CN117119562A

CN117119562A - Remote access private network method, device, terminal, storage medium and program product

Info

Publication number: CN117119562A
Application number: CN202311061539.3A
Authority: CN
Inventors: 刘洁; 毕奇; 陈思柏
Original assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Current assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Priority date: 2023-08-22
Filing date: 2023-08-22
Publication date: 2023-11-24

Abstract

The application relates to a method, a device, a terminal, a storage medium and a program product for remotely accessing a private network. The method comprises the following steps: determining a target relay terminal from candidate terminals according to the acquired discovery service message about the candidate terminals; the candidate terminal is a registered user of the public network; establishing communication connection with a target access point through session connection of the target relay terminal so as to access a private network through the target access point; the target access point is located within the private network. By adopting the method, the special terminal can be conveniently accessed to the private network remotely.

Description

Remote access private network method, device, terminal, storage medium and program product

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, a terminal, a storage medium, and a program product for remote access to a private network.

Background

The PLMN (Public Land Mobile Network ), which may be referred to simply as a public network, refers to a public network that an operator establishes and operates for the purpose of providing public with land mobile services. SNPN (Stand-alone-Public Network), which can be simply called private Network, refers to the whole 5G Network from a base station to a core Network which is independently deployed for clients, and can realize 5G Public Network isolation from operators.

In the related art, in the SNPN defined by 3GPP (3 rd Generation Partnership Project, third generation partnership project), if a UE (user equipment or terminal) moves out of coverage of a base station supporting the SNPN and needs to access the SNPN, the UE generally registers in a PLMN and establishes a connection with the PLMN, and then accesses a remote SNPN corresponding to the UE by using a session connection of the UE in the PLMN as a channel, thereby implementing access of the UE to the remote SNPN.

However, for a specific terminal in some scenarios, the above technology has a problem that it is difficult to achieve remote access of the specific terminal to the SNPN.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a remote access private network method, apparatus, terminal, storage medium, and program product that can facilitate remote access of a special terminal to a private network.

In a first aspect, the present application provides a method for remotely accessing a private network, the method comprising:

determining a target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals; the candidate terminal is a registered user of the public network;

establishing communication connection with a target access point through session connection of a target relay terminal so as to access a private network through the target access point; the target access point is located in a private network.

In one embodiment, before determining the target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals, the method further includes:

receiving a discovery service message regarding a candidate terminal; the discovery service message includes a first authorization parameter, where the first authorization parameter is used to indicate whether the candidate terminal can provide a relay service for accessing the private network for the remote terminal.

In one embodiment, the receiving the discovery service message about the candidate terminal includes:

broadcasting a request message; the request message includes a demand parameter of the remote terminal, where the demand parameter is used to discover a relay terminal capable of accessing the private network;

a discovery service message regarding the candidate terminal is received according to the request message.

In one embodiment, the discovery service message further includes a layer two identifier corresponding to the candidate terminal.

In one embodiment, the first authorization parameter includes a discovery service message type, information of the candidate terminal, and a relay service code RSC, where the relay service code is used to indicate whether the candidate terminal can provide a relay service for accessing the private network for the remote terminal, and the information of the candidate terminal includes unique identity information of the corresponding candidate terminal.

In one embodiment, the target relay terminal is a terminal configured with a first authorization parameter and near-field service policy information in advance.

In one embodiment, the remote terminal is a terminal preconfigured with the second authorization parameter and the near domain service policy information.

In one embodiment, the near domain service policy information includes access priority information, where the access priority information is used to characterize a priority of the remote terminal accessing the private network through the 5G wireless network and a priority of the remote terminal accessing the private network through the target relay terminal.

In one embodiment, the method further comprises:

detecting whether the remote terminal is successfully accessed to the private network through the 5G wireless network;

if the message fails, the step of determining the target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals is returned to be executed.

In one embodiment, the near domain service policy information further includes an access mode of the remote terminal to access the private network through the target relay terminal.

In one embodiment, the establishing a communication connection with the target access point through the session connection of the target relay terminal to access the private network through the target access point includes:

Establishing a first communication connection with a target relay terminal;

a second communication connection is established with the target access point based on the first communication connection to access the private network through the target access point.

In one embodiment, before the session connection through the target relay terminal establishes a communication connection with the target access point to access the private network through the target access point, the method further includes:

and determining a target access point corresponding to the remote terminal.

In one embodiment, the determining the target access point corresponding to the remote terminal includes:

acquiring a target private network identifier of a private network corresponding to a remote terminal;

determining a target access point corresponding to the target private network identification in a preset corresponding relation according to the target private network identification; the corresponding relation comprises the corresponding relation between different private network identifications and access points.

In one embodiment, the discovery service message further includes location information of the target relay terminal, and the determining, according to the target private network identifier, the target access point corresponding to the target private network identifier in the preset corresponding relationship includes:

according to the target private network identification, determining candidate access points corresponding to the target private network identification in a preset corresponding relation;

And determining the target access point from the candidate access points according to the position information.

In a second aspect, the present application also provides a remote access private network apparatus, including:

a determining module, configured to determine a target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals; the candidate terminal is a registered user of the public network;

the access module is used for establishing communication connection with the target access point through session connection of the target relay terminal so as to access the private network through the target access point; the target access point is located in a private network.

In a third aspect, the present application also provides a terminal comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:

In a fourth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In a fifth aspect, the application also provides a computer program product comprising a computer program which when executed by a processor performs the steps of:

The method, the device, the terminal, the storage medium and the program product for remote access private network determine the target relay terminal from the candidate terminal through the acquired discovery service message about the candidate terminal, and establish communication connection with the target access point through session connection of the target relay terminal so as to access the private network through the target access point, wherein the candidate terminal is a public network registered user, and the target access point is positioned in the private network. In the method, the communication connection with the target access point of the private network can be established through the determined target relay terminal, and the target relay terminal is in the public network, so that the remote terminal does not need to sign up to the public network, and the technical limitation that the remote terminal needs to sign up to the public network when accessing to the private network is avoided.

Drawings

Fig. 1 is an application environment diagram of a method for remotely accessing a private network in the related art;

FIG. 2 is an application environment diagram of a method for remotely accessing a private network in one embodiment;

FIG. 3 is a flow diagram of a method for remotely accessing a private network in one embodiment;

fig. 4 is a flow chart of a method for remotely accessing a private network in another embodiment;

fig. 5 is a flow chart of a method for remotely accessing a private network in another embodiment;

fig. 6 is a flow chart of a method for remotely accessing a private network in another embodiment;

fig. 7 is a flow chart of a method for remotely accessing a private network in another embodiment;

fig. 8 is a block diagram of a remote access private network in another embodiment;

fig. 9 is a signaling interaction diagram of a method for remotely accessing a private network in another embodiment;

FIG. 10 is a block diagram of a remote access private network apparatus in one embodiment;

fig. 11 is an internal structural view of a terminal in one embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

At present, after the terminal exceeds the coverage area of the private network, and the terminal also needs to be accessed to the private network, the terminal generally uses the session connection of the terminal in the public network as a channel to access to the remote private network, and the terminal is required to be a legal user of the public network and is also a legal user of the private network in the connection process. Referring to the diagram of the frame example of the related art access private network for a terminal shown in fig. 1, the main procedure is as follows: 1. the UE (i.e. the remote terminal) registers in the public network and establishes connection; 2. the UE discovers and establishes a connection with an N3IWF (i.e., a non-3GPP access point) in the private network; 3. the UE registers with the private network through the N3IWF and establishes a non-3GPP (i.e., non-3 GPP) session, thereby having access to any services provided by the private network. However, in practical applications, certain industry terminals (such as IOT (i.e., internet Of Things, internet of things) terminals may also be special terminals, which are not valid users of public networks, and are generally not allowed to access public networks, so that they cannot access private networks remotely, i.e., it is difficult to implement remote access private networks by special terminals by the above technology. Based on this, the embodiment of the application provides a method, a device, a terminal, a storage medium and a program product for remotely accessing a private network, which can solve the technical problems.

The method for remotely accessing the private network provided by the embodiment of the application can be applied to an application environment shown in fig. 2. The remote terminal 102 may establish point-to-point communication with the relay terminal 104, and the relay terminal 104 may communicate with the access point 106 located in the coverage area of the private network through the public network, so as to implement that the remote terminal 102 is connected to the access point 106 via the relay terminal 104 to access the private network. The remote terminal 102 and the relay terminal 104 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices and portable wearable devices, and the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The access point 106 may be an access network device, such as an access point (N3 IWF, non-3GPP InterWorking Function) that may be a Non-3GPP access.

The following describes proper nouns involved in the embodiments of the present application:

SNPN: the Stand-alone Non-Public Network refers to an entire 5G Network from a base station to a core Network to a cloud platform, which is independently deployed for an enterprise, and comprises an independent wireless Network, a core Network, a bearing Network and a terminal, so that 5G Public Network isolation with operators is realized, and the Network is hereinafter called a private Network;

PLMN: public Land Mobile Network public land mobile network, a public network established and operated by operators for the purpose of providing land mobile communication services to the public, hereinafter referred to as public network;

NR: new Radio, also known as New Radio/New air interface, is a 5G wireless network;

UE: user Equipment, is the object of mobile network access terminal, mobile network implementing mobility management and session management;

remote UE: the remote terminal is positioned at the tail end in a near-field relay networking from the terminal to the network and is connected with the terminal of the network through the relay UE;

relay UE: the relay terminal is directly connected with the mobile network in a near-field relay networking from the terminal to the network, and provides a relay network access channel for the downstream UE; wherein, the L3 relay UE refers to that the relay function is located in the L3 layer (such as the IP network protocol layer) of the protocol stack;

UPF: user Plane Function, user plane function, network function where the 5G core network performs user plane policies and forwards user data;

NG-RAN: next Generation-Radio Access Network, next Generation radio access network, commonly referred to as base station of 5G network;

U2N: UE to Network, terminal to Network;

U2U: UE to UE, terminal to terminal, i.e. point to point;

N3IWF: non-3GPP InterWorking Function, non-3GPP network interconnection function, mobile network Non-3GPP access point, realizing function similar to base station;

session Management Function, session management function, controlling the establishment of the session of the UE, managing the session, and storing the session context of the UE to control the user plane forwarding path of the terminal;

AMF: access and Mobility Management Function access and mobility management functions, mainly responsible for various functions including registration management, connection management, accessibility management, mobility management, and security, access management, and authorization;

ProSe: near field service;

urs p: UE Route Selection Policy, a user routing policy describing the mapping relationship between a terminal application and the terminal behavior, network parameters using the application;

FQDN: fully Qualified Domain Name, formal domain name/fully qualified domain name;

TAI: tracing Area Identity/Tracking Area Indicator, tracking area identity;

DNS: domain Name System, domain name system;

RSC: relay Service Code, relay service code;

IKE: internet Key Exchange, internet key exchange;

NAS: non-Access Stratum, non-Access Stratum;

IPsec: IP Security is a standard for protecting IP protocol Security communication, and is mainly used for encrypting and authenticating IP protocol packets;

QoS: quality of Service, quality of service;

DN: data Network, data Network.

In one embodiment, as shown in fig. 3, a method for remotely accessing a private network is provided, and the method is applied to the remote terminal in fig. 1 for illustration, and the method may include the following steps:

s202, determining a target relay terminal from candidate terminals according to the acquired discovery service message about the candidate terminals; the candidate terminal is a registered user of the public network.

The remote terminal may be a terminal beyond the coverage of its private network, which requires remote access to the private network to access services provided by the private network.

The number of candidate terminals may be determined according to the number of candidate terminals included in the discovery service message that the remote terminal can receive with respect to the candidate terminals, for example, 5 candidate terminals are included in the discovery service message, and the number of candidate terminals determined by the remote terminal based on the discovery service message is 5. For another example, if the remote terminal includes one candidate terminal in each received discovery service message, the number of candidate terminals may be determined according to the number of received discovery service messages. Each candidate terminal has a corresponding public network, and each candidate terminal is located in the coverage area of the corresponding public network, and can register in the corresponding public network, called a registered user of the public network, and establishes communication connection with the corresponding public network to access the corresponding public network. The public networks corresponding to the candidate terminals may be the same public network or different public networks, that is, each candidate terminal may be a registered user under the same public network or a registered user under different public networks.

Specifically, the remote terminal may obtain the discovery service message about the candidate terminal in an active or passive manner, for example, may actively request the auxiliary discovery server or each candidate terminal around the auxiliary discovery server to send the discovery service message to the remote terminal; or may be a discovery service message that is directly transmitted by a monitoring and receiving auxiliary discovery server or candidate terminals located around the remote terminal; or may be in other ways, in which case the remote terminal may obtain a discovery service message about the candidate terminal.

As for the discovery service message, information about the discovered candidate terminal and whether the candidate terminal can be discovered by other devices (such as a remote terminal) may be included, or information about whether the candidate terminal can be used as a relay terminal for the remote terminal to access the private network may be included, or communication parameters when the candidate terminal is used as a relay terminal may be included, or other parameters, such as information about the discovery message, identification of the candidate terminal, signal quality of communication between the candidate terminal and its public network, location information of the candidate terminal, and the like.

After the remote terminal obtains the discovery service message regarding the candidate terminals, each candidate terminal may be determined based on the discovery service message regarding the candidate terminal, and a target relay terminal may be determined from each candidate terminal. For example, when each candidate terminal can provide a relay service for a remote terminal, a relay terminal that can be used as a remote terminal to access a private network can be selected from the candidate terminals based on the signal strength of each candidate terminal, i.e., a target relay terminal is obtained, that is, the target relay terminal can be used as a remote terminal to access the private network.

In addition, for the above-mentioned target relay terminal, it may be a candidate terminal whose relay function is located in the L3 layer (e.g., IP network protocol layer) of the protocol stack. The L3 layer refers to a network layer, which is interposed between a transmission layer and a data link layer, and further manages data communication in a network on a transmission function of a data frame between two adjacent endpoints provided by the data link layer, and manages data to be transmitted from a source end to a destination end through a plurality of intermediate nodes, so as to provide a most basic end-to-end data transmission service for the transmission layer.

S204, establishing communication connection with a target access point through session connection of a target relay terminal so as to access a private network through the target access point; the target access point is located in a private network.

In this step, after determining the target relay terminal, the remote terminal may establish a communication channel from the remote terminal to the target relay terminal and from the target relay terminal to the private network by using the session connection of the target relay terminal in its own corresponding public network as a channel.

When the communication channel of the remote terminal accessing the private network is established, a target access point which can be connected with the remote terminal can be found from the coverage area of the private network, the target access point can be N3IWF and other equipment, and the remote terminal can access the private network and access the private network by establishing the communication channel with the target access point.

In addition, when the communication channel of the remote terminal to access the private network is established, as an alternative embodiment, the following steps may be adopted: establishing a first communication connection with a target relay terminal; a second communication connection is established with the target access point based on the first communication connection to access the private network through the target access point.

That is, a first communication connection between the remote terminal and the target relay terminal may be established first, where the first communication connection may be a point-to-point communication connection, and if the target relay terminal has not previously established a session that meets the conditions, the target relay terminal establishes a session that carries traffic corresponding to the target relay terminal using the specified session parameters according to the mapping relation with the relay related parameters, that is, establishes the first communication connection with the remote terminal. Meanwhile, the target relay terminal can allocate an IP address/prefix for the remote terminal, then the remote terminal can execute NAS registration of a non-3 GPP access private network, an IPSec tunnel is established with the target access point by using an IKE flow, then an IPSec tunnel sub SA is established between the remote terminal and the target access point, interactive configuration and QoS strategy are carried out, and the remote terminal establishes a non-3 GPP access session; after the session is established successfully, the remote terminal can normally access the business or service of the private network.

As can be seen from the above description, for a specific terminal, such as an unmanned terminal (e.g. unmanned car, unmanned plane, etc.), if it exceeds its private network coverage area during movement, it does not need to register in the public network, and a communication connection with the private network can be established by a certain relay terminal and by means of the session of the relay terminal in its own public network. Therefore, the special terminal does not need to register the public network, a series of problems of public network authority opening of the special terminal or authorization, subscription data management and the like of the special terminal introduced into the public network can be avoided, the remote terminal can be directly accessed and accessed to the corresponding private network through the relay terminal, the implementation process is simple and reliable, and therefore implementation cost of accessing the private network and potential safety hazard of providing private network service can be reduced.

In the above method for remote access private network, a target relay terminal is determined from candidate terminals by using the obtained discovery service message about the candidate terminals, and a communication connection is established between the target relay terminal and a target access point by using a session connection of the target relay terminal, so as to access the private network through the target access point, wherein the candidate terminals are public network registered users, and the target access point is located in the private network. In the method, the communication connection with the target access point of the private network can be established through the determined target relay terminal, and the target relay terminal is in the public network, so that the remote terminal does not need to sign up to the public network, and the technical limitation that the remote terminal needs to sign up to the public network when accessing to the private network is avoided.

In the above-described embodiments, it was mentioned that the remote terminal may determine the target relay terminal based on the discovery service message about the candidate terminal, and for how the remote terminal obtains the discovery service message about the candidate terminal in particular, the following embodiments describe the procedure.

In another embodiment, another method for remotely accessing a private network is provided, and the method may further include the following steps before S202:

step A, receiving discovery service information about candidate terminals; the discovery service message includes a first authorization parameter, where the first authorization parameter is used to indicate whether the candidate terminal can provide a relay service for accessing the private network for the remote terminal.

In this step, the remote terminal may receive a discovery service message about the candidate terminal, which may be broadcasted by a device such as an auxiliary discovery server or the candidate terminal, before determining the target relay terminal from the candidate terminals, and monitor surrounding broadcast messages to obtain monitored broadcast messages and screen the discovery service message about the candidate terminal from the monitored broadcast messages when the remote terminal needs to access the private network by means of the relay.

Alternatively, the above discovery service message about the candidate terminal may be a request to the remote terminal to send the discovery service message about the candidate terminal to a device such as an auxiliary discovery server or the candidate terminal by sending an instruction to the surrounding when the remote terminal needs to access the private network through the relay.

In addition, the discovery service message includes the first authorization parameter of the candidate terminal, where the authorization parameter of the candidate terminal may be configured for the candidate terminal in advance through a network manager or other forms, and the auxiliary discovery server or the candidate terminal may carry the authorization parameter of the candidate terminal when sending a broadcast message or a discovery service message to the surroundings, which are all recorded as the first authorization parameter. Taking a first authorization parameter of a candidate terminal as an example, the first authorization parameter may be represented by a series of identifiers or by a parameter entity content text, where the first authorization parameter is mainly used to represent whether a corresponding candidate terminal can provide a relay service for accessing a private network for a remote terminal.

As an alternative embodiment, the first authorization parameter includes a discovery service message type, information of the candidate terminal, and a relay service code RSC, where the discovery service message type may indicate what type of message the candidate terminal may discover, and so on. The relay service code is used to indicate whether the candidate terminal is capable of providing relay services for the remote terminal to access the private network. The relay service code may be recorded as RSC, that is, the first authorization parameter may include RSC corresponding to each candidate terminal, where the RSC of the candidate terminal may indicate whether the RSC itself can provide the remote terminal with the relay service accessing the private network. For example, some RSCs may be preset to be RSCs capable of providing relay services for accessing private networks to remote terminals, then candidate terminals including these RSC information may be relay terminals for accessing private networks to remote terminals, and accordingly, RSCs other than these RSCs may be RSCs incapable of providing relay services for accessing private networks to remote terminals, that is, candidate terminals including RSC information other than these RSCs may not be relay terminals for accessing private networks to remote terminals. In addition, the information of the candidate terminals includes unique identity information of the corresponding candidate terminals, so that a unique one of the candidate terminals can be determined by the unique identity.

When the candidate terminal which can provide the relay service of the access private network for the remote terminal is one, the candidate terminal can be directly used as a target relay terminal; when there are a plurality of candidate terminals that can provide the remote terminal with the relay service for accessing the private network, the target relay terminal may be selected from the candidate terminals according to information such as signal strength between each candidate terminal and its public network, distance between the candidate terminal and the remote terminal, and signal strength between the remote terminal and the candidate terminal.

In this embodiment, before determining the target relay terminal from the candidate terminals, the remote terminal may first receive the discovery service message about the candidate terminal, so that the remote terminal may quickly obtain the discovery service message about the candidate terminal, and efficiency of accessing the remote terminal into the private network is improved. In addition, the authorization parameters in the discovery service message comprise the type of the discovery service message, the information of the candidate terminal and the relay service code, and more information is configured for the candidate terminal in advance, so that the remote terminal can conveniently and quickly determine the target candidate terminal based on the information, and the efficiency and the accuracy of determining the target relay terminal by the remote terminal are improved.

The following embodiments further describe the process of the remote terminal to instruct a device such as an auxiliary discovery server or a candidate terminal to transmit a discovery service message about the candidate terminal to the remote terminal by transmitting an instruction to the surrounding candidate terminals.

In another embodiment, another method for remotely accessing a private network is provided, and based on the above embodiment, referring to fig. 4, the step a may include the following steps:

s302, broadcasting a request message; the request message includes a requirement parameter of the remote terminal, where the requirement parameter is used to discover a relay terminal that can access the private network.

In this step, when the remote terminal needs to access the private network through the relay, it can find the relay terminal capable of acting as the relay, and then the remote terminal can broadcast the request message to the surroundings, where the transmission range of the request message can be determined according to the power of the remote terminal broadcasting the message.

Here, the request message broadcast by the remote terminal may include information required by the remote terminal, that is, may include a requirement parameter of the remote terminal, where the requirement parameter indicates that the remote terminal needs a relay terminal capable of accessing the private network, that is, the requirement parameter may assist the remote terminal to discover the relay terminal capable of accessing the private network. Meanwhile, the request message may further include a source layer two identifier (i.e., a source layer two ID).

In addition, the broadcast request message may also be referred to as a discovery request message, and may further include a discovery parameter that is negotiated in advance, for example, may include a non-seamless offload identifier, where the non-seamless offload identifier indicates that the remote terminal needs to access the private network in a non-3GPP (i.e., non-3 GPP) manner through the relay terminal and the target access point N3 IWF.

Of course, the request message broadcast by the remote terminal may also include other information, such as location information of the remote terminal, identification of the remote terminal, and so on.

S304, receiving discovery service information about the candidate terminal according to the request information.

In this step, after the remote terminal broadcasts the request message to the surroundings, devices such as an auxiliary discovery server or a candidate terminal located around or near the remote terminal can receive the broadcast message; and then, the auxiliary discovery server or the candidate terminal and other devices can determine whether the corresponding candidate terminal can be used as a relay terminal or can provide a relay service accessed to a private network for the remote terminal according to the request message, and after the result is determined, the candidate terminal can be used as the relay terminal or can provide the relay service accessed to the private network for the remote terminal and other results are packaged in a discovery service message, and the discovery service message is fed back to the remote terminal, so that the remote terminal can receive the discovery service message related to the candidate terminal.

The remote terminal may then obtain the candidate terminal from the discovery service message, determine a target relay terminal from the candidate terminals, and assist the remote terminal in accessing the private network in a non-3GPP manner via a user plane of the target relay terminal.

In this embodiment, the remote terminal receives the discovery service message related to the candidate terminal according to the request message by broadcasting the request message, where the request message includes a requirement parameter of the remote terminal for discovering the relay terminal capable of accessing the private network, so that the auxiliary discovery server or the candidate terminal is instructed to send the discovery service message by the remote terminal, so that the auxiliary discovery server or the candidate terminal can not blindly send the discovery service message all the time, power consumption of the auxiliary discovery server or the candidate terminal is saved, and meanwhile, accuracy of the remote terminal for receiving the discovery service message is guaranteed.

In another embodiment, for the discovery service message related to the candidate terminal, a layer two identifier corresponding to the candidate terminal is further included in the discovery service message based on the embodiment.

The layer refers to an L2 layer, the layer two identifier is the identifier of the L2 layer, the L2 layer refers to a data link layer, and the data link layer is between the physical layer and the network layer, and provides services for the network layer on the basis of services provided by the physical layer, wherein the most basic services are that data from the network layer is reliably transmitted to a target machine network layer of an adjacent node.

In addition, the layer two identifier corresponding to the candidate terminal may be an address corresponding to the candidate terminal in the layer two, where the address may be pre-negotiated between the public network and the private network, and when the candidate terminal can provide the relay service accessing the private network for the remote terminal, the address in the layer two is configured for the candidate terminal.

In general, the address field of the candidate terminal at the layer two cannot conflict with the address field of the remote terminal at the layer two, so that the remote terminal can communicate with the candidate terminal at different addresses after obtaining the address of the candidate terminal at the layer two, and the remote terminal and the candidate terminal can be ensured to normally communicate in the communication process.

In this embodiment, the discovery service message further includes a layer two identifier corresponding to the candidate terminal, where the layer two identifier may be an address of the candidate terminal at a layer two, so that it is ensured that the address of the candidate terminal at the layer two does not conflict with the address of the remote terminal, and normal communication between the remote terminal and the candidate terminal in the communication process is ensured.

In another embodiment, for a target relay terminal among the candidate terminals, the target relay terminal is a terminal configured with a first authorization parameter and near-field service policy information in advance on the basis of the above embodiment.

The target relay terminal may configure related parameters in advance before establishing point-to-point communication with the remote terminal, where the related parameters may include a first authorization parameter, near domain service policy information, and the like, and may of course also include other information of the target relay terminal, such as information of the number of remote terminals that the target relay terminal may establish point-to-point communication connection, and the like.

The specific meaning of the first authorization parameter may be referred to the explanation in the above embodiment, and will not be described herein. For the near-field service Policy, english is ProSe Policy, which refers to a constraint condition or a rule to be followed by a process of discovering and identifying another terminal with ProSe function nearby by the terminal with ProSe function, or performing direct communication (Direct Communication) or U2N communication (Ue-to-Network communication). By pre-configuring the near-field service policy for the target relay terminal, the target relay terminal can perform a discovery process between the start and the remote terminal so as to discover the remote terminal and send a discovery service message of the target relay terminal to the remote terminal, or can discover the auxiliary discovery server so as to send the discovery service message to the auxiliary discovery server, so that the auxiliary discovery server sends the discovery service message to the remote terminal, and subsequent relay service is realized.

Of course, for other candidate terminals that are not target relay terminals, the first authorization parameter and the near-field service policy information may be configured in advance, so that the remote terminal may discover these candidate terminals, or the candidate terminal may discover the remote terminal, thereby improving the efficiency of communication between the candidate terminal and the remote terminal.

In this embodiment, the target relay terminal is a terminal configured with the first authorization parameter and the near-field service policy information in advance, so that the remote terminal can conveniently discover the target relay terminal, or the target relay terminal can discover the remote terminal, thereby improving the communication efficiency between the relay terminal and the remote terminal.

In another embodiment, for the remote terminal, on the basis of the above embodiment, the remote terminal is a terminal configured with a second authorization parameter and near-field service policy information in advance.

The remote terminal may also be a terminal with a preset authorization parameter, where the preset authorization parameter of the remote terminal may be recorded as a second authorization parameter, and the second authorization parameter may include an authorization related parameter of the remote terminal, a communication related parameter, and the like. The authorization related parameter is mainly used for indicating whether the remote terminal can be connected by adopting the relay terminal to access the private network, and a specific relay service code RSC when the remote terminal can be connected by adopting the relay terminal to access the private network, and of course, the authorization related parameter can also comprise session parameters and the like when the remote terminal can be connected by adopting the relay. The communication related parameter indicates how the remote terminal accesses the private network, for example, the authority of opening the U2N relay connection of the L3 with the N3IWF to the remote terminal that needs to use the relay terminal to connect to access the private network may be preset, that is, the authority of opening the L3 layer to access the private network through the non-3 GPP access point for the remote terminal in advance, and the remote terminal may access the private network through the non-3 GPP access point subsequently.

For near domain service policy information pre-configured for the remote terminal, which is similar to near domain service policy information configured for the candidate terminal, and is also a ProSe-enabled terminal that discovers and identifies another nearby ProSe-enabled terminal, the process can be implemented independently of proximity communication (ProSe Communication). By pre-configuring the near-field service policy for the remote terminal, the remote terminal can conveniently perform a discovery process between the start and the candidate terminal so as to discover the candidate terminal and send a broadcast message to the candidate terminal, thereby realizing subsequent relay service.

Of course, the near domain service policy information herein may further include access policy information configured in advance for the remote terminal, which may be denoted as urs policy information, and as an alternative embodiment, the near domain service policy information may include access priority information, that is, the access policy information may include access priority information, where the access priority information is used to characterize a priority of the remote terminal accessing the private network through the 5G wireless network and a priority of the remote terminal accessing the private network through the target relay terminal.

That is, the access priority information may include two priorities, one of which is a priority of the remote terminal accessing the private network through the 5G wireless network and the other of which is a priority of the remote terminal accessing the private network through the target relay terminal. The relation between these two priorities is not particularly limited, and may be that the priority of the remote terminal accessing the private network through the 5G wireless network is higher than the priority of the remote terminal accessing the private network through the target relay terminal, for example, when the remote terminal accesses the private network, the remote terminal may access the private network directly by using the 5G wireless network (may also be referred to as NR) in advance, and in the case of access failure or after a certain period of access, the remote terminal accesses the private network through determining the target relay terminal and accesses the private network through the target relay terminal.

For the above-mentioned near-field service policy information, as an optional embodiment, the above-mentioned near-field service policy information further includes an access mode of the remote terminal to access the private network through the target relay terminal. The access mode comprises information such as the type of a target access point of a private network accessed by the remote terminal through the target relay terminal, the communication type between the remote terminal and/or the target relay terminal and the target access point, and the like; for example, the remote terminal can access the target access point of the non-3 GPP communication in the L3 layer through the non-3 GPP mode so as to communicate with the non-3 GPP target access point, thereby realizing access to the private network and accessing the private network.

In this embodiment, the remote terminal is preconfigured with the authorization parameter and the near-field service policy information, so that the remote terminal can conveniently and quickly discover the relay terminal, and the communication efficiency between the relay terminal and the remote terminal is improved. In addition, the near domain service policy information of the remote terminal comprises the priority of accessing the private network through the 5G wireless network access network and the priority of accessing the private network through the relay terminal, so that the remote terminal can be ensured to access the private network under any condition. Furthermore, the access strategy also comprises an access mode that the remote terminal accesses the private network through the relay terminal, so that the remote terminal can conveniently and rapidly access the private network, and the efficiency and the accuracy of accessing the private network by the remote terminal are improved.

In the above embodiments, it is mentioned that the corresponding near-field service policy information may be configured for the remote terminal in advance, and a description is given below of how the remote terminal communicates based on the near-field service policy information in the actual communication process.

In another embodiment, another method for remotely accessing a private network is provided, and based on the above embodiment, as shown in fig. 5, the above method may further include the following steps:

s402, detecting whether the remote terminal is successfully accessed to the private network through the 5G wireless network.

In this step, when the remote terminal needs to access the private network, the private network may be accessed by using the 5G wireless network, that is, the private network may be accessed directly through the 5G wireless network, so as to obtain an access result or an access result.

And S404, if the relay terminal fails, returning to the step of determining the target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals.

In this step, if the remote terminal directly uses the 5G wireless network to access the private network, or directly uses the 5G wireless network to access the private network, the remote terminal generally cannot directly access the private network or access the private network through the 5G wireless network when the remote terminal moves out of the coverage area of the private network, i.e., the distance between the remote terminal and the private network exceeds the coverage area of the private network, and at this time, access failure or access failure occurs. In this case, if the remote terminal needs to access and access the private network, the remote terminal needs to access the private network by means of the relay terminal, and at this time, the remote terminal may return to execute the steps of S202-S204 described above, receive the discovery service message about the candidate terminal, determine the candidate terminal, and select the target relay terminal from the candidate terminal, so as to successfully access and access the private network through the target relay terminal.

Of course, when the remote terminal accesses the private network through the determined target relay terminal, there may be an access failure, if the access failure occurs, the currently determined target relay terminal is deleted, a new target relay terminal is selected from the remaining candidate terminals again, and the private network is accessed through the new target relay terminal; and then, continuously judging whether the remote terminal successfully accesses the private network through the new target relay terminal, if the remote terminal fails, returning to execute the step of deleting the currently determined target relay terminal, reselecting the new target relay terminal from the rest candidate terminals, and accessing the private network through the new target relay terminal until the remote terminal successfully accesses the private network through the new target relay terminal.

In this embodiment, by detecting whether the remote terminal successfully accesses the private network through the 5G wireless network, and returning to execute the steps of receiving the discovery service message about the candidate terminal and selecting the target relay terminal from the discovery service message when the access fails, the remote terminal successfully accesses and accesses the private network through the target relay terminal, so that the remote terminal can still access the private network through the relay terminal when the access fails, and the remote terminal can be ensured to successfully access the private network.

The above-described embodiments make it possible to establish a communication connection with a target access point through a target relay terminal, and description will be made below of what is to be performed before accessing a private network.

In another embodiment, another method for remotely accessing a private network is provided, and on the basis of the above embodiment, before the step S204, the method may further include the following steps:

and B, determining a target access point corresponding to the remote terminal.

In this step, before the remote terminal accesses the private network through the target relay terminal, it is generally necessary to determine the target access point within the coverage area of the private network, so that the target relay terminal can establish a communication connection with the target access point, so as to implement the remote terminal accessing the private network through the target relay terminal and the target access point.

For the mode of determining the target access point, the private network to which each remote terminal can access is usually a fixed private network, and is usually the same private network, and the corresponding access point to which the private network is accessed is also the same fixed access point, so that the target access point to which the private network can be accessed can be configured for the remote terminal in advance, for example, the identification of the target access point under the private network to which the remote terminal can access can be directly set in the local database of the remote terminal, and can be directly obtained from the local database when the target access point of the remote terminal is determined.

Of course, other manners may be adopted to determine the target access point, for example, when the target relay terminal performs the discovery procedure with the remote terminal, that is, when the target relay terminal sends the discovery service message to the remote terminal, the target relay terminal publishes/sends a Tracking Area Identifier (TAI) of the public network corresponding to the 5G serving cell, and then the remote terminal uses the tracking area identifier and the corresponding public network identifier to construct a domain name of the N3IWF access point, so as to obtain the target access point; or the domain name of the N3IWF access point can be constructed through private network identification to obtain the target access point.

After the domain name of the N3IWF access point is constructed, address resolution may be performed by using a Domain Name System (DNS), specifically, the DNS system may be set between a public network and a private network, and the location information of the TAI carried by the relay terminal is agreed, and then the remote terminal selects an appropriate N3IWF access point accessing the private network to obtain the target access point.

Of course, the target access point may be determined in other manners, for example, as an alternative embodiment, referring to fig. 6, the step a may include the following steps:

s502, obtaining a target private network identification of the private network corresponding to the remote terminal.

In this step, when determining the target access point, the identifier of the private network to which the remote terminal needs to access may be first obtained and recorded as the target private network identifier. The target private network identification may be a private network identification configured in advance for the remote terminal.

S504, determining a target access point corresponding to the target private network identification in a preset corresponding relation according to the target private network identification; the corresponding relation comprises the corresponding relation between different private network identifications and access points.

In this step, different private network identifiers and access points in the coverage area of each private network may be collected in advance, and a correspondence between each private network identifier and the access point in the coverage area of each private network may be established, so as to obtain a correspondence between different private network identifiers and access points.

After the target private network identifier corresponding to the remote terminal is obtained, searching or matching can be performed in the corresponding relation to find or match the target private network identifier, so as to obtain an access point corresponding to the target private network identifier.

The access points corresponding to the target private network identification can be one or a plurality of access points; if one is the target access point, the target access point can be directly used; if the number of the access points is multiple, one access point can be selected as a target access point; the selection may be based on signal quality, signal strength, location information, etc. of the access point/remote terminal/target relay terminal, etc.

In this embodiment, the target access point for accessing the private network may be determined before the remote terminal accesses the private network through the target relay terminal, so that the target relay terminal may conveniently establish an accurate communication channel, and efficiency and accuracy of accessing the private network by the remote terminal are improved. In addition, the target private network identification corresponding to the remote terminal is obtained, and the corresponding target access point is obtained in the corresponding relation based on the target private network identification, so that the target access point corresponding to the remote terminal can be rapidly and accurately determined, and the efficiency and accuracy of accessing the private network by the remote terminal are further improved.

In the process of actually determining the access point, there is a possibility that a plurality of access points will be corresponding to one private network, and when the discovery service message further includes the location information of the target relay terminal, how to select a target access point suitable for the remote terminal from the plurality of access points is described in the following embodiments.

In another embodiment, another method for remotely accessing a private network is provided, and based on the above embodiment, as shown in fig. 7, the step S504 may include the following steps:

s602, according to the target private network identification, determining candidate access points corresponding to the target private network identification in a preset corresponding relation.

S604, determining a target access point from the candidate access points according to the position information.

In this embodiment, as mentioned above, if a plurality of access points corresponding to the target private network identifier are obtained through the correspondence relationship and are all recorded as candidate access points, one candidate access point may be selected from the plurality of access points as the target access point, and this embodiment precisely selects one candidate access point from the plurality of access points as the target access point based on the location information of the target relay terminal.

When the candidate access points are selected according to the position information of the target relay terminal, the candidate access point with the nearest distance can be selected as the target access point by calculating the distance between the position of the target relay terminal and the position of each candidate access point, and the communication quality is better as the distance is closer; or the service performance of each candidate access point can be combined for comprehensive consideration, for example, a candidate access point with the optimal signal quality or the maximum signal strength and a certain distance from the target relay terminal is selected as the target access point; or the position information can be comprehensively considered by combining other information, and the target access point can be determined.

In this embodiment, a plurality of candidate access points are determined through the target private network identifier, and the target access point is determined by combining the position information of the target relay terminal, so that the signal quality between the determined target access point and the target relay terminal is ensured to be better, the signal quality of the subsequent remote terminal accessing the private network through the target relay terminal and the target access point is ensured to be better, and the communication quality is improved.

A detailed embodiment is given below to explain the method of the embodiment of the present application, referring to the structural block diagram shown in fig. 8 and the signaling interaction flow chart shown in fig. 9, where the remote terminal may be denoted as a remote UE, and the target relay terminal may be denoted as an L3 relay UE, and the method may include the following steps:

1a, the U2N relay UE completes authorization and near domain service configuration (or called near domain service strategy information configuration) and establishes an initial session;

1b, the remote UE completes authorization and near domain service configuration (wherein near domain service policy information in the near domain service configuration includes a urs policy, which can specify a priority policy of remote terminal access and a specific access mode, for example, remote access through a relay connection of L3 with N3IWF when access through a 5G wireless network is impossible);

2. The U2N discovery process specifically comprises the following steps: executing a discovery process between the remote UE and the L3 relay UE, wherein the remote UE selects the L3 relay UE as a connection relay for remote access of the remote UE, and selects a non-seamless unloading mode according to an access strategy, namely accessing a network in a non-3 GPP mode through an N3 IWF;

3. the remote UE establishes point-to-point communication connection with the L3 relay UE; if the session meeting the condition is not established before, the L3 relay UE establishes a session carrying the corresponding flow of the relay by using the appointed session parameters according to the mapping relation with the RSC, namely the relay UE establishes a special PDU session for the flow of the remote UE;

4. the L3 relay UE allocates an IP address/prefix for the remote UE;

5. the remote UE acquires an N3IWF address through the position of the relay UE and network information of SNPN; the method comprises the following steps: the remote UE constructs the FQDN of the N3IWF through TAI information in the discovery service message of the L3 relay UE and/or network information of SNPN, and acquires the N3IWF address by initiating a DNS analysis request of the FQDN of the N3 IWF;

6. the remote UE executes NAS registration of non-3 GPP access SNPN, and establishes an IPSec tunnel with N3IWF by using IKE flow;

7. establishing IPSec sub-SA, exchange configuration and QoS strategy between remote UE and N3 IWF;

8. the remote UE establishes a non-3 GPP access session;

9. After the session is established successfully, the remote UE often accesses the traffic of the SNPN.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides a remote access private network device for realizing the above related remote access private network method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of one or more remote access private network devices provided below may be referred to the limitation of the remote access private network method hereinabove, and will not be repeated herein.

In one embodiment, as shown in fig. 10, there is provided a remote access private network apparatus, including: a determining module and an accessing module, wherein:

In another embodiment, another remote access private network apparatus is provided, where, based on the foregoing embodiment, the determining module may further include, before determining, from the candidate terminals, the target relay terminal according to the acquired discovery service message about the candidate terminals:

a receiving module for receiving a discovery service message regarding a candidate terminal; the discovery service message includes a first authorization parameter, where the first authorization parameter is used to indicate whether the candidate terminal can provide a relay service for accessing the private network for the remote terminal.

In another embodiment, another remote access private network apparatus is provided, and on the basis of the foregoing embodiment, the receiving module may include:

A transmitting unit for broadcasting a request message; the request message includes a demand parameter of the remote terminal, where the demand parameter is used to discover a relay terminal capable of accessing the private network;

and a receiving unit for receiving a discovery service message regarding the candidate terminal according to the request message.

In another embodiment, the discovery service message further includes a layer two identifier corresponding to the candidate terminal.

In another embodiment, the first authorization parameter includes a discovery service message type, information of the candidate terminal, and a relay service code RSC, where the relay service code is used to indicate whether the candidate terminal can provide a relay service for accessing the private network for the remote terminal, and the information of the candidate terminal includes unique identity information of the corresponding candidate terminal.

In another embodiment, the remote terminal is a terminal preconfigured with the second authorization parameter and the near domain service policy information.

In another embodiment, the near domain service policy information includes access priority information, where the access priority information is used to characterize a priority of the remote terminal accessing the private network through the 5G wireless network and a priority of the remote terminal accessing the private network through the target relay terminal.

In another embodiment, another remote access private network apparatus is provided, where on the basis of the foregoing embodiment, the apparatus may further include:

the detection module is used for detecting whether the remote terminal is successfully accessed to the private network through the 5G wireless network;

and the return module is used for returning to execute the step of determining the target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals if the target relay terminal fails.

In another embodiment, the near domain service policy information further includes an access mode of the remote terminal to access the private network through the target relay terminal.

In another embodiment, another remote access private network apparatus is provided, where, based on the foregoing embodiment, the access module may include:

a first connection unit for establishing a first communication connection with the target relay terminal;

and the second connection unit is used for establishing a second communication connection with the target access point based on the first communication connection so as to access the private network through the target access point.

In another embodiment, another remote access private network apparatus is provided, where, based on the foregoing embodiment, the access module establishes a communication connection with a target access point through a target relay terminal, so as to access the private network through the target access point, where before the apparatus further includes:

And the target access point determining module is used for determining a target access point corresponding to the remote terminal.

Optionally, the target access point determining module may include:

the identification acquisition unit is used for acquiring a target private network identification of the private network corresponding to the remote terminal;

the access point determining unit is used for determining a target access point corresponding to the target private network identification in a preset corresponding relation according to the target private network identification; the corresponding relation comprises the corresponding relation between different private network identifications and access points.

In another embodiment, another remote access private network apparatus is provided, the discovery service message further includes location information of the target relay terminal, and the access point determining unit may include:

a candidate access point determining subunit, configured to determine, according to the target private network identifier, a candidate access point corresponding to the target private network identifier in a preset corresponding relationship;

and the target access point determining subunit is used for determining the target access point from the candidate access points according to the position information.

The above-described respective modules in the remote access private network apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or independent of a processor in the terminal, or may be stored in software in a memory in the terminal, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a terminal is provided, the internal structure of which may be as shown in fig. 11. The terminal comprises a processor, a memory, a communication interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the terminal is adapted to provide computing and control capabilities. The memory of the terminal includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the terminal is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program when executed by a processor implements a remote access private network method. The display screen of the terminal can be a liquid crystal display screen or an electronic ink display screen, the input device of the terminal can be a touch layer covered on the display screen, can be a key, a track ball or a touch pad arranged on a terminal shell, and can also be an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the structure shown in fig. 11 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the terminal to which the present inventive arrangements are applied, and that a particular terminal may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In one embodiment, a terminal is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:

determining a target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals; the candidate terminal is a registered user of the public network; establishing communication connection with a target access point through session connection of a target relay terminal so as to access a private network through the target access point; the target access point is located in a private network.

In one embodiment, the processor when executing the computer program further performs the steps of:

broadcasting a request message; the request message includes a demand parameter of the remote terminal, where the demand parameter is used to discover a relay terminal capable of accessing the private network; a discovery service message regarding the candidate terminal is received according to the request message.

In an embodiment, the discovery service message further includes a layer two identifier corresponding to the candidate terminal.

detecting whether the remote terminal is successfully accessed to the private network through the 5G wireless network; if the message fails, the step of determining the target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals is returned to be executed.

In an embodiment, the near domain service policy information further includes an access mode of the remote terminal to access the private network through the target relay terminal.

establishing a first communication connection with a target relay terminal; a second communication connection is established with the target access point based on the first communication connection to access the private network through the target access point.

and determining a target access point corresponding to the remote terminal.

acquiring a target private network identifier of a private network corresponding to a remote terminal; determining a target access point corresponding to the target private network identification in a preset corresponding relation according to the target private network identification; the corresponding relation comprises the corresponding relation between different private network identifications and access points.

according to the target private network identification, determining candidate access points corresponding to the target private network identification in a preset corresponding relation; and determining the target access point from the candidate access points according to the position information.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:

In one embodiment, the computer program when executed by the processor further performs the steps of:

and determining a target access point corresponding to the remote terminal.

In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:

and determining a target access point corresponding to the remote terminal.

The user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. A method for remotely accessing a private network, the method comprising:

determining a target relay terminal from candidate terminals according to the acquired discovery service message about the candidate terminals; the candidate terminal is a registered user of the public network;

establishing communication connection with a target access point through session connection of the target relay terminal so as to access a private network through the target access point; the target access point is located within the private network.

2. The method according to claim 1, wherein before determining the target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals, the method further comprises:

3. The method according to claim 2, wherein the receiving a discovery service message regarding a candidate terminal comprises:

broadcasting a request message; the request message comprises a demand parameter of a remote terminal, wherein the demand parameter is used for discovering a relay terminal capable of accessing a private network;

and receiving the discovery service message about the candidate terminal according to the request message.

4. A method according to claim 2 or 3, wherein the discovery service message further comprises a layer two identifier corresponding to the candidate terminal.

5. A method according to claim 2 or 3, characterized in that the first authorization parameter comprises a discovery service message type, information of a candidate terminal and a relay service code RSC, wherein the relay service code is used for indicating whether the candidate terminal can provide relay service for accessing a private network for the remote terminal, and the information of the candidate terminal comprises unique identity information of the corresponding candidate terminal.

6. The method of claim 1, wherein the target relay terminal is a terminal that is preconfigured with first authorization parameters and near-field service policy information.

7. A method according to claim 2 or 3, characterized in that the remote terminal is a terminal pre-configured with second authorization parameters and near-field service policy information.

8. The method of claim 7, wherein the near domain service policy information includes access priority information characterizing a priority of the remote terminal accessing the private network through the 5G wireless network and a priority of the remote terminal accessing the private network through the target relay terminal.

9. The method of claim 8, wherein the method further comprises:

detecting whether the remote terminal successfully accesses the private network through the 5G wireless network;

and if the relay terminal fails, returning to the step of executing the target relay terminal from the candidate terminals according to the acquired discovery service message about the candidate terminals.

10. The method of claim 7, wherein the near domain service policy information further comprises an access manner by which the remote terminal accesses the private network through the target relay terminal.

11. The method of claim 1, wherein the establishing a communication connection with a target access point through the session connection of the target relay terminal to access a private network through the target access point comprises:

establishing a first communication connection with the target relay terminal;

and establishing a second communication connection with a target access point based on the first communication connection so as to access a private network through the target access point.

12. The method of claim 1, wherein prior to the establishing a communication connection with a target access point through the session connection of the target relay terminal to access a private network through the target access point, the method further comprises:

and determining a target access point corresponding to the remote terminal.

13. The method of claim 12, wherein the determining the target access point to which the remote terminal corresponds comprises:

acquiring a target private network identifier of a private network corresponding to the remote terminal;

14. The method of claim 13, wherein the discovery service message further includes location information of the target relay terminal, and the determining, according to the target private network identifier, the target access point corresponding to the target private network identifier in a preset correspondence includes:

and determining a target access point from the candidate access points according to the position information.

15. A remote access private network apparatus, the apparatus comprising:

a determining module, configured to determine a target relay terminal from candidate terminals according to the acquired discovery service message about the candidate terminals; the candidate terminal is a registered user of the public network;

an access module, configured to establish a communication connection with a target access point through a session connection of the target relay terminal, so as to access a private network through the target access point; the target access point is located within the private network.

16. A terminal comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 14 when the computer program is executed.

17. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 14.

18. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 14.