CN115065969A - Private network communication method and system - Google Patents
Private network communication method and system Download PDFInfo
- Publication number
- CN115065969A CN115065969A CN202210096950.3A CN202210096950A CN115065969A CN 115065969 A CN115065969 A CN 115065969A CN 202210096950 A CN202210096950 A CN 202210096950A CN 115065969 A CN115065969 A CN 115065969A
- Authority
- CN
- China
- Prior art keywords
- network element
- network
- private network
- upf
- private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Abstract
The application discloses a private network communication method and a private network communication system, which are used for solving the technical problem of low security performance of a private network service network element. Specifically, a private network communication scheme includes the following steps: the AUSF network element records the private network access authority of the terminal; a private network UPF network element records an AUSF network element access address; in a 5GC session flow established by a terminal and a private network UPF network element, an AUSF network element identifies the private network access authority of the terminal; and when the private network access authority of the terminal passes the identification, the terminal establishes a 5GC session with a private network UPF network element. By associating the private network UPF network element with the AUSF network element, the AUSF network element can assist in identifying the private network access authority of the terminal when the terminal establishes a 5GC session with the private network UPF network element, so that the safety performance of the private network service network element is improved. According to the scheme, AusfUrl fields are added into the registration information of the private network UPF network elements through the NRF network elements so as to distinguish the private network UPF network elements from the public network UPF network elements, and therefore the resource utilization rate of the private network UPF network elements is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a private network communication method and system.
Background
With the continuous maturity of communication technology, some enterprises or organizations deploy special wireless networks to implement functional services inside the enterprises by using advanced communication mechanisms. Generally, we refer to the public wireless communication network operated by the telecom operator as a public network and the enterprise-built wireless network as a private network.
In the process of realizing the prior art, the inventor finds that:
the essence of the private network is a small private network superposed under the public network environment, and most private network environments are covered in the public network environment. In the prior art, a private network service network element utilizes the directional characteristic of a private network and only provides service for a specific internal user. However, the existing 5G core network is difficult to distinguish and isolate the private network service network element from the public network service network element, so that the private network service network element also has a risk of being accessed by a public network user. In other words, the security performance of the private network service network element in the prior art is low.
Therefore, it is necessary to provide a private network communication scheme to solve the technical problem of low security performance of the private network service network element.
Disclosure of Invention
The embodiment of the application provides a private network communication scheme, which is used for solving the technical problem of low security performance of a private network service network element.
Specifically, the private network communication method includes the following steps:
the AUSF network element records the private network access authority of the terminal;
a private network UPF network element records an AUSF network element access address;
in a 5GC session flow established by a terminal and a private network UPF network element, an AUSF network element identifies the private network access authority of the terminal;
and when the private network access authority of the terminal passes the identification, the terminal establishes a 5GC session with a private network UPF network element.
Further, the method further comprises:
a private network UPF network element initiates a registration request to an NRF network element;
when the NRF network element responds to the private network UPF network element, the private network UPF network element sends the AUSF network element access address to the NRF network element;
and the NRF network element adds an AusfUrl field on the registration information of the private network UPF network element for recording the AUSF network element access address.
Further, the establishing of the 5GC session flow between the terminal and the private network UPF network element specifically includes:
receiving a private network access request of a terminal by an SMF network element;
the SMF network element searches registration information of a UPF network element of a private network in the NRF network element according to the private network access request;
the SMF network element determines an AUSF network element access address according to the registration information of the special network UPF network element;
the SMF network element requests the AUSF network element to identify the private network access right of the terminal;
and when the private network access authority of the terminal passes the identification, the SMF network element initiates a session establishment request to the private network UPF network element.
Further, an AusfUrl field is added to an interface of the NRF network element for storing the registration information, and is used to send an AUSF network element access address.
Further, when the terminal opens the service related to the private network access authority, the terminal is authorized to have the private network access authority.
The embodiment of the application also provides a private network communication system.
Specifically, a private network communication system at least includes:
a terminal;
the AUSF network element is used for recording the private network access authority of the terminal; the terminal private network access authority is also used for authenticating the terminal private network access authority;
the private network UPF network element is used for recording the access address of the AUSF network element; and also for establishing a 5GC session with the terminal.
Further, the system also comprises an NRF network element for recording private network UPF network element registration information;
the private network UPF network element is also used for initiating a registration request to the NRF network element;
when the NRF network element responds to the private network UPF network element, the private network UPF network element sends the AUSF network element access address to the NRF network element;
and the NRF network element adds an AusfUrl field on the registration information of the private network UPF network element for recording the AUSF network element access address.
Further, the system further comprises an SMF network element, configured to receive a private network access request of the terminal; the special network access request is also used for searching registration information of a special network UPF network element in the NRF network element according to the special network access request; the device is also used for determining an AUSF network element access address according to the registration information of the private network UPF network element; the AUSF network element is also used for requesting the AUSF network element to identify the private network access authority of the terminal; and the system is also used for initiating a session establishment request to the private network UPF network element when the terminal private network access authority passes the authentication.
Further, an ausfrul field is added to an interface of the NRF network element for storing registration information, and is used for sending an AUSF network element access address.
Further, when the terminal opens the service related to the private network access authority, the terminal is authorized to have the private network access authority.
The technical scheme provided by the embodiment of the application at least has the following beneficial effects:
by associating the private network UPF network element with the AUSF network element, the AUSF network element can assist in identifying the private network access authority of the terminal when the terminal establishes a 5GC session with the private network UPF network element, so that the safety performance of the private network service network element is improved. And adding an AusfUrl field into the registration information of the private network UPF network element through the NRF network element to distinguish the private network UPF network element from the public network UPF network element, thereby improving the high resource utilization rate of the private network UPF network element.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart of a private network communication method according to an embodiment of the present application.
Fig. 2 is a block diagram of a process of registering a private network UPF network element in an NRF network element according to an embodiment of the present application.
Fig. 3 is a flowchart of a process of establishing a 5GC session between a terminal and a dedicated network UPF network element according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of a private network communication system according to an embodiment of the present application.
100 private network communication system
11 terminal
12 AUSF network element
13 private network UPF network element
14 NRF network element
15 SMF network element
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, the present application provides a private network communication method, including the following steps:
s110: and the AUSF network element records the private network access authority of the terminal.
It should be understood that the AUSF (Authentication Server Function) network element is an Authentication network element, and is configured to verify the authority of the terminal UE for the requester. Specifically, when the terminal UE opens a service related to the private network access right, the terminal UE is authorized to have the private network access right. At this time, the AUSF network element records information of the authorized terminal, including private network access authority of the authorized terminal, an address of the authorized terminal, an ID of the authorized terminal, and the like.
S120: and the private network UPF network element records the access address of the AUSF network element.
It should be noted that a UPF (User Plane Function) network element is a relay network element, and is used for connecting an uplink and a downlink and transmitting data packets. The private network UPF network element described in the present application may be understood as a UPF network element capable of establishing a link with a private network service network element. In other words, the terminal UE may initiate access to the private network service network element through the private network UPF network element. And whether the terminal UE can access the private network service network element depends on whether the terminal UE can establish a 5GC session with the private network UPF.
Here, the private network UPF network element is set to record the access address of the AUSF network element, and actually, the private network UPF network element is associated with the AUSF network element, so that the access right of the terminal UE which provides the 5GC session establishment request is conveniently identified.
Of course, in order to enable the private Network UPF Network element to work normally, that is, to be discovered by the terminal UE or other Network elements, the private Network UPF Network element needs to be registered in an NRF (Network redundancy Function) Network element.
It will be appreciated that the NRF network element is responsible for registration of various types of network elements. All network elements have to register with NRF network elements to provide service when they are started. Typically, the registration information registered by the network element at the NRF network element includes a network element type, an address, a service list, and the like.
In the prior art, a 5GC core network does not effectively distinguish a private network UPF network element from a public network UPF network element, and the mixed use of the private network UPF network element and the public network UPF network element often causes that a private network user cannot access a private network service network element due to the fact that the private network user is linked with the public network UPF network element or causes that the resource utilization rate of the private network UPF network element is low due to the fact that the public network user is linked with the private network UPF network element.
In order to distinguish and isolate a private network UPF network element from a public network UPF network element, the private network communication method provided by the application marks the private network UPF network element with the capability of accessing the private network service network element so as to distinguish the private network UPF network element from the public network UPF network element at the stage of registering the private network UPF network element with an NRF network element.
Referring to fig. 2, in an embodiment provided in the present application, a signaling procedure of registering a UPF network element in an NRF network element may be represented as:
s210: a private network UPF network element initiates a registration request to an NRF network element;
s220: when the NRF network element responds to the private network UPF network element, the private network UPF network element sends the AUSF network element access address to the NRF network element;
s230: and the NRF network element adds an AusfUrl field on the registration information of the private network UPF network element for recording the AUSF network element access address.
It can be understood that the above mentioned private network UPF network element has a need for access right authentication for the terminal UE. And recording the access address of the AUSF network element for the private network UPF network element so as to carry out access right identification on the terminal UE through the AUSF network element.
It should be noted that, here, the setting of the access address of the AUSF network element is recorded according to the private network UPF network element, so that the private network UPF network element can be visually distinguished from the public network UPF network element. Namely, the UPF network element recording the access address of the AUSF network element is a private network UPF network element, and the UPF network element not recording the access address of the AUSF network element is a public network UPF network element.
And after the NRF network element responds to the registration request of the UPF network element, the UPF network element at least sends the network element type, the address and the service list of the UPF network element and the AUSF network element access address recorded by the UPF network element to the NRF network element.
Certainly, the NRF network element records the AUSF network element access address associated with the UPF network element, and the NRF network element adds an ausfrul field to the UPF Profile in the private network UPF network element registration information to fill the AUSF network element access address associated with the UPF network element.
It should be noted that the ausfrul field may be filled with an AUSF network element access address associated with a UPF network element, or may have no record. And when the AusfUrl field in the registration information of the UPF network element has the AUSF network element access address, the UPF network element is indicated to be a private network UPF network element. And when the AusfUrl field does not exist in the registration information of the UPF network element or the AusfUrl field has no record, the UPF network element is the public network UPF network element.
So far, whether the UPF network element is a private network UPF network element can be judged by reading the ausfrurl field of the UPF network element.
S130: in the process of establishing 5GC session between the terminal and the private network UPF network element, the AUSF network element identifies the private network access right of the terminal.
S140: and when the private network access authority of the terminal passes the identification, the terminal establishes a 5GC session with a private network UPF network element.
Referring to fig. 3, the following describes in detail a process of establishing a 5GC session between a terminal and a private network UPF network element:
s310: receiving a private network access request of a terminal by an SMF network element;
s320: the SMF network element searches the registration information of a private network UPF network element in the NRF network element according to the private network access request;
s330: the SMF network element determines an AUSF network element access address according to the registration information of the special network UPF network element;
s340: the SMF network element requests the AUSF network element to identify the private network access right of the terminal;
s350: and when the private network access authority of the terminal passes the identification, the SMF network element initiates a session establishment request to the private network UPF network element.
It is understood that the SMF (Session Management Function) network element is mainly responsible for creating, updating and deleting PDU sessions.
Generally, in the signaling procedure of 5GC session establishment, an Access request of a terminal UE is forwarded to an SMF (Access and Mobility Management Function) network element through an AMF network element, and the signaling procedure of this part is explained in detail in relevant documents and is not described in detail here.
After receiving the private network access request of the terminal, the SMF network element acquires a UPF network element registration list from the NRF network element. The UPF network element registration list records registration information of a plurality of UPF network elements. Generally, the SMF selects a suitable UPF network element to send a session establishment request according to factors such as a service range of the UPF network element, a DN list supported by the UPF network element, an SSC pattern supported by the UPF network element, a load of the UPF network element, a current location of the terminal UE, and the like.
In a preferred embodiment provided by the present application, the selection of the private network UPF network element by the SMF network element is higher than the selection of the public network UPF network element. The SMF network element searches the registration information of the UPF network element of the private network in the NRF network element according to the private network access request, and the specific expression is as follows:
and the SMF network element screens out a private network UPF network element from the NRF network element according to the private network access request of the terminal, namely the UPF network element with the registration information AusfUrl field recorded with the AUSF network element access address.
It should be further noted that, in order to facilitate the NRF network element to send the AUSF network element access address to the SMF network element, an ausfrul field is added to the interface of the NRF network element for storing the registration information, and is used to send the AUSF network element access address. Specifically, the NRF network element stores an AusfUrl field in the interface of the UPF Info.
And then, the SMF network element obtains the AUSF network element access address associated with the private network UPF network element in the AusfUrl field by reading the registration information of the private network UPF network element.
And according to the AUSF network element access address, the SMF network element sends information of the terminal UE, such as the address of the terminal, the ID of the terminal and the like, to the AUSF network element. And the AUSF network element determines the private network access authority of the terminal UE.
And when the terminal UE has the private network access authority, the AUSF network element sends response information to the SMF network element so as to inform the terminal UE that the private network access authority identification is passed.
And when the SMF network element receives the response information of the AUSF network element, the SMF network element initiates a session establishment request to the special network UPF network element.
In summary, in the private network communication method provided by the application, the private network UPF network element is associated with the AUSF network element, so that when the terminal establishes a 5GC session with the private network UPF network element, the AUSF network element assists in identifying the private network access permission of the terminal, thereby improving the security performance of the private network service network element. And adding an AusfUrl field into the registration information of the private network UPF network element through the NRF network element to distinguish the private network UPF network element from the public network UPF network element, thereby improving the high resource utilization rate of the private network UPF network element.
Referring to fig. 4, in order to support the private network communication method, the present application further provides a private network communication system 100, including:
a terminal 11;
the AUSF network element 12 is used for recording the private network access authority of the terminal 11; the system is also used for authenticating the private network access authority of the terminal 11;
the private network UPF network element 13 is used for recording the access address of the AUSF network element 12; and also for establishing a 5GC session with the terminal 11.
It will be appreciated that the terminal 11 has a use requirement for accessing private network service network elements. The AUSF (Authentication Server Function) network element 12 is an Authentication network element, and is configured to verify the authority of the terminal 11 for the requester. Specifically, when the terminal 11 opens a service related to the private network access right, the terminal 11 is authorized to have the private network access right. At this time, the AUSF network element 12 records information of the authorized terminal 11, including private network access authority of the authorized terminal 11, address of the authorized terminal 11, ID of the authorized terminal 11, and the like. The UPF (User Plane Function) network element is a relay network element, and is used for connecting an uplink and a downlink and transmitting a data packet. The private network UPF network element 13 described in this application may be understood as a UPF network element capable of establishing a link with a private network serving network element. In other words, the terminal 11 may initiate access to the private network service network element through the private network UPF network element 13. And thus whether the terminal 11 can access the private network service network element, depends on whether the terminal 11 can establish a 5GC session with the private network UPF.
Here, the access address of the AUSF network element 12 is recorded by setting the private network UPF network element 13, and actually, the private network UPF network element 13 is associated with the AUSF network element 12, so that the terminal 11 that makes the 5GC session establishment request can be conveniently identified with the access right.
Of course, the private network communication system also includes other network elements, so that the private network UPF network element 13 can work normally. Specifically, the system further includes an NRF network element 14, configured to record registration information of a private network UPF network element 13;
the private network UPF network element 13 is further configured to initiate a registration request to the NRF network element 14;
when the NRF network element 14 responds to the private UPF network element 13, the private UPF network element 13 sends the access address of the AUSF network element 12 to the NRF network element 14;
the NRF network element 14 adds an ausfrul field to the registration information of the private network UPF network element 13, and is used to record the access address of the AUSF network element 12.
It is understood that in order for the private Network UPF Network element 13 to work properly, i.e. to be discovered by the terminal 11 or other Network elements, the private Network UPF Network element 13 needs to register with an NRF (Network warehousing Function) Network element.
The NRF network element 14 is responsible for registration of various network elements. All network elements have to register with the NRF network element 14 to provide service when started. Typically, the registration information registered by the network element at NRF network element 14 includes the network element type, address, service list, etc.
In the prior art, a 5GC core network does not effectively distinguish a private UPF network element 13 from a public UPF network element, and the mixed use of the private UPF network element 13 and the public UPF network element often causes that a private network user cannot access a private network service network element due to the linkage of the public UPF network element or causes that the resource utilization rate of the private UPF network element 13 is low due to the linkage of the private network user with the private UPF network element 13.
In order to distinguish and isolate the private network UPF network element 13 from the public network UPF network element, the private network communication system 100 provided by the present application marks the private network UPF network element 13 having the capability of accessing the private network service network element so as to distinguish the private network UPF network element from the public network UPF network element at the stage that the private network UPF network element 13 registers with the NRF network element 14.
Specifically, in a specific embodiment provided in the present application, a signaling procedure for the UPF network element to register with the NRF network element 14 may be represented as:
the private network UPF network element 13 initiates a registration request to the NRF network element 14;
when the NRF network element 14 responds to the private UPF network element 13, the private UPF network element 13 sends the access address of the AUSF network element 12 to the NRF network element 14;
the NRF network element 14 adds an ausfrul field to the registration information of the private network UPF network element 13, and is used to record the access address of the AUSF network element 12.
It will be appreciated that the private network UPF network element 13 has the aforementioned requirement for access authorization authentication of the terminal 11. For this purpose, the private network UPF network element 13 records the access address of the AUSF network element 12, so as to perform access right authentication on the terminal 11 through the AUSF network element 12.
It should be noted that, here, the setting of the access address of the AUSF network element 12 is recorded according to the private network UPF network element 13, so that the private network UPF network element 13 can be visually distinguished from the public network UPF network element. Namely, the UPF network element recording the access address of the AUSF network element 12 is the private network UPF network element 13, and the UPF network element not recording the access address of the AUSF network element 12 is the public network UPF network element.
After the NRF network element 14 responds to the registration request of the UPF network element, the UPF network element sends at least the network element type, address, service list of itself, and the AUSF network element 12 access address recorded by the UPF network element to the NRF network element 14.
Certainly, the NRF network element 14 is to record the access address of the AUSF network element 12 associated with the UPF network element, and the NRF network element 14 adds an ausfrul field to the UPF Profile in the registration information of the private network UPF network element 13 to fill the access address of the AUSF network element 12 associated with the UPF network element.
It should also be noted that the ausfrul field may be filled with the access address of the AUSF network element 12 associated with the UPF network element, or may have no record. And when the AusfUrl field in the registration information of the UPF network element has the access address of the AUSF network element 12, the UPF network element is a private network UPF network element 13. And when the AusfUrl field does not exist in the registration information of the UPF network element or the AusfUrl field has no record, the UPF network element is the public network UPF network element.
So far, whether the UPF network element is the private network UPF network element 13 can be judged by reading the ausfrurl field of the UPF network element.
Further, the private network communication system further comprises other network elements to cooperate with the terminal 11 to establish a 5GC session with the private network UPF network element 13. Specifically, the system further includes an SMF network element 15, configured to receive a private network access request of the terminal 11; the private network UPF network element 13 is also used for searching the registration information of the private network UPF network element 13 in the NRF network element 14 according to the private network access request; the device is also used for determining an access address of the AUSF network element 12 according to the registration information of the private network UPF network element 13; the AUSF network element 12 is also used for requesting the authentication of the private network access authority of the terminal 11; and is further configured to initiate a session establishment request to the private network UPF network element 13 when the private network access right authentication of the terminal 11 passes.
It is understood that the SMF (Session Management Function) network element is mainly responsible for creating, updating and deleting PDU sessions.
In the signaling flow of the 5GC session establishment, the Access request of the terminal 11 is forwarded to the SMF network element 15 through an AMF (Access and Mobility Management Function) network element, and the signaling flow of this part is explained in detail in relevant documents and will not be described in detail here.
After receiving the private network access request of the terminal 11, the SMF network element 15 obtains a UPF network element registration list from the NRF network element 14. The UPF network element registration list records registration information of a plurality of UPF network elements. Generally, the SMF selects a suitable UPF network element to send a session establishment request according to factors such as a service range of the UPF network element, a DN list supported by the UPF network element, an SSC pattern supported by the UPF network element, a load of the UPF network element, a current location of the terminal 11, and the like.
In a preferred embodiment provided by the present application, the SMF element 15 selects the private network UPF element 13 with a higher priority than the public network UPF element. The SMF network element 15 searches for registration information of the private network UPF network element 13 in the NRF network element 14 according to the private network access request, which is specifically represented as:
the SMF network element 15 screens out the private network UPF network element 13, that is, the UPF network element in which the access address of the AUSF network element 12 is recorded in the registration information ausfrul field, from the NRF network element 14 according to the private network access request of the terminal 11.
It should be further noted that, in order to facilitate the NRF network element 14 to send the access address of the AUSF network element 12 to the SMF network element 15, an ausfrul field is added to the interface of the NRF network element 14 for storing the registration information, and is used to send the access address of the AUSF network element 12. Specifically, the NRF network element 14 stores an interface addition ausfrul field of the UPF Info.
Then, the SMF network element 15 obtains the access address of the AUSF network element 12 associated with the private network UPF network element 13 in the ausfrurl field by reading the registration information of the private network UPF network element 13.
According to the access address of the AUSF network element 12, the SMF network element 15 sends information of the terminal 11, such as the address of the terminal 11, the ID of the terminal 11, and the like, to the AUSF network element 12. The AUSF network element 12 determines the private network access right of the terminal 11.
And when the terminal 11 has the private network access right, the AUSF network element 12 sends a response message to the SMF network element 15 to notify the terminal 11 that the private network access right identification is passed.
When the SMF network element 15 receives the response message from the AUSF network element 12, the SMF network element 15 initiates a session establishment request to the private network UPF network element 13.
To sum up, the private network communication system 100 provided in the present application associates the private network UPF network element 13 with the AUSF network element 12, so that when the terminal 11 establishes a 5GC session with the private network UPF network element 13, the AUSF network element 12 assists in identifying the private network access permission of the terminal 11, thereby improving the security performance of the private network service network element. The ausfrurl field is added into the registration information of the private network UPF network element 13 through the NRF network element 14 to distinguish the private network UPF network element 13 from the public network UPF network element, thereby improving the high resource utilization rate of the private network UPF network element 13.
It is to be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the statement that there is an element defined as "comprising" … … does not exclude the presence of other like elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A private network communication method is characterized by comprising the following steps:
the AUSF network element records the private network access authority of the terminal;
a private network UPF network element records an AUSF network element access address;
in a 5GC session flow established by a terminal and a private network UPF network element, an AUSF network element identifies the private network access authority of the terminal;
and when the private network access authority of the terminal passes the identification, the terminal establishes a 5GC session with a private network UPF network element.
2. The private network communication method of claim 1, wherein said method further comprises:
a private network UPF network element initiates a registration request to an NRF network element;
when the NRF network element responds to the private network UPF network element, the private network UPF network element sends the AUSF network element access address to the NRF network element;
and the NRF network element adds an AusfUrl field on the registration information of the private network UPF network element for recording the AUSF network element access address.
3. The private network communication method of claim 2, wherein the terminal establishes a 5GC session flow with a private network UPF network element, and specifically comprises:
receiving a private network access request of a terminal by an SMF network element;
the SMF network element searches the registration information of a private network UPF network element in the NRF network element according to the private network access request;
the SMF network element determines an AUSF network element access address according to the registration information of the special network UPF network element;
the SMF network element requests the AUSF network element to identify the private network access right of the terminal;
and when the private network access authority of the terminal passes the identification, the SMF network element initiates a session establishment request to the private network UPF network element.
4. The private network communication method of claim 2, wherein the interface of the NRF network element storing the registration information adds an ausfrul field for transmitting an AUSF network element access address.
5. The private network communication method of claim 1, wherein the terminal is authorized to have the private network access right when the terminal opens a service related to the private network access right.
6. A private network communication system, comprising at least:
a terminal;
the AUSF network element is used for recording the private network access authority of the terminal; the terminal private network access authority is also used for authenticating the terminal private network access authority;
the private network UPF network element is used for recording the access address of the AUSF network element; and also for establishing a 5GC session with the terminal.
7. The private network communication system of claim 6, wherein said system further comprises an NRF network element for recording private network UPF network element registration information;
the private network UPF network element is also used for initiating a registration request to the NRF network element;
when the NRF network element responds to the private network UPF network element, the private network UPF network element sends the AUSF network element access address to the NRF network element;
and the NRF network element adds an AusfUrl field on the registration information of the private network UPF network element for recording the AUSF network element access address.
8. The private network communication system of claim 7, wherein the system further comprises an SMF network element for receiving a private network access request of a terminal; the special network access request is also used for searching registration information of a special network UPF network element in the NRF network element according to the special network access request; the device is also used for determining an AUSF network element access address according to the registration information of the private network UPF network element; the AUSF network element is also used for requesting the AUSF network element to identify the private network access authority of the terminal; and the system is also used for initiating a session establishment request to the private network UPF network element when the terminal private network access authority passes the authentication.
9. A private network communication system according to claim 7, wherein said NRF network element interface storing registration information adds an ausfrul field for sending an AUSF network element access address.
10. The private network communication system of claim 6, wherein the terminal is authorized to have the private network access right when the terminal turns on a service related to the private network access right.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210096950.3A CN115065969A (en) | 2022-01-27 | 2022-01-27 | Private network communication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210096950.3A CN115065969A (en) | 2022-01-27 | 2022-01-27 | Private network communication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115065969A true CN115065969A (en) | 2022-09-16 |
Family
ID=83196388
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210096950.3A Pending CN115065969A (en) | 2022-01-27 | 2022-01-27 | Private network communication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115065969A (en) |
-
2022
- 2022-01-27 CN CN202210096950.3A patent/CN115065969A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100731321B1 (en) | System and method for handling sessions of specific type in communication networks | |
| JP4880699B2 (en) | Method, system, and apparatus for protecting a service account | |
| WO2019062384A1 (en) | Method and device for public network user accessing private network | |
| CN112235798B (en) | Method, terminal and newly added network element for redirecting to AMF in idle state | |
| CN110476447A (en) | The registration process of enhancing in the mobile system for supporting network slice | |
| CN107979835B (en) | eSIM card and management method thereof | |
| CN111132305B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
| AU2014410591B2 (en) | Connection establishment method, device, and system | |
| RU2515701C2 (en) | Method and system for accessing network element user services realising access gateway control function | |
| CN113841429B (en) | Communication network component and method for initiating slice specific authentication and authorization | |
| CN111093196B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
| CN108235315B (en) | Wireless VPDN (virtual private network digital network) access method and system with configuration-free terminal | |
| CN105392112B (en) | Guard method, equipment and the system of MTC device information | |
| CN111479268A (en) | Account verification method and device | |
| CN115065969A (en) | Private network communication method and system | |
| CN114095929B (en) | Account security enhancement method in B-trunk system | |
| JP2003318939A (en) | Communication system and control method thereof | |
| CN106888447B (en) | Method and system for processing auxiliary USIM application information | |
| JP2005301891A (en) | Access controller, information providing system, and access control method | |
| CN113630779A (en) | Network connection management method and device and terminal | |
| CN107959584B (en) | Information configuration method and device | |
| CN111163466A (en) | Method for 5G user terminal to access block chain, user terminal equipment and medium | |
| CN114945173B (en) | Cross-PLMN signaling forwarding method, electronic equipment and storage medium | |
| CN112118549B (en) | Authentication method, SMF, CHF, computer device, and storage medium | |
| CN112187707B (en) | Shutdown method and application server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |