CN118042452A - Operation execution method, device, terminal and network function - Google Patents

Abstract

The application discloses an operation execution method, an operation execution device, a terminal and a network function, which belong to the technical field of communication, and the operation execution method of the embodiment of the application comprises at least one of the following steps: the method comprises the steps that a first terminal sends a first non-access stratum (NAS) message and/or first indication information to a network side, wherein the first NAS message is used for indicating a first operation, the first indication information is used for indicating the first operation, and the first operation comprises at least one of authentication, authentication and authorization; the first terminal receives fifth indication information sent by the network side, wherein the fifth indication information is used for indicating at least one of the following: allowing or disallowing the first operation; allowing or disallowing the first operation to be performed by a control plane of the network side; and allowing or not allowing the first operation to be executed through the user plane of the network side.

Description

Operation execution method, device, terminal and network function

Technical Field

The application belongs to the technical field of communication, and particularly relates to an operation execution method, an operation execution device, a terminal and a network function.

Background

The internet of things is a network covering various devices by utilizing the technologies of a sensor network, a radio frequency identification technology, wireless data communication and the like on the basis of the computer internet. In this network, devices may communicate with each other. The essence is that the devices communicate with each other through a wireless data link and a computer internet by utilizing radio frequency automatic identification (RFID) technology.

Along with the development of technology, the personal internet of things (Personal IoT Network, PIN) gradually appears on the basis of the internet of things, namely, a personal area network is built by taking a terminal as a center, the terminal and an operator network are pushed to be highly fused, good cooperation between the terminal and internet of things equipment is promoted, and the overall operation experience and the use quality of a user are improved. Among other things, internet of things devices generally refer to terminal devices for certain specific scenarios or specific services, such as smart home devices, smart utilities, electronic health and smart wearable devices, etc.

However, at present, no corresponding authentication related operation method is clarified for devices in the PIN, thereby reducing security of access of these devices to the PIN.

Disclosure of Invention

The embodiment of the application provides an operation execution method, an operation execution device, a terminal and a network function, which are used for realizing the authentication related operation of equipment in a PIN, thereby improving the security of accessing the PIN.

In a first aspect, there is provided an operation execution method, including:

The method comprises the steps that a first terminal sends a first non-access stratum (NAS) message and/or first indication information to a network side, wherein the first NAS message is used for indicating a first operation, the first indication information is used for indicating the first operation, and the first operation comprises at least one of authentication, authentication and authorization;

The first terminal receives fifth indication information sent by the network side, wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the network side;

and allowing or not allowing the first operation to be executed through the user plane of the network side.

In a second aspect, there is provided an operation execution method, including:

The first network function sends fifth indication information to the first terminal;

and/or the number of the groups of groups,

The first network function receives a first non-access stratum (NAS) message and/or first indication information sent by the first terminal, wherein the first non-access stratum (NAS) message is used for indicating the first operation, the first indication information is used for indicating the first operation, and the first operation comprises at least one of authentication, authentication and authorization;

The first network function performs at least one of the following in response to the first non-access stratum NAS message and/or the first indication information:

transmitting fifth indication information to the first terminal;

Instructing a second network function and the first terminal to perform the first operation;

Wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of a mobile network in which the first network function is located;

The first operation is allowed or not allowed to be performed by a user plane of the mobile network where the first network function is located.

In a third aspect, there is provided an operation execution method, including:

the third network function performs a second operation;

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

In a fourth aspect, there is provided an operation execution method including:

And the second terminal sends configuration information to the first terminal in the personal internet of things PIN.

In a fifth aspect, there is provided an operation execution method, including:

The fifth network function sends fourth indication information to the third network function, wherein the fourth indication information is used for indicating the third network function to execute a second operation;

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

In a sixth aspect, there is provided an operation performing device comprising:

A first sending module, configured to send a first non-access stratum NAS message and/or first indication information to a network side, where the first non-access stratum NAS message is used to indicate a first operation, and the first indication information is used to indicate the first operation, and the first operation includes at least one of authentication, and authorization;

the first receiving module is configured to receive fifth indication information sent by the network side, where the fifth indication information is used to indicate at least one of the following:

allowing or disallowing the first operation;

Allowing or disallowing the first operation to be performed by a control plane at the network side;

and allowing or not allowing the first operation to be executed through the user plane of the network side.

In a seventh aspect, there is provided an operation performing device comprising:

The second sending module is used for sending fifth indication information to the first terminal;

and/or the number of the groups of groups,

The second receiving module is configured to receive a first non-access stratum NAS message and/or first indication information sent by the first terminal, where the first non-access stratum NAS message is used to indicate the first operation, and the first indication information is used to indicate the first operation, and the first operation includes at least one of authentication, and authorization;

A first processing module, configured to perform at least one of the following in response to the first non-access stratum NAS message and/or the first indication information:

transmitting fifth indication information to the first terminal;

Instructing a second network function and the first terminal to perform the first operation;

Wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the mobile network;

the first operation is allowed or not allowed to be performed through the user plane of the mobile network.

An eighth aspect provides an operation execution device, comprising:

A second processing module for performing a second operation;

Wherein the second operation includes at least one of:

sending rule information of personal internet of things PIN to a first terminal;

And transmitting the session configuration information of the data protocol unit PDU to the first network function.

In a ninth aspect, there is provided an operation performing device comprising:

and the third sending module is used for sending the configuration information to the first terminal in the personal internet of things PIN.

In a tenth aspect, there is provided an operation performing device comprising:

a fourth sending module, configured to send fourth indication information to a third network function, where the fourth indication information is used to instruct the third network function to perform a second operation;

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

In an eleventh aspect, there is provided a terminal comprising a processor and a memory storing a program or instructions executable on the processor, which when executed by the processor, implement the steps of the method according to the first or fourth aspect.

In a twelfth aspect, there is provided a network function comprising a processor and a memory storing a program or instructions executable on the processor, which when executed by the processor, implement the steps of the method according to the second or third or fifth aspects.

In a thirteenth aspect, there is provided an operation execution system including: at least two of a first terminal operable to perform the steps of the operation performing method as set forth in the first aspect, a second terminal operable to perform the steps of the operation performing method as set forth in the fourth aspect, a first network function operable to perform the steps of the operation performing method as set forth in the second aspect, a second network function operable to perform the steps of the operation performing method as set forth in the third aspect, a third network function operable to perform the steps of the operation performing method as set forth in the third aspect, a fourth network function operable to perform the steps of the operation performing method as set forth in the fifth aspect, and a fifth network function operable to perform the steps of the operation performing method as set forth in any one of claims 1-46 in cooperation with at least one of the first terminal, the second terminal, the first network function, the third network function and the fifth network function.

In a fourteenth aspect, there is provided a readable storage medium having stored thereon a program or instructions which when executed by a processor implement the steps of the method of the first or second or third or fourth or fifth aspect.

In a fifteenth aspect, there is provided a chip comprising a processor and a communications interface, the communications interface being coupled to the processor, the processor being for running a program or instructions to implement a method as in the first or second or third or fourth or fifth aspects.

In a sixteenth aspect, there is provided a computer program/program product stored in a storage medium, the computer program/program product being executable by at least one processor to perform the steps of the method according to the first or second or third or fourth or fifth aspect.

In the embodiment of the application, the first terminal can send a first non-access stratum (NAS) message and/or first indication information to the network side, wherein the first NAS message is used for indicating a first operation, the first indication information is used for indicating the first operation, and the first operation comprises at least one of authentication, authentication and authorization; and/or the first terminal receives fifth indication information sent by the network side, wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the network side;

and allowing or not allowing the first operation to be executed through the user plane of the network side.

It can be seen that the first terminal may instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first NAS message, or instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first indication information, or instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first NAS message and the first indication information; the fifth indication information sent by the network side can also be received. Therefore, the operation execution method of the embodiment of the application can be adopted to perform at least one of authentication, authentication and authorization on the equipment in the PIN, namely the application definitely determines the operation of authentication, authentication and authorization in the PIN, thereby improving the security of accessing the PIN.

Drawings

Fig. 1 is a block diagram of a wireless communication system to which embodiments of the present application are applicable;

FIG. 2 is a flow chart of a method of performing operations in an embodiment of the application;

FIG. 3 is a flow chart of another method of performing operations in an embodiment of the application;

FIG. 4 is a flow chart of another method of performing operations in an embodiment of the application;

FIG. 5 is a flow chart of another method of performing operations in an embodiment of the application;

FIG. 6 is a flow chart of another method of performing operations in an embodiment of the application;

FIG. 7 is a flowchart of a first implementation of the operation execution method of the embodiment of the present application;

FIG. 8 is a flow chart of a second implementation of the operation execution method of the embodiment of the present application;

FIG. 9 is a flow chart of an operation performing device in an embodiment of the present application;

FIG. 10 is a flow chart of another operation performing device in an embodiment of the present application;

FIG. 11 is a flow chart of another operation performing device in an embodiment of the present application;

FIG. 12 is a flow chart of another operation performing device in an embodiment of the present application;

FIG. 13 is a flow chart of another operation performing device in an embodiment of the present application;

fig. 14 is a block diagram of a communication device in an embodiment of the present application;

fig. 15 is a block diagram of a terminal in an embodiment of the present application;

FIG. 16 is a block diagram of a network function in an embodiment of the application;

fig. 17 is a block diagram of another network function in an embodiment of the present application.

Detailed Description

The technical solutions of the embodiments of the present application will be clearly described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which are derived by a person skilled in the art based on the embodiments of the application, fall within the scope of protection of the application.

The terms first, second and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application are capable of operation in sequences other than those illustrated or otherwise described herein, and that the "first" and "second" distinguishing between objects generally are not limited in number to the extent that the first object may, for example, be one or more. Furthermore, in the description and claims, "and/or" means at least one of the connected objects, and the character "/" generally means a relationship in which the associated object is an "or" before and after.

It should be noted that the techniques described in the embodiments of the present application are not limited to long term evolution (Long Term Evolution, LTE)/LTE evolution (LTE-Advanced, LTE-a) systems, but may also be used in other wireless communication systems, such as code division multiple access (Code Division Multiple Access, CDMA), time division multiple access (Time Division Multiple Access, TDMA), frequency division multiple access (Frequency Division Multiple Access, FDMA), orthogonal frequency division multiple access (Orthogonal Frequency Division Multiple Access, OFDMA), single carrier frequency division multiple access (Single-carrier Frequency Division Multiple Access, SC-FDMA), and other systems. The terms "system" and "network" in embodiments of the application are often used interchangeably, and the techniques described may be used for both the above-mentioned systems and radio technologies, as well as other systems and radio technologies. The following description describes a New Radio (NR) system for exemplary purposes and NR terminology is used in much of the following description, but these techniques may also be applied to applications other than NR system applications, such as 6 th Generation (6G) communication systems.

Fig. 1 shows a block diagram of a wireless communication system to which an embodiment of the present application is applicable. The wireless communication system comprises a terminal 11 and a network function 12. The terminal 11 may be a Mobile phone, a tablet Computer (Tablet Personal Computer), a Laptop (Laptop Computer) or a terminal-side device called a notebook, a Personal digital assistant (Personal DIGITAL ASSISTANT, PDA), a palm Computer, a netbook, an ultra-Mobile Personal Computer (ultra-Mobile Personal Computer, UMPC), a Mobile internet appliance (Mobile INTERNET DEVICE, MID), an augmented reality (augmented reality, AR)/Virtual Reality (VR) device, a robot, a wearable device (Wearable Device), a vehicle-mounted device (VUE), a pedestrian terminal (PUE), a smart home (home device with a wireless communication function, such as a refrigerator, a television, a washing machine, a furniture, etc.), a game machine, a Personal Computer (Personal Computer, a PC), a teller machine, or a self-service machine, etc., and the wearable device includes: intelligent wrist-watch, intelligent bracelet, intelligent earphone, intelligent glasses, intelligent ornament (intelligent bracelet, intelligent ring, intelligent necklace, intelligent anklet, intelligent foot chain etc.), intelligent wrist strap, intelligent clothing etc.. It should be noted that the specific type of the terminal 11 is not limited in the embodiment of the present application. The network function 12 may comprise an access network device or a core network device, wherein the access network device 12 may also be referred to as a radio access network device, a radio access network (Radio Access Network, RAN), a radio access network function, or a radio access network element. Access network device 12 may include a base station, a WLAN access Point, a WiFi node, or the like, which may be referred to as a node B, an evolved node B (eNB), an access Point, a base transceiver station (Base Transceiver Station, BTS), a radio base station, a radio transceiver, a Basic service set (Basic SERVICE SET, BSS), an Extended service set (Extended SERVICE SET, ESS), a home node B, a home evolved node B, a transmission and reception Point (TRANSMITTING RECEIVING Point, TRP), or some other suitable terminology in the art, and the base station is not limited to a particular technical vocabulary so long as the same technical effect is achieved, and it should be noted that in the embodiment of the present application, only a base station in an NR system is described as an example, and the specific type of the base station is not limited.

The core network device may include, but is not limited to, at least one of: core network nodes, core network functions, mobility management entities (Mobility MANAGEMENT ENTITY, MME), access Mobility management functions (ACCESS AND Mobility Management Function, AMF), session management functions (Session Management Function, SMF), user plane functions (User Plane Function, UPF), policy control functions (Policy Control Function, PCF), policy and Charging Rules Function (PCRF), edge application service discovery functions (Edge Application Server Discovery Function, EASDF), unified data management (Unified DATA MANAGEMENT, UDM), unified data warehousing (Unified Data Repository, UDR), home subscriber server (Home Subscriber Server, HSS), centralized network configuration (Centralized network configuration, CNC), network storage functions (Network Repository Function, NRF), network opening functions (Network Exposure Function, NEF), local NEF (Local NEF, or L-NEF), binding support functions (Binding Support Function, BSF), application functions (Application Function, AF), and the like. It should be noted that, in the embodiment of the present application, only the core network device in the NR system is described as an example, and the specific type of the core network device is not limited.

The following describes in detail the operation execution method provided by the embodiment of the present application through some embodiments and application scenarios thereof with reference to the accompanying drawings.

In a first aspect, referring to fig. 2, a flowchart of an operation performing method according to an embodiment of the present application may include the following steps 201 and/or 202:

step 201: and the first terminal sends a first non-access stratum (NAS) message and/or first indication information to the network side.

Here, the first terminal may send a first non-access stratum NAS message and/or first indication information to the first network function, where the first terminal may be, for example, a gateway-capable terminal, i.e., a gateway terminal (PIN ELEMENT WITH GATEWAY Capability, PEGC); the first network function may be, for example, a session management function (Session Management Function, SMF) or an access and mobility management function (ACCESS AND Mobility Management Function, AMF).

The first non-access stratum NAS message is used for indicating a first operation, and the first indication information is used for indicating the first operation. It can be known that, in the embodiment of the present application, the first terminal may send a first NAS message to a network side (for example, the first network function) to instruct the network side to perform a first operation (i.e., trigger the network side to perform the first operation through one NAS message); or may send first indication information to the network side, to instruct the network side to perform the first operation (i.e., instruct the network side device to perform the first operation through one indication information); or the first NAS message and the first indication information may also be sent to the network side, to instruct the network side to perform the first operation (that is, instruct the network side to perform the first operation through one NAS message and one indication information), where the first NAS message and the first indication information may be independent, or the first indication information may be carried in the first NAS message.

In addition, the first operation includes at least one of:

Authentication (authentication), authorization (authorization).

Step 202: and the first terminal receives fifth indication information sent by the network side.

Wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the network side;

and allowing or not allowing the first operation to be executed through the user plane of the network side.

Optionally, before the step 201 or 202, the method further includes:

the first terminal interacts with the network side to establish a PDU session;

The step 202 "the first terminal receives the fifth indication information sent by the network side", includes:

The first terminal receives a PDU (protocol data unit) session establishment/modification confirmation message sent by the network side, wherein the PDU session establishment/modification confirmation message carries the fifth indication information.

That is, the network side may carry the fifth indication information in a PDU session acknowledgement message, and send the PDU session acknowledgement message to the first terminal.

Optionally, the step 202 "the first terminal receives the fifth indication information sent by the network side" includes:

and the first terminal receives the fifth indication information sent by the network side in response to the first non-access stratum (NAS) message and/or the first indication information.

It can be known that, after receiving the PDU session establishment/modification request message sent by the first terminal, the network side carries the fifth indication information in a PDU session establishment acknowledgement/modification acknowledgement message and sends the PDU session establishment/modification request message to the first terminal so as to inform the first terminal whether the first terminal allows the first operation; the fifth indication information may also be sent to the first terminal after the network side receives the first non-access stratum NAS message and/or the first indication information sent by the first terminal, so as to inform the first terminal whether the first terminal allows the first operation.

As can be seen from the foregoing steps 201 to 202, in the embodiment of the present application, the first terminal may send a first non-access stratum NAS message and/or first indication information to the network side, where the first non-access stratum NAS message is used to indicate a first operation, and the first indication information is used to indicate the first operation, and the first operation includes at least one of authentication, and authorization; and/or the first terminal receives fifth indicating information sent by the network side, wherein the fifth indicating information is used for at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the network side;

and allowing or not allowing the first operation to be executed through the user plane of the network side.

It can be seen that the first terminal may instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first NAS message, or instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first indication information, or instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first NAS message and the first indication information; the fifth indication information sent by the network side can also be received. Therefore, the operation execution method of the embodiment of the application can be adopted to perform at least one of authentication, authentication and authorization on the equipment in the PIN, thereby improving the security of accessing the PIN.

It should be noted that the above-mentioned first terminal may also satisfy the following case one or the following case two:

case one: the first terminal may also have the functionality of a personal internet of things device (PIN ELEMENT, PINE) and gateway capabilities, i.e. PEGC and PINE may be combined into one device.

And a second case: the first terminal may not have the capability of PINE, for example, the first terminal only has the gateway capability, that is, PEGC is set independently from PINE.

Optionally, in the above case one, in the step 201 "before the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side", the method further includes:

the first terminal interacts with the network side to establish a protocol data unit, PDU, session.

The first terminal formed by combining the PEGC and the pin can also establish a PDU session with the network side before sending the first non-access stratum NAS message and/or the first indication information to the network side.

Before the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side, if the PDU session is established, the subsequent first terminal may send the first non-access stratum NAS message to the network side by using a modification procedure of the subsequent PDU session.

Optionally, the first non-access stratum NAS message is a PDU session modification request. That is, in the foregoing case one, the first terminal may send the PDU modification request as a first NAS message to the network side to trigger the network side to perform the first operation.

Optionally, the first indication information includes at least one of the following items a-1 to a-3:

a-1: an instruction for instructing to perform the first operation;

a-2: information of the first terminal;

A-3: and information of a second network function, wherein the second network function is used for executing the first operation.

Wherein, the information of the first terminal may include at least one of an identification, an IP address, and a MAC address.

The A-1 item indicates that the first terminal can display and instruct the network side to perform a first operation;

The item a-2 indicates that the first terminal may implicitly instruct the network side to perform the first operation through information of the first terminal.

For example, when the first indication information received by the network side and sent by the first terminal includes the indication for indicating to perform the first operation, it may be determined that the first operation needs to be performed on the first terminal according to the display indication content; when the first indication information sent by the first terminal is received by the network side and comprises the information of the first terminal, the first operation on the first terminal can be determined through the implicit indication content.

In the above item a-3, the second network function may be, for example, an external data network authentication authorization center (AAA), i.e. the first terminal may also inform the network side which network function performs the first operation.

Optionally, in the second case, the sending, by the first terminal, the first non-access stratum NAS message and/or the first indication information to the network side includes:

And when or after the connection is established between the first terminal and the first device, the first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side.

Here, the first device may be a PINE.

I.e. the first terminal instructs the network side to perform the first operation, either at the time of or after the connection between the first terminal and the first device is established.

Optionally, when or after the connection is established between the first terminal and the first device, the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side, including:

The first terminal receives a first message sent by the first device or receives a sixth message sent by the second terminal;

The first terminal responds to the first message or the sixth message and sends the first non-access stratum (NAS) message and/or the first indication information to the network side;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a personal internet of things PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

the sixth message is used for indicating the first terminal or the first device to communicate with the second network function;

The second network function is configured to perform the first operation.

When the first message is used for indicating to establish the connection between the first device and the first terminal, the first message may be a connection request sent by the first device to the first terminal, or may be a connection request sent by the first terminal to the first device.

As can be seen from the above, when the first terminal receives the first message sent by the first device, the first terminal may be triggered to send the first non-access stratum NAS message and/or the first indication information to the network side device, so that the network side performs the first operation on the first device; or when the first terminal receives the sixth message sent by the second terminal, the first terminal may be triggered to send the first non-access stratum NAS message and/or the first indication information to the network side device, so that the network side performs the first operation on the first device.

Optionally, the first non-access stratum NAS message is a PDU session modification request or a PDU session establishment request. That is, in the foregoing second case, the first terminal may send the PDU modification request or the PDU session establishment request as the first NAS message to the network side to trigger the network side to perform the first operation.

Optionally, the first indication information includes at least one of the following items B-1 to B-4:

b-1: an instruction for instructing to perform the first operation;

b-2: information of the first device;

B-3: information of the first terminal;

b-4: and information of a second network function, wherein the second network function is used for executing the first operation.

Wherein, the information of the first terminal can comprise at least one of an identification, an IP address and a MAC address; the information of the first device may include at least one of an identification, an IP address, a MAC address.

The B-1 item indicates that the first terminal can display and instruct the network side to perform a first operation;

the item B-2 indicates that the first terminal can implicitly instruct the network side to perform the first operation through the information of the first device;

The item B-3 indicates that the first terminal can implicitly instruct the network side to perform the first operation through the information of the first terminal; .

For example, when the first indication information received by the network side and sent by the first terminal includes the indication for indicating to perform the first operation, it may be determined that the first operation needs to be performed on the device that sends the first message to the first terminal (i.e., the first device) according to the display indication content; when the network side receives that the first indication information sent by the first terminal comprises the information of the first device, the first operation on the first device can be determined through the implicit indication content; when the first indication information sent by the first terminal is received by the network side and includes the information of the first terminal, the first operation on the device (i.e., the first device) that sends the first message to the first terminal can also be determined through the implicit indication content.

In the above item B-4, the second network function may be, for example, an external data network authentication authorization center (AAA), i.e., the first terminal may also inform the network side which network function performs the first operation.

Optionally, after the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side, the method further includes:

the first terminal receives second indication information sent by the network side, wherein the second indication information is used for indicating a result of the first operation:

The first terminal executes at least one of the following C-1 to C-3 according to the second indication information:

c-1: allowing or rejecting a first message sent by a first device and received by the first terminal;

C-2: allowing or denying processing of data to the first device;

c-3: allowing or reserving or releasing the connection of the first terminal and the first device;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

After receiving the first non-access stratum NAS message and/or the first indication information, the network side executes a first operation on the first device according to the indication of the first non-access stratum NAS message and/or the first indication information, so as to return a result of executing the first operation to the first terminal, and thus, the first terminal can execute at least one of the C-1 item to the C-3 item according to the result of executing the first operation.

Optionally, the method further comprises:

The first terminal performs at least one of the following G-1 to G-according to the fifth instruction information:

g-1: executing or stopping executing the first operation;

G-2: transmitting or stopping transmitting sixth indication information to the second network function, where the sixth indication information is used to instruct the second network function to execute the first operation;

G-3: sending or stopping sending a fourth message to the second network function, wherein the fourth message is related to executing the first operation;

G-4: receiving or stopping receiving a fifth message from the second network function, wherein the fifth message is related to executing the first operation;

g-5: allowing or rejecting a first message sent by a first device and received by the first terminal;

G-6: allowing or denying processing of data to the first device;

g-7: allowing or reserving or releasing the connection of the first terminal and the first device;

Wherein the first message is used to indicate at least one of:

establishing connection between the first equipment and the first terminal, accessing the PIN where the first terminal is located, communicating with the network side and communicating with the second network function.

The above G-1 term represents: when the fifth indication information indicates that the first operation is allowed, or the first operation is allowed to be performed through a control plane of the network side, or the first operation is allowed to be performed through a user plane of the network side, the first terminal performs the first operation; when the fifth indication information does not allow the first operation, or does not allow the first operation to be performed through the control plane of the network side, or does not allow the first operation to be performed through the user plane of the network side, the first terminal stops performing the first operation.

The above G-2 term represents: when the fifth indication information indicates that the first operation is allowed or the first operation is allowed to be executed through the control plane of the network side or the first operation is allowed to be executed through the user plane of the network side, the first terminal sends the sixth indication information to the second network function; when the fifth indication information indicates that the first operation is not allowed, or the first operation is not allowed to be executed through the control plane of the network side, or the first operation is not allowed to be executed through the user plane of the network side, the first terminal stops sending the sixth indication information to the second network function;

The above G-3 term represents: when the fifth indication information indicates that the first operation is allowed, or the first operation is allowed to be executed through a control plane of the network side, or the first operation is allowed to be executed through a user plane of the network side, the first terminal sends a fourth message to the second network function; when the fifth indication information indicates that the first operation is not allowed, or the first operation is not allowed to be executed through the control plane of the network side, or the first operation is not allowed to be executed through the user plane of the network side, the first terminal stops sending the fourth message to the second network function;

The above G-4 term represents: receiving a fifth message from the second network function when the fifth indication information indicates that the first operation is allowed, or that the first operation is allowed to be performed through the control plane of the network side, or that the first operation is allowed to be performed through the user plane of the network side; stopping receiving the fifth message from the second network function when the fifth indication information indicates that the first operation is not allowed, or the first operation is not allowed to be performed through the control plane of the network side, or the first operation is not allowed to be performed through the user plane of the network side;

The above G-5 term represents: when the fifth indication information indicates that the first operation is allowed, or the first operation is allowed to be performed through a control plane of the network side, or the first operation is allowed to be performed through a user plane of the network side, allowing a first message received by the first terminal and sent by the first device; rejecting a first message sent by a first device and received by a first terminal when the fifth indication information indicates that the first operation is not allowed, or that the first operation is not allowed to be performed through a control plane of a network side, or that the first operation is not allowed to be performed through a user plane of the network side;

The above G-6 term represents: when the fifth indication information indicates that the first operation is allowed, or the first operation is allowed to be performed through a control plane of the network side, or the first operation is allowed to be performed through a user plane of the network side, allowing processing of data of the first device; when the fifth indication information indicates that the first operation is not allowed, or the first operation is not allowed to be performed through the control plane of the network side, or the first operation is not allowed to be performed through the user plane of the network side, the processing of the data of the first device is refused;

The above G-7 term represents: when the fifth indication information indicates that the first operation is allowed, or the first operation is allowed to be performed through a control plane of the network side, or the first operation is allowed to be performed through a user plane of the network side, allowing or reserving connection between the first terminal and the first device; and when the fifth indication information indicates that the first operation is not allowed, or the first operation is not allowed to be performed through the control plane of the network side, or the first operation is not allowed to be performed through the user plane of the network side, releasing the connection of the first terminal and the first device.

Optionally, the first terminal receives the second indication information sent by the network side, including:

The first terminal receives a second NAS message sent by the network side, wherein the second NAS message carries the second indication information.

That is, the network side may carry second indication information for indicating a result of performing the first operation in the second NAS message, and send the second NAS message to the first terminal.

Optionally, the second indication information satisfies at least one of the following items D-1 to D-2:

d-1: indicating the result of the first operation by an identification or name of the second NAS message;

D-1: the result of the first operation is indicated by a cause value.

The above item D-1 represents the identity or name of a second, different NAS message, indicating the result of the first, different operation.

Optionally, the indicating, by the identifier or the name of the second NAS message, the result of the first operation includes at least one of:

Indicating that the first operation is successful by a PDU session modification acknowledgement message or a PDU session establishment acknowledgement message;

indicating that the first operation fails by a PDU session modification rejection message or a PDU session establishment rejection message.

If the second NAS message sent to the first terminal by the network side is a PDU session modification confirmation message or a PDU session establishment confirmation message, the first operation is successfully executed; if the second NAS message sent to the first terminal by the network side is a PDU session modification refusal message or a PDU session establishment refusal message, the first operation execution failure is indicated.

Namely, when the network side successfully executes the first operation, a PDU session modification confirmation message or a PDU session establishment confirmation message is returned to the first terminal; and when the network side fails to execute the first operation, returning a PDU session modification refusal message or a PDU session establishment refusal message to the first terminal.

The above-mentioned D-2 item indicates a result indicating a different first operation through the cause value display.

Optionally, the result of the first operation is indicated by a cause value, including at least one of the following indications:

a failure cause value and/or a failure indication for indicating that the first operation failed;

a success cause value and/or a success indication for indicating that the first operation was successful;

Indicating that the first operation is successful if the failure cause value and/or failure indication is not included in the second NAS message;

and indicating that the first operation fails in the case that the success reason value and/or the success indication are not included in the second NAS message.

If the second NAS message sent by the network side comprises a failure reason value and/or a failure indication, the first operation fails to be executed; if the second NAS message sent by the network side does not include the failure cause value and/or the failure indication, the first operation is successfully executed.

Or if the second NAS message sent by the network side comprises a success reason value and/or a success indication, the first operation is successfully executed; if the second NAS message sent by the network side does not include the success reason value and/or the success indication, the first operation fails to be executed.

Or if the second NAS message sent by the network side comprises a failure reason value and/or a failure indication, the first operation fails to be executed; if the second NAS message sent by the network side comprises a success reason value and/or a success indication, the first operation is successfully executed.

Optionally, the method further comprises at least one of:

the first terminal receives a second message from the network side and sends the second message to the first device;

the first terminal receives a third message from the first device and sends the third message to the network side;

the second message and the third message are messages related to the execution of the first operation, that is, the second message and the third message are messages that the first device needs to interact with the network side when the first operation is executed.

Therefore, in the process of executing the first operation by the network side, the first terminal can also forward the interaction message for the first device and the network side.

For example, if the network side needs to request the identification information of the first device in the first process, the network side may send a second message for requesting the identification information of the first device to the first terminal, so that the first terminal sends the second message to the first device, and further, the first device returns a third message carrying the identification information of the first device to the first terminal, and the first terminal returns the third message to the network side.

Optionally, the second message is an extensible authentication protocol (Extensible authentication protocol, EAP) message, and the third message is an EAP message.

In addition, the specific implementation manner of the step 201 may be as follows:

mode one: optionally, the method further comprises:

the first terminal receives rule information sent by the network side;

The first terminal sends a first non-access stratum NAS message and/or first indication information to a network side, and the first terminal comprises:

and the first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side according to the rule information.

It is known that the first terminal may send the first non-access stratum NAS message and/or the first indication information according to rule information sent by the network side, i.e. the third network function, e.g. the policy control function entity (Policy Control Function, PCF).

Optionally, the rule information is used to indicate at least one of the following E-1 to E-2 items:

E-1: the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

e-2: at least one first target device requires the first operation or does not require the first operation.

The target PIN is one of the PINs created by the second terminal; the first target device is a device which needs to access a personal networking PIN or a mobile network where the third network function is located through the first terminal.

The E-1 item above indicates that the rule information may indicate, for the PIN, whether the first operation needs to be performed, i.e. whether the first operation needs to be performed with the PIN as granularity.

The above E-2 item indicates that rule information may also indicate, for each PINE, whether the first operation needs to be performed, that is, whether the first operation needs to be performed with the PINE as granularity.

Wherein after the second terminal (e.g. management terminal (PIN ELEMENT WITH MANAGEMENT Capability, PEMC)) creates a PIN, the fifth network function (e.g. application function (Application Function, AF)) may be notified that it creates a PIN, and indicate whether the first operation needs to be applied to the PIN and/or indicate whether a PIN needs to be applied to the first operation, so that the fifth network function notifies the third network function (e.g. PCF) whether the first operation needs to be applied to the PIN and/or indicates whether a PIN needs to be applied to the first operation, so that rule information for indicating the E-1 item and/or E-2 item is generated by the third network function.

Optionally, the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side according to the rule information, where the first indication information includes at least one of the following:

The first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side under the condition that the rule information indicates that the first equipment needs the first operation;

in the case that the rule information indicates that the first operation needs to be applied to the target PIN and at least one of the following conditions H-1 to H-4 is satisfied, the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side:

h-1: the first non-access stratum (NAS) message and/or the first indication information is/are related to the target PIN;

h-2: the connection between the first terminal and the first device is associated with the target PIN;

H-3: the first message sent by the first device and received by the first terminal is related to the target PIN;

h-4: the first device being associated with the target PIN;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

It can be appreciated that, in the case where the rule information indicates that the first operation does not need to be applied to the target PIN, or the conditions of H-1 to H-4 are not satisfied, the first terminal does not send the first non-access stratum NAS message and/or the first indication information to the network side;

And under the condition that the rule information indicates that the first equipment does not need the first operation, the first terminal does not send the first non-access stratum (NAS) message and/or the first indication information to the network side.

In a second mode, optionally, the method further includes:

the first terminal receives configuration information sent by the second terminal;

The first terminal sends a first non-access stratum NAS message and/or first indication information to a network side, and the first terminal comprises:

and the first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side according to the configuration information.

It is known that the first terminal may send the first non-access stratum NAS message and/or the first indication information according to configuration information sent by the second terminal (e.g., PEMC).

Optionally, the configuration information is used to indicate at least one of the following items F-1 to F-2:

F-1: the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

f-2: at least one second target device requires the first operation or does not require the first operation.

The target PIN is one of the PINs created by the second terminal; the second target device is a device which needs to access the personal internet of things PIN or a mobile network through the first terminal.

The above-mentioned F-1 item indicates that the configuration information may indicate, for the PIN, whether the first operation needs to be performed, i.e. whether the first operation needs to be performed with the PIN as granularity.

The above F-2 item indicates that the configuration information may also indicate, for each PINE, whether the first operation needs to be performed, that is, indicate, with the PINE as granularity, whether the first operation needs to be performed.

Wherein the second terminal may indicate to the first terminal after creating the PIN whether the first operation needs to be applied to the PIN and/or whether a PIN needs the first operation.

Optionally, if the configuration information indicates that the first device needs the first operation, the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side;

in the case that the configuration information indicates that the first operation needs to be applied to the target PIN and at least one of the following conditions L-1 to L-4 is satisfied, the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side:

l-1 term: the first non-access stratum (NAS) message and/or the first indication information is/are related to the target PIN;

l-2: the connection between the first terminal and the first device is associated with the target PIN;

l-3: the first message sent by the first device and received by the first terminal is related to the target PIN;

L-4: the first device being associated with the target PIN;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

It can be appreciated that, in the case where the configuration information indicates that the first operation does not need to be applied to the target PIN, or the conditions L-1 to L-4 are not satisfied, the first terminal does not send the first non-access stratum NAS message and/or the first indication information to the network side;

and under the condition that the configuration information indicates that the first equipment does not need the first operation, the first terminal does not send the first non-access stratum (NAS) message and/or the first indication information to the network side.

In a third aspect, optionally, the method further includes:

the first terminal receives the rule information of the PIN sent by the network side;

the first terminal receives configuration information sent by the second terminal;

The first terminal sends a first non-access stratum NAS message and/or first indication information to a network side, and the first terminal comprises:

and the first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side according to the rule information and the configuration information.

The first terminal can send the first non-access stratum NAS message and/or the first indication information according to the rule information sent by the network side and the configuration information sent by the second terminal.

Here, the content indicated by the rule information may be referred to as the first mode, and the content indicated by the configuration information may be referred to as the second mode. I.e. both rule information and configuration information may be indicative of PIN granularity as described earlier, as well as PIN granularity.

Optionally, the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side according to the rule information and the configuration information, including:

And sending the first non-access stratum (NAS) message and/or the first indication information to the network side according to one of the predetermined rule information and the configuration information with higher priority.

Here, when one of the rule information and the configuration information with higher priority is the rule information, a specific manner of sending the first non-access stratum NAS message and/or the first indication information to the network side according to the rule information is the same as the first manner; when one of the rule information and the configuration information with higher priority is the configuration information, a specific manner of sending the first non-access stratum NAS message and/or the first indication information to the network side according to the configuration information is the same as the foregoing manner two, and will not be described herein again.

Optionally, the method further comprises:

and under the condition that the second indication information indicates that the first operation is successful, the first terminal sends the information of the first equipment to the network side.

It can be seen that, when the first operation is successfully performed by the network side, the first terminal may also send information of the first device to the network side (e.g., the first network function).

Wherein the information of the first device may comprise address information (e.g. IP address) of the first device.

In a second aspect, an embodiment of the present application provides an operation performing method, as shown in fig. 3, the method may include the following steps 301 and/or 302 and 303:

Step 301: the first network function sends fifth indication information to the first terminal.

Wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of a mobile network in which the first network function is located;

The first operation is allowed or not allowed to be performed by a user plane of the mobile network where the first network function is located.

Optionally, before step 301, the method further includes:

the first network function interacts with a first terminal to establish a PDU session;

Step 301 "the first network function sends fifth indication information" to the first terminal, including:

The first network function sends a PDU session establishment/modification confirmation message to the first terminal, wherein the PDU session establishment/modification confirmation message carries the fifth indication information.

I.e. the first network function may send the fifth indication information described above to the first terminal carried in a PDU session establishment/modification confirm message.

Step 302: and the first network function receives a first non-access stratum (NAS) message and/or first indication information sent by the first terminal.

The first non-access stratum NAS message is configured to indicate the first operation, and the first indication information is configured to indicate the first operation, where the first operation includes at least one of authentication, and authorization.

Here, the first terminal may send a first non-access stratum NAS message and/or first indication information to the first network function, where the first terminal may be, for example, a gateway-capable terminal, i.e., a gateway terminal (PIN ELEMENT WITH GATEWAY Capability, PEGC); the first network function may be, for example, a session management function (Session Management Function, SMF) or an access and mobility management function (ACCESS AND Mobility Management Function, AMF).

In addition, the first non-access stratum NAS message is used to indicate a first operation, and the first indication information is used to indicate the first operation. It can be known that, in the embodiment of the present application, the first terminal may send a first NAS message to a network side (for example, the first network function) to instruct the network side to perform a first operation (i.e., trigger the network side to perform the first operation through one NAS message); or may send first indication information to the network side, to instruct the network side to perform the first operation (i.e., instruct the network side device to perform the first operation through one indication information); or the first NAS message and the first indication information may also be sent to the network side, to instruct the network side to perform the first operation (that is, instruct the network side to perform the first operation through one NAS message and one indication information), where the first NAS message and the first indication information may be independent, or the first indication information may be carried in the first NAS message.

In addition, the first operation includes at least one of:

Authentication (authentication), authentication (attestation/identification), authorization (authorization).

Step 303: the first network function performs at least one of the following in response to the first non-access stratum NAS message and/or the first indication information:

transmitting fifth indication information to the first terminal;

And instructing a second network function and the first terminal to perform the first operation.

As can be seen from the foregoing, the first network function may send the first terminal with the fifth indication information carried in the PDU session establishment/modification confirmation message after receiving the PDU session establishment/modification request message sent by the first terminal, so as to inform the first terminal whether the first terminal allows the first operation; the fifth indication information may also be sent to the first terminal after the first network function receives the first non-access stratum NAS message and/or the first indication information sent by the first terminal, so as to inform the first terminal whether the first terminal allows the first operation.

As can be seen from the foregoing steps 301 to 302, in the embodiment of the present application, the first network function is capable of receiving a first NAS message and/or first indication information sent by the first terminal, so as to send fifth indication information and/or instruct the second network function and the first terminal to perform a first operation in response to the first NAS message and/or the first indication information; and/or the first network function sends fifth indication information to the first terminal; the first non-access stratum NAS message is used for indicating a first operation, the first indication information is used for indicating the first operation, the first operation comprises at least one of authentication, authentication and authorization, and the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of a mobile network in which the first network function is located;

The first operation is allowed or not allowed to be performed by a user plane of the mobile network where the first network function is located.

It can be seen that the first terminal may instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first NAS message, or instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first indication information, or instruct the network side to perform at least one operation of authentication, authentication and authorization by sending the first NAS message and the first indication information; the fifth indication information sent by the network side can also be received. Therefore, the operation execution method of the embodiment of the application can be adopted to perform at least one of authentication, authentication and authorization on the equipment in the PIN, thereby improving the security of accessing the PIN.

Optionally, in a case where the first network function instructs a second network function and the first terminal to perform the first operation, the method further includes:

The first network function receives third indication information sent by the second network function, wherein the third indication information is used for indicating a result of the first operation;

And the first network function sends second indication information to the first terminal according to the third indication information, wherein the second indication information is used for indicating the result of the first operation.

The second network function is used for executing the first operation, after the second network function executes the first operation, third indication information for indicating the result of the first operation can be returned to the first network function, and then the first network function returns second indication information for indicating the result of the first operation to the first terminal according to the third indication information.

It should be noted that the above-mentioned first terminal may also satisfy the following case one or the following case two:

case one: the first terminal may also have the functionality of a personal internet of things device (PIN ELEMENT, PINE) and gateway capabilities, i.e. PEGC and PINE may be combined into one device.

And a second case: the first terminal may not have the capability of PINE, for example, the first terminal only has the gateway capability, that is, PEGC is set independently from PINE.

Optionally, in the above case one, before the first network function receives the first non-access stratum NAS message and/or the first indication information sent by the first terminal in step 302, the method further includes:

the first network function interacts with the first terminal to establish a protocol data unit, PDU, session.

The first terminal formed by combining the PEGC and the pin can also establish a PDU session with the network side before sending the first non-access stratum NAS message and/or the first indication information to the network side.

Before the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side, if the PDU session is established, the subsequent first terminal may send the first non-access stratum NAS message to the network side by using a modification procedure of the subsequent PDU session.

Optionally, the first non-access stratum NAS message is a PDU session modification request. That is, in the foregoing case one, the first terminal may send the PDU modification request as a first NAS message to the network side to trigger the network side to perform the first operation.

Optionally, the first indication information includes at least one of the following items a-1 to a-3:

a-1: an instruction for instructing to perform the first operation;

a-2: information of the first terminal;

A-3: and information of a second network function, wherein the second network function is used for executing the first operation.

The relevant descriptions of items A-1 to A-3 are referred to in the foregoing, and will not be repeated here.

Optionally, in the second case, the first indication information includes at least one of the following items B-1 to B-4:

b-1: an instruction for instructing to perform the first operation;

b-2: information of the first device;

B-3: information of the first terminal;

b-4: and information of a second network function, wherein the second network function is used for executing the first operation.

The relevant descriptions of items B-1 to B-4 are referred to above, and will not be repeated here.

Optionally, the first non-access stratum NAS message is a PDU session modification request or a PDU session establishment request. That is, in the foregoing second case, the first terminal may send the PDU modification request or the PDU session establishment request as the first NAS message to the network side to trigger the network side to perform the first operation.

Optionally, the first network function sends second indication information to the first terminal according to the third indication information, including:

And the first network function sends a second NAS message to the first terminal according to the third indication information, wherein the second NAS message carries the second indication information.

That is, the first network function may carry second indication information for indicating a result of performing the first operation in the second NAS message, and transmit the second NAS message to the first terminal.

Optionally, the second indication information satisfies at least one of the following items D-1 to D-2:

d-1: indicating the result of the first operation by an identification or name of the second NAS message;

D-1: the result of the first operation is indicated by a cause value.

The above item D-1 represents the identity or name of a second, different NAS message, indicating the result of the first, different operation.

Optionally, the indicating, by the identifier or the name of the second NAS message, the result of the first operation includes at least one of:

Indicating that the first operation is successful by a PDU session modification acknowledgement message or a PDU session establishment acknowledgement message;

indicating that the first operation fails by a PDU session modification rejection message or a PDU session establishment rejection message.

If the second NAS message sent to the first terminal by the network side is a PDU session modification confirmation message or a PDU session establishment confirmation message, the first operation is successfully executed; if the second NAS message sent to the first terminal by the network side is a PDU session modification refusal message or a PDU session establishment refusal message, the first operation execution failure is indicated.

Namely, when the network side successfully executes the first operation, a PDU session modification confirmation message or a PDU session establishment confirmation message is returned to the first terminal; and when the network side fails to execute the first operation, returning a PDU session modification refusal message or a PDU session establishment refusal message to the first terminal.

The above-mentioned D-2 item indicates a result indicating a different first operation through the cause value display.

Optionally, the result of the first operation is indicated by a cause value, including at least one of the following indications:

a failure cause value and/or a failure indication for indicating that the first operation failed;

a success cause value and/or a success indication for indicating that the first operation was successful;

Indicating that the first operation is successful if the failure cause value and/or failure indication is not included in the second NAS message;

and indicating that the first operation fails in the case that the success reason value and/or the success indication are not included in the second NAS message.

If the second NAS message sent by the network side comprises a failure reason value and/or a failure indication, the first operation fails to be executed; if the second NAS message sent by the network side does not include the failure cause value and/or the failure indication, the first operation is successfully executed.

Or if the second NAS message sent by the network side comprises a success reason value and/or a success indication, the first operation is successfully executed; if the second NAS message sent by the network side does not include the success reason value and/or the success indication, the first operation fails to be executed.

Or if the second NAS message sent by the network side comprises a failure reason value and/or a failure indication, the first operation fails to be executed; if the second NAS message sent by the network side comprises a success reason value and/or a success indication, the first operation is successfully executed.

Optionally, the method further comprises at least one of:

The first network function receives a second message forwarded by the first terminal for the first device;

The first network function sends a third message to the first terminal to enable the first terminal to forward the third message to the first device;

the second message and the third message are messages related to the execution of the first operation, that is, the second message and the third message are messages that the first device needs to interact with the network side when the first operation is executed.

It is known that, in the process of the first network function executing the first operation, the first terminal may also forward the interaction message for the first device and the first network function.

For example, if the first network function needs to request the identification information of the first device during the execution of the first process, the first network function may send a second message for requesting the identification information of the first device to the first terminal, so that the first terminal sends the second message to the first device, and further, the first device returns a third message carrying the identification information of the first device to the first terminal, and the first terminal returns the third message to the first network function.

Optionally, in the foregoing step 303, the first network function instructs the second network function to perform the first operation, including:

The first network function sends identification information of the first device to the second network function to instruct the second network function to perform the first operation.

Optionally, the first network function instructs a second network function and the first terminal to perform the first operation in response to the first non-access stratum NAS message, including at least one of the following V-1 to V-5:

V-1 term: the first network function instructs the second network function and the first terminal to perform the first operation based on the PDU session related information in the first non-access stratum NAS message;

V-2 term: the first network function instructs the second network function and the first terminal to perform the first operation based on the PDU session related information in the first non-access stratum NAS message and first association information of the PDU session related information and a PIN instance or session;

V-3: the first network function instructs the second network function and the first terminal to perform the first operation based on the PIN instance or session related information in the first non-access stratum NAS message;

V-4: the first network function instructs the second network function and the first terminal to perform the first operation based on the PDU session related information and the PIN service instruction information in the first non-access stratum NAS message;

V-5: the first network function instructs the second network function and the first terminal to perform the first operation based on the PDU session related information in the first non-access stratum NAS message and second association information of the PDU session related information and PIN service.

The above item V-1 indicates that if the PDU session related information in the first non-access stratum NAS message is specific information, the first network function instructs the second network function and the first terminal to perform the first operation, and if not, does not instruct the second network function and the first terminal to perform the first operation. Here, the PDU session related information may include at least one of PDU session identification, data network name (Data Network Name, DNN), network tile selection assistance information (Single Network Slice Selection Assistance Information, S-NSSAI). For example, the PDU session identifier and the specific identifier in the first NAS message, the first network function instructs the second network function and the first terminal to perform the first operation.

The above V-2 term represents: the first association information includes a PIN instance or session corresponding to PDU session related information in the first non-access stratum NAS message, and the first network function instructs the second network function and the first terminal to perform the first operation, otherwise does not instruct the second network function and the first terminal to perform the first operation. Here, the PDU session related information may include at least one of PDU session identification, DNN, S-NSSAI. For example, when a PIN instance or session corresponding to the PDU session identifier in the first NAS message exists in the first association information, the first network function instructs the second network function and the first terminal to perform the first operation.

The above V-3 term represents: the first non-access stratum NAS message includes PIN instance or session related information, and the first network function instructs the second network function and the first terminal to perform the first operation, otherwise does not instruct the second network function and the first terminal to perform the first operation. Here, the PIN instance or session related information may include a PIN instance or session identification.

The above V-4 term represents: the first non-access stratum NAS message has indication information indicating that PDU session related information is related to PIN service (i.e. related to PIN service, but not related to other services such as telephone service, video service, etc.), and the first network function indicates the second network function and the first terminal to perform the first operation, otherwise does not indicate the second network function and the first terminal to perform the first operation. Here, the PDU session related information may include at least one of PDU session identification, DNN, S-NSSAI.

The above V-5 term represents: the second association information indicates that the PDU session related information in the first non-access stratum NAS message is related to PIN service (which is related to PIN service, but not related to other services such as telephone service, video service, etc.), then the first network function instructs the second network function and the first terminal to perform the first operation, otherwise does not instruct the second network function and the first terminal to perform the first operation. Here, the PDU session related information may include at least one of PDU session identification, DNN, S-NSSAI. For example, when the PIN service corresponding to the PDU session identifier in the first NAS message exists in the second association information, the first network function instructs the second network function and the first terminal to perform the first operation.

It may be appreciated that the first network function may further instruct the second network function and the first terminal to perform the first operation according to information of the sending device of the received first NAS message. For example, in case the first NAS message is sent by a gateway-capable device (i.e. in case the first terminal is a gateway-capable terminal), the first network function instructs the second network function and the first terminal to perform the first operation; in case the first NAS message is not sent by a gateway-capable device (i.e. in case the first terminal is not a gateway-capable terminal), the first network function does not instruct the second network function and the first terminal to perform the first operation.

Optionally, the method further comprises:

The first network function is aware of at least one of the following from the third network function:

The first association information;

the second association information.

Here the third network function may be PCF or UDM.

Optionally, the method further comprises:

the first network function receives information of a first device sent by the first terminal under the condition that the second indication information indicates that the first operation is successful;

The first device is a device which needs to access a PIN or a network where the first network function is located through the first terminal.

It can be seen that, when the first operation is successfully performed by the network side, the first terminal may also send information of the first device to the network side (e.g., the first network function).

Wherein the information of the first device may comprise address information (e.g. IP address) of the first device.

Optionally, the method further comprises:

And under the condition that the first network function knows the message filtering rule and the message filtering rule is related to the first equipment, the first network function configures a fourth network function by using the message filtering rule.

Here, the fourth network function may be, for example, a user plane function (User Port Function, UPF).

In a third aspect, an embodiment of the present application further provides an operation execution method, as shown in fig. 4, where the method includes the following step 401:

step 401: the third network function performs a second operation.

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

Here, the third network function may be, for example, PCF or UDM.

Optionally, the rule information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

at least one first target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

the first target device is a device which needs to access a personal networking PIN or a mobile network where the third network function is located through the first terminal.

Optionally, the PDU session configuration information includes at least one of:

PDU conversation related information and PIN instance or first association information of conversation;

the PDU session related information is associated with the second information of the PIN service.

After receiving the rule information, the first terminal may send the first NAS message and/or the first indication information to the first network function according to the rule information, where a specific sending manner may be described in the foregoing, and details are not repeated herein.

After receiving the PDU session configuration information, the first network function may instruct the second network function and the first terminal to perform the first operation according to the PDU session configuration information (i.e., the first association information and/or the second association information), and the specific implementation manner may be referred to in the foregoing, which is not described herein again.

Optionally, before the third network function performs the second operation, the method further includes:

The third network function acquires fourth indication information, wherein the fourth indication information is used for indicating the third network function to execute the second operation;

The third network function performs the second operation, including:

And the third network function executes the second operation according to the fourth indication information.

Optionally, the third network function learns fourth indication information, including:

The third network function receives the fourth indication information sent by the fifth network function.

Here the fifth network function may be AF.

After the second terminal (for example, the management terminal (PIN ELEMENT WITH MANAGEMENT capabilities, PEMC)) creates a PIN, the fifth network function (for example, the application function (Application Function, AF)) may be notified that it creates a PIN, and indicates that the first operation needs to be applied to the PIN, so that the fifth network function sends the fourth indication information to the third network function again, and further triggers the third network function to execute the second operation.

In a fourth aspect, an embodiment of the present application further provides an operation execution method, as shown in fig. 5, where the method may include the following step 501:

step 501: and the second terminal sends configuration information to the first terminal in the personal internet of things PIN.

Here, the second terminal may be, for example, PEMC, and the first terminal may be, for example, PEGC.

Optionally, the configuration information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

At least one second target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

The second target device is a device which needs to access the personal internet of things PIN or a mobile network through the first terminal.

In addition, after receiving the configuration information, the first terminal may send the first NAS message and/or the first indication information to the first network function according to the configuration information, where a specific sending manner may be described in the foregoing, and details are not repeated herein.

In a fifth aspect, an embodiment of the present application further provides an operation performing method, as shown in fig. 6, where the method may include the following step 601:

step 601: the fifth network function sends fourth indication information to the third network function.

Here the fifth network function may be AF.

The fourth indication information is used for indicating the third network function to execute a second operation;

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

Optionally, the rule information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

at least one first target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

the first target device is a device which needs to access a personal networking PIN or a mobile network where the third network function is located through the first terminal.

Optionally, the PDU session configuration information includes at least one of:

PDU conversation related information and PIN instance or first association information of conversation;

the PDU session related information is associated with the second information of the PIN service.

After receiving the rule information, the first terminal may send the first NAS message and/or the first indication information to the first network function according to the rule information, where a specific sending manner may be described in the foregoing, and details are not repeated herein.

After receiving the PDU session configuration information, the first network function may instruct the second network function and the first terminal to perform the first operation according to the PDU session configuration information (i.e., the first association information and/or the second association information), and the specific implementation manner may be referred to in the foregoing, which is not described herein again.

In summary, the specific implementation manner of the operation execution method according to the embodiment of the present application may be as described in the following one or two embodiments.

Embodiment one: as shown in fig. 7, steps 71 to 716 are included (illustrated by way of example as the first operation described above includes authentication and/or authorization).

Step 71: the PEMC creates a PIN, may inform the AF that a PIN was created, and may indicate whether 5G core network assisted authentication and/or authorization is required to access the PIN.

The PEMC may query the PIN for device information (e.g., the PEMC queries the PIN for device information when the PIN accesses the PIN) to learn whether the PIN has credentials (or not), thereby indicating to the AF that the PIN requires 5G core network-assisted authentication and/or authorization when such PIN is added to a PIN when the PIN has credentials. Here, the credentials are authentication information.

Step 72: the AF may inform the PCF directly or through the NEF: whether the PIN requires 5G core network assisted authentication and/or authorization.

Step 73: after knowing whether the PIN requires authentication and/or authorization assisted by the 5G core network, the PCF generates rule information, so that the rule information is sent to each PEGC in the PIN through the AMF.

Wherein the rule information is used for indicating: whether 5G core network assisted authentication and/or authorization is required to access the PIN.

Step 74: the first PIN connects the PEGC to access the PIN (e.g., the first PIN sends a connection request to the PEGC).

Step 75: if the rule information obtained by the PEGC indicates that the PIN requires authentication and/or authorization assisted by the 5G core network, configuration information is obtained from the PEMC, wherein the configuration information is used for indicating: whether at least one PINE requires 5G core network assisted authentication and/or authorization.

Step 76: if the configuration information indicates that the first PINE needs authentication and/or authorization assisted by the 5G core network, the PEGC sends a first NAS message to the SMF, wherein the first NAS message carries an indication for indicating authentication and/or authorization; if the configuration information indicates that the first PINE does not require core network assisted authentication and/or authorization, the PEGC does not send the first NAS message to the SMF.

Wherein the first NAS message may be a PDU session modification request (PDU Session Modification Request) or a PDU session establishment request (PDU Session Establishment Request).

Step 77: if the SMF receives the first NAS message, determining, according to information related to the first NAS message, whether the first pin needs to perform authentication and/or authorization, so as to execute the following step 78 when determining whether the first pin needs to perform authentication and/or authorization;

wherein the related information of the first NAS message includes at least one of the following:

PDU session related information (e.g., PDU session identity, DNN, S-NASSAI) in the first NAS message;

PDU conversation related information and PIN instance or first association information of conversation;

PIN instance or session related information (e.g., PIN identification) in the first NAS message;

PDU session related information and PIN traffic indication information in the first NAS message (i.e. indicating that PDU session related information in the first NAS message is related to PIN traffic);

the PDU conversation related information and the second related information of PIN business;

Information of a device that sent the first NAS message.

Step 78: the SMF sends a first EAP message to the PEGC, so that the PEGC forwards the first EAP message to the PINE, wherein the first EAP message is used for requesting the ID of the PINE; the first EAP message may be an EAP identity (EAP IDENTITY) in an EAP Request (EAP Request);

Step 79: the PINE sends a second EAP message to the PEGC, so that the PEGC forwards the first EAP message to the SMF, wherein the second EAP message carries the ID of the PINE; the second EAP message may be an EAP identity (EAP IDENTITY) in an EAP Response (EAP Response);

Step 710: the SMF sends a second EAP message to an external data network authentication authorization center (AAA).

Step 711: authentication and/or authorization procedures are completed between the AAA and the PINE through SMF, UPF, and PEGC interaction EAP messages (e.g., EAP Request, EAP Response).

Step 712: if authentication and/or authorization is successful, the AAA sends an EAP Success (EAP-Success message) to the SMF (e.g., through UPF).

Step 713: if the SMF receives the EAP-Success message, the SMF sends a PDU session establishment acknowledgement (PDU Session Establishment Ack) or a PDU session modification acknowledgement (PDU Session Modification Ack) to the PEGC, otherwise a PDU session establishment rejection (PDU Session Establishment Reject) or a PDU session modification rejection (PDU Session Modification Reject).

Wherein, at least one of an indication of success of authentication and/or authorization, a cause value of success of authentication and/or authorization may be carried in PDU Session Establishment Ack or PDU Session Modification Ack;

At least one of an indication of authentication and/or authorization failure, a cause value of authentication and/or authorization failure may also be carried in PDU Session Establishment Reject or PDU Session Modification Reject above.

Step 714: if the PEGC receives PDU Session Establishment Ack or PDU Session Modification Ack, the PEGC allows the first PIN connection to access the PIN, otherwise the PEGC denies the connection of the first PIN.

Step 715: if the PEGC receives PDU Session Establishment Ack or PDU Session Modification Ack, the PEGC may also send the IP address of the first PINE to the SMF.

Step 716: the SMF may authorize the communication configuration of the PIN (including the message filtering rules) based on the received IP address of the first PIN, such as accepting the message filtering rules associated with the first PIN (i.e., accepting the message filtering rules including the IP address of the PIN).

Wherein in this embodiment, the SMF may be replaced by an AMF, and the UPF may be replaced by an authentication service function (AUSF); or in alternative embodiments may not involve UPFs or AUSF.

Embodiment two: as shown in fig. 8, the following steps 81 to 811 are included.

Step 81: the PEGC establishes a PDU Session, initiates a PDU Session establishment request (PDU Session Establishment Request).

Step 82: the SMF returns a PDU session establishment confirm (PDU Session Establishment Ack) message carrying fifth indication information, the first operation including at least one of authentication, authorization.

Wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of a mobile network in which the SMF is located;

the first operation is allowed or not allowed to be performed by the user plane of the mobile network where the SMF is located.

Step 83: the first PIN connects the PEGC to access the PIN (e.g., the first PIN sends a connection request to the PEGC).

Step 84: the PEMC creates a PIN and may inform the AF that a PIN was created. The PEMC may send a communication request (Communication Request) message to the PEGC indicating that the PEGC or certain pins need to perform the first operation.

If the fifth indication information in the step 82 indicates that the first operation is not allowed, or that an operation is not allowed to be performed through the control plane of the mobile network where the SMF is located, or that the first operation is not allowed to be performed through the user plane of the mobile network where the SMF is located, the following step is stopped, otherwise, the following step is performed.

Step 85: the PEGC sends PDU Session Modification Request to the SMF, and may carry at least one of first indication information, information of the first pin, information of the PEGC, and information of the AAA, where the first indication information is used to indicate to perform the first operation.

Step 86: the SMF returns PDU Session Modification Ack a message if the first operation is allowed, or the AAA in step 85 is allowed to perform the first operation, or the PEGC or the first pin in step 85 is allowed to perform the first operation with the AAA, otherwise returns PDU Session Modification Reject a message, and may carry indication information for indicating that the first operation is not allowed.

Step 87: if the first operation is allowed, the PEGC may send a first EAP message to the first PINE requesting the ID of the first PINE; the first EAP message may be an EAP identity (EAP IDENTITY) in an EAP Request (EAP Request);

step 88: the PINE sends a second EAP message to the PEGC, carrying the ID of the first PINE; the second EAP message may be an EAP identity (EAP IDENTITY) in an EAP Response (EAP Response).

Step 89: the PEGC transmits the ID of the first pin through a user-oriented external data network authentication authorization center (AAA) of the 5G system.

Step 810: the AAA and the PINE perform the first operation through PEGC interworking EAP messages (e.g., EAP Request, EAP Response).

Step 811: if the first operation is successful, the AAA sends an EAP-Success message to the PEGC, otherwise, it sends an EAP-Failure message. If the PEGC receives EAP-Success, the first PIN connection is allowed to access the PIN, otherwise the PEGC denies the connection of the first PIN.

Wherein in this embodiment, the SMF may be replaced by an AMF, and the UPF may be replaced by an authentication service function (AUSF); or in alternative embodiments may not involve UPFs or AUSF.

It should be noted that only the main content or the related message related to each step is shown in fig. 7 and fig. 8, and specific reference may be made to the foregoing detailed description of each step.

Furthermore, the first embodiment and the second embodiment are only two implementations of the embodiment of the present application, that is, the specific implementation of the operation execution method of the embodiment of the present application is not limited thereto, but may be various possible combinations of the foregoing.

According to the operation execution method provided by the embodiment of the application, the execution main body can be an operation execution device. In the embodiment of the present application, an operation executing device executes an operation executing method by using an operation executing device as an example, and the operation executing device provided in the embodiment of the present application is described.

In a sixth aspect, an embodiment of the present application provides an operation performing device applied to a first terminal, as shown in fig. 9, the operation performing device 90 includes the following modules:

A first sending module 901, configured to send a first non-access stratum NAS message and/or first indication information to a network side, where the first non-access stratum NAS message is used to indicate a first operation, and the first indication information is used to indicate the first operation, and the first operation includes at least one of authentication, and authorization;

a first receiving module 902, configured to receive fifth indication information sent by the network side, where the fifth indication information is used to indicate at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the network side;

And allowing or not allowing the first operation to be executed through the user plane of the network side. .

Optionally, the apparatus further includes:

A first establishing module, configured to interact with the network side to establish a protocol data unit PDU session before the first sending module 901 sends a first non-access stratum NAS message and/or first indication information to the network side.

Optionally, the first non-access stratum NAS message is a PDU session modification request.

Optionally, the first indication information includes at least one of the following:

an instruction for instructing to perform the first operation;

information of the first terminal;

and information of a second network function, wherein the second network function is used for executing the first operation.

Optionally, the first sending module 901 includes:

and the first sending submodule is used for sending the first non-access stratum (NAS) message and/or the first indication information to the network side by the first terminal when or after the connection is established between the first terminal and the first equipment.

Optionally, the first sending sub-module is specifically configured to:

Receiving a first message sent by the first equipment or receiving a sixth message sent by the second terminal;

responding to the first message or the sixth message, and sending the first non-access stratum (NAS) message and/or the first indication information to the network side;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a personal internet of things PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

the sixth message is used for indicating the first terminal or the first device to communicate with the second network function;

The second network function is configured to perform the first operation.

Optionally, the first indication information includes at least one of the following:

an instruction for instructing to perform the first operation;

information of the first device;

information of the first terminal;

Information of a second network function, the second network function being used to perform the first operation.

Optionally, the apparatus further includes:

A third receiving module, configured to receive second indication information sent by the network side after the first sending module 901 sends a first non-access stratum NAS message and/or first indication information to the network side, where the second indication information is used to indicate a result of the first operation:

the third processing module is used for executing at least one of the following according to the second indication information:

Allowing or rejecting a first message sent by a first device and received by the first terminal;

Allowing or denying processing of data to the first device;

allowing or reserving or releasing the connection of the first terminal and the first device;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

Optionally, the apparatus further includes:

a fourth processing module, configured to execute at least one of the following according to the fifth instruction information:

Executing or stopping executing the first operation;

Transmitting or stopping transmitting sixth indication information to the second network function, where the sixth indication information is used to instruct the second network function to execute the first operation;

sending or stopping sending a fourth message to the second network function, wherein the fourth message is related to executing the first operation;

Receiving or stopping receiving a fifth message from the second network function, wherein the fifth message is related to executing the first operation;

allowing or rejecting a first message sent by a first device and received by the first terminal;

Allowing or denying processing of data to the first device;

allowing or reserving or releasing the connection of the first terminal and the first device;

Wherein the first message is used to indicate at least one of:

establishing connection between the first equipment and the first terminal, accessing the PIN where the first terminal is located, communicating with the network side and communicating with the second network function.

Optionally, the first receiving module 902 is specifically configured to:

and receiving a second NAS message sent by the network side, wherein the second NAS message carries the second indication information.

Optionally, the second indication information satisfies at least one of the following:

indicating the result of the first operation by an identification or name of the second NAS message;

The result of the first operation is indicated by a cause value.

Optionally, the indicating, by the identifier or the name of the second NAS message, the result of the first operation includes at least one of:

Indicating that the first operation is successful by a PDU session modification acknowledgement message or a PDU session establishment acknowledgement message;

indicating that the first operation fails by a PDU session modification rejection message or a PDU session establishment rejection message.

Optionally, the result of the first operation is indicated by a cause value, including at least one of the following indications:

a failure cause value and/or a failure indication for indicating that the first operation failed;

a success cause value and/or a success indication for indicating that the first operation was successful;

Indicating that the first operation is successful if the failure cause value and/or failure indication is not included in the second NAS message;

and indicating that the first operation fails in the case that the success reason value and/or the success indication are not included in the second NAS message.

Optionally, the apparatus further comprises at least one module of:

The first forwarding module is used for receiving a second message from the network side and sending the second message to the first equipment;

the second forwarding module is used for receiving a third message from the first equipment and sending the third message to the network side;

wherein the second message and the third message are messages involved in performing the first operation, respectively.

Optionally, the second message is an extensible authentication protocol EAP message, and the third message is an EAP message.

Optionally, the first non-access stratum NAS message is a PDU session modification request or a PDU session establishment request.

Optionally, the apparatus further includes:

A fourth receiving module, configured to receive rule information sent by the network side;

The first transmitting module includes:

And the second sending submodule is used for sending the first non-access stratum (NAS) message and/or the first indication information to the network side according to the rule information.

Optionally, the rule information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

At least one first target device requires the first operation or does not require the first operation.

Optionally, the second sending sub-module is specifically configured to perform at least one of the following:

Sending the first non-access stratum (NAS) message and/or the first indication information to the network side under the condition that the rule information indicates that the first equipment needs the first operation;

If the rule information indicates that the first operation needs to be applied to the target PIN, and at least one of the following conditions is met, sending the first non-access stratum NAS message and/or the first indication information to the network side:

The first non-access stratum (NAS) message and/or the first indication information is/are related to the target PIN;

The connection between the first terminal and the first device is associated with the target PIN;

the first message sent by the first device and received by the first terminal is related to the target PIN;

the first device being associated with the target PIN;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

Optionally, the apparatus further includes:

A fifth receiving module, configured to receive configuration information sent by the second terminal;

the first transmitting module 901 includes:

And the third sending submodule is used for sending the first non-access stratum NAS message and/or the first indication information to the network side by the first terminal according to the configuration information.

Optionally, the configuration information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

at least one second target device requires the first operation or does not require the first operation.

Optionally, the third sending sub-module is specifically configured to perform at least one of the following:

Sending the first non-access stratum (NAS) message and/or the first indication information to the network side under the condition that the configuration information indicates that the first equipment needs the first operation;

if the configuration information indicates that the first operation needs to be applied to the target PIN, and at least one of the following conditions is met, sending the first non-access stratum NAS message and/or the first indication information to the network side:

The first non-access stratum (NAS) message and/or the first indication information is/are related to the target PIN;

The connection between the first terminal and the first device is associated with the target PIN;

the first message sent by the first device and received by the first terminal is related to the target PIN;

the first device being associated with the target PIN;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

Optionally, the apparatus further includes:

and a fifth sending module, configured to send information of the first device to the network side when the second indication information indicates that the first operation is successful.

Optionally, the first terminal is a terminal with gateway capability.

The operation executing device in the embodiment of the application may be an electronic device, for example, an electronic device with an operating system, or may be a component in an electronic device, for example, an integrated circuit or a chip. The electronic device may be a terminal, which may include, but is not limited to, the types of terminals 11 listed above, and embodiments of the present application are not particularly limited.

The operation executing device provided by the embodiment of the present application can implement each process implemented by the method embodiment of fig. 2, and achieve the same technical effects, and in order to avoid repetition, a detailed description is omitted here.

In a seventh aspect, an embodiment of the present application provides an operation performing device applied to a first network function, as shown in fig. 10, the operation performing device 100 includes the following modules:

A second transmitting module 1001, configured to transmit fifth indication information to the first terminal;

and/or the number of the groups of groups,

A second receiving module 1002, configured to receive a first non-access stratum NAS message and/or first indication information sent by the first terminal, where the first non-access stratum NAS message is used to indicate the first operation, and the first indication information is used to indicate the first operation, and the first operation includes at least one of authentication, and authorization;

a first processing module 1003, configured to perform at least one of the following in response to the first non-access stratum NAS message and/or the first indication information:

transmitting fifth indication information to the first terminal;

Instructing a second network function and the first terminal to perform the first operation;

Wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the mobile network;

the first operation is allowed or not allowed to be performed through the user plane of the mobile network.

Optionally, the apparatus further includes:

A sixth receiving module, configured to receive third indication information sent by the second network function when the first network function indicates that a second network function and the first terminal perform the first operation, where the third indication information is used to indicate a result of the first operation;

and the sixth sending module is used for sending second indicating information to the first terminal according to the third indicating information, wherein the second indicating information is used for indicating the result of the first operation.

Optionally, the apparatus further includes:

And the second establishing module is used for interacting with the first terminal to establish a protocol data unit PDU session before the first network function receives the first non-access stratum NAS message and/or the first indication information sent by the first terminal.

Optionally, the first non-access stratum NAS message is a PDU session modification request.

Optionally, the first indication information includes at least one of the following:

an instruction for instructing to perform the first operation;

information of the first terminal;

information of the second network function.

Optionally, the first indication information includes at least one of the following:

an instruction for instructing to perform the first operation;

The information of the first equipment, wherein the first equipment is equipment which needs to access personal networking PIN or a network where the first network function is located through the first terminal;

information of the first terminal;

information of the second network function.

Optionally, the first non-access stratum NAS message is a PDU session modification request or a PDU session establishment request.

Optionally, the sixth sending module is specifically configured to:

and sending a second NAS message to the first terminal according to the third indication information, wherein the second NAS message carries the second indication information.

Optionally, the second indication information satisfies at least one of the following:

indicating the result of the first operation by an identification or name of the second NAS message;

The result of the first operation is indicated by a cause value.

Optionally, the indicating, by the identifier or the name of the second NAS message, the result of the first operation includes at least one of:

Indicating that the result of the first operation is successful by a PDU session modification acknowledgement or a PDU session establishment acknowledgement;

The first operation failure is indicated by a PDU session modification rejection message or a PDU session establishment rejection.

Optionally, the result of the first operation is indicated by a cause value, including at least one of the following indications:

a failure cause value and/or a failure indication for indicating that the first operation failed;

a success cause value and/or a success indication for indicating that the first operation was successful;

Indicating that the first operation is successful if the failure cause value and/or failure indication is not included in the second NAS message;

and indicating that the first operation fails in the case that the success reason value and/or the success indication are not included in the second NAS message.

Optionally, the first processing module is configured to instruct, in response to the first NAS message, a second network function and the first terminal to perform the first operation, and specifically is configured to perform at least one of:

Based on the PDU session related information in the first non-access stratum NAS message, the second network function and the first terminal are instructed to perform the first operation;

based on the PDU session related information in the first non-access stratum NAS message and the first related information of the PDU session related information and the PIN instance or session, indicating the second network function and the first terminal to perform the first operation;

Indicating the second network function and the first terminal to perform the first operation based on the PIN instance or session related information in the first non-access stratum NAS message;

Indicating the second network function and the first terminal to perform the first operation based on PDU session related information and PIN service indication information in the first non-access stratum NAS message;

and indicating the second network function and the first terminal to perform the first operation based on the PDU session related information in the first non-access stratum NAS message and the second association information of the PDU session related information and the PIN service.

Optionally, the apparatus further includes:

A fifth processing module for learning from the third network function at least one of:

The first association information;

the second association information.

Optionally, the apparatus further includes:

a seventh receiving module, configured to receive information of the first device sent by the first terminal, where the second instruction information indicates that the first operation is successful;

The first device is a device which needs to access a PIN or a network where the first network function is located through the first terminal.

Optionally, the apparatus further includes:

the configuration module is configured to configure a fourth network function by using the message filtering rule when the first network function obtains the message filtering rule and the message filtering rule is related to the first device.

The operation executing device in the embodiment of the application may be an electronic device, for example, an electronic device with an operating system, or may be a component in an electronic device, for example, an integrated circuit or a chip. The electronic device may be a network function. By way of example, the network functions may include, but are not limited to, the types of network functions 12 listed above, and embodiments of the present application are not particularly limited.

The operation executing device provided by the embodiment of the present application can implement each process implemented by the method embodiment of fig. 3, and achieve the same technical effects, and in order to avoid repetition, a detailed description is omitted here.

In an eighth aspect, an embodiment of the present application provides an operation performing device applied to a third network function, as shown in fig. 11, the operation performing device 110 includes the following modules:

A second processing module 1101 for performing a second operation;

Wherein the second operation includes at least one of:

sending rule information of personal internet of things PIN to a first terminal;

And transmitting the session configuration information of the data protocol unit PDU to the first network function.

Optionally, the rule information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

at least one first target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

the first target device is a device which needs to access a personal networking PIN or a mobile network where the third network function is located through the first terminal.

Optionally, the PDU session configuration information includes at least one of:

PDU conversation related information and PIN instance or first association information of conversation;

the PDU session related information is associated with the second information of the PIN service.

Optionally, the apparatus further includes:

a sixth processing module, configured to learn fourth instruction information before the second processing module 1101 performs the second operation, where the fourth instruction information is used to instruct the third network function to perform the second operation;

the second processing module 1101 is specifically configured to:

and executing the second operation according to the fourth indication information.

Optionally, the sixth processing module is specifically configured to:

The third network function receives the fourth indication information sent by the fifth network function.

The operation executing device in the embodiment of the application may be an electronic device, for example, an electronic device with an operating system, or may be a component in an electronic device, for example, an integrated circuit or a chip. The electronic device may be a network function, which may include, but is not limited to, the types of network functions 12 listed above, as an example, and embodiments of the application are not particularly limited.

The operation executing device provided by the embodiment of the present application can implement each process implemented by the method embodiment of fig. 4, and achieve the same technical effects, and in order to avoid repetition, a detailed description is omitted here.

In a ninth aspect, an embodiment of the present application provides an operation performing device applied to a second terminal, as shown in fig. 12, the operation performing device 120 includes the following modules:

And the third sending module 1201 is configured to send the configuration information to the first terminal in the PIN of the personal internet of things.

And the first terminal in the personal internet of things PIN created by the second terminal equipment sends configuration information.

Optionally, the configuration information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

At least one second target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

The second target device is a device which needs to access the personal internet of things PIN or a mobile network through the first terminal.

The operation executing device in the embodiment of the application may be an electronic device, for example, an electronic device with an operating system, or may be a component in an electronic device, for example, an integrated circuit or a chip. The electronic device may be a terminal, which may include, but is not limited to, the types of terminals 11 listed above, and embodiments of the present application are not particularly limited.

The operation executing device provided by the embodiment of the present application can implement each process implemented by the method embodiment of fig. 5, and achieve the same technical effects, and in order to avoid repetition, a detailed description is omitted here.

In a tenth aspect, an embodiment of the present application provides an operation performing device applied to a fifth network function, as shown in fig. 13, the operation performing device 130 includes the following modules:

A fourth sending module 1301, configured to send fourth indication information to a third network function, where the fourth indication information is used to instruct the third network function to perform a second operation;

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

Optionally, the rule information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

at least one first target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

the first target device is a device which needs to access a personal networking PIN or a mobile network where the third network function is located through the first terminal.

Optionally, the PDU session configuration information includes at least one of:

PDU conversation related information and PIN instance or first association information of conversation;

the PDU session related information is associated with the second information of the PIN service.

The operation execution method in the embodiment of the application can be an electronic device, for example, an electronic device with an operating system, or can be a component in the electronic device, for example, an integrated circuit or a chip. The electronic device may be a network function, which may include, but is not limited to, the types of network functions 12 listed above, as an example, and embodiments of the application are not particularly limited.

The operation executing device provided by the embodiment of the present application can implement each process implemented by the method embodiment of fig. 6, and achieve the same technical effects, and in order to avoid repetition, a detailed description is omitted here.

Optionally, as shown in fig. 14, the embodiment of the present application further provides a communication device 1400, including a processor 1401 and a memory 1402, where the memory 1402 stores a program or instructions that can be executed on the processor 1401, for example, when the communication device 1400 is a terminal, the program or instructions implement the steps of the embodiment of the operation execution method when executed by the processor 1401, and achieve the same technical effects. When the communication device 1400 is a network function, the program or the instructions when executed by the processor 1401 implement the steps of the above embodiment of the operation execution method, and achieve the same technical effects, and are not repeated here.

The embodiment of the application also provides a terminal, as shown in fig. 14, which is a schematic diagram of a hardware structure of the terminal for implementing the embodiment of the application.

The terminal 1400 includes, but is not limited to: at least part of the components of the radio frequency unit 1401, the network module 1402, the audio output unit 1403, the input unit 1404, the sensor 1405, the display unit 1406, the user input unit 1407, the interface unit 1408, the memory 1409, the processor 1410, and the like.

Those skilled in the art will appreciate that terminal 1400 may also include a power source (e.g., a battery) for powering the various components, which may be logically connected to processor 1410 by a power management system so as to perform functions such as managing charging, discharging, and power consumption by the power management system. The terminal structure shown in fig. 14 does not constitute a limitation of the terminal, and the terminal may include more or less components than shown, or may combine certain components, or may be arranged in different components, which will not be described in detail herein.

It should be appreciated that in embodiments of the present application, the input unit 1404 may include a graphics processing unit (Graphics Processing Unit, GPU) 14041 and a microphone 14042, with the graphics processor 14041 processing image data of still pictures or video obtained by an image capture device (e.g., a camera) in a video capture mode or an image capture mode. The display unit 1406 may include a display panel 14061, and the display panel 14061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 1407 includes at least one of a touch panel 14071 and other input devices 14072. The touch panel 14071 is also referred to as a touch screen. The touch panel 14071 may include two parts, a touch detection device and a touch controller. Other input devices 14072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and so forth, which are not described in detail herein.

In the embodiment of the present application, after receiving downlink data from a network function, the radio frequency unit 1401 may transmit the downlink data to the processor 1410 for processing; in addition, the radio frequency unit 1401 may transmit uplink data to the network function. In general, the radio frequency unit 1401 includes, but is not limited to, an antenna, an amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like.

Memory 1409 may be used to store software programs or instructions and various data. The memory 1409 may mainly include a first memory area storing programs or instructions and a second memory area storing data, wherein the first memory area may store an operating system, application programs or instructions (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like. Further, the memory 1409 may include volatile memory or nonvolatile memory, or the memory 1409 may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM), static random access memory (STATIC RAM, SRAM), dynamic random access memory (DYNAMIC RAM, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate Synchronous dynamic random access memory (Double DATA RATE SDRAM, DDRSDRAM), enhanced Synchronous dynamic random access memory (ENHANCED SDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCH LINK DRAM, SLDRAM), and Direct random access memory (DRRAM). Memory 1409 in embodiments of the application includes, but is not limited to, these and any other suitable types of memory.

Processor 1410 may include one or more processing units; optionally, the processor 1410 integrates an application processor that primarily processes operations involving an operating system, user interface, application programs, etc., and a modem processor that primarily processes wireless communication signals, such as a baseband processor. It will be appreciated that the modem processor described above may not be integrated into the processor 1410.

In a first aspect, when the terminal 1400 is used as a first terminal, the radio frequency unit 1401 is configured to send a first non-access stratum NAS message and/or first indication information to a network side, where the first non-access stratum NAS message is used to indicate a first operation, and the first indication information is used to indicate the first operation, and the first operation includes at least one of authentication, and authorization;

the radio frequency unit 1401 is also configured to: receiving fifth indication information sent by the network side, wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the network side;

And allowing or not allowing the first operation to be executed through the user plane of the network side. .

Optionally, before the radio frequency unit 1401 sends the first non-access stratum NAS message and/or the first indication information to the network side, the processor 1410 is configured to: and interacting with the network side to establish a protocol data unit PDU session.

Optionally, the first non-access stratum NAS message is a PDU session modification request.

Optionally, the first indication information includes at least one of the following:

an instruction for instructing to perform the first operation;

information of the first terminal;

and information of a second network function, wherein the second network function is used for executing the first operation.

Optionally, the radio frequency unit 1401 sends a first NAS message and/or first indication information to the network side, which is specifically configured to:

And when or after the connection between the first terminal and the first device is established, sending the first non-access stratum (NAS) message and/or the first indication information to the network side.

Optionally, when or after the connection is established between the first terminal and the first device, the radio frequency unit 1401 sends the first NAS message and/or the first indication information to the network side, which is specifically configured to:

Receiving a first message sent by the first equipment or receiving a sixth message sent by the second terminal;

responding to the first message or the sixth message, and sending the first non-access stratum (NAS) message and/or the first indication information to the network side;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a personal internet of things PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

the sixth message is used for indicating the first terminal or the first device to communicate with the second network function;

The second network function is configured to perform the first operation.

Optionally, the first indication information includes at least one of the following:

an instruction for instructing to perform the first operation;

information of the first device;

information of the first terminal;

Information of a second network function, the second network function being used to perform the first operation.

Optionally, after the radio frequency unit 1401 sends the first non-access stratum NAS message and/or the first indication information to the network side, the radio frequency unit is further configured to:

Receiving second indication information sent by the network side, wherein the second indication information is used for indicating a result of the first operation:

the processor 1410 is also configured to: according to the second indication information, at least one of the following is executed:

Allowing or rejecting a first message sent by a first device and received by the first terminal;

Allowing or denying processing of data to the first device;

allowing or reserving or releasing the connection of the first terminal and the first device;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

Optionally, the processor 1410 is further configured to:

according to the fifth indication information, at least one of the following is performed:

Executing or stopping executing the first operation;

Transmitting or stopping transmitting sixth indication information to the second network function, where the sixth indication information is used to instruct the second network function to execute the first operation;

sending or stopping sending a fourth message to the second network function, wherein the fourth message is related to executing the first operation;

Receiving or stopping receiving a fifth message from the second network function, wherein the fifth message is related to executing the first operation;

allowing or rejecting a first message sent by a first device and received by the first terminal;

Allowing or denying processing of data to the first device;

allowing or reserving or releasing the connection of the first terminal and the first device;

Wherein the first message is used to indicate at least one of:

establishing connection between the first equipment and the first terminal, accessing the PIN where the first terminal is located, communicating with the network side and communicating with the second network function.

Optionally, the radio frequency unit 1401 receives the second indication information sent by the network side, which is specifically configured to:

and receiving a second NAS message sent by the network side, wherein the second NAS message carries the second indication information.

Optionally, the second indication information satisfies at least one of the following:

indicating the result of the first operation by an identification or name of the second NAS message;

The result of the first operation is indicated by a cause value.

Optionally, the indicating, by the identifier or the name of the second NAS message, the result of the first operation includes at least one of:

Indicating that the first operation is successful by a PDU session modification acknowledgement message or a PDU session establishment acknowledgement message;

indicating that the first operation fails by a PDU session modification rejection message or a PDU session establishment rejection message.

Optionally, the result of the first operation is indicated by a cause value, including at least one of the following indications:

a failure cause value and/or a failure indication for indicating that the first operation failed;

a success cause value and/or a success indication for indicating that the first operation was successful;

Indicating that the first operation is successful if the failure cause value and/or failure indication is not included in the second NAS message;

and indicating that the first operation fails in the case that the success reason value and/or the success indication are not included in the second NAS message.

Optionally, the radio frequency unit 1401 is further configured to perform at least one of:

receiving a second message from the network side, and sending the second message to the first device;

Receiving a third message from the first device, and sending the third message to the network side;

wherein the second message and the third message are messages involved in performing the first operation, respectively.

Optionally, the second message is an extensible authentication protocol EAP message, and the third message is an EAP message.

Optionally, the first non-access stratum NAS message is a PDU session modification request or a PDU session establishment request.

Optionally, the radio frequency unit 1401 is further configured to: receiving rule information sent by the network side;

the radio frequency unit 1401 sends a first NAS message and/or first indication information to the network side, which is specifically configured to:

And sending the first non-access stratum (NAS) message and/or the first indication information to the network side according to the rule information.

Optionally, the rule information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

At least one first target device requires the first operation or does not require the first operation.

Optionally, the radio frequency unit 1401 sends the first non-access stratum NAS message and/or the first indication information to the network side according to the rule information, which is specifically configured to perform at least one of the following:

Sending the first non-access stratum (NAS) message and/or the first indication information to the network side under the condition that the rule information indicates that the first equipment needs the first operation;

If the rule information indicates that the first operation needs to be applied to the target PIN, and at least one of the following conditions is met, sending the first non-access stratum NAS message and/or the first indication information to the network side:

The first non-access stratum (NAS) message and/or the first indication information is/are related to the target PIN;

The connection between the first terminal and the first device is associated with the target PIN;

the first message sent by the first device and received by the first terminal is related to the target PIN;

the first device being associated with the target PIN;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

Optionally, the radio frequency unit 1401 is further configured to:

the first terminal receives configuration information sent by the second terminal;

the radio frequency unit 1401 sends a first NAS message and/or first indication information to the network side, which is specifically configured to:

And sending the first non-access stratum (NAS) message and/or the first indication information to the network side according to the configuration information.

Optionally, the configuration information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

at least one second target device requires the first operation or does not require the first operation.

Optionally, the radio frequency unit 1401 sends the first non-access stratum NAS message and/or the first indication information to the network side according to the configuration information, and is specifically configured to perform at least one of the following:

Sending the first non-access stratum (NAS) message and/or the first indication information to the network side under the condition that the configuration information indicates that the first equipment needs the first operation;

if the configuration information indicates that the first operation needs to be applied to the target PIN, and at least one of the following conditions is met, sending the first non-access stratum NAS message and/or the first indication information to the network side:

The first non-access stratum (NAS) message and/or the first indication information is/are related to the target PIN;

The connection between the first terminal and the first device is associated with the target PIN;

the first message sent by the first device and received by the first terminal is related to the target PIN;

the first device being associated with the target PIN;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

Optionally, the radio frequency unit 1401 is further configured to: and sending the information of the first equipment to the network side under the condition that the second indication information indicates that the first operation is successful.

Optionally, the first terminal is a terminal with gateway capability.

In the second aspect, when the terminal 1400 is used as the second terminal, the radio frequency unit 1401 is configured to transmit configuration information to the first terminal in the PIN of the personal internet of things.

Optionally, the configuration information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

At least one second target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

The second target device is a device which needs to access the personal internet of things PIN or a mobile network through the first terminal.

The embodiment of the present application further provides a network function, as shown in fig. 15, where the network function 1500 includes: an antenna 151, radio frequency means 152, baseband means 153, a processor 154 and a memory 155. The antenna 151 is connected to a radio frequency device 152. In the uplink direction, the radio frequency device 152 receives information via the antenna 151, and transmits the received information to the baseband device 153 for processing. In the downlink direction, the baseband device 153 processes information to be transmitted, and transmits the processed information to the radio frequency device 152, and the radio frequency device 152 processes the received information and transmits the processed information through the antenna 151.

The method of network function execution in the above embodiment may be implemented in the baseband apparatus 153, and the baseband apparatus 153 includes a baseband processor.

The baseband device 153 may, for example, comprise at least one baseband board, where a plurality of chips are disposed, as shown in fig. 15, where one chip, for example, a baseband processor, is connected to the memory 155 through a bus interface, so as to call a program in the memory 155 to perform the network function operation shown in the above method embodiment.

The network functions may also include a network interface 156, such as a common public radio interface (common public radio interface, CPRI).

Specifically, the network function 1500 of the embodiment of the present invention further includes: instructions or programs stored in the memory 155 and executable on the processor 154, the processor 154 invokes the instructions or programs in the memory 155 to perform the method of fig. 6 and achieve the same technical result, and are not repeated here.

The embodiment of the application also provides a network function. As shown in fig. 16, the network function 1600 includes: processor 1601, network interface 1602, and memory 1603. The network interface 1602 is, for example, a common public radio interface (common public radio interface, CPRI).

Specifically, the network function 1600 of the embodiment of the present invention further includes: instructions or programs stored in the memory 1603 and executable on the processor 1601, the processor 1601 invokes the instructions or programs in the memory 1603 to perform the method shown in fig. 3 or fig. 4 or fig. 6 and achieve the same technical effects, and are not repeated here.

The embodiment of the application also provides a readable storage medium, on which a program or an instruction is stored, which when executed by a processor, implements each process of the above embodiment of the operation execution method, and can achieve the same technical effects, and in order to avoid repetition, the description is omitted here.

Wherein the processor is a processor in the terminal described in the above embodiment. The readable storage medium may be non-volatile or non-transitory. The readable storage medium may include a computer readable storage medium such as a computer read only memory ROM, a random access memory RAM, a magnetic or optical disk, etc.

The embodiment of the application further provides a chip, the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is configured to run a program or instructions, implement each process of the operation execution method embodiment described in any one of the first aspect to the fifth aspect, and achieve the same technical effect, so that repetition is avoided, and no further description is provided herein.

It should be understood that the chips referred to in the embodiments of the present application may also be referred to as system-on-chip chips, or the like.

Embodiments of the present application further provide a computer program/program product stored in a storage medium, where the computer program/program product is executed by at least one processor to implement the respective processes of the embodiments of the operation execution method described in any one of the first to fifth aspects, and achieve the same technical effects, and for avoiding repetition, a description is omitted herein.

The embodiment of the application also provides an operation execution system, which comprises: a terminal operable to perform the steps of the operation performing method as described in the first aspect or the fourth aspect, and a network function operable to perform the steps of the operation performing method as described in the second aspect or the third aspect or the fifth aspect.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Furthermore, it should be noted that the scope of the methods and apparatus in the embodiments of the present application is not limited to performing the functions in the order shown or discussed, but may also include performing the functions in a substantially simultaneous manner or in an opposite order depending on the functions involved, e.g., the described methods may be performed in an order different from that described, and various steps may be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.

From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a computer software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network function, etc.) to perform the method according to the embodiments of the present application.

The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are to be protected by the present application.

Claims (57)

1. An operation execution method, characterized by comprising at least one of the following:

The method comprises the steps that a first terminal sends a first non-access stratum (NAS) message and/or first indication information to a network side, wherein the first NAS message is used for indicating a first operation, the first indication information is used for indicating the first operation, and the first operation comprises at least one of authentication, authentication and authorization;

The first terminal receives fifth indication information sent by the network side, wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the network side;

and allowing or not allowing the first operation to be executed through the user plane of the network side.

2. The method according to claim 1, wherein before the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side, the method further comprises:

the first terminal interacts with the network side to establish a protocol data unit, PDU, session.

3. The method of claim 2, wherein the first non-access stratum NAS message is a PDU session modification request.

4. A method according to any of claims 1-3, wherein the first indication information comprises at least one of:

an instruction for instructing to perform the first operation;

information of the first terminal;

and information of a second network function, wherein the second network function is used for executing the first operation.

5. The method according to claim 1 or 2, wherein the first terminal sends a first non-access stratum NAS message and/or first indication information to a network side, including:

And when or after the connection is established between the first terminal and the first device, the first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side.

6. The method according to claim 5, wherein the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side at or after the time of establishing a connection between the first terminal and the first device, comprising:

The first terminal receives a first message sent by the first device or receives a sixth message sent by the second terminal;

The first terminal responds to the first message or the sixth message and sends the first non-access stratum (NAS) message and/or the first indication information to the network side;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a personal internet of things PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

the sixth message is used for indicating the first terminal or the first device to communicate with the second network function;

The second network function is configured to perform the first operation.

7. The method of claim 5 or 6, wherein the first indication information comprises at least one of:

an instruction for instructing to perform the first operation;

information of the first device;

information of the first terminal;

Information of a second network function, the second network function being used to perform the first operation.

8. The method according to any of the claims 5 to 7, characterized in that after the first terminal sends a first non-access stratum, NAS, message and/or a first indication information to the network side, the method further comprises:

the first terminal receives second indication information sent by the network side, wherein the second indication information is used for indicating a result of the first operation:

the first terminal executes at least one of the following according to the second indication information:

Allowing or rejecting a first message sent by a first device and received by the first terminal;

Allowing or denying processing of data to the first device;

allowing or reserving or releasing the connection of the first terminal and the first device;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

9. The method according to any one of claims 1, 5-8, wherein the method further comprises:

the first terminal performs at least one of the following according to the fifth indication information:

Executing or stopping executing the first operation;

Transmitting or stopping transmitting sixth indication information to the second network function, where the sixth indication information is used to instruct the second network function to execute the first operation;

sending or stopping sending a fourth message to the second network function, wherein the fourth message is related to executing the first operation;

Receiving or stopping receiving a fifth message from the second network function, wherein the fifth message is related to executing the first operation;

allowing or rejecting a first message sent by a first device and received by the first terminal;

Allowing or denying processing of data to the first device;

allowing or reserving or releasing the connection of the first terminal and the first device;

Wherein the first message is used to indicate at least one of:

establishing connection between the first equipment and the first terminal, accessing the PIN where the first terminal is located, communicating with the network side and communicating with the second network function.

10. The method according to claim 8, wherein the first terminal receiving the second indication information sent by the network side includes:

The first terminal receives a second NAS message sent by the network side, wherein the second NAS message carries the second indication information.

11. The method of claim 10, wherein the second indication information satisfies at least one of:

indicating the result of the first operation by an identification or name of the second NAS message;

The result of the first operation is indicated by a cause value.

12. The method of claim 11, wherein the indicating the result of the first operation by the identity or name of the second NAS message comprises at least one of:

Indicating that the first operation is successful by a PDU session modification acknowledgement message or a PDU session establishment acknowledgement message;

indicating that the first operation fails by a PDU session modification rejection message or a PDU session establishment rejection message.

13. The method of claim 11, wherein the indicating the result of the first operation by a cause value comprises at least one of:

a failure cause value and/or a failure indication for indicating that the first operation failed;

a success cause value and/or a success indication for indicating that the first operation was successful;

Indicating that the first operation is successful if the failure cause value and/or failure indication is not included in the second NAS message;

and indicating that the first operation fails in the case that the success reason value and/or the success indication are not included in the second NAS message.

14. The method according to any one of claims 5-13, further comprising at least one of:

the first terminal receives a second message from the network side and sends the second message to the first device;

the first terminal receives a third message from the first device and sends the third message to the network side;

wherein the second message and the third message are messages involved in performing the first operation, respectively.

15. The method of claim 14, wherein the second message is an extensible authentication protocol, EAP, message and the third message is an EAP message.

16. The method according to any of claims 5-15, wherein the first non-access stratum NAS message is a PDU session modification request or a PDU session establishment request.

17. The method according to any one of claims 1-16, further comprising:

the first terminal receives rule information sent by the network side;

The first terminal sends a first non-access stratum NAS message and/or first indication information to a network side, and the first terminal comprises:

and the first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side according to the rule information.

18. The method of claim 17, wherein the rule information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

At least one first target device requires the first operation or does not require the first operation.

19. The method according to claim 18, wherein the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side according to the rule information, including at least one of:

The first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side under the condition that the rule information indicates that the first equipment needs the first operation;

In a case that the rule information indicates that the first operation needs to be applied to the target PIN, and at least one of the following conditions is met, the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side:

The first non-access stratum (NAS) message and/or the first indication information is/are related to the target PIN;

The connection between the first terminal and the first device is associated with the target PIN;

the first message sent by the first device and received by the first terminal is related to the target PIN;

the first device being associated with the target PIN;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

20. The method according to any one of claims 1-19, further comprising:

the first terminal receives configuration information sent by the second terminal;

The first terminal sends a first non-access stratum NAS message and/or first indication information to a network side, and the first terminal comprises:

and the first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side according to the configuration information.

21. The method of claim 20, wherein the configuration information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

at least one second target device requires the first operation or does not require the first operation.

22. The method of claim 21, wherein the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side according to the configuration information, including at least one of:

The first terminal sends the first non-access stratum (NAS) message and/or the first indication information to the network side under the condition that the configuration information indicates that the first equipment needs the first operation;

in a case that the configuration information indicates that the first operation needs to be applied to the target PIN, and at least one of the following conditions is met, the first terminal sends the first non-access stratum NAS message and/or the first indication information to the network side:

The first non-access stratum (NAS) message and/or the first indication information is/are related to the target PIN;

The connection between the first terminal and the first device is associated with the target PIN;

the first message sent by the first device and received by the first terminal is related to the target PIN;

the first device being associated with the target PIN;

Wherein the first message is used to indicate at least one of:

Establishing connection between the first equipment and the first terminal, accessing a PIN where the first terminal is located, communicating with the network side and communicating with a second network function;

The second network function is configured to perform the first operation.

23. The method according to any one of claims 8-22, further comprising:

and under the condition that the second indication information indicates that the first operation is successful, the first terminal sends the information of the first equipment to the network side.

24. The method according to any of claims 1-23, wherein the first terminal is a gateway-capable terminal.

25. An operation execution method, comprising:

The first network function sends fifth indication information to the first terminal;

and/or the number of the groups of groups,

The first network function receives a first non-access stratum (NAS) message and/or first indication information sent by the first terminal, wherein the first NAS message is used for indicating a first operation, the first indication information is used for indicating the first operation, and the first operation comprises at least one of authentication, authentication and authorization;

The first network function performs at least one of the following in response to the first non-access stratum NAS message and/or the first indication information:

transmitting the fifth indication information to the first terminal;

Instructing a second network function and the first terminal to perform the first operation;

Wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of a mobile network in which the first network function is located;

The first operation is allowed or not allowed to be performed by a user plane of the mobile network where the first network function is located.

26. The method according to claim 25, wherein in case the first network function instructs a second network function and the first terminal to perform the first operation, the method further comprises:

The first network function receives third indication information sent by the second network function, wherein the third indication information is used for indicating a result of the first operation;

And the first network function sends second indication information to the first terminal according to the third indication information, wherein the second indication information is used for indicating the result of the first operation.

27. The method according to claim 25 or 26, wherein before the first network function receives the first non-access stratum, NAS, message and/or the first indication information sent by the first terminal, the method further comprises:

the first network function interacts with the first terminal to establish a protocol data unit, PDU, session.

28. The method of claim 27, wherein the first non-access stratum NAS message is a PDU session modification request.

29. The method of any one of claims 25-28, wherein the first indication information comprises at least one of:

an instruction for instructing to perform the first operation;

information of the first terminal;

information of the second network function.

30. The method of claim 25 or 26, wherein the first indication information comprises at least one of:

an instruction for instructing to perform the first operation;

The information of the first equipment, wherein the first equipment is equipment which needs to access personal networking PIN or a network where the first network function is located through the first terminal;

information of the first terminal;

information of the second network function.

31. The method according to any of claims 25, 26, 30, wherein the first non-access stratum NAS message is a PDU session modification request or a PDU session establishment request.

32. The method according to any of claims 26-31, wherein the first network function sending second indication information to the first terminal according to the third indication information, comprising:

And the first network function sends a second NAS message to the first terminal according to the third indication information, wherein the second NAS message carries the second indication information.

33. The method of claim 26 or 32, wherein the second indication information satisfies at least one of:

indicating the result of the first operation by an identification or name of the second NAS message;

The result of the first operation is indicated by a cause value.

34. The method of claim 33, wherein the indicating the result of the first operation by the identity or name of the second NAS message comprises at least one of:

Indicating that the result of the first operation is successful by a PDU session modification acknowledgement or a PDU session establishment acknowledgement;

The first operation failure is indicated by a PDU session modification rejection message or a PDU session establishment rejection.

35. The method of claim 33, wherein the indicating the result of the first operation by a cause value comprises at least one of:

a failure cause value and/or a failure indication for indicating that the first operation failed;

a success cause value and/or a success indication for indicating that the first operation was successful;

Indicating that the first operation is successful if the failure cause value and/or failure indication is not included in the second NAS message;

and indicating that the first operation fails in the case that the success reason value and/or the success indication are not included in the second NAS message.

36. The method according to any of claims 25-35, wherein the first network function, in response to the first non-access stratum, NAS, message, instructs a second network function and the first terminal to perform the first operation, comprising at least one of:

The first network function instructs the second network function and the first terminal to perform the first operation based on the PDU session related information in the first non-access stratum NAS message;

The first network function instructs the second network function and the first terminal to perform the first operation based on the PDU session related information in the first non-access stratum NAS message and first association information of the PDU session related information and a PIN instance or session;

The first network function instructs the second network function and the first terminal to perform the first operation based on the PIN instance or session related information in the first non-access stratum NAS message;

The first network function instructs the second network function and the first terminal to perform the first operation based on the PDU session related information and the PIN service instruction information in the first non-access stratum NAS message;

The first network function instructs the second network function and the first terminal to perform the first operation based on the PDU session related information in the first non-access stratum NAS message and second association information of the PDU session related information and PIN service.

37. The method of claim 36, wherein the method further comprises:

The first network function is aware of at least one of the following from the third network function:

The first association information;

the second association information.

38. The method according to any one of claims 25-37, further comprising:

the first network function receives information of a first device sent by the first terminal under the condition that the second indication information indicates that the first operation is successful;

The first device is a device which needs to access a PIN or a network where the first network function is located through the first terminal.

39. The method of claim 38, wherein the method further comprises:

And under the condition that the first network function knows the message filtering rule and the message filtering rule is related to the first equipment, the first network function configures a fourth network function by using the message filtering rule.

40. An operation execution method, comprising:

the third network function performs a second operation;

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

41. The method of claim 40, wherein the rule information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

at least one first target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

the first target device is a device which needs to access a personal networking PIN or a mobile network where the third network function is located through the first terminal.

42. The method of claim 40 or 41, wherein the PDU session configuration information comprises at least one of:

PDU conversation related information and PIN instance or first association information of conversation;

the PDU session related information is associated with the second information of the PIN service.

43. The method of any one of claims 40-42, wherein prior to the third network function performing the second operation, the method further comprises:

The third network function acquires fourth indication information, wherein the fourth indication information is used for indicating the third network function to execute the second operation;

The third network function performs the second operation, including:

And the third network function executes the second operation according to the fourth indication information.

44. The method of claim 43, wherein the third network function learns the fourth indication information, comprising:

The third network function receives the fourth indication information sent by the fifth network function.

45. An operation execution method, comprising:

And the second terminal sends configuration information to the first terminal in the personal internet of things PIN.

46. The method of claim 45, wherein the configuration information is used to indicate at least one of:

the first operation need be applied to a target PIN or the first operation need not be applied to the target PIN;

At least one second target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

The second target device is a device which needs to access the personal internet of things PIN or a mobile network through the first terminal.

47. An operation execution method, comprising:

The fifth network function sends fourth indication information to the third network function, wherein the fourth indication information is used for indicating the third network function to execute a second operation;

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

48. The method of claim 47, wherein the rule information is used to indicate at least one of:

The first operation need be applied to a target personal networking PIN or the first operation need not be applied to the target personal networking PIN;

at least one first target device requires the first operation or does not require the first operation;

wherein the first operation includes at least one of authentication, authorization;

the first target device is a device which needs to access a personal networking PIN or a mobile network where the third network function is located through the first terminal.

49. The method of claim 47 or 48, wherein the PDU session configuration information comprises at least one of:

PDU conversation related information and PIN instance or first association information of conversation;

the PDU session related information is associated with the second information of the PIN service.

50. An operation execution device characterized by comprising at least one of the following modules:

A first sending module, configured to send a first non-access stratum NAS message and/or first indication information to a network side, where the first non-access stratum NAS message is used to indicate a first operation, and the first indication information is used to indicate the first operation, and the first operation includes at least one of authentication, and authorization;

the first receiving module is configured to receive fifth indication information sent by the network side, where the fifth indication information is used to indicate at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the network side;

and allowing or not allowing the first operation to be executed through the user plane of the network side.

51. An operation execution device, characterized by comprising:

The second sending module is used for sending fifth indication information to the first terminal;

and/or the number of the groups of groups,

The second receiving module is used for receiving a first non-access stratum (NAS) message and/or first indication information sent by the first terminal, wherein the first non-access stratum (NAS) message is used for indicating a first operation, the first indication information is used for indicating the first operation, and the first operation comprises at least one of authentication, authentication and authorization;

A first processing module, configured to perform at least one of the following in response to the first non-access stratum NAS message and/or the first indication information:

transmitting the fifth indication information to the first terminal;

Instructing a second network function and the first terminal to perform the first operation;

Wherein the fifth indication information is used for indicating at least one of the following:

allowing or disallowing the first operation;

allowing or disallowing the first operation to be performed by a control plane of the mobile network;

the first operation is allowed or not allowed to be performed through the user plane of the mobile network.

52. An operation execution device, characterized by comprising:

A second processing module for performing a second operation;

Wherein the second operation includes at least one of:

sending rule information of personal internet of things PIN to a first terminal;

And transmitting the session configuration information of the data protocol unit PDU to the first network function.

53. An operation execution device, characterized by comprising:

and the third sending module is used for sending the configuration information to the first terminal in the personal internet of things PIN.

54. An operation execution device, characterized by comprising:

a fourth sending module, configured to send fourth indication information to a third network function, where the fourth indication information is used to instruct the third network function to perform a second operation;

Wherein the second operation includes at least one of:

the third network function sends rule information to the first terminal;

The third network function sends data protocol unit, PDU, session configuration information to the first network function.

55. A terminal comprising a processor and a memory storing a program or instructions executable on the processor, which when executed by the processor, implement the steps of the method of performing operations of any one of claims 1 to 24 or the steps of the method of performing operations of any one of claims 45 to 46.

56. A network function comprising a processor and a memory storing a program or instructions executable on the processor, the program or instructions implementing the steps of the method of any one of claims 25 to 39, or the steps of the method of any one of claims 40 to 44, or the steps of the method of any one of claims 47 to 49, when executed by the processor.

57. A readable storage medium, characterized in that the readable storage medium stores thereon a program or instructions, which when executed by a processor, implements the operation performing method of any one of claims 1 to 24, or implements the steps of the operation performing method of any one of claims 25 to 39, or implements the steps of the operation performing method of any one of claims 40 to 44, or implements the steps of the operation performing method of any one of claims 45 to 46, or implements the steps of the operation performing method of any one of claims 47 to 49.