CN115996380B - Method and equipment for flexibly controlling network - Google Patents
Method and equipment for flexibly controlling network Download PDFInfo
- Publication number
- CN115996380B CN115996380B CN202310279550.0A CN202310279550A CN115996380B CN 115996380 B CN115996380 B CN 115996380B CN 202310279550 A CN202310279550 A CN 202310279550A CN 115996380 B CN115996380 B CN 115996380B
- Authority
- CN
- China
- Prior art keywords
- terminal
- access
- network
- authentication
- condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The application discloses a method for network flexible control, which comprises the following steps: the first network element receives a session establishment request message sent by the terminal and sends an authentication request message to the flexible management and control system; the flexible management and control system performs internet surfing authentication on the terminal to obtain an authentication result, and different network access authorities corresponding to the terminal are realized based on different authentication results; after the terminal realizes network access, the flexible control system monitors the change information of the access condition of the terminal in real time, and generates a disconnection request message and sends the disconnection request message to a first network element under the condition that the access condition of the terminal is monitored to be changed for the first time; the first network element receives a request for disconnecting the terminal from the network; the terminal resends the session establishment request message to the first network element to re-complete the authentication process and to realize the change of the access network authority of the terminal. The method and the device can avoid the problems of high electricity consumption and low success rate of session establishment caused by heavy dialing of the terminal frequency, and can ensure the access safety control of the 5G private network.
Description
Technical Field
The application belongs to the technical field of communication, and particularly relates to a method and equipment for flexibly controlling a network.
Background
When the terminal information does not meet the Access condition checked by DN-AAA (namely, data network AAA server), DN-AAA directly responds to Access-Reject message, so that the terminal can not create session connection.
When the terminal fails to be online, the online request is automatically restarted, and the access is refused again by DN-AAA, and the cycle is performed, so that a large number of terminals of the Internet of things are involved in the 4G or 5G private network, which are usually powered by a storage battery, and the terminal can cause the power consumption to be too fast when continuously attempting to be online; and, the success rate of session establishment is one of important indicators of the network quality of the operator, and the terminal continuously tries to be online and cannot successfully establish the session, so that the success rate of session establishment of the operator is reduced.
In order to solve the problems, the application provides a method and equipment for flexibly controlling a network.
Disclosure of Invention
In order to solve the defects of the prior art, the application provides a network flexible control method, which manages network access of a terminal in a flexible access control and flexible online control mode, solves the problems of heavy terminal frequency dialing, excessively high electric quantity consumption, low session establishment success rate and the like caused by hard control (DN-AAA) direct response authentication failure information, and further realizes the effects of avoiding the problems of high electric quantity consumption and low session establishment success rate caused by heavy terminal frequency dialing, and can ensure the access safety control effect of a 5G private network.
The technical effect to be achieved by the application is realized through the following scheme:
in a first aspect, an embodiment of the present application provides a method for network flexible control, including:
the first network element receives a session establishment request message sent by the terminal and sends an authentication request message to the flexible management and control system;
the flexible management and control system receives the authentication request message, performs internet surfing authentication on the terminal, obtains an authentication result, and realizes different network access authorities corresponding to the terminal based on different authentication results;
after the terminal realizes network access, the flexible control system monitors the change information of the access condition of the terminal in real time, and generates a disconnection request message and sends the disconnection request message to the first network element under the condition that the access condition of the terminal is monitored to be changed for the first time;
the first network element receives the disconnection request message and disconnects the terminal from the network;
and after the terminal disconnects the network connection, resending the session establishment request message to the first network element so as to finish the authentication process again and realize the change of the access network authority of the terminal.
In some embodiments, the method further comprises:
and configuring a first IP resource pool and a second IP resource pool, wherein the first IP resource pool is communicated with an enterprise intranet, and the second IP resource pool is not communicated with the enterprise intranet.
In some embodiments, the implementing, based on the difference of the authentication result, different network access rights corresponding to the terminal includes:
under the condition that the authentication result confirms that the terminal is a legal terminal and the access condition of the terminal is a legal condition, the flexible management and control system authenticates that the terminal passes authentication and sends a response message of successful authentication to the first network element, wherein the response message carries IP information of a first IP resource pool;
under the condition that the authentication result confirms that the terminal is a legal terminal and the access condition of the terminal is illegal, the flexible management and control system authenticates that the terminal fails authentication and sends a response message of successful authentication to the first network element, wherein the response message carries IP information of a second IP resource pool;
and under the condition that the authentication result confirms that the terminal is an illegal terminal, the flexible management and control system authenticates that the terminal fails authentication and sends a response message of successful authentication to the first network element, wherein the response message carries IP information of a second IP resource pool.
In some embodiments, the access condition includes at least one of:
an access area;
an access period;
user status.
In some embodiments, the first change in the access condition comprises:
the access condition is changed from the condition of allowing access to the intranet to the condition of not allowing access to the intranet;
or the access condition is changed from the condition that the access to the intranet is not allowed to the condition that the access to the intranet is allowed.
In some embodiments, the first network element comprises a session management function network element, the flexible management system comprises an authentication, authorization and accounting server, and the terminal comprises a 4G terminal and/or a 5G terminal.
In some embodiments, the flexible management system comprises: the system comprises a message analysis module, an access stage flexible management and control module, an online stage flexible management and control module, a data storage module and a maintenance management module.
In some embodiments, the message parsing module is configured to parse and log signaling messages; the access stage flexible control module is used for realizing a flexible control method of the access stage; the online-stage flexible control module is used for realizing an online-stage flexible control method; the data storage module is used for storing user account opening data and log data; the maintenance management module is used for providing a management interface.
In a second aspect, an embodiment of the present application provides an electronic device, including: a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of the preceding claims when executing the computer program.
In a third aspect, embodiments of the present application provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the method of any of the preceding claims.
According to the network flexible control method, network access of the terminal is managed in a flexible access control and flexible on-line control mode, so that the problems of high electricity consumption and low success rate of session establishment caused by frequent heavy dialing of the terminal are solved, and the technical effect of access safety control of a 5G private network can be guaranteed.
Drawings
In order to more clearly illustrate the embodiments or prior art solutions of the present application, the drawings that are required for the description of the embodiments or prior art will be briefly described below, it being apparent that the drawings in the following description are only some of the embodiments described in the present application, and that other drawings may be obtained according to these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a schematic diagram of a networking architecture according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of network flexible management in an embodiment of the present application;
FIG. 3 is a flow chart of a terminal access phase of a method of network flexible management in an embodiment of the present application;
FIG. 4 is a flow chart of a terminal on-line phase of a method of network flexible management in an embodiment of the present application;
FIG. 5 is a schematic diagram of a flexible management AAA system according to an embodiment of the present application;
fig. 6 is a schematic block diagram of an electronic device in an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
It is noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present disclosure should be taken in a general sense as understood by one of ordinary skill in the art to which the present disclosure pertains. The use of the terms "first," "second," and the like in one or more embodiments of the present disclosure does not denote any order, quantity, or importance, but rather the terms "first," "second," and the like are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
First, related word abbreviations referred to in the present application are explained:
4G:4th Generation Mobile Communication Technology, namely, the 4th generation mobile communication;
5G:5th Generation Mobile Communication Technology, namely 5th generation mobile communication;
AAA: authentication, authorization, accounting, authentication, authorization and accounting server;
DN-AAA: a Data Network AAA, namely a Data Network AAA server;
AAA-P: AAA Proxy, namely an AAA Proxy forwarding system;
SMF: session Management Function, session management function;
UPF: user Plane Function, user plane function;
DNN: data Network Name, i.e. the data network name.
In the related art, when the terminal information does not meet the Access condition of DN-AAA check, DN-AAA will generally respond directly to Access-Reject message, resulting in terminal unable to create session connection, and the control mode is very hard, thus being defined as hard control.
For example, taking a 5G private network as an example, the present application may also be applied to other networks, such as a 4G network, for example only;
the 5G private network is a private network channel which is customized for industry users based on a 5G network technology, has relatively isolated service, ensures the quality and has enhanced safety, and an enterprise terminal can be connected to an enterprise intranet for data transmission through the 5G private network.
DN-AAA system is defined in 3GPP specification for secondary authentication when terminal accesses to enterprise intranet through 5G network so as to enhance access security of enterprise intranet. When the terminal is online, a 5G core network Session Management Function (SMF) network element sends a Radius authentication Request (Access-Request) to DN-AAA, wherein the Request carries terminal identity information and Access information, such as user name, password, access UPF, access base station and the like, DN-AAA checks whether the terminal identity information is legal or not, and judges whether the terminal is accessed in a constraint condition or not. If the verification passes, responding to an authentication success message (Access-Accept), and enabling the terminal to normally Access the enterprise intranet; if the password is wrong or the verification of the constraint condition is not met, and the verification is not passed, responding to an authentication failure message (Access-Reject), and the terminal cannot establish connection, so that the terminal cannot Access the enterprise intranet.
The flexible control is a softer control mode, and specifically comprises the following steps: even if DN-AAA considers that the terminal does not meet the access condition, the terminal is still allowed to establish a session connection, but the connection is limited to not normally access the enterprise network.
Therefore, the problems of heavy terminal frequency dialing, excessively high electric quantity consumption, low session establishment success rate and the like caused by hard management and control (DN-AAA) direct response authentication failure information are required to be solved, so that the problems of high electric quantity consumption and low session establishment success rate caused by heavy terminal frequency dialing are solved, and the access safety management and control effect of a 5G private network can be ensured.
Various non-limiting embodiments of the present application are described in detail below with reference to the attached drawing figures.
First, fig. 1 is a schematic diagram of a networking structure in an embodiment of the present application; the networking of the present application will be described in detail with reference to fig. 1:
the present application applies to both 4G networks and 5G networks, and the following description will take the 5G network as an example.
The networking structure in this embodiment is shown in fig. 1, and the networking structure includes: a plurality of mobile terminals, a plurality of base stations, UPF, SMF, AAA proxy gateway, area management and control AAA system (the flexible management and control AAA system and the flexible management and control system in the application represent the same system), and enterprise intranet; specifically:
each terminal in the mobile network is accessed through a 4G/5G base station and is accessed into an enterprise intranet through a User Plane Function (UPF);
session Management Function (SMF) is used as a signaling flow client, a flexible management AAA system is used as a signaling flow server, and interaction is performed through signaling; the SMF may also interface with a flexible governing AAA system, for example, through an AAA proxy gateway (AAA-P), for example.
FIG. 2 is a flow chart of a method of network flexible management in an embodiment of the present application; another embodiment of the present application is described in detail below with reference to fig. 2:
the method for flexibly controlling the network in the embodiment comprises the following steps:
s101: the first network element receives a session establishment request message sent by the terminal and sends an authentication request message to the flexible management and control system;
illustratively, the first network element may be a session management function network element, the flexible management and control system includes an authentication, authorization and accounting server, and the terminal includes a 4G terminal and/or a 5G terminal; other existing or future terminals or network elements known to those skilled in the art to be capable of carrying out the functions of the present invention are exemplary and may be employed herein.
Specifically, the terminal may access the network through a 4G base station or a 5G base station, for example, and access the enterprise internal network through UPF.
S102: the flexible management and control system receives the authentication request message, performs internet surfing authentication on the terminal, obtains an authentication result, and realizes different network access authorities corresponding to the terminal based on different authentication results;
the authentication request message may carry terminal identity information and access information, for example, may include information such as a user name, a password, an access UPF, an access base station, etc., and after the flexible management and control system obtains the identity information and the access information, the terminal is authenticated, where the authentication result includes but is not limited to: whether the terminal is a legal terminal, whether the access condition is a legal condition, and the like, different IP information can be fed back aiming at different authentication results, so that the terminal can realize different network access rights.
Specifically, a plurality of IP resource pools, such as a first IP resource pool and a second IP resource pool, may be configured in the UPF, where the first IP resource pool is in communication with an intranet, and the second IP resource pool is not in communication with the intranet.
Thus, when the terminal is authenticated to be capable of accessing the enterprise intranet, the IP information in the first IP pool is fed back; otherwise, the IP information in the second IP pool is fed back, so that different network access authorities of the terminal are realized.
S103: after the terminal realizes network access, the flexible control system monitors the change information of the access condition of the terminal in real time, and generates a disconnection request message and sends the disconnection request message to the first network element under the condition that the access condition of the terminal is monitored to be changed for the first time;
illustratively, the access condition includes at least one of: access area, access period, user status.
Illustratively, the first change in access conditions comprises:
the access condition is changed from the condition of allowing access to the intranet to the condition of not allowing access to the intranet;
or the access condition is changed from the condition that the access to the intranet is not allowed to the condition that the access to the intranet is allowed.
S104: the first network element receives the disconnection request message and disconnects the terminal from the network;
s105: and after the terminal disconnects the network connection, resending the session establishment request message to the first network element so as to finish the authentication process again and realize the change of the access network authority of the terminal.
Specifically, the implementing different network access rights corresponding to the terminal based on the difference of the authentication results includes:
under the condition that the authentication result confirms that the terminal is a legal terminal and the access condition of the terminal is a legal condition, the flexible management and control system authenticates that the terminal passes authentication and sends a response message of successful authentication to the first network element, wherein the response message carries IP information of a first IP resource pool;
under the condition that the authentication result confirms that the terminal is a legal terminal and the access condition of the terminal is illegal, the flexible management and control system authenticates that the terminal fails authentication and sends a response message of successful authentication to the first network element, wherein the response message carries IP information of a second IP resource pool;
and under the condition that the authentication result confirms that the terminal is an illegal terminal, the flexible management and control system authenticates that the terminal fails authentication and sends a response message of successful authentication to the first network element, wherein the response message carries IP information of a second IP resource pool.
The 5G private network flexible control method comprises a terminal access stage and a terminal online stage, wherein the flexible control method of the terminal access stage is shown in fig. 3, and fig. 3 is a flow chart of the terminal access stage of the network flexible control method in an embodiment of the application; referring to fig. 3, a detailed description of a terminal access phase disclosed in another embodiment of the present application follows;
1. configuring two IP resource pools for an enterprise on a UPF, wherein a first IP resource pool is communicated with an enterprise intranet, and a second IP resource pool is not communicated with the enterprise intranet;
2. when a legal terminal is accessed under a legal condition, the SMF sends an authentication request message to the flexible management and control AAA system, the flexible management and control AAA system passes authentication, and responds to an authentication success message, wherein the authentication success message carries the IP information of a first IP resource pool; the terminal obtains an IP address of the first IP resource pool, can access to the UPF, and accesses the enterprise intranet through the UPF;
3. when a legal terminal is accessed under an illegal condition, the SMF sends an authentication request message to the flexible management and control AAA system, the flexible management and control AAA system fails to authenticate, but still responds to an authentication success message, wherein the authentication success message carries the IP information of the second IP resource pool; the terminal obtains the IP address of the second IP resource pool, can access to the UPF, but cannot access the enterprise intranet.
4. When an illegal terminal is accessed, the SMF sends an authentication request message to the flexible management and control AAA system, the flexible management and control AAA system fails to authenticate, but still responds to the authentication success message, wherein the authentication success message carries the IP information of the second IP resource pool. The terminal obtains the IP address of the second IP resource pool, can access to the UPF, but cannot access the enterprise intranet.
In the online use process of the terminal, the access condition may change, such as switching between a legal access area and an illegal access area, switching between a legal period and an illegal period, switching between user states, and the like, which requires a flexible management and control AAA system to execute a flexible management and control method of the online stage of the terminal, the overall method is shown in fig. 4, and fig. 4 is a flowchart of the online stage of the terminal in the method of network flexible management and control in an embodiment of the present application; referring to fig. 4, a detailed description of a terminal presence phase disclosed in another embodiment of the present application follows;
1. the flexible management and control AAA system continuously monitors the terminal access condition change information according to the intermediate charging information;
2. when the access condition of the terminal is found to be changed substantially, for example, the access condition of the allowed access intranet is changed into the access condition of the disallowed access intranet, or the access condition of the disallowed access intranet is changed into the access condition of the allowed access intranet, the flexible management and control AAA system generates a disconnection request message and sends the disconnection request message to the SMF, and the SMF disconnects the terminal.
3. And redialing after the terminal is disconnected, and performing a flexible control method in an access stage by the flexible control AAA system to change the access authority of the terminal.
FIG. 5 is a schematic diagram of a flexible management AAA system according to an embodiment of the present application; with reference to FIG. 5, a detailed description of a flexible governing AAA system disclosed in another embodiment of the present application follows;
the flexible management and control AAA system can comprise a message analysis module, an access stage flexible management and control module, an online stage flexible management and control module, a data storage module, a maintenance management module and the like;
illustratively, the message parsing module is used for parsing signaling messages and recording logs;
illustratively, the access phase flexible control module is configured to implement a flexible control method of the access phase;
illustratively, the online-stage flexible control module is configured to implement an online-stage flexible control method;
illustratively, the data storage module is used for storing user account opening data and log data;
illustratively, the maintenance management module provides a WEB maintenance management interface for an administrator, and realizes user spending and log inquiry.
The method of network flexible management in this application is further described by way of specific examples:
the implementation of the flexible control method in the terminal access stage is described as follows:
1. configuring names of two address pools of HFIP and FFIP for enterprises on UPF, wherein the HFIP configuration IP address field is 180.20.0.0/16, and the HFIP configuration IP address field is communicated with the enterprise intranet; FFIP configures IP address field as 172.18.0.0/16, which is not communicated with enterprise intranet.
2. When the legal terminal A is accessed under legal conditions, the SMF sends an Access-Request message to the flexible control AAA system, the authentication of the flexible control AAA system is passed, and the Access-Accept message is responded, wherein the Access-Accept message carries a frame-IP-Address attribute with a value of 180.20.0.1 or a frame-Pool attribute with a value of HFIP. The terminal obtains the IP address of 180.20.0.1 or any IP address in 180.20.0.0/16 section, can access to UPF, and accesses the enterprise intranet through UPF;
3. when the legal terminal A is accessed under an illegal condition, the SMF sends an Access-Request message to the flexible control AAA system, the authentication of the flexible control AAA system fails, but still responds to the Access-Accept message, wherein the Access-Accept message carries a frame-IP-Address attribute with a value of 172.18.0.1 or a frame-Pool attribute with a value of FFIP. The terminal obtains the IP address of 172.18.0.1 or any IP address in 172.18.0.0/16 segment, and can access UPF, but cannot access the enterprise intranet.
4. When the illegal terminal B is accessed, the SMF sends an Access-Request message to the flexible control AAA system, and the flexible control AAA system fails to authenticate, but still responds to the Access-Accept message, wherein the Access-Accept message carries a frame-IP-Address attribute with a value of 172.18.0.2 or a frame-Pool attribute with a value of FFIP. The terminal obtains the IP address of 172.18.0.2 or any IP address in 172.18.0.0/16 segment, and can access UPF, but cannot access the enterprise intranet.
Taking access area limitation as an example, the implementation of the flexible control method of the terminal at the online stage is described as follows:
1. suppose that legal terminal a only allows access at three base station cells, 0x02613455, 0x02613456, 0x02613457, and the other base station cells are barred from access.
2. Terminal A accesses from base station cell 0x02613455, obtains IP address 180.20.0.1, and can normally access enterprise intranet.
3. Terminal a moves from base station cell 0x02613455 to base station cell 0x02613481, and the smf sends an Accounting-Request message to the flexible management AAA system, where the Accounting-Request message carries a 3GPP-User-Location-Info attribute.
4. The flexible management and control AAA system analyzes the attribute of 3GPP-User-Location-Info from the Accounting-Request Message, judges that the terminal A is accessed from the base station cell 0x0x02613481 and has moved out of the area range allowing access, generates a Disconnect-Message and sends the Message to the SMF, and the SMF cuts off the network of the terminal according to the Message.
5. The terminal is automatically redialed, and the SMF sends an Access-Request message to the flexible management and control AAA, wherein the Access-Request message carries a 3GPP-User-Location-Info attribute.
6. The flexible management and control AAA system analyzes the 3GPP-User-Location-Info attribute from the Access-Request message, judges that the terminal A is accessed from the base station cell 0x0x02613481 and belongs to an illegal Access area, and responds to the Access-Accept, wherein the Access-Accept carries a frame-IP-Address attribute with a value of 172.18.0.1 or a frame-Pool attribute with a value of FFIP. The terminal obtains the IP address of 172.18.0.1 or any IP address in 172.18.0.0/16 segment, and can access UPF, but cannot access the enterprise intranet.
7. Terminal a moves from base station cell 0x0x02613481 to base station cell 0x02613456, and the smf sends an Accounting-Request message to the flexible management AAA system, where the Accounting-Request message carries a 3GPP-User-Location-Info attribute.
8. The flexible management and control AAA system analyzes the attribute of 3GPP-User-Location-Info from the Accounting-Request Message, judges that the terminal A is accessed from the base station cell 0x02613456 and has moved into the area range allowing access, generates a Disconnect-Message and sends the Message to the SMF, and the SMF cuts off the network of the terminal according to the Message.
9. The terminal is automatically redialed, and the SMF sends an Access-Request message to the flexible management and control AAA, wherein the Access-Request message carries a 3GPP-User-Location-Info attribute.
10. The flexible management and control AAA system analyzes the 3GPP-User-Location-Info attribute from the Access-Request message, judges that the terminal A is accessed from the base station cell 0x02613456 and belongs to a legal Access area, and responds to the Access-Accept, wherein the Access-Accept carries a frame-IP-Address attribute with a value of 180.20.0.1 or a frame-Pool attribute with a value of HFIP. The terminal obtains the IP address of 180.20.0.1 or any IP address in 180.20.0.0/16 segment, can access to the UPF, and can access the enterprise intranet through the UPF.
According to the network flexible control method, network access of the terminal is managed in a flexible access control and flexible on-line control mode, so that the problems of high electricity consumption and low success rate of session establishment caused by frequent heavy dialing of the terminal are solved, and the technical effect of access safety control of a 5G private network can be guaranteed.
The application realizes a method and equipment for flexible control of a mobile network, and the method comprises the following technical key points:
1) Flexible control method for access stage
Configuring two IP resource pools for an enterprise on a UPF, wherein a first IP resource pool is communicated with an enterprise intranet, and a second IP resource pool is not communicated with the enterprise intranet;
when the legal terminal is accessed under the legal condition, the flexible management and control AAA authentication passes, and responds to an authentication success message, wherein the authentication success message carries the IP information of the first IP resource pool.
When the legal terminal is accessed under the illegal condition, the AAA authentication is flexibly controlled to fail, but still the authentication success message is responded, wherein the authentication success message carries the IP information of the second IP resource pool.
When an illegal terminal accesses, the flexible management AAA authentication fails, but still responds to the authentication success message, wherein the authentication success message carries the IP information of the second IP resource pool.
2) Flexible control method in online stage
The flexible control AAA system continuously monitors the terminal access condition change information;
when the access condition of the terminal is found to be changed substantially, the flexible management and control AAA system generates a disconnection request message and sends the disconnection request message to the SMF, and the SMF disconnects the terminal.
3) The flexible control method is formed by tightly combining an access stage and an online stage.
4) Flexible management and control AAA system
a) System composition and structure
Through the scheme and the key points, the following technical effects can be realized:
the access security management and control effect of the 4G or 5G private network can be guaranteed, and the problems of excessively high electricity consumption, reduced success rate of session establishment and the like caused by frequent heavy dialing of the terminal can be avoided.
It should be noted that the methods of one or more embodiments of the present application may be performed by a single device, such as a computer or server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of a method of one or more embodiments of the present application, the devices interacting with each other to accomplish the method.
It should be noted that the foregoing describes specific embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the application also discloses an electronic device corresponding to the method of any embodiment;
specifically, fig. 6 shows a schematic hardware structure of an electronic device for network flexible control according to the present embodiment, where the device may include: processor 410, memory 420, input/output interface 430, communication interface 440, and bus 450. Wherein processor 410, memory 420, input/output interface 430 and communication interface 440 are communicatively coupled to each other within the device via bus 450.
The processor 410 may be implemented by a general-purpose CPU (Central Processing Unit ), a microprocessor, an application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing relevant programs to implement the technical solutions provided in the embodiments of the present application.
The Memory 420 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage device, dynamic storage device, or the like. Memory 420 may store an operating system and other application programs, and when the technical solutions provided by the embodiments of the present application are implemented in software or firmware, relevant program codes are stored in memory 420 and invoked for execution by processor 410.
The input/output interface 430 is used to connect with an input/output module to realize information input and output. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
The communication interface 440 is used to connect communication modules (not shown) to enable communication interactions of the device with other devices. The communication module may implement communication through a wired manner (e.g., USB, network cable, etc.), or may implement communication through a wireless manner (e.g., mobile network, WIFI, bluetooth, etc.).
It should be noted that although the above device only shows the processor 410, the memory 420, the input/output interface 430, the communication interface 440, and the bus 450, in the implementation, the device may further include other components necessary to achieve normal operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present application, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding method for controlling network flexibility in any foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, corresponding to any of the above-described embodiments, one or more embodiments of the present application further provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the method of network flexible management as described in any of the above-described embodiments.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
The storage medium of the foregoing embodiments stores computer instructions for causing the computer to perform the method for network flexible control as described in any one of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiments, which are not described herein.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the application (including the claims) is limited to these examples; combinations of features of the above embodiments or in different embodiments are also possible within the spirit of the application, steps may be implemented in any order, and there are many other variations of the different aspects of one or more embodiments of the application as described above, which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure one or more embodiments of the present application. Furthermore, the apparatus may be shown in block diagram form in order to avoid obscuring the embodiment(s) of the present application, and also in view of the fact that specifics with respect to implementation of such block diagram apparatus are highly dependent upon the platform on which the embodiment(s) of the present application are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that one or more embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present application is intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Any omissions, modifications, equivalents, improvements, and the like, which are within the spirit and principles of the one or more embodiments of the application, are therefore intended to be included within the scope of the present application.
Claims (6)
1. A method of network flexible management, the method comprising:
the first network element receives a session establishment request message sent by the terminal and sends an authentication request message to the flexible management and control system; a first IP resource pool and a second IP resource pool are configured, wherein the first IP resource pool is communicated with an enterprise intranet, and the second IP resource pool is not communicated with the enterprise intranet;
the flexible management and control system receives the authentication request message, performs internet surfing authentication on the terminal to obtain an authentication result, and realizes different network access authorities corresponding to the terminal based on different authentication results, including:
under the condition that the authentication result confirms that the terminal is a legal terminal and the access condition of the terminal is a legal condition, the flexible management and control system authenticates that the terminal passes authentication and sends a response message which is successful in authentication to the first network element, wherein the response message carries IP information of a first IP resource pool, and the terminal realizes enterprise intranet access;
under the condition that the authentication result confirms that the terminal is a legal terminal and the access condition of the terminal is illegal, the flexible management and control system authenticates that the terminal fails authentication and sends a response message of successful authentication to the first network element, wherein the response message carries IP information of a second IP resource pool, and the terminal realizes UPF access;
the access condition includes at least one of: an access area; an access period; a user status;
under the condition that the authentication result confirms that the terminal is an illegal terminal, the flexible management and control system authenticates that the terminal fails authentication and sends a response message which is successful in authentication to the first network element, wherein the response message carries IP information of a second IP resource pool, and the terminal realizes UPF access;
after the terminal realizes network access, the flexible control system monitors the change information of the access condition of the terminal in real time, and generates a disconnection request message and sends the disconnection request message to the first network element under the condition that the access condition of the terminal is monitored to be changed for the first time; the first change in the access condition includes: the access condition is changed from the condition of allowing access to the intranet to the condition of not allowing access to the intranet; or the access condition is changed from the condition that the access to the intranet is not allowed to the condition that the access to the intranet is allowed;
the first network element receives the disconnection request message and disconnects the terminal from the network;
and after the terminal disconnects the network connection, resending the session establishment request message to the first network element so as to finish the authentication process again and realize the change of the access network authority of the terminal.
2. The method of network flexible management according to claim 1, wherein the first network element comprises a session management function network element, the flexible management system is an authentication, authorization and accounting server, and the terminals comprise 4G terminals and/or 5G terminals.
3. The method of network flexible management as recited in claim 1, wherein the flexible management system comprises: the system comprises a message analysis module, an access stage flexible management and control module, an online stage flexible management and control module, a data storage module and a maintenance management module.
4. A method of network flexible management according to claim 3, wherein the message parsing module is configured to parse signaling messages and log the signaling messages; the access stage flexible control module is used for realizing a flexible control method of the access stage; the online-stage flexible control module is used for realizing an online-stage flexible control method; the data storage module is used for storing user account opening data and log data; the maintenance management module is used for providing a management interface.
5. An electronic device, the electronic device comprising: memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 4 when executing the computer program.
6. A computer readable storage medium storing one or more programs executable by one or more processors to implement the method of any of the preceding claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310279550.0A CN115996380B (en) | 2023-03-22 | 2023-03-22 | Method and equipment for flexibly controlling network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310279550.0A CN115996380B (en) | 2023-03-22 | 2023-03-22 | Method and equipment for flexibly controlling network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115996380A CN115996380A (en) | 2023-04-21 |
| CN115996380B true CN115996380B (en) | 2023-06-20 |
Family
ID=85993691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310279550.0A Active CN115996380B (en) | 2023-03-22 | 2023-03-22 | Method and equipment for flexibly controlling network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115996380B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108200039A (en) * | 2017-12-28 | 2018-06-22 | 北京网瑞达科技有限公司 | Unaware authentication and authorization system and method based on dynamic creation temporary account password |
| CN113329454A (en) * | 2020-02-29 | 2021-08-31 | 华为技术有限公司 | Method, network element, system and equipment for releasing route |
| WO2021202230A1 (en) * | 2020-03-31 | 2021-10-07 | Cisco Technology, Inc. | Techniques to facilitate fast roaming between a mobile network operator public wireless wide area access network and an enterprise private wireless wide area access network |
| CN114143871A (en) * | 2020-09-04 | 2022-03-04 | 华为技术有限公司 | Network connection method, network disconnection method and communication device |
| CN115086956A (en) * | 2021-03-11 | 2022-09-20 | 中国电信股份有限公司 | Network access method, network access device, medium, and electronic device for communication network |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006103536A1 (en) * | 2005-03-31 | 2006-10-05 | Nokia Corporation | Authentication mechanism for unlicensed mobile access |
| CN101277308B (en) * | 2008-05-23 | 2012-04-18 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
| CN101860534B (en) * | 2010-05-20 | 2014-07-30 | 北京星网锐捷网络技术有限公司 | Method and system for switching network, access equipment and authentication server |
| CN105592458B (en) * | 2014-10-22 | 2018-10-09 | 中国电信股份有限公司 | The authentication method and system of wireless local area network service, server |
| CN106686589B (en) * | 2015-11-09 | 2020-04-28 | 中国电信股份有限公司 | Method, system and AAA server for realizing VoWiFi service |
| EP3935810A1 (en) * | 2019-03-08 | 2022-01-12 | Lenovo (Singapore) Pte. Ltd. | Security mode integrity verification |
| CN112188579B (en) * | 2020-10-21 | 2023-03-10 | 中国联合网络通信集团有限公司 | Calling method, terminal and authentication management function entity equipment |
| CN114765572A (en) * | 2020-12-30 | 2022-07-19 | 华为技术有限公司 | Fault processing method, control plane network element, switching decision network element and related equipment |
| CN115515082B (en) * | 2021-06-21 | 2023-11-24 | 普天信息技术有限公司 | 4G and 5G public and private network converged cluster communication method and system |
| CN115150830B (en) * | 2022-09-02 | 2022-11-29 | 北京首信科技股份有限公司 | Method and system for guaranteeing terminal public network access when 5G private network access authentication fails |
| CN115150829B (en) * | 2022-09-02 | 2022-11-08 | 北京首信科技股份有限公司 | Network access authority management method and device |
-
2023
- 2023-03-22 CN CN202310279550.0A patent/CN115996380B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108200039A (en) * | 2017-12-28 | 2018-06-22 | 北京网瑞达科技有限公司 | Unaware authentication and authorization system and method based on dynamic creation temporary account password |
| CN113329454A (en) * | 2020-02-29 | 2021-08-31 | 华为技术有限公司 | Method, network element, system and equipment for releasing route |
| WO2021202230A1 (en) * | 2020-03-31 | 2021-10-07 | Cisco Technology, Inc. | Techniques to facilitate fast roaming between a mobile network operator public wireless wide area access network and an enterprise private wireless wide area access network |
| CN114143871A (en) * | 2020-09-04 | 2022-03-04 | 华为技术有限公司 | Network connection method, network disconnection method and communication device |
| CN115086956A (en) * | 2021-03-11 | 2022-09-20 | 中国电信股份有限公司 | Network access method, network access device, medium, and electronic device for communication network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115996380A (en) | 2023-04-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10057251B2 (en) | Provisioning account credentials via a trusted channel | |
| US11283805B2 (en) | Cloud device account configuration method, apparatus and system, and data processing method | |
| US8495195B1 (en) | Cookie preservation when switching devices | |
| CN113746633B (en) | Internet of things equipment binding method, device, system, cloud server and storage medium | |
| CN108667699B (en) | Method and device for interconnecting terminal equipment and gateway equipment | |
| US20190215319A1 (en) | Industrial automation device and cloud service | |
| CN105450582A (en) | Business processing method, terminal, server and system | |
| US11570035B2 (en) | Techniques for accessing logical networks via a virtualized gateway | |
| CN104717648A (en) | Unified authentication method and device based on SIM card | |
| CN111132305A (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
| CN102255904A (en) | Communication network and terminal authentication method thereof | |
| CN113411286B (en) | Access processing method and device based on 5G technology, electronic equipment and storage medium | |
| CN115996380B (en) | Method and equipment for flexibly controlling network | |
| CN115065703A (en) | Internet of things system, authentication and communication method thereof and related equipment | |
| US8819229B1 (en) | Techniques for accessing logical networks via a programmatic service call | |
| CN116074924B (en) | Method and equipment for managing and controlling Internet surfing area of mobile terminal | |
| CN115190483B (en) | Method and device for accessing network | |
| CN114189929B (en) | Network registration method, device, equipment and computer readable storage medium | |
| US20230112126A1 (en) | Core network transformation authenticator | |
| KR102303754B1 (en) | Method, system and non-transitory computer-readable recording medium for assisting authentication of a user | |
| KR20230014565A (en) | Apparatus for providing payment service using user token and method therefor | |
| KR102025521B1 (en) | Method of changing entity for managing subscriber certification module and apparatus using the same | |
| CN115913584A (en) | Authentication method, authentication device, electronic equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |