CN115623576A

CN115623576A - Data synchronization method, device and system

Info

Publication number: CN115623576A
Application number: CN202110789204.8A
Authority: CN
Inventors: 邵国强
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2021-07-13
Filing date: 2021-07-13
Publication date: 2023-01-17
Also published as: WO2023284623A1

Abstract

The embodiment of the application provides a data synchronization method, a data synchronization device and a data synchronization system, wherein the data synchronization method specifically comprises a subscription process, a query process, a data change process, a data verification process and the like between SEPP/SCP. The data synchronization method can realize the data sharing among a plurality of SEPP/SCP, and improve the disaster tolerance capability of the system. Moreover, pool can be formed between the SEPP/SCP, and the flexible networking capability of the system is improved. The data synchronization method does not need to build a database, and the data to be synchronized are respectively stored in the SEPP/SCP, namely, the data synchronization method provides a light-weight data synchronization scheme.

Description

Data synchronization method, device and system

Technical Field

The present application relates to the field of communications technologies, and in particular, to a data synchronization method, apparatus, and system.

Background

Third generation partnership project (3) ^rd generationnpartnershirject, 3 GPP) defines a security and edge proxy (SEPP) or Service Communication Proxy (SCP) as a fifth generation mobile communication core network (5) for the mobile communication ^th generationcore,5 GC). The SEPP serves as a protection agent for interfacing between operators, and is used for reducing the threat of a Network Function (NF) entity in the 5GC to a device outside the network when the NF entity cooperates across a network boundary. For example, the SEPP/SCP provides security services such as reverse proxy, encrypted transmission, topology hiding, network Address Translation (NAT), and the like. Wherein in different service scenarios, security is providedThe border gateway will generate the state data corresponding to the service. For example, the state data generated by the SEPP in the reverse proxy service scenario is a telescoping fully qualified domain name (TelescopicFQDN) mapping. Wherein the state data is generated by the designated security border gateway and exists only in the security border gateway that generated the state data.

Typically, an operator deploys multiple security border gateways in the same business scenario to implement disaster recovery deployment. That is, if one SEPP/SCP fails, other SEPP/SCPs can take over the service of the SEPP/SCP and ensure that the number of services/users that are not damaged or affected by the failure can converge quickly until all recovery. However, since the status data is generated by the designated SEPP/SCP and exists only in the SEPP/SCP that generated the status data, the SEPP/SCP handles the corresponding service depending on the status data. If the SEPP/SCP storing the state data fails, the service using the state data is damaged, and the failure effect cannot be converged quickly.

Disclosure of Invention

The embodiment of the application provides a data synchronization method, a device and a system, the data synchronization method can realize the state data sharing among a plurality of SEPP/SCPs, improve the disaster tolerance capability and the flexible networking capability of the system, and is beneficial to avoiding the damage of related services in the network caused by the failure of the SEPP/SCP for storing the state data.

In a first aspect, an embodiment of the present application provides a data synchronization method, where the data synchronization method is performed by a first security border gateway. The first security border gateway receives a subscription request message, wherein the subscription request message comprises second security border gateway information and a first data type requesting subscription. The first security border gateway sends a subscription success response message to the second security border gateway when the first data type is allowed to be subscribed. Therefore, when the subscription condition is met, the first safety boundary gateway allows the second safety boundary gateway to subscribe the first data, so that the data sharing of the first safety boundary gateway and the second safety boundary gateway is realized, and the disaster tolerance capability and the flexible networking capability of the system are improved.

In one possible design, the subscription success response message sent by the first secure border gateway to the second secure border gateway includes data of the first data type. It can be seen that, when the second secure border gateway succeeds in subscription, the first secure border gateway can directly carry the data of the first data type in the subscription success response message.

In one possible design, the first secure border gateway sends a subscription failure response message to the second secure border gateway when the subscription to the first data type is not allowed.

In one possible design, the first security border gateway establishes a transport layer security, TLS, link with the second security border gateway before the first security border gateway receives the subscription request message. It can be seen that the TLS link is used between the first security border gateway and the second security border gateway, and the security certificate signature and the subject domain are used for performing bidirectional verification, which is beneficial to improving the security of data transmission between the first security border gateway and the second security border gateway.

In one possible design, the first security border gateway sends session data negotiated by the N32 docking security protocol PRINS scenario to the second security border gateway, where the session data includes one or more of a shared key, an encryption algorithm, and a protection policy. Therefore, the first safety boundary gateway allows the first safety boundary gateway and the second safety boundary gateway to share the session data negotiated by the PRINS scene, the disaster tolerance capability is improved, and the situation that the network fault cannot be rapidly converged when the first safety boundary gateway is in fault is avoided.

In one possible design, the first security border gateway receives a route request message from a network function entity and encrypts the route request message with a shared key. Therefore, data transmitted between the first security border gateway and the SEPP at the opposite end in the PRINS scene are encrypted and transmitted by adopting the N32 context, which is beneficial to ensuring the security of data transmission.

In one possible design, the first security border gateway replaces an external address in the signaling message with a specified fully qualified domain name, FQDN, when communicating with the network function entity and sends the replaced signaling message to the network function entity. It can be seen that the first secure border gateway can implement a reverse proxy function, which is beneficial to improving the security of the network.

In one possible design, the first security border gateway receives first signaling from the network function entity and replaces the first IP address and the first FQDN in the first signaling with the second IP address and the second FQDN. The first safety boundary gateway records the mapping relation between the first IP address and the second IP address and the mapping relation between the first FQDN and the second FQDN. And the first safety border gateway receives a second signaling carrying a second IP address and a second FQDN, and updates the second IP address and the second FQDN into a first IP address and a first FQDN respectively. Therefore, the first safety boundary gateway can realize the topology hiding function, and is beneficial to improving the safety of the network.

In one possible design, the first security border gateway maps the IP address in the first message sent by the first local area network to an address recognizable by the second local area network, and records the mapping relationship between the IP address in the first message and the address recognizable by the second local area network. It can be seen that the first secure border gateway can implement a network address translation function, which is beneficial to improving the security of the network.

In one possible design, the first security border gateway records one or more of second security border gateway information, the first data type, and a callback address of the second security border gateway.

In one possible design, the first security border gateway receives a query request message that includes the second security border gateway information and a second data type requesting the query. When the second security border gateway meets the query condition, the first security border gateway obtains query data of the second data type and sends a query success response message to the second security border gateway, wherein the query success response message comprises the query data. Therefore, when the second safety boundary gateway needs to reacquire the data of the first safety boundary gateway after data loss or system failure restart, the second safety boundary gateway can continue to acquire the data of the first safety boundary gateway under the condition of meeting the query condition, which is beneficial to realizing disaster recovery deployment.

In one possible design, the second security border gateway satisfying the query condition includes one or more of: the first security border gateway establishes a transport layer security, TLS, link with a second security border gateway, the first security border gateway allowing querying for the second data type, the first security border security gateway having recorded the second data type.

In one possible design, the first border gateway sends a query failure response message to the second border gateway when the second border gateway does not satisfy the query condition.

In one possible design, when the local data of the first security border gateway changes, the first security border gateway obtains a locally recorded subscriber information list, which includes one or more second security border gateways. When the data type subscribed by any second security border gateway in the subscriber information list is a changed data type, the first security border gateway sends a data change notification message to the second security border gateway according to the callback address of the second security border gateway. Wherein the data change notification message includes one or more of first security border gateway information, a change data type, change content, a first timestamp, and a sequence number of the notification message. It can be seen that when the local data of a first security border gateway changes, the first security border gateway can notify a second security border gateway that has subscribed to the local data to change the local data, which is beneficial to ensuring data synchronization between the first security border gateway and the second security border gateway.

In one possible design, after the first secure border gateway obtains the locally recorded subscriber information list, when none of the data types subscribed by all the second secure border gateways in the subscriber information list is a changed data type, the first secure border gateway stops executing the data change notification procedure.

In one possible design, the first security border gateway sends a data check request message to a second security border gateway in the locally recorded subscriber information list, the data check request message including local data and a check data range of the first security border gateway. When the local data of the first security border gateway is inconsistent with the local data of any second security border gateway in the subscriber information list, the first security border gateway sends a data synchronization request message to the inconsistent second security border gateway. The data synchronization request message includes one or more of a synchronization data range, a second timestamp, a sequence number of the request message. It can be seen that the first security border gateway can periodically verify the shared data with the second security border gateway to ensure data synchronization between the first security border gateway and the second security border gateway.

In a second aspect, embodiments of the present application provide another data synchronization method, which is performed by a second security border gateway. Wherein the second security border gateway sends a subscription request message to the first security border gateway, the subscription request message including second security border gateway information and the first data type requesting subscription. When the first security border gateway allows subscription to the first data type, the second security border gateway receives a subscription success response message. Therefore, when the subscription condition is met, the second safe border gateway can subscribe the data of the first safe border gateway, the data sharing of the first safe border gateway and the second safe border gateway is realized, and the disaster tolerance capability and the flexible networking capability of the system are improved.

In one possible design, the subscription success response message received by the second security border gateway includes data of the first data type.

In one possible design, the second security border gateway receives a subscription failure response message when the first security border gateway does not allow subscription to the first data type.

In one possible design, before the second secure border gateway sends the subscription request message to the first secure border gateway, the second secure border gateway performs a bidirectional check with the subject domain via the secure certificate signature, and establishes a transport layer security TLS link with the first secure border gateway.

In one possible design, the second security border gateway receives session data of the PRINS scenario negotiation from the first security border gateway, the session data including one or more of a shared key, an encryption algorithm, and a protection policy.

In one possible design, the second security border gateway sends a query request message to the first security border gateway, the query request message including the second security border gateway information and a second data type requesting the query. When the second security border gateway meets the query condition, the second security border gateway receives a query success response message, and the query success response message includes query data of the second data type.

In one possible design, the second security border gateway satisfying the query condition includes one or more of: the first security border gateway establishes a transport layer security, TLS, link with a second security border gateway, the first security border gateway permitting querying for the second data type, the second data type having been recorded by the first security border gateway.

In one possible design, the second security border gateway receives a query failure response message when the second security border gateway does not satisfy the query condition.

In one possible design, the second security border gateway receives a data change notification message when the data type to which the second security border gateway has subscribed is a changed data type. The data change notification message comprises one or more of first security border gateway information, a change data type, change content, a first timestamp and a sequence number of the notification message. It can be seen that when the local data of the first security border gateway subscribed by the second security border gateway changes, the second security border gateway notifies the subscribed local data according to the data change, which is beneficial to ensure the data synchronization between the first security border gateway and the second security border gateway.

In one possible design, the second security border gateway records the change content, the first timestamp, and a sequence number of the notification message. When the sequence number of the notification message is not continuous with the sequence number of the notification message recorded by the second security border gateway, the second security border gateway starts timing. When the timer expires and the second security border gateway does not receive a sequence number prior to the sequence number of the notification message, the second security border gateway sends an error response message to the first security border gateway. It can be seen that when the second security border gateway determines that the local data of the subscribed first security border gateway cannot be updated, the second security border gateway notifies the first security border gateway that the local data update has failed, thereby ensuring data synchronization between the first security border gateway and the second security border gateway.

In one possible design, the second security border gateway receives a data check request message that includes the local data and the check data range of the first security border gateway. When the local data of the first security border gateway is inconsistent with the local data of the second security border gateway, the second security border gateway receives a data synchronization request message, the data synchronization request message including one or more of a synchronization data range, a second timestamp, and a sequence number.

In a third aspect, an embodiment of the present application provides a data synchronization apparatus, which includes a transceiver unit. The receiving and sending unit is used for receiving a subscription request message, wherein the subscription request message comprises second security border gateway information and a first data type requesting subscription. The transceiver unit is further configured to send a subscription success response message to the second security border gateway when the first security border gateway allows subscription to the first data type.

In one possible design, the subscription success response message sent by the transceiving unit to the second security border gateway includes data of the first data type.

In one possible design, the transceiver unit is further configured to send a subscription failure response message to the second security border gateway when the first security border gateway does not allow subscription to the first data type.

In one possible design, the data synchronization device further includes a processing unit. The processing unit is used for carrying out bidirectional verification through the security certificate signature and the subject domain, and establishing a transport layer security TLS link between the processing unit and the second security border gateway.

In one possible design, the transceiver unit is further configured to send session data negotiated by the PRINS scenario to the second security border gateway, where the session data includes one or more of a shared key, an encryption algorithm, and a protection policy.

In a possible design, the transceiver unit is further configured to receive a route request message from the network function entity, and the processing unit is further configured to encrypt the route request message with a shared key.

In one possible design, when the first security border gateway communicates with the network function entity, the processing unit is configured to replace an external address in the signaling message with a specified FQDN, and the transceiver unit is configured to send the replaced signaling message to the network function entity.

In one possible design, the transceiving unit is configured to receive a first signaling from the network function entity, and the processing unit is configured to replace the first IP address and the first FQDN in the first signaling with the second IP address and the second FQDN. The processing unit is further used for recording the mapping relation between the first IP address and the second IP address and the mapping relation between the first FQDN and the second FQDN. The receiving and sending unit is further configured to receive a second signaling carrying a second IP address and a second FQDN, and the processing unit is further configured to update the second IP address and the second FQDN to the first IP address and the first FQDN, respectively.

In a possible design, the processing unit is further configured to map the IP address in the first message sent by the first local area network to an address recognizable by the second local area network, and record a mapping relationship between the IP address in the first message and the address recognizable by the second local area network.

In one possible design, the processing unit is further configured to record one or more of second security border gateway information, the first data type, and a callback address of the second security border gateway.

In one possible design, the transceiver unit is further configured to:

receiving a query request message, wherein the query request message comprises second security border gateway information and a second data type requested to be queried;

when the second security border gateway meets the query condition, acquiring query data of a second data type;

and sending a query success response message to the second security border gateway, wherein the query success response message comprises query data.

In one possible design, the transceiver unit is further configured to send a query failure response message to the second security border gateway when the second security border gateway does not satisfy the query condition.

In one possible design, the processing unit is configured to obtain a subscriber information list of the local record when the local data of the first security border gateway changes, the subscriber information list including one or more second security border gateways. When any second safe boundary gateway in the subscriber information list subscribes to the data type of the changed data type, the receiving and sending unit is used for sending a data change notification message to the second safe boundary gateway according to the callback address of the second safe boundary gateway. The data change notification message includes one or more of first security border gateway information, a change data type, change content, a first timestamp, and a sequence number of the notification message.

In one possible design, the processing unit is further configured to stop executing the data change notification procedure when none of the data types subscribed to by all of the second security border gateways in the subscriber information list are change data types.

In one possible design, the transceiver unit is configured to send a data verification request message to a second security border gateway in the locally recorded subscriber information list, where the data verification request message includes the local data and the verification data range of the first security border gateway. When the local data of the first security border gateway is inconsistent with the local data of any second security border gateway in the subscriber information list, the transceiver unit is further configured to send a data synchronization request message to the inconsistent second security border gateway, where the data synchronization request message includes one or more of a synchronization data range, a second timestamp, and a sequence number of the request message.

In a fourth aspect, an embodiment of the present application provides another data synchronization apparatus, where the data synchronization apparatus includes a transceiver unit. The transceiver unit is configured to send a subscription request message to the first security border gateway, where the subscription request message includes the second security border gateway information and a first data type requesting subscription. The transceiving unit is further configured to receive a subscription success response message when the first security border gateway allows subscription to the first data type.

In one possible design, the transceiver unit is further configured to receive a subscription failure response message when the first security border gateway does not allow the subscription to the first data type.

In one possible design, the data synchronization apparatus further includes a processing unit configured to establish a transport layer security TLS link with the first security border gateway by performing a bidirectional verification with the subject domain via the security certificate signature.

In one possible design, the transceiver unit is further configured to receive session data of the PRINS scenario negotiation from the first security border gateway, where the session data includes one or more of a shared key, an encryption algorithm, and a protection policy.

In one possible design, the transceiver unit is further configured to:

sending a query request message to the first security border gateway, wherein the query request message comprises second security border gateway information and a second data type requested to be queried;

and when the second security border gateway meets the query condition, receiving a query success response message, wherein the query success response message comprises query data of the second data type.

In one possible design, the transceiver unit is further configured to receive a query failure response message when the second security border gateway does not satisfy the query condition.

In one possible design, the transceiver unit is further configured to receive a data change notification message when the data type subscribed to by the second security border gateway is a changed data type. The data change notification message comprises one or more of first security border gateway information, a change data type, change content, a first timestamp and a sequence number of the notification message.

In one possible design, the processing unit is further configured to: recording the sequence number of the change content, the first time stamp and the notification message; when the sequence number of the notification message is not continuous with the sequence number of the notification message recorded by the second security border gateway, starting timing. The transceiver unit is further configured to send an error response message to the first security border gateway when the timer expires and the second security border gateway does not receive a sequence number that is previous to the sequence number of the notification message.

In one possible design, the transceiver unit is further configured to:

receiving a data verification request message, wherein the data verification request message comprises local data and a verification data range of a first security border gateway;

when the local data of the first security border gateway is inconsistent with the local data of the second security border gateway, a data synchronization request message is received, the data synchronization request message including one or more of a synchronization data range, a second timestamp, and a sequence number.

In a fifth aspect, embodiments of the present application provide a data synchronization apparatus, where the data synchronization apparatus may be a device or a chip or a circuit disposed in the device. The data synchronization apparatus comprises means and/or modules for performing the data synchronization method provided in the first aspect or the second aspect and any one of the possible designs thereof, so that the beneficial effects of the data synchronization method provided in the first aspect or the second aspect can also be achieved.

In a sixth aspect, embodiments of the present application provide a computer-readable storage medium, which includes a program or instructions, which when executed on a computer, causes the computer to perform the method of the first aspect or the second aspect and any possible implementation manner thereof.

In a seventh aspect, embodiments of the present application provide a computer program or a computer program product, which includes code or instructions, when the code or instructions are run on a computer, cause the computer to execute the method in the first aspect or the second aspect and any possible implementation manner thereof.

In an eighth aspect, an embodiment of the present application provides a chip or a chip system, where the chip or the chip system includes at least one processor and an interface, the interface and the at least one processor are interconnected by a line, and the at least one processor is configured to execute a computer program or instructions to perform the method described in any one of the first aspect or the second aspect and any one of the possible implementation manners thereof.

The interface in the chip may be an input/output interface, a pin, a circuit, or the like.

The system-on-chip in the above aspect may be a system-on-chip (SOC), a baseband chip, and the like, where the baseband chip may include a processor, a channel encoder, a digital signal processor, a modem, an interface module, and the like.

In one possible implementation, the chip or chip system described above in this application further comprises at least one memory having instructions stored therein. The memory may be a storage unit inside the chip, such as a register, a cache, etc., or may be a storage unit of the chip (e.g., a read-only memory, a random access memory, etc.).

In a ninth aspect, the present embodiment further provides a communication system comprising a network function NF and a security border gateway as described above.

In the scheme provided in any of the above aspects, the N32-f context may be an N32-f security context.

In the technical solution of any of the above aspects, the signaling message may be a roaming message.

In the technical solution of any of the above aspects, the signaling message may be a service discovery request or a network slicing request.

In any of the above technical solutions, the network function NF device may be a device in a 5G core network, such as a Session Management Function (SMF), a User Plane Function (UPF), a Policy Control Function (PCF), or an access and mobility management function (AMF).

Drawings

Fig. 1 is a schematic diagram of an international roaming scenario provided in an embodiment of the present application;

fig. 2 is a schematic diagram of a partial network function sinking edge networking of a 5G core network facing an enterprise scene according to an embodiment of the present application;

fig. 3 is a schematic diagram of a co-building shared network according to an embodiment of the present application;

fig. 4 is a schematic diagram of a communication system according to an embodiment of the present application;

fig. 5 is a schematic flowchart of a data synchronization method according to an embodiment of the present application;

fig. 6 is a schematic diagram of a query process according to an embodiment of the present application;

fig. 7 is a schematic diagram of a data modification process according to an embodiment of the present application;

fig. 8 is a schematic diagram of a data verification process according to an embodiment of the present application;

fig. 9 is a schematic diagram of a data aging process according to an embodiment of the present application;

fig. 10 is a schematic diagram of a data synchronization apparatus according to an embodiment of the present application;

fig. 11 is a schematic diagram of a first security border gateway according to an embodiment of the present application;

FIG. 12 is a diagram of another data synchronization apparatus according to an embodiment of the present application;

fig. 13 is a schematic diagram of a second security border gateway according to an embodiment of the present application.

Detailed Description

In the embodiments of the present application, words such as "exemplary" or "for example" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In the embodiments of the present application, the terms "first", "second", and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to implicitly indicate the number of technical features indicated. Thus, a feature defined as "second" or "first" may explicitly or implicitly include one or more of that feature.

It is to be understood that the terminology used in the description of the various described examples herein is for the purpose of describing particular examples only and is not intended to be limiting. As used in the description of the various described examples and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

It should also be understood that, in the embodiments of the present application, the size of the serial number of each process does not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

It should also be understood that determining B from a does not mean determining B from a alone, but may also be determined from a and/or other information.

It will be further understood that the terms "comprises," "comprising," "includes," and/or "including," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

Third generation partnership project (3) ^rd generationnpartnershirject, 3 GPP) defines Security and Edge Protection Proxy (SEPP) or Service Communication Proxy (SCP) as a fifth generation mobile communication core network (5) ^th generationcore,5 GC). The SEPP serves as a protection agent for interfacing between operators, and is used for reducing the threat of a Network Function (NF) entity in the 5GC to a device outside the network when the NF entity cooperates across a network boundary. For example, fig. 1 is a Home Routing (HR) scenario in which a visited Public Land Mobile Network (PLMN) and a home PLMN (hPLMN) implement signaling interface interfacing through SEPP (e.g., through the visited vSEPP and the home hSEPP). The NF entities in the 5GC include, but are not limited to, an access and mobility management function (AMF), a Session Management Function (SMF), a Policy Control Function (PCF), a Network Repository Function (NRF), a Network Slice Selection Function (NSSF), a charging function (CHF), a User Plane Function (UPF), and the like. The HR scenario further includes an internet packet exchange protocol (IPX) entity and a Border Gateway (BG).

Wherein the function of the SEPP/SCP is similar. For example, the SEPP/SCP provides security functions such as reverse proxy, topology hiding, signaling filtering, abnormal message interception, protocol adaptation, access control, encrypted transmission, network Address Translation (NAT), isolation of different priority peers, and flow control. How the SEPP/SCP implements the above-described security functions is described below by two specific network scenarios.

For example, fig. 2 is a schematic diagram of a 5GC enterprise (toB) oriented scenario part NF sink edge networking. Fig. 2 includes an operator network and an enterprise network, and the operator network is divided into a large area 1 (hPLMN) and a large area 2 (vPLMN). The large area 2 includes both H-SCP and L-SCP, which can implement the above-described security capabilities (e.g., reverse proxy NRF/UDM/PCF) for protection against threats from the sink toB private network.

For another example, fig. 3 is a schematic diagram of a co-established shared network. Where operator a shown in fig. 3 does not deploy a wireless network but shares the wireless network with operator B. After the terminal device is accessed through the wireless network of the operator B, the terminal device uses the network of the operator B as a visited network (vPLMN) and uses the network of the operator a as a home network (hPLMN), and the service flow is completed through a roaming flow.

In different service scenes, different state data can be generated on the security boundary protection gateway. For example, table 1 is a table of status data corresponding to different services, and information of usage and application scenario of the status data.

Table 1: state data corresponding to different services, and information table of application scenario and application purpose of state data

Wherein the state data is generated by the designated security border gateway and exists only in the security border gateway that generated the state data. For example, the terminal device completes the topology hiding service flow in a roaming flow from operator B to operator a.

To improve reliability, multiple sets are typically deployed when a network deploys a security border protection gateway. However, the status data is generated by the corresponding SEPP/SCP and is only present in the SEPP/SCP that generated the data.

Normally, an operator deploys a plurality of SEPP/SCPs in the same scene to implement disaster recovery deployment of the system, if one SEPP/SCP fails, other SEPP/SCPs can take over the service of the SEPP/SCP, and it is ensured that the service is not damaged or the number of services/users affected by the failure can be converged quickly until all services are recovered.

Due to the existence of the dynamic data, the SEPP/SCP processing service needs to rely on the dynamic data, if the SEPP/SCP storing the dynamic data fails, the subsequent service using the data fails, so that the service is damaged, and the failure cannot be converged quickly.

In order to solve the above problem, embodiments of the present application provide a data synchronization method, where the data synchronization method may implement state data sharing among multiple SEPP/SCPs, improve disaster tolerance capability and flexible networking capability of a system, and facilitate avoiding related services in a network from being damaged due to a failure of an SEPP/SCP storing state data.

The data synchronization method provided by the embodiment of the present application is applied to the communication system shown in fig. 4, where the communication system includes an NF network function entity, a security border gateway (SEPP/SCP), and the like. The same operator deploys a plurality of SEPP/SCPs at the boundary, and the SEPP/SCPs are disaster recovery devices with each other, as shown in fig. 4. Wherein, the first safety border gateway (or the second safety border gateway) is connected with one or more network function entities, and can transmit the signaling or data in the domain to the device outside the domain. Data synchronization between the first security border gateway and the second security border gateway can be achieved through the functional interface defined in the embodiment of the application. For example, when a second security border gateway requests a subscription to the data of a first security border gateway, the first security border gateway provides the data of the first security border gateway to the second security border gateway through the subscription interface.

Fig. 5 is a schematic flowchart of a data synchronization method according to an embodiment of the present application. The data synchronization method is realized by the interaction between a first security border gateway and a second security border gateway, and comprises the following steps:

501, the second secure border gateway sends a subscription request message to the first secure border gateway, wherein the subscription request message includes the second secure border gateway information and the first data type requesting subscription; correspondingly, the first secure border gateway receives the subscription request message.

Wherein the second security border gateway sends a subscription request message to the first security border gateway when the second security border gateway requests a subscription to the data of the first security border gateway. The subscription request message includes information of the second security border gateway, the first data type requesting subscription, the callback address of the second security border gateway, and the like.

The second security border gateway information includes, but is not limited to, an identification of the second security border gateway, an authentication status of the second security border gateway, interface protocol stack information of the second security border gateway, and the like. The identifier of the second security border gateway is a unique identifier for distinguishing the second security border gateway from other security border gateways, for example, the identifier of the second security border gateway is SEPP 2. The authentication state of the second security border gateway indicates whether the second security border gateway has currently implemented mutual authentication with the first security border gateway. The embodiments of the present application define that the second security border gateway can only start the subscription process (i.e. send a subscription request message to the first security border gateway) after the second security border gateway and the first security border gateway achieve mutual authentication. The authentication process of the second security border gateway and the first security border gateway may refer to the description in the standard protocol TS33.501, for example, secure mutual trust between SEPP/SCP is realized by means of Transport Layer Security (TLS), domain Name System (DNS), network protocol (IP), and the like, which is not described herein again. The interface protocol stack information of the second security border gateway indicates a protocol between SEPPs, for example, a protocol of a functional interface (such as a subscription interface) defined in this embodiment, refer to the description of the 5G service interface protocol, and is not described herein again.

The first data type that the second security border gateway requests to subscribe is used as a subscription condition for the first security border gateway to judge whether the second security border gateway is allowed to subscribe data. For example, the first data type requested to be subscribed by the second security border gateway is the aforementioned state data type (e.g. Telescopic FQDN, N32-f context, etc.) corresponding to the different services, and if the first security border gateway allows to subscribe to the above state data type, it indicates that the first security border gateway allows the second security border gateway to subscribe to the first data type.

The callback address of the second security border gateway indicates an address of a callback interface of the second security border gateway. And the callback interface of the second security border gateway is used for receiving the state data sent by the first security border gateway. For example, when a first security border gateway allows a second security border gateway to subscribe to a first data type, the first security border gateway sends first data corresponding to the first data type to the second security border gateway based on a callback address of the second security border gateway.

Optionally, the first security border gateway and the second security border gateway provided in the embodiment of the present application are logically divided into a state publisher and a state subscriber. For example, where a first security border gateway is a state publisher and a second security border gateway is a state subscriber, the second security border gateway may subscribe to the state data of the first security border gateway. For another example, when the second security border gateway is a state publisher and the first security border gateway is a state subscriber, the first security border gateway may subscribe to the state data of the second security border gateway. That is, the first security border gateway and the second security border gateway may subscribe to status data with each other, and the present embodiment does not limit the logical roles of the first security border gateway and the second security border gateway, that is, the first security border gateway (or the second security border gateway) may be a status publisher or a status subscriber.

Optionally, before the second secure border gateway starts the subscription process, the first secure border gateway and the second secure border gateway establish a TLS secure link. Specifically, the first secure border gateway and the second secure border gateway perform bidirectional verification through a secure certificate signature and a subject domain, and establish a TLS link. The TLS standard process is referred to in the process of establishing the TLS secure link between the first secure border gateway and the second secure border gateway, and is not described herein again.

502, the first secure border gateway sends a subscription success response message to the second secure border gateway when allowing subscription to the first data type; correspondingly, the second security border gateway receives the subscription success response message.

The first security border gateway judges whether to allow the first data type to be subscribed according to a preset subscription rule and the first data type. For example, the preset subscription rules may specify that the first secure border gateway can only send data to the secure border gateway for which the TLS secure link has been established. The preset subscription rules may also specify the first data types allowed to be subscribed, for example, the first data types allowed to be subscribed by the first security border gateway include the four status data types shown in table 1. Specifically, the specific step of the first security border gateway determining whether to allow the second security border gateway to subscribe to the first data type includes:

1) The first security border gateway first determines whether the second security border gateway has established a TLS security link with the first security border gateway.

2) If the first security border gateway has established a TLS security link with the second security border gateway, the first security border gateway then determines whether to allow subscription to the first data type.

For example, a subscription rule preset in the first secure boundary gateway specifies that the first data type allowed for subscription includes an N32-f context. When the first data type to which the second security border gateway requests subscription is an N32-f context, the first security border gateway allows subscription to the N32-f context.

Wherein the subscription success response message sent by the first security border gateway to the second security border gateway is used to indicate to the second security border gateway that subscription to the first data type is allowed. Optionally, the subscription success response message may further include data corresponding to the first data type, that is, the first security border gateway directly sends data allowing subscription to the second security border gateway.

Optionally, when the first security border gateway determines that the second security border gateway is allowed to subscribe to the first data type, the first security border gateway records the second security border gateway information, the first data type, and a callback address of the second security border gateway. The first security border gateway records a callback address of the second security border gateway, and is configured to send a data change notification message to the callback address of the second security border gateway when data corresponding to a first data type local to the first security border gateway (i.e., a first data type subscribed to by the second security border gateway) changes, which is beneficial to ensuring data synchronization between the first security border gateway and the second security border gateway.

Optionally, when the first security border gateway does not allow the subscription to the first data type, or when the first security border gateway and the second security border gateway do not establish the TLS secure link, the first security border gateway sends a subscription failure response message to the second security border gateway. The subscription failure response message is used to indicate a subscription failure to the second secure border gateway. The second security border gateway may choose to attempt to initiate the subscription flow again.

It can be seen that, by executing the above subscription procedure, the first security border gateway and the second security border gateway can implement data sharing and disaster recovery backup between the first security border gateway and the second security border gateway, which is beneficial to improving the disaster recovery capability of the communication system. And a plurality of safety boundary gateways can form pool, which is beneficial to improving the flexible networking capability of the communication system. It can be understood that, in the embodiment of the present application, the SEPPs/SCPs are disaster recovery devices for each other, that is, the SEPPs/SCPs may subscribe to data for each other, for example, the first security border gateway may send a subscription request message to the second security border gateway, and the specific implementation manner is similar to steps 501 and 502, which is not described herein again.

Additional interaction flows between the first and second security border gateways are described in detail below.

In one example, when the data cached locally by the second security border gateway is incomplete, or the second security border gateway needs to retrieve the data after the network system is restarted due to a failure, the second security border gateway may initiate a query procedure to the first security border gateway to retrieve the data to be cached. Fig. 6 is a schematic diagram of a query process according to an embodiment of the present application. When the second safety boundary gateway initiates the inquiry process, the interactive process between the first safety boundary gateway and the second safety boundary gateway comprises the following steps:

601, the second security border gateway sends query request message to the first security border gateway, the query request message includes the second security border gateway information and the second data type requested to query; correspondingly, the first security border gateway receives the query request message.

The second safety border gateway information refers to the description corresponding to the foregoing embodiment, and is not described herein again. The first safe boundary gateway judges whether the second safe boundary gateway completes the initial subscription process or not according to the second safe boundary gateway information. When the second security border gateway has completed the initial subscription procedure, the first security border gateway rechecks the second data type requested for query. The second data type requested by the second security border gateway is used as a query condition for the first security border gateway to check whether the second data type is the data type allowed to be queried by the first security border gateway.

When the second security border gateway meets the query criteria, the first security border gateway obtains query data of the second data type 602.

Wherein the second security border gateway satisfying the query condition comprises one or more of: the first security border gateway establishes a transport layer security, TLS, link with a second security border gateway, the first security border gateway allowing querying for the second data type, the first security border security gateway having recorded the second data type. For example, if the second data type requested by the second security border gateway is Telescopic FQDN and the first security border gateway allows the Telescopic FQDN to be queried, then the first security border gateway allows the second security border gateway to query the second data type. The first security border gateway queries the local data for data corresponding to the second data type (i.e., query data of the second data type).

603, the first security border gateway sends a query success response message to the second security border gateway, wherein the query success response message comprises query data; correspondingly, the second security border gateway receives the query success response message.

Wherein the query success response message sent by the first security border gateway to the second security border gateway is used to indicate to the second security border gateway that the query of the second data type is allowed. And the query success response message carries data corresponding to the second data type.

Optionally, when the second security border gateway does not satisfy the query condition, the first security border gateway sends a query failure response message to the second security border gateway. Wherein the query failure response message is used to indicate a query failure to the second security border gateway. The second security border gateway may choose to attempt to initiate the query flow again.

It can be seen that, by executing the query procedure, the first security border gateway and the second security border gateway can ensure the integrity of the data of the first security border gateway recorded by the second security border gateway, which is beneficial to improving the disaster tolerance capability of the communication system. It can be understood that, in the embodiment of the present application, the SEPPs/SCPs are disaster recovery devices for each other, that is, the SEPPs/SCPs may query data for each other, for example, the first security border gateway may send a query request message to the second security border gateway, and the specific implementation manner is similar to the steps in this implementation manner, and is not described herein again.

In one example, a first security border gateway will periodically monitor local data, and when the local data changes, for example, the first security border gateway adds local data, deletes part of local data, or modifies part of local data, the first security border gateway needs to notify a second security border gateway that has subscribed to the local data of the first security border gateway to update the corresponding data. Fig. 7 is a schematic diagram of a data modification process according to an embodiment of the present application. When the first safe boundary gateway initiates a data change process, the interactive process between the first safe boundary gateway and the second safe boundary gateway comprises the following steps:

701, when the local data of the first security border gateway is changed, the first security border gateway obtains the subscriber information list of the local record.

The subscriber information list includes one or more second security border gateways, that is, a plurality of second security border gateways (status subscribers) in the subscriber information list that include data subscribed to the first security border gateway (status publisher). For example, table 2 is a list of subscriber information recorded locally by a status publisher according to an embodiment of the present application. Table 2 includes the respective identifiers of the plurality of status subscribers, and the data types and callback addresses subscribed by the status subscribers.

Table 2: subscriber information list of local record of state publisher

According to table 2, the first security border gateway may check one by one whether the data type subscribed by the status subscriber is the changed data type of the first security border gateway, so as to determine whether the status subscriber needs to update the data.

702, when the subscribed data type of any second security border gateway in the subscriber information list is a changed data type, the first security border gateway sends a data change notification message to the second security border gateway according to the callback address of the second security border gateway.

For example, when the changed data type of the first security border gateway is an N32-f context, the first security border gateway checks the data types to which the status subscriber has subscribed one by one according to Table 2. Wherein, SEPP _2 and SEPP _3 have both subscribed to the N32-f context of the first security border gateway, then the first security border gateway determines that the data type to which SEPP _2 and SEPP _3 have subscribed is a changed data type, and the first security border gateway sends a data change notification message to SEPP _2/SEPP _3 according to the callback address of SEPP _2/SEPP _ 3.

Wherein the data change notification message includes one or more of first security border gateway information, a change data type, change content, a first timestamp, and a sequence number of the notification message. Wherein the first security border gateway information includes information such as an identifier of the first security border gateway. The changed data type is a data type of the changed local data in the first security border gateway, and it can be understood that the changed data type is one or more of the local data types of the first security border gateway. The change content includes data corresponding to the change data type. For example, when the changed data type of the first security border gateway is an N32-f context, the changed content includes the changed N32-f context of the first security border gateway. The first timestamp is used to record the time at which the first security border gateway sends a data change notification message to the second security border gateway. The notification message has a sequence number that is the sequence number of the data change notification message sent by the first security border gateway to the second security border gateway. Wherein the notification message has a sequence number that is consecutive to a sequence number of a data change notification message sent by the first security border gateway to the second security border gateway a previous time, thereby preventing the second security border gateway from missing data change notification messages or from repeatedly receiving data change notification messages.

Optionally, when all the data types subscribed by the second security border gateways in the subscriber information list are not changed data types, the first security border gateway stops executing the data change notification process. For example, when the changed data type of the first security border gateway is the topology hidden data type, the first security border gateway checks the data types subscribed by the status subscriber one by one according to table 2. And if neither SEPP _2 nor SEPP _3 subscribes to the topology hidden data type of the first security border gateway, the first security border gateway does not initiate a data change notification process.

Correspondingly, after receiving the data change notification message, the second security border gateway acquires information such as the first security border gateway information, the change content, the first timestamp, and the sequence number of the notification message from the data change notification message. First, the second security border gateway determines whether the sequence number of the notification message is consecutive to the sequence number of the data change notification message sent by the first security border gateway to the second security border gateway the previous time. If yes, the second safe boundary gateway updates the locally recorded data according to the change content, and records the first time stamp and the sequence number of the notification message. Otherwise, the second security border gateway starts a timer (e.g., the second security border gateway sets a start timer) when the sequence number of the notification message is not consecutive with the sequence number of the notification message that the second security border gateway has recorded. When the timer expires and the second security border gateway does not receive a sequence number prior to the sequence number of the notification message, the second security border gateway sends an error response message to the first security border gateway.

It can be seen that the first and second security border gateways can ensure the data synchronization of the first and second security border gateways by executing the data change procedure, which is beneficial to improving the disaster tolerance capability of the communication system. It can be understood that, in the embodiment of the present application, the SEPPs/SCPs are disaster recovery devices for each other, that is, the SEPPs/SCPs may execute a data change process for each other, for example, the second security border gateway may send a data change notification message to the first security border gateway, and the specific implementation manner is similar to the steps in this implementation manner, and is not described herein again.

In one example, in order to check whether the data subscribed by the SEPP/SCP are consistent, the status publisher may initiate a data verification process periodically. The following describes the data verification process between the first security border gateway and the second security border gateway in detail. Fig. 8 is a schematic diagram of a data verification process provided in an embodiment of the present application, including the following steps:

801, a first security border gateway sends a data verification request message to a second security border gateway in a locally recorded subscriber information list; correspondingly, the second security border gateway receives the data verification request message.

The first safety boundary gateway sends a data checking request message to a second safety boundary gateway in the subscriber information list at regular time, wherein the data checking request message comprises local data and a checking data range of the first safety boundary gateway. Specifically, the first secure border gateway processes the local data to obtain a Hash (Hash) value of the local data. Wherein one data type corresponds to a Hash value. For example, the Telescopic FQDN data type in the first security boundary gateway corresponds to one Hash value, and the N32-f context data type corresponds to another Hash value, and the Hash values can be checked in segments in a way of a merkel tree. The verification data range is used for indicating the type of the data to be verified and the corresponding data. For example, according to table 2, when the first security border gateway and the second security border gateway (assumed to be SEPP _2 in table 2) perform the data verification process, the verification data range includes the Telescopic FQDN data type and its corresponding data, and the N32-f context data type and its corresponding data. Optionally, the data verification request information further includes information such as first security border gateway information, a second timestamp, and a sequence number of the data verification request message. The first safety border gateway information refers to the description of the foregoing embodiments, and is not described herein again. The second timestamp is the time when the first security border gateway initiated the data verification procedure. The sequence number of the request message is a sequence number of a data check request message sent by the first security border gateway to the second security border gateway.

Correspondingly, the second security border gateway receives the data verification request message, and obtains the Hash value and the verification data range of the local data of the first security border gateway from the data verification request message. And the second safe boundary gateway calculates the Hash value of the local data to be checked according to the check data range. For example, according to table 2, when the second security border gateway (assumed to be SEPP _2 in table 2) performs the data checking procedure with the first security border gateway, the checking data range includes Telescopic FQDN data type and its corresponding data, and N32-f context data type and its corresponding data. The second secure border gateway computes a Hash of the locally recorded Telescopic FQDN and the Hash of the N32-f context and compares the Hash of the local data computed by the second secure border gateway with the Hash of the local data of the first secure border gateway. If the Hash value is the same, the second safe boundary gateway determines that the local data is the same as that of the first safe boundary gateway, otherwise, the local data is different.

Optionally, after completing the data verification, the second security border gateway may send a verification result to the first security border gateway. When the local data of the first security border gateway is the same as the local data of the second security border gateway, the second security border gateway sends a verification result that the verification data are consistent to the first security border gateway. When the local data of the first security border gateway is different from the local data of the second security border gateway, the verification result sent by the second security border gateway to the first security border gateway is that the verification data is inconsistent.

802, when the local data of the first security border gateway is inconsistent with the local data of any second security border gateway in the subscriber information list, the first security border gateway sends a data synchronization request message to the second security border gateway; correspondingly, the second security border gateway receives the data synchronization request message.

When the first safe border gateway determines that the check result is that the check data are inconsistent, the first safe border gateway sends a data synchronization request message to the corresponding second safe border gateway based on the inconsistent check result. Wherein the data synchronization request message comprises one or more of a synchronization data range, a second timestamp, and a sequence number of the request message. The synchronous data range is determined based on the verification result, i.e. the synchronous data range comprises inconsistent local data. For example, when the data corresponding to the Telescopic FQDN data type of the first security border gateway is inconsistent with the data corresponding to the Telescopic FQDN data type of the second security border gateway, the second security border gateway determines that the synchronized data range includes data corresponding to the Telescopic FQDN data type. Optionally, the data synchronization request message further includes local data of the first security border gateway, that is, the first security border gateway may send the currently cached local data to the second security border gateway, which is beneficial for the second security border gateway to update its own local data according to the local data of the first security border gateway, thereby implementing data synchronization.

Optionally, the data verification process further includes the following steps:

803, when the second security border gateway receives the data synchronization request message, the second security border gateway updates the local data.

The second security border gateway sends 804 the synchronization result to the first security border gateway. The synchronization result may include the updated local data of the second security border gateway, so that the first security border gateway determines whether the data synchronization is completed.

It can be seen that, by executing the data verification process, the first security border gateway and the second security border gateway can ensure data synchronization of the first security border gateway and the second security border gateway, which is beneficial to improving the disaster tolerance capability of the communication system. It can be understood that the SEPPs/SCPs in the embodiment of the present application are disaster recovery devices for each other, that is, the SEPPs/SCPs may execute a data verification process for each other, for example, the second security border gateway may send a data verification request message to the first security border gateway to query inconsistent data, and the specific implementation manner is similar to the steps in this implementation manner, and details are not described here again.

In one example, in order to reduce data transmission, each SEPP/SCP can configure a uniform rule for data aging. The aging data is locally carried out in each SEPP/SCP, and data synchronization between the SEPP/SCPs is not carried out. For example, fig. 9 is a schematic diagram of a data aging process provided in an embodiment of the present application, which is described by taking a first security border gateway as an example, and includes the following steps:

1) The first security border gateway starts a data aging timer.

2) The first security border gateway obtains data to be processed, wherein the data to be processed comprises data of different data types in the first security border gateway and system time of the data of different data types.

3) When the system time of the data of one data type is larger than the preset validity period, the first security border gateway deletes the data of the data type.

4) When the system time of the data of one type of data type is less than the preset validity period, the first security border gateway continues to check the data of the next type of data type until the check of the data of all local data types is finished.

It should be noted that the above data aging process is only an example, and the first security border gateway completes the data aging process, and after deleting the aged data, the deleted data will not be synchronized with the security border gateway in the subscriber information list. That is, different security border gateways perform data aging processing respectively, and the deleted aged data will not be subjected to data synchronization.

The embodiment of the application provides a data synchronization method, which specifically comprises a subscription process, a query process, a data change process, a data verification process and the like between SEPP/SCP. The data synchronization method can realize the data sharing among a plurality of SEPP/SCP, and improve the disaster tolerance capability of the system. Moreover, pool can be formed between the SEPP/SCP, and the flexible networking capability of the system is improved. The data synchronization method does not need to build a database, and the data to be synchronized are respectively stored in the SEPP/SCP, namely, the data synchronization method provides a light-weight data synchronization scheme.

The following describes the method flows in the embodiments shown in fig. 5 to 9 in detail when the method flows are applied to different service scenarios.

In an example, the data synchronization method provided by the embodiment of the present application may be applied to a reverse proxy service scenario. For example, the reverse proxy service may be implemented in a roaming scenario, toB private network, co-constructed shared network, as shown in fig. 1 to 3.

The usage scenarios of the reverse proxy service include the following two scenarios:

scene 1: when an NF of an internal network (e.g. a network function such as an NRF or NSSF) needs to interact with an NF of an external PLMN (usually the corresponding NRF or NSSF), the SEPP will construct a TelescopicFQDN of the NF (i.e. a concatenation of the external FQDN and the FQDN of the internal SEPP).

Scene 2: when the internal SEPP receives a message sent from the external network to the internal network, and the message carries the FQDN of the NF of the external network, the SEPP of the internal network will generate a telescopicifqdn for the message.

Taking the SEPP with the first secure border gateway as the internal network as an example, the TelescopicFQDN generating method is as follows: the Telescopic FQDN is generated based on the FQDN of the first security border gateway, and the specific implementation manner refers to the corresponding description in the standard protocol TS23.003, which is not described herein again.

For example, the interaction between the NF of the internal network and the first security border gateway in scenario 1 includes the following steps:

1) The NF of the internal network sends a TelescopicFQDN mapping request message to the first secure border gateway. Wherein the TelescopicFQDN mapping request message includes a query parameter (foreign-FQDN) including the FQDN of the NF in the foreign PLMN.

2) When the first security border gateway successfully constructs a Telescopic FQDN, the first security border gateway sends a 200OK message to the NF of the internal network.

For example, in scenario 2, the message that the first security border gateway receives from the external network to the internal network is an nrf _ NFDiscovery _ Get response HTTP message, which includes the FQDN of the NF of the external network. The first safe border gateway generates a corresponding TelescopicFQDN for the FQDN of the NF of the external network, rewrites the original FQDN with the amplified FQDN and sends a modified Discovery response message to the NRF. It should be noted that other examples of messages sent from the external network to the internal network are listed in the standard protocol TS33.501, and are not described herein.

In one implementation, when the first security border gateway generates a telescomicfqdn, for scenario 1, the first security border gateway replaces an internal address in a signaling message sent to the outside by an NF of the internal network with a specified fully qualified domain name (that is, the telescomicfqdn), and sends the replaced signaling message to an SEPP of the external network. For scenario 2, when the first secure border gateway communicates with the NF of the internal network, the first secure border gateway replaces the external address in the signaling message with a tesscopicfqdn, and sends the replaced signaling message to the NF of the internal network.

In one implementation, when the first secure border gateway allows subscription to the Telescopic FQDN in the reverse proxy service usage scenario, the second secure border gateway may subscribe to the Telescopic FQDN data type of the first secure border gateway through the subscription procedure as shown in fig. 5.

In one implementation, when the Telescopic FQDN data in the local data of the second security border gateway is incomplete, the second security border gateway may obtain the Telescopic FQDN data of the first security border gateway through the query process as shown in fig. 6.

In one implementation, when the Telescopic FQDN data in the local data of the first security border gateway changes, the first security border gateway may notify the second security border gateway to update the Telescopic FQDN data through a data change procedure as shown in fig. 7.

In one implementation, when the first security border gateway needs to check the Telescopic FQDN data, the first security border gateway may check, through the data check process shown in fig. 8, whether the Telescopic FQDN data local to the first security border gateway is consistent with the Telescopic FQDN data local to the second security border gateway.

It can be understood that the specific implementation manners of the various flows above refer to the descriptions in the corresponding embodiments, and are not described herein again. Therefore, the data synchronization method provided by the embodiment of the application can be applied to a reverse proxy service use scene, is beneficial to realizing data synchronization between SEPP of an internal network, and improves the disaster tolerance capability of a system.

In an example, the data synchronization method provided by the embodiment of the present application may be applied to a PRINS service scenario. For example, the PRINS service may be implemented in a roaming scenario as shown in fig. 1. Wherein, the SEPP of the internal network and the SEPP of the external network are interacted by adopting PRINS. For example, when the SEPPs of the internal network and the external network are interfaced in a forwarding mode, the SEPPs of the internal network and the SEPPs of the external network create a pair of directly connected TLS links (tunnels) N32-c, complete mutual authentication by means of the TLS mechanism, and derive a shared key based on the TLS links. The SEPP of the internal network and the SEPP of the external network complete an N32-c handshake process through a TLS link, negotiate a PRINS context, and perform signaling interaction according to the context of an N32 forwarding interface (N32-f) after negotiation is completed.

In this example, taking the SEPPs of the internal network as an example, when the first security border gateway and the second security border gateway complete negotiation with the SEPP of the external network, the first security border gateway locally records the negotiated session data. The session data includes one or more of a shared key, encryption algorithm, and protection policy, which are used for packing and unpacking the PRINS message. For example, a first security border gateway receives a route request message from an NF of the internal network and encrypts the route request message with a shared key. And after the encryption is finished, the first safe border gateway sends the encrypted routing request message to the NF corresponding to the external network.

In one implementation, when a first security border gateway allows subscription to session data negotiated by a PRINS scenario, the first security border gateway sends the session data negotiated by an N32 docking security protocol PRINS scenario to a second security border gateway. Specifically, the second security border gateway may subscribe to the session data type negotiated by the PRINS scenario of the first security border gateway through the subscription procedure shown in fig. 5.

In one implementation, when the session data negotiated by the PRINS scene in the local data of the second security border gateway is incomplete, the second security border gateway may obtain the session data negotiated by the PRINS scene of the first security border gateway through the query process shown in fig. 6.

In one implementation, when session data negotiated by a PRINS scene in local data of a first security border gateway changes, the first security border gateway may notify a second security border gateway to update the session data negotiated by the PRINS scene through a data change procedure as shown in fig. 7.

In one implementation, when the first security border gateway needs to check the session data negotiated by the PRINS scenario, the first security border gateway may check, through a data check process as shown in fig. 8, whether the session data negotiated by the PRINS scenario local to the first security border gateway is consistent with the session data negotiated by the PRINS scenario local to the second security border gateway.

It can be understood that the specific implementation manners of the various flows above refer to the descriptions in the corresponding embodiments, and are not described herein again. Therefore, the data synchronization method provided by the embodiment of the application can be applied to the PRINS scene, is beneficial to realizing the data synchronization between the SEPPs of the internal network, and improves the disaster tolerance capability of the system.

In an example, the data synchronization method provided by the embodiment of the present application may be applied to a topology hidden service scenario. For example, the topology hiding service may be implemented in a roaming scenario, a toB private network, or a co-established shared network as shown in fig. 1 to fig. 3. The topology hidden service scenario described in this example is as follows: the SEPP of the internal network hides the topological structure of the internal network and replaces NF address information in a signaling message sent by the internal network to an external network with false address information. The SEPP of the internal network needs to record the mapping relationship between the fake address information and the original NF address information. When the SEPP of the internal network receives the signaling message which is sent by the external network to the internal network and uses the false address information, the false address information can be restored to the original NF address information.

In one implementation, when the first security border gateway is an SEPP of an internal network, signaling interaction between the first security border gateway and a network function entity of the internal network includes the following steps:

1) The first security border gateway receives first signaling from the network function entity and replaces the first IP address and the first FQDN in the first signaling with the second IP address and the second FQDN. The first IP address and the first FQDN are original NF address information, and the second IP address and the second FQDN are false address information.

2) The first safe boundary gateway records the mapping relation between the first IP address and the second IP address and the mapping relation between the first FQDN and the second FQDN.

3) And the first safety border gateway receives a second signaling carrying a second IP address and a second FQDN, and respectively replaces the second IP address and the second FQDN with the first IP address and the first FQDN.

It can be understood that the IP address and FQDN hidden in the topology hiding service scenario are only the IP address and FQDN carried in the hidden signaling message. The IP address and FQDN carried in the signaling message may be considered an identity and do not necessarily represent an addressable IP address.

In one implementation, when a first security border gateway allows subscription to a topology hiding mapping relationship data type, a second security border gateway may subscribe to the topology hiding mapping relationship data of the first security border gateway through a subscription procedure as shown in fig. 5.

In one implementation, when the topology hidden mapping relationship data in the local data of the second security border gateway is incomplete, the second security border gateway may obtain the topology hidden mapping relationship data of the first security border gateway through the query process shown in fig. 6.

In one implementation, when the topology hidden mapping relationship data in the local data of the first security border gateway changes, the first security border gateway may notify the second security border gateway to update the topology hidden mapping relationship data through a data change process as shown in fig. 7.

In one implementation, when the first security border gateway needs to check the topology hiding mapping relationship data, the first security border gateway may check whether the local topology hiding mapping relationship data of the first security border gateway is consistent with the local topology hiding mapping relationship data of the second security border gateway through a data checking process as shown in fig. 8.

It can be understood that the specific implementation manners of the above various flows respectively refer to the descriptions in the corresponding embodiments, and are not described herein again. Therefore, the data synchronization method provided by the embodiment of the application can be applied to a topology hidden service scene, is beneficial to realizing data synchronization between SEPP of an internal network, and improves the disaster tolerance capability of a system.

In an example, the data synchronization method provided in the embodiment of the present application may be applied to a NAT conversion service scenario. For example, the NAT translation service may be implemented in a roaming scenario, a toB private network, or a co-established shared network as shown in fig. 1 to fig. 3. Among them, NAT translation is divided into the following three cases:

the first condition is as follows: static NAT translation, that is, a plurality of external IP addresses are configured on a security boundary gateway, and an internal address of a device in an internal network, which needs to communicate with the outside, is bound to a certain external IP address.

Case two: dynamic NAT (network address translation), namely configuring a plurality of external IP addresses on a security boundary gateway, binding a certain internal IP address in an internal network to a certain external IP address when the certain internal IP address needs to communicate with the outside, and immediately releasing the address when the certain internal IP address is used up.

Case three: and port mapping, namely dynamically mapping a certain IP address + port identification in the internal network to a certain IP address + port identification of the security border gateway. One external IP address can be used for binding a plurality of internal IP addresses and is distinguished through different port identifiers.

In one implementation, taking the SEPP in which the first security border gateway is an internal network as an example, when the first security border gateway converts an internal address in the internal network into an external address, the following steps are performed:

1) The first security border gateway maps the IP address in the first message sent by the first local area network to an address recognizable by the second local area network. The first local area network is an internal network, and the second local area network is an external network. When the first local area network sends the first message to the second local area network, the first security border gateway adopts NAT conversion (NAT conversion in the above three cases can be used), and converts the internal IP address into an external IP address, namely an address which can be identified by the second local area network.

2) The first security border gateway records a mapping relationship between the IP address in the first message and an address recognizable by the second local area network.

In one implementation, when the first security border gateway allows subscription to the mapping relationship data type between the internal IP address and the external IP address in the NAT translation scenario, the second security border gateway may subscribe to the mapping relationship data type between the internal IP address and the external IP address of the first security border gateway through the subscription procedure shown in fig. 5.

In one implementation, when the mapping relationship data between the internal IP address and the external IP address in the local data of the second security border gateway is incomplete, the second security border gateway may obtain the mapping relationship data between the internal IP address and the external IP address of the first security border gateway through the query process as shown in fig. 6.

In one implementation, when the mapping relationship data between the internal IP address and the external IP address in the local data of the first security border gateway changes, the first security border gateway may notify the second security border gateway to update the mapping relationship data between the internal IP address and the external IP address through a data change process as shown in fig. 7.

In one implementation, when the first security border gateway needs to check the mapping relationship data between the internal IP address and the external IP address, the first security border gateway may check whether the mapping relationship data between the local internal IP address and the external IP address of the first security border gateway is consistent with the mapping relationship data between the local internal IP address and the external IP address of the second security border gateway through a data checking process as shown in fig. 8.

It can be understood that the specific implementation manners of the above various flows respectively refer to the descriptions in the corresponding embodiments, and are not described herein again. Therefore, the data synchronization method provided by the embodiment of the application can be applied to the NAT conversion scene, is beneficial to realizing the data synchronization between the SEPPs of the internal network, and improves the disaster tolerance capability of the system.

The data synchronization method according to the embodiment of the present application is described in detail above with reference to fig. 1 to 9. The following describes the data synchronization apparatus and the related devices in detail with reference to fig. 10 to fig. 13. It should be understood that the data synchronization apparatus and associated devices shown in fig. 10-13 are capable of implementing one or more steps of the method flows shown in fig. 1-9. To avoid repetition, detailed description is omitted.

Fig. 10 is a schematic diagram of a data synchronization apparatus according to an embodiment of the present application. The data synchronization apparatus shown in fig. 10 is used to implement the method performed by the first security border gateway in the embodiments shown in fig. 5 to 9. The data synchronization apparatus includes a transceiving unit 1001. The transceiving unit 1001 is configured to receive a subscription request message, where the subscription request message includes second security border gateway information and a first data type requesting subscription. The transceiving unit 1001 is further configured to send a subscription success response message to the second security border gateway when the first security border gateway allows the subscription to the first data type.

In one implementation, the subscription success response message sent by the transceiving unit 1001 includes data of the first data type.

In one implementation, the transceiving unit 1001 is configured to send a subscription failure response message to the second security border gateway when the first security border gateway does not allow the subscription to the first data type.

In one implementation, the data synchronization apparatus further includes a processing unit 1002. The processing unit 1002 is configured to perform bidirectional verification through the security certificate signature and the subject domain, and establish a transport layer security TLS link with the second security border gateway.

In one implementation, the transceiving unit 1001 is further configured to send session data negotiated by the PRINS scenario to the second security border gateway, where the session data includes one or more of a shared key, an encryption algorithm, and a protection policy.

In one implementation, the transceiving unit 1001 is further configured to receive a routing request message from a network function entity, and the processing unit 1002 is further configured to encrypt the routing request message with a shared key.

In one implementation, when the first security border gateway communicates with the network function entity, the processing unit 1002 is configured to replace an external address in the signaling message with a specified FQDN, and the transceiving unit 1001 is configured to send the replaced signaling message to the network function entity.

In one implementation, the transceiving unit 1001 is configured to receive a first signaling from a network function entity, and the processing unit 1002 is configured to replace a first IP address and a first FQDN in the first signaling with a second IP address and a second FQDN. The processing unit 1002 is further configured to record a mapping relationship between the first IP address and the second IP address, and a mapping relationship between the first FQDN and the second FQDN. The transceiving unit 1001 is further configured to receive a second signaling carrying a second IP address and a second FQDN, and the processing unit 1002 is further configured to update the second IP address and the second FQDN to the first IP address and the first FQDN, respectively.

In one implementation, the processing unit 1002 is further configured to map the IP address in the first message sent by the first local area network to an address recognizable by the second local area network, and record a mapping relationship between the IP address in the first message and the address recognizable by the second local area network.

In one implementation, processing unit 1002 is further configured to record one or more of second security border gateway information, the first data type, and a callback address of the second security border gateway.

In one implementation, the transceiving unit 1001 is further configured to:

In one implementation, the second security border gateway satisfying the query condition comprises: the second security border gateway has performed a subscription procedure or the first security border gateway allows querying of the second data type.

In one implementation, when the second security border gateway does not perform the subscription procedure or the first security border gateway does not allow querying the second data type, the transceiving unit 1001 is configured to send a query failure response message to the second security border gateway.

In one implementation, when the local data of the first security border gateway changes, the processing unit 1002 is configured to obtain a locally recorded subscriber information list, where the subscriber information list includes one or more second security border gateways. When any second security border gateway in the subscriber information list subscribes to a data type of a changed data type, the transceiver 1001 is configured to send a data change notification message to the second security border gateway according to the callback address of the second security border gateway. The data change notification message includes one or more of first security border gateway information, a change data type, change content, a first timestamp, and a sequence number of the notification message.

In one implementation, when all the data types subscribed by the second security border gateway in the subscriber information list are not changed data types, the processing unit 1002 is configured to stop performing the data change notification procedure.

In one implementation, the transceiving unit 1001 is configured to send a data check request message to a second security border gateway in a locally recorded subscriber information list, where the data check request message includes local data of the first security border gateway and a check data range. When the local data of the first security border gateway is inconsistent with the local data of any second security border gateway in the subscriber information list, the transceiving unit 1001 is further configured to send a data synchronization request message to the inconsistent second security border gateway, where the data synchronization request message includes one or more of a synchronization data range, a second timestamp, and a sequence number of the request message.

In one implementation, the relevant functions implemented by the various elements in fig. 10 may be implemented by a transceiver and a processor. Fig. 11 is a schematic diagram of a first security border gateway according to an embodiment of the present application. The first security border gateway may be a device (e.g., a chip) capable of performing the data synchronization method provided by the embodiments of the present application. The first security border gateway may include, among other things, a transceiver 1101, at least one processor 1102, and a memory 1103. The transceiver 1101, the processor 1102 and the memory 1103 may be connected to each other via one or more communication buses, or may be connected via other means.

The transceiver 1101 may be used for transmitting data or receiving data, among other things. It is to be understood that the transceiver 1101 is a generic term and may include both a receiver and a transmitter.

Processor 1102 may be configured to process data for a first security border gateway, among other things. The processor 1102 may include one or more processors, for example, the processor 1102 may be one or more Central Processing Units (CPUs), network Processors (NPs), hardware chips, or any combination thereof. In the case where the processor 1102 is one CPU, the CPU may be a single core CPU or a multi-core CPU.

The memory 1103 is used for storing program codes and the like. The memory 1103 may include a volatile memory (volatile memory), such as a Random Access Memory (RAM); the memory 1103 may also include a non-volatile memory (non-volatile memory), such as a read-only memory (ROM), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD); the memory 1103 may also comprise a combination of memories of the kind described above.

The processor 1102 and the memory 1103 may be coupled via an interface, or may be integrated together, which is not limited in this embodiment.

The transceiver 1101 and the processor 1102 may be configured to execute the data synchronization method provided in the embodiment of the present application, and the specific implementation manner is as follows:

the transceiver 1101 is configured to receive a subscription request message, the subscription request message including the second security border gateway information and the first data type requesting subscription. Transceiver 1101 is further configured to send a subscribe successful response message to the second security border gateway when the first security border gateway allows subscription to the first data type.

For other implementation manners, reference is made to corresponding descriptions in the embodiment of fig. 10, and details are not repeated here. It can be understood that, the foregoing method embodiments may be cited in the data synchronization apparatus and the first security boundary gateway shown in fig. 10 and fig. 11, and the beneficial effects that can be achieved refer to the corresponding descriptions in the foregoing method embodiments, which are not described herein again.

Fig. 12 is a schematic diagram of another data synchronization apparatus according to an embodiment of the present application. The data synchronization apparatus shown in fig. 12 is used to implement the method performed by the second security border gateway in the embodiments of fig. 5 to 9. The data synchronization apparatus includes a transceiving unit 1201. The transceiving unit 1201 is configured to send a subscription request message to the first security border gateway, where the subscription request message includes the second security border gateway information and the first data type requesting subscription. The transceiving unit 1201 is further configured to receive a subscription success response message when the first security border gateway allows the subscription to the first data type.

In one implementation, the subscription success response message includes data of the first data type.

In one implementation, the transceiving unit 1201 is further configured to receive a subscription failure response message when the first security border gateway does not allow the subscription to the first data type.

In one implementation, the data synchronization apparatus further includes a processing unit 1202, and the processing unit 1202 is configured to establish a transport layer security, TLS, link with the first security border gateway by performing a bidirectional check with the security certificate signature and the subject domain.

In one implementation, the transceiving unit 1201 is configured to receive session data of a PRINS scenario negotiation from a first security border gateway, where the session data includes one or more of a shared key, an encryption algorithm, and a protection policy.

In one implementation, the transceiving unit 1201 is further configured to:

In one implementation, when the second security border gateway does not perform the subscription procedure or the first security border gateway does not allow querying the second data type, the transceiving unit 1201 is further configured to receive a query failure response message.

In one implementation, when the data type subscribed by the second security border gateway is a changed data type, the transceiving unit 1201 is further configured to receive a data change notification message. Wherein the data change notification message includes one or more of first security border gateway information, a change data type, change content, a first timestamp, and a sequence number of the notification message.

In one implementation, the processing unit 1202 is further configured to: recording the change content, the first timestamp and the sequence number of the notification message; when the sequence number of the notification message is not continuous with the sequence number of the notification message recorded by the second security border gateway, starting timing. The transceiving unit 1201 is further configured to send an error response message to the first security border gateway when the timer expires and the second security border gateway does not receive a sequence number previous to the sequence number of the notification message.

In one implementation, the transceiving unit 1201 is further configured to:

In one implementation, the relevant functions implemented by the various elements in fig. 12 may be implemented by a transceiver and a processor. Fig. 13 is a schematic diagram of a second security border gateway according to an embodiment of the present application. The second secure border gateway may be a device (e.g., a chip) capable of performing the data synchronization method in the above-described embodiments. The second security border gateway may include a transceiver 1301, at least one processor 1302, and a memory 1303. The transceiver 1301, the processor 1302, and the memory 1303 may be connected to each other through one or more communication buses, or may be connected in other manners.

The transceiver 1301 may be used to transmit data or receive data, among other things. It is to be understood that the transceiver 1301 is generic and may include a receiver and a transmitter.

Processor 1302 may be configured to process data of a second security border gateway, among other things. The processor 1302 may include one or more processors, for example, the processor 1302 may be one or more CPUs, NPs, hardware chips, or any combination thereof. In the case where the processor 1302 is a CPU, the CPU may be a single-core CPU or a multi-core CPU.

The memory 1303 stores program codes and the like. The memory 1303 may include volatile memory, such as RAM. The memory 1303 may also include a nonvolatile memory such as a ROM, a flash memory, an HDD, or an SSD. The memory 1303 may also comprise a combination of memories of the above-mentioned kinds.

The processor 1302 and the memory 1303 may be coupled via an interface, or may be integrated together, which is not limited in this embodiment.

The transceiver 1301 and the processor 1302 may be configured to execute the data synchronization method in the embodiments shown in fig. 5 to fig. 9, and the specific implementation manner is as follows:

transceiver 1301 is configured to send a subscription request message to the first security border gateway, the subscription request message including the second security border gateway information and the first data type requesting subscription. Transceiver 1301 is further for receiving a subscription success response message when the first security border gateway allows subscription to the first data type.

For other implementation manners, reference is made to corresponding descriptions in the embodiment of fig. 12, which are not described herein again. It can be understood that, the foregoing method embodiments may be cited in the data synchronization apparatus and the second security boundary gateway shown in fig. 12 and fig. 13, and the beneficial effects that can be achieved refer to the corresponding descriptions in the foregoing method embodiments, which are not described herein again.

An embodiment of the present application provides a communication system, which includes the first security border gateway, the second security border gateway, and the network function entity described in the foregoing embodiment.

Embodiments of the present application provide a computer-readable storage medium storing a program or instructions, which when executed on a computer, cause the computer to perform a data synchronization method in an embodiment of the present application.

The embodiment of the present application provides a chip or a chip system, where the chip or the chip system includes at least one processor and an interface, the interface and the at least one processor are interconnected through a line, and the at least one processor is used to run a computer program or an instruction to perform the data synchronization method in the embodiment of the present application.

The interface in the chip may be an input or output interface, a pin or a circuit, etc.

The system-on-chip in the above aspect may be a system-on-chip (SOC), or a baseband chip, and the like, where the baseband chip may include a processor, a channel encoder, a digital signal processor, a modem, an interface module, and the like.

In one implementation, the chip or chip system described above in this application further includes at least one memory having instructions stored therein. The memory may be a storage unit inside the chip, such as a register, a cache, etc., or may be a storage unit of the chip (e.g., a read-only memory, a random access memory, etc.).

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). Computer-readable storage media can be any available media that can be accessed by a computer or a data storage device, such as a server, data center, etc., that includes one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a Digital Video Disk (DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), among others.

Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method of data synchronization, comprising:

a first security border gateway receives a subscription request message, wherein the subscription request message comprises second security border gateway information and a first data type requesting subscription;

and when the first security border gateway allows the subscription of the first data type, the first security border gateway sends a subscription success response message to the second security border gateway.

2. The method of claim 1, wherein prior to the first secure border gateway receiving a subscription request message, the method further comprises:

the first security border gateway establishes a transport layer security, TLS, link with the second security border gateway.

3. The method according to claim 1 or 2, characterized in that the method further comprises:

and the first safety boundary gateway sends session data negotiated by a PRINS scene of an N32 butt joint safety protocol to the second safety boundary gateway, wherein the session data comprises one or more of a shared secret key, an encryption algorithm and a protection strategy.

4. The method of claim 3, further comprising:

and the first security border gateway receives a routing request message from a network function entity and encrypts the routing request message by adopting the shared key.

5. The method according to claim 1 or 2, characterized in that the method further comprises:

when the first safe border gateway communicates with the network function entity, the external address in the signaling message is replaced by adopting the specified fully-defined domain name FQDN, and the replaced signaling message is sent to the network function entity.

6. The method according to claim 1 or 2, characterized in that the method further comprises:

the first safety border gateway receives a first signaling from a network function entity, and replaces a first IP address and a first FQDN in the first signaling with a second IP address and a second FQDN;

the first safety boundary gateway records the mapping relation between the first IP address and the second IP address and the mapping relation between the first FQDN and the second FQDN;

and the first safety border gateway receives a second signaling carrying the second IP address and the second FQDN and updates the second IP address and the second FQDN into the first IP address and the first FQDN respectively.

7. The method according to claim 1 or 2, characterized in that the method further comprises:

the first safety boundary gateway maps the IP address in the first message sent by the first local area network into an address which can be identified by the second local area network;

and the first safety boundary gateway records the mapping relation between the IP address in the first message and the address which can be identified by the second local area network.

8. The method of claim 1, further comprising:

the first security border gateway records one or more of the second security border gateway information, the first data type, and a callback address of the second security border gateway.

9. The method of claim 1, further comprising:

the first security border gateway receiving a query request message, the query request message including the second security border gateway information and a second data type requesting a query;

when the second security border gateway meets the query condition, the first security border gateway obtains query data of the second data type;

the first security border gateway sends a query success response message to the second security border gateway, the query success response message including the query data.

10. The method of claim 9, wherein the second security border gateway satisfying the query condition comprises one or more of: the first security border gateway establishing a transport layer security, TLS, link with the second security border gateway, the first security border gateway allowing querying for the second data type, the first security border security gateway having recorded the second data type.

11. The method of claim 9 or 10, wherein after the first security border gateway receives the query request message, the method further comprises:

when the second security border gateway does not satisfy the query condition, the first security border gateway sends a query failure response message to the second security border gateway.

12. The method of claim 1 or 8, further comprising:

when the local data of the first safety boundary gateway is changed, the first safety boundary gateway acquires a locally recorded subscriber information list, wherein the subscriber information list comprises one or more second safety boundary gateways;

when the data type subscribed by any second security border gateway in the subscriber information list is a changed data type, the first security border gateway sends a data change notification message to the any second security border gateway according to the callback address of the any second security border gateway, where the data change notification message includes one or more of the information of the first security border gateway, the changed data type, the changed content, the first timestamp, and a sequence number of the notification message.

13. The method of claim 12, wherein after the first secure border gateway obtains the locally recorded list of subscriber information, the method further comprises:

and when the data types subscribed by all the second security border gateways in the subscriber information list are not changed data types, the first security border gateway stops executing the data change notification process.

14. The method of claim 1 or 8, further comprising:

the first safety boundary gateway sends a data verification request message to a second safety boundary gateway in a subscriber information list recorded locally, wherein the data verification request message comprises local data and a verification data range of the first safety boundary gateway;

when the local data of the first security border gateway is inconsistent with the local data of any second security border gateway in the subscriber information list, the first security border gateway sends a data synchronization request message to the inconsistent second security border gateway, wherein the data synchronization request message comprises one or more of a synchronization data range, a second timestamp and a sequence number of the request message.

15. A method of data synchronization, comprising:

a second safety boundary gateway sends a subscription request message to a first safety boundary gateway, wherein the subscription request message comprises second safety boundary gateway information and a first data type requesting subscription;

when the first security border gateway allows subscription to the first data type, the second security border gateway receives a subscription success response message.

16. The method of claim 15, wherein before the second security border gateway sends the subscription request message to the first security border gateway, the method further comprises:

the second security border gateway establishes a transport layer security, TLS, link with the first security border gateway.

17. The method according to claim 15 or 16, characterized in that the method further comprises:

the second security border gateway receives session data negotiated by the N32 docking security protocol PRINS scenario from the first security border gateway, the session data including one or more of a shared key, an encryption algorithm, and a protection policy.

18. The method of claim 15, further comprising:

the second security border gateway sending a query request message to the first security border gateway, the query request message including the second security border gateway information and a second data type requesting a query;

and when the second security border gateway meets the query condition, the second security border gateway receives a query success response message, wherein the query success response message comprises the query data of the second data type.

19. The method of claim 18, wherein the second security border gateway satisfying the query condition comprises one or more of: the first security border gateway establishing a transport layer security, TLS, link with the second security border gateway, the first security border gateway allowing querying for the second data type, the first security border security gateway having recorded the second data type.

20. The method of claim 18 or 19, wherein after the second security border gateway sends a query request message to the first security border gateway, the method further comprises:

and when the second security border gateway does not meet the query condition, the second security border gateway receives a query failure response message.

21. The method of claim 15, further comprising:

when the data type subscribed by the second security border gateway is a changed data type, the second security border gateway receives a data change notification message, where the data change notification message includes one or more of the first security border gateway information, the changed data type, a changed content, a first timestamp, and a sequence number of the notification message.

22. The method of claim 21, further comprising:

the second security border gateway records the change content, the first timestamp and the sequence number of the notification message;

when the sequence number of the notification message is not continuous with the sequence number of the notification message recorded by the second security border gateway, the second security border gateway starts timing;

when the timing is timed out and the second security border gateway does not receive a sequence number preceding the sequence number of the notification message, the second security border gateway sends an error response message to the first security border gateway.

23. The method of claim 15, further comprising:

receiving, by the second security border gateway, a data verification request message including the local data and a verification data range of the first security border gateway;

when the local data of the first security border gateway is inconsistent with the local data of the second security border gateway, the second security border gateway receives a data synchronization request message including one or more of a synchronization data range, a second timestamp, and a sequence number.

24. A data synchronization apparatus comprising a memory and a processor;

the memory to store instructions;

the processor configured to execute the instructions such that the method of any one of claims 1 to 14 or 15 to 23 is performed.

25. A computer-readable storage medium, comprising a program or instructions for performing the method of any one of claims 1 to 14 or 15 to 23 when the program or instructions are run on a computer.