the first slice identifier. If the second slice is an allowed slice of the terminal device, is not a slice supported by the network device, but is a remapped slice of the first slice supported by the network device, the AS layer initiates access control based on the first slice identification. If the second slice is not the allowed slice of the terminal device, or is neither the slice supported by the network device nor the remapped slice of the other slices supported by the network device, the AS layer does not initiate access control.
It should be noted that the NAS layer is also capable of determining an access category of the terminal device according to the service type and transmitting the determined access category to the AS layer. Correspondingly, the AS layer determines first access control information according to the first slice identifier, further determines the access category of the terminal equipment and the access limiting parameter corresponding to the corresponding access category from the first access control information, and then executes access control by using the corresponding access limiting parameter.
It is to be understood that the above implementation manner of the access control is only an exemplary description, and does not constitute a limitation to the embodiments of the present application. In other embodiments, the processing flow of the NAS layer, the processing flow of the AS layer, and the interaction process between the NAS layer and the AS layer may be different based on different corresponding manners of the access control information and the slice identifier. And is not described in detail herein.
In addition, the terminal device usually accesses a PLMN, and accordingly, the terminal device may correspond to a PLMN id. In some embodiments, if the at least one access control message received by the terminal device is as shown in table 6-1, the PLMN identity is not included. The terminal device may perform access control according to the above-described embodiments. In other embodiments, if at least one access control message received by the terminal device is as shown in table 6-2, the access control message includes a PLMN identifier. The terminal device may first determine at least one access control information corresponding to the PLMN identity of the terminal device, and then determine the first access control information therefrom.
To sum up, in the technical solution of the embodiment of the present application, the access network device maintains at least one piece of access control information, where the at least one piece of access control information corresponds to a slice supported by the access network device, and each piece of access control information includes an access category corresponding to a corresponding slice. And establishing a corresponding relation between each piece of access control information and the slice through the slice identification. After receiving the at least one piece of access control information, the terminal equipment determines a slice initiating an access attempt request and a slice identifier of the slice according to the service type corresponding to the PDU session which is determined to be initiated, further determines the access control information according to the slice identifier, and executes access control by using the determined access control information. Therefore, the access category of the slices of different types is defined by establishing the corresponding relation between the slices and the access control information, so that the access control facing to the network slices is realized. Therefore, the method is not limited by the extensible bit in the access control information, and the flexibility of access category extension can be improved.
The method 100 is only an embodiment in an implementation scenario of the present application, and in actual implementation, part of slices do not allow the terminal device to access. Based on this, as shown in fig. 2B, the present application provides a method flowchart of the access control method 110. The access control method 110 (hereinafter referred to as the method 110) includes the following steps:
step S111, the terminal device receives access indication information from the network device, where the access indication information includes at least one slice identifier and an indication bit indicating whether to allow access corresponding to each slice identifier.
The access indication information comprises at least one slice identifier and an indication bit whether access is allowed or not corresponding to each slice identifier. Illustratively, if the value of the indication bit is 0, it indicates that the slice corresponding to the corresponding slice identifier is allowed to access, and if the value of the indication bit is 1, it indicates that the slice corresponding to the corresponding slice identifier is not allowed to access. And are not limited herein.
An example of presenting the access indication information in tabular form is as follows:
TABLE 7
| Section mark | Bit indicating whether access is allowed |
| Section mark 01 | 0 |
| Section mark 02 | 1 |
| …… | …… |
In the access indication information presented in table 7, each row represents, for example, a corresponding relationship. For example, the value of the bit indicating whether access is allowed or not corresponding to the slice identifier 01 is 0, which indicates that the slice indicated by the slice identifier 01 is allowed to be accessed. The value of the indicator bit indicating whether the slice identifier 02 allows access is 1, which indicates that the slice indicated by the slice identifier 02 does not allow access. The information of other rows not shown in table 7 is the same, and is not described herein.
The slice identifier related to the access indication information is described in the above embodiments, and is not described herein again.
In step S112, the terminal device determines to initiate a PDU session.
In this embodiment, the slice identifier is a slice identifier of the first slice.
Step S113, the terminal device executes access control after determining that the first slice is allowed to be accessed according to the access indication information, wherein the first slice is a PDU session related slice, and the slice identifier of the first slice is a first slice identifier
After the terminal device determines the first slice identifier, the value of the indicator bit indicating whether access is allowed or not corresponding to the first slice identifier may be determined according to the access indication information, so as to determine whether access is allowed or not for the first slice. If the first slice allows access, the terminal device may perform access control according to the embodiment described in method 100. If the first slice does not allow access, the terminal device may not perform the access operation. In conjunction with table 7, for example, the first slice is the slice indicated by the slice identifier 01, the value of the indicator bit indicating whether access is allowed corresponding to the slice identifier 01 is 0, and the terminal device may perform access control on the first slice according to the method 100. For another example, the first slice is the slice indicated by the slice identifier 02, the value of the indicator bit indicating whether access is allowed corresponding to the slice identifier 02 is 1, which indicates that access is not allowed for the first slice, and the terminal device does not perform an access operation.
The access control method of the present application is exemplarily described below with reference to an example.
For example, in the following embodiments, a terminal device is implemented as a UE, an access network device is implemented as a base station, and a core network device includes an AMF network element device, for example.
Fig. 3 shows a network architecture 20. The network architecture 20 includes a UE21, a base station 22 and a core network device 23, and the core network device 23 includes an AMF network element device. The UE21 may access a network provided by the core network device 23 through the base station 22. Base station 22 supports multiple slices and multiple RAN resources in a one-to-many relationship with the slices. At least one access control information corresponding to the plurality of slices is maintained in the base station 22. The UE21 may attempt to access the slice supported by the base station 22.
The AMF network element device in the core network device 23 may be responsible for registration, mobility management, tracking area update process, and the like of the UE21.
It should be noted that the UE21, the base station 22 and the core network device 23 in the network architecture 20 are only definitions of logical function layers, and in practical implementation, the network architecture 20 may include at least one UE entity, at least one base station entity and at least one core network device entity. And are not limited herein.
It should be understood that the network architecture 20 illustrated in fig. 3 is merely illustrative and should not be construed as a limitation of the mobile network architecture of the present application. In other embodiments, the network architecture 20 may include more or fewer devices, etc.
Further, embodiments in various implementation scenarios of the present application are described below with reference to the network architecture 20 illustrated in fig. 3.
In the scenario where the slice ID is implemented as a slice ID, the present application may include the following embodiments.
Fig. 4A illustrates a signaling interaction diagram of an access control method 200. The access control method 200 comprises the following steps:
in step S201, the base station 22 broadcasts at least one slice ID.
Wherein the at least one slice ID is used to indicate the slices supported by the base station 22.
At step S202, the base station 22 broadcasts at least one access control message.
For convenience of description, this embodiment refers to the at least one piece of access control information as an AC list, where each AC in the AC list represents one piece of access control information, and the implementation form of each AC is similar to table 1.
It should be noted that in some embodiments, the base station 22 may broadcast at least one slice ID before broadcasting at least one access control information. In other embodiments, the base station 22 may broadcast the at least one access control information prior to broadcasting the at least one slice ID. In other embodiments, the base station 22 may broadcast the at least one slice ID and the at least one access control information simultaneously. The present application is not limited thereto.
In step S203, the UE21 determines the slice ID of the slice attempting to access. The slice ID of the slice attempting to access is the first slice ID.
Wherein the UE21 determines to initiate a PDU session. Illustratively, the UE21 determines an accessed slice according to the service type corresponding to the PDU session, and then obtains a slice ID of the slice. The slice ID of the slice is the first slice ID.
In step S204, the UE21 determines the first access control information according to the first slice ID.
The UE21 may determine the first access control information corresponding to the first slice ID according to the correspondence between the slice ID and the access control information.
In step S205, the UE21 performs access control according to the first access control information.
Wherein the UE21 knows the access category of the UE21. After determining the first access control information, the UE21 determines an access restriction parameter corresponding to an access category of the UE21 by using the first access control information as an index, and then performs access control according to the access restriction parameter.
Fig. 4B illustrates a signaling interaction diagram of the access control method 300. In an implementation scenario corresponding to the access control method 300 (hereinafter, referred to as the method 300), a rule for associating the slice ID and the access control information is predefined, and the rule is, for example, a scenario in which the slice ID and the access control information have the same sequence order. The method 300 includes the steps of:
in step S301, the base station 22 broadcasts at least one slice ID.
Optionally, after receiving the at least one slice ID, the UE21 may sequentially arrange the at least one slice ID, and the sequentially arranged at least one slice ID may be presented in a list manner, for example, in an arrangement form as illustrated in table 4-2.
In step S302, the base station 22 broadcasts at least one access control message.
Optionally, after receiving the at least one access control information, the UE21 may sequentially arrange the at least one access control information, and the sequentially arranged at least one access control information may be presented in a list manner, for example, in an arrangement form as illustrated in table 4-1.
In actual execution, the execution order of step S301 and step S302 may be interchanged. And are not limited herein.
In step S303, the UE21 determines the slice ID of the slice attempting to access, so as to obtain the first slice ID.
The implementation process of this step may refer to the implementation process of step S203 in the method 200, and is not described in detail here.
Step S304, the UE21 determines the sequence of the first slice ID in at least one slice ID.
The sequence bits of the first slice ID in at least one slice ID are, for example, first sequence bits.
In step S305, the UE21 determines at least one access control information located in the first order bit to obtain the first access control information.
In step S306, the UE21 performs access control according to the first access control information.
The implementation process of this step may refer to the implementation process of step S205 in the method 200, which is not described in detail herein.
It is to be understood that the method 300 is merely an exemplary embodiment. Based on the idea of the method 300, in other embodiments, the sequence corresponding to each slice ID in the slice ID list may be explicitly shown, and the sequence corresponding to each access control information in the access control information list may also be explicitly shown. Thus, the slice ID corresponding to the same sequence number and the access control information are in a corresponding relation. Similar to the method 300, the UE21 may determine the first access control information according to the sequence number and perform access control. Further, in some other embodiments, each slice ID in the slice ID list may even correspond to an alphanumeric label, and each access control information in the access control information list may also correspond to an alphanumeric label. In this embodiment, the slice ID corresponding to the same label corresponds to the access control information. Similar to the method 300, the UE21 may determine the first access control information according to the reference number and perform access control. And are not described in detail herein.
Fig. 4C illustrates a signaling interaction diagram of the access control method 400. In an implementation scenario corresponding to the access control method 400 (hereinafter referred to as the method 400), the slice ID directly corresponds to the access control information. The method 400 includes the steps of:
step S401, the base station 22 broadcasts at least one access control information.
In this embodiment, the at least one piece of access control information includes at least one slice ID and access control information corresponding to each slice ID.
In other embodiments, the base station 22 may also broadcast at least one slice ID. And are not limited herein.
In step S402, the UE21 determines the slice ID of the slice attempting to access, so as to obtain the first slice ID.
In step S403, the UE21 determines first access control information corresponding to the first slice ID based on the at least one piece of access control information.
In step S404, the UE21 performs access control according to the first access control information.
In both method 200 and method 300, UE21 stores both at least one access control information and at least one slice ID at the AS layer. In the method 400, the UE21 stores at least one access control information at the AS layer. Typically, the NAS layer of the UE21 maintains allowed slices of the UE21. Based on this, in any of the methods 200 to 400, after receiving the access control information and the slice ID, the specific interaction process of the AS layer and the NAS layer in the UE21 includes the following three implementation manners.
AS shown in fig. 5A, a signaling interaction method 1000 of an AS layer and an NAS layer includes the following steps:
step S1001, the AS layer determines the slice supported by the base station 22 according to at least one slice ID.
In step S1002, the AS layer transmits the slices supported by the base station 22 to the NAS layer.
In step S1003, the NAS layer initiates an access attempt request based on the slice supported by the base station 22 and the allowed slice of the UE21, where the access attempt request is used to request access to the first slice.
After the UE21 determines to initiate the PDU session, the NAS layer may determine a service type corresponding to the PDU session. Then, the NAS layer determines the slice corresponding to the service type and the access category, and then the NAS layer determines to initiate the access request corresponding to the slice of the corresponding category.
Specifically, the NAS layer selects to access a second slice, and the second slice corresponds to the service type. Thereafter, the NAS layer detects whether the second slice is both a slice supported by the base station 22 and an allowed slice for the UE21. In some embodiments, the second slice is both a slice supported by the base station 22 and an allowed slice of the UE21, and the NAS layer initiates an access attempt request based on the second slice and obtains a slice identity of the second slice. In this embodiment, the second slice is the first slice described above, and the slice identifier of the second slice is also the first slice ID. In other embodiments, the second slice is an allowed slice for the UE21, is not a slice supported by the base station 22, but is a remapped slice of the first slice supported by the base station 22. Then, the NAS layer initiates a request for accessing the slice based on the first slice and determines a slice identity of the first slice to obtain a first slice ID. In this embodiment, the first slice and the second slice are different slices.
In step S1004, the NAS layer transmits the first slice ID to the AS layer.
In addition, the NAS layer also transmits the access category corresponding to the first slice to the AS layer.
In step S1005, the AS layer performs access control based on the first slice ID.
Specifically, the AS layer determines access control information corresponding to the first slice ID in the at least one piece of access control information to obtain the first access control information. Then, the AS layer searches the access category corresponding to the first slice in the first access control information, and then determines the access restriction parameter corresponding to the corresponding access category by taking the first access control information AS an index. Further, the AS layer performs access control according to the determined access restriction parameter.
AS shown in fig. 5B, the signaling interaction method 2000 of the AS layer and the NAS layer includes the following steps:
in step S2001, the AS layer determines the slice supported by the base station 22 according to the at least one slice ID.
In step S2002, the NAS layer determines to initiate an access attempt request based on the slice allowed by the UE21, and determines a second slice ID, where the access attempt request is used to request to access the second slice, and the second slice ID is the slice ID of the second slice.
In this embodiment, after determining the slice corresponding to the service type and the access category, the NAS layer selects a second slice corresponding to the service type from the allowed slices of the UE21, and determines to initiate an access attempt request based on the second slice.
Step S2003, the NAS layer transmits the second slice ID to the AS layer.
In step S2004, the AS layer determines the first slice and the first slice ID for initiating access control based on the slice supported by the base station 22 and the second slice ID.
The first slice ID is the slice ID of the first slice. In this embodiment, the AS layer stores slices supported by the base station 22. Based on this, after receiving the second slice ID, the AS layer may detect whether the second slice indicated by the second slice ID is a slice supported by the base station 22. If the second slice is a slice supported by the base station 22, the AS layer initiates access control based on the second slice. In this embodiment, the second slice is the first slice described above, and the second slice ID is also the first slice ID. If the second slice is not a slice supported by the base station 22 but is a remapped slice of the first slice supported by the base station 22, the NAS layer initiates access control based on the first slice.
In step S2005, the AS layer performs access control based on the first slice ID.
AS shown in fig. 5C, the signaling interaction method 3000 of the AS layer and the NAS layer includes the following steps:
step S3001, the AS layer determines the slice supported by the base station 22 according to at least one slice ID.
In step S3002, the NAS layer transfers the allowed slice of the UE21 to the AS layer.
In step S3003, the NAS layer determines to initiate an access attempt request, where the access attempt request is used to request access to the second slice.
Step S3004, the NAS layer transmits the second slice ID to the AS layer.
Step S3005, the AS layer determines the first slice and the first slice ID for initiating the access control based on the second slice ID, the slice supported by the base station 22, and the allowed slice of the UE21.
The first slice ID is the slice ID of the first slice. In this embodiment, the AS layer detects whether the second slice indicated by the second slice ID is both a slice supported by the base station 22 and an allowed slice of the UE21. In some embodiments, the second slice is both a slice supported by the base station 22 and an allowed slice for the UE21, and the AS layer obtains a slice identification for the second slice to initiate access control based on the second slice. In this embodiment, the second slice is the first slice described above, and the second slice ID is also the first slice ID. In other embodiments, the second slice is an allowed slice for the UE21, is not a slice supported by the base station 22, but is a remapped slice of the first slice supported by the base station 22. Then, the AS layer determines a slice identity of the first slice to initiate access control based on the first slice. In this embodiment, the first slice and the second slice are different slices.
In step S3006, the AS layer performs access control based on the first slice ID.
When the slice identifier is implemented as an RPID, the correspondence between the RPID and the slice may be implemented as a correspondence between the RPID and a slice ID. The present application may include the following embodiments.
Fig. 6A illustrates a signaling interaction diagram of an access control method 500. In an implementation scenario corresponding to access control method 500 (hereinafter referred to as method 500), a correspondence between RPID and access control information is predefined. The method 500 includes the steps of:
in step S501, the base station 22 transmits an RRC message to the UE21.
Wherein, the RRC message contains the corresponding relation between the RPID and the slice ID. The slice ID is used to indicate the slice supported by the base station 22.
It should be noted that, in other embodiments, the AMF network element device in the core network device 23 may send a NAS message to the UE21, where the NAS message includes a correspondence between an RPID and a slice ID. In this embodiment, the base station 22 does not transmit the RRC message to the UE21.
Step S502, the base station 22 broadcasts at least one access control information.
In this embodiment, at least one access control information broadcast by the base station 22 is implemented as an AC list. The AC list is as described in the exemplary embodiment of method 200 and is not described in detail herein.
It is noted that in other embodiments, base station 22 may also broadcast at least one RPID indicating RAN resources supported by base station 22.
In step S503, the UE21 determines the slice ID of the slice attempting to access, so as to obtain the first slice ID.
The implementation process of UE21 determining the first slice ID is the same as the implementation processes illustrated in method 200 to method 400, and is not described in detail here.
In step S504, the UE21 determines the first RPID corresponding to the first slice ID according to the correspondence between the RPID and the slice ID.
In step S505, the UE21 determines the first access control information according to the first RPID.
The UE21 may determine the first access control information corresponding to the first RPID according to a predefined correspondence between the RPID and the access control information.
In step S506, the UE21 performs access control according to the first access control information.
The implementation process in which the UE21 performs access control according to the first access control information is the same as the implementation processes illustrated in the methods 200 to 400, and is not described in detail here.
Fig. 6B illustrates a signaling interaction diagram of an access control method 600. In an implementation scenario corresponding to access control method 600 (hereinafter, referred to as method 600), a rule for associating RPID with access control information is defined in advance, and the rule is, for example, a scenario in which RPID with the same sequence order is associated with access control information. The method 600 includes the steps of:
in step S601, the base station 22 transmits an RRC message to the UE21.
Wherein, the RRC message contains the corresponding relation between the RPID and the slice ID.
In other embodiments, step S601 may also be implemented as: and the AMF network element equipment sends an NAS message to the UE21, wherein the NAS message contains the corresponding relation between the RPID and the slice ID.
In step S602, the base station 22 broadcasts at least one RPID.
The at least one RPID is arranged, for example, as illustrated in table 4-2.
Step S603, the base station 22 broadcasts at least one access control information.
The at least one access control information is arranged, for example, as illustrated in table 4-1.
In actual execution, the execution order of step S601, step S602, and step S603 may be arbitrary. And are not limited herein.
In step S604, the UE21 determines the slice ID of the slice attempting to access, so as to obtain the first slice ID.
In step S605, the UE21 determines a first RPID corresponding to the first slice ID according to the correspondence between the RPID and the slice ID.
In step S606, the UE21 determines the order of the first RPID in at least one RPID.
The sequential bits of the first RPID at the at least one RPID are, for example, second sequential bits.
In step S607, the UE21 determines the access control information located in the second order bit in the at least one access control information to obtain the first access control information.
In step S608, the UE21 performs access control according to the first access control information.
It is understood that based on the idea of the method 600, in other embodiments, the RPID and the access control information may be associated by explicitly indicated sequence numbers. The UE21 may determine the first access control information according to the sequence number and perform access control. In other embodiments, the RPID and the access control information may be associated by the same reference number. The UE21 may determine the first access control information from the label and perform access control. And is not described in detail herein.
Fig. 6C illustrates a signaling interaction diagram of an access control method 700. In an implementation scenario corresponding to access control method 700 (hereinafter referred to as method 700), the RPID directly corresponds to the access control information. The method 700 includes the steps of:
in step S701, the base station 22 transmits an RRC message to the UE21.
Wherein, the RRC message includes a corresponding relationship between the RPID and the slice ID.
In other embodiments, step S601 may also be implemented as: the AMF network element device in the core network device 23 sends a NAS message to the UE21, where the NAS message includes a correspondence between the RPID and the slice ID.
In step S702, the base station 22 broadcasts at least one access control message.
In this embodiment, the at least one piece of access control information includes at least one RPID and access control information corresponding to each RPID.
In step S703, the UE21 determines the slice ID of the slice attempting to access, so as to obtain the first slice ID.
Step S704, the UE21 determines a first RPID corresponding to the first slice ID according to the correspondence between the RPID and the slice ID.
In step S705, the UE21 determines first access control information corresponding to the first RPID based on the at least one piece of access control information.
In step S706, the UE21 performs access control according to the first access control information.
In some embodiments, in any of methods 500 through 700, the base station 22 sends an RRC message to the UE21, and the UE21 stores the RRC message in the AS layer. The NAS layer of UE21 maintains allowed slices for UE21. Based on this, in any of the methods 500 to 700, after receiving at least one access control information and RRC message, the specific interaction procedure of the AS layer and the NAS layer in the UE21 includes the following three embodiments.
AS shown in fig. 7A, the signaling interaction method 4000 of the AS layer and the NAS layer includes the following steps:
step S4001, the AS layer obtains the slice supported by the base station 22 according to the slice ID in the RRC message.
In step S4002, the AS layer transmits the slice supported by the base station 22 to the NAS layer.
Step S4003, the NAS layer initiates an access attempt request based on the slice supported by the base station 22 and the slice allowed by the UE21, and determines a first slice ID, where the access attempt request is used to request access to the first slice, and the first slice ID is the slice ID of the first slice.
The specific implementation process of step S4003 refers to the specific implementation process of step S1003 in the method 1000, and is not described in detail here.
Step S4004, the NAS layer determines a first RPID corresponding to the first slice ID according to the corresponding relation between the RPID and the slice.
In step S4005, the NAS layer transfers the first RPID to the AS layer.
In addition, the NAS layer transmits the access category corresponding to the first slice to the AS layer.
In step S4006, the AS layer performs access control based on the first RPID.
In the specific implementation process of step S4006, similar to the implementation process of step S1005 in the method 1000, in this embodiment, the first RPID corresponds to the first access control information. And is not described in detail herein.
AS shown in fig. 7B, the signaling interaction method 5000 of the AS layer and the NAS layer includes the following steps:
in step S5001, the AS layer obtains the slice supported by the base station 22 according to the slice ID in the RRC message.
In step S5002, the NAS layer determines to initiate an access attempt request based on the slice allowed by the UE21, and determines a second slice ID, where the access attempt request is used to request to access the second slice, and the second slice ID is the slice ID of the second slice.
In this embodiment, reference may be made to the specific implementation process of step S2002 in the method 2000, and details of the specific implementation process of step S5002 are not described here.
Step S5003, the NAS layer transmits the second slice ID to the AS layer.
In step S5004, the AS layer determines the first slice and the first slice ID for initiating the access control based on the slice supported by the base station 22 and the second slice ID.
In this embodiment, reference may be made to the specific implementation process of step S2004 in the method 2000, and details of the implementation process of step S5004 are not described here.
Step S5005, the AS layer determines a first RPID corresponding to the first slice ID according to the correspondence between the RPID and the slice.
In step S5006, the AS layer performs access control based on the first RPID.
AS shown in fig. 7C, the signaling interaction method 6000 of the AS layer and the NAS layer includes the following steps:
in step S6001, the AS layer obtains the slice supported by the base station 22 according to the slice ID in the RRC message.
At step S6002, the NAS layer transfers the allowed slice of the UE21 to the AS layer.
Step S6003, the NAS layer determines to initiate the access attempt request and a second slice ID, where the second slice ID indicates a second slice corresponding to the access attempt request.
In step S6004, the NAS layer transmits the second slice ID to the AS layer.
In step S6005, the AS layer determines the first slice and the first slice ID for initiating access control based on the second slice ID, the slice supported by the base station 22, and the allowed slice of the UE21.
In this embodiment, reference may be made to the specific implementation process of step S3005 in the method 3000, and details of the specific implementation process of step S6005 are not described here.
Step S6006, the AS layer determines a first RPID corresponding to the first slice ID according to the correspondence between the RPIDs and the slices.
At step S6007, the AS layer performs access control based on the first RPID.
In further embodiments, in any of the methods 500 to 700, the AMF network element device 230 sends a NAS message to the UE21, and the UE21 stores the NAS message in a NAS layer. The allowed slices for the UE21 are also maintained in the NAS layer. Based on this, in any of the methods 500 to 700, after receiving at least one access control information and RRC message, the specific interaction procedure of the AS layer and the NAS layer in the UE21 includes the following three embodiments.
AS shown in fig. 7D, a signaling interaction method 7000 for the AS layer and the NAS layer includes the following steps:
step S7001, the NAS layer obtains the slice supported by the base station 22 according to the slice ID in the NAS message.
In step S7002, the NAS layer initiates an access attempt request based on the slice supported by the base station 22 and the allowed slice of the UE21, and determines a first slice ID, where the access attempt request is used to request access to the first slice, and the first slice ID is the slice ID of the first slice.
The specific implementation process of step S7002 refers to the specific implementation process of step S1003 in the method 1000, and is not described in detail here.
Step S7003, the NAS layer determines a first RPID corresponding to the first slice ID according to the correspondence between the RPID and the slice.
Step S7004, the NAS layer transmits the first RPID to the AS layer.
At step S7005, the AS layer performs access control based on the first RPID.
The specific implementation process of step S7005 is similar to the implementation process of step S1005 in the method 1000, and in this embodiment, the first RPID corresponds to the first access control information. And are not described in detail herein.
AS shown in fig. 7E, a signaling interaction method 8000 of the AS layer and the NAS layer includes the following steps:
in step S8001, the NAS layer obtains the slice supported by the base station 22 according to the slice ID in the NAS message.
In step S8002, the NAS layer transfers the slice supported by the base station 22 to the AS layer.
In step S8003, the NAS layer determines to initiate an access attempt request based on the slice allowed by the UE21, and determines a second slice ID, where the access attempt request is used to request access to the second slice, and the second slice ID is a slice ID of the second slice.
In this embodiment, reference may be made to the specific implementation process of step S2002 in the method 2000, and details of the specific implementation process of step S8003 are not described here.
Step S8004, the NAS layer transmits the second slice ID to the AS layer.
In step S8005, the AS layer determines, based on the slice supported by the base station 22 and the second slice ID, the first slice and the first slice ID for initiating access control.
Step S8006, the AS layer determines a first RPID corresponding to the first slice ID according to the correspondence between the RPID and the slice.
In step S8007, the AS layer performs access control based on the first RPID.
AS shown in fig. 7F, a signaling interaction method 9000 of the AS layer and the NAS layer includes the following steps:
in step S9001, the NAS layer obtains the slice supported by the base station 22 according to the slice ID in the NAS message.
In step S9002, the NAS layer transfers the slices supported by the base station 22 and the allowed slices of the UE21 to the AS layer.
At step S9003, the NAS layer determines to initiate an access attempt request based on the slice allowed by UE21, and determines a second slice ID, where the access attempt request is used to request access to the second slice, and the second slice ID is the slice ID of the second slice.
At step S9004, the NAS layer transmits the second slice ID to the AS layer.
At step S9005, the AS layer determines the first slice and the first slice ID for initiating access control based on the second slice ID, the slices supported by the base station 22, and the allowed slices of the UE21.
Step S9006, the AS layer determines a first RPID corresponding to the first slice ID according to the correspondence between the RPID and the slice.
At step S9007, the AS layer performs access control based on the first RPID.
The above embodiments are descriptions of the present solution in combination with different implementation scenarios, and the same or similar steps and implementation processes in the embodiments are the same or similar and may be referred to each other.
It is understood that the methods 1000 to 9000 are illustrative descriptions and do not limit the interaction between the AS layer and the NAS layer. In other embodiments, in the method 8000 and the method 9000, the NAS layer transmits the slice supported by the base station 22 to the AS layer, and may further implement that the NAS layer transmits the correspondence between the slice ID and the RPID to the AS layer, so that the AS layer obtains the slice supported by the base station 22 according to the slice ID or the RPID. Further, in an implementation scenario where the base station 22 broadcasts at least one RPID, the UE21 stores the at least one RPID at the AS layer. The AS layer may also derive base station 22 support slices based on at least one RPID. And are not described in detail herein.
It should be understood that the access control methods illustrated in fig. 4A to fig. 7F are only schematic illustrations and do not limit the access control methods of the present application. In other embodiments, the correspondence between the access control information and the slice may be implemented in other forms as contemplated in the above embodiments. Accordingly, when the implementation form of the correspondence between the access control information and the slice is different from that in the foregoing embodiments, the specific implementation process of the access control method executed by the UE may also be different from that in the foregoing embodiments. This embodiment will not be described in detail here.
In summary, in the technical solution of the embodiment of the present application, an access network device maintains at least one piece of access control information, where the at least one piece of access control information corresponds to a slice supported by the access network device, and each piece of access control information includes an access category corresponding to a corresponding slice. And establishing a corresponding relation between each piece of access control information and the slice through the slice identifier. After receiving the at least one piece of access control information, the terminal equipment determines a slice initiating an access attempt request and a slice identifier of the slice according to the service type corresponding to the PDU session which is determined to be initiated, further determines the access control information according to the slice identifier, and executes access control by using the determined access control information. Therefore, the access category of the slices of different types is defined by establishing the corresponding relation between the slices and the access control information, so that the access control facing to the network slices is realized. Therefore, the method is not limited by the expandable bit in the access control information, and the flexibility of the access category expansion can be improved.
The foregoing embodiments respectively introduce various embodiments of the access control method provided in the embodiments of the present application from the perspective of each device itself and from the perspective of interaction between the devices. In order to implement the functions, each device includes a hardware structure and/or a software module for performing each function. Those of skill in the art will readily appreciate that the present application is capable of hardware or a combination of hardware and computer software implementing the various illustrative modules and steps described in connection with the embodiments disclosed herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
For example, the terminal device may implement the corresponding functions in the form of functional modules. As shown in fig. 8A, the access control device 60 may include, for example, a receiving module 601 and a processing module 602. In some embodiments, the access control apparatus 60 may be configured to perform the embodiments of the access control method performed by the terminal device in fig. 2A and 2B, and the embodiments of the access control method performed by the UE21 in fig. 4A to 7F.
For example: the receiving module 601 may be configured to receive at least one access control information from a network device, where each access control information in the at least one access control information corresponds to a slice identifier, and the slice identifier is used to indicate at least one slice supported by the network device. The processing module 602 may be configured to determine to initiate a protocol data unit, PDU, session and perform access control using first access control information corresponding to a first slice associated with the PDU session, the at least one access control information including the first access control information.
As can be seen, in the embodiment of the present application, each slice corresponds to access control information of the slice. Furthermore, the terminal device can determine access control information according to the slice for attempting access after receiving at least one piece of access control information, and then, the terminal device performs access control using the determined access control information. Therefore, network slice oriented access control can be realized, and the flexibility and the expandability are good.
Optionally, the receiving module 601 is further configured to receive at least one slice identifier from the network device, and access control information corresponding to each slice identifier in the at least one slice identifier.
Optionally, the receiving module 601 is further configured to receive at least one slice identifier.
Optionally, the receiving module 601 is further configured to receive the correspondence between the RPID and the slice.
Optionally, the processing module 602 includes an access AS module and a non-access NAS module, where the at least one access control information and the slice identifier are stored in the AS module, and the NAS module is configured to determine to initiate the PDU session; the NAS module is further configured to send a first slice identifier to the AS module, where the first slice identifier is a slice identifier of a first slice associated with the PDU session; and the AS module is used for executing access control according to the first access control information corresponding to the first slice identifier.
Optionally, the NAS module is further configured to determine to initiate the PDU session if the first slice is a slice supported by the network device and a permitted slice of the terminal device; and if the first slice is a remapped slice of a second slice supported by the network device and an allowed slice of the terminal device, determining to initiate the PDU session, wherein the second slice is a slice initially requested by the NAS module.
Optionally, in other embodiments, the NAS module is further configured to send a second slice identifier to the AS module, where the second slice identifier is a slice identifier of a second slice that the NAS module initiates an initial request; the AS module is configured to determine a first slice identifier according to the second slice identifier, where the first slice identifier is a slice identifier of a first slice associated with the PDU session;
optionally, the AS module is further configured to determine that the second slice is the first slice and determine that the second slice identifier is the first slice identifier if the second slice is a slice supported by the network device and a slice allowed by the terminal device; and if the second slice is a remapped slice of the first slice supported by the network device and the allowed slice of the terminal device, determining that the slice identifier of the first slice is the first slice identifier.
It should be understood that the above division of the modules is only a division of logical functions, and the actual implementation may be wholly or partially integrated into one physical entity or may be physically separated. In this embodiment, the receiving module 601 may be implemented by a transceiver, and the processing module 602 may be implemented by a processor. As shown in fig. 8B, the electronic device 61 may include a processor 611, a transceiver 612, and a memory 613. The memory 613 may be used to store a program or code that is preinstalled in the electronic device 61 at the time of shipment, or may be used to store a code or the like that is executed by the processor 611.
It should be understood that the electronic device 61 of the embodiment of the present application may correspond to the terminal device in fig. 2A and 2B, and the UE21 in fig. 4A to 7F. Among them, the transceiver 612 is used to perform information transceiving performed by the terminal device in fig. 2A and 2B, and information transceiving performed by the UE21 in fig. 4A to 7F. The processor 611 is configured to perform other processing except information transceiving by the terminal device in fig. 2A and 2B, and other processing except information transceiving by the UE21 in fig. 4A to 7F. And will not be described in detail herein.
The processor 611 may include a first sub-processor that implements the function of the NAS layer in the electronic device 61 and a second sub-processor that implements the function of the AS layer in the electronic device 61.
The above embodiments describe the electronic device of the present application from the perspective of an independent functional entity. In another implementation scenario, the functional entities running independently may be integrated into one hardware entity, such as a system-on-a-chip. As shown in fig. 8C, the present application provides a chip system 62, and the chip system 62 is provided in an electronic device 61, for example. The chip system 62 may include at least one processor 621 and an interface 622, the interface 622 being coupled to the processor 621. The interface 622 is used for receiving code instructions and transmitting the code instructions to the processor 621. The processor 621 may execute the code instructions to implement the functions of the electronic device 61 in the embodiment of the present application.
The chip system 62 may include one chip or a chip module composed of a plurality of chips.
For specific content, reference may be made to fig. 2A and fig. 2B, and descriptions of relevant parts in the embodiments corresponding to fig. 4A to fig. 7F, which are not repeated herein.
In specific implementation, the embodiment of the present application further provides a computer storage medium corresponding to a terminal device, where the computer storage medium provided in any device may store a program, and when the program is executed, part or all of steps in each embodiment of the access control method provided in fig. 2A and 2B and fig. 4A to 7F may be implemented. The storage medium in any device may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
One or more of the above modules or units may be implemented in software, hardware or a combination of both. When any of the above modules or units are implemented in software, which is present as computer program instructions and stored in a memory, a processor may be used to execute the program instructions and implement the above method flows. The processor may include, but is not limited to, at least one of: various computing devices that run software, such as a Central Processing Unit (CPU), a microprocessor, a Digital Signal Processor (DSP), a Microcontroller (MCU), or an artificial intelligence processor, may each include one or more cores for executing software instructions to perform operations or processing. The processor may be built in an SoC (system on chip) or an Application Specific Integrated Circuit (ASIC), or may be a separate semiconductor chip. The processor may further include a necessary hardware accelerator such as a Field Programmable Gate Array (FPGA), a PLD (programmable logic device), or a logic circuit for implementing a dedicated logic operation, in addition to a core for executing software instructions to perform an operation or a process.
When the above modules or units are implemented in hardware, the hardware may be any one or any combination of a CPU, a microprocessor, a DSP, an MCU, an artificial intelligence processor, an ASIC, an SoC, an FPGA, a PLD, a dedicated digital circuit, a hardware accelerator, or a discrete device that is not integrated, which may run necessary software or is independent of software to perform the above method flows.
When the above modules or units are implemented using software, they may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to be performed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It should be understood that, in the various embodiments of the present application, the size of the serial number of each process does not mean the execution sequence, and the execution sequence of each process should be determined by the function and the inherent logic thereof, and should not constitute any limitation to the implementation process of the embodiments.
All parts of this specification are described in a progressive manner, and like parts of the various embodiments can be referred to one another, with emphasis on each embodiment being placed on differences from other embodiments. In particular, as to the apparatus and system embodiments, since they are substantially similar to the method embodiments, the description is relatively simple and reference may be made to the description of the method embodiments in relevant places.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (26)
1. An access control method, the method comprising:
the method comprises the steps that terminal equipment receives at least one piece of access control information from network equipment, each piece of access control information in the at least one piece of access control information corresponds to a slice identifier, and the slice identifier is used for indicating at least one slice supported by the network equipment;
the terminal equipment determines to initiate a Protocol Data Unit (PDU) session;
the terminal equipment executes access control by using first access control information, wherein the first access control information corresponds to a first slice associated with the PDU session, and the at least one piece of access control information comprises the first access control information;
the terminal device performs access control using the first access control information, including: the terminal equipment determines the service type corresponding to the PDU session; the terminal equipment tries to access a first slice supporting the service type; the terminal equipment acquires a first slice identifier corresponding to the first slice; the terminal equipment searches for first access control information corresponding to the first slice identifier in the at least one piece of access control information, wherein the first access control information comprises an access category supported by the first slice; the terminal equipment determines an access limiting parameter corresponding to an access category supported by the first slice through the first access control information; and the terminal equipment executes access control according to the access limiting parameters.
2. The method of claim 1, wherein the terminal device receives at least one access control information from a network device, comprising:
the terminal device receives at least one slice identifier from the network device and access control information corresponding to each slice identifier in the at least one slice identifier.
3. The method of claim 1, wherein the method further comprises:
the terminal device receives at least one slice identity.
4. The method of any of claims 1-3, wherein the slice identification comprises an RPID, the method further comprising:
and the terminal equipment receives the corresponding relation between the RPID and the slice.
5. The method of any of claims 1-3, wherein the terminal device comprises an access, AS, layer and a non-access, NAS layer, wherein the at least one access control information and the slice identity are stored at the AS layer,
the terminal equipment determines to initiate the PDU session, and the method comprises the following steps: the NAS layer determines to initiate the PDU session;
the terminal device performs access control using the first access control information, including:
the NAS layer sending a first slice identity to the AS layer, the first slice identity being a slice identity of a first slice associated with the PDU session;
and the AS layer executes access control according to the first access control information corresponding to the first slice identifier.
6. The method of claim 5, wherein the determining, by the NAS layer, to initiate the PDU session comprises:
if the first slice is a slice supported by the network device and a slice allowed by the terminal device, the NAS layer determines to initiate the PDU session; alternatively, the first and second liquid crystal display panels may be,
if the first slice is a remapped slice of a second slice supported by the network device and an allowed slice of the terminal device, the NAS layer determines to initiate the PDU session, and the second slice is a slice initially requested by the NAS layer.
7. The method of any of claims 1-3, wherein the terminal device comprises an access, AS, layer and a non-access, NAS layer, wherein the at least one access control information and the slice identity are stored at the AS layer,
the terminal equipment determines to initiate the PDU session, and the method comprises the following steps: the NAS layer determines to initiate the PDU session;
the terminal device performs access control using the first access control information, including:
the NAS layer sends a second slice identifier to the AS layer, wherein the second slice identifier is the slice identifier of a second slice which is originally requested by the NAS layer;
the AS layer determines a first slice identifier according to the second slice identifier, wherein the first slice identifier is a slice identifier of a first slice associated with the PDU session;
and the AS layer executes access control according to the first access control information corresponding to the first slice identifier.
8. The method of claim 7, wherein the AS layer determining a first slice identity from the second slice identity comprises:
if the second slice is a slice supported by the network device and a slice allowed by the terminal device, the AS layer determines that the second slice is the first slice and determines that the second slice identifier is the first slice identifier; alternatively, the first and second electrodes may be,
if the second slice is a remapped slice of the first slice supported by the network device and an allowed slice of the terminal device, the AS layer determines that the slice identifier of the first slice is the first slice identifier.
9. An access control apparatus, comprising a receiving module and a processing module, wherein the receiving module is configured to receive at least one access control information from a network device, each access control information in the at least one access control information corresponds to a slice identifier, and the slice identifier is used to indicate at least one slice supported by the network device;
the processing module is used for determining to initiate a Protocol Data Unit (PDU) session;
the processing module is further configured to perform access control using first access control information, where the first access control information corresponds to a first slice associated with the PDU session, and the at least one access control information includes the first access control information;
the processing module is specifically configured to determine a service type corresponding to the PDU session; attempting to access a first slice that supports the traffic type; acquiring a first slice identifier corresponding to the first slice; searching for first access control information corresponding to the first slice identifier in the at least one piece of access control information, wherein the first access control information comprises access categories supported by the first slice; determining an access limiting parameter corresponding to an access category supported by the first slice through the first access control information; and executing access control according to the access limiting parameters.
10. The apparatus of claim 9,
the receiving module is further configured to receive at least one slice identifier from the network device, and access control information corresponding to each slice identifier in the at least one slice identifier.
11. The apparatus of claim 9,
the receiving module is further configured to receive at least one slice identifier.
12. The apparatus of any of claims 9-11, wherein the slice identification comprises an RPID,
the receiving module is further configured to receive a correspondence between the RPID and the slice.
13. The apparatus of any of claims 9-11, wherein the processing module comprises an access AS module and a non-access NAS module, the at least one access control information and the slice identification are stored in the AS module,
the NAS module is used for determining to initiate the PDU session;
the NAS module is further configured to send a first slice identifier to the AS module, where the first slice identifier is a slice identifier of a first slice associated with the PDU session;
and the AS module is used for executing access control according to the first access control information corresponding to the first slice identifier.
14. The apparatus of claim 13,
the NAS module is further configured to determine to initiate the PDU session if the first slice is a slice supported by the network device and a slice allowed by a terminal device; and if the first slice is a remapped slice of a second slice supported by the network equipment and a permitted slice of the terminal equipment, determining to initiate the PDU session, wherein the second slice is a slice initially requested by the NAS module.
15. The apparatus of any of claims 9-11, wherein the processing module comprises an access AS module and a non-access NAS module, the at least one access control information and the slice identification are stored in the AS module,
the NAS module is used for determining to initiate the PDU session;
the NAS module is further configured to send a second slice identifier to the AS module, where the second slice identifier is a slice identifier of a second slice that the NAS module initiates an initial request;
the AS module is configured to determine a first slice identifier according to the second slice identifier, where the first slice identifier is a slice identifier of a first slice associated with the PDU session;
and the AS module is also used for executing access control according to the first access control information corresponding to the first slice identifier.
16. The apparatus of claim 15,
the AS module is further configured to determine that the second slice is the first slice and determine that the second slice identifier is the first slice identifier if the second slice is a slice supported by the network device and a slice allowed by a terminal device; and if the second slice is a remapped slice of the first slice supported by the network device and an allowed slice of the terminal device, determining that the slice identifier of the first slice is the first slice identifier.
17. An electronic device, comprising a processor and a transceiver, wherein,
the transceiver is configured to receive at least one piece of access control information from a network device, where each piece of access control information corresponds to a slice identifier, and the slice identifier is used to indicate at least one slice supported by the network device;
the processor is configured to determine to initiate a protocol data unit, PDU, session;
the processor is further configured to perform access control using first access control information, the first access control information corresponding to a first slice associated with the PDU session, the at least one access control information including the first access control information;
the processor is specifically configured to determine a service type corresponding to the PDU session; attempting to access a first slice that supports the traffic type; acquiring a first slice identifier corresponding to the first slice; searching for first access control information corresponding to the first slice identifier in the at least one piece of access control information, wherein the first access control information comprises access categories supported by the first slice; determining an access limiting parameter corresponding to an access category supported by the first slice through the first access control information; and executing access control according to the access limiting parameters.
18. The electronic device of claim 17,
the transceiver is further configured to receive at least one slice identifier from the network device, and access control information corresponding to each slice identifier of the at least one slice identifier.
19. The electronic device of claim 17,
the transceiver is further configured to receive at least one slice identifier.
20. The electronic device of any of claims 17-19,
the transceiver is further configured to receive a correspondence between the RPID and the slice.
21. The electronic device of any one of claims 17-19, wherein the processor includes a first sub-processor and a second sub-processor, the at least one access control information and the slice identification being stored in the second sub-processor,
the first sub-processor is used for determining to initiate the PDU session;
the first sub-processor further configured to send a first slice identification to the second sub-processor, the first slice identification being a slice identification of a first slice associated with the PDU session;
and the second sub-processor is used for executing access control according to the first access control information corresponding to the first slice identifier.
22. The electronic device of claim 21,
the first sub-processor is further configured to determine to initiate the PDU session if the first slice is a slice supported by the network device and a slice allowed by a terminal device; and determining to initiate the PDU session if the first slice is a remapped slice of a second slice supported by the network device and an allowed slice of the terminal device, the second slice being a slice initially requested by the first sub-processor.
23. The electronic device of any of claims 17-19, wherein the processor includes a first sub-processor and a second sub-processor, wherein the at least one access control information and the slice identifier are stored in the second sub-processor,
the first sub-processor is used for determining to initiate the PDU session;
the first sub-processor is further configured to send a second slice identifier to the second sub-processor, where the second slice identifier is a slice identifier of a second slice for which the second sub-processor initiates an initial request;
the second sub-processor is configured to determine a first slice identifier according to the second slice identifier, where the first slice identifier is a slice identifier of a first slice associated with the PDU session;
the second sub-processor is further configured to execute access control according to the first access control information corresponding to the first slice identifier.
24. The electronic device of claim 23,
the second sub-processor is further configured to determine that the second slice is the first slice and determine that the second slice identifier is the first slice identifier if the second slice is a slice supported by the network device and a slice allowed by a terminal device; and if the second slice is a remapped slice of the first slice supported by the network device and an allowed slice of the terminal device, determining that the slice identifier of the first slice is the first slice identifier.
25. A chip system, comprising at least one processor and an interface; the interface is configured to receive code instructions and transmit the code instructions to the at least one processor; the at least one processor executes the code instructions to perform the method of any of claims 1-8.
26. A computer-readable storage medium, comprising a computer program which, when run on a computer, causes the computer to perform the method of any one of claims 1-8.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010493488.1A CN113766607B (en) | 2020-06-03 | 2020-06-03 | Access control method and related equipment |
| PCT/CN2021/094598 WO2021244291A1 (en) | 2020-06-03 | 2021-05-19 | Access control method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010493488.1A CN113766607B (en) | 2020-06-03 | 2020-06-03 | Access control method and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113766607A CN113766607A (en) | 2021-12-07 |
| CN113766607B true CN113766607B (en) | 2023-03-31 |
Family
ID=78783187
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010493488.1A Active CN113766607B (en) | 2020-06-03 | 2020-06-03 | Access control method and related equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113766607B (en) |
| WO (1) | WO2021244291A1 (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109429361A (en) * | 2017-07-18 | 2019-03-05 | 华为技术有限公司 | Conversation processing method and device |
| CN109964468A (en) * | 2016-11-14 | 2019-07-02 | 华为技术有限公司 | Conversation processing method, device and system |
Family Cites Families (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10536946B2 (en) * | 2015-12-08 | 2020-01-14 | Huawei Technologies Co., Ltd. | Method and system for performing network slicing in a radio access network |
| US10142994B2 (en) * | 2016-04-18 | 2018-11-27 | Electronics And Telecommunications Research Institute | Communication method and apparatus using network slicing |
| CN108811168B (en) * | 2016-08-12 | 2020-01-17 | 华为技术有限公司 | Access control method and device of wireless network |
| CN108616995B (en) * | 2016-12-30 | 2021-07-30 | 中国电信股份有限公司 | Mobile network service adaptation method, equipment, terminal, base station and mobile communication system |
| CN108366369B (en) * | 2017-01-26 | 2021-02-12 | 华为技术有限公司 | Method for data secure transmission, access network, terminal and core network equipment |
| US10397892B2 (en) * | 2017-02-06 | 2019-08-27 | Huawei Technologies Co., Ltd. | Network registration and network slice selection system and method |
| JP6737729B2 (en) * | 2017-03-22 | 2020-08-12 | 株式会社Nttドコモ | Information notification method and mobile communication system |
| CN110383896B (en) * | 2017-03-28 | 2020-11-10 | 华为技术有限公司 | Network access method, terminal, access network and core network |
| MX2019000354A (en) * | 2017-04-19 | 2019-05-23 | Lg Electronics Inc | Method for processing pdu session establishment procedure and amf node. |
| EP4181579A1 (en) * | 2017-05-08 | 2023-05-17 | Motorola Mobility LLC | Method and apparatuses for reconfiguring a data connection |
| CN109391648B (en) * | 2017-08-04 | 2020-12-22 | 华为技术有限公司 | Method and device for associating application with network slice and communication system |
| CN109547231B (en) * | 2017-09-22 | 2020-10-23 | 华为技术有限公司 | Network slice management method and device |
| US10383046B2 (en) * | 2017-10-20 | 2019-08-13 | Verizon Patent And Licensing Inc. | RAN-core pairing service |
| EP3522597A1 (en) * | 2018-02-05 | 2019-08-07 | Orange | End-to-end network slice selection and configuration |
| CN110120879B (en) * | 2018-02-06 | 2020-12-01 | 华为技术有限公司 | Method, device and system for guaranteeing application service level protocol |
| CN110278096B (en) * | 2018-03-14 | 2022-01-07 | 华为技术有限公司 | Communication method and device based on network slice |
| CN110392448B (en) * | 2018-04-18 | 2021-08-13 | 华为技术有限公司 | Session reestablishment method, device and system |
| CN113453301B (en) * | 2018-06-26 | 2023-02-21 | 大唐移动通信设备有限公司 | AMF, network slice selection method and AMF |
| EP3589029A1 (en) * | 2018-06-26 | 2020-01-01 | Gemalto M2M GmbH | Method for selection of a network slice |
| CN111148165B (en) * | 2018-11-06 | 2021-06-01 | 华为技术有限公司 | Method and device for processing user access in network slice |
| CN111200859A (en) * | 2018-11-19 | 2020-05-26 | 华为技术有限公司 | Network slice selection method, network equipment and terminal |
-
2020
- 2020-06-03 CN CN202010493488.1A patent/CN113766607B/en active Active
-
2021
- 2021-05-19 WO PCT/CN2021/094598 patent/WO2021244291A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109964468A (en) * | 2016-11-14 | 2019-07-02 | 华为技术有限公司 | Conversation processing method, device and system |
| CN109429361A (en) * | 2017-07-18 | 2019-03-05 | 华为技术有限公司 | Conversation processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021244291A1 (en) | 2021-12-09 |
| CN113766607A (en) | 2021-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7086082B2 (en) | Methods and equipment for selecting access and mobility management functions in mobile communication systems | |
| US9572190B2 (en) | Device and method for associating with WiFi networks | |
| US11089477B2 (en) | Methods and apparatus for obtaining a service | |
| US8606284B2 (en) | Terminal having transfer mode and network connection method | |
| CN106572516A (en) | Network slice selection method, terminal equipment and network equipment | |
| KR101683163B1 (en) | System and method for online sign up provider selection | |
| EP3512118A1 (en) | Method and device for transmitting response message | |
| US10616784B2 (en) | Methods and apparatus for management of data privacy | |
| CN110475314B (en) | Communication method and device | |
| KR20210030771A (en) | Method and apparatus for providing policy of a terminal in a wireless communication system | |
| CN102960024A (en) | Network selection | |
| KR101434746B1 (en) | Method for providing content to mobile terminal in the content centric network | |
| US20130237225A1 (en) | Enhanced membership indication for closed subscriber group radio access network sharing | |
| US20220191772A1 (en) | Method for Network Identification Dissemination | |
| KR20220117807A (en) | Public land mobile network selection for disaster roaming | |
| CN103841625A (en) | WLAN access method and WLAN access device | |
| CN102340539A (en) | Communication control device, communication control system, communication control method, and program | |
| CN113228743A (en) | User equipment and access control method thereof through access classification | |
| CN104782100A (en) | Apparatus and methods for anonymous paired device discovery in wireless communications systems | |
| CN113766607B (en) | Access control method and related equipment | |
| US9730018B2 (en) | Intelligent guiding method and system based on M2M system | |
| EP2745551B1 (en) | Methods and apparatus for management of data privacy | |
| CN112929878B (en) | User equipment mobility management method and device and computer readable storage medium | |
| KR20140042752A (en) | Method of device to device discovery and apparatus thereof | |
| CN115553039A (en) | Apparatus and method for wireless communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |