CN115348582A - Method, communication device, medium and chip for online signing - Google Patents
Method, communication device, medium and chip for online signing Download PDFInfo
- Publication number
- CN115348582A CN115348582A CN202110533778.9A CN202110533778A CN115348582A CN 115348582 A CN115348582 A CN 115348582A CN 202110533778 A CN202110533778 A CN 202110533778A CN 115348582 A CN115348582 A CN 115348582A
- Authority
- CN
- China
- Prior art keywords
- cell
- access
- network device
- core network
- terminal device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 204
- 230000006854 communication Effects 0.000 title claims abstract description 110
- 238000004891 communication Methods 0.000 title claims abstract description 98
- 238000012545 processing Methods 0.000 claims description 53
- 238000013475 authorization Methods 0.000 claims description 25
- 238000004590 computer program Methods 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 abstract description 18
- 230000006870 function Effects 0.000 description 48
- 230000008569 process Effects 0.000 description 46
- 238000007726 management method Methods 0.000 description 21
- 238000010586 diagram Methods 0.000 description 18
- 230000011664 signaling Effects 0.000 description 13
- 230000005540 biological transmission Effects 0.000 description 10
- 238000013523 data management Methods 0.000 description 8
- 230000010267 cellular communication Effects 0.000 description 6
- 230000003993 interaction Effects 0.000 description 5
- 230000002452 interceptive effect Effects 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000007774 longterm Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 239000002904 solvent Substances 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000010187 selection method Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 101150119040 Nsmf gene Proteins 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- GVVPGTZRZFNKDS-JXMROGBWSA-N geranyl diphosphate Chemical compound CC(C)=CCC\C(C)=C\CO[P@](O)(=O)OP(O)(O)=O GVVPGTZRZFNKDS-JXMROGBWSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/73—Access point logical identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/16—Performing reselection for specific purposes
- H04W36/22—Performing reselection for specific purposes for handling the traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Embodiments of the present disclosure provide a method, a communication device, a medium, and a chip for online subscription. In an embodiment of the disclosure, a core network device receives a first message from an access network device. The first message comprises a cell identity of a first cell of the access network device to which the terminal device is to access. The core network equipment determines that the first cell does not support online subscription based on the cell identifier of the first cell. The core network equipment controls the access of the first cell aiming at the terminal equipment. By considering the online subscription capability of the cell, the limitation of cell access can be realized on the core network side without changing the cell selection mechanism on the terminal equipment side. In this way, the load of the common cell can be effectively reduced, and the network performance and security can be improved.
Description
Technical Field
The present disclosure relates to the field of communications, and in particular, to a method, a communication apparatus, a medium, and a chip for performing online subscription (onsigning) for a terminal device.
Background
In a fifth generation (5G) New Radio (NR) communication system, two types of Non-Public networks (NPN) are defined, namely, a stand-alone Non-Public Network (SNPN) and a Public Network Integrated-NPN (PNI-NPN) Integrated with a Public Network. SNPN has an independent Radio Access Network (RAN) and core Network (5G core, 5gc) and can operate without depending on Network functions of a Public Network such as a Public Land Mobile Network (PLMN), while PNI-NPN may depend in part on Network functions of the Public Network. The PNI-NPN may be further divided into Closed Access Group (CAG) and network slice (Slicing). CAG provides services for a specific service or user, while sliding provides services for a specific service or user using a specific slice with slice characteristics defined by 5G.
The NPN may act as a target network for the terminal device to access, and may also act as an intermediate network for assisting the terminal device in accessing the target network. For example, the terminal device (e.g., UE) may not have credentials for accessing the target network, in which case the terminal device may temporarily establish a connection with an intermediate network to obtain subscription information or credentials for accessing the target network. The terminal device may then deregister from the intermediate network and register with the target network using the subscription information or credentials, completing access to the target network. The current process of acquiring the subscription information or credentials should satisfy: (1) The intermediate network providing an indication as to whether online subscriptions are supported; and (2) providing the online subscription service to the terminal equipment does not affect the traditional service and the network security of the intermediate network. In order to meet the above requirements, there is a need for further improvements in the cell selection and/or cell reselection mechanisms of terminal devices.
Disclosure of Invention
Example embodiments of the present disclosure provide a scheme for controlling access of a terminal device to a cell in a communication system.
In a first aspect of the disclosure, a method for communication is provided. In the method, a core network device receives a first message from an access network device. The first message comprises a cell identity of a first cell of the access network device to be accessed by the terminal device. The core network equipment determines that the first cell does not support online subscription based on the cell identifier of the first cell. The core network equipment controls the access of the first cell aiming at the terminal equipment. In this way, the core network device can control the access of the terminal device to the cell according to whether the cell of the access network device supports the online subscription, thereby effectively reducing the load of the common cell and improving the network performance and security.
In some embodiments, the method further comprises the core network device receiving cell capability information from the access network device. The cell capability information includes a cell identification and a corresponding online subscription capability for at least one cell of the access network device, and the at least one cell includes the first cell. The core network device determines that the first cell does not support online subscription based on the cell capability information and the cell identity of the first cell.
In some embodiments, the method further comprises the core network device receiving an update message from the access network device. The update message indicates an update to the cell capability information. In this way, the core network device may control access of the terminal device to the cell based on dynamic changes in the cell capabilities of the access network device.
In some embodiments, the first message further indicates an online subscription capability of the first cell. The method also comprises the step that the core network equipment determines that the first cell does not support online subscription based on the cell identification of the first cell and the online subscription capability of the first cell.
In some embodiments, controlling access to the first cell comprises: the core network device restricts access of the terminal device to the first cell.
In some embodiments, the restricting, by the core network device, the access of the terminal device to the first cell includes: and the core network equipment sends the second message to the terminal equipment. The second message includes at least one of a rejection indication, a rejection cause value, or a redirection indication.
In some embodiments, the determining to restrict access by the terminal device to the first cell is based on at least one of: the first message comprises an online signing instruction; the authorization of the terminal equipment by the certificate server fails; or there is no user plane context for the terminal device.
In some embodiments, the method further comprises the core network device determining that the terminal device's access to the first cell is in a remote configuration phase. Controlling access to the first cell includes the core network device determining not to restrict access of the terminal device to the first cell.
In some embodiments, the method further includes the core network device determining that access of the terminal device to the first cell is in a remote configuration phase. Controlling access to the first cell includes the core network device restricting access of the terminal device to the first cell.
In some embodiments, the core network device determines that access is in an online subscription phase based on at least one of the following. If the first message includes an online subscription indication, the access is in an online subscription phase. If the authorization of the terminal device by the certificate server fails, the access is in an online subscription stage. If there is no user plane context for the terminal device, the access is in an online subscription phase.
In some embodiments, the core network device determines that the access is in the remote configuration phase based on at least one of the following. If the online subscription indication is not included in the first message, the access is in a remote provisioning phase. If the authorization of the terminal device by the credential server is successful, the access is in a remote configuration phase. Or if there is a user plane context, the access is in a remote configuration phase.
In a second aspect of the disclosure, a method for communication is provided. In the method, an access network device sends a first message to a core network device. The first message comprises a cell identity of a first cell of the access network device to be accessed by the terminal device. The access network device receives first indication information regarding access of the first cell from the core network device. The access network device determines that the first cell does not support online subscription. And the access network equipment controls the access of the first cell aiming at the terminal equipment based on the first indication information. In this way, the terminal device can obtain subscription or certificate information only through the cell supporting the online subscription service without changing the cell selection or cell switching mechanism on the terminal device side. The scheme can also flexibly set whether the same access restriction is applied in the subsequent access process. In this way, the cell load can be reduced, the network security can be guaranteed, and the performance of the communication system can be improved.
In some embodiments, the first indication indicates that access to the first cell by the terminal device is restricted. Controlling access to the first cell includes the access network device restricting access by the terminal device to the first cell.
In some embodiments, the access network device restricting access of the terminal device to the first cell comprises: and the access network equipment sends a third message to the terminal equipment. The third message includes at least one of: a rejection indication, a rejection cause value or a redirection indication for the terminal device.
In certain embodiments, the method further comprises: the access network device receives the second indication information from the core network device. The second indication information indicates to cancel restriction of access to the first cell.
In a third aspect of the disclosure, a method for communication is provided. In the method, a terminal device receives an online subscription capability indication from an access network device. The online subscription capability information of the at least one cell includes a cell identity and a corresponding online subscription capability for the at least one cell of the access network device. The online subscription capability indication comprises online subscription capability information of at least one cell of the access network device. And the terminal equipment selects a second cell from the at least one cell based on the online subscription capability information, wherein the second cell supports online subscription. And the terminal equipment sends an online signing request aiming at the second cell to the access network equipment. Through the mechanism, the terminal device can dynamically consider the online subscription capability of the cell when the cell selection or the cell reselection is carried out. For example, when the terminal device requests to access the network to obtain subscription or credential information, the cell supporting the online subscription service may be selected according to the online subscription capability of each cell, thereby effectively reducing the load of the common cell. After the online subscription is completed, the terminal device may consider whether to apply cell access restrictions. In this way, the cell load balance can be realized, the network security can be ensured, and the performance of the communication system can be improved.
In some embodiments, the terminal device determines a candidate cell supporting online subscription in the at least one cell based on the online subscription capability information. The terminal device selects a second cell from the candidate cells for camping on. The determination of the candidate cell is carried out at the access stratum of the terminal device.
In some embodiments, the fourth message is received from a core network device. The fourth message indicates that the online subscription is complete. The terminal equipment performs cell reselection or cell handover for at least one cell. Cell reselection or cell handover may not need to be based on online subscription capability information.
In some embodiments, the terminal device performs cell reselection or cell handover for at least one cell based on the online subscription capability information.
In a fourth aspect of the present disclosure, a core network device is provided. The core network device includes: at least one processing unit; and at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, the instructions when executed by the at least one processing unit causing the core network device to implement the method according to the possible implementation form of the first aspect described above.
In a fifth aspect of the disclosure, an access network device is provided. The access network device includes: at least one processing unit; and at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, the instructions when executed by the at least one processing unit causing the access network device to implement the method in the possible implementations according to the second aspect described above.
In a sixth aspect of the present disclosure, a terminal device is provided. The terminal device includes: at least one processing unit; and at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, the instructions, when executed by the at least one processing unit, causing the terminal device to implement the method according to the possible implementation of the third aspect described above.
In a seventh aspect of the disclosure, a computer program product is provided. A computer program product is tangibly stored on a computer-readable medium and includes computer-executable instructions that, when executed, cause an apparatus to implement operations according to a method in any one of the possible implementations of the first to third aspects described above.
In an eighth aspect of the present disclosure, a communication apparatus is provided. The communication device comprises means for implementing the method according to any of the possible implementations of the first to third aspects described above.
In a ninth aspect of the present disclosure, a chip is provided. The chip is configured to perform operations according to the method in any one of the possible implementations of the first to third aspects described above.
In a tenth aspect of the present disclosure, a communication system is provided, which includes one or more of the aforementioned core network device, and access network device.
In some embodiments, the communication system further comprises other communication devices involved in the embodiments.
Drawings
The features, advantages and other aspects of various implementations of the disclosure will become more apparent with reference to the following detailed description when taken in conjunction with the accompanying drawings. Several implementations of the present disclosure are illustrated herein by way of example, and not by way of limitation, in the figures of the accompanying drawings:
fig. 1 shows a schematic block diagram of an online subscription process for a terminal device;
FIG. 2 shows a schematic block diagram of a communication environment in which embodiments of the present disclosure may be implemented;
figure 3 illustrates an interaction signaling diagram of a communication process in accordance with some embodiments of the present disclosure;
figure 4 illustrates an interaction signaling diagram for a communication process according to further embodiments of the present disclosure;
FIG. 5 illustrates an interaction signaling diagram of a communication process, according to further embodiments of the present disclosure;
fig. 6 illustrates a flow diagram of a method implemented at a core network device, in accordance with some embodiments of the present disclosure;
fig. 7 illustrates a flow diagram of a method implemented at an access network device in accordance with further embodiments of the present disclosure;
FIG. 8 shows a flow diagram of a method implemented at a terminal device in accordance with further embodiments of the present disclosure;
fig. 9 shows a schematic block diagram of a communication device according to some embodiments of the present disclosure; and
FIG. 10 illustrates a simplified block diagram of an example device suitable for implementing embodiments of the present disclosure.
In the various drawings, the same or similar reference numbers refer to the same or similar elements.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more complete and thorough understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
In describing embodiments of the present disclosure, the terms "include" and its derivatives should be interpreted as being inclusive, i.e., "including but not limited to. The term "based on" should be understood as "based at least in part on". The term "one embodiment" or "the embodiment" should be understood as "at least one embodiment". Where in the description of this application, "/" indicates a relationship where the objects linked before and after are an "or", e.g., a/B may indicate a or B; in the present application, "and/or" is only an association relationship describing an associated object, and means that there may be three relationships, for example, a and/or B, and may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. Also, in the description of the present application, "a plurality" means two or more than two unless otherwise specified. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple. In addition, in order to facilitate clear description of technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as "first" and "second" are used to distinguish identical items or similar items with substantially identical functions and actions. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.
Embodiments of the present disclosure may be implemented in accordance with any suitable communication protocol, including, but not limited to, cellular communication protocols such as Fourth Generation (4G) and Fifth Generation (5G), wireless local area network communication protocols such as Institute of Electrical and Electronics Engineers (IEEE) 802.11, and/or any other protocol now known or later developed. The technical solution of the embodiments of the present disclosure is applied to follow any appropriate communication system, for example: general Packet Radio Service (GPRS), long Term Evolution (LTE) system, frequency Division Duplex (FDD) system, time Division Duplex (TDD), universal Mobile Telecommunications System (UMTS), narrowband Internet Of Things (NB-IoT) communication system, future fifth generation (5G) system or New Radio (NR), etc.
For purposes of illustration, the third generation partnership project (3) at 5G will be described hereinafter rd Generation Partnership Project, 3 GPP) communication system as background to describe embodiments of the present disclosure. However, it should be understood that the embodiments of the present disclosure are not limited to the application to the 5G 3GPP communication system, but can be applied to any communication system having similar problems, such as an LTE communication system, a Wireless Local area network (Wireless Local a) systemA rea Network, WLAN), a wired communication system, or other communication systems developed in the future, etc.
The term "terminal device" as used in this disclosure refers to any terminal device capable of wired or wireless communication with network devices or with each other using some sort of air interface. A terminal device may sometimes be referred to as a User Equipment (UE). The terminal device may be any type of mobile terminal, fixed terminal or portable terminal. As an example, the Terminal device may include a cellular phone, a cordless phone, a smart phone, a website, a Subscriber unit, a handheld Terminal, a Mobile Terminal (MT), a Subscriber Station (SS), a Portable Subscriber Station (PSS), an Internet node, a communicator, a desktop computer, a laptop computer, a notebook computer, a tablet computer, a wireless data card, a wireless modem, a Personal Communication System (PCS) device, a personal navigation device, a Personal Digital Assistant (PDA), a positioning device, a radio broadcast receiver, an electronic book device, a gaming device, an Internet of Things (Internet of Things, ioT) device, a Wireless Local Loop (WLL) Station, a Machine Type Communication (MTC) Terminal, a vehicle mounted device, an aircraft, a Virtual Reality (VR) device, an Augmented Reality (real, audio) device, a Network type communication (AR) device, a Mobile Terminal device in a G5G Network, a Mobile Terminal, a PLMN, or any other Public Land Network communication device available in the future, or any combination thereof. The embodiments of the present disclosure are not limited thereto.
The term "Access Network device" as used in this disclosure is an entity or node that may be used for communicating with a terminal device, for example, a Radio Access Network (RAN) Network device, which may provide functions of Radio resource management, quality of service (QoS) management, data compression and encryption, etc. on the air interface side. The access network equipment may include various types of base stations. By way of example, access network equipment may include various forms of macro base stations, micro base stations, pico base stations, femto base stations, relay stations, access points, remote Radio Units (RRUs), radio Heads (RH), remote Radio Heads (RRHs), and so on. In systems employing different radio access technologies, the names of the access network devices may differ, for example, referred to as node B (NodeB) in a 3G network, evolved node B (eNB or eNodeB) in an LTE network, G node B (gNB) or NR node B (NR NB) in a 5G network, and so on. The embodiments of the present disclosure are not limited in this regard. The term "entity" as used herein refers to a network element that can implement a specific function.
Example embodiments of the present disclosure may relate to the following network elements:
1. (radio access network, (R) AN) network element: the method and the device are used for providing a network access function for authorized terminal equipment in a specific area, and can use transmission tunnels with different qualities according to the grade of the terminal equipment, the service requirement and the like. The (R) AN network element can manage wireless resources and provide access service for the terminal equipment so as to complete the forwarding of control signals and terminal equipment data between the terminal equipment and the core network, and the (R) AN network element can also be understood as a base station in a traditional network.
2. A user plane network element: for packet routing and forwarding, quality of service (QoS) handling of user plane data, etc. In the 5G communication system, the user plane network element may be a User Plane Function (UPF) network element. In a future communication system, the user plane network element may still be a UPF network element, or may also have another name, which is not limited in this application.
3. Data network: for providing a network for transmitting data. In a 5G communication system, the data network may be a Data Network (DN). In future communication systems, the data network may still be the DN, or may have another name, and this application is not limited thereto.
4. Accessing a management network element: the method is mainly used for mobility management, access management and the like, and can be used for realizing other functions except session management in Mobility Management Entity (MME) functions, such as functions of lawful interception, access authorization/authentication and the like. In the 5G communication system, the access management network element may be an access and mobility management function (AMF) network element. In the future communication system, the access management network element may still be an AMF network element, or may also have another name, which is not limited in this application.
5. The session management network element: the method is mainly used for session management, internet Protocol (IP) address allocation and management of terminal equipment, selection of a termination point capable of managing a user plane function, a policy control and charging function interface, downlink data notification and the like. In the 5G communication system, the session management network element may be a Session Management Function (SMF) network element. In future communication systems, the session management network element may still be an SMF network element, or may also have another name, which is not limited in this application.
6. Network open network element: for securely opening services and capabilities, etc. provided by the 3GPP network function network element to the outside.
In the 5G communication system, the network open network element may be a network open function (NEF) network element. In a future communication system, the network open network element may still be an NEF network element, or may also have another name, which is not limited in this application.
7. Unified data management network element: for handling subscriber identities, access authentication, registration, mobility management, etc.
In the 5G communication system, the unified data management network element may be a Unified Data Management (UDM) network element. In a future communication system, the unified data management may still be a UDM network element, or may also have another name, which is not limited in this application.
8. And the authentication service network element is used for executing main authentication, namely authentication between the terminal equipment and the operator network. After receiving the authentication request initiated by the subscriber, the authentication service network element can authenticate and/or authorize the subscriber through the authentication information and/or authorization information stored in the unified data management network element, or generate the authentication and/or authorization information of the subscriber through the unified data management network element. The authentication service network element may feed back authentication information and/or authorization information to the subscriber. In one implementation, the authentication service network element may also be co-located with the unified data management network element.
In the 5G communication system, the authentication service network element may be an authentication service function (AUSF) network element. In a future communication system, the unified data management may still be an AUSF network element, or may also have another name, which is not limited in this application.
9. The application network element: the method is used for carrying out data routing of application influence, accessing to a network open function network element, carrying out strategy control by interacting with a strategy framework and the like. In the 5G communication system, the application network element may be an Application Function (AF) network element. In a future communication system, the application network element may still be an AF network element, or may also have another name, which is not limited in this application.
10. A terminal device: may include various handheld devices, vehicle mounted devices, wearable devices, computing devices or other processing devices connected to a wireless modem with wireless communication capabilities, as well as various forms of terminals, mobile Stations (MS), terminals (terminal), user Equipment (UE), soft terminals, etc., such as water meters, electricity meters, sensors, etc.
In a network architecture, namf is a service-based interface displayed by an AMF network element, nsmf is a service-based interface displayed by an SMF network element, nnef is a service-based interface displayed by an NEF network element, nudm is a service-based interface displayed by a UDM network element, and Naf is a service-based interface displayed by an AF network element. N1 is a reference point between the terminal device 111 and the AMF network element, and N2 is a reference point between the (R) AN network element and the AMF network element, and is used for sending a non-access stratum (NAS) message, and the like; n3 is a reference point between the (R) AN network element and the UPF network element and is used for transmitting data of a user plane and the like; n4 is a reference point between the SMF network element and the UPF network element, and is used to transmit information such as tunnel identification information, data cache attribute information, and downlink data notification message of the N3 connection; the N6 interface is a reference point between the UPF network element and the DN, and is used for transmitting data of a user plane and the like.
It should be noted that the name of various network elements (e.g., UPF network element, UDM network element, etc.) included in the network architecture is only a name, and the name does not limit the function of the network element itself. In the 5G network and other networks in the future, the network elements may also be given other names, which is not specifically limited in the embodiment of the present application. For example, in a 6G network, some or all of the above network elements may use the terminology in 5G, or may use other names, and so on, which are described herein in a unified manner and are not described in detail below. Furthermore, it is understood that the network element or the function may be a network element in a hardware device, a software function running on dedicated hardware, or a virtualized function instantiated on a platform (e.g., a cloud platform). The network elements or functions may be divided into one or more services and further services may exist independently of the network functions. In the present application, an instance of the above-described function, or an instance of a service included in the above-described function, or an instance of a service existing independently of the network function, may be referred to as a service instance. The term "cell selection" as used herein refers to the process by which a terminal device selects a cell to camp on based on certain criteria and treats the cell as a serving cell. In the context of the present disclosure, "cell selection" may refer to initial cell selection, i.e. a process in which a terminal device selects an initial serving cell after completing PLMN selection, and may also refer to "cell reselection", i.e. a process in which a terminal device is handed over from a current cell to another cell. In some embodiments of the present disclosure, the term "cell selection" may also encompass both "initial cell selection" and "cell reselection".
The current 3GPP system architecture of 5G mainly includes the following network functions and entities: terminal equipment (e.g., UE), (R) AN, UPF, DN, AMF, SMF, PCF, AF, network Slice Selection Function (NSSF), AUSF, and UDM. The network functions and entities interact with each other through corresponding interfaces, for example, the UE and the AMF may interact with each other through an N1 interface. Part of the interface can be realized by adopting a service interface. In addition, a Network Data analysis Function (NWDAF) may interact with other Network functions via a servitization interface NWDAF. The term "entity" as used herein refers to a network element that can implement a specific function.
The UE, (R) AN, UPF and DN are generally referred to as user plane network functional entities. Data traffic for a user may be transmitted via the (R) AN and the UPF over a PDU session established between the UE and the DN. The other parts are generally called control layer network functions and entities, and can be used for functions such as authentication and authorization, registration management, session management, mobility management, policy control and the like, so that reliable and stable transmission of user layer traffic is realized.
As discussed previously, current communication systems allow the terminal device to obtain subscription information or credentials to access the target network through the intermediate network so that the terminal device can then normally access the target network and establish a PDU session. Fig. 1 shows a schematic block diagram of an online subscription process 100 for a terminal device. In the SNPN scenario shown in fig. 1, terminal device 130 desires to access SNPN 140 and may acquire subscription or credential information for accessing SNPN 140 by establishing a connection with O-SNPN 120.
In the example of fig. 1, SNPN 140 acts as the target network and O-SNPN 120 acts as the intermediate network. In particular, the O-SNPN 120 may broadcast an online subscription capability indication based on which the terminal device 130 determines that the O-SNPN 120 supports online subscription and establishes a connection with the O-SNPN 120 using default subscription or credential information. The terminal device needs to be authenticated by a Default Credentialing Server (DCS) 112 for the online subscription request of the O-SNPN 120, and only after the authentication is passed, the terminal device 130 may use a limited User Plane (UP) or Control Plane (CP) transmission channel to obtain the subscription or credentialing information for the target network from a Provisioning Server (PS) 114.
In the process 100, a process of selecting a network supporting online subscription and obtaining authorization of the DCS 112 by the terminal device 130 may be referred to as an online subscription phase, and a subsequent process of establishing a CP or UP transmission channel and acquiring subscription or credential information for a target network may be referred to as a Remote Provisioning (Remote Provisioning) phase.
In conventional communication systems, the network providing the online subscription service also provides other conventional services. If an access network device supporting online subscription service broadcasts online subscription capability indications in all its cells, a large number of terminal devices requesting online subscription initiate online subscription requests, which may increase the load of the cells, affect the traditional service of the access network device, and these online subscription requests may contain malicious requests. Thus, the access network device supports broadcasting the online subscription capability indication at a cell granularity, i.e., the access network device may broadcast the online subscription capability indication in a specific cell to restrict access of terminal devices requesting an online subscription service.
According to a cell selection or reselection mechanism, when an Access Stratum (AS) of a terminal device receives information, which includes parameters such AS a network identifier and an online subscription capability indication, broadcasted by an Access network device, the information is sent to a Non-Access Stratum (NAS) of the terminal device. The NAS layer of the terminal equipment selects a network supporting online subscription based on the online subscription capability indication and indicates the AS layer to select a cell accessed to the network. At this time, the cell selection reference includes information such AS cell frequency point information and signal strength, and parameters included in the system message, so the AS layer of the terminal device does not consider the online subscription capability indication of the cell. In other words, the cell selected by the AS layer of the terminal device may be a normal cell that does not provide the online subscription service, and there is no authentication procedure for limiting the UE to be accessible only from the cell supporting the online subscription at the current RAN side and core network side.
In addition, the cell reselection or cell handover process caused by the mobility of the terminal device should not affect the remote configuration phase of the terminal device, that is, only the online subscription phase of the terminal device needs to be limited, and after obtaining the online subscription authorization, the terminal device may not be limited in which cell to execute the remote configuration process. The existing cell reselection or cell handover mechanism cannot flexibly limit the access of the terminal equipment to the cell according to the phase.
In response to the above problems, as well as other potential problems, embodiments of the present disclosure provide an online subscription scheme. The scheme can consider the online subscription capability of the cell of the access network equipment and control the access process of the cell aiming at the terminal equipment. The scheme may also apply restrictions to the access procedure based on the access procedure being in an online subscription phase and select whether to apply restrictions to the access procedure based on the access procedure being in a remote provisioning phase. When the scheme is implemented on the core network or the access network side, the cell selection or cell switching mechanism of the terminal equipment does not need to be changed. Furthermore, the scheme can also be used to enhance existing cell selection or cell handover mechanisms without changing the operation on the core network or access network side. In this way, cell load can be effectively reduced, and network performance and security can be improved.
Fig. 2 illustrates a schematic diagram of a communication environment 200 in which embodiments of the present disclosure may be implemented. Communication environment 200 includes core network device 210, access network device 220, and terminal device 230. The access network equipment provides a first cell 221, a second cell 222 and a third cell 223. Core network device 210, access network device 220, and terminal device 230 may communicate with each other. It should be understood that network environment 200 is for exemplary purposes only and does not imply any limitation as to the scope of the present disclosure. Embodiments of the present disclosure may also be embodied in other network environments or architectures. In addition, it should also be understood that network environment 200 may also include other elements or entities for purposes of communication connections, data transmission, control, and the like. These elements or entities are not shown in fig. 2 for simplicity of description, but are not meant to be absent from embodiments of the present disclosure.
The access network device 220 may communicate with the core network device 210. The access network device 220 may transmit the cell capability information to the core network device 210 through a Next Generation Application Protocol (NGAP) message. As an example, the Cell capability information may include overall capability information of the cells 221 to 223, such as Cell identifiers (e.g., CGIs) of the cells 221 to 223, online subscription capability information, service support capability information, and the like. As another example, the cell capability information may include only the cell identifier and the online subscription capability information of the first cell 221 to be accessed by the terminal device 230. Further, the access network device 220 may send a message to the core network device 210 indicating the cell identity of the first cell 221 to which the terminal device 230 is to access. The access network device 220 may further send indication information for online subscription to the core network device 210, and the core network device 210 may determine whether the access procedure of the terminal device 230 to the first cell 221 is in an online subscription phase or a remote configuration phase based on the indication information.
The core network equipment 210 may be implemented as AMF, DCS, UDM, PCF, SMF, and any other suitable network element on the core network side. For example, in case the core network device 210 is implemented as an AMF, it may provide a storage resource of a control plane for a session of the terminal device 230, store a session identification, an SMF network element identification associated with the session identification, and the like.
In case the core network device 210 is implemented as a DCS, it may authenticate the terminal device 230 and determine the authorization result. If the core network device 210 successfully authorizes the terminal device 230, the terminal device 230 may obtain the online subscription service.
In case the core network device 210 is implemented as UDM, it may be responsible for subscription management and authentication and store subscription information for terminal devices in the network. Furthermore, the subscription information may further indicate device type and/or capability information of the terminal device. In this case, whether the core network device 210 is the UDM itself or another network element different from the UDM, the core network device 210 may determine whether to restrict the access of the terminal device in the online subscription phase to the cell according to the device type and/or capability information indicated by the subscription information.
In the case where core network device 210 is implemented as a PCF, it may provide mobility, access selection, and PDU session related policy information. Furthermore, the policy information may further indicate device type and/or capability information of the terminal device. In this case, whether the core network device 210 is the PCF itself or another network element different from the PCF, the core network device 210 may determine whether to restrict the access of the terminal device in the online subscription phase to the cell according to the device type and/or capability information indicated by the policy information.
In case the core network device 210 is implemented as SMF, it may be responsible for user plane network element selection, user plane network element redirection, IP address allocation, bearer establishment, modification and release, qoS control, etc. After the core network device 210 establishes the user plane transmission channel for the terminal device 230, the user plane context for the terminal device 230 exists in the network.
In addition, the core network device 210 may also communicate with other network entities or functions in the communication environment 200. For example, in the case where the core network device 210 is not implemented as a DCS, it may obtain the authorization result from the DCS. As previously described, if the terminal device 230 completes the authentication of the DCS in the intermediate network, an online subscription service may be acquired and a subsequent remote configuration process may be performed. Thus, the core network device 210 may determine whether the access process of the terminal device 230 to the first cell 221 is in the online subscription phase or the remote configuration phase according to the authorization result of the DCS, and further select whether to limit the access of the terminal device 230 to the first cell 221.
In the case where the core network device 210 is not implemented as an SMF, it may communicate with the SMF to obtain a verification result regarding the user plane context. If there is no user plane context for the terminal device 230, it indicates that the online subscription procedure is not completed, and the core network device 210 may determine that the access of the terminal device 230 to the first cell 221 needs to be limited. If there is a user plane context for the terminal device 230, it indicates that the online subscription procedure is completed, i.e. the access procedure is in the remote configuration phase. In this case, the core network device 210 may further select whether to restrict the access of the terminal device 230 to the first cell 221.
It should be understood that the number of the various devices and their connections shown in FIG. 2 are given for illustrative purposes and do not present any limitations. Communication environment 200 may include any suitable number of devices and networks suitable for implementing embodiments of the present disclosure. In communication environment 200, core network device 210, access network device 220, and terminal device 230 may communicate data and control information with one another.
Communications in communication environment 200 may be implemented in accordance with any suitable communication protocol, including, but not limited to, wireless local area network communication protocols such as first-generation cellular communication protocol (1G), second-generation cellular communication protocol (2G), third-generation cellular communication protocol (3G), fourth-generation cellular communication protocol (4G), fifth-generation cellular communication protocol (5G), and/or the like, e.g., institute of Electrical and Electronics Engineers (IEEE) 802.11, and the like, and/or any other protocol now known or later developed. Further, the communication may utilize any suitable wireless communication technology, including but not limited to: narrowband Band-Internet of Things (NB-IoT), global System for Mobile Communications (GSM), enhanced Data rates for GSM Evolution (EDGE), wideband Code Division Multiple Access (WCDMA), code Division Multiple Access 2000 (Code Division Multiple Access, CDMA 2000), time Division synchronous Code Division Multiple Access (Time Division-synchronous Code Division Multiple Access, TD-SCDMA), long Term Evolution (Long Term Evolution, LTE), triple application scenarios eMBB, URLLC, eMTC for 5G Mobile communication systems, and/or any other technology currently known or to be developed therein.
Example embodiments of the present disclosure will be discussed in detail below with reference to fig. 3-9. For ease of discussion, signaling interactions between communication entities according to an example embodiment of the present disclosure will be described below with reference to the example communication environment of fig. 2. It should be understood that example embodiments of the present disclosure may be applied in a similar manner in other communication environments.
According to some embodiments of the present disclosure, access restriction for an online subscribed cell may be implemented on the core network side, thereby avoiding changing a cell selection mechanism for a terminal device. For example, fig. 3 shows an interactive signaling diagram of a specific communication procedure 300 according to the above-described scheme. As shown in fig. 3, communication process 300 involves core network device 210, access network device 220, and terminal device 230. It should be understood that the communication process shown in fig. 3 is exemplary only, and not limiting. Embodiments of the present disclosure may include interactive signaling not shown in fig. 3, or omit some of the signaling shown in fig. 3.
305. The terminal device 230 performs 305 a cell selection procedure with the access network device 220. For example, the access network device 220 may broadcast system messages within its cells 221 to 223, which may include, for example, network identification, online subscription capability indication, scheduling information, configuration parameters, cell access related information, and so on. Terminal device 230 may determine, based on the system message, that the network provided by access network device 220 supports the online subscription service and select one of the cells of access network device 220 (e.g., first cell 221) for camping. The terminal device 230 may send a registration request for the first cell 221 to the access network device 220, the registration request including indication information for the online subscription.
310. After receiving the registration request, the access network device 220 sends 310 a first message to the core network device 210, where the first message includes the cell identity of the first cell 221 selected by the terminal device 230. The first Message may be an NGAP Message, e.g., an Initial UE Message (Initial UE Message). In some embodiments, the first message may also indicate the online subscription capability of the first cell 221.
In other example embodiments, the core network device 210 may obtain cell capability information from the access network device 220, including, but not limited to, cell identifications of the cells 221 to 223 and corresponding online subscription capability information, service support capability information, and so on. The cell capability information may be included in a message such as an NG setup request message, a RAN configuration update message, and the like. The core network device 210 may also receive update information from the access network device 220 indicating an update to the cell capability information.
315. The core network device 210 may determine whether the cell to be accessed by the terminal device 230 supports the online subscription service based on the first message. For example, the core network device 210 determines 315 that the first cell 221 does not support online subscription based on the cell identity of the first cell 221. The core network device 210 may then control access to the first cell 221 for the terminal device 230.
320. The core network device 210 may determine whether the access process is in the online subscription stage or the remote configuration stage, and determine whether to limit the access of the terminal device 230 to the cell based on the stage of the access process and the online subscription capability of the cell to be accessed. For example, the core network device 210 may determine 320 that access by the terminal device 230 to the first cell 221 is in an online subscription phase. The core network device 210 determines that the terminal device 230 is restricted from accessing the first cell 221 based on the determination of the access procedure in 315 and 320.
325. The core network device 210 sends 325 an indication message to the access network device to restrict access to the first cell 221.
330. The core network device 210 sends 330 a second message to the terminal device 230. The second message may include a rejection indication, a rejection cause value, or a redirection indication.
335. After receiving the second message, the terminal device 230 performs 335 a cell reselection procedure with the access network device 220. The access network device 220 may send a message indicating a cell reselection procedure to the core network device 210, which may include other messages different from the first message, such as an Uplink NAS Transport (Uplink NAS Transport) message, and the like, and the disclosure is not limited in this respect.
As previously described, once the online subscription process is completed, subsequent access procedures (such as remote configuration, mobility-triggered cell reselection/cell handover) by the terminal device 230 and the access network device 220 may not be affected by the online subscription capability of the cell, and thus may not be subject to access restriction. Of course, the same access restrictions may also be applied to subsequent access procedures.
340. As an example, after 315, the core network device 210 determines 340 that the access of the terminal device 230 to the first cell 221 is in a remote configuration phase. Although in the context of the present disclosure, the process of the terminal device 230 obtaining authorization of the DCS 112 through the intermediate network is referred to as an online subscription phase, and the subsequent process of establishing a CP or UP transmission channel and obtaining subscription or credential information for the target network may be referred to as a remote provisioning phase, the naming of "online subscription phase" and "remote provisioning phase" corresponds to the current standard, embodiments of the present disclosure are equally applicable to equivalent or equivalent concepts in future or subsequent standards. Accordingly, the scope of the present disclosure is not limited in this respect.
In some example embodiments, the core network device 210 may determine, based on one or more criteria, the stage at which the access procedure of the terminal device 230 is or whether to restrict access of the terminal device 230 to the first cell 221. As an example, if the online subscription indication is included in the first message, the core network device 210 may determine that the access procedure is in an online subscription phase and that the access of the terminal device 230 to the first cell 221 needs to be restricted. If the online subscription indication is not included in the first message, the core network device 210 may determine that the access procedure is in the remote configuration phase, and the core network device 210 may further select whether to restrict the access of the terminal device 230 to the first cell 221.
As another example, the core network device 210 may determine based on the result of the authorization of the terminal device 230 by the DCS 112, such as shown in fig. 1. If the DCS 112 fails to authorize the terminal device 230, this indicates that the online subscription process has not been completed, and the core network device 210 may determine that the access of the terminal device 230 to the first cell 221 needs to be restricted. If the DCS 112 successfully authorizes the terminal device 230, it indicates that the online subscription process is completed, i.e., the access process is in the remote configuration phase. In this case, the core network device 210 may further select whether to restrict the access of the terminal device 230 to the first cell 221.
It should be understood that the phase at which the access procedure is determined based on the result of the DCS authorizing the terminal device 230 is given for illustrative purposes only. Embodiments of the present disclosure are not limited to DCS authentication, but may also be applicable to other authorization authentications. For example, the core network device 210 may determine according to an authorization result of the UDM network element to the terminal device 230. If the authorization of the terminal device 230 by the UDM network element fails, it indicates that the online subscription process of the terminal device 230 is not completed, and the core network device 210 may determine that the access process of the terminal device 230 is in the online subscription stage. For a terminal device 230 in an online subscription phase, the core network device 210 may determine that access to the first cell 221 by the terminal device 230 needs to be restricted. If the UDM network element successfully authorizes the terminal device 230, it indicates that the online subscription process is completed, i.e., the access process is in the remote configuration phase. In this case, the core network device 210 may further select whether to restrict the access of the terminal device 230 to the first cell 221.
Since the user plane transmission channel for transmitting the subscription or credential information is to be established in the online subscription phase, the core network device 210 may also make the determination based on whether the user plane context for the terminal device 230 exists in the network. For example, the core network device 210 may communicate with an SMF network element to verify whether user plane context information is present. If there is no user plane context for the terminal device 230, it indicates that the online subscription procedure is not completed, and the core network device 210 may determine that the access of the terminal device 230 to the first cell 221 needs to be limited. If there is a user plane context for the terminal device 230, it indicates that the online subscription procedure is completed, i.e. the access procedure is in the remote configuration phase. In this case, the core network device 210 may further select whether to restrict the access of the terminal device 230 to the first cell 221.
345. The core network device 210 may determine 345 whether to restrict access of the terminal device 230 to the first cell 221. If it is determined that access is not restricted, the terminal device 230 is allowed to access the first cell 221. Further, the air conditioner is provided with a fan,
350. alternatively, if it is determined in 345 to restrict access to the first cell 221, the core network device 210 may send 350 a second message to the terminal device 230, similar to 330.
355. In response to the second message, the terminal device 230 may perform 355 a cell reselection procedure with the access network device 220. The cell reselection procedure may be based on existing criteria or mechanisms to be developed in the future and will not be described in detail herein. The scope of the present disclosure is not limited in this respect.
Although in the process 300, the core network device 210 is described as performing 315 and then performing 320 or 340, that is, determining the online subscription capability of the first cell 221 and then determining the stage of the access process of the terminal device 230, the process 300 is performed without depending on the order of 315, 320 or 340. For example, in some alternative embodiments, the core network device 210 may determine the stage of the access procedure of the terminal device 230, that is, execute 320 or 340, and then determine the online subscription capability of the first cell 221, that is, execute 315. In other example embodiments, the determination of the stage at which the access procedure is performed and the online subscription capability of the first cell 221 may also be performed in parallel. The scope of the present disclosure is not limited in this respect.
According to the above described example embodiments, a scheme is provided for controlling access of a terminal device to a network. The scheme is realized at the core network side, and the terminal equipment can obtain subscription or certificate information only through the cell supporting the online subscription service under the condition of not changing the cell selection or cell switching mechanism at the terminal equipment side. The scheme can also flexibly set whether the same access restriction is applied in the subsequent access process. In this way, the cell load condition can be adjusted, the network security is guaranteed, and the performance of the communication system is improved.
According to other embodiments of the present disclosure, access restriction for an online subscribed cell may be implemented on an access network side, thereby avoiding changing a cell selection mechanism for a terminal device. For example, fig. 4 shows an interactive signaling diagram of a specific communication process 400 according to the above-described scheme. As shown in fig. 4, communication process 400 involves core network device 210, access network device 220, and terminal device 230. It should be understood that the communication process shown in fig. 4 is exemplary only, and not limiting. Embodiments of the present disclosure may include interactive signaling not shown in fig. 4, or omit some of the signaling shown in fig. 4.
405. The terminal device 230 performs 405 a cell selection procedure with the access network device 220 and sends a registration request to the core network device 210 via the access network device 220. The cell selection process in 405 is similar to 305 of fig. 3 and will not be described again.
410. After receiving the registration request, the access network device 220 sends 410 a first message to the core network device 210 including the cell identity of the first cell 221 selected by the terminal device 230. For example, the access network device 220 may forward the registration request of the terminal device 230 through the first message. The first Message may be an NGAP Message, e.g., an Initial UE Message (Initial UE Message).
After receiving the first message, the core network device 210 may determine whether the access procedure is in an online subscription phase or a remote provisioning phase. The core network device 210 and the access network device 220 may establish contact (e.g., NGAP Association) for each end device in the network. The contact may be uniquely identified at the access network device 220 using an identifier such as a RAN UE NGAP ID. Similarly, the contact may be uniquely identified at the core network device 210 using an identifier such as the AMF UE NGAP ID. After the NGAP association is established, the core network device 210 may verify the phase of the end device 230 at any time, and the core network device 210 may determine the phase of the access process based on one or more of the criteria described in connection with the process 300. Therefore, it will not be described herein. Core network device 210 may then send indication information to access network device 220 to indicate the stage of the access procedure.
In some example embodiments, the core network device 210 may be a core network element supporting online subscription in a network selected by the access network device 220. In this case, the core network device 210 may determine whether or not to control the access of the terminal device 230 to the first cell 221 based on a pre-configured rule or policy. For example, the core network device 210 may determine whether to restrict access of the terminal device 230 based on the device type and/or device capabilities indicated by the preconfigured rules or policies of the terminal device 230. In such embodiments, the pre-configured rules or policies may be stored locally by the core network device 210. The scope of the present disclosure is not limited in this respect.
415. As an example, the core network device 210 may determine 415 that the access procedure is in an online subscription phase.
420. Then, the core network device 210 sends 420 the first indication information to the access network device 220 to indicate that the access of the terminal device 230 to the first cell 221 is restricted. The access network device 220 may store the first indication information. In the case where the core network device 210 has previously sent another indication information, the access network device 220 may update the stored another indication information with the first indication information.
425. The access network device 220 may determine 425 that the first cell 221 does not support the online subscription service based on the online subscription capability information of the first cell 221. The access network device 220 may control access to the first cell 221 for the terminal device 230 based on the first indication information and the online subscription capability of the first cell 221.
In the above embodiment, the access network device 220 may determine that access to the first cell 221 by the terminal device 230 should be restricted. 430. In this case, the access network device 220 sends 430 a third message to the terminal device 230, which may include at least one of a rejection indication, a rejection cause value, or a redirection indication for the terminal device.
435. After receiving the third message, the terminal device 230 performs 435 a cell reselection procedure with the access network device 220. The cell reselection procedure may be based on pre-existing criteria or mechanisms to be developed in the future and will not be described in detail herein. The scope of the present disclosure is not limited in this respect.
440. As another example, the core network device 210 may determine 440 that the access procedure is in a remote configuration phase. If the core network device 210 previously sends the first indication information to the access network device 220 to indicate to restrict the access of the terminal device 230 to the first cell 221, the core network device 210 may send 445 second indication information to the access network device 220 to indicate to cancel the access restriction to the first cell 221. In this case, the access network device 220 may update the previously stored first indication information with the second indication information.
As yet another example, in case the core network device 210 determines 440 that the access procedure is in the remote configuration phase, the core network device 210 may also send first indication information to the access network device 220 indicating that access to the first cell 221 is restricted. In this case, the access network device 220 and the terminal device 230 may perform similar operations as 430 and 435. The scope of the present disclosure is not limited in this respect.
Although in process 400, access network device 220 is depicted as performing 415 first and performing 420 first, i.e., determining the stage at which the access procedure is performed and then determining the online subscription capability of first cell 221, the performance of process 400 is not dependent on the order of 415, 420. For example, in some alternative embodiments, the core network device 210 may determine the online subscription capability of the first cell 221, and then determine the stage of the access procedure of the terminal device 230, that is, execute 420 and then execute 415. In other example embodiments, the determination of the stage at which the access procedure is performed and the online subscription capability of the first cell 221 may also be performed in parallel. The scope of the present disclosure is not limited in this respect.
According to the above described example embodiments, a scheme is provided for controlling access of a terminal device to a network. The scheme is realized at the side of the access network, and the terminal equipment can obtain subscription or certificate information only through the cell supporting the online subscription service under the condition of not changing the cell selection or cell switching mechanism at the side of the terminal equipment. The scheme can also flexibly set whether the same access restriction is applied in the subsequent access process. In this way, the cell load can be reduced, the network security can be guaranteed, and the performance of the communication system can be improved.
According to still further embodiments of the present disclosure, an enhanced cell selection or cell reselection mechanism may be implemented at a terminal device. For example, fig. 5 shows an interaction signaling diagram of a specific communication process 500 according to the above-described scheme. As shown in fig. 5, communication process 500 involves core network device 210, access network device 220, and terminal device 230. It should be understood that the communication process shown in fig. 5 is exemplary only, and not limiting. Embodiments of the present disclosure may include interactive signaling not shown in fig. 5, or omit some of the signaling shown in fig. 5.
505. The access network device 220 sends 505 an online subscription capability indication to the terminal device 230. The online subscription capability indication may include online subscription capability information of the cells 221 to 223 of the access network device 220. For example, the access network device 220 may broadcast a message including an online subscription capability indication, which may be a system message, to terminal devices within its coverage area, and may include a network identification, scheduling information, configuration parameters, cell access related information, and so on, in addition to the online subscription capability indication.
In some example embodiments, after the AS of the terminal device 230 receives the messages broadcast from the plurality of access network devices, the AS transmits the relevant parameters and indication information in the messages to the NAS layer. The NAS layer of the terminal device 230 may select an access network device supporting the online subscription service according to the online subscription capability indication, and instruct the AS layer to select a cell supporting the online subscription provided by the access network device for residing on the basis of the online subscription capability indication.
510. For example, the NAS layer of the terminal device 230 determines that the network provided by the access network device 220 supports the online subscription service, and thus instructs the AS layer to determine 510 candidate cells, such AS the second cell 222 and the third cell 223, that support online subscription from the cells 221 to 223 of the access network device 220 based on the online subscription capability information.
515. The AS layer of the terminal device 230 may select 515 the second cell 222 from the candidate cells 222 and 223 for camping and send 520 an online subscription request for the second cell 222 to the access network device 220. It should be understood that the terminal device 230 may determine the cell for camping from the candidate cells based on any existing or future-developed criteria, and thus will not be described herein. The scope of the present disclosure is not limited in this respect.
525. After receiving the online subscription request, the access network device 220 and the core network device 210 may perform 525 an online subscription procedure with the terminal device 230.
530. After the online subscription procedure is completed, the core network device 210 sends 530 a fourth message to the terminal device 230 to indicate that the online subscription is completed. After receiving the fourth message, the terminal device 230 may store the fourth message.
As previously described, once the online subscription procedure is completed, subsequent access procedures (such as remote configuration, mobility-triggered cell reselection, or cell handover) by the terminal device 230 with the access network device 220 may not be affected by the online subscription capability of the cell and thus may not be subject to access restriction. Of course, the same access restrictions may be applied to subsequent access procedures.
535. As an example, after receiving the fourth message, terminal device 230 may determine 535 that cell reselection needs to be based on the online subscription capability information. In this case, the AS layer of the terminal device 230 still considers the online subscription capability information during cell reselection. In this case, the terminal device 230 may reselect 545 a cell for camping among the cells 222 and 223 of the access network device 220 that support online subscription.
540. As another example, after receiving the fourth message, terminal device 230 may determine 540 that the cell reselection need not be based on the online subscription capability information. The NAS layer of terminal device 230 may instruct the AS layer to cancel the restriction of cell selection.
545. In this case, the terminal device 230 may reselect 545 a cell for camping among all cells of the access network device 220.
It should be appreciated that other steps of cell reselection may be based on any criteria that already exists or will be developed in the future and thus will not be described in detail herein. The scope of the present disclosure is not limited in this respect.
According to the example embodiments described above, an enhanced cell selection mechanism is provided. Through the mechanism, the terminal device can dynamically consider the online subscription capability of the cell when carrying out cell selection or cell reselection. For example, when the terminal device requests to access the network to obtain subscription or credential information, the cell supporting the online subscription service may be selected according to the online subscription capability of each cell, thereby effectively reducing the load of the common cell. After the online subscription is completed, the terminal device may consider whether to apply cell access restriction. In this way, the cell load balance can be realized, the network security can be ensured, and the performance of the communication system can be improved.
The communication procedure in the exemplary embodiment described in connection with fig. 3 will be explained in detail below with reference to fig. 6. Fig. 6 illustrates a flow diagram of a method 600 according to some embodiments of the present disclosure. The method 600 may be implemented at a core network device. For example, the method 600 may be implemented at the core network device 210. For ease of discussion, the method 600 will be described below in conjunction with FIG. 2. It should be understood that the method 600 is equally applicable to other communication scenarios and devices.
At block 610, the core network device 210 receives a first message from the access network device 220. The first message may include a cell identity of a first cell 221 of the access network device 220 to which the terminal device 230 is to access. For example, the first message may be an NGAP message.
At block 620, the core network device 210 determines that the first cell 221 does not support online subscription based on the cell identity of the first cell 221.
In some example embodiments, the core network device 210 may receive cell capability information from the access network device 220. The cell capability information may include a cell identification for at least one cell of the access network apparatus 220 and an online subscription capability corresponding to the at least one cell, including the first cell 221. In such an embodiment, the core network device 210 may determine that the first cell 221 does not support the online subscription based on the cell capability information and the cell identity of the first cell 221 obtained from the first message.
In some example embodiments, the core network device 210 may receive the update message from the access network device 220. The update message may indicate an update to previously received cell capability information.
In some example embodiments, the first message may also indicate an online subscription capability of the first cell 221, and the core network device 210 may determine that the first cell 221 does not support online subscription based on the cell identity of the first cell 221 and the online subscription capability of the first cell 221.
At block 630, the core network device 210 controls access to the first cell 221 for the terminal device 230.
In some example embodiments, the core network device 210 may restrict access of the terminal device 230 to the first cell 221. In such an embodiment, the core network device 210 may send the second message to the terminal device 230. The second message may include at least one of: a rejection indication, a rejection cause value, or a redirection indication.
In some example embodiments, the core network device 210 may determine to restrict access of the terminal device 230 to the first cell 221 based on at least one of: the first message includes an online subscription indication, a failure of the terminal device 230 to be authorized by the credential server, or the absence of a user plane context for the terminal device 230 in the network.
In some example embodiments, the core network device 210 may determine that access by the terminal device 230 to the first cell 221 is in an online subscription phase. Based on the determination, the core network device 210 may restrict access of the terminal device 230 to the first cell 221 and send a second message to the terminal device 230. The second message includes at least one of: a rejection indication, a rejection cause value, or a redirection indication.
In other example embodiments, the core network device 210 may determine that the access of the terminal device 230 to the first cell 221 is in the remote configuration phase. Based on the above determination, the core network device 210 may determine not to restrict the access of the terminal device 230 to the first cell 221.
Alternatively, if it is determined that the access of the terminal device 230 to the first cell 221 is in the remote configuration phase, the core network device 210 may restrict the access of the terminal device 230 to the first cell 221.
The core network device 210 may determine the phase at which the access is based on whether the online subscription indication is included in the first message. For example, if an online subscription indication is included in the first message, the access is in an online subscription phase. If the online subscription indication is not included in the first message, the access is in a remote provisioning phase.
The core network device 210 may determine the phase at which the access is based on the credential server's authorization of the terminal device 230. For example, if the credential server fails to authorize the terminal device 230, access is in the online subscription phase. If the credential server's authorization of the terminal device 230 is successful, the access is in the remote configuration phase.
The core network device 210 may determine the stage at which access is based on whether a user plane context exists in the network for the terminal device 230. For example, if there is no user plane context for the terminal device 230 in the network, the access is in the online subscription phase. If there is a user plane context for the terminal device 230 in the network, the access is in the remote configuration phase.
The communication procedure in the exemplary embodiment described in connection with fig. 4 will be explained in detail below with reference to fig. 7. Fig. 7 illustrates a flow diagram of a method 700 according to some embodiments of the present disclosure. The method 700 may be implemented at an access network device. For example, the method 700 may be implemented at the access network device 220. For ease of discussion, the method 700 will be described below in conjunction with fig. 2. It should be understood that the method 700 is equally applicable to other communication scenarios and devices.
At block 710, the access network device 220 sends a first message to the core network device 210. The first message may include a cell identity of a first cell 221 of the access network device 220 to which the terminal device 230 is to access.
At block 720, the access network device 220 receives first indication information from the core network device 210 regarding access of the first cell 221. The first indication information may indicate whether to restrict the access of the terminal device 230 to the first cell 221.
At block 730, the access network device 220 determines that the first cell 221 does not support online subscription.
At block 740, the access network device 220 controls access to the first cell 221 for the terminal device 230 based on the first indication information. In embodiments where the first indication information indicates to restrict access of the terminal device 230 to the first cell 221, the access network device 220 may send a third message to the terminal device 230. The third message may include at least one of: a rejection indication, a rejection cause value, or a redirection indication for the terminal device 230.
In some example embodiments, the access network device 220 receives the second indication information from the core network device. The second indication information indicates that the restriction of access to the first cell 221 is canceled. In such an example embodiment, the second indication information may indicate that the access restriction to first cell 2210 is cancelled.
The communication process in the example embodiment described in connection with fig. 5 will be described in detail below with reference to fig. 8 shows a flow chart of a method 800 according to some embodiments of the present disclosure. The method 800 may be implemented at a terminal device. For example, method 800 may be implemented at terminal device 230. For ease of discussion, the method 800 will be described below in conjunction with FIG. 2. It should be understood that the method 800 is equally applicable to other communication scenarios and devices.
At block 810, the terminal device 230 receives an online subscription capability indication from the access network device 220. The online subscription capability indication may include online subscription capability information of at least one cell (e.g., the first cell 221, the second cell 222, and the third cell 223) of the access network device 220.
At block 820, the terminal device 230 selects a second cell 222 supporting online subscription from the at least one cell based on the online subscription capability information.
In some example embodiments, the terminal device 230 may determine candidate cells for supporting online subscription, such as the second cell 222 and the third cell 223, of the at least one cell 221 to 223 based on the online subscription capability information. The terminal device 230 may then select a second cell 222 from the candidate cells 222 and 223 for camping. In the above embodiment, the determination of the candidate cells 222 and 223 is implemented at the AS layer of the terminal device 230.
At block 830, the terminal device 230 sends an online subscription request for the second cell 222 to the access network device 220.
In some example embodiments, the terminal device 230 may receive the fourth message from the core network 210 device. The fourth message may indicate that the online subscription is complete. In response to the fourth message, the terminal device 230 may perform cell reselection or cell handover for at least one cell 221 to 223. For example, cell reselection or cell handover need not be based on online subscription capability information.
In other example embodiments, the terminal device 230 may also perform cell reselection or cell handover for at least one of the cells 221 to 223 based on the online subscription capability information.
The communication method provided in the embodiment of the present application is described in detail above with reference to fig. 3 to 8. Hereinafter, the communication device according to the embodiment of the present application will be described in detail with reference to fig. 9 to 10.
Fig. 9 is a schematic block diagram of a communication device provided in an embodiment of the present application. As shown in fig. 9, the apparatus 900 may include a processing unit 910 and a transceiving unit 920. The processing unit 910 is configured to control and manage the operation of the communication device, for example, the processing unit 910 is configured to execute steps of information/data processing on the communication device. The transceiving unit 920 is used to support the step of information/data transmission or reception by the communication device.
In one possible embodiment, the transceiving unit 920 may be further divided into a transmitting unit and a receiving unit.
In a possible embodiment, the communication device may further comprise a storage module for storing program code and data usable by the communication device.
In one possible design, the apparatus 900 may be the core network device in the above method embodiment, and may also be a module (e.g., a chip) applied to the core network device. The apparatus 900 may be configured to perform the steps or processes corresponding to the core network devices in the methods 300 to 800. In particular, the amount of the solvent to be used,
the transceiving unit 920 is configured to: receiving a first message from an access network device, wherein the first message comprises a cell identification of a first cell of the access network device to which a terminal device is to access;
the processing unit 910 is configured to: determining that the first cell does not support online subscription based on the cell identity of the first cell; and controlling access to the first cell for the terminal device.
Optionally, the transceiving unit 920 is further configured to: receiving cell capability information from the access network device, the cell capability information including a cell identifier and a corresponding online subscription capability for at least one cell of the access network device, the at least one cell including the first cell; and
the processing unit 910 is further configured to: and determining that the first cell does not support the online subscription based on the cell capability information and the cell identifier of the first cell.
Optionally, the transceiving unit 920 is further configured to: receiving an update message from the access network device, the update message indicating an update to the cell capability information.
Optionally, the processing unit 910 is further configured to: and determining that the first cell does not support the online subscription according to the cell identification of the first cell and the online subscription capability of the first cell.
Optionally, the processing unit 910 is further configured to: and limiting the access of the terminal equipment to the first cell.
Optionally, determining to restrict access by the terminal device to the first cell is based on at least one of:
the first message comprises an online signing instruction;
the authorization of the terminal equipment by the certificate server fails; or
There is no user plane context for the terminal device.
Optionally, the processing unit 910 is further configured to: determining that access to the first cell by the terminal device is in an online subscription phase, and wherein controlling access to the first cell comprises:
the processing unit 910 is further configured to: and limiting the access of the terminal equipment to the first cell.
Optionally, the transceiving unit 920 is further configured to: sending a second message to the terminal device, the second message including at least one of: a rejection indication, a rejection cause value, or a redirection indication.
Optionally, the processing unit 910 is further configured to: and determining that the access of the terminal equipment to the first cell is in a remote configuration stage, and determining that the access of the terminal equipment to the first cell is not limited.
Optionally, the processing unit 910 determines that the access of the terminal device to the first cell is in a remote configuration phase, and restricts the access of the terminal device to the first cell.
Optionally, the processing unit 910 determines that the access is in the online subscription phase based on at least one of:
if the first message comprises an online signing instruction, the access is in the online signing stage;
if the authorization of the terminal equipment by the certificate server fails, the access is in the online signing stage; or
If no user plane context exists for the terminal device, the access is in the online subscription phase.
Optionally, the processing unit 910 determines that the access is in the remote configuration phase based on at least one of:
if the first message does not include the online signing instruction, the access is in the remote configuration stage;
if the credential server successfully authorizes the terminal device, the access is in the remote configuration phase; or
If the user plane context exists, the access is in the remote configuration phase.
In a possible design, the apparatus 900 may be the access network device in the foregoing method embodiment, and may also be a module (e.g., a chip) applied to the access network device. The apparatus 900 may be configured to perform the steps or processes corresponding to the access network device in the methods 300 to 800. In particular, the amount of the solvent to be used,
the transceiving unit 920 is configured to: sending a first message to core network equipment, wherein the first message comprises a cell identifier of a first cell of the access network equipment to which terminal equipment is to be accessed; receiving first indication information on access of the first cell from the core network device;
the processing unit 910 is configured to: determining that the first cell does not support online subscription; and controlling access to the first cell for the terminal device based on the first indication information.
Optionally, the first indication information indicates that the access of the terminal device to the first cell is restricted, and wherein controlling the access of the first cell includes:
the processing unit 910 is further configured to: and limiting the access of the terminal equipment to the first cell.
Optionally, the limiting the access of the terminal device to the first cell includes:
the processing unit 910 is further configured to: sending a third message to the terminal device through the transceiving unit 920, the third message including at least one of: a rejection indication, a rejection cause value, or a redirection indication for the terminal device.
Optionally, the transceiving unit 920 is further configured to: receiving second indication information from the core network device, the second indication information indicating that restriction of access to the first cell is canceled.
In a possible design, the apparatus 900 may be the terminal device in the above method embodiment, and may also be a module (e.g., a chip) applied to the terminal device. The apparatus 900 may be configured to perform the steps or processes corresponding to the terminal device in the methods 300 to 800. In particular, the amount of the solvent to be used,
the transceiving unit 920 is configured to: receiving an online signing capacity indication from an access network device, wherein the online signing capacity indication comprises online signing capacity information of at least one cell of the access network device, and the online signing capacity information of the at least one cell comprises a cell identifier and corresponding online signing capacity of the at least one cell of the access network device;
the processing unit 910 is configured to: selecting a second cell from the at least one cell based on the online subscription capability information of the at least one cell, the second cell supporting online subscription; and
the transceiving unit 920 is further configured to: and sending an online signing request aiming at the second cell to the access network equipment.
Optionally, the processing unit 910 is further configured to: determining a candidate cell supporting online subscription in the at least one cell based on the online subscription capability information of the at least one cell; and selecting the second cell from the candidate cells for camping,
wherein the determination of the candidate cell is performed at an access stratum of the terminal device.
Optionally, the transceiving unit 920 is further configured to receive a fourth message from the core network device, where the fourth message indicates that the online subscription is completed; and
the processing unit 910 is further configured to: and performing cell reselection or cell handover aiming at the at least one cell, wherein the cell reselection or cell handover is not required to be based on the online subscription capability information of the at least one cell.
Optionally, the processing unit 910 is further configured to: and performing cell reselection or cell handover for the at least one cell based on the online subscription capability information of the at least one cell.
It should be appreciated that the apparatus 900 herein is embodied in the form of a functional unit. The term unit herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor), and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an optional example, it may be understood by those skilled in the art that the apparatus 900 may be specifically a core network device in the foregoing embodiment, and may be configured to execute each procedure and/or step corresponding to the core network device in the foregoing embodiment, or the apparatus 900 may be specifically a terminal device in the foregoing embodiment, and may be configured to execute each procedure and/or step corresponding to the terminal device in the foregoing embodiment, or the apparatus 900 may be specifically an access network device in the foregoing embodiment, and may be configured to execute each procedure and/or step corresponding to the access network device in the foregoing embodiment, so as to avoid repetition, and details are not described herein again.
The apparatus 900 in each of the above solutions has a function of implementing corresponding steps executed by the core network device in the above method, or the apparatus 900 in each of the above solutions has a function of implementing corresponding steps executed by the terminal device in the above method, or the apparatus 900 in each of the above solutions has a function of implementing corresponding steps executed by the access network device in the above method. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software comprises one or more modules corresponding to the functions; for example, the communication unit may be replaced by a transceiver (for example, the transmitting unit in the communication unit may be replaced by a transmitter, and the receiving unit in the communication unit may be replaced by a receiver), and other units, such as a processing unit and the like, may be replaced by a processor, to respectively perform the transceiving operation and the related processing operation in each method embodiment.
Furthermore, the communication unit may also be a transceiver circuit (for example, may include a receiving circuit and a transmitting circuit), and the processing unit may be a processing circuit.
Fig. 10 shows a communication apparatus 1000 provided in an embodiment of the present application. The apparatus 1000 includes a processor 1010 and a transceiver 1020. Wherein, the processor 1010 and the transceiver 1020 communicate with each other through the internal connection path, and the processor 1010 is configured to execute instructions to control the transceiver 1020 to transmit and/or receive signals.
Optionally, the apparatus 1000 may further include a memory 1030, the memory 1030 and the processor 1010, the transceiver 1020 being in communication with each other via an internal connection. The memory 1030 is configured to store instructions, and the processor 1010 is configured to execute the instructions stored in the memory 1030. In a possible implementation manner, the apparatus 1000 is configured to implement each flow and step corresponding to the core network device in the foregoing method embodiment. In another possible implementation manner, the apparatus 1000 is configured to implement each procedure and step corresponding to the access network device in the foregoing method embodiment. In still another possible implementation manner, the apparatus 1000 is configured to implement each flow and step corresponding to the terminal device in the foregoing method embodiment.
It should be understood that the apparatus 1000 may be embodied as a core network device, an access network device, or a terminal device in the foregoing embodiments, and may also be a chip or a chip system. Correspondingly, the transceiver 1020 may be a transceiver circuit of the chip, which is not limited herein. Specifically, the apparatus 1000 may be configured to perform each step and/or procedure corresponding to the core network device, the access network device, or the terminal device in the foregoing method embodiments. Alternatively, the memory 1030 may include a read-only memory and a random access memory, and provides instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store device type information. The processor 1010 may be configured to execute instructions stored in the memory, and when the processor 1010 executes the instructions stored in the memory, the processor 1010 is configured to perform the various steps and/or processes of the above-described method embodiments corresponding to a core network device, an access network device, or a terminal device. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor. To avoid repetition, it is not described in detail here.
It should be noted that the processor in the embodiments of the present application may be an integrated circuit chip having signal processing capability. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The processor described above may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
It will be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM, enhanced SDRAM, SLDRAM, synchronous Link DRAM (SLDRAM), and direct rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
According to the method provided by the embodiment of the present application, the present application further provides a computer program product, which includes: computer program code which, when run on a computer, causes the computer to execute the core network device, the access network device or the terminal device of the embodiments shown in fig. 3 to 8.
According to the method provided by the embodiment of the present application, a computer-readable storage medium is further provided, where the computer-readable storage medium stores program codes, and when the program codes are executed on a computer, the computer is caused to execute the core network device, the access network device, or the terminal device in the embodiments shown in fig. 3 to 8.
According to the method provided by the embodiment of the present application, the present application further provides a communication system, which may include a core network device, an access network device, and other network elements in the embodiments shown in fig. 3 to fig. 8.
The embodiments shown in fig. 3 to 8 in the above-mentioned respective apparatus embodiments and method embodiments fully correspond, and the respective steps are performed by respective modules or units, for example, the communication unit (transceiver) performs the steps of receiving or transmitting in the method embodiments, and other steps besides transmitting and receiving may be performed by the processing unit (processor). The function of a particular element may be based on the corresponding method embodiment. The number of the processors may be one or more.
In the embodiments of the present application, each term and english abbreviation is an exemplary example given for convenience of description and should not be construed as limiting the present application in any way. This application is not intended to exclude the possibility that other terms may be defined in existing or future protocols to carry out the same or similar functions.
In the embodiments of the present application, the first, second and various numerical numbers are only used for convenience of description and are not used to limit the scope of the embodiments of the present application. For example, different core network devices are distinguished, different attribute information is distinguished, and the like.
As used in this specification, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components can reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers. In addition, these components can execute from various computer readable storage media having various data structures stored thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from two components interacting with another component in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal).
Those of ordinary skill in the art will appreciate that the various illustrative logical blocks and steps (step) described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may be based on the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
In the above embodiments, the functions of the functional units may be fully or partially implemented by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions (programs). The procedures or functions described in accordance with the embodiments of the present application are generated in whole or in part when the computer program instructions (programs) are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (25)
1. A method for communication, the method comprising:
the method comprises the steps that core network equipment receives a first message from access network equipment, wherein the first message comprises a cell identification of a first cell of the access network equipment to which terminal equipment is accessed;
the core network equipment determines that the first cell does not support online subscription based on the cell identifier of the first cell; and
and the core network equipment controls the access of the terminal equipment to the first cell.
2. The method of claim 1, further comprising:
the core network device receives cell capability information from the access network device, where the cell capability information includes a cell identifier and a corresponding online subscription capability of at least one cell of the access network device, and the at least one cell includes the first cell; and
and the core network equipment determines that the first cell does not support the online subscription based on the cell capability information and the cell identifier of the first cell.
3. The method of claim 2, further comprising:
the core network device receives an update message from the access network device, the update message indicating an update to the cell capability information.
4. The method of claim 1, wherein the first message further indicates an online subscription capability of the first cell, and wherein the method further comprises:
and the core network equipment determines that the first cell does not support the online subscription based on the cell identifier of the first cell and the online subscription capability of the first cell.
5. The method of claim 1, wherein controlling access to the first cell comprises:
and the core network equipment limits the access of the terminal equipment to the first cell.
6. The method of claim 5, wherein determining to restrict access to the first cell by the terminal device is based on at least one of:
the first message comprises an online signing instruction;
the authorization of the terminal equipment by the certificate server fails; or
There is no user plane context for the terminal device.
7. The method of claim 5, further comprising:
the core network device determines that the access of the terminal device to the first cell is in an online subscription stage, and controlling the access of the first cell includes:
and the core network equipment limits the access of the terminal equipment to the first cell.
8. The method according to claim 5 or 7, wherein the core network device restricting the terminal device from accessing the first cell comprises:
the core network equipment sends a second message to the terminal equipment, wherein the second message comprises at least one of the following items: a rejection indication, a rejection cause value, or a redirection indication.
9. The method of claim 1, further comprising:
the core network device determining that the access of the terminal device to the first cell is in a remote configuration phase, and controlling the access to the first cell comprises:
the core network device determines not to limit the access of the terminal device to the first cell.
10. The method of claim 1, further comprising:
the core network equipment determines that the access of the terminal equipment to the first cell is in a remote configuration stage, and
wherein controlling access to the first cell comprises:
and the core network equipment limits the access of the terminal equipment to the first cell.
11. The method according to any of claims 7 to 10, wherein the core network device determines that the access is in the online subscription phase based on at least one of:
if the first message comprises an online signing instruction, the access is in the online signing stage;
if the authorization of the terminal equipment by the certificate server fails, the access is in the online signing stage; or
If no user plane context exists for the terminal device, the access is in the online subscription phase.
12. The method according to any of claims 7 to 10, wherein the core network device determines that the access is in the remote configuration phase based on at least one of:
if the first message does not comprise the online signing indication, the access is in the remote configuration stage;
if the authorization of the terminal equipment by the credential server is successful, the access is in the remote configuration phase; or
If the user plane context exists, the access is in the remote configuration phase.
13. A method for communication, the method comprising:
the method comprises the steps that access network equipment sends a first message to core network equipment, wherein the first message comprises a cell identifier of a first cell of the access network equipment to which terminal equipment is to be accessed;
the access network device receiving first indication information about access of the first cell from the core network device;
the access network equipment determines that the first cell does not support online subscription; and
and the access network equipment controls the access of the first cell aiming at the terminal equipment based on the first indication information.
14. The method of claim 13, wherein the first indication information indicates that access to the first cell by the terminal device is restricted, and wherein controlling access to the first cell comprises:
and the access network equipment limits the access of the terminal equipment to the first cell.
15. The method of claim 13, wherein the access network device restricting access to the first cell by the terminal device comprises:
the access network equipment sends a third message to the terminal equipment, wherein the third message comprises at least one of the following items: a rejection indication, a rejection cause value, or a redirection indication for the terminal device.
16. The method of claim 14, further comprising:
the access network device receives second indication information from the core network device, where the second indication information indicates that the restriction on access to the first cell is cancelled.
17. A method for communication, the method comprising:
the method comprises the steps that a terminal device receives an online signing capacity indication from an access network device, wherein the online signing capacity indication comprises online signing capacity information of at least one cell of the access network device, and the online signing capacity information of the at least one cell comprises a cell identification and corresponding online signing capacity of the at least one cell of the access network device;
the terminal equipment selects a second cell from the at least one cell based on the online signing capacity information of the at least one cell, wherein the second cell supports online signing; and
and the terminal equipment sends an online signing request aiming at the second cell to the access network equipment.
18. The method of claim 17, wherein selecting the second cell comprises:
the terminal equipment determines a candidate cell supporting online subscription in the at least one cell based on the online subscription capability information of the at least one cell; and
the terminal device selects the second cell from the candidate cells for camping,
wherein the determination of the candidate cell is performed at an access stratum of the terminal device.
19. The method of claim 17, further comprising:
the terminal device receives a fourth message from the core network device, wherein the fourth message indicates that the online subscription is completed; and
and the terminal equipment performs cell reselection or cell switching aiming at the at least one cell, wherein the cell reselection or cell switching does not need to be based on the online subscription capability information of the at least one cell.
20. The method of claim 17, further comprising:
and the terminal equipment performs cell reselection or cell switching aiming at the at least one cell based on the online subscription capability information of the at least one cell.
21. A core network device, characterized in that the core network device comprises:
at least one processing unit; and
at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, the instructions when executed by the at least one processing unit cause the core network device to implement the method of any of claims 1-12.
22. An access network device, wherein the access network comprises:
at least one processing unit; and
at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, the instructions when executed by the at least one processing unit cause the access network to implement the method of any of claims 13-16.
23. A terminal device, characterized in that the terminal device comprises:
at least one processing unit; and
at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, the instructions when executed by the at least one processing unit cause the terminal device to implement the method of any of claims 17-20.
24. A computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs operations according to the method of any one of claims 1 to 12, any one of claims 13 to 16, or any one of claims 17 to 20.
25. A chip configured to perform operations of the method of any of claims 1 to 12, any of claims 13 to 16, or any of claims 17 to 20.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110533778.9A CN115348582A (en) | 2021-05-14 | 2021-05-14 | Method, communication device, medium and chip for online signing |
| PCT/CN2022/092776 WO2022237898A1 (en) | 2021-05-14 | 2022-05-13 | Onboarding method, communication apparatus, medium and chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110533778.9A CN115348582A (en) | 2021-05-14 | 2021-05-14 | Method, communication device, medium and chip for online signing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115348582A true CN115348582A (en) | 2022-11-15 |
Family
ID=83977906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110533778.9A Pending CN115348582A (en) | 2021-05-14 | 2021-05-14 | Method, communication device, medium and chip for online signing |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115348582A (en) |
| WO (1) | WO2022237898A1 (en) |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112543455B (en) * | 2019-01-31 | 2022-03-29 | 华为技术有限公司 | Communication method, device and system |
| CN112153757B (en) * | 2019-06-29 | 2023-03-10 | 华为技术有限公司 | Communication method, device and system |
-
2021
- 2021-05-14 CN CN202110533778.9A patent/CN115348582A/en active Pending
-
2022
- 2022-05-13 WO PCT/CN2022/092776 patent/WO2022237898A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022237898A1 (en) | 2022-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10798647B2 (en) | Network slice selection | |
| CN111263334B (en) | Configuring an electronic subscriber identity module for a mobile wireless device | |
| EP3570574B1 (en) | Method and device for node addition | |
| US20230069252A1 (en) | Communication Method and Communication Apparatus | |
| EP3986007A1 (en) | Method, device, and system for selecting session management network element | |
| CN110786034A (en) | Privacy considerations for network slice selection | |
| CN113727342B (en) | Network registration method and device | |
| AU2019383599A9 (en) | Method, apparatus, and system for obtaining capability information of terminal | |
| US20160337922A1 (en) | RAN-WLAN Traffic Steering | |
| CN113891427A (en) | Communication method and device | |
| WO2022169693A1 (en) | Roaming between public and non-public 5g networks | |
| US20240196316A1 (en) | Systems and methods for inhomogeneous slice support | |
| WO2021244389A1 (en) | Communication method and related communication apparatus, and medium and chip | |
| WO2020034107A1 (en) | Network access method, terminal device and network device | |
| US20220256337A1 (en) | Methods, UE and Network Node for Handling System Information | |
| JP7053878B2 (en) | Improved cell access procedure | |
| CN113596865B (en) | Simultaneous use of network slices via dual connections | |
| WO2022021139A1 (en) | Method and apparatus for subscribing and provisioning | |
| CN115348582A (en) | Method, communication device, medium and chip for online signing | |
| CN115884153A (en) | Communication method and device | |
| WO2024216828A1 (en) | Systems and methods for supporting ue authentication and security | |
| WO2023123218A1 (en) | Method for requesting network slice, device, storage medium, and program product | |
| WO2024001631A1 (en) | Network access method and communication apparatus | |
| US20230209521A1 (en) | Method and apparatus for using slicing information, and device and storage medium | |
| AU2016102415A4 (en) | Network slice selection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |