CN114828010B - Method for safely accessing network slice based on application attribute and related equipment - Google Patents

Method for safely accessing network slice based on application attribute and related equipment Download PDF

Info

Publication number
CN114828010B
CN114828010B CN202210434192.1A CN202210434192A CN114828010B CN 114828010 B CN114828010 B CN 114828010B CN 202210434192 A CN202210434192 A CN 202210434192A CN 114828010 B CN114828010 B CN 114828010B
Authority
CN
China
Prior art keywords
application
slice
middleware
terminal
slicing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210434192.1A
Other languages
Chinese (zh)
Other versions
CN114828010A (en
Inventor
黄海
杨敏维
陈平辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202210434192.1A priority Critical patent/CN114828010B/en
Publication of CN114828010A publication Critical patent/CN114828010A/en
Application granted granted Critical
Publication of CN114828010B publication Critical patent/CN114828010B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/08Testing, supervising or monitoring using real traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/24Connectivity information management, e.g. connectivity discovery or connectivity update
    • H04W40/246Connectivity information discovery

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method and related equipment for safely accessing to a network slice based on application attributes, wherein the method comprises the following steps: the slice application management server acquires flow descriptor parameters in a user routing policy rule from the network element; the slice application management server establishes an association between an application identifier and an application attribute to form an association list; the slice middleware monitors the running state of the application on the 5G terminal; in response to the slicing middleware monitoring the application starting, the slicing middleware or the slicing application management server matches application parameters of the application with the association list; if the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice to the modem, a new route and request information for binding the new slice to the new route; and the modem executes the execution instruction according to the request information, and the newly built route is used for the application to send data. The present invention addresses the need for application slice authentication for various scenarios.

Description

Method for safely accessing network slice based on application attribute and related equipment
Technical Field
The present invention relates to the field of communications, and in particular, to a method, system, device, and storage medium for securely accessing a network slice based on application attributes.
Background
Currently, in order to secure access to application-level network slices, application authentication on an AAA (Authentication, authorization, accounting) server deployed by an operator or a third party is required for application identification based applications.
The existing slice authentication method can be seen in fig. 1. The slice authentication method shown in fig. 1 includes the following steps: s110: the user terminal initiates registration in a 5G network and carries network slice information; s120: the terminal obtains a user routing strategy rule complete set from a network element; step S130, terminal application operation; step S140A and step S140B are two implementations. Step S140A: the application forwards the application identification to the modem via the operating system. Step S140B: the operating system sends the application attribute as an application identification to the modem by automatic detection. Step S150: the modem initiates a PDU session for the application and binds the route; step S160: the application sends the data through the route. In this manner, step S140A needs to upgrade the application, so that the application has the capability of sending the application identifier; in step S140B, since the user routing policy rule is formulated by the operator, the mapping relationship between the application identifier and the application in the user routing policy rule is not clear by the operating system, so that the operating system vendor needs to access the service provisioning flow. Thus, the above approach requires either retrofitting applications or retrofitting operating systems. Meanwhile, in combination with fig. 2, in the authentication manner, network element interaction between the 5G terminal and the 5G core network is performed through a southbound interface.
The slice authentication in the above manner may be as shown in fig. 3 or fig. 4. In the slice authentication shown in fig. 3, only slice authentication is performed based on slices. When the authentication of the first application passes, the other subsequent applications select the existing PDU session or slice, and do not need to perform network slice authentication, and directly use network slice resources, which may cause slice embezzlement and the like. In the slice authentication mode shown in fig. 4, the 3GPP slice authentication procedure is changed, and the 5G core network element AMF (Access and Mobility Management Function )/NSSAAF (Network Slice Specific Authentication and Authorization Function, authentication and authorization function specific to network slice) support is relied on, so that an AAA server needs to be deployed for an application, which is difficult to implement in a short period of time.
In this way, in the slice deployment process, the terminal operating system and the modem do not support application slice authentication, so that the modes of fig. 1 and fig. 2 cannot be used temporarily, and most applications do not deploy a special authentication server for the applications.
Thus, how to cope with the requirements of various scenes on application slice authentication is a technical problem to be solved urgently by those skilled in the art.
It should be noted that the information disclosed in the foregoing background section is only for enhancement of understanding of the background of the invention and thus may include information that does not form the prior art that is already known to those of ordinary skill in the art.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a method, a system, equipment and a storage medium for safely accessing to a network slice based on application attributes, which overcome the difficulties in the prior art and meet the requirements of various scenes on application slice authentication.
The embodiment of the invention provides a method for safely accessing a network slice based on application attributes, which comprises the following steps:
the slice application management server acquires flow descriptor parameters in a user routing policy rule from a network element of a 5G core network;
the slice application management server establishes association between application identifiers and application attributes in the flow descriptor parameters to form an association list;
the method comprises the steps that a slice middleware of a 5G terminal monitors the running state of an application on the 5G terminal;
responding to the slicing middleware to monitor the starting of the application on the 5G terminal, and matching the application parameters of the application with the association list by the slicing middleware or the slicing application management server;
If the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to a modem of the 5G terminal;
and the modem of the 5G terminal executes new slicing, new routing and binds the new slicing with the new routing according to the request information, and the new routing is used for the application to send data.
In some embodiments of the present application, before the slicing middleware or the slicing application management server matches the application parameters of the application with the association list, the responding to the slicing middleware monitoring the application start on the 5G terminal includes:
after the 5G terminal is on line, the slice middleware in the 5G terminal obtains the association list from the slice application management server,
and the matching of the application parameters of the application and the association list is executed by the slicing middleware.
In some embodiments of the application, the slice middleware in the 5G terminal updates the association list obtained from the slice application management server at regular time.
In some embodiments of the present application, the responding to the slicing middleware monitoring the application start on the 5G terminal, the slicing middleware or the slicing application management server matching the application parameters of the application with the association list includes:
the slice middleware sends application parameters of the application to the slice application management server;
the slice application management server matches the application parameters of the application with the association list;
and the slice application management server returns a matching result to the slice middleware.
In some embodiments of the present application, if the application parameter of the application matches any one of the association lists, the matching result is true; otherwise, the matching result is false,
the slice application management server returns a matching result to the slice middleware to be true or false; or in response to the matching result being true, the slice application management server returns the application identifier and/or the application attribute in the flow descriptor parameter to the slice middleware.
In some embodiments of the present application, before the slice application management server obtains the traffic descriptor parameters in the user routing policy rule from the network element of the 5G core network, the slice application management server includes:
The 5G terminal registers a 5G core network, and a network element of the 5G core network sends the user routing policy rule to a modem of the 5G terminal through a southbound interface of the 5G terminal.
In some embodiments of the application, the slice application management server communicates with slice middleware of the 5G terminal through a northbound interface of the 5G terminal.
According to still another aspect of the present application, there is also provided a method for securely accessing a network slice based on application attributes, applied to a slice application management server, including:
the slice application management server acquires flow descriptor parameters in a user routing policy rule from a network element of a 5G core network;
the slice application management server establishes an association between the application identification and the application attribute in the flow descriptor parameters, forms an association list,
the slice application management server is in communication with the slice middleware of the 5G terminal so as to match application parameters of an application started by the 5G terminal with the association list, and the matching result is used for the slice middleware to initiate new slices, new routes and bind the new slices with request information of the new routes to a modem of the 5G terminal.
According to still another aspect of the present application, there is also provided a method for securely accessing a network slice based on application attributes, applied to a slice middleware on a 5G terminal, including:
the slice middleware of the 5G terminal monitors the running state of the application on the 5G terminal;
in response to the slicing middleware monitoring the application start on the 5G terminal, the slicing middleware or the slicing application management server matches application parameters of the application with an association list, wherein the association list is formed by the slicing application management server acquiring application identifiers and application attributes in flow descriptor parameters in a user routing policy rule from network elements of a 5G core network
If the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to the modem of the 5G terminal.
According to still another aspect of the present application, there is also provided a system for securely accessing a network slice based on application attributes, including:
the 5G terminal comprises an application, a slicing middleware and a modem;
a slice application management server;
The slice application management server acquires flow descriptor parameters in a user routing policy rule from a network element of a 5G core network;
the slice application management server establishes association between application identifiers and application attributes in the flow descriptor parameters to form an association list;
the method comprises the steps that a slice middleware of a 5G terminal monitors the running state of an application on the 5G terminal;
responding to the slicing middleware to monitor the starting of the application on the 5G terminal, and matching the application parameters of the application with the association list by the slicing middleware or the slicing application management server;
if the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to a modem of the 5G terminal;
and the modem of the 5G terminal executes new slicing, new routing and binds the new slicing with the new routing according to the request information, and the new routing is used for the application to send data.
According to still another aspect of the present invention, there is also provided a processing device for securely accessing a network slice based on application attributes, including:
A processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the steps of the method of securely accessing a network slice based on application attributes as described above via execution of the executable instructions.
Embodiments of the present application also provide a computer-readable storage medium storing a program that, when executed, implements the steps of the method for securely accessing a network slice based on application attributes described above.
Compared with the prior art, the application aims at:
the association list of the urs (UE Route Selection Policy, user routing policy) rules is obtained from the slice application management server through the slice middleware of the 5G terminal. When the 5G terminal application runs, the slice middleware acquires running application parameters and matches with application information in the association list, and establishes a slice and a route for successfully matched applications and binds the route, thereby realizing a method for safely accessing the network slice based on the application attribute. The application provides an application access slice verification mechanism based on application attributes, does not need to change the existing 3GPP standard flow, does not need to change the application of the terminal, can solve the problem that which applications of the terminal can initiate slice establishment and route binding, and is convenient for quick deployment and implementation of operators.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings.
Fig. 1 is a flow chart of existing slice access.
Fig. 2 is a schematic diagram of a prior art slice access system.
Fig. 3 is a flow chart of an existing slice authentication.
Fig. 4 is a flow chart of another prior art slice authentication.
Fig. 5 is a flow chart of a method of securely accessing a network slice based on application attributes in accordance with an embodiment of the present invention.
Fig. 6 is a flow chart of a method for secure access network slicing based on application attributes in accordance with a specific embodiment of the present invention.
Fig. 7 is a flow chart of a method for secure access network slicing based on application attributes in accordance with another specific embodiment of the present invention.
Fig. 8 is a flow chart of a method of the present invention for performing secure access network slicing based on application attributes at a slice application management server.
Fig. 9 is a flow chart of a method of the present invention for performing application attribute based secure access network slicing in the slicing middleware.
Fig. 10 is a block diagram of a system for secure access to a network slice based on application attributes in accordance with an embodiment of the present invention.
Fig. 11 is a block diagram of a slice application management server according to an embodiment of the present invention.
Fig. 12 is a block diagram of a slicing middleware of an embodiment of the present invention.
Fig. 13 is a schematic structural diagram of an apparatus for secure access to a network slice based on application attributes of the present invention.
Fig. 14 is a schematic structural view of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the example embodiments may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar structures, and thus a repetitive description thereof will be omitted.
Referring to fig. 1, fig. 1 is a flowchart of one embodiment of a method of the present invention for application-attribute-based secure access network slicing for a calling terminal. The embodiment of the invention provides a method for safely accessing to a network slice based on application attributes, which comprises the following steps:
step S510: the slice application management server obtains the flow descriptor parameters in the user routing policy rules from the network element of the 5G core network.
Specifically, before step S510, it may further include: when the 5G terminal registers with the 5G core network, the PCF (Policy Control function policy control function) issues URSP rules (including TD (traffic descriptor) and RSD (routing descriptor) parameters) to the modem of the 5G terminal via the southbound interface.
Specifically, the network element in step S110 may be a policy control function network element or a UDM (unified data management function Unified Data Management) network element, which is not limited by the present application.
Specifically, the PCF network element of the 5G core network is configured to store and issue the urs rules, and the slice application management server may obtain key parameters of the urs rules from the PCF. The UDM of the 5G core network is used to store information that the user has subscribed to a service level agreement with the operator, including, but not limited to, attributes of the application (attributes that may be associated with the application identity), subscription DNN (Data Network Name ). The NSSAAF network element of the 5G core network is used for providing a network slice authentication and authorization function.
Step S520: the slice application management server establishes an association between the application identifier and the application attribute in the flow descriptor parameter to form an association list.
Step S530: the slice middleware of the 5G terminal monitors the running state of the application on the 5G terminal.
Step S540: and responding to the slicing middleware to monitor the starting of the application on the 5G terminal, and matching the application parameters of the application with the association list by the slicing middleware or the slicing application management server.
Step S550: if the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to the modem of the 5G terminal.
Step S560: and the modem of the 5G terminal executes new slicing, new routing and binds the new slicing with the new routing according to the request information, and the new routing is used for the application to send data.
The slice application management server communicates with slice middleware of the 5G terminal through a northbound interface of the 5G terminal. Therefore, the slice access authentication of the application is performed through the northbound interface, and the slice access and the route binding based on the application attribute are completed by matching with the southbound interface, so that the preliminary authentication of the application based on the application attribute can be provided, and the implementation and the deployment are facilitated.
Thus, the association list of the urs (UE Route Selection Policy, user routing policy) rule is acquired from the slice application management server through the slice middleware of the 5G terminal. When the 5G terminal application runs, the slice middleware acquires running application parameters and matches with application information in the association list, and establishes a slice and a route for successfully matched applications and binds the route, thereby realizing a method for safely accessing the network slice based on the application attribute. The application provides an application access slice verification mechanism based on application attributes, does not need to change the existing 3GPP standard flow, does not need to change the application of the terminal, can solve the problem that which applications of the terminal can initiate slice establishment and route binding, and is convenient for quick deployment and implementation of operators.
Referring now to fig. 6, fig. 6 is a flow chart of a method for secure access network slicing based on application attributes in accordance with an embodiment of the present application. A method for securely accessing a network slice based on application attributes in a specific embodiment comprises the steps of:
step S610: the slice application management server obtains the flow descriptor parameters in the user routing policy rules from the network element of the 5G core network.
Step S620: the slice application management server establishes an association between the application identifier and the application attribute in the flow descriptor parameter to form an association list.
Step S630: after the 5G terminal is on line, the slice middleware in the 5G terminal obtains the association list from the slice application management server,
further, the slice middleware in the 5G terminal may update the association list acquired from the slice application management server at regular time.
Step S640: the slice middleware of the 5G terminal monitors the running state of the application on the 5G terminal.
Step S650: and in response to the slicing middleware monitoring the starting of the application on the 5G terminal, the slicing middleware matches the application parameters of the application with the association list.
Step S660: if the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to the modem of the 5G terminal.
Step S670: and the modem of the 5G terminal executes new slicing, new routing and binds the new slicing with the new routing according to the request information, and the new routing is used for the application to send data.
Referring now to fig. 7, fig. 7 is a flow chart of a method for secure access network slicing based on application attributes in accordance with another specific embodiment of the present invention. Another embodiment of a method for securely accessing a network slice based on application attributes includes the steps of:
step S710: the slice application management server obtains the flow descriptor parameters in the user routing policy rules from the network element of the 5G core network.
Step S720: the slice application management server establishes an association between the application identifier and the application attribute in the flow descriptor parameter to form an association list.
Step S730: the slice middleware of the 5G terminal monitors the running state of the application on the 5G terminal.
Step S740: the slice middleware sends application parameters of the application to the slice application management server.
Step S750: the slice application management server matches the application parameters of the application with the association list;
step S760: and the slice application management server returns a matching result to the slice middleware.
Specifically, if the application parameter of the application is matched with any one of the association lists, the matching result is true; otherwise, the matching result is false. The slice application management server returns a matching result to the slice middleware to be true or false; or in response to the matching result being true, the slice application management server returns the application identifier and/or the application attribute in the flow descriptor parameter to the slice middleware.
Step S770: if the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to the modem of the 5G terminal.
Step S780: and the modem of the 5G terminal executes new slicing, new routing and binds the new slicing with the new routing according to the request information, and the new routing is used for the application to send data.
Referring now to fig. 8, fig. 8 is a flow chart of a method of the present invention for performing secure access network slicing based on application attributes at a slice application management server. Fig. 8 shows the following steps in total:
step S810: the slice application management server acquires flow descriptor parameters in a user routing policy rule from a network element of a 5G core network;
step S820: the slice application management server establishes an association between the application identification and the application attribute in the flow descriptor parameters, forms an association list,
the slice application management server is in communication with the slice middleware of the 5G terminal so as to match application parameters of an application started by the 5G terminal with the association list, and the matching result is used for the slice middleware to initiate new slices, new routes and bind the new slices with request information of the new routes to a modem of the 5G terminal.
Referring now to fig. 9, fig. 9 is a flow chart of a method of the present invention for performing application attribute based secure access network slicing in the slicing middleware. Fig. 9 shows the following steps in total:
step S910: the slice middleware of the 5G terminal monitors the running state of the application on the 5G terminal;
step S920: and responding to the slicing middleware to monitor the starting of the application on the 5G terminal, the slicing middleware or the slicing application management server matches the application parameters of the application with an association list, and the association list is formed by the slicing application management server acquiring the application identifier and the application attribute in the flow descriptor parameters in the user routing policy rule from the network element of the 5G core network.
Step S930: if the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to the modem of the 5G terminal.
The foregoing is merely illustrative of specific embodiments of the present invention, and the present invention is not limited thereto, and the splitting, merging, performing sequence change, module splitting, merging, and information transmission change of the steps are all within the scope of the present invention.
Fig. 10 is a block diagram of a system for secure access to a network slice based on application attributes in accordance with an embodiment of the present invention. The system for secure access network slicing based on application attributes includes a 5G terminal 1000 and a slice application management server 1040.5G terminal 1000 can include application 1010, slicing middleware 1020, and modem 1030.
After application 1010 installed on 5G terminal 1000 is running, network slice access based on the application identification may be initiated. The slice middleware 1020 is installed on the 5G terminal 1000, and obtains the urs key parameters (including a traffic descriptor TD (including but not limited to attributes such as APP ID and DNN) and a routing descriptor RSD, creating a slice for APP, creating a route for APP, and binding a route) from the slice middleware access slice application management server 1040.
Thus, the slice application management server 1040 obtains the traffic descriptor parameters in the user routing policy rules from the network element 4050 of the 5G core network. The slice application management server 1040 establishes an association between the application identifier and the application attribute in the traffic descriptor parameter, forming an association list. Slice middleware 1020 of 5G terminal 1000 monitors the running state of applications 1010 on the 5G terminal 1000. In response to the slicing middleware 1020 monitoring that an application 1010 on the 5G terminal 1000 is launched, the slicing middleware 1020 or the slicing application management server 1040 matches application parameters of the application with the association list. If the application parameters of the application 1000 match any one of the association lists, the slice middleware 1020 initiates a new slice, a new route, and a request message binding the new slice to the new route to the modem 1030 of the 5G terminal 1000. Modem 1030 of 5G terminal 1000 executes the new slice, the new route, and binds the new slice to the new route according to the request information, and the new route is provided for application 1010 to transmit data.
Thus, 5G terminal 1000 provides a validation mechanism for application access slices based on application attributes through a northbound interface, through the cooperation of terminal slice middleware 1020 and slice application management server 1040; NAS signaling and flow of the existing 3GPP standard are not required to be changed, so that the deployment and implementation of operators are facilitated; the problem of which applications of the terminal can initiate slice establishment and route binding can be solved without changing the applications
Referring now to fig. 11, fig. 11 is a block diagram of a slice application management server according to an embodiment of the present invention. The slice application management server 1100 includes:
the acquiring module 1110 is configured to acquire a flow descriptor parameter in a user routing policy rule from a network element of the 5G core network;
the association list generation module 1120 is configured to establish an association between the application identifier and the application attribute in the traffic descriptor parameter, form an association list,
the slice application management server is in communication with the slice middleware of the 5G terminal so as to match application parameters of an application started by the 5G terminal with the association list, and the matching result is used for the slice middleware to initiate new slices, new routes and bind the new slices with request information of the new routes to a modem of the 5G terminal.
Referring now to fig. 12, fig. 12 is a block diagram of a slicing middleware according to an embodiment of the present invention. The slice intermediate 1200 includes:
the monitoring module 1210 is configured to monitor an operation state of an application on the 5G terminal;
the matching module 1220, in response to the slicing middleware monitoring the application launch on the 5G terminal, matches the application parameters of the application with an association list formed by the slicing application management server acquiring the application identifier and the application attribute in the flow descriptor parameters in the user routing policy rule from the network element of the 5G core network
The request initiating module 1230 is configured to initiate a new slice, a new route, and bind the new slice to the request information of the new route to the modem of the 5G terminal if the application parameter of the application matches any one of the association lists.
The implementation principle of the above module is referred to in the related description of the method for safely accessing to the network slice based on the application attribute, and will not be repeated here.
The device for safely accessing the network slice based on the application attribute acquires the association list of URSP (UE Route Selection Policy, user routing policy) rules from the slice application management server through the slice middleware of the 5G terminal. When the 5G terminal application runs, the slice middleware acquires running application parameters and matches with application information in the association list, and establishes a slice and a route for successfully matched applications and binds the route, thereby realizing a method for safely accessing the network slice based on the application attribute. The application provides an application access slice verification mechanism based on application attributes, does not need to change the existing 3GPP standard flow, does not need to change the application of the terminal, can solve the problem that which applications of the terminal can initiate slice establishment and route binding, and is convenient for quick deployment and implementation of operators.
Fig. 10 to 12 are only schematic views respectively showing the system for slicing the secure access network based on the application attribute, the slice application management server and the slice middleware provided by the application, and the splitting, merging and adding of the modules are all within the protection scope of the application without departing from the concept of the application. The system for safely accessing the network slice based on the application attribute, the slice application management server and the slice middleware provided by the application can be realized by any combination of software, hardware, firmware, plug-in and the like, and the application is not limited to the above.
The embodiment of the application also provides processing equipment for safely accessing the network slice based on the application attribute, which comprises a processor. A memory having stored therein executable instructions of a processor. Wherein the processor is configured to perform the steps of a method of securely accessing a network slice based on application attributes via execution of executable instructions.
As described above, this embodiment of the processing apparatus for secure access to a network slice based on application attributes of the present application thereby acquires an association list of urs (UE Route Selection Policy, user routing policy) rules from a slice application management server through a slice middleware of a 5G terminal. When the 5G terminal application runs, the slice middleware acquires running application parameters and matches with application information in the association list, and establishes a slice and a route for successfully matched applications and binds the route, thereby realizing a method for safely accessing the network slice based on the application attribute. The application provides an application access slice verification mechanism based on application attributes, does not need to change the existing 3GPP standard flow, does not need to change the application of the terminal, can solve the problem that which applications of the terminal can initiate slice establishment and route binding, and is convenient for quick deployment and implementation of operators.
Those skilled in the art will appreciate that the various aspects of the invention may be implemented as a system, method, or program product. Accordingly, aspects of the invention may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" platform.
Fig. 13 is a schematic structural diagram of a processing device of the present invention for secure access to a network slice based on application attributes. An electronic device 1300 according to this embodiment of the invention is described below with reference to fig. 13. The electronic device 1300 shown in fig. 13 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 13, the electronic device 1300 is embodied in the form of a general purpose computing device. The components of the electronic device 1300 may include, but are not limited to: at least one processing unit 1310, at least one memory unit 1320, a bus 830 connecting the different platform components (including memory unit 1320 and processing unit 1310), a display unit 1340, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 1310 such that the processing unit 1310 performs the steps according to various exemplary embodiments of the present invention described in the above-described method section of secure access network slicing based on application properties of the present specification. For example, the processing unit 1310 may perform the steps as shown in fig. 8 or 9.
The storage unit 1320 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 13201 and/or cache memory 13202, and may further include Read Only Memory (ROM) 13203.
The storage unit 1320 may also include a program/utility 13204 having a set (at least one) of program modules 13205, such program modules 13205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 1330 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.
The electronic device 1300 may also communicate with one or more external devices 13001 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 1300, and/or any device (e.g., router, modem, etc.) that enables the electronic device 1300 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 1350. Also, the electronic device 1300 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, for example, the Internet, through a network adapter 1360. The network adapter 1360 may communicate with other modules of the electronic device 1300 via the bus 1330. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 1300, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage platforms, and the like.
The embodiment of the application also provides a computer readable storage medium for storing a program, and the program is executed to realize the steps of the method for safely accessing the network slice based on the application attribute. In some possible embodiments, the aspects of the application may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the application as described in the above-mentioned method section for secure access to network slices based on application properties of the present specification, when the program product is run on a terminal device.
As described above, the computer-readable storage medium of this embodiment to perform secure access to network slices based on application attributes obtains an association list of urs (UE Route Selection Policy, user routing policy) rules from a slice application management server through the slice middleware of the 5G terminal. When the 5G terminal application runs, the slice middleware acquires running application parameters and matches with application information in the association list, and establishes a slice and a route for successfully matched applications and binds the route, thereby realizing a method for safely accessing the network slice based on the application attribute. The application provides an application access slice verification mechanism based on application attributes, does not need to change the existing 3GPP standard flow, does not need to change the application of the terminal, can solve the problem that which applications of the terminal can initiate slice establishment and route binding, and is convenient for quick deployment and implementation of operators.
Fig. 14 is a schematic structural view of a computer-readable storage medium of the present invention. Referring to fig. 14, a program product 1400 for implementing the above-described method according to an embodiment of the present invention is described, which may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
In summary, the present application obtains the association list of the urs (UE Route Selection Policy, user routing policy) rule from the slice application management server through the slice middleware of the 5G terminal. When the 5G terminal application runs, the slice middleware acquires running application parameters and matches with application information in the association list, and establishes a slice and a route for successfully matched applications and binds the route, thereby realizing a method for safely accessing the network slice based on the application attribute. The application provides an application access slice verification mechanism based on application attributes, does not need to change the existing 3GPP standard flow, does not need to change the application of the terminal, can solve the problem that which applications of the terminal can initiate slice establishment and route binding, and is convenient for quick deployment and implementation of operators.
The foregoing is a further detailed description of the application in connection with the preferred embodiments, and it is not intended that the application be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the application, and these should be considered to be within the scope of the application.

Claims (10)

1. A method for securely accessing a network slice based on application attributes, comprising:
the slice application management server acquires flow descriptor parameters in a user routing policy rule from a network element of a 5G core network;
the slice application management server establishes association between application identifiers and application attributes in the flow descriptor parameters to form an association list;
the method comprises the steps that a slice middleware of a 5G terminal monitors the running state of an application on the 5G terminal;
responding to the slicing middleware to monitor the starting of the application on the 5G terminal, and matching the application parameters of the application with the association list by the slicing middleware or the slicing application management server;
if the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to a modem of the 5G terminal;
and the modem of the 5G terminal executes new slicing, new routing and binds the new slicing with the new routing according to the request information, and the new routing is used for the application to send data.
2. The method of claim 1, wherein the responding to the slicing middleware monitoring the start of the application on the 5G terminal, before the slicing middleware or the slicing application management server matches the application parameters of the application with the association list, comprises:
After the 5G terminal is on line, the slice middleware in the 5G terminal obtains the association list from the slice application management server,
and the matching of the application parameters of the application and the association list is executed by the slicing middleware.
3. The method for secure access network slicing based on application attributes of claim 2, wherein slicing middleware in the 5G terminal periodically updates the association list obtained from the slicing application management server.
4. The method of claim 1, wherein the responding to the slicing middleware monitoring the start of the application on the 5G terminal, the slicing middleware or the slicing application management server matching the application parameters of the application with the association list comprises:
the slice middleware sends application parameters of the application to the slice application management server;
the slice application management server matches the application parameters of the application with the association list;
and the slice application management server returns a matching result to the slice middleware.
5. The method for securely accessing a network slice based on application attributes according to claim 3, wherein if the application parameters of the application match any one of the association lists, the matching result is true; otherwise, the matching result is false,
The slice application management server returns a matching result to the slice middleware to be true or false; or in response to the matching result being true, the slice application management server returns the application identifier and/or the application attribute in the flow descriptor parameter to the slice middleware.
6. The method for secure access network slicing based on application attributes of claim 1, wherein before the slicing application management server obtains traffic descriptor parameters in the user routing policy rules from a network element of the 5G core network, comprising:
the 5G terminal registers a 5G core network, and a network element of the 5G core network sends the user routing policy rule to a modem of the 5G terminal through a southbound interface of the 5G terminal.
7. The method of claim 1, wherein the slice application management server communicates with slice middleware of the 5G terminal through a northbound interface of the 5G terminal.
8. A method for securely accessing a network slice based on application attributes, applied to a slice application management server, comprising:
The slice application management server acquires flow descriptor parameters in a user routing policy rule from a network element of a 5G core network;
the slice application management server establishes an association between the application identification and the application attribute in the flow descriptor parameters, forms an association list,
the slice application management server is in communication with the slice middleware of the 5G terminal so as to match application parameters of an application started by the 5G terminal with the association list, and the matching result is used for the slice middleware to initiate new slices, new routes and bind the new slices with request information of the new routes to a modem of the 5G terminal.
9. A method for securely accessing a network slice based on application attributes, which is applied to slice middleware on a 5G terminal, comprising:
the slice middleware of the 5G terminal monitors the running state of the application on the 5G terminal;
responding to the slicing middleware to monitor the starting of the application on the 5G terminal, the slicing middleware or the slicing application management server matches the application parameters of the application with an association list, and the association list is formed by the slicing application management server acquiring application identifiers and application attributes in flow descriptor parameters in a user routing policy rule from network elements of a 5G core network;
If the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to the modem of the 5G terminal.
10. A system for secure access to a network slice based on application attributes, comprising:
the 5G terminal comprises an application, a slicing middleware and a modem;
a slice application management server;
the slice application management server acquires flow descriptor parameters in a user routing policy rule from a network element of a 5G core network;
the slice application management server establishes association between application identifiers and application attributes in the flow descriptor parameters to form an association list;
the method comprises the steps that a slice middleware of a 5G terminal monitors the running state of an application on the 5G terminal;
responding to the slicing middleware to monitor the starting of the application on the 5G terminal, and matching the application parameters of the application with the association list by the slicing middleware or the slicing application management server;
if the application parameters of the application are matched with any one of the association lists, the slice middleware initiates a new slice, a new route and request information for binding the new slice with the new route to a modem of the 5G terminal;
And the modem of the 5G terminal executes new slicing, new routing and binds the new slicing with the new routing according to the request information, and the new routing is used for the application to send data.
CN202210434192.1A 2022-04-24 2022-04-24 Method for safely accessing network slice based on application attribute and related equipment Active CN114828010B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210434192.1A CN114828010B (en) 2022-04-24 2022-04-24 Method for safely accessing network slice based on application attribute and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210434192.1A CN114828010B (en) 2022-04-24 2022-04-24 Method for safely accessing network slice based on application attribute and related equipment

Publications (2)

Publication Number Publication Date
CN114828010A CN114828010A (en) 2022-07-29
CN114828010B true CN114828010B (en) 2023-10-03

Family

ID=82507184

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210434192.1A Active CN114828010B (en) 2022-04-24 2022-04-24 Method for safely accessing network slice based on application attribute and related equipment

Country Status (1)

Country Link
CN (1) CN114828010B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743766A (en) * 2018-02-13 2019-05-10 华为技术有限公司 A kind of method and device of data Route Selection
WO2020040752A1 (en) * 2018-08-21 2020-02-27 Nokia Technologies Oy Support for enterprise network slicing and flexible sub-slicing controlled by an enterprise
CN111034268A (en) * 2018-08-10 2020-04-17 联发科技股份有限公司 Enhanced user equipment path selection policy rule matching
CN112039699A (en) * 2020-08-25 2020-12-04 RealMe重庆移动通信有限公司 Network slice selection method and device, storage medium and electronic equipment
CN112913283A (en) * 2018-08-24 2021-06-04 诺基亚技术有限公司 Configuring routing policies
WO2021188351A1 (en) * 2020-03-17 2021-09-23 Apple Inc. Improved selection of slice-supporting plmns while roaming away from home network
WO2021223335A1 (en) * 2020-05-08 2021-11-11 北京紫光展锐通信技术有限公司 Route selection method for application program, and related device
CN113766534A (en) * 2020-06-04 2021-12-07 Oppo广东移动通信有限公司 Network slice mapping method and related device
CN113891419A (en) * 2021-11-17 2022-01-04 展讯通信(上海)有限公司 Policy routing establishing method and related device
CN113993129A (en) * 2021-10-27 2022-01-28 中国联合网络通信集团有限公司 PDU session establishment method, terminal and computer readable storage medium
CN114079933A (en) * 2020-08-11 2022-02-22 华为技术有限公司 Network slice management system, application server and terminal equipment
CN114301789A (en) * 2021-12-29 2022-04-08 中国电信股份有限公司 Data transmission method and device, storage medium and electronic equipment
WO2022080972A1 (en) * 2020-10-16 2022-04-21 Samsung Electronics Co., Ltd. A method and systems for enhancing user network slice experience

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10986506B2 (en) * 2018-02-16 2021-04-20 Lenovo (Singapore) Pte. Ltd. Network slice selection assistance information configuration
CN113678510B (en) * 2019-03-29 2024-04-26 联想(新加坡)私人有限公司 Core network assisted radio access network parameters derived by session management functions
US11317345B2 (en) * 2019-08-23 2022-04-26 Mediatek Inc. Method and apparatus for data network name selection in mobile communications
US11622323B2 (en) * 2020-03-27 2023-04-04 Qualcomm Incorporated Slice allocation and interface to applications
US11792725B2 (en) * 2020-07-31 2023-10-17 Apple Inc. Network slice customer (NSC) service ID and user equipment (UE) route selection policy for network slice as a service

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743766A (en) * 2018-02-13 2019-05-10 华为技术有限公司 A kind of method and device of data Route Selection
CN111034268A (en) * 2018-08-10 2020-04-17 联发科技股份有限公司 Enhanced user equipment path selection policy rule matching
WO2020040752A1 (en) * 2018-08-21 2020-02-27 Nokia Technologies Oy Support for enterprise network slicing and flexible sub-slicing controlled by an enterprise
CN112913283A (en) * 2018-08-24 2021-06-04 诺基亚技术有限公司 Configuring routing policies
WO2021188351A1 (en) * 2020-03-17 2021-09-23 Apple Inc. Improved selection of slice-supporting plmns while roaming away from home network
WO2021223335A1 (en) * 2020-05-08 2021-11-11 北京紫光展锐通信技术有限公司 Route selection method for application program, and related device
CN113766534A (en) * 2020-06-04 2021-12-07 Oppo广东移动通信有限公司 Network slice mapping method and related device
CN114079933A (en) * 2020-08-11 2022-02-22 华为技术有限公司 Network slice management system, application server and terminal equipment
CN112039699A (en) * 2020-08-25 2020-12-04 RealMe重庆移动通信有限公司 Network slice selection method and device, storage medium and electronic equipment
WO2022080972A1 (en) * 2020-10-16 2022-04-21 Samsung Electronics Co., Ltd. A method and systems for enhancing user network slice experience
CN113993129A (en) * 2021-10-27 2022-01-28 中国联合网络通信集团有限公司 PDU session establishment method, terminal and computer readable storage medium
CN113891419A (en) * 2021-11-17 2022-01-04 展讯通信(上海)有限公司 Policy routing establishing method and related device
CN114301789A (en) * 2021-12-29 2022-04-08 中国电信股份有限公司 Data transmission method and device, storage medium and electronic equipment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
3GPP. "R5-210107 5G Smart Devices Supporting Network Slicing".3GPP tsg_ran\wg5_test_ex-t1.2021,全文. *
5G核心网uRLLC系统架构及关键技术研究;任驰;马瑞涛;;邮电设计技术(09);全文 *
Research on Wireless Resource Management and Scheduling for 5G Network Slice;Yi Li ect.;《2021 International Wireless Communications and Mobile Computing (IWCMC)》;全文 *

Also Published As

Publication number Publication date
CN114828010A (en) 2022-07-29

Similar Documents

Publication Publication Date Title
CN110944330B (en) MEC platform deployment method and device
CN111194035B (en) Network connection method, device and storage medium
CN112187491A (en) Server management method, device and equipment
CN113079207B (en) Method, system, terminal and medium for realizing high availability of port or network
CN113411286B (en) Access processing method and device based on 5G technology, electronic equipment and storage medium
CN115801299B (en) Meta universe identity authentication method, device, equipment and storage medium
CN113014621B (en) In-vehicle communication system and method based on HTTP (hyper text transport protocol)
US7086051B2 (en) Method and apparatus for just-in-time provisioning application-related information at a communication device
CN112087475A (en) Message pushing method and device for cloud platform component application and message server
CN114828010B (en) Method for safely accessing network slice based on application attribute and related equipment
CN115150113A (en) Method for accessing intranet application and related equipment
CN109451497B (en) Wireless network connection method and device, electronic equipment and storage medium
CN115174558B (en) Cloud network end integrated identity authentication method, device, equipment and storage medium
CN113852474B (en) Task processing method, gateway, computer readable storage medium and electronic device
CN113300950B (en) Data processing method and device, electronic equipment and computer readable medium
CN112182545B (en) Account login method and device, electronic equipment and storage medium
CN113905380A (en) Access stratum security algorithm processing method, system, equipment and storage medium
CN115119286A (en) Method and device for accessing equipment to network
CN116545777B (en) User category switching method and device, storage medium and electronic equipment
WO2021109309A1 (en) Information processing method, device, and computer storage medium
CN114599025B (en) Request sending method, request processing method and device
CN114245161B (en) Live broadcast push method and device, storage medium and electronic equipment
CN113626873B (en) Authentication method, device, electronic equipment and computer readable medium
CN114760350B (en) Service realization method, device, equipment and medium in 5G network indirect communication scene
CN113328883B (en) Terminal management method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant