RU2781146C1 - Method for data transmission and communication apparatus - Google Patents

Abstract

FIELD: communication.

SUBSTANCE: to realise the technical result, the method for data transmission, applicable to subscriber equipment, includes: receiving the IPsec tunnel information, wherein the IPsec tunnel is used to transmit information between the subscriber equipment and a second network; and performing an associated operation for the tunnel of the first network based on the IPsec tunnel information.

EFFECT: possibility of providing the services of a second network in a first network when the subscriber equipment accesses a service of the first network via the second network.

21 cl, 25 dwg

Description

CROSS REFERENCES TO RELATED APPLICATIONS

[0001] This application claims priority over Chinese Patent Application No. 201811537222.1, filed December 14, 2018, which is incorporated herein by reference in its entirety.

FIELD OF THE INVENTION

[0002] Embodiments of the present invention relate to the field of wireless communication technologies, and specifically to a method for providing data transmission and a communication device.

BACKGROUND OF THE INVENTION

[0003] In many industries with a vertical organization of activities, such as railway dispatch services and automated control, communication requirements are established. 5th Generation (5G) communication technology can provide a Non-Public Network (NPN) for vertically organized industry to meet its respective requirements. Indoor networks usually provide services within a single area rather than full coverage.

[0004] Deployment of indoor networks can be performed in many ways, for example, (1), as an isolated network; (2) a non-isolated network, wherein the non-isolated network is, for example, (a) part of a carrier's communications network or (b) a branch thereof.

[0005] User equipment subscribing to an indoor network may also subscribe to a public network (PN). User equipment subscribing to a public network may also be subscribing to a home network. The user equipment may access public network services (eg, public land mobile network, PLMN) services via the home network. The user equipment may also have access to the services of the internal network via the public network (eg, access to the internal network via PLMN (access to selected services of the internal network via PLMN)).

[0006] Deployment of an internal network is performed without any complex network services; in the conditions of internal network coverage, it is also desirable that the subscriber of the internal use network has access to public network services. In contrast, in a public network environment, it is desirable for a subscriber of an internal network to have access to services of an internal network. A method for providing indoor network services in a public network when a user equipment accesses a public network service through an indoor network, or a method for providing public network services in an indoor network when a subscriber accesses an indoor network service through a public network use has grown into a technical problem, which at the moment needs to be solved urgently.

SUMMARY OF THE INVENTION

[0007] According to embodiments of the present invention, there is provided a data communication method and communication apparatus for solving the problem of providing second network services in a first network when a user equipment accesses a first network service via a second network.

[0008] To solve the above technical problem, the present invention is implemented as follows:

[0009] According to a first aspect, in one embodiment, the present invention provides a data communication method applicable to user equipment, which includes:

obtaining information of the first IPSec tunnel, wherein the first IPSec tunnel is an IPSec tunnel used for transmission of control signals between the user equipment and the second network, and

performing a first side operation for the tunnel of the first network based on the information of the first IPSec tunnel.

[0010] According to a second aspect, in one embodiment, the present invention provides a data communication method applicable to user equipment, which includes:

obtaining IPSec data tunnel information and/or tunnel information between the user equipment and the second network, wherein the IPSec data tunnel is an IPSec tunnel used to transmit user plane data between the user equipment and the second network, or tunnel data between the user equipment and the second network and

performing second related information for the tunnel of the first network based on the information of the IPSec data tunnel and/or the information of the tunnel between the user equipment and the second network.

[0011] According to a third aspect, in one embodiment, the present invention provides a data communication method applicable to a proxy network element, which includes:

determination of the fact of compliance with a given condition; and

when it is determined that the predetermined condition is met, performing an operation related to the IPSec data tunnel for the second network tunnel;

wherein the proxy network element is the proxy of the first network for interfacing with the second network.

[0012] According to a fourth aspect, in one embodiment, the present invention provides a data communication method applicable to a communication network element, which includes:

transmission of tunnel information between the user equipment and the second network, wherein the tunnel information between the user equipment and the second network includes at least one of the following elements: an IPSec data tunnel identifier associated with a tunnel between the user equipment and the second network, an IPSec tunnel security parameter index data connected by a tunnel between the user equipment and the second network, a new tunnel between the user equipment and the second network, a remote tunnel between the user equipment and the second network, information about the quality of service parameters of the tunnel between the user equipment and the second network, individual delivery resource indication information and indication information that a separate delivery resource is not required.

[0013] According to a fifth aspect, in one embodiment, the present invention provides a data communication method applicable to user equipment, which includes:

obtaining IPSec tunnel information, wherein the IPSec tunnel is an IPSec tunnel used for transmission of control signals between the user equipment and the second network, and

performing a side operation for the tunnel of the first network based on the information of the IPSec tunnel.

[0014] According to a sixth aspect, in one embodiment, the present invention provides user equipment, including:

a sink module for receiving information of the first IPSec tunnel, wherein the first IPSec tunnel is an IPSec tunnel used for transmission of control signals between the user equipment and the second network, and

an executing module for performing the first related operation for the tunnel of the first network based on the information of the first IPSec tunnel.

[0015] According to a seventh aspect, in one embodiment, the present invention provides user equipment, including:

A sink module for receiving IPSec data tunnel information and/or tunnel information between the user equipment and the second network, wherein the IPSec data tunnel is an IPSec tunnel used to transmit user plane data between the user equipment and the second network, or tunnel data between the user equipment and the second network; and

an executing module for executing the second related information for the first network tunnel based on the IPSec data tunnel information and/or the tunnel information between the user equipment and the second network.

[0016] According to an eighth aspect, in one embodiment, the present invention provides a proxy network element, including:

a determination module for determining whether the predetermined condition has been met; and

an executing module for performing an operation related to the IPSec data tunnel for the second network tunnel when it is determined that the predetermined condition is met;

wherein the proxy network element is the proxy of the first network for interfacing with the second network.

[0017] According to a ninth aspect, in one embodiment, the present invention provides a communication network element including:

a transmitter module for transmitting tunnel information between the user equipment and the second network, wherein the tunnel information between the user equipment and the second network includes at least one of the following elements: an IPSec data tunnel identifier associated with the tunnel between the user equipment and the second network, IPSec data tunnel security parameter index linked by the tunnel between the user equipment and the second network, new tunnel between the user equipment and the second network, remote tunnel between the user equipment and the second network, quality of service parameter information of the tunnel between the user equipment and the second network, indication information a separate delivery resource and an indication that a separate delivery resource is not required.

[0018] According to a tenth aspect, in one embodiment, the present invention provides user equipment, including:

a sink module for receiving IPSec tunnel information, wherein the IPSec tunnel is used to transmit control signals between the user equipment and the second network, and

an executing module for performing a related operation for the tunnel of the first network based on the information of the IPSec tunnel.

[0019] According to an eleventh aspect, in one embodiment, the present invention provides a user equipment including a processor, a storage device, and a program that is stored on the storage device and can run on the processor. When the processor is executing the program, the method steps applicable to the user equipment are implemented to enable data transmission.

[0020] According to a twelfth aspect, in one embodiment, the present invention provides a user equipment including a processor, a storage device, and a program that is stored on the storage device and can run on the processor. When the processor executes the program, the steps of the method applicable to the proxy network element are implemented to enable data transfer.

[0021] According to a thirteenth aspect, in one embodiment, the present invention provides a communication network element including a processor, a storage device, and a program that is stored on the storage device and can be run on the processor. When the processor executes the program, the steps of the method applicable to the communication network element are implemented to enable data transmission.

[0022] According to a fourteenth aspect, in one embodiment, the present invention provides a computer-readable storage medium that stores a program that, when executed by a processor, implements the steps of the above data communication method.

[0023] In embodiments of the present invention, second network services may be provided on the first network when the user equipment accesses the first network service via the second network.

BRIEF DESCRIPTION OF THE DRAWINGS

[0024] Upon reviewing the detailed description of additional embodiments below, other advantages and benefits will become apparent to those skilled in the art. The accompanying drawings are for illustrative purposes only and are not intended to limit the present invention. Like reference numerals throughout the accompanying drawings refer to like components. Blueprints:

[0025] FIG. 1 is a schematic view of the architecture of a wireless communication system according to one embodiment of the present invention;

[0026] FIG. 2 is a schematic view of the wireless communication system architecture shown in FIG. I, in a specific application scenario;

[0027] FIG. 3 is a schematic representation of the transmission mode for control signals between the user equipment and the second network via the first network;

[0028] FIG. 4 is a schematic representation of a transmission format for control signals between a user equipment and a second network via a first network;

[0029] FIG. 5 is a schematic representation of a transmission mode for user plane data of a second network via a first network;

[0030] FIG. 6 is a schematic representation of a transmission format for user plane data of a second network via a first network;

[0031] FIG. 7 is a flow diagram of a method for providing data communication according to one embodiment of the present invention;

[0032] FIG. 8 is a flowchart of a method for providing data communication according to another embodiment of the present invention;

[0033] FIG. 9 is a flow diagram of a method for providing data communication according to another embodiment of the present invention;

[0034] FIG. 10 is a flow diagram of a method for providing data communication according to a further embodiment of the present invention;

[0035] FIG. 11 is a flowchart of a method for providing data communication according to another further embodiment of the present invention;

[0036] FIG. 12A and 12B are flow charts of a method for enabling data communication in Application Scenario 1 according to one embodiment of the present invention;

[0037] FIG. 13A and 13B are flow charts of a method for enabling data communication in Application Scenario 2 according to one embodiment of the present invention;

[0038] FIG. 14A and 14B are flow charts of a method for enabling data communication in Application Scenario 3 according to one embodiment of the present invention;

[0039] FIG. 15A and 15B are flow charts of a method for enabling data communication in Application Scenario 4 according to one embodiment of the present invention;

[0040] FIG. 16 is a schematic diagram of a user equipment device according to one embodiment of the present invention;

[0041] FIG. 17 is a schematic diagram of a user equipment according to another embodiment of the present invention;

[0042] FIG. 18 is a schematic diagram of a proxy network element according to one embodiment of the present invention;

[0043] FIG. 19 is a schematic diagram of a communication network element according to one embodiment of the present invention;

[0044] FIG. 20 is a schematic diagram of a user equipment according to another embodiment of the present invention; as well as

[0045] FIG. 21 is a schematic diagram of a user equipment device according to a further embodiment of the present invention;

DESCRIPTION OF EMBODIMENTS

[0046] The following is a clear and complete description of the technical solutions according to the embodiments of the present invention with reference to the accompanying drawings of the embodiments. Obviously, the described embodiments are only some of the embodiments of the present invention, and not all of them. All other embodiments obtained by a person skilled in the art without creative effort and based on the embodiments of the present invention should fall within the scope of the present invention.

[0047] The terms "include", "include" and any forms thereof in the description and claims in this application are intended to indicate non-exclusive content. For example, a process, method, system, article, or device including a sequence of steps or units is not necessarily limited to those explicitly represented steps or units, but may include other steps or units not explicitly represented or inherent in that process, method, system. , product or device The use of the term "and/or" in the description and claims indicates the presence of at least one related object. For example, A and/or B has three meanings: A and B each individually, or A and B together.

[0048] In embodiments of the present invention, terms such as "example" or "for example" are used to refer to an example, illustrative example, or description. Any embodiment or design scheme described as "example" or containing the phrase "for example" in some embodiments of the present invention should not be construed as preferable or superior to other design options or schemes. In particular, the use of terms such as "example" or "for example" is intended to represent related concepts in a particular way.

[0049] Embodiments of the present invention are described below with reference to the accompanying drawings. The communication method and communication device provided by the embodiments of the present invention can be applied to a wireless communication system. The wireless communication system may be a 5G system or an Evolved Long Term Evolution (eLTE) system or a more advanced communication system.

[0050] FIG. 1 is a schematic view of the architecture of a wireless communication system according to one embodiment of the present invention. As shown in FIG. 1, a user equipment 11, a first network 12 and a second network and/or service of a second network 13 are provided, wherein the second network service may be a network service supported on a network element of the second network or a network service accessed via the second network. . The user equipment 11 may access the second network service via the first network 12, or the second network service via the second network, or access the second network service via the second network after the second network has been accessed via the first network.

[0051] FIG. 2 is a schematic view of the wireless communication system architecture shown in FIG. 1 in a specific application scenario. In the application scenario, the user equipment accesses an intermediary network element (eg, non-3GPP Inter Working Function (N3IWF)) between the first and second networks by creating a session PDU tunnel with the first network. By creating an IPSec tunnel with an intermediary network element, the user equipment connects to the Access Management Function (AMF) and the User Plane Function (UPF) of the second network. FIG. 3 is a schematic representation of the transmission mode for control signals between the user equipment and the second network via the first network. FIG. 4 is a schematic representation of a transmission format for control signals between a user equipment and a second network via a first network. As shown in FIG. 3 and 4, control signals between the user equipment and the second network are transmitted through an Internet Protocol security tunnel (IPsec tunnel). FIG. 5 is a schematic representation of a transmission mode for user plane data of a second network (also referred to as user plane data between user equipment and a second network) via the first network. FIG. 6 is a schematic representation of a transmission format for user plane data of a second network via a first network. The user plane data of the second network is transmitted through the IPsec tunnel.

[0052] A disadvantage of such an architecture shown in FIG. 2 is that the details of the information between the user equipment and the second network are transparent to the first network and a Quality of Service (QoS) guarantee cannot be provided. In addition, there is no interface between the proxy network element and the first network, and it is also impossible to provide QoS information for the first network. Therefore, the operation and reliability of critical traffic (such as IMS voice traffic, emergency call traffic, etc.) cannot be guaranteed.

[0053] In order to allow the user equipment to access the second network and/or the service of the second network via the first network, the following problems also need to be solved:

[0054] Issue 1: In general, control signals are the basis for user plane data transmission. However, since the control signals and user plane data of the second network in the architecture shown in FIG. 2 are bound to the IPsec data tunnel, the first network cannot distinguish between control signals and user plane data of the second network, and also cannot determine which IPsec tunnels are used for control signaling of the second network and which are used for transmission of user plane data of the second network .

[0055] Problem 2: According to the QoS guarantee method, data is tied to different QoS flows. Different QoS flows have different QoS parameter requirements. The effect of providing data in the QoS flow is achieved according to the requirements for QoS parameters in the QoS flow. In the architecture shown in FIG. 2, the user plane data of the second network may be QoS flow data of the second network. The IPsec data tunnel may be associated with the QoS flow of the second network, i. e. can be used to transfer QoS flow data to a second network. However, the first network cannot distinguish between the QoS flows of the second network corresponding to the IPsec tunnel and cannot associate the IPsec tunnel data with the appropriate QoS flow to enable transmission. Packet filter information contained in the QoS flow of the second network five-tuple IP of the second network and other information. As shown in FIG. 6, the IP information of the second network is the IPsec tunnel payload. When the user equipment uses the packet filter information contained in the QoS flow of the second network to request the QoS flow of the first network to use the user plane data of the second network, the UPF of the first network cannot properly map the second network flow to the appropriate QoS flow of the first network.

[0056] Issue 3: A proxy network element may bind multiple QoS flows to a single IPsec tunnel; QoS requirements in QoS flows are different and one IPsec SA can be bound to one QoS flow of the first network. Therefore, it is still not clear how one QoS flow of the first network provides multiple QoS flows of the second network.

[0057] Acquisition may also be understood as acquisition by configuration, reception, reception after a request, acquisition by self-learning, acquisition based on determination of rejected information, or acquisition by processing based on received information. This may be specifically determined according to actual needs, and is not limited in embodiments of the present invention. For example, when indication information about a presented capability is not received from a device, it can be determined that the device does not support the capability.

[0058] Additionally, transmission may include issuing, issuing in a system message, and returning in response to a request.

[0059] According to one embodiment of the present invention, a second network tunnel is understood as a tunnel between the user equipment and the second network. The QoS flow of the second network is understood as the QoS flow between the user equipment and the second network.

[0060] According to one embodiment of the present invention, the value of the service descriptor component type identifier corresponding to the security parameter index type may be 01100000.

[0061] According to one embodiment of the present invention, the QoS information includes at least one of the following: QoS rule, QoS flow description, QoS context, and QoS parameter information. Information about the QoS parameter is contained in the description of the QoS flow and the QoS context.

[0062] According to one embodiment of the present invention, the QoS parameter information may include at least one of the following: QoS class indication information, priority information, packet delay budget, packet error rate, maximum data packet size, regardless of whether whether GBR is set or a default averaging window requirement, a default averaging window, and QoS parameter information related to GBR.

[0063] According to one embodiment of the present invention, packet filter information may be used to bind data to a network tunnel. The packet filter information may also be referred to as TFT, SDF, etc. In the present invention, this option is not limited.

[0064] According to embodiments of the present invention, the terms packet filter information and packet filter can mean the same thing and interchangeably. The terms QoS parameter information and QoS parameter can mean the same thing and can be used interchangeably. The terms QoS class indication information and QoS class indication may mean the same thing and can be used interchangeably. The terms QoS flow description information and QoS flow description can mean the same thing and can be used interchangeably. The terms priority information, QoS priority information, and priority can mean the same thing and can be used interchangeably.

[0065] According to one embodiment of the present invention, the tunnel between the user equipment and the second network may also be briefly referred to as the second network tunnel.

[0066] According to one embodiment of the present invention, emergency call traffic may also be referred to as emergency voice traffic.

[0067] According to one embodiment of the present invention, the voice traffic may also include IMS voice traffic. IMS voice traffic may include at least one of the following: IMS voice traffic over 3GPP access and IMS voice traffic over non-3GPP access.

[0068] According to one embodiment of the present invention, a GBR tunnel means that the QoS information of the tunnel includes a QoS parameter related to the GBR.

[0069] According to one embodiment of the present invention, the GBR-related QoS parameter information may include at least one of the following: guaranteed uplink and/or downlink GFBR stream rate, maximum uplink and/or downlink MFBR stream rate. downlink, uplink and/or downlink GBR, and uplink and/or downlink maximum MBR rate

[0070] According to one embodiment of the present invention, the QoS class indication may also be referred to as 5QI, QCI (QoS Class Identifier), or otherwise. This is not limited in the present invention. 5QI can be used as QFI (QoS Flow Identifier).

[0071] According to an additional embodiment, the tunnel may include at least one of the following elements: PDU session, Quality of Service (QoS) flow, Evolved Packet System (EPS) delivery channel, PDP context, DRB, SRB and Internet Protocol Security Association (IPsec).

[0072] According to one embodiment of the present invention, the IPsec tunnel may be an IPsec Security Association (SA). The first IPsec tunnel may also be referred to as: IPsec signaling SA, IPsec master SA, IPsec control signaling SA, or otherwise. In the present invention, this option is not limited. An IPsec data tunnel may also be referred to as: IPsec Data SA, Child IPsec SA, User Plane Data IPsec SA, QoS Flow IPsec SA, or otherwise. In the present invention, this option is not limited.

[0073] According to one embodiment of the present invention, the first network may be a public network and the second network an indoor network; or the first network may be an indoor network and the second network a public network; or the first network may be the first indoor network and the second network the second indoor network; or the first network may be the first public network and the second network the second public network.

[0074] According to one embodiment of the present invention, an indoor network may also be referred to as an indoor communication network. An internal network can include at least one of the following deployments: a physical internal network, a virtual internal network, and an internal network implemented on a public network. According to one embodiment, the internal network is a Closed Access Group (CAG). The CAG may include a group of user equipment.

[0075] The internal network service may also be referred to as: internal network network service, internal communication service, internal network communication service, or otherwise. It should be noted that the names are not limited to embodiments of the present invention. In one embodiment, the internal network may be a Closed Access Group (CAG); in this case, the Internal Network Service is a group network service with private access.

[0076] According to one embodiment of the present invention, the indoor network may include a private network or be referred to as a private network. A private network may be referred to as: a private communications network, a local area network (LAN), a private virtual network (PVN), an isolated communications network, a special purpose communications network, or otherwise. It should be noted that the names are not limited to embodiments of the present invention.

[0077] According to one embodiment of the present invention, a private network service may include or be referred to as a private network service. The private network service may be referred to as: private network network service, private communication network, local area network (LAN) service, private virtual network (PVN) service, isolated communication network service, special purpose network service, special purpose network service, or otherwise . It should be noted that the names are not limited to embodiments of the present invention.

[0078] The public network may be referred to as: public communication network or otherwise. It should be noted that the names are not limited to embodiments of the present invention.

[0079] The public network service may also be referred to as: public network network service, public communication service, public network communication service, or otherwise. It should be noted that the names are not limited to embodiments of the present invention.

[0080] According to one embodiment, the tunnel may include at least one of the following elements: a PDU session, a Quality of Service (QoS) flow, an Evolved Packet System (EPS) delivery channel, a Packet Data Protocol (PDP), DRB, SRB, and Internet Protocol Security (IPsec) Security Association.

[0081] According to one embodiment of the present invention, the relevant information between the user equipment and the second network (which may be referred to as information between the user equipment and the second network or data of the second network) may include at least one of the following elements: control signals between the user equipment and the second network (also referred to as NAS signals), the second paging message and the user plane data between the user equipment and the second network.

[0082] According to one embodiment, the NG interface may also be referred to as the S1 interface or the N2 interface, without limitation.

[0083] According to one embodiment of the present invention, a communication network element may include at least one of the following elements: a core network element and a radio access network element.

[0084] According to one embodiment of the present invention, the first network network element (which may also be referred to as the first network element) includes at least one of the following elements: a core network element of the first network and a radio access network element of the first network. The network element of the second network (which may also be referred to as the element of the second network) includes at least one of the following elements: a core network element of the second network and a radio access network element of the second network.

[0085] In embodiments of the present invention, a core network element (CN network element) may include, but is not limited to, one of the following items: a core network device, a core network node, a core network function, a network element, a Mobility Management Entity , MME), Access Mobility Management Function (AMF), Session Management Function (SMF), User Plane Function (UPF), Serving GW (SGW), PDN Gateway , PDN gateway), Policy Control Function (PCF), Policy and Charging Rules Function (PCRF), Serving GPRS Support Node (SGSN), Gateway Support Node GPRS (Gateway GPRS Support Node, GGSN), as well as a radio access network device.

[0086] In embodiments of the present invention, a radio access network element may include, but is not limited to, at least one of the following elements: a radio access network device, a radio access network node, a radio access network function, a radio access network block, a 3GPP radio access network, a non-3GPP radio access network , Centralized Unit (CU), Distributed Unit (DU), Base Station, Evolved Node B (eNB), 5G Base Station (gNB), Radio Network Controller (RNC) , base station (NodeB), Non-3GPP Inter Working Function (N3IWF), Access Controller (AC), Access Point (AP) device, or Wireless Local Area Network, WLAN).

[0087] The base station may be a Base Transceiver Station (BTS) in GSM or CDMA, or may be a NodeB (NodeB) in WCDMA, or an emerging NodeB (eNB or e-NodeB) in LTE, or NodeB 5G (gNB), which is not limited in embodiments of the present invention.

[0088] In embodiments of the present invention, the user equipment may include a repeater that supports the function of the user equipment and/or user equipment that supports the function of the repeater. User equipment may also refer to a terminal device or user equipment (User Equipment, UE). The subscriber equipment can be represented by a device on the end side, for example, a mobile phone, a tablet (Tablet Personal Computer), a laptop (Laptop Computer), a personal digital assistant (PDA), a mobile Internet device (Mobile Internet Device, MID) , wearable device, or in-vehicle device. It should be noted that a particular type of user equipment is not limited to embodiments of the present invention.

[0089] The following is a description of a method for providing data transmission according to embodiments of the present invention.

[0090] Referring to FIG. 7, in accordance with one embodiment of the present invention, a data communication method applicable to user equipment is provided, which includes:

[0091] Step 71: Obtaining first IPsec tunnel information, where the first IPsec tunnel is an IPsec tunnel used for control signaling between the user equipment and the second network (control signaling between the user equipment and the second network may be referred to as signaling control of the second network).

[0092] Step 72: Performing a first side operation for the tunnel of the first network based on the information of the first IPSec tunnel.

[0093] According to this embodiment of the present invention, the user equipment can obtain information of the first IPsec tunnel used for transmitting control signals between the user equipment and the second network, and perform related operations for the tunnel of the first network based on the information of the first IPsec tunnel, thus so that the data of the first IPsec tunnel is properly associated with the tunnel of the first network and the control signaling between the user equipment and the second network is provided in the first network.

[0094] According to one embodiment, when the first IPsec tunnel is created, the first side operation is performed for the tunnel of the first network based on the information of the first IPsec tunnel. According to one embodiment, the first IPsec tunnel is created upon receipt of signals to create the first IPsec tunnel from the proxy network element.

[0095] According to one embodiment, when the predetermined condition is satisfied, the first side operation is performed for the tunnel of the first network based on the information of the first IPsec tunnel, where the predetermined condition includes receiving side signals for creating the first IPsec tunnel and information about the created IPsec tunnel from the proxy network element.

[0096] In this embodiment of the present invention, performing the first side operation for the tunnel of the first network further includes at least one of the following:

submitting to the first network a request to create a first tunnel;

submitting to the first network a request to change the third tunnel on the first one;

transmitting the QoS information of the first tunnel to the first network;

transmitting the changed QoS information of the third tunnel to the first network;

transmitting the first QoS information to the first network;

setting uplink and/or downlink packet filter information of the first tunnel according to the first IPsec tunnel information;

setting the uplink and/or downlink packet filter information from among the first QoS information according to the first IPsec tunnel information;

changing the uplink and/or downlink packet filter information of the third tunnel according to the information of the first IPsec tunnel;

setting a component type identifier of the traffic descriptor in the QoS information of the first tunnel according to the security parameters index type;

setting a component type identifier of the traffic descriptor in the first QoS information by type of security parameters index;

changing the component type identifier of the traffic descriptor in the QoS information of the third tunnel according to the security parameters index type;

setting up the first tunnel over a tunnel with a non-guaranteed bit rate (Guaranteed Bit Rate, GBR);

setting the QoS information of the first tunnel or the first QoS information to no GBR related QoS parameter information;

changing the third tunnel over the non-GBR tunnel;

setting the QoS information of the third tunnel to no GBR related QoS parameter information;

setting the QoS class indication information in the QoS information of the first tunnel according to the first QoS class indication information;

setting the QoS class indication information in the first QoS information on the first QoS class indication information;

changing the QoS class indication information in the QoS information of the third tunnel according to the first QoS class indication information;

setting the QoS priority in the QoS information of the first tunnel by the first QoS priority;

setting a QoS priority in the first QoS information on the first QoS priority;

changing the QoS priority in the QoS information of the third tunnel over the first QoS priority; and

transmitting information of the first IPsec tunnel to the first network; where

the first tunnel is used for data transmission of the first IPsec tunnel or for transmission of control signals between the user equipment and the second network;

the third tunnel is represented by the tunnel already created for the subscriber unit and the first network; and

the first QoS information is represented by new QoS information.

[0097] In one implementation, the tunnel identifier (eg, QoS flow identifier) may be omitted from the first QoS information. The tunnel identifier (eg, QoS flow identifier) is also not provided when the user equipment sends a request to the first network for first QoS information (eg, QoS rules and/or QoS flow descriptions). Upon receipt of the first QoS information, the first network (eg, the SMF of the first network) allocates a tunnel identifier (eg, a QoS flow identifier) to the first QoS information. The user equipment receives the provided first QoS information from the first network, and this information includes a dedicated tunnel identifier (eg, a QoS flow identifier). In this case, the first QoS information becomes the QoS information of the tunnel (eg, QoS flow) indicated by the allocated tunnel identifier.

[0098] According to this embodiment of the present invention, the QoS information of the first tunnel, the modified QoS information of the third tunnel, and/or the first QoS information are further missing the QoS parameter information related to the GBR. and/or

the first tunnel QoS information, the third tunnel modified QoS information, and/or the first QoS information includes at least one of the following: uplink and/or downlink packet filter information, which is represented by the first IPsec tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS flow class indication information represented by the first QoS class indication information.

[0099] In one embodiment of the present invention, sending a request to create a first tunnel to the first network serves to create one first tunnel, which is used to transmit data of the first IPsec tunnel.

[00100] Clearly, by requesting the creation of a first tunnel for the data of the first IPsec tunnel, the user equipment can transmit control signals sent to the second network over the first tunnel. The user equipment configures the downlink packet filter information of the first tunnel according to the information of the first IPsec tunnel, and the UPF of the first network can filter the control signals sent to the first network, and also perform the mapping of the IPsec tunnel information about the control signals between the user equipment and the second network to the first tunnel. By providing the QoS of the first tunnel, the goal of providing control signaling between the user equipment and the second network can be achieved.

[00101] According to this embodiment of the present invention, after the creation of the first tunnel is completed or the third tunnel is changed and converted to the first, performing the first side operation for the tunnel of the first network further includes at least one of the following:

transmitting control signals between the user equipment and the second network or data of the first IPsec tunnel through the first tunnel;

switching transmission of control signals between the user equipment and the second network or data of the first IPsec tunnel to the first tunnel for transmission; and

creating and/or maintaining a mapping between the first tunnel and the first IPsec tunnel;

and/or

after rejecting the creation of the first tunnel, rejecting the change of the third tunnel, rejecting the provision of the first QoS information, and/or releasing the first tunnel, the first accompanying operation for the tunnel of the first network further includes at least one of the following: a deregistration request to the second network, and transfer to the deregistration state.

[00102] Optionally, in this embodiment of the present invention, the first tunnel or the third tunnel is a QoS flow.

[00103] Optionally, in this embodiment of the present invention, the first tunnel is the first QoS flow or QoS flow in the first PDU session.

[00104] Optionally, in this embodiment of the present invention, the third tunnel is the existing QoS flow in the first PDU session.

[00105] In addition, in this embodiment of the present invention, the first tunnel is the first QoS flow, and making a request to the first network to create the first tunnel includes at least one of the following options:

making a request to the first network to create the first QoS flow in the first PDU session; and

transmitting a request to the first network to change the first PDU session or create the first PDU session, wherein the request to change the first PDU session or create the first PDU session contains QoS information of the first QoS flow to be created, or first QoS information.

[00106] If necessary in this embodiment of the present invention, the first tunnel is the first QoS flow, the third tunnel is the existing QoS flow in the first PDU session, requesting the first network to change the third tunnel over the first tunnel includes at least one of the following options :

making a request to the first network to change the third QoS flow in the first PDU session; and

transmitting to the first network a request to change the first session PDU;

wherein the change request of the first session PDU contains information of the third QoS flow to be changed.

[00107] According to this embodiment of the present invention, the first PDU session is a PDU session in the first network used for transmission of control signals between the user equipment and the second network.

[00108] According to this embodiment of the present invention, the first QoS information further includes at least one of the following: first QoS class indication, first priority information, indication information for requesting a separate delivery resource, and control signaling indication information.

[00109] According to this embodiment of the present invention, the first QoS class indication information and/or the first priority is further used to indicate a request for a particular delivery radio resource.

[00110] According to this embodiment of the present invention, the first QoS class indication information further includes at least one of the following: a QoS class indication for the operator; a non-standardized first indication of the QoS class, wherein the non-standardized first indication of the QoS class takes a value from 5 to 69; and a non-GBR QoS class indication. The non-standardized first indication of the QoS class can be represented by QFI (QoS flow identifier (QoS flow identifier)), 5QI or QCI (QoS class identifier (QoS class identifier)).

[00111] According to this embodiment of the present invention, the first priority information further includes: the first priority information taking a value of 5.

[00112] Optionally, in this embodiment of the present invention, the IPsec tunnel is represented by an IPsec Security Association (SA).

[00113] If necessary, in this embodiment of the present invention, the first IPsec tunnel is also referred to as: IPsec signaling SA, IPsec master SA, and control signaling IPsec SA.

[00114] According to this embodiment of the present invention, the first IPsec tunnel information further includes at least one of the following: first IPsec tunnel identifier, protocol field indicating Encapsulating Security Payload (ESP), parameter index security (Security Parameter Index) of the first IPsec tunnel and the second network information associated with the first IPsec tunnel.

[00115] According to one embodiment of the present invention, the first QoS flow is a non-standard QoS flow, which means that the first QoS flow is not a default QoS flow.

[00116] If necessary, in this embodiment of the present invention, obtaining the first IPsec tunnel information includes: obtaining the first IPsec tunnel information from the proxy network element. The proxy network element is the proxy of the first network for interfacing with the second network, eg N3IWF.

[00117] According to one embodiment, the first tunnel may have only one QoS rule containing only one piece of packet filter information. The packet filter information may be the first IPsec tunnel information. The first tunnel can only be used to transfer the data of the first IPsec tunnel.

[00118] According to these embodiments of the present invention, after the user equipment receives information of the first IPsec tunnel used for transmitting control signals between the user equipment and the second network, the user equipment performs a related operation for the tunnel of the first network based on the information of the first IPsec tunnel, so that so that the data of the first IPsec tunnel is properly associated with the tunnel of the first network, and the transmission of control signals between the user equipment and the second network is provided in the first network. After the creation of the first tunnel is completed, when the first IPsec tunnel data needs to be transmitted, the user equipment associates the first IPsec tunnel with the first tunnel data based on the uplink packet filter information in the QoS information of the first tunnel. Next, the data of the first tunnel is tied to the data of the first DRB and transmitted to the network element of the RAN. Upon receiving the data of the first IPsec tunnel, the UPF of the first network binds the first IPsec tunnel to the data of the first tunnel based on the downlink packet filter information in the QoS information of this tunnel. The first tunnel data is then transmitted to the RAN network element. The RAN network element binds the first tunnel data to the first DRB data. The RAN network element may perform radio resource scheduling for the first DRB based on the QoS information of the first tunnel. It is clear that the effect of enabling transmission of control signals between the user equipment and the second network can be achieved in the first network.

[00119] In the above embodiment, a method for enabling transmission of control signals between a user equipment and a second network in a first network is described, and a description is given for a method for providing transmission of user plane data between a user equipment and a second network in the first network.

[00120] Referring to FIG. 8, according to one embodiment of the present invention, a data communication method applicable to user equipment is further provided, which includes:

[00121] Step 81: Obtaining IPSec data tunnel information and/or tunnel information between the user equipment and the second network, wherein the IPSec data tunnel is an IPSec tunnel used to transfer user plane data between the user equipment and the second network, or tunnel data between the user equipment and the second network.

[00122] Step 82: Performing a second related operation for the first network tunnel based on the IPSec data tunnel information and/or the tunnel information between the user equipment and the second network.

[00123] According to this embodiment of the present invention, the tunnel between the user equipment and the second network may also be referred to as the second network tunnel.

[00124] According to this embodiment of the present invention, the user equipment can obtain IPsec data tunnel information used for transmitting user plane data between the user equipment and the second network and/or tunnel information between the user equipment and the second network, and can also perform a related operation for tunnel of the first network based on the received information to ensure proper binding of the IPsec data tunnel to the tunnel of the first network and transmission of user plane data of the second network in the first network.

[00125] According to this embodiment, when a predetermined condition is met, a second side operation is performed for the tunnel of the first network based on the information of the IPSec data tunnel and/or the information of the tunnel between the user equipment and the second network. The specified condition includes at least one of the following options:

transmitting accompanying signals to create an IPsec data tunnel and receiving information about the newly created IPsec data tunnel from the proxy network element; and

receiving associated IPsec data tunnel change information and changed IPsec data tunnel information from the proxy network element.

[00126] In one embodiment, the IPsec data tunnel is a newly created or modified IPsec tunnel. According to one implementation variant, changing the IPsec tunnel is implemented by removing it and re-creating it. For example, in the event that the proxy network element decides to change the IPsec tunnel associated with the tunnel between the user equipment and the second network, the proxy network element may delete the IPsec tunnel and then re-create it. After re-creating the IPsec tunnel, the user equipment will be able to obtain information about the tunnel associated with this IPsec tunnel between this user equipment and the second network (for example, the associated QoS flow ID and PDU session ID).

[00127] A proxy network element is a first network proxy for pairing with a second network, such as N3IWF.

[00128] In this embodiment of the present invention, performing the second related operation for the tunnel of the first network further includes at least one of the following:

submitting to the first network a request to create a second tunnel;

submitting to the first network a request to change the fourth tunnel;

transmitting QoS information of the second tunnel to the first network;

transmitting the changed QoS information of the fourth tunnel to the first network;

transmission of the second QoS information to the first network, whereby when the UE sends a request to create the second QoS information, QFI (QoS flow identifier (QoS flow identifier)) is not issued, and when the second QoS information is provided by the first network, the second QoS information is allocated QFI, in which case the second QoS information becomes the QoS flow information indicated by the dedicated QFI;

requesting the first network to provide a separate second tunnel or separate second QoS information for each IPsec data tunnel (which can be understood as a request to provide different second tunnels or second QoS information for different IPsec data tunnels);

making a request to the first network to provide a separate second tunnel or a separate second QoS information for the IPsec data tunnel;

making a request to the first network to provide one second tunnel for multiple IPsec data tunnels, or data binding of multiple IPsec data tunnels to one second tunnel or one part of the second QoS information;

changing the fourth tunnel for the IPsec data tunnel;

binding the IPsec data tunnel to the fourth tunnel;

setting uplink and/or downlink packet filter information of the second tunnel according to the IPsec data tunnel information;

setting the uplink and/or downlink packet filter information from among the first QoS information on the IPsec data tunnel information;

changing the uplink and/or downlink packet filter information in the QoS information of the fourth tunnel according to the IPsec data tunnel information or adding the IPsec data tunnel information; to the uplink and/or downlink packet filter information to the QoS information of the fourth tunnel;

setting a component type identifier of the traffic descriptor in the QoS information of the second tunnel according to the security parameters index type;

setting a component type identifier of the traffic descriptor in the second QoS information by type of security parameters index;

changing the component type identifier of the traffic descriptor in the QoS information of the fourth tunnel according to the security parameters index type;

setting the QoS parameter information in the QoS information of the second tunnel to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting the QoS parameter information in the second QoS information on the description information of the QoS flow corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

changing the QoS parameter information in the QoS information of the fourth tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network, or adding such QoS parameter information to the QoS parameter information in the QoS information of the fourth tunnel ; and

transmitting the IPsec data tunnel information to the first network;

where

the second tunnel is used for transmitting IPsec data tunnel data or is used for transmitting tunnel data between the user equipment and the second network, or is used for transmitting user plane data between the user equipment and the second network;

the fourth tunnel is represented by the tunnel already created for the user equipment and the first network; and

the second QoS information is represented by new QoS information.

[00129] In one implementation, the tunnel identifier (eg, QoS flow identifier) may be omitted from the second QoS information. The tunnel identifier (eg, QoS flow identifier) is also not provided when the user equipment sends a request to the first network for second QoS information (eg, QoS rules and/or QoS flow descriptions). Upon receipt of the second QoS information, the first network (eg, the SMF of the first network) allocates a tunnel identifier (eg, a QoS flow identifier) to the second QoS information. The user equipment receives the provided second QoS information from the first network, and this information includes a dedicated tunnel identifier (eg, a QoS flow identifier). In this case, the second QoS information becomes the QoS information of the tunnel (eg, QoS flow) indicated by the allocated tunnel ID.

[00130] According to this embodiment of the present invention, the second tunnel QoS information and/or the second QoS information further includes at least one of the following: uplink and/or downlink packet filter information, which is represented by IPsec data tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS parameter information, which is information corresponding to a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and/or

the modified fourth tunnel QoS parameter information includes at least one of the following: uplink packet filter information representing or including IPsec data tunnel information; downlink packet filter information that is or includes IPsec data tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS parameter information being or including information corresponding to a tunnel associated with the IPsec data tunnel between the user equipment and the second network.

[00131] In one embodiment, if performing the second side operation for the tunnel of the first network includes setting uplink and/or downlink packet filter information of the second tunnel according to the IPsec data tunnel information, and the second tunnel is associated with multiple IPsec data tunnels, the configured packet filter information of the second tunnel is the information of multiple associated IPsec data tunnels.

[00132] In addition, in one embodiment, after completion of the creation of the second tunnel, receiving the provided QoS information sent by the first network, which contains the second QoS information, providing the second QoS information by the first network, and/or receiving a transmission from the first network to ensure the creation of the first tunnel, performing The second associated operation for the tunnel of the first network additionally includes at least one of the following operations:

transmitting, through the second tunnel, IPsec tunnel data, tunnel data between the user equipment and the second network, or user plane data between the user equipment and the second network;

switching the IPsec data tunnel data, the tunnel data between the user equipment and the second network, or the user plane data between the user equipment and the second network to the second tunnel for transmission; and

creating and/or maintaining a mapping between the second tunnel and the IPsec data tunnel;

and/or

after completing the modification of the fourth tunnel, receiving the provided QoS information sent by the first network that contains the third QoS information, providing the third QoS information by the core network, and/or receiving a transmission from the first network to enable the modification of the third tunnel, performing a second related operation for the tunnel of the first network further includes at least one of the following operations:

transmitting IPsec data tunnel data through the fourth tunnel; switching the data of the IPsec data tunnel to the fourth tunnel for transmission; and

updating the mapping between the fourth tunnel and the IPsec tunnel, where the IPsec tunnel associated with the fourth tunnel includes the IPsec data tunnel;

and/or

after rejecting the creation of the second tunnel, rejecting the change of the fourth tunnel, rejecting the provision of the second QoS information, and/or releasing the second tunnel, the second accompanying operation for the tunnel of the first network further includes at least one of the following operations: making a request to the first network to release the tunnel associated with the second IPsec tunnel between the user equipment and issuing a response to the second network that the tunnel associated with the second IPsec tunnel between the user equipment and the second network has not been created.

[00133] Further, in one implementation, subject to the first condition being met, the first network is requested to provide a separate second tunnel for the IPsec data tunnel, or the first network is requested to provide a separate second QoS information for the IPsec data tunnel, where

the first condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a GBR tunnel or contains QoS parameter information related to GBR;

indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network takes the value N, where N is one of the following values: 1, 5, 69 and 70;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing voice traffic;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing emergency call traffic;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing high priority traffic;

the received tunnel information between the user equipment and the second network contains the individual delivery resource indication information;

the QoS information of the fourth tunnel is different from the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the indication of the QoS class of the fourth tunnel is different from the indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the GBR-related QoS parameter information of the fourth tunnel is different from the GBR-related QoS parameter information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the priority of the fourth tunnel is different from the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

in the absence of a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel does not contain IPsec data tunnel information;

and/or

if the second condition is met, the first network is requested to provide one second tunnel for multiple IPsec data tunnels, the first network is requested to provide one part of the second QoS information for multiple IPsec data tunnels, data binding of multiple IPsec data tunnels to the second tunnel, or data binding of multiple IPsec data tunnels to one part of the second QoS information, where

the second condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a non-GBR tunnel or contains a QoS parameter related to non-GBR; and

the received tunnel information between the user equipment and the second network does not contain indication information of a separate delivery resource or contains information that is not required for a separate delivery resource;

and/or

if the third condition is met, the fourth tunnel is changed to an IPsec data tunnel, where

the third condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a non-GBR tunnel;

the received tunnel information between the user equipment and the second network does not contain indication information of a separate delivery resource or contains information that is not required for a separate delivery resource;

the QoS information of the fourth tunnel is different from the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the QoS class indication of the fourth tunnel is identical to the tunnel QoS class indication associated with the IPsec data tunnel between the user equipment and the second network;

the GBR-related QoS parameter information of the fourth tunnel is different from the GBR-related QoS parameter information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the priority of the fourth tunnel is different from the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

if there is a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel does not contain the IPsec data tunnel information, and in this case, it is sufficient to simply change the fourth channel to include the IPsec data tunnel information;

and/or

if the fourth condition is met, the IPsec data tunnel is bound to the fourth tunnel, where

the fourth condition includes at least one of the following options:

the QoS information of the fourth tunnel is the same as the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the QoS requirement of the fourth tunnel is greater than or identical to the QoS requirement of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the indication of the QoS class of the fourth tunnel is greater than or identical to the indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

if there is a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel contains IPsec data tunnel information. [00134] If necessary, according to this embodiment of the present invention, when the IPsec data tunnel is associated with one tunnel between the user equipment and the second network, setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec tunnel data between the user equipment and the second network includes at least one of the following options:

setting or changing the QoS class indication of the second tunnel according to the tunnel QoS class indication corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the priority of the second tunnel according to the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet delay budget of the second tunnel according to the packet delay budget of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet error rate of the second tunnel according to the packet error rate of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the default maximum packet data amount of the second tunnel to the default maximum packet data amount of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the default averaging window of the second tunnel by the default averaging window of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

when there is no averaging window for the tunnel associated with the IPsec data tunnel between the user equipment and the second network, setting or changing the second tunnel for a condition of no default averaging window;

setting or changing the uplink GBR or GFBR of the second tunnel over the uplink GBR or GFBR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the GBR or GFBR of the downlink of the second tunnel through the GBR or GFBR of the downlink of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the uplink MBR or MFBR of the second tunnel over the uplink MBR or MFBRR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

setting or changing the downlink MBR or MFBR of the second tunnel over the downlink MBR or MFBR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

and/or

when the multi-tunnel condition is met, setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes at least one of the following options:

setting or changing the QoS parameter information of the second tunnel according to the QoS parameter information with the highest QoS requirement, which corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the QoS class indication of the second tunnel according to the highest priority tunnel QoS class indication that corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no standardized QoS class indication corresponding to a combination of the following information about the second tunnel QoS parameter: priority, packet delay budget, packet error rate, maximum data packet size, regardless of whether the GBR value and/or the default averaging window requirement is set, setting and changing the QoS class indication of the second tunnel to a non-standardized QoS class indication or no QoS class indication condition;

when there is no standardized QoS class indication corresponding to the second tunnel QoS parameter information other than the QoS class indication, setting and changing the QoS class indication of the second tunnel to a non-standardized QoS class indication or no QoS class indication condition;

setting or changing the priority of the second tunnel from the highest priority corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet delay budget of the second tunnel to the smallest packet delay budget corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

adjusting or changing the packet error rate of the second tunnel according to the lowest value packet error rate corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

setting or changing the default maximum packet data amount of the second tunnel to the default maximum packet data amount of the largest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no tunnel requiring an averaging window for tunnels associated with the IPsec data tunnel between the user equipment and the second network, configuring or changing the second tunnel in order to have a requirement for a default averaging window;

when a GBR tunnel is present in the tunnels associated with the IPsec data tunnel, at least one of the following operations is performed between the user equipment and the second network:

setting up or changing a second tunnel over the GBR tunnel;

setting or changing the GFBR or GBR of the second tunnel to the highest GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the MFBR or MBR of the second tunnel to the highest MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the GFBR or GBR of the uplink of the second tunnel to the highest value of the GFBR or GBR of the uplink corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the MFBR or MBR of the uplink of the second tunnel according to the highest value of the MFBR or MBR of the uplink corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the GFBR or GBR of the downlink of the second tunnel to the highest value of the downlink GFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the downlink MFBR or MBR of the second tunnel according to the highest downlink MFBR value corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

when the IPsec data tunnel is associated with a tunnel with QoS class indication N between the user equipment and the second network, setting and changing the QoS class indication of the second tunnel over N or changing the QoS class indication of the fourth tunnel over N, where the value of N is obtained from the first network or includes one value from the following: 1, 5, 69 and 70;

when the IPsec data tunnel is associated with a tunnel containing voice traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the voice traffic;

when the IPsec data tunnel is associated with a tunnel containing emergency call traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the emergency call traffic;

when the IPsec data tunnel is associated with a tunnel containing high priority traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the high priority traffic;

when the standardized QoS class indication is presented for the QoS flow of the second network contained in the IPsec data tunnel, setting and changing the QoS class indication of the second tunnel according to the standardized QoS class indication; and

setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel newly associated with the IPsec data tunnel between the user equipment and the second network, where

the multi-tunnel condition includes at least one of the following:

The IPsec data tunnel is associated with multiple tunnels on the second network;

The IPsec data tunnel is reassociated with the tunnel between the user equipment and the second network, and the newly associated tunnel between the user equipment and the second network has the highest QoS requirement in the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

The IPsec data tunnel is decoupled from the tunnel between the user equipment and the second network, and the decoupled tunnel between the user equipment and the second network has a higher QoS requirement in the tunnels associated with the IPsec data tunnel between the user equipment and the second network.

[00135] If necessary, according to this embodiment of the present invention, when the IPsec data tunnel is associated with multiple tunnels of the second network, setting the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the subscriber equipment and a second network includes at least one of the following options:

changing the QoS parameter information of the fourth tunnel to the highest QoS requirement QoS parameter information that corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the indication of the QoS class of the fourth tunnel to the indication of the QoS class of the tunnel with the highest priority, which corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no standardized QoS class indication corresponding to a combination of the following fourth tunnel QoS parameter information: priority, packet delay budget, packet error rate, maximum data packet size, regardless of whether the GBR value and/or the default averaging window requirement is set, changing the QoS class indication of the fourth tunnel to a non-standardized QoS class indication or no QoS class indication condition;

when there is no standardized QoS class indication corresponding to the QoS parameter information of the fourth tunnel, except for the QoS class indication, changing the QoS class indication of the fourth tunnel to a non-standardized QoS class indication, or no QoS class indication condition;

changing the priority of the fourth tunnel from the priority with the highest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the packet delay budget of the fourth tunnel to the lowest packet delay budget corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the packet error rate of the fourth tunnel according to the smallest packet error rate corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the default maximum packet data amount of the fourth tunnel from the default maximum packet data amount with the largest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

when there is no tunnel requiring an averaging window for tunnels associated with the IPsec data tunnel between the user equipment and the second network, changing the fourth tunnel to require a default averaging window;

when a GBR tunnel is present in the tunnels associated with the IPsec data tunnel, at least one of the following operations is performed between the user equipment and the second network:

change of the fourth tunnel along the GBR tunnel;

changing the GFBR or GBR of the fourth tunnel to the highest GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the MFBR or MBR of the fourth tunnel according to the highest MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the uplink GFBR or GBR of the fourth tunnel according to the highest uplink GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the uplink MFBR or MBR of the fourth tunnel according to the highest uplink MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the downlink GFBR or GBR of the fourth tunnel according to the highest downlink GFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the downlink MFBR or MBR of the fourth tunnel according to the highest downlink MFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network; and

when the IPsec data tunnel is associated with a tunnel with QoS class indication N between the user equipment and the second network, change the QoS class indication of the fourth tunnel over N, where the value of N is obtained from the first network or includes one of the following: 1, 5, 69, and 70 ;

when the IPsec data tunnel is associated with a tunnel containing voice traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the voice traffic;

when the IPsec data tunnel is associated with a tunnel containing emergency call traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the emergency call traffic;

when the IPsec data tunnel is associated with a tunnel containing high priority traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the high priority traffic; and

when the standardized QoS class indication is presented for the QoS flow of the second network contained in the IPsec data tunnel, changing the QoS class indication of the fourth tunnel according to the standardized QoS class indication.

[00136] Optionally, in this embodiment of the present invention, Additionally, the second tunnel and/or the fourth tunnel is a QoS flow.

[00137] Optionally, in this embodiment of the present invention, the second tunnel is the second QoS flow or QoS flow in the first session PDU;

[00138] Optionally, in this embodiment of the present invention, the fourth tunnel is the existing QoS flow in the first session PDU;

[00139] Optionally, in this embodiment of the present invention, a tunnel between the user equipment and the second network QoS flow between the user equipment and the second network.

[00140] Optionally, in this embodiment of the present invention, the tunnel between the user equipment and the second network is the QoS flow of the second network.

[00141] Optionally, in this embodiment of the present invention, the second tunnel is a second QoS flow, and making a request to the first network to create a second tunnel includes at least one of the following options:

making a request to the first network to add a second QoS flow to the first session PDU; and

sending a request to the first network to change a PDU session or create a first PDU session, a request to change a first PDU session or create a first PDU session containing QoS information of a second QoS flow to be created;

[00142] If necessary, in this embodiment of the present invention, the second tunnel is the second QoS flow, the fourth tunnel is the existing QoS flow in the first PDU session, making a request to the first network to change the fourth tunnel over the first tunnel includes at least one of the following options :

making a request to the first network to change the fourth QoS flow in the first PDU session; and

transmitting a request to the first network to change the PDU session, where the change request of the first PDU session contains QoS information of the fourth QoS flow to be changed; and

first session PDU A PDU session in the first network used to transfer information between the user equipment and the second network.

[00143] Optionally, in this embodiment of the present invention, the IPsec tunnel SA IPsec.

[00144] Optionally, in this embodiment of the present invention, the IPsec data tunnel is also referred to as: IPsec data SA, child IPsec SA, user plane data IPsec SA, QoS flow data IPsec SA.

[00145] Optionally, in this embodiment of the present invention, the IPsec data tunnel information includes at least one of the following: an IPsec data tunnel identifier, a protocol field indicating ESP, an IPsec data tunnel security parameter index, and tunnel identification information associated with the IPsec data tunnel between the user equipment and the second network.

[00146] Optionally, according to this embodiment of the present invention, the tunnel information between the user equipment and the second network includes at least one of the following: IPSec data tunnel identifier associated with the tunnel between the user equipment and the second network, IPSec tunnel security parameter index connected by a tunnel between the user equipment and the second network (which may also be referred to as a tunnel of the second network), a new tunnel between the user equipment and the second network, a remote tunnel between the user equipment and the second network, information about the quality of service parameters of the tunnel between the user equipment and the second network , indication information of a separate delivery resource, and indication information that a separate delivery resource is not required.

[00147] According to one embodiment, the tunnel identification information associated with the IPsec data tunnel between the user equipment and the second network includes at least one of the following elements: a QoS flow identifier and a session identifier of the PDU to which the QoS flow relates.

[00148] Tunnel QoS information includes at least one of the following: be it GBR or non-GBR, QoS class indication (5QI or QFI), priority, packet delivery budget, packet error rate, default maximum data size, averaging window over default, uplink GBR, downlink GBR, uplink MBR, downlink MBR, uplink GFB, downlink GFBR, uplink MFBR, downlink MFBR, traffic descriptor component type identifier, and packet filter information.

[00149] If necessary, in this embodiment of the present invention, obtaining IPsec data tunnel information and/or tunnel information between the user equipment and the second network includes:

obtaining IPsec data tunnel information from the proxy network element; and/or obtaining tunnel information between the user equipment and the second network from the second network.

[00150] According to one embodiment, the second QoS flow is a non-standard QoS flow.

[00151] According to one embodiment, the second tunnel may have only one QoS rule containing one piece of packet filter information. The packet filter information may be IPsec data tunnel information. The second tunnel can only be used to transfer IPsec data tunnel data.

[00152] According to this embodiment of the present invention, the user equipment can obtain IPsec data tunnel information used for transmitting user plane data between the user equipment and the second network and/or tunnel information between the user equipment and the second network, and can also perform a related operation for tunnel of the first network based on the received information to ensure proper binding of the IPsec data tunnel to the tunnel of the first network and transmission of user plane data of the second network in the first network. After completion of the creation of the second tunnel, when it is necessary to transmit the data of the IPsec data tunnel, the user equipment associates the second IPsec tunnel with the data of the second tunnel based on the packet filter information in the QoS information of the second tunnel. Next, the second QoS flow data is bound to the second DRB data and transmitted to the RAN network element. Upon receiving the IPsec data tunnel data, the UPF of the first network binds the second IPsec tunnel to the data of the second tunnel based on the downlink packet filter information in the QoS information of the second tunnel. The second channel data is then transmitted to the RAN network element. The RAN network element binds the second channel data to the second DRB data. The RAN network element may perform radio resource scheduling for the second DRB based on the QoS information of the second tunnel. It is clear that the effect of providing data transmission, and in particular important traffic data, between the user equipment and the second network can be achieved in the first network.

[00153] Referring to FIG. 9, according to one embodiment of the present invention, a data communication method applicable to a proxy network element is further provided, which includes:

[00154] Step 91: Determining whether a condition is met; if so, you must perform step 92, otherwise, terminate the procedure.

[00155] Step 92: Performing an operation related to the IPsec data tunnel for the tunnel of the second network after confirming that the predetermined condition is met.

[00156] A proxy network element is a proxy of the first network for interfacing with the second network.

[00157] In this embodiment of the present invention, the proxy network element can perform an operation related to the IPsec data tunnel of the second network, thereby realizing the rational binding of the tunnels of the second network to the IPsec data tunnels to provide user plane data of the second network in the first network.

[00158] In some embodiments of the present invention, an IPsec data tunnel associated with a tunnel between a user equipment and a second network, or an IPsec data tunnel is an IPsec tunnel used to transmit tunnel data of the second network.

[00159] Optionally, according to this embodiment of the present invention, the set condition includes at least one of the following options:

a request is received to create a tunnel between the user equipment and the second network;

a request is received to change the tunnel between the user equipment and the second network;

the proxy network element provides 3GPP access;

the first network is the 3GPP network; and

the operation of linking the tunnel between the user equipment and the second network to the IPsec tunnel has been performed.

[00160] In some embodiments of the present invention, the received request to create a tunnel between the user equipment and the second network is a request to create or change a second network PDU session or a request to create a second network QoS flow.

[00161] In some embodiments of the present invention, the received tunnel change request between the user equipment and the second network is a second network PDU session change request or a second network QoS flow change request.

[00162] If necessary, according to this embodiment of the present invention, performing an operation related to the IPsec data tunnel for the tunnel of the second network includes at least one of the following operations:

determining a binding from the tunnel between the user equipment and the second network to the IPsec data tunnel;

creating a separate IPsec data tunnel for each tunnel between the user equipment and the second network, or creating different IPsec data tunnels for different tunnels between the user equipment and the second network;

creating a separate IPsec data tunnel for each GBR tunnel between the user equipment and the second network;

when the tunnel between the user equipment and the second network meets the separate delivery condition, creating a separate IPsec data tunnel for the tunnel between the user equipment and the second network;

creating an IPsec data tunnel specifically for non-GBR for the GBR tunnel between the user equipment and the second network;

binding one or more non-GBR tunnels between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically for priority for the GBR tunnel between the user equipment and the second network;

binding one or more tunnels with the same priority between the user equipment and the second network to one IPsec data tunnel;

creating different IPsec data tunnels for tunnels with different priorities between the user equipment and the second network, or associating tunnels with different priorities between the user equipment and the second network to different IPsec data tunnels;

creating an IPsec data tunnel specifically for the GBR related QoS parameter information for the tunnel between the user equipment and the second network;

creation of different IPsec data tunnels for tunnels with different GBR-related QoS parameter information between the user equipment and the second network, or linking tunnels with different GBR-related QoS parameter information between the user equipment and the second network to different IPsec tunnels data;

binding one or more tunnels with the same GBR related QoS parameter information between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network;

creating different IPsec data tunnels for tunnels with different QoS class indications between the user equipment and the second network, or linking tunnels with different QoS class indications between the user equipment and the second network to different IPsec data tunnels;

binding one or more tunnels with the same QoS parameter information between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network;

creation of IPsec data tunnels for tunnels with different QoS class indication between the user equipment and the second network; and

binding multiple tunnels with the same QoS information between the user equipment and the second network to one IPsec data tunnel.

[00163] According to this embodiment of the present invention, when creating an IPsec tunnel, a proxy network element may allocate a separate IPsec tunnel for a tunnel (e.g., QoS flow) of a second network, e.g., a GBR QoS flow, an Important High Priority (MPS) QoS flow, QoS flow of voice traffic, where 5QI=1, 5QI=5, etc., so that the user equipment can make a request to the first network for the first network to achieve the effect of providing QoS.

[00164] The separate delivery condition includes at least one of the following options:

a tunnel between the user equipment and the second network GBR tunnel;

indication of the QoS class of the tunnel between the user equipment and the second network takes the value N, where N is one of the following values: 1.5, 69 and 70;

a tunnel between the user equipment and the second network; a tunnel containing voice traffic;

tunnel between user equipment and the second network - a tunnel containing emergency call traffic;

tunnel between user equipment and the second network - a tunnel containing high priority traffic;

the received request to create a tunnel between the user equipment and the second network contains indication information of a separate delivery resource;

the QoS information of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the QoS information of the tunnel between the user equipment and the second network requested to be created;

the indication of the QoS class of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the indication of the QoS class of the tunnel between the user equipment and the second network, the establishment of which is requested;

the QoS parameter information related to the GBR of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the QoS parameter information related to the GBR of the tunnel between the user equipment and the second network, the creation of which is requested;

the QoS priority of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the priority of the tunnel between the user equipment and the second network, the creation of which is requested;

the non-GBR tunnel is present in the existing tunnels associated with the IPsec data tunnel between the user equipment and the second network; a tunnel between the user equipment and the second network for which a request has been received, a non-GBR tunnel.

[00165] Optionally, in this embodiment of the present invention, the tunnel is a QoS flow.

[00166] Optionally, in this embodiment of the present invention, the tunnel between the user equipment and the second network QoS flow of the second network.

[00167] In some embodiments of the present invention, the QoS flows of the second network are QoS flows of a single PDU session of the second network, or QoS flows of multiple PDU sessions of the second network.

[00168] Clearly, based on the Proxy Network Element managing the rational binding of second network QoS flows to IPsec data tunnels, the user equipment can send a request to the first network to provide different second QoS flows for different IPsec data tunnels, and then provide availability of data passing between the user equipment and the second network in the first network. With regard to the QoS flow of the second network containing important traffic, the proxy network element may bind the flow to a detached IPsec data tunnel. The user equipment can request a separate first flow QoS of the first network for the IPsec data tunnel, thereby ensuring the availability of important data passing between the user equipment and the second network in the first network. With the foregoing communication method according to this embodiment of the present invention, the rational binding of the second network tunnels to the IPsec tunnels of the proxy network element, and the binding of the IPsec tunnels of the proxy network element to the tunnels of the first network can be realized, and finally can the effect of making the information of the second network or the service of the second network available through the first network be realized.

[00169] Referring to FIG. 10, in one embodiment, the present invention further provides a data communication method applicable to a communication network element that includes a communication network element of a first or second network, and the method includes:

[00170] Step 101: transmit tunnel information between the user equipment and the second network (which may be referred to as the tunnel of the second network), wherein the tunnel information between the user equipment and the second network includes at least one of the following elements: an IPSec data tunnel identifier associated with tunnel between UE and second network, IPSec data tunnel security parameter index associated with tunnel between UE and second network, new tunnel between UE and second network, remote tunnel between UE and second network, tunnel QoS parameter information between the user equipment and the second network, indication information of a separate delivery resource, and indication information that a separate delivery resource is not required.

[00171] In this embodiment of the present invention, a communication network element may be represented by such an element in the first or second network.

[00172] In this embodiment of the present invention, transmitting tunnel information between the user equipment and the second network further includes: transmitting tunnel information between the user equipment and the second network to at least one of the user equipment and the proxy network element. The proxy network element is the proxy of the first network for interfacing with the second network.

[00173] In this embodiment of the present invention, under the predetermined condition, tunnel information between the user equipment and the second network is further transmitted, and the predetermined condition includes: the user equipment accessing the second network through the first network represented by the 3GPP network.

[00174] It is clear that based on the communication network element providing transmission to the user equipment of tunnel information between the user equipment and the second network, the latter can request the first network to provide different second QoS flows for different IPsec data tunnels, with subsequent provision of data availability passing between the user equipment and the second network, in the first network.

[00175] Referring to FIG. 11, according to the present invention, a data communication method applicable to user equipment is further provided, which includes:

[00176] Step 111: Obtaining IPSec tunnel information, wherein the IPSec tunnel is an IPSec tunnel used to transfer information between the user equipment and the second network.

[00177] Step 112: Performing a side operation for the tunnel of the first network based on the information of the first IPSec tunnel.

[00178] In this embodiment of the present invention, performing a side operation for the first network tunnel further includes at least one of the following:

submitting to the first network a request to create or change a tunnel of the first network;

setting the packet filter information of the tunnel of the first network to the information of the first IPSec tunnel;

requesting the first network to provide one tunnel of the first network for each IPsec tunnel, using the tunnel of the first network to transmit data of the IPsec tunnel; and

transmitting tunnel packet filter information of the first network to the first network.

[00179] In this embodiment of the present invention, the IPsec tunnel information further includes at least one of the following:

IPsec tunnel identifier;

protocol field indicating ESP; and

index of the security settings of the IPsec tunnel.

[00180] In this embodiment of the present invention, the information between the user equipment and the second network further includes at least one of the following:

transmission of control signals between the user equipment and the second network;

transmitting user plane data between the user equipment and the second network;

transmitting QoS flow data between the user equipment and the second network; and

IPsec tunnel data for transferring information between the user equipment and the second network.

[00181] Additionally, in this embodiment of the present invention, when the IPsec tunnel is released or the user equipment is disconnected from the second network, performing the accompanying operation for the first network tunnel includes at least one of the following: requesting the first network to release the IPsec data tunnel; tunnel; start the first timer; submitting to the first network a request to release the tunnel for data transmission of the IPsec tunnel after the expiration of the first timer; and stopping the first timer if a request to create an idle IPsec tunnel is received before the expiration of the first timer.

[00182] With the above data transfer method according to this embodiment of the present invention, rational binding of tunnels of the second network to IPsec tunnels of the proxy network element, and mapping of IPsec tunnels of the proxy network element to tunnels of the first network can be realized, and, finally, the effect of making the information and/or service of the second network available through the first network can be realized.

[00183] Next, with reference to specific application scenarios, a description is given of a method for providing data transmission according to embodiments of the present invention.

[00184] With reference to specific application scenarios, the following is a description of a data transmission method according to embodiments of the present invention.

[00185] Application scenario 1 of embodiments of the present invention:

[00186] The use case 1 according to embodiments of the present invention is advantageously a procedure in which a user equipment (UE is taken as an example for description) requests a first network to establish a first QoS flow after a first IPsec tunnel is established between the user equipment and the network intermediary element. An intermediary network element is an intermediary (eg, N3IWF) between the first and second networks, which may be a communication network element of the first or second network. The first IPsec tunnel is an IPsec tunnel used for transmission of control signals between the user equipment and the second network. In the following description, the AMF is used to represent the AMF of the first network, the SMF is the SMF of the first network, the UPF of the UPF of the first network, and the RAN network element of the first network element. According to FIG. 12A and 12B, the corresponding data transmission method includes the following steps.

[00187] Step 1: creating between the UE and the first network session PDU (protocol data unit (protocol data unit)) of the first network. The SMF of the first network can create a generic QoS flow for the user equipment by default. The session PDU of the first network is used to transfer information between the user equipment and the second network. The information transmitted between the user equipment and the second network may be a transmission of control signals and/or user plane data.

[00188] Step 2: Through interaction between the UE, the proxy network element and the second network, a first IPsec tunnel (eg, IPsec signaling SA) is created between the UE and the proxy network element to transfer control signals (eg, NAS information) between the UEs and the second network.

[00189] The UE receives the first IPsec tunnel information from the Proxy Network Element. For details of the information of the first IPsec tunnel, see the above description of the embodiment in FIG. 7. The detailed description in this application will not be repeated.

[00190] Based on the information of the first IPsec tunnel, the UE performs the first associated operation for the tunnel of the first network. For details, see the above description of the embodiment in FIG. 7. The detailed description in this application will not be repeated.

[00191] Step 3: The UE sends an uplink NAS message to the AMF to add the first QoS flow to the first session PDU. The NAS message includes a request to change the PDU session. The PDU session change request includes the following information: the first PDU session identifier, the requested QoS rule, and/or the requested QoS flow descriptive information.

[00192] The requested QoS rule includes a QoS flow identifier and a QoS rule with respect to the first requested QoS flow.

[00193] The requested QoS flow description includes a QoS flow identifier and a description of the first requested QoS flow.

[00194] The description of the first QoS flow includes first indication information about the QoS class.

[00195] The type identifier of the traffic descriptor component in the QoS rule for the first QoS flow is configured by the type of the security parameters index. For example, the security settings index type is 01100000.

[00196] The uplink and/or downlink packet filter information in the first QoS flow rule is represented by the first IPsec tunnel information (the first IPsec tunnel information includes at least one of the following: first IPsec tunnel identifier, protocol field indicating ESP, and SPI of the first IPsec tunnel).

[00197] The description of the first QoS flow does not include GBR-related QoS parameters (such as uplink/downlink GFBR, uplink/downlink MFBR, and GBR 5QI).

[00198] The QoS flow description and/or first QoS flow rule includes a first QoS class indication (also referred to as QFI, QCI, 5Q, etc.).

[00199] Step 4: The AMF sends a session SM (session management) PDU context change request message to the SMF.

[00200] The session SM PDU context change request includes the following information: the first PDU session identifier, the requested QoS rule, and/or the requested QoS flow descriptive information.

[00201] The requested QoS rule includes a QoS flow identifier and a QoS rule with respect to the first requested QoS flow.

[00202] The requested QoS flow descriptive information includes a QoS flow identifier and a description of the first requested QoS flow.

[00203] The first QoS flow descriptive information includes first QoS class indication information.

[00204] The type identifier of the component of the traffic descriptor in the QoS rule for the first QoS flow is configured by the type of the security parameters index.

[00205] The uplink and/or downlink packet filter information in the first QoS flow rule is represented by the first IPsec tunnel information (the first IPsec tunnel information includes at least one of the following: first IPsec tunnel identifier, protocol field indicating ESP, and the Security Parameter Index (SPI) of the first IPsec tunnel).

[00206] The description of the first QoS flow does not include GBR-related QoS parameters (such as uplink/downlink GFBR, uplink/downlink MFBR, and GBR 5QI).

[00207] The QoS flow description and/or first QoS flow rule includes a first QoS class indication (also referred to as QFI, QCI, 5Q, etc.).

[00208] When determining the creation of the first QoS flow, the first network issues a response to the session SM PDU context change on the AMF of the first network.

[00209] Step 5: The SMF sends an N1/N2 message to the AMF.

[00210] Step 6: The AMF sends a session resource change request PDU to the RAN network element. The PDU session resource change request includes a QoS context and a first QoS flow identifier, as well as a NAS message (change PDU session command).

[00211] The QoS flow identifier may be represented by a first QoS class indication.

[00212] The context of the first QoS flow may include a first QoS class indication.

[00213] Based on the first QoS class indication, the RAN allocates a separate DRB (referred to as the first DRB) for the first QoS flow. That is, the first DRB is used for data transmission of the first QoS flow or solely for such transmission.

[00214] Step 7: The RAN network element sends an RRC reconfiguration request to the UE. The RRC reconfiguration request includes the configuration of the first DRB to which the first QoS flow is bound and the NAS message (change session PDU command).

[00215] Step 8: The UE issues a response to the RRC reconfiguration request to the RAN network element.

[00216] Step 9: The RAN network element issues a response to the PDU session resource change to the AMF.

[00217] Step 10: The AMF starts the process of changing the context of the session SM PDU in the SMF.

[00218] Step 11: The SMF sends an N4 PDU session change request to the UPF to add a first QoS flow to the first PDU session. The N4 PDU session change request includes a first QoS flow rule to be added.

[00219] The type identifier of the traffic descriptor component in the QoS rule for the first QoS flow is configured by the type of the security parameters index.

[00220] The uplink and/or downlink packet filter information in the first QoS flow rule is represented by the first IPsec tunnel information (the first IPsec tunnel information includes at least one of the following: first IPsec tunnel identifier, protocol field pointing to ESP, and SPI of the first IPsec tunnel).

[00221] The creation of the first QoS flow is completed and the UPF issues a response to the N4 PDU session change request to the SMF.

[00222] Step 12: The UE transmits an uplink NAS message to the AMF of the first network. The NAS message includes information about the end of the PDU session change.

[00223] Step 13: The AMF starts a session context change procedure for the SM PDU in the SMF.

[00224] Subsequently, if it is necessary to transmit the data of the first IPsec tunnel, the user equipment binds the first IPsec tunnel to the data of the first QoS flow based on the uplink packet filter information of the same flow. Next, the first QoS flow data is bound to the first DRB data and transmitted to the RAN network element. Upon receiving the data of the first IPsec tunnel, the UPF of the first network binds the first IPsec tunnel to the data of the first QoS flow based on the downlink packet filter information of the same flow. The data of the first QoS flow is then transmitted to the RAN network element. The RAN network element binds the data of the first QoS flow to the data of the first DRB. In a preferred embodiment, the RAN network element may provide the first DRB based on the information of the first QoS flow. It is clear that the effect of enabling transmission of control signals between the user equipment and the second network can be achieved in the first network.

[00225] Application scenario of 2 embodiments of the present invention:

[00226] The use case 2 according to embodiments of the present invention is advantageously a procedure in which a user equipment (UE is taken as an example for description) requests a first network to establish a second QoS flow after establishing an IPsec data tunnel between the user equipment and the network intermediary element. An intermediary network element is an intermediary (eg, N3IWF) between the first and second networks, which may be a communication network element of the first or second network. An IPsec data tunnel is an IPsec tunnel used to transfer user plane data between a user equipment and a second network, or tunnel data between the user equipment and a second network. In the following description, AMF is used to represent the AMF of the first network, SMF is the SMF of the first network, UPF is the UPF of the first network, and RAN is the network element of the first network. According to FIG. 13A and 13B, the corresponding data transmission method includes the following steps.

[00227] Step 1: creating between the UE and the first network session PDU (protocol data unit (protocol data unit)) of the first network. The SMF of the first network creates a generic QoS flow for the user equipment by default. The session PDU of the first network is used to transfer information between the user equipment and the second network. The information transmitted between the user equipment and the second network may be a transmission of control signals and/or user plane data.

[00228] Step 2: Through interaction between the UE, the Proxy Network Element and the second network, an IPsec Data Tunnel (eg, Data IPsec SA) is created between the UE and the Proxy Network Element to transfer control signals (eg, NAS information) between the UEs and the second network.

[00229] The UE obtains IPsec data tunnel information from the Proxy Network Element. For details of the IPsec data tunnel, see the above description of the embodiment in FIG. 8. The detailed description in this application will not be repeated.

[00230] Based on the information of the IPsec data tunnel, the UE performs a second side operation for the tunnel of the first network. For details, see the above description of the embodiment in FIG. 8. The detailed description in this application will not be repeated.

[00231] Step 3: The UE sends an uplink NAS message to the AMF to add a second QoS flow to the first session PDU. The NAS message includes a request to change the PDU session. The PDU session change request includes the following information: the first PDU session identifier, the requested QoS rule, and/or the requested QoS flow description.

[00232] The requested QoS rule includes a QoS flow identifier and a QoS rule for the second requested QoS flow. [00233] The requested QoS flow description includes a QoS flow identifier and a second requested QoS flow description.

[00234] The description of the second QoS flow includes QoS information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

[00235] The type identifier of the traffic descriptor component in the QoS rule for the second QoS flow is configured by the type of the security parameters index.

[00236] The uplink and/or downlink packet filter information in the second QoS flow rule is represented by IPsec data tunnel information (the IPsec data tunnel information includes at least one of the following: IPsec data tunnel identifier, protocol field indicating ESP, an IPsec data tunnel security parameter index and tunnel identification information associated with the IPsec data tunnel between the user equipment and the second network).

[00237] The description of the QoS flow and/or the rule of the second QoS flow includes information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network (identification information about the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes: ID of the QoS flow, ID of the PDU session to which the QoS flow belongs).

[00238] Step 4: The AMF sends a session_SM (session management) PDU context change request message to the SMF.

[00239] The session_SM PDU context change request includes the following information: the first PDU session identifier, the requested QoS rule, and/or the requested QoS flow description.

[00240] The requested QoS rule includes a QoS flow identifier and a QoS rule for the second requested QoS flow.

[00241] The requested QoS flow description includes a QoS flow identifier and a second requested QoS flow description.

[00242] The description of the second QoS flow includes QoS information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

[00243] The type identifier of the traffic descriptor component in the QoS rule for the second QoS flow is configured by the type of the security parameters index.

[00244] The upstream and/or downstream packet filter information in the second QoS flow rule is represented by the IPsec data tunnel information (the IPsec data tunnel information includes at least one of the following: IPsec data tunnel identifier, protocol field indicating ESP, an IPsec data tunnel security parameter index and tunnel identification information associated with the IPsec data tunnel between the user equipment and the second network).

[00245] The description of the QoS flow and/or the rule of the second QoS flow includes information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network (identification information about the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes: ID of the QoS flow, ID of the PDU session to which the QoS flow belongs).

[00246] When determining the creation of the second QoS flow, the first network issues a response to the session_SM PDU context change on the AMF of the first network.

[00247] Step 5: The SMF sends an N1/N2 message to the AMF.

[00248] Step 6: The AMF sends a session PDU resource change request as well as second QoS flow information to the RAN network element requesting creation of a second QoS flow. The PDU session resource change request includes a QoS context and a second QoS flow identifier, as well as a NAS message (change PDU session command).

[00249] The QoS flow identifier may be represented by a QoS class indication (hereinafter second QoS class indication) corresponding to the QoS flow of the second network associated with the IPsec data tunnel.

[00250] The second QoS flow context may include a second QoS class indication.

[00251] Based on the information of the second QoS flow, under the first condition (as presented in the above embodiment of the present method), the RAN allocates a separate DRB (referred to as the second DRB) for the second QoS flow. Alternatively, the RAN network element performs data binding of every second QoS flow to one second DRB. That is, the second DRB is used for data transmission of the second QoS flow or solely for such transmission. [00252] Step 7: The RAN network element sends an RRC reconfiguration request to the UE. The RRC reconfiguration request includes the configuration of the DRB to which the second QoS flow is bound, and a NAS message (command to change session PDU).

[00253] Step 8: The UE issues a response to the RRC reconfiguration request to the RAN network element.

[00254] Step 9: The RAN network element issues a response to the PDU session resource change to the AMF.

[00255] Step 10: The AMF starts a session context change procedure for the SM PDU in the SMF.

[00256] Step 11: The SMF sends an N4 PDU session change request to the UPF to add a second QoS flow to the first PDU session. The N4 PDU session change request includes a second QoS flow rule to be added.

[00257] The type identifier of the component of the traffic descriptor in the QoS rule for the second QoS flow is configured by the type of the security parameters index.

[00258] The uplink and/or downlink packet filter information in the second QoS flow rule is represented by the IPsec data tunnel information (the IPsec data tunnel information includes at least one of the following: IPsec data tunnel identifier, protocol field indicating ESP, an IPsec data tunnel security parameter index and tunnel identification information associated with the IPsec data tunnel between the user equipment and the second network).

[00259] The creation of the second QoS flow is completed and the UPF issues a response to the N4 PDU session change request to the SMF.

[00260] Step 12: The UE transmits an uplink NAS message to the AMF of the first network. The NAS message includes information about the end of the PDU session change.

[00261] Step 13: The AMF starts a session context change procedure for the SM PDU in the SMF.

[00262] In the future, if it is necessary to transmit data of the IPsec data tunnel, the user equipment binds the second IPsec tunnel to the data of the second QoS flow based on the uplink packet filter information of the same flow. Next, the second QoS flow data is bound to the second DRB data and transmitted to the RAN network element. Upon receipt of the IPsec data tunnel data, the UPF of the first network binds the second IPsec tunnel to the data of the second QoS flow based on the downlink packet filter information of the same flow. The data of the second QoS flow is then transmitted to the RAN network element. To provide any important traffic (eg, voice traffic), the RAN network element binds the data of the second QoS flow to the data of the second DRB. It is clear that the effect of providing data transmission, and in particular important traffic data, between the user equipment and the second network can be achieved in the first network.

[00263] Application scenario of 3 embodiments of the present invention:

[00264] Application scenario 3 according to embodiments of the present invention is mainly a procedure in which a user equipment (UE is taken as an example for description) requests a second network to create a PDU session, and IPsec is created between the user equipment and the proxy network element - data tunnel. An intermediary network element is an intermediary (eg, N3IWF) between the first and second networks, which may be a communication network element of the first or second network. The first IPsec tunnel is an IPsec tunnel used for transmission of control signals between the user equipment and the second network. According to FIG. HA and 14B, the corresponding data transmission method includes the following steps.

[00265] Step 1: creating between the UE and the first network session PDU (protocol data unit (protocol data unit)) of the first network. The session PDU of the first network is used to transfer information between the user equipment and the second network. The information transmitted between the user equipment and the second network may be a transmission of control signals and/or user plane data.

[00266] Step 2: Through interaction between the UE, the proxy network element and the second network, a first IPsec tunnel (eg, IPsec signaling SA) is created between the UE and the proxy network element to transfer control signals (eg, NAS information) between the UEs and the second network.

[00267] Step 3: The UE sends an uplink NAS message to the AMF of the second network through the first IPsec tunnel requesting the establishment of a PDU session with the second network.

[00268] There is no interaction between the AMF of the second network and other network elements of this network.

[00269] Step 4: The second network AMF sends a session resource setup request PDU to the Proxy Network Element. The PDU session resource setup request includes a QoS context and a QoS flow ID of the second network, as well as a NAS message (command to accept creation of a PDU session).

[00270] Step 5: When it is determined that the predetermined condition is met, the proxy network element performs an operation related to the IPSec data tunnel for the tunnel of the second network (QoS flow of the second network). For details, see the above description of the embodiment in FIG. 9. The detailed description in this application will not be repeated.

[00271] In particular, the proxy network element determines whether the QoS flow of the second network is bound to the IPsec data tunnel.

[00272] Step 6: The proxy network element sends an IKE_create child security association request to the UE. The IKE_create child SA request includes the ID of the IPsec tunnel to be created, the ID of the QoS flow to match, and the ID of the session PDU to which the QoS flow belongs.

[00273] Step 7: The UE issues a response to the IKE create child security association request to the Proxy Network Element.

[00274] If it is necessary to create multiple IPsec tunnels, steps 5 and 6 are repeated.

[00275] Step 8: The proxy network element transmits the NAS message received in step 4 to the UE through the first IPsec tunnel.

[00276] Step 9: The proxy network element issues a response to set up a session resource PDU on the AMF of the second network.

[00277] There is no interaction between the AMF of the second network and other network elements of this network.

[00278] Clearly, based on the Proxy Network Element managing the rational mapping of second network QoS flows to IPsec data tunnels, the user equipment can send a request to the first network to provide different second QoS flows for different IPsec data tunnels, and then provide availability of data passing between the user equipment and the second network in the first network. With regard to the QoS flow of the second network containing important traffic, the proxy network element may bind the flow to a detached IPsec data tunnel. The user equipment can request a separate first flow QoS of the first network for the IPsec data tunnel, thereby ensuring the availability of important data passing between the user equipment and the second network in the first network.

[00279] Application scenario of 4 embodiments of the present invention:

[00280] The application scenario 4 of the embodiments of the present invention is mainly a procedure in which a user equipment (UE is taken as an example for description) or a second network element triggers a second network PDU session change requesting the addition of a QoS flow in the second network PDU session. An intermediary network element is an intermediary (eg, N3IWF) between the first and second networks, which may be a communication network element of the first or second network. The first IPsec tunnel is an IPsec tunnel used for transmission of control signals between the user equipment and the second network. According to FIG. 15A and 15B, the corresponding data transmission method includes the following steps.

[00281] Step 1: creating between the UE and the first network session PDU (protocol data unit (protocol data unit)) of the first network. The session PDU of the first network is used to transfer information between the user equipment and the second network. The information transmitted between the user equipment and the second network may be a transmission of control signals and/or user plane data.

[00282] Step 2: Through interaction between the UE, the proxy network element and the second network, a first IPsec tunnel (eg, IPsec signaling SA) is created between the UE and the proxy network element to transfer control signals (eg, NAS information) between the UEs and the second network.

[00283] Sub-step For: The UE sends an uplink NAS message to the AMF of the second network through the first IPsec tunnel requesting the addition of a QoS flow in the session PDU of the second network (referred to as the QoS flow of the second network).

[00284] Sub-step 3b: Another network element of the second network sends a change session PDU request to the AMF of the second network through the first IPsec tunnel, requesting the addition of a QoS flow in the session PDU of the second network (referred to as the QoS flow of the second network).

[00285] Step 4: The AMF of the second network sends a session resource change request PDU to the Proxy Network Element. The PDU session resource change request includes a QoS context and a QoS flow ID of the second network, as well as a NAS message (eg, PDU session change command).

[00286] Step 5: When it is determined that the predetermined condition is met, the proxy network element performs an operation related to the IPSec data tunnel for the tunnel of the second network (QoS flow of the second network). For details, see the above description of the embodiment in FIG. 9. The detailed description in this application will not be repeated.

[00287] In particular, the proxy network element determines whether the QoS flow of the second network is bound to the IPsec data tunnel.

[00288] When it is determined that a new IPsec data tunnel will be created for the QoS flow of the second network, the proxy network element proceeds to steps 6-7.

[00289] When it is determined that an existing IPsec data tunnel will be changed (eg, adding an associated second network QoS flow to an existing IPsec tunnel, or binding a second network QoS flow to an existing IPsec tunnel), the proxy network element may first remove an existing IPsec data tunnel, and then go to step 6-7 to create an IPsec data tunnel.

[00290] Step 6: The proxy network element sends an IKE_create child security association request to the UE. The IKE_create child SA request includes the ID of the IPsec tunnel to be created, the ID of the QoS flow to match, and the ID of the session PDU to which the QoS flow belongs.

[00291] Step 7: The UE issues a Child Security Association Response IKE_create Response to the Proxy Network Element.

[00292] If it is necessary to create multiple IPsec tunnels, steps 5 and 6 are repeated.

[00293] Step 8: The proxy network element transmits the NAS message received in step 4 to the UE through the first IPsec tunnel.

[00294] Step 9: The Proxy Network Element issues a PDU Session Resource Change Response to the AMF of the second network.

[00295] There is no interaction between the AMF of the second network and other network elements of this network.

[00296] Clearly, based on the Proxy Network Element managing the rational mapping of second network QoS flows to IPsec data tunnels, the user equipment can send a request to the first network to provide different second QoS flows for different IPsec data tunnels, and then provide availability of data passing between the user equipment and the second network in the first network. With regard to the QoS flow of the second network containing important traffic, the proxy network element may bind the flow to a detached IPsec data tunnel. The user equipment can request a separate first flow QoS of the first network for the IPsec data tunnel, thereby ensuring the availability of important data passing between the user equipment and the second network in the first network.

[00297] Referring to FIG. 16, according to one embodiment of the present invention, user equipment 160 is further provided, including:

a sink module 161 for receiving information of the first IPSec tunnel, wherein the first IPSec tunnel is an IPSec tunnel used for transmission of control signals between the user equipment and the second network, and

an executing module 162 for performing a first related operation for the tunnel of the first network based on the information of the first IPSec tunnel.

[00298] Optionally, performing the first side operation for the tunnel of the first network includes at least one of the following:

submitting to the first network a request to create a first tunnel;

submitting to the first network a request to change the third tunnel on the first one;

transmitting the QoS information of the first tunnel to the first network;

transmitting the changed QoS information of the third tunnel to the first network;

transmitting the first QoS information to the first network;

setting uplink and/or downlink packet filter information of the first tunnel according to the first IPsec tunnel information;

setting the uplink and/or downlink packet filter information from among the first QoS information according to the first IPsec tunnel information;

changing the uplink and/or downlink packet filter information of the third tunnel according to the information of the first IPsec tunnel;

setting a component type identifier of the traffic descriptor in the QoS information of the first tunnel according to the security parameters index type;

setting a component type identifier of the traffic descriptor in the first QoS information by type of security parameters index;

changing the component type identifier of the traffic descriptor in the QoS information of the third tunnel according to the security parameters index type;

setting up the first tunnel over a non-guaranteed bit rate (non-GBR) tunnel;

setting the QoS information of the first tunnel or the first QoS information to no GBR related QoS parameter information;

changing the third tunnel over the non-GBR tunnel;

setting the QoS information of the third tunnel to no GBR related QoS parameter information;

setting the QoS class indication information in the QoS information of the first tunnel according to the first QoS class indication information;

setting indication information in the first QoS information to the first indication information about the QoS class;

changing the QoS class indication information in the QoS information of the third tunnel according to the first QoS class indication information;

setting the QoS priority in the QoS information of the first tunnel by the first QoS priority;

setting a QoS priority in the first QoS information on the first QoS priority;

changing the QoS priority in the QoS information of the third tunnel over the first QoS priority; and

transmitting information of the first IPsec tunnel to the first network; where

the first tunnel is used for data transmission of the first IPsec tunnel or for transmission of control signals between the user equipment and the second network;

the third tunnel is represented by the tunnel already created for the subscriber unit and the first network; and

the first QoS information is represented by new QoS information. [00299] Optionally, the QoS information of the first tunnel, the modified QoS information of the third tunnel, and/or the first QoS information are missing QoS parameter information related to the GBR;

and/or

the first tunnel QoS information, the third tunnel modified QoS information, and/or the QoS information includes at least one of the following: uplink and/or downlink packet filter information, which is represented by the first IPsec tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS flow class indication information represented by the first QoS class indication information.

[00300] If necessary, after the creation of the first tunnel is completed, the first tunnel, the first QoS information, the modified QoS information of the third tunnel, and/or the third tunnel is changed and converted to the first tunnel, the first tunnel related information of the first network further includes at least one of the following options :

transmitting control signals between the user equipment and the second network or data of the first IPsec tunnel through the first tunnel;

switching transmission of control signals between the user equipment and the second network or data of the first IPsec tunnel to the first tunnel for transmission;

creating and/or maintaining a mapping between the first tunnel and the first IPsec tunnel;

and/or

after rejecting the creation of the first tunnel, rejecting the change of the third tunnel, rejecting the provision of the first QoS information, and/or releasing the first tunnel, the first accompanying operation for the tunnel of the first network further includes one of the following options: a deregistration request to the address of the second network and transfer to deregistration status.

[00301] Optionally, the first tunnel and/or the third tunnel is a QoS flow; and/or

the first tunnel is the first QoS flow in the first session PDU;

and/or

the third tunnel is the existing QoS flow in the first session PDU; and/or

the first tunnel is the first QoS flow, and making a request to the first network to create the first tunnel includes at least one of the following options:

making a request to the first network to create the first QoS flow in the first PDU session; and

transmitting a request to the first network to change the first PDU session or create the first PDU session, wherein the request to change the first PDU session or create the first PDU session contains the QoS information of the first QoS to be created or the first QoS information;

and/or

first tunnel first QoS flow, third tunnel the existing QoS flow in the first PDU session, requesting the first network to change the third tunnel over the first tunnel includes at least one of the following:

making a request to the first network to change the third QoS flow in the first PDU session; and

transmitting to the first network a request to change the first session PDU;

wherein the change request of the first session PDU contains information of the third QoS flow to be changed, and

first session PDU - session PDU in the first network, used to transfer information between the user equipment and the second network;

and/or

the first QoS class indication information and/or the first priority is used to indicate a request for a particular delivery radio resource;

and/or

the first indication information about the QoS class includes at least one of the following elements: an indication of the QoS class for the operator; a non-standardized first QoS class indication, where the non-standardized first QoS class indication takes a value from 5 to 69; and identifying the non-GBR QoS class;

and/or

the first priority information takes the value 5.

[00302] Optionally, the first IPsec tunnel information includes at least one of the following: a first IPsec tunnel identifier, a protocol field indicating that the encapsulation is an ESP, a security parameter index (SPI) of the first IPsec tunnel, and information second network associated with the first IPsec tunnel.

[00303] Additionally, the first QoS flow is a non-standard QoS flow. [00304] If necessary, the sink module is designed to receive the first IPsec tunnel information from the proxy network element.

[00305] Referring to FIG. 17, according to one embodiment of the present invention, user equipment 170 is further provided, including:

a sink module 171 for receiving IPSec data tunnel information and/or tunnel information between the user equipment and the second network, wherein the IPSec data tunnel is an IPSec tunnel used to transmit user plane data between the user equipment and the second network, or tunnel data between the user equipment and the second network; and

an executing module 172 for executing the second tunnel side information of the first network based on the IPSec data tunnel information and/or the tunnel information between the user equipment and the second network.

[00306] If necessary, according to this embodiment, under a predetermined condition, a second side operation is performed for the tunnel of the first network based on the information of the IPSec data tunnel and/or the information of the tunnel between the user equipment and the second network.

[00307] The predetermined condition includes:

received information about the creation of the IPsec data tunnel and the newly created IPsec tunnel from the proxy network element; and

IPsec Data Tunnel Change and IPsec Data Tunnel Change information received from the Proxy NE.

[00308] Optionally, performing the second related operation for the tunnel of the first network includes at least one of the following:

submitting to the first network a request to create a second tunnel;

submitting to the first network a request to change the fourth tunnel;

transmitting QoS information of the second tunnel to the first network;

transmitting the changed QoS information of the fourth tunnel to the first network;

transmitting the second QoS information to the first network;

making a request to the first network to provide a separate second tunnel or a separate second QoS information for each IPsec data tunnel;

making a request to the first network to provide a separate second tunnel or a separate second QoS information for the IPsec data tunnel;

making a request to the first network to provide one second tunnel for multiple IPsec data tunnels, or data binding of multiple IPsec data tunnels to one second tunnel or one part of the second QoS information;

changing the fourth tunnel for the IPsec data tunnel;

binding the IPsec data tunnel to the fourth tunnel;

setting uplink and/or downlink packet filter information of the second tunnel according to the IPsec data tunnel information;

setting the uplink and/or downlink packet filter information from among the first QoS information on the IPsec data tunnel information;

changing the uplink and/or downlink packet filter information in the QoS information of the fourth tunnel according to the IPsec data tunnel information or adding the IPsec data tunnel information; to the uplink and/or downlink packet filter information to the QoS information of the fourth tunnel;

setting a component type identifier of the traffic descriptor in the QoS information of the second tunnel according to the security parameters index type;

setting a component type identifier of the traffic descriptor in the second QoS information by type of security parameter index;

changing the component type identifier of the traffic descriptor in the QoS information of the fourth tunnel according to the security parameters index type;

setting the QoS parameter information in the QoS information of the second tunnel to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting the QoS parameter information in the second QoS information on the description information of the QoS flow corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

changing the QoS parameter information in the QoS information of the fourth tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network, or adding such QoS parameter information to the QoS parameter information in the QoS information of the fourth tunnel ; and

transmitting the IPsec data tunnel information to the first network;

where

the second tunnel is used to transfer IPsec data tunnel data or is used to transfer tunnel data between subscriber

equipment and the second network, or is used to transfer user plane data between the user equipment and the second network;

the fourth tunnel is represented by the tunnel already created for the user equipment and the first network; and

the second QoS information is represented by new QoS information.

[00309] optionally, the second tunnel QoS information and/or the second QoS information includes at least one of the following: uplink and/or downlink packet filter information, which is represented by the IPsec data tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS parameter information, which is information corresponding to a tunnel associated with the IPsec data tunnel between the user equipment and the second network;

and/or

the modified fourth tunnel QoS parameter information includes at least one of the following: uplink packet filter information representing or including IPsec data tunnel information; downlink packet filter information that is or includes IPsec data tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS parameter information being or including information corresponding to a tunnel associated with the IPsec data tunnel between the user equipment and the second network.

[00310] In addition, after completing the creation of the second tunnel, receiving the provided QoS information sent by the first network, which contains the second QoS information, providing the second QoS information by the first network, and/or receiving a transmission from the first network to ensure the creation of the first tunnel, performing the second associated operation for the tunnel of the first network additionally includes at least one of the following operations:

transmitting, through the second tunnel, IPsec data tunnel data, tunnel data between the user equipment and the second network, or user plane data between the user equipment and the second network;

switching the IPsec data tunnel data, the tunnel data between the user equipment and the second network, or the user plane data between the user equipment and the second network to the second tunnel for transmission; and

creating and/or maintaining a mapping between the second tunnel and the IPsec data tunnel; and/or

after completing the modification of the fourth tunnel, receiving the provided QoS information sent by the first network that contains the third QoS information, providing the third QoS information by the core network, and/or receiving a transmission from the first network to enable the modification of the third tunnel, performing a second related operation for the tunnel of the first network further includes at least one of the following operations:

transmitting IPsec data tunnel data through the fourth tunnel;

switching the data of the IPsec data tunnel to the fourth tunnel for transmission; and

updating the mapping between the fourth tunnel and the IPsec tunnel, where the IPsec tunnel associated with the fourth tunnel includes the IPsec data tunnel;

and/or

after rejecting the creation of the second tunnel, rejecting the change of the fourth tunnel, rejecting the provision of the second QoS information, and/or releasing the second tunnel, the second accompanying operation for the tunnel of the first network further includes at least one of the following operations: making a request to the first network to release the tunnel associated with the second IPsec tunnel between the user equipment and issuing a response to the second network that the tunnel associated with the second IPsec tunnel between the user equipment and the second network has not been created.

[00311] If necessary, subject to the first condition, the first network is requested to provide a separate second tunnel for the IPsec data tunnel, or the first network is requested to provide a separate second QoS information for the IPsec data tunnel, where

the first condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a GBR tunnel or contains QoS parameter information related to GBR;

indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network takes the value N, where N is one of the following values: 1, 5, 69 and 70;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing voice traffic;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing emergency call traffic;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing high priority traffic;

the received tunnel information between the user equipment and the second network contains the individual delivery resource indication information;

the QoS information of the fourth tunnel is different from the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the indication of the QoS class of the fourth tunnel is different from the indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the GBR-related QoS parameter information of the fourth tunnel is different from the GBR-related QoS parameter information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the priority of the fourth tunnel is different from the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

in the absence of a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel does not contain IPsec data tunnel information;

and/or

if the second condition is met, the first network is requested to provide one second tunnel for multiple IPsec data tunnels, the first network is requested to provide one part of the second QoS information for multiple IPsec data tunnels, data binding of multiple IPsec data tunnels to the second tunnel, or data binding of multiple IPsec data tunnels to one part of the second QoS information, where

the second condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a non-GBR tunnel or contains a QoS parameter related to non-GBR; and

the received tunnel information between the user equipment and the second network does not contain indication information of a separate delivery resource or contains information that is not required for a separate delivery resource;

and/or

if the third condition is met, the fourth tunnel is changed to an IPsec data tunnel, where

the third condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a non-GBR tunnel;

the received tunnel information between the user equipment and the second network does not contain indication information of a separate delivery resource or contains information that is not required for a separate delivery resource;

the QoS information of the fourth tunnel is different from the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the QoS class indication of the fourth tunnel is identical to the tunnel QoS class indication associated with the IPsec data tunnel between the user equipment and the second network;

the GBR-related QoS parameter information of the fourth tunnel is different from the GBR-related QoS parameter information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the priority of the fourth tunnel is different from the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

if there is a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel does not contain IPsec data tunnel information;

and/or

if the fourth condition is met, the IPsec data tunnel is bound to the fourth tunnel, where

the fourth condition includes at least one of the following options:

the QoS information of the fourth tunnel is the same as the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the QoS requirement of the fourth tunnel is greater than or identical to the QoS requirement of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the indication of the QoS class of the fourth tunnel is greater than or identical to the indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

if there is a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel contains IPsec data tunnel information.

[00312] In addition, when the IPsec data tunnel is associated with one tunnel between the user equipment and the second network, setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes at least one of the following options:

setting or changing the QoS class indication of the second tunnel according to the tunnel QoS class indication corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the priority of the second tunnel according to the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet delay budget of the second tunnel according to the packet delay budget of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet error rate of the second tunnel according to the packet error rate of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the default maximum packet data amount of the second tunnel to the default maximum packet data amount of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the default averaging window of the second tunnel by the default averaging window of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

when there is no averaging window for the tunnel associated with the IPsec data tunnel between the user equipment and the second network, setting or changing the second tunnel for a condition of no default averaging window;

setting or changing the uplink GBR or GFBR of the second tunnel over the uplink GBR or GFBR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the GBR or GFBR of the downlink of the second tunnel through the GBR or GFBR of the downlink of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the uplink MBR or MFBR of the second tunnel over the uplink MBR or MFBRR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

setting or changing the downlink MBR or MFBR of the second tunnel over the downlink MBR or MFBR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

and/or

when the multi-tunnel condition is met, setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes at least one of the following options:

setting or changing the QoS parameter information of the second tunnel according to the QoS parameter information with the highest QoS requirement, which corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the QoS class indication of the second tunnel according to the highest priority tunnel QoS class indication that corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no standardized QoS class indication corresponding to a combination of the following information about the second tunnel QoS parameter: priority, packet delay budget, packet error rate, maximum data packet size, regardless of whether the GBR value and/or the default averaging window requirement is set, setting and changing the QoS class indication of the second tunnel to a non-standardized QoS class indication or no QoS class indication condition;

when there is no standardized QoS class indication corresponding to the second tunnel QoS parameter information other than the QoS class indication, setting and changing the QoS class indication of the second tunnel to a non-standardized QoS class indication or no QoS class indication condition;

setting or changing the priority of the second tunnel from the highest priority corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet delay budget of the second tunnel to the smallest packet delay budget corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

adjusting or changing the packet error rate of the second tunnel according to the lowest value packet error rate corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

setting or changing the default maximum packet data amount of the second tunnel to the default maximum packet data amount of the largest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no tunnel requiring an averaging window for tunnels associated with the IPsec data tunnel between the user equipment and the second network, configuring or changing the second tunnel in order to have a requirement for a default averaging window;

when a GBR tunnel is present in the tunnels associated with the IPsec data tunnel, at least one of the following operations is performed between the user equipment and the second network:

setting up or changing a second tunnel over the GBR tunnel;

setting or changing the GFBR or GBR of the second tunnel to the highest GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the MFBR or MBR of the second tunnel to the highest MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the GFBR or GBR of the uplink of the second tunnel to the highest value of the GFBR or GBR of the uplink corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the MFBR or MBR of the uplink of the second tunnel according to the highest value of the MFBR or MBR of the uplink corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the GFBR or GBR of the downlink of the second tunnel to the highest value of the downlink GFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the downlink MFBR or MBR of the second tunnel according to the highest downlink MFBR value corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

when the IPsec data tunnel is associated with a tunnel with QoS class indication N between the user equipment and the second network, setting and changing the QoS class indication of the second tunnel over N or changing the QoS class indication of the fourth tunnel over N, where the value of N is obtained from the first network or includes one value from the following: 1, 5, 69 and 70;

when the IPsec data tunnel is associated with a tunnel containing voice traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the voice traffic;

when the IPsec data tunnel is associated with a tunnel containing emergency call traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the emergency call traffic;

when the IPsec data tunnel is associated with a tunnel containing high priority traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the high priority traffic;

when the standardized QoS class indication is presented for the QoS flow of the second network contained in the IPsec data tunnel, setting and changing the QoS class indication of the second tunnel according to the standardized QoS class indication; and

setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel newly associated with the IPsec data tunnel between the user equipment and the second network, where

the multi-tunnel condition includes at least one of the following:

The IPsec data tunnel is associated with multiple tunnels on the second network;

The IPsec data tunnel is reassociated with the tunnel between the user equipment and the second network, and the newly associated tunnel between the user equipment and the second network has the highest QoS requirement in the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

The IPsec data tunnel is decoupled from the tunnel between the user equipment and the second network, and the decoupled tunnel between the user equipment and the second network has a higher QoS requirement in the tunnels associated with the IPsec data tunnel between the user equipment and the second network.

[00313] In addition, when the IPsec data tunnel is associated with multiple tunnels of the second network, setting the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes at least one of the following options:

changing the QoS parameter information of the fourth tunnel to the highest QoS requirement QoS parameter information that corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the indication of the QoS class of the fourth tunnel to the indication of the QoS class of the tunnel with the highest priority, which corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no standardized QoS class indication corresponding to a combination of the following fourth tunnel QoS parameter information: priority, packet delay budget, packet error rate, maximum data packet size, regardless of whether the GBR value and/or the default averaging window requirement is set, changing the QoS class indication of the fourth tunnel to a non-standardized QoS class indication or no QoS class indication condition;

when there is no standardized QoS class indication corresponding to the QoS parameter information of the fourth tunnel, except for the QoS class indication, changing the QoS class indication of the fourth tunnel to a non-standardized QoS class indication, or no QoS class indication condition;

changing the priority of the fourth tunnel from the priority with the highest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the packet delay budget of the fourth tunnel to the lowest packet delay budget corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the packet error rate of the fourth tunnel according to the smallest packet error rate corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the default maximum packet data amount of the fourth tunnel from the default maximum packet data amount with the largest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

when there is no tunnel requiring an averaging window for tunnels associated with the IPsec data tunnel between the user equipment and the second network, changing the fourth tunnel to require a default averaging window;

when a GBR tunnel is present in the tunnels associated with the IPsec data tunnel, at least one of the following operations is performed between the user equipment and the second network:

change of the fourth tunnel along the GBR tunnel;

changing the GFBR or GBR of the fourth tunnel to the highest GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the MFBR or MBR of the fourth tunnel according to the highest MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the uplink GFBR or GBR of the fourth tunnel according to the highest uplink GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the uplink MFBR or MBR of the fourth tunnel according to the highest uplink MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the downlink GFBR or GBR of the fourth tunnel according to the highest downlink GFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the downlink MFBR or MBR of the fourth tunnel according to the highest downlink MFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network; and

when the IPsec data tunnel is associated with a tunnel with QoS class indication N between the user equipment and the second network, change the QoS class indication of the fourth tunnel over N, where the value of N is obtained from the first network or includes one of the following: 1, 5, 69, and 70 ;

when the IPsec data tunnel is associated with a tunnel containing voice traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the voice traffic;

when the IPsec data tunnel is associated with a tunnel containing emergency call traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the emergency call traffic;

when the IPsec data tunnel is associated with a tunnel containing high priority traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the high priority traffic; and

when the standardized QoS class indication is presented for the QoS flow of the second network contained in the IPsec data tunnel, changing the QoS class indication of the fourth tunnel according to the standardized QoS class indication.

[00314] Additionally, the second tunnel and/or the fourth tunnel is a QoS flow; and/or

the second tunnel the second QoS flow in the first session PDU; and/or

the fourth tunnel is the existing QoS flow in the first session PDU; and/or

tunnel between the user equipment and the second network - QoS flow between the user equipment and the second network; and/or

a tunnel between the user equipment and the second network QoS flow of the second network;

and/or

the second tunnel is the second QoS flow, and making a request to the first network to create a second tunnel includes at least one of the following options:

making a request to the first network to add a second QoS flow to the first session PDU; and

sending a request to the first network to change a PDU session or create a first PDU session, a request to change a first PDU session or create a first PDU session containing QoS information of a second QoS flow to be created;

and/or

second tunnel second QoS flow, fourth tunnel the existing QoS flow in the first PDU session, requesting the first network to change the fourth tunnel over the first tunnel includes at least one of the following:

making a request to the first network to change the fourth QoS flow in the first PDU session; and

transmitting a request to the first network to change the PDU session, where the change request of the first PDU session contains QoS information of the fourth QoS flow to be changed; and

first session PDU - session PDU in the first network, used to transfer information between the user equipment and the second network.

[00315] Additionally, the IPsec data tunnel information includes at least one of the following: an IPsec data tunnel identifier, a protocol field pointing to ESP, an IPsec data tunnel security parameter index, and tunnel identification information associated with the IPsec data tunnel, between the user equipment and the second network;

and/or

tunnel information between the user equipment and the second network includes at least one of the following elements: IPSec data tunnel identifier associated with the tunnel between the user equipment and the second network, IPSec data tunnel security parameters index associated with the tunnel between the user equipment and the second network, new a tunnel between the user equipment and the second network, a remote tunnel between the user equipment and the second network, information about the quality of service parameters of the tunnel between the user equipment and the second network, indication information of a separate delivery resource, and indication information that a separate delivery resource is not required.

[00316] Additionally, the identification information about the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes a QoS flow ID and a PDU session ID to which the QoS flow belongs.

[00317] The QoS information includes at least one of the following: be it GBR or non-GBR, QoS class indication (5QI or QFI), priority, packet delivery budget, packet error rate, default maximum data size, default averaging window , uplink GBR, downlink GBR, uplink MBR, downlink MBR, uplink GFB, downlink GFBR, uplink MFBR, downlink MFBR, traffic descriptor component type identifier, and packet filter information.

[00318] Optionally, the sink module is designed to obtain IPsec data tunnel information from the proxy network element and/or obtain tunnel information between the user equipment and the second network from the second network.

[00319] Additionally, the second QoS flow is a non-standard QoS flow.

[00320] Referring to FIG. 18, in one embodiment of the present invention, a proxy network element 180 is further provided, including:

a determination module 181 for determining whether a predetermined condition has been met; and

an executing module 182 for performing an operation related to the IPSec data tunnel for the tunnel of the second network when the fact that the predetermined condition is met is determined.

[00321] An intermediary network element is an intermediary of a first network for interfacing with a second network.

[00322] The specified condition also includes at least one of the following conditions:

a request is received to create a tunnel between the user equipment and the second network;

a request is received to change the tunnel between the user equipment and the second network;

the proxy network element provides 3GPP access;

the first network is the 3GPP network; and

the operation of linking the tunnel between the user equipment and the second network to the IPsec tunnel has been performed.

[00323] Additionally, performing an operation related to the IPsec data tunnel for the tunnel of the second network includes at least one of the following operations:

determining a binding from the tunnel between the user equipment and the second network to the IPsec data tunnel;

creating a separate IPsec data tunnel for each tunnel between the user equipment and the second network, or creating different IPsec data tunnels for different tunnels between the user equipment and the second network;

creating a separate IPsec data tunnel for each GBR tunnel between the user equipment and the second network;

when the tunnel between the user equipment and the second network meets the separate delivery condition, creating a separate IPsec data tunnel for the tunnel between the user equipment and the second network;

creating an IPsec data tunnel specifically for non-GBR for the GBR tunnel between the user equipment and the second network;

binding one or more non-GBR tunnels between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically for priority for the GBR tunnel between the user equipment and the second network;

binding one or more tunnels with the same priority between the user equipment and the second network to one IPsec data tunnel;

creating different IPsec data tunnels for tunnels with different priorities between the user equipment and the second network, or associating tunnels with different priorities between the user equipment and the second network to different IPsec data tunnels;

creating an IPsec data tunnel specifically for the GBR related QoS parameter information for the tunnel between the user equipment and the second network;

creation of different IPsec data tunnels for tunnels with different GBR-related QoS parameter information between the user equipment and the second network, or linking tunnels with different GBR-related QoS parameter information between the user equipment and the second network to different IPsec tunnels data;

binding one or more tunnels with the same GBR related QoS parameter information between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network;

creating different IPsec data tunnels for tunnels with different QoS class indications between the user equipment and the second network, or linking tunnels with different QoS class indications between the user equipment and the second network to different IPsec data tunnels;

binding one or more tunnels with the same QoS class indications between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network;

creation of IPsec data tunnels for tunnels with different QoS class indication between the user equipment and the second network; and

binding several tunnels with the same information about the QoS parameter between the user equipment and the second network to one IPsec data tunnel.

[00324] A separate delivery condition includes at least one of the following options:

a tunnel between the user equipment and the second network GBR tunnel;

indication of the QoS class of the tunnel between the user equipment and the second network takes the value N, where N is one of the following values: 1.5, 69 and 70;

tunnel between user equipment and the second network - a tunnel containing voice traffic;

tunnel between user equipment and the second network - a tunnel containing emergency call traffic;

tunnel between user equipment and the second network - a tunnel containing high priority traffic;

the received request to create a tunnel between the user equipment and the second network contains indication information of a separate delivery resource;

the QoS information of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the QoS information of the tunnel between the user equipment and the second network requested to be created;

the indication of the QoS class of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the indication of the QoS class of the tunnel between the user equipment and the second network, the establishment of which is requested;

the QoS parameter information related to the GBR of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the QoS parameter information related to the GBR of the tunnel between the user equipment and the second network, the creation of which is requested;

the QoS priority of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the priority of the tunnel between the user equipment and the second network, the creation of which is requested;

the non-GBR tunnel is present in the existing tunnels associated with the IPsec data tunnel between the user equipment and the second network; a tunnel between the user equipment and the second network for which a request has been received, a non-GBR tunnel.

[00325] Additionally, the tunnel is a QoS flow; and/or a tunnel between the user equipment and the second network - the QoS flow of the second network.

[00326] Referring to FIG. 19, in one embodiment of the present invention, a communication network element 190 is further provided, including:

a transmitter module for transmitting tunnel information between the user equipment and the second network, wherein the tunnel information between the user equipment and the second network includes at least one of the following elements: an IPSec data tunnel identifier associated with the tunnel between the user equipment and the second network, IPSec data tunnel security parameter index linked by the tunnel between the user equipment and the second network, new tunnel between the user equipment and the second network, remote tunnel between the user equipment and the second network, quality of service parameter information of the tunnel between the user equipment and the second network, indication information a separate delivery resource and an indication that a separate delivery resource is not required.

[00327] Additionally, the transmission of tunnel information between the user equipment and the second network includes:

transmitting tunnel information between the user equipment and the second network to at least one of the following: the user equipment and the proxy network element.

[00328] Additionally, subject to a predetermined condition, tunnel information is transmitted between the user equipment and the second network, where

the predetermined condition includes access of the user equipment to the second network via the first network, which is a 3GPP network.

[00329] Referring to FIG. 20, according to one embodiment of the present invention, user equipment 200 is further provided, including:

a sink module 210 for receiving IPSec tunnel information, wherein the IPSec tunnel is used to transmit control signals between the user equipment and the second network, and

an executing module 202 for performing a related operation for the tunnel of the first network based on the information of the IPSec tunnel.

[00330] Optionally, performing a side operation for the tunnel of the first network includes at least one of the following:

submitting to the first network a request to create or change a tunnel of the first network;

setting the packet filter information of the tunnel of the first network to the information of the first IPSec tunnel;

requesting the first network to provide one tunnel of the first network for each IPsec tunnel, using the tunnel of the first network to transmit data of the IPsec tunnel; and

transmitting tunnel packet filter information of the first network to the first network.

[00331] Additionally, the IPsec tunnel information includes at least one of the following:

IPsec tunnel identifier;

protocol field indicating ESP; and

index of the security settings of the IPsec tunnel.

[00332] Optionally, the information between the user equipment and the second network further includes at least one of the following:

transmission of control signals between the user equipment and the second network;

transmitting user plane data between the user equipment and the second network;

transmitting QoS flow data between the user equipment and the second network; and

IPsec tunnel data for transferring information between the user equipment and the second network.

[00333] Optionally, when the IPsec tunnel is released or the user equipment is disconnected from the second network, performing a side operation for the tunnel of the first network includes requesting the address of the first network to release the tunnel to transmit the data of the IPsec tunnel.

[00334] Referring to FIG. 21 is a schematic diagram of a user equipment according to another embodiment of the present invention. Subscriber equipment 210 includes, among other things: an RF unit 211, a network module 212, an audio output device 213, an input device 214, a sensor 215, a display 216, a user input device 217, an interface 218, a storage device 219, a processor 2110, and a power supply. 2111. Those skilled in the art will recognize that the user equipment design shown in FIG. 21 is not limiting. User equipment may include more or less components than those shown in the figure, or a combination of several components, or different arrangements of components. According to this embodiment of the present invention, the user equipment includes, but is not limited to, a mobile phone, tablet, laptop, personal digital assistant, car terminal, wearable device, pedometer, or the like.

[00335] The processor 2110 is for: obtaining information of the first IPsec tunnel, where the first IPsec tunnel is a tunnel used for transmission of control signals between the user equipment and the second network; and performing a first side operation for the tunnel of the first network based on the information of the first IPsec tunnel.

[00336] Alternatively, the processor 2110 is for: obtaining IPsec data tunnel information and/or tunnel information between the user equipment and a second network, where the IPsec data tunnel is an IPsec tunnel used to transfer user plane data between the user equipment and a second network, or a data tunnel between the user equipment and the second network; and performing a second related operation for the first network tunnel based on the IPsec data tunnel information and/or the tunnel information between the user equipment and the second network.

[00337] Alternatively, the processor 2110 is for obtaining IPsec tunnel information, where the IPsec tunnel is an IPsec tunnel used to transfer information between the user equipment and the second network; and performing a related operation for the first network tunnel based on the IPsec tunnel information.

[00338] It should be understood that in this embodiment of the present invention, the RF unit 211 may be designed to transmit and receive a signal when transmitting and receiving data or when making a call. Specifically, the RF unit 211 receives downlink data from the base station and sends it to the processor 2110 for processing; and sends uplink data to the base station. Typically, the RF unit 211 includes, among other things, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the RF unit 211 can also communicate with the network and other devices through a wireless communication system.

[00339] The user equipment provides users with wireless broadband Internet access via the network module 212, for example, to help send or receive email, surf the web, and access streaming media.

[00340] The audio output device 213 can convert the audio data into audio signals and output it to an audio format, wherein the audio data is received by the RF unit 211 or the network module 212, or is audio data stored in the storage device 219. Moreover, the audio output device 213 can further provide outputting sound (eg, ringing or message reception sound) regarding a particular function performed by user equipment 210. Sound output device 213 includes a speaker, a buzzer, a telephone set, and the like.

[00341] The input device 214 is designed to receive an audio or video signal. The input device 214 may include a graphics processor (Graphics Processing Unit, GPU) 2141 and a microphone 2142; the graphics processor 2141 processes visual data on still or video images acquired by an image capturing device (eg, a camera) in a still or video capturing mode. The processed image frame may be displayed on the display 216. The image frame processed by the graphics processor 2141 may be stored on a storage device 219 (or other storage medium) or may be transmitted via the RF unit 211 or the network module 212. The microphone 2142 may receive audio as well as process it to get audio data. In the phone call mode, the processed audio data can be converted to be output into a format for transmission by the RF device 211 to the mobile base station.

[00342] User equipment 210 includes at least one sensor 215, such as an optical sensor, a motion sensor, and other sensors. Specifically, the optical sensor includes an ambient light sensor and a non-contact proximity sensor. The ambient light sensor may adjust the brightness of the display panel 2161 based on the intensity of the ambient light. When bringing the user equipment 210 to the ear, the proximity sensor may turn off the display panel 2161 and/or the backlight. As a type of motion sensor, an accelerometer sensor can detect accelerations in various directions (usually along three axes) and the magnitude and direction of gravity when the user equipment is stationary, and it can also be used to determine the spatial position of the user equipment (for example, for game-related vertical/horizontal mode switching or magnetometer attitude calibration) and provide functions related to vibration recognition (such as pedometer and touch), etc. The sensor 215 may further include a fingerprint scanner, a pressure sensor, an iris scanner, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, or an infrared sensor. Their detailed description in this application will not be given.

[00343] The display 216 is for displaying information entered by the user or provided to the user. The display 216 may include a display panel 2161, which may be a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.

[00344] The user input device 217 may be designed to receive input numerical or textual information and generate key inputs related to user settings and user equipment control functions. More specifically, the user input device 217 includes a touch pad 2171 and other input devices 2172. The touch pad 2171 is also referred to as a touch screen and can collect touch data on or near it by a user (e.g., touch operations performed by a user on touchpad 2171 or near it using any suitable object or device, such as a stylus). The touch panel 2171 may include two parts: a touch detection device and a touch controller. The touch detection device determines the location where the user touches, the signal transmitted in the touch operation, and transmits this signal to the touch controller. The touch controller receives touch information from the touch detection device, converts it into touch point coordinates, transmits the coordinates to the processor 2110, and receives and executes a command from the processor 2110. In addition, the touch panel 2171 can be implemented in various types such as resistive, capacitive, infrared touch panel, or touch panel based on the principle of surface acoustic waves. In addition to the touchpad 2171, the user input device 217 may also include other input devices 2172. In particular, the other input device 2172 may include, but is not limited to, a physical keyboard, a function button (such as a volume control button or a power on/off button) , control ball, mouse and joystick. The detailed description in the present application will not be repeated.

[00345] In addition, the touch panel 2171 may include a display panel 2161. Upon detecting a touch operation performed on or near the touch panel 2171, the touch panel 2171 sends information about the touch operation to the processor 2110 to determine the type of touch event. Thereafter, the processor 2110 may provide an appropriate visual display on the display panel 2161 based on the type of touch event. FIG. The 21 touch panel 2171 and the display panel 2161 are used as two separate components to implement the user equipment input and output functions. However, in some embodiments, the touch panel 2171 and the display panel 2161 may be combined to provide user equipment input and output functions. In the present application, this option is not limited.

[00346] Interface 218 is an interface for connecting an external device to user equipment 210. For example, an external device may include a wired or wireless headset jack, an external power supply (or charger) jack, a wired or wireless data jack , a memory card slot, a slot for connecting to a device that includes an identification module, an audio input/output (I/O) connector, a video input/output connector, a headphone connector, etc. Interface 218 may be configured to receive inputs (eg, information in the form of data and power signals) from an external device and transmit the received inputs to one or more elements in subscriber unit 210; or it may be for data transmission between the user equipment 210 and an external device.

[00347] The storage device 219 may be for storing software system programs and various types of data. The storage device 219 may include a program storage area and a data storage space. The program storage area may store an operating system, an application program required for at least one function (for example, an audio data playback function or an image playback function), and so on. The data storage area can store data (such as audio data and a phone book) created using a mobile phone. In addition, the storage device 219 may include high-speed random access memory, or further include a non-volatile storage device, such as at least one magnetic disk, flash memory, or other volatile solid state storage devices.

[00348] The processor 2110 is a user equipment control center, connects various parts of the entire user equipment through various interfaces and lines, and performs various functions and data processing of the user equipment by executing or running programs of a software system and / or a module stored on a storage device 219 and accesses the data stored on the storage device 219 to provide general control of the equipment subscriber unit. The processor 2110 may include one or more processing devices. In addition, processor 2110 may be combined with an application processor and a modem processor. The application processor is primarily concerned with processing the operating system, user interface, application programs, and the like. The modem processor primarily handles wireless communication data. As can be appreciated, the above modem processor may alternatively not be integrated into processor 2110 either.

[00349] The user equipment 210 may further include a power source 2111 (eg, a battery) to provide power to the components. In some cases, the power supply 2111 may be logically coupled to the processor 2110 via the power supply management system to implement functions such as charging, discharging, and power management through the power supply management system.

[00350] Additionally, user equipment 210 includes some functional modules not shown here. Their detailed description in this application will not be given.

[00351] According to one embodiment of the present invention, user equipment is further provided that includes a processor and a memory. According to this embodiment of the present invention, the user equipment further includes a computer program that is stored in a storage device and can be run by a processor. When a computer program is executed by a processor, the following steps are implemented:

obtaining information of the first IPSec tunnel, wherein the first IPSec tunnel is an IPSec tunnel used for transmission of control signals between the user equipment and the second network, and

performing a first side operation for the tunnel of the first network based on the information of the first IPSec tunnel.

[00352] The processor is responsible for bus architecture control and general processing, and a memory device may store data used by the processor to perform an operation.

[00353] Optionally, performing the first side operation for the tunnel of the first network includes at least one of the following:

submitting to the first network a request to create a first tunnel;

submitting to the first network a request to change the third tunnel on the first one;

transmitting the QoS information of the first tunnel to the first network;

transmitting the changed QoS information of the third tunnel to the first network;

transmitting the first QoS information to the first network;

setting uplink and/or downlink packet filter information of the first tunnel according to the first IPsec tunnel information;

setting the uplink and/or downlink packet filter information from among the first QoS information according to the first IPsec tunnel information;

changing the uplink and/or downlink packet filter information of the third tunnel according to the information of the first IPsec tunnel;

setting a component type identifier of the traffic descriptor in the QoS information of the first tunnel according to the security parameter index type;

setting a component type identifier of the traffic descriptor in the first QoS information by type of security parameter index;

changing the component type identifier of the traffic descriptor in the QoS information of the third tunnel according to the security parameters index type;

setting up the first tunnel over a non-guaranteed bit rate (non-GBR) tunnel;

setting the QoS information of the first tunnel or the first QoS information to no GBR related QoS parameter information;

changing the third tunnel over the non-GBR tunnel;

setting the QoS information of the third tunnel to no GBR related QoS parameter information;

setting the QoS class indication information in the QoS information of the first tunnel according to the first QoS class indication information;

setting the QoS class indication information in the first QoS information on the first QoS class indication information;

changing the QoS class indication information in the QoS information of the third tunnel according to the first QoS class indication information;

setting the QoS priority in the QoS information of the first tunnel by the first QoS priority;

setting a QoS priority in the first QoS information on the first QoS priority;

changing the QoS priority in the QoS information of the third tunnel over the first QoS priority; and

transmitting information of the first IPsec tunnel to the first network; where

the first tunnel is used for data transmission of the first IPsec tunnel or for transmission of control signals between the user equipment and the second network;

the third tunnel is represented by the tunnel already created for the subscriber unit and the first network; and

the first QoS information is represented by new QoS information.

[00354] Optionally, the QoS information of the first tunnel, the modified QoS information of the third tunnel, and/or the first QoS information are missing QoS parameter information related to the GBR; and/or

the first tunnel QoS information, the third tunnel modified QoS information, and/or the first QoS information includes at least one of the following: uplink and/or downlink packet filter information, which is represented by the first IPsec tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS flow class indication information represented by the first QoS class indication information.

[00355] If necessary, after the creation of the first tunnel is completed, the first tunnel, the first QoS information, the modified QoS information of the third tunnel, and/or the third tunnel is changed and converted to the first tunnel, the first tunnel related information of the first network further includes at least one of the following options :

transmitting control signals between the user equipment and the second network or data of the first IPsec tunnel through the first tunnel;

switching transmission of control signals between the user equipment and the second network or data of the first IPsec tunnel to the first tunnel for transmission; and

creating and/or maintaining a mapping between the first tunnel and the first IPsec tunnel;

and/or

after rejecting the creation of the first tunnel, rejecting the change of the third tunnel, rejecting the provision of the first QoS information, and/or releasing the first tunnel, the first accompanying operation for the tunnel of the first network further includes at least one of the following: a deregistration request to the second network, and transfer to the deregistration state.

[00356] Optionally, the first tunnel and/or the third tunnel is a QoS flow; and/or

the first tunnel the first QoS flow in the first session PDU; and/or

the third tunnel is the existing QoS flow in the first session PDU; and/or

the first tunnel is the first QoS flow, and making a request to the first network to create the first tunnel includes at least one of the following options:

making a request to the first network to create the first QoS flow in the first PDU session; and

transmitting a request to the first network to change the first PDU session or create the first PDU session, wherein the request to change the first PDU session or create the first PDU session contains the QoS information of the first QoS to be created or the first QoS information;

and/or

first tunnel first QoS flow, third tunnel the existing QoS flow in the first PDU session, requesting the first network to change the third tunnel over the first tunnel includes at least one of the following:

making a request to the first network to change the third QoS flow in the first PDU session; and

transmitting to the first network a request to change the first session PDU;

wherein the change request of the first session PDU contains information of the third QoS flow to be changed, and

first session PDU - session PDU in the first network, used to transfer information between the user equipment and the second network;

and/or

the first QoS class indication information and/or the first priority is used to indicate a request for a particular delivery radio resource;

and/or

the first indication information about the QoS class includes at least one of the following elements: an indication of the QoS class for the operator; a non-standardized first QoS class indication, where the non-standardized first QoS class indication takes a value from 5 to 69; and identifying the non-GBR QoS class;

and/or

the first priority information takes the value 5.

[00357] Optionally, the first IPsec tunnel information includes at least one of the following: a first IPsec tunnel identifier, a protocol field indicating ESP, a security parameter index (SPI) of the first IPsec tunnel, and second network information associated with the first IPsec tunnel.

[00358] Additionally, the first QoS flow is a non-standard QoS flow.

[00359] Optionally, obtaining first IPsec tunnel information includes:

obtaining the first IPsec tunnel information from the proxy NE.

[00360] The present invention further provides user equipment that includes a processor and a memory. According to this embodiment of the present invention, the user equipment further includes a computer program that is stored in a storage device and can be run by a processor. When a computer program is executed by a processor, the following steps are implemented:

obtaining IPSec data tunnel information and/or tunnel information between the user equipment and the second network, wherein the IPSec data tunnel is an IPSec tunnel used to transmit user plane data between the user equipment and the second network, or tunnel data between the user equipment and the second network and

performing second related information for the tunnel of the first network based on the information of the IPSec data tunnel and/or the information of the tunnel between the user equipment and the second network.

[00361] If necessary, according to this embodiment, under a predetermined condition, a second side operation is performed for the tunnel of the first network based on the information of the IPSec data tunnel and/or the information of the tunnel between the user equipment and the second network.

[00362] The predetermined condition includes:

received information about the creation of the IPsec data tunnel and the newly created IPsec tunnel from the proxy network element; and

IPsec Data Tunnel Change and IPsec Data Tunnel Change information received from the Proxy NE.

[00363] Optionally, performing the second related operation for the tunnel of the first network includes at least one of the following:

submitting to the first network a request to create a second tunnel;

submitting to the first network a request to change the fourth tunnel;

transmitting QoS information of the second tunnel to the first network;

transmitting the changed QoS information of the fourth tunnel to the first network;

transmitting the second QoS information to the first network;

making a request to the first network to provide a separate second tunnel or a separate second QoS information for each IPsec data tunnel;

making a request to the first network to provide a separate second tunnel or a separate second QoS information for the IPsec data tunnel;

making a request to the first network to provide one second tunnel for multiple IPsec data tunnels, or data binding of multiple IPsec data tunnels to one second tunnel or one part of the second QoS information;

changing the fourth tunnel for the IPsec data tunnel;

binding the IPsec data tunnel to the fourth tunnel;

setting uplink and/or downlink packet filter information of the second tunnel according to the IPsec data tunnel information;

setting the uplink and/or downlink packet filter information from among the first QoS information on the IPsec data tunnel information;

changing the uplink and/or downlink packet filter information in the QoS information of the fourth tunnel according to the IPsec data tunnel information or adding the IPsec data tunnel information; to the uplink and/or downlink packet filter information to the QoS information of the fourth tunnel;

setting a component type identifier of the traffic descriptor in the QoS information of the second tunnel according to the security parameters index type;

setting a component type identifier of the traffic descriptor in the second QoS information by type of security parameters index;

changing the component type identifier of the traffic descriptor in the QoS information of the fourth tunnel according to the security parameters index type;

setting the QoS parameter information in the QoS information of the second tunnel to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting the QoS parameter information in the second QoS information on the description information of the QoS flow corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

changing the QoS parameter information in the QoS information of the fourth tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network, or adding such QoS parameter information to the QoS parameter information in the QoS information of the fourth tunnel ; and

transmitting the IPsec data tunnel information to the first network;

where

the second tunnel is used for transmitting IPsec data tunnel data or is used for transmitting tunnel data between the user equipment and the second network, or is used for transmitting user plane data between the user equipment and the second network;

the fourth tunnel is represented by the tunnel already created for the user equipment and the first network; and

the second QoS information is represented by new QoS information.

[00364] optionally, the second tunnel QoS information and/or the second QoS information includes at least one of the following: uplink and/or downlink packet filter information, which is represented by the IPsec data tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS parameter information, which is information corresponding to a tunnel associated with the IPsec data tunnel between the user equipment and the second network;

and/or

the modified fourth tunnel QoS parameter information includes at least one of the following: uplink packet filter information representing or including IPsec data tunnel information; downlink packet filter information that is or includes IPsec data tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS parameter information being or including information corresponding to a tunnel associated with the IPsec data tunnel between the user equipment and the second network.

[00365] In addition, after completing the creation of the second tunnel, receiving the provided QoS information sent by the first network, which contains the second QoS information, providing the second QoS information by the first network, and/or receiving a transmission from the first network to ensure the creation of the first tunnel, performing the second associated operation for the tunnel of the first network additionally includes at least one of the following operations:

transmitting, through the second tunnel, IPsec data tunnel data, tunnel data between the user equipment and the second network, or user plane data between the user equipment and the second network;

switching the IPsec data tunnel data, the tunnel data between the user equipment and the second network, or the user plane data between the user equipment and the second network to the second tunnel for transmission; and

creating and/or maintaining a mapping between the second tunnel and the IPsec data tunnel; and/or

after completing the modification of the fourth tunnel, receiving the provided QoS information sent by the first network that contains the third QoS information, providing the third QoS information by the core network, and/or receiving a transmission from the first network to enable the modification of the third tunnel, performing a second related operation for the tunnel of the first network further includes at least one of the following operations:

transmitting IPsec data tunnel data through the fourth tunnel;

switching the data of the IPsec data tunnel to the fourth tunnel for transmission; and

updating the mapping between the fourth tunnel and the IPsec tunnel, where the IPsec tunnel associated with the fourth tunnel includes the IPsec data tunnel;

and/or

after rejecting the creation of the second tunnel, rejecting the change of the fourth tunnel, rejecting the provision of the second QoS information, and/or releasing the second tunnel, the second accompanying operation for the tunnel of the first network further includes at least one of the following operations: making a request to the first network to release the tunnel associated with the second IPsec tunnel between the user equipment and the network and issuing a response to the second network that the tunnel associated with the second IPsec tunnel between the user equipment and the second network has not been created.

[00366] Optionally, subject to the first condition being met, the first network is requested to provide a separate second tunnel for the IPsec data tunnel, or the first network is requested to provide a separate second QoS information for the IPsec data tunnel, where

the first condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a GBR tunnel or contains QoS parameter information related to GBR;

indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network takes the value N, where N is one of the following values: 1, 5, 69 and 70;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing voice traffic;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing emergency call traffic;

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a tunnel containing high priority traffic;

the received tunnel information between the user equipment and the second network contains the individual delivery resource indication information;

the QoS information of the fourth tunnel is different from the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the indication of the QoS class of the fourth tunnel is different from the indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the GBR-related QoS parameter information of the fourth tunnel is different from the GBR-related QoS parameter information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the priority of the fourth tunnel is different from the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

in the absence of a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel does not contain IPsec data tunnel information;

and/or

if the second condition is met, the first network is requested to provide one second tunnel for multiple IPsec data tunnels, the first network is requested to provide one part of the second QoS information for multiple IPsec data tunnels, data binding of multiple IPsec data tunnels to the second tunnel, or data binding of multiple IPsec data tunnels to one part of the second QoS information, where

the second condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a non-GBR tunnel or contains a QoS parameter related to non-GBR; and

the received tunnel information between the user equipment and the second network does not contain indication information of a separate delivery resource or contains information that is not required for a separate delivery resource;

and/or

if the third condition is met, the fourth tunnel is changed to an IPsec data tunnel, where

the third condition includes at least one of the following options:

the tunnel associated with the IPsec data tunnel between the user equipment and the second network is a non-GBR tunnel;

the received tunnel information between the user equipment and the second network does not contain indication information of a separate delivery resource or contains information that is not required for a separate delivery resource;

the QoS information of the fourth tunnel is different from the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the QoS class indication of the fourth tunnel is identical to the tunnel QoS class indication associated with the IPsec data tunnel between the user equipment and the second network;

the GBR-related QoS parameter information of the fourth tunnel is different from the GBR-related QoS parameter information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the priority of the fourth tunnel is different from the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

if there is a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel does not contain IPsec data tunnel information;

and/or

if the fourth condition is met, the IPsec data tunnel is bound to the fourth tunnel, where

the fourth condition includes at least one of the following options:

the QoS information of the fourth tunnel is the same as the QoS information of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the QoS requirement of the fourth tunnel is greater than or identical to the QoS requirement of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

the indication of the QoS class of the fourth tunnel is greater than or identical to the indication of the QoS class of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

if there is a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

the uplink and/or downlink packet filter information of the fourth tunnel contains IPsec data tunnel information.

[00367] In addition, when the IPsec data tunnel is associated with one tunnel between the user equipment and the second network, setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes at least one of the following options:

setting or changing the QoS class indication of the second tunnel according to the tunnel QoS class indication corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the priority of the second tunnel according to the priority of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet delay budget of the second tunnel according to the packet delay budget of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet error rate of the second tunnel according to the packet error rate of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the default maximum packet data amount of the second tunnel to the default maximum packet data amount of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the default averaging window of the second tunnel by the default averaging window of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

when there is no averaging window for the tunnel associated with the IPsec data tunnel between the user equipment and the second network, setting or changing the second tunnel for a condition of no default averaging window;

setting or changing the uplink GBR or GFBR of the second tunnel over the uplink GBR or GFBR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the GBR or GFBR of the downlink of the second tunnel through the GBR or GFBR of the downlink of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the uplink MBR or MFBR of the second tunnel over the uplink MBR or MFBRR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network; and

setting or changing the downlink MBR or MFBR of the second tunnel over the downlink MBR or MFBR of the tunnel associated with the IPsec data tunnel between the user equipment and the second network;

and/or

when the multi-tunnel condition is met, setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes at least one of the following options:

setting or changing the QoS parameter information of the second tunnel according to the QoS parameter information with the highest QoS requirement, which corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the QoS class indication of the second tunnel according to the highest priority tunnel QoS class indication that corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no standardized QoS class indication corresponding to a combination of the following information about the second tunnel QoS parameter: priority, packet delay budget, packet error rate, maximum data packet size, regardless of whether the GBR value and/or the default averaging window requirement is set, setting and changing the QoS class indication of the second tunnel to a non-standardized QoS class indication or no QoS class indication condition;

when there is no standardized QoS class indication corresponding to the second tunnel QoS parameter information other than the QoS class indication, setting and changing the QoS class indication of the second tunnel to a non-standardized QoS class indication or no QoS class indication condition;

setting or changing the priority of the second tunnel from the highest priority corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

setting or changing the packet delay budget of the second tunnel to the smallest packet delay budget corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

adjusting or changing the packet error rate of the second tunnel according to the lowest value packet error rate corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

setting or changing the default maximum packet data amount of the second tunnel to the default maximum packet data amount of the largest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no tunnel requiring an averaging window for tunnels associated with the IPsec data tunnel between the user equipment and the second network, configuring or changing the second tunnel in order to have a requirement for a default averaging window;

when a GBR tunnel is present in the tunnels associated with the IPsec data tunnel, at least one of the following operations is performed between the user equipment and the second network:

setting up or changing a second tunnel over the GBR tunnel;

setting or changing the GFBR or GBR of the second tunnel to the highest GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the MFBR or MBR of the second tunnel to the highest MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the GFBR or GBR of the uplink of the second tunnel to the highest value of the GFBR or GBR of the uplink corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the MFBR or MBR of the uplink of the second tunnel according to the highest value of the MFBR or MBR of the uplink corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the GFBR or GBR of the downlink of the second tunnel to the highest value of the downlink GFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

setting or changing the downlink MFBR or MBR of the second tunnel according to the highest downlink MFBR value corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

When the IPsec data tunnel is associated with a tunnel with QoS class indication N between the user equipment and the second network, setting and changing the QoS class indication of the second tunnel over N or changing the QoS class indication of the fourth tunnel over N, where the value of N is obtained from the first network or includes one value from the following: 1, 5, 69 and 70;

when the IPsec data tunnel is associated with a tunnel containing voice traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the voice traffic;

when the IPsec data tunnel is associated with a tunnel containing emergency call traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the emergency call traffic;

when the IPsec data tunnel is associated with a tunnel containing high priority traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the high priority traffic;

when the standardized QoS class indication is presented for the QoS flow of the second network contained in the IPsec data tunnel, setting and changing the QoS class indication of the second tunnel according to the standardized QoS class indication; and

setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel newly associated with the IPsec data tunnel between the user equipment and the second network, where

the multi-tunnel condition includes at least one of the following:

The IPsec data tunnel is associated with multiple tunnels on the second network;

The IPsec data tunnel is reassociated with the tunnel between the user equipment and the second network, and the newly associated tunnel between the user equipment and the second network has the highest QoS requirement in the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

The IPsec data tunnel is decoupled from the tunnel between the user equipment and the second network, and the decoupled tunnel between the user equipment and the second network has a higher QoS requirement in the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

[00368] In addition, when the IPsec data tunnel is associated with multiple tunnels of the second network, setting the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes at least one of the following options:

changing the QoS parameter information of the fourth tunnel to the highest QoS requirement QoS parameter information that corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the indication of the QoS class of the fourth tunnel to the indication of the QoS class of the tunnel with the highest priority, which corresponds to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

when there is no standardized QoS class indication corresponding to a combination of the following fourth tunnel QoS parameter information: priority, packet delay budget, packet error rate, maximum data packet size, regardless of whether the GBR value and/or the default averaging window requirement is set, changing the QoS class indication of the fourth tunnel to a non-standardized QoS class indication or no QoS class indication condition;

when there is no standardized QoS class indication corresponding to the QoS parameter information of the fourth tunnel, except for the QoS class indication, changing the QoS class indication of the fourth tunnel to a non-standardized QoS class indication, or no QoS class indication condition;

changing the priority of the fourth tunnel from the priority with the highest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the packet delay budget of the fourth tunnel to the lowest packet delay budget corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the packet error rate of the fourth tunnel according to the smallest packet error rate corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network;

changing the default maximum packet data amount of the fourth tunnel from the default maximum packet data amount with the largest value corresponding to the tunnels associated with the IPsec data tunnel between the user equipment and the second network; and

when there is no tunnel requiring an averaging window for tunnels associated with the IPsec data tunnel between the user equipment and the second network, changing the fourth tunnel to require a default averaging window;

when a GBR tunnel is present in the tunnels associated with the IPsec data tunnel, at least one of the following operations is performed between the user equipment and the second network:

change of the fourth tunnel along the GBR tunnel;

changing the GFBR or GBR of the fourth tunnel to the highest GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the MFBR or MBR of the fourth tunnel according to the highest MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the uplink GFBR or GBR of the fourth tunnel according to the highest uplink GFBR or GBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the uplink MFBR or MBR of the fourth tunnel according to the highest uplink MFBR or MBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the downlink GFBR or GBR of the fourth tunnel according to the highest downlink GFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network;

changing the downlink MFBR or MBR of the fourth tunnel according to the highest downlink MFBR corresponding to multiple tunnels associated with the IPsec data tunnel of the second network; and

When the IPsec data tunnel is associated with a tunnel with QoS class indication N between the user equipment and the second network, change the QoS class indication of the fourth tunnel over N, where the value of N is obtained from the first network or includes one of the following: 1, 5, 69, and 70 ;

when the IPsec data tunnel is associated with a tunnel containing voice traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the voice traffic;

when the IPsec data tunnel is associated with a tunnel containing emergency call traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the emergency call traffic;

when the IPsec data tunnel is associated with a tunnel containing high priority traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the high priority traffic; and

when the standardized QoS class indication is presented for the QoS flow of the second network contained in the IPsec data tunnel, changing the QoS class indication of the fourth tunnel according to the standardized QoS class indication.

[00369] Additionally, the second tunnel and/or the fourth tunnel is a QoS flow; and/or

the second tunnel the second QoS flow or the QoS flow in the first session PDU;

and/or

the fourth tunnel is the existing QoS flow in the first PDU session;

and/or

a tunnel between the user equipment and the second network; a QoS flow between the user equipment and the second network; and/or

a tunnel between the user equipment and the second network - QoS flow of the second network;

and/or

the second tunnel is the second QoS flow, and making a request to the first network to create a second tunnel includes at least one of the following options:

making a request to the first network to add a second QoS flow to the first session PDU; and

sending a request to the first network to change the first PDU session or to create the first PDU session, a request to change the first PDU session or to create the first PDU session containing the QoS information of the second QoS flow to be created;

and/or

second tunnel second QoS flow, fourth tunnel the existing QoS flow in the first PDU session, requesting the first network to change the fourth tunnel over the first tunnel includes at least one of the following:

making a request to the first network to change the fourth QoS flow in the first PDU session; and

transmitting a request to the first network to change the PDU session, where the change request of the first PDU session contains QoS information of the fourth QoS flow to be changed; and

first session PDU A PDU session in the first network used to transfer information between the user equipment and the second network.

[00370] Additionally, the IPsec data tunnel information includes at least one of the following: an IPsec data tunnel identifier, a protocol field indicating ESP, an IPsec data tunnel security parameter index, and tunnel identification information associated with the IPsec data tunnel, between the user equipment and the second network; and/or

tunnel information between the user equipment and the second network includes at least one of the following elements: IPSec data tunnel identifier associated with the tunnel between the user equipment and the second network, IPSec data tunnel security parameters index associated with the tunnel between the user equipment and the second network, new a tunnel between the user equipment and the second network, a remote tunnel between the user equipment and the second network, information about the quality of service parameters of the tunnel between the user equipment and the second network, indication information of a separate delivery resource, and indication information that a separate delivery resource is not required.

[00371] Additionally, the identification information about the tunnel associated with the IPsec data tunnel between the user equipment and the second network includes a QoS flow ID and a PDU session ID to which the QoS flow belongs.

[00372] The QoS information includes at least one of the following: be it GBR or non-GBR, QoS class indication (5QI or QFI), priority, packet delivery budget, packet error rate, default maximum data size, default averaging window , uplink GBR, downlink GBR, uplink MBR, downlink MBR, uplink GFB, downlink GFBR, uplink MFBR, downlink MFBR, traffic descriptor component type identifier, and packet filter information. [00373] Additionally, obtaining IPsec data tunnel information and/or tunnel information between the user equipment and the second network includes:

obtaining IPsec data tunnel information from the proxy network element; and/or obtaining tunnel information between the user equipment and the second network from the second network.

[00374] Additionally, the second QoS flow is a non-standard QoS flow.

[00375] According to one embodiment of the present invention, a proxy network element is further provided that includes a processor and a memory. In this embodiment, the proxy network element further includes a computer program that is stored on a storage device and can be run on a processor. When a computer program is executed by a processor, the following steps are implemented:

determination of the fact of compliance with a given condition; and when it is determined that the predetermined condition is met, performing an operation related to the IPSec data tunnel for the second network tunnel.

[00376] A proxy network element is a proxy of the first network for interfacing with the second network.

[00377] The specified condition also includes at least one of the following conditions:

a request is received to create a tunnel between the user equipment and the second network;

a request is received to change the tunnel between the user equipment and the second network;

the proxy network element provides 3GPP access;

the first network is the 3GPP network; and

the operation of linking the tunnel between the user equipment and the second network to the IPsec tunnel has been performed.

[00378] Additionally, performing an operation related to the IPsec data tunnel for the tunnel of the second network includes at least one of the following operations:

determining a binding from the tunnel between the user equipment and the second network to the IPsec data tunnel;

creating a separate IPsec data tunnel for each tunnel between the user equipment and the second network, or creating different IPsec data tunnels for different tunnels between the user equipment and the second network;

creating a separate IPsec data tunnel for each GBR tunnel between the user equipment and the second network;

when the tunnel between the user equipment and the second network meets the separate delivery condition, creating a separate IPsec data tunnel for the tunnel between the user equipment and the second network;

creating an IPsec data tunnel specifically for non-GBR for the GBR tunnel between the user equipment and the second network;

binding one or more non-GBR tunnels between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically for priority for the GBR tunnel between the user equipment and the second network;

binding one or more tunnels with the same priority between the user equipment and the second network to one IPsec data tunnel;

creating different IPsec data tunnels for tunnels with different priorities between the user equipment and the second network, or associating tunnels with different priorities between the user equipment and the second network to different IPsec data tunnels;

creating an IPsec data tunnel specifically for the GBR related QoS parameter information for the tunnel between the user equipment and the second network;

creation of different IPsec data tunnels for tunnels with different GBR-related QoS parameter information between the user equipment and the second network, or linking tunnels with different GBR-related QoS parameter information between the user equipment and the second network to different IPsec tunnels data;

binding one or more tunnels with the same GBR related QoS parameter information between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network;

creating different IPsec data tunnels for tunnels with different QoS class indications between the user equipment and the second network, or linking tunnels with different QoS class indications between the user equipment and the second network to different IPsec data tunnels;

binding one or more tunnels with the same QoS class indications between the user equipment and the second network to one IPsec data tunnel;

creating an IPsec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network;

creation of IPsec data tunnels for tunnels with different QoS class indication between the user equipment and the second network; and

binding multiple tunnels with the same QoS information between the user equipment and the second network to one IPsec data tunnel.

[00379] A separate delivery condition includes at least one of the following options:

tunnel between user equipment and the second network - GBR tunnel;

indication of the QoS class of the tunnel between the user equipment and the second network takes the value N, where N is one of the following values: 1.5, 69 and 70;

tunnel between user equipment and the second network - a tunnel containing voice traffic;

tunnel between user equipment and the second network - a tunnel containing emergency call traffic;

tunnel between user equipment and the second network - a tunnel containing high priority traffic;

the received request to create a tunnel between the user equipment and the second network contains indication information of a separate delivery resource;

the QoS information of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the QoS information of the tunnel between the user equipment and the second network requested to be created;

the indication of the QoS class of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the indication of the QoS class of the tunnel between the user equipment and the second network, the establishment of which is requested;

The QoS parameter information related to the GBR of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the QoS parameter information related to the GBR of the tunnel between the user equipment and the second network, the establishment of which is requested;

the QoS priority of the existing tunnel associated with the IPsec data tunnel between the user equipment and the second network is different from the priority of the tunnel between the user equipment and the second network, the creation of which is requested;

the non-GBR tunnel is present in the existing tunnels associated with the IPsec data tunnel between the user equipment and the second network; a tunnel between the user equipment and the second network for which a request has been received, a non-GBR tunnel.

[00380] Additionally, the tunnel is a QoS flow;

and/or

the tunnel between the user equipment and the second network is the QoS flow of the second network.

[00381] According to one embodiment of the present invention, a communication network element is further provided that includes a processor and a memory. In this embodiment, the communication network element further includes a computer program that is stored on a storage device and can be run on a processor. When a computer program is executed by a processor, the following steps are implemented:

transmission of tunnel information between the user equipment and the second network, wherein the tunnel information between the user equipment and the second network includes at least one of the following elements: an IPSec data tunnel identifier associated with a tunnel between the user equipment and the second network, an IPSec tunnel security parameter index data connected by a tunnel between the user equipment and the second network, a new tunnel between the user equipment and the second network, a remote tunnel between the user equipment and the second network, information about the quality of service parameters of the tunnel between the user equipment and the second network, individual delivery resource indication information and indication information that a separate delivery resource is not required.

[00382] Additionally, the transmission of tunnel information between the user equipment and the second network includes:

transmitting tunnel information between the user equipment and the second network to at least one of the following: the user equipment and the proxy network element.

[00383] Additionally, subject to a predetermined condition, tunnel information is transmitted between the user equipment and the second network, where

the predetermined condition includes access of the user equipment to the second network via the first network, which is a 3GPP network.

[00384] According to one embodiment of the present invention, a computer-readable storage medium is further provided. The program is stored on a computer-readable storage medium. When this program is executed by the processor, the processes according to the above embodiments of the data transmission method are implemented to achieve the same technical effect. To avoid repetition, the detailed description in this application will no longer be given. For example, a computer-readable storage medium is a Read-Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disk.

[00385] It should be noted that in this specification, the terms "include", "include", or any other variations thereof are intended to mean a non-exclusive content such that a process, method, article, or apparatus including a number of elements, contains not only these elements, but also other elements not directly listed, or additionally includes elements specific to that process, method, article, or device. Unless otherwise limited, an element containing the term "includes..." does not preclude the presence of other identical elements in a process, method, article, or device that includes the element.

[00386] It will be clearly apparent to one skilled in the art from the description of the above embodiments that the method of the above embodiments may be implemented by software in combination with a general purpose hardware platform or by hardware alone. However, in most cases, the first implementation option is preferable. Based on this understanding, the technical solutions of the present invention, in substantial part or parts relating to the prior art, can be implemented as a software product. This computer program product is stored on a storage medium (e.g., ROM/RAM, magnetic or optical disk) and includes several instructions for execution by user equipment (which may be a mobile phone, computer, server, air conditioner, network device, or the like). .) in order to implement the method described in the embodiments of the present invention.

[00387] The above is a description of embodiments of the present invention with reference to the accompanying drawings. However, the present invention is not limited to the above specific embodiments. The foregoing specific implementation options are provided for illustrative purposes and are not limiting. In light of the present application, other forms may be devised by those skilled in the art without departing from the principles of the present invention and the scope of the claims, and all of these forms fall within the scope of the present invention.

Claims (395)

1. A method for ensuring data transmission applicable to user equipment, which includes: obtaining first Internet Protocol security (IPSec) tunnel information, characterized in that the first IPSec tunnel is an IPSec tunnel used for transmission of control signals between the user equipment and the second network, and performing the first side operation for the tunnel of the first network based on the information of the first IPSec tunnel, wherein the execution of the first associated operation for the tunnel of the first network includes at least one of the following options: submitting to the first network a request to create a first tunnel; submitting to the first network a request to change the third tunnel through the first tunnel; transmitting quality of service (QoS) information of the first tunnel to the first network; transmitting the modified QoS information of the third tunnel to the first network; transmitting the first QoS information to the first network; setting uplink and/or downlink packet filter information of the first tunnel according to the first IPSec tunnel information; setting the uplink and/or downlink packet filter information from among the first QoS information according to the first IPSec tunnel information; changing the uplink and/or downlink packet filter information of the third tunnel according to the information of the first IPSec tunnel; setting a component type identifier of the traffic descriptor in the QoS information of the first tunnel according to the security parameter index type; setting a component type identifier of the traffic descriptor in the first QoS information by type of security parameter index; changing the component type identifier of the traffic descriptor in the QoS information of the third tunnel according to the security parameters index type; setting up the first tunnel over a non-guaranteed bit rate (non-GBR) tunnel; setting the QoS information of the first tunnel or the first QoS information to no GBR related QoS parameter information; changing the third tunnel over the non-GBR tunnel; setting the QoS information of the third tunnel to no GBR related QoS parameter information; setting the QoS class indication information in the QoS information of the first tunnel according to the first QoS class indication information; setting indication information in the first QoS information to the first indication information about the QoS class; changing the QoS class indication information in the QoS information of the third tunnel according to the first QoS class indication information; setting the QoS priority in the QoS information of the first tunnel by the first QoS priority; setting a QoS priority in the first QoS information on the first QoS priority; changing the QoS priority in the QoS information of the third tunnel over the first QoS priority; and transmitting information of the first IPSec tunnel to the first network; wherein the first tunnel is used for data transmission of the first IPSec tunnel or for transmission of control signals between the user equipment and the second network; the third tunnel is represented by the tunnel already created for the subscriber unit and the first network; and the first QoS information is represented by new QoS information. 2. The method according to p. 1, characterized in that the QoS information of the first tunnel, the modified QoS information of the third tunnel and/or the first QoS information lacks QoS parameter information related to the GBR; and/or the first tunnel QoS information, the third tunnel modified QoS information, and/or the first QoS information includes at least one of the following: uplink and/or downlink packet filter information, which is represented by the first IPSec tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS flow class indication information represented by the first QoS class indication information. 3. The method according to claim 1, characterized in that after the creation of the first tunnel is completed, the first tunnel, the first QoS information, the modified QoS information of the third tunnel, and/or the third tunnel are changed and converted to the first tunnel, the first associated tunnel information of the first network further includes includes at least one of the following options: transmitting control signals between the user equipment and the second network or data of the first IPSec tunnel through the first tunnel; switching transmission of control signals between the user equipment and the second network or data of the first IPSec tunnel to the first tunnel for transmission; creating and/or maintaining a mapping between the first tunnel and the first IPSec tunnel; and/or after rejecting the creation of the first tunnel, rejecting the change of the third tunnel, rejecting the provision of the first QoS information, and/or releasing the first tunnel, the first accompanying operation for the tunnel of the first network further includes one of the following options: a deregistration request to the address of the second network and transfer to deregistration status. 4. The method according to p. 1, characterized in that the first tunnel and/or the third tunnel is a QoS flow; and/or the first tunnel is the first QoS flow or QoS flow in the first protocol data unit (PDU) session; and/or the third tunnel is the existing QoS flow in the first PDU session; and/or the first tunnel is the first QoS flow, and making a request to the first network to create the first tunnel includes at least one of the following: making a request to the first network to create the first QoS flow in the first PDU session; and transmitting a request to the first network to change the first PDU session or create the first PDU session, wherein the request to change the first PDU session or create the first PDU session contains the QoS information of the first QoS to be created or the first QoS information; and/or the first tunnel is the first QoS flow, the third tunnel is the existing QoS flow in the first PDU session, making a request to the first network to change the third tunnel over the first tunnel includes at least one of the following options: making a request to the first network to change the third QoS flow in the first PDU session; and transmitting a request to the first network to change the PDU session, wherein the change request of the first PDU session contains QoS information of the third QoS flow to be changed; wherein the first PDU session is a PDU session in the first network used to transfer information between the user equipment and the second network; and/or the first QoS class indication information and/or the first priority is used to indicate a request for a particular delivery radio resource; and/or the first QoS class indication information includes at least one of the following: a QoS class indication for the operator; a non-standardized first indication of the QoS class, wherein the non-standardized first indication of the QoS class takes a value from 5 to 69; and identifying the non-GBR QoS class; and/or the first priority information takes the value 5. 5. The method according to any one of paragraphs. 1-4, characterized in that the first IPSec tunnel information includes at least one of the first IPSec tunnel identifier, a protocol field indicating secure payload encapsulation (ESP), a security parameter index (SPI) of the first IPSec tunnel, and second network information associated with the first IPSec tunnel. 6. The method according to p. 1, characterized in that obtaining information of the first IPSec tunnel includes obtaining first IPSec tunnel information from the proxy network element. 7. A method for ensuring data transmission applicable to user equipment, which includes: obtaining IPSec data tunnel information and/or tunnel information between the user equipment and the second network, wherein the IPSec data tunnel is an IPSec tunnel used to transfer user plane data between the user equipment and the second network or tunnel data between the user equipment and the second network ; and performing second related information for the tunnel of the first network based on the information of the IPSec data tunnel and/or the information of the tunnel between the user equipment and the second network; while performing the second related operation for the tunnel of the first network includes at least one of the following options: submitting to the first network a request to create a second tunnel; submitting to the first network a request to change the fourth tunnel; transmitting quality of service (QoS) information of the second tunnel to the first network; transmitting the changed QoS information of the fourth tunnel to the first network; transmitting the second QoS information to the first network; requesting the first network to provide a separate second tunnel or separate second QoS information for each IPSec data tunnel; making a request to the first network to provide a separate second tunnel or a separate second QoS information for the IPSec data tunnel; requesting the first network to provide one second tunnel for the plurality of IPSec data tunnels, or to bind the data of the plurality of IPSec data tunnels to the one second tunnel or one part of the second QoS information; changing the fourth tunnel for the IPSec data tunnel; binding the IPSec data tunnel to the fourth tunnel; setting uplink and/or downlink packet filter information of the second tunnel according to the IPSec data tunnel information; setting the uplink and/or downlink packet filter information from among the first QoS information on the IPSec data tunnel information; changing the uplink and/or downlink packet filter information in the QoS information of the fourth tunnel according to the IPSec data tunnel information or adding the IPSec data tunnel information; to the uplink and/or downlink packet filter information to the QoS information of the fourth tunnel; setting a component type identifier of the traffic descriptor in the QoS information of the second tunnel according to the security parameters index type; setting a component type identifier of the traffic descriptor in the second QoS information by type of security parameters index; changing the component type identifier of the traffic descriptor in the QoS information of the fourth tunnel according to the security parameters index type; setting the QoS parameter information in the QoS information of the second tunnel to the QoS parameter information corresponding to the tunnel associated with the IPSec data tunnel between the user equipment and the second network; setting the QoS parameter information in the second QoS information on the description information of the QoS flow corresponding to the tunnel associated with the IPSec data tunnel between the user equipment and the second network; changing the QoS parameter information in the QoS information of the fourth tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPSec data tunnel between the user equipment and the second network, or adding such QoS parameter information to the QoS parameter information in the QoS information of the fourth tunnel QoS information; and transmitting the IPSec data tunnel information to the first network; wherein the second tunnel is used for transmitting IPSec data tunnel data or is used for transmitting tunnel data between the user equipment and the second network, or is used for transmitting user plane data between the user equipment and the second network; the fourth tunnel is represented by the tunnel already created for the user equipment and the first network; and the second QoS information is represented by new QoS information. 8. The method according to p. 7, characterized in that the second tunnel QoS information and/or the second QoS information includes at least one of the following: uplink and/or downlink packet filter information, which is represented by the IPSec data tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS parameter information, which is information corresponding to a tunnel associated with the IPSec data tunnel between the user equipment and the second network; and/or the modified fourth tunnel QoS parameter information includes at least one of the following: uplink packet filter information representing or including IPSec data tunnel information; downlink packet filter information that is or includes IPSec data tunnel information; the type identifier of the component of the traffic descriptor, which is represented by the type of index of security parameters; and QoS parameter information being or including information corresponding to a tunnel associated with the IPSec data tunnel between the user equipment and the second network. 9. The method according to p. 7, characterized in that after completing the creation of the second tunnel, receiving the provided QoS information sent by the first network that contains the second QoS information, providing the second QoS information by the first network, and/or receiving a transmission from the first network to enable the creation of the first tunnel, performing a second related operation for the tunnel of the first network further includes includes at least one of the following operations: transmitting, through the second tunnel, IPSec data tunnel data, tunnel data between the user equipment and the second network, or user plane data between the user equipment and the second network; switching the IPSec data tunnel data, the tunnel data between the user equipment and the second network, or the user plane data between the user equipment and the second network to the second tunnel for transmission; and creating and/or maintaining a mapping between the second tunnel and the IPSec data tunnel; and/or after completing the modification of the fourth tunnel, receiving the provided QoS information sent by the first network that contains the third QoS information, providing the third QoS information by the core network, and/or receiving a transmission from the first network to enable the modification of the third tunnel, performing a second related operation for the tunnel of the first network further includes includes at least one of the following operations: transmitting data of the IPSec data tunnel through the fourth tunnel; switching the data of the IPSec data tunnel to the fourth tunnel for transmission; and updating the mapping between the fourth tunnel and the IPSec tunnel, wherein the IPSec tunnel associated with the fourth tunnel includes the IPSec data tunnel; and/or after rejecting the creation of the second tunnel, rejecting the change of the fourth tunnel, rejecting the provision of the second QoS information, and/or releasing the second tunnel, the second accompanying operation for the tunnel of the first network further includes at least one of the following operations: making a request to the second network to release the tunnel associated with the second IPSec tunnel between the user equipment and the second network and issuing a response to the second network that the tunnel associated with the second IPSec between the user equipment and the second network has not been created. 10. The method according to p. 7, characterized in that provided that the first condition is met, the first network is requested to provide a separate second tunnel for the IPSec data tunnel, or the first network is requested to provide a separate second QoS information for the IPSec data tunnel, and The first condition includes at least one of the following options: the tunnel associated with the IPSec data tunnel between the user equipment and the second network is a GBR tunnel or contains QoS parameter information related to GBR; indication of the QoS class of the tunnel associated with the IPSec data tunnel between the user equipment and the second network takes the value N, where N is one of the following values: 1, 5, 69 and 70; the tunnel associated with the IPSec data tunnel between the user equipment and the second network is a tunnel containing voice traffic; the tunnel associated with the IPSec data tunnel between the user equipment and the second network is a tunnel containing emergency call traffic; the tunnel associated with the IPSec data tunnel between the user equipment and the second network is a tunnel containing high priority traffic; the received tunnel information between the user equipment and the second network contains the individual delivery resource indication information; the QoS information of the fourth tunnel is different from the QoS information of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; the indication of the QoS class of the fourth tunnel is different from the indication of the QoS class of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; the GBR-related QoS parameter information of the fourth tunnel is different from the GBR-related QoS parameter information of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; the priority of the fourth tunnel is different from the priority of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; in the absence of a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPSec data tunnel between the user equipment and the second network; and the uplink and/or downlink packet filter information of the fourth tunnel does not contain IPSec data tunnel information; and/or if the second condition is met, the first network is requested to provide one second tunnel for multiple IPSec data tunnels, the first network is requested to provide one part of the second QoS information for multiple IPSec data tunnels, data binding of multiple IPSec data tunnels to the second tunnel, or data binding of multiple IPSec data tunnels to one part of the second QoS information, and the second condition includes at least one of the following options: the tunnel associated with the IPSec data tunnel between the user equipment and the second network is a non-GBR tunnel or contains a QoS parameter related to non-GBR; and the received tunnel information between the user equipment and the second network does not contain indication information of a separate delivery resource or contains information that is not required for a separate delivery resource; and/or if the third condition is met, the fourth tunnel is changed for the IPSec data tunnel, and the third condition includes at least one of the following options: the tunnel associated with the IPSec data tunnel between the user equipment and the second network is a non-GBR tunnel; the received tunnel information between the user equipment and the second network does not contain indication information of a separate delivery resource or contains information that is not required for a separate delivery resource; the QoS information of the fourth tunnel is different from the QoS information of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; the QoS class indication of the fourth tunnel is identical to the tunnel QoS class indication associated with the IPSec data tunnel between the user equipment and the second network; the GBR-related QoS parameter information of the fourth tunnel is different from the GBR-related QoS parameter information of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; the priority of the fourth tunnel is different from the priority of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; if there is a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPSec data tunnel between the user equipment and the second network; and the uplink and/or downlink packet filter information of the fourth tunnel does not contain IPSec data tunnel information; and/or if the fourth condition is met, the IPSec data tunnel is bound to the fourth tunnel, and the fourth condition includes at least one of the following options: the QoS information of the fourth tunnel is the same as the QoS information of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; the QoS parameter requirement of the fourth tunnel is greater than or identical to the QoS parameter requirement of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; the QoS class indication of the fourth tunnel is greater than or identical to the QoS class indication of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; if there is a fourth tunnel, a non-guaranteed transmission rate (non-GBR) tunnel is used, and a non-GBR tunnel is used as a tunnel associated with the IPSec data tunnel between the user equipment and the second network; and the uplink and/or downlink packet filter information of the fourth tunnel contains the IPSec data tunnel information. 11. The method according to p. 7, characterized in that, when the IPSec data tunnel is associated with one tunnel between the user equipment and the second network, setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPSec data tunnel between the user equipment and the second network includes at least one of the following options: setting or changing the QoS class indication of the second tunnel according to the tunnel QoS class indication corresponding to the tunnel associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the priority of the second tunnel according to the priority of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the packet delay budget of the second tunnel according to the packet delay budget of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the packet error rate of the second tunnel according to the packet error rate of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the default maximum packet data amount of the second tunnel from the default maximum packet data amount of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the default averaging window of the second tunnel by the default averaging window of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; when there is no averaging window for the tunnel associated with the IPSec data tunnel between the user equipment and the second network, setting or changing the second tunnel for the condition of no default averaging window; setting or changing the uplink GBR or GFBR of the second tunnel over the uplink GBR or GFBR of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the GBR or GFBR of the downlink of the second tunnel through the GBR or GFBR of the downlink of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the uplink MBR or MFBR of the second tunnel over the uplink MBR or MFBRR of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; and setting or changing the downlink MBR or MFBR of the second tunnel over the downlink MBR or MFBR of the tunnel associated with the IPSec data tunnel between the user equipment and the second network; and/or when the multi-tunnel condition is met, setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPSec data tunnel between the user equipment and the second network includes at least one of the following: setting or changing the QoS parameter information of the second tunnel according to the QoS parameter information with the highest QoS requirement, which corresponds to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the indication of the QoS class of the second tunnel according to the indication of the QoS class of the tunnel with the highest priority, which corresponds to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; when there is no standardized QoS class indication corresponding to a combination of the following information about the second tunnel QoS parameter: priority, packet delay budget, packet error rate, maximum data packet size, regardless of whether the GBR value and/or the default averaging window requirement is set, setting and changing the QoS class indication of the second tunnel to a non-standardized QoS class indication or no QoS class indication condition; when there is no standardized QoS class indication corresponding to the second tunnel QoS parameter information other than the QoS class indication, setting and changing the QoS class indication of the second tunnel to a non-standardized QoS class indication or no QoS class indication condition; setting or changing the priority of the second tunnel from the highest priority corresponding to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the packet delay budget of the second tunnel to the smallest packet delay budget corresponding to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; setting or changing the packet error rate of the second tunnel according to the packet error rate of the smallest value corresponding to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; and setting or changing the default maximum packet data of the second tunnel to the default maximum packet data of the largest value corresponding to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; when there is no tunnel requiring an averaging window for tunnels associated with the IPSec data tunnel between the user equipment and the second network, configuring or changing the second tunnel in order to have a default averaging window requirement; when a GBR tunnel is present in tunnels associated with an IPSec data tunnel, at least one of the following operations is performed between the user equipment and the second network: setting up or changing a second tunnel over the GBR tunnel; setting or changing the GFBR or GBR of the second tunnel to the highest GFBR or GBR corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; setting or changing the MFBR or MBR of the second tunnel to the highest MFBR or MBR corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; setting or changing the GFBR or GBR of the uplink of the second tunnel to the highest value of the GFBR or GBR of the uplink corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; setting or changing the MFBR or MBR of the uplink of the second tunnel according to the highest value of the MFBR or MBR of the uplink corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; setting or changing the GFBR or GBR of the downlink of the second tunnel to the highest value of the downlink GFBR corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; setting or changing the downlink MFBR or MBR of the second tunnel according to the highest downlink MFBR value corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; when the IPSec data tunnel is associated with a tunnel with QoS class indication N between the user equipment and the second network, setting and changing the QoS class indication of the second tunnel over N or changing the QoS class indication of the fourth tunnel over N, where the value of N is obtained from the first network or includes one value from the following: 1, 5, 69 and 70; when the IPSec data tunnel is associated with a tunnel containing voice traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the voice traffic; when the IPSec data tunnel is associated with the tunnel containing the emergency call traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the emergency call traffic; when the IPSec data tunnel is associated with a tunnel containing high priority traffic between the user equipment and the second network, setting and changing the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the high priority traffic; when the standardized QoS class indication is presented for the QoS flow of the second network contained in the IPSec data tunnel, setting and changing the QoS class indication of the second tunnel according to the standardized QoS class indication; and setting the QoS parameter information of the second tunnel according to the QoS parameter information corresponding to the tunnel newly associated with the IPSec data tunnel between the user equipment and the second network, wherein the multi-tunnel condition includes at least one of the following: The IPSec data tunnel communicates with multiple tunnels on the second network; The IPSec data tunnel is reassociated with the tunnel between the user equipment and the second network, and the newly associated tunnel between the user equipment and the second network has the highest QoS requirement in the tunnels associated with the IPSec data tunnel between the user equipment and the second network; and The IPSec data tunnel is decoupled from the tunnel between the user equipment and the second network, and the decoupled tunnel between the user equipment and the second network has a higher QoS requirement in tunnels associated with the IPSec data tunnel between the user equipment and the second network. 12. The method according to claim 7, wherein when the IPSec data tunnel is associated with multiple tunnels of the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the tunnel associated with the IPSec data tunnel between the subscriber equipment and a second network includes at least one of the following options: changing the QoS parameter information of the fourth tunnel from the QoS parameter information with the highest QoS requirement that corresponds to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; changing the indication of the QoS class of the fourth tunnel to the indication of the QoS class of the tunnel with the highest priority, which corresponds to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; when there is no standardized QoS class indication corresponding to a combination of the following fourth tunnel QoS parameter information: priority, packet delay budget, packet error rate, maximum data packet size, regardless of whether the GBR value and/or the default averaging window requirement is set, changing the QoS class indication of the fourth tunnel to a non-standardized QoS class indication or no QoS class indication condition; when there is no standardized QoS class indication corresponding to the QoS parameter information of the fourth tunnel, except for the QoS class indication, changing the QoS class indication of the fourth tunnel to a non-standardized QoS class indication, or no QoS class indication condition; changing the priority of the fourth tunnel from the priority with the highest value corresponding to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; changing the packet delay budget of the fourth tunnel to the packet delay budget of the smallest value corresponding to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; changing the packet error rate of the fourth tunnel according to the lowest value packet error rate corresponding to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; changing the default maximum packet data of the fourth tunnel from the default maximum packet data with the largest value corresponding to the tunnels associated with the IPSec data tunnel between the user equipment and the second network; and, when there is no tunnel requiring an averaging window for tunnels associated with the IPSec data tunnel between the user equipment and the second network, changing the fourth tunnel to require a default averaging window; when a GBR tunnel is present in tunnels associated with an IPSec data tunnel, at least one of the following operations is performed between the user equipment and the second network: change of the fourth tunnel along the GBR tunnel; changing the GFBR or GBR of the fourth tunnel to the highest GFBR or GBR corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; changing the MFBR or MBR of the fourth tunnel according to the highest MFBR or MBR corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; changing the GFBR or GBR of the uplink of the fourth tunnel according to the highest value of the GFBR or GBR of the uplink corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; changing the uplink MFBR or MBR of the fourth tunnel according to the highest uplink MFBR or MBR corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; changing the downlink GFBR or GBR of the fourth tunnel according to the highest downlink GFBR corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; changing the downlink MFBR or MBR of the fourth tunnel according to the highest downlink MFBR corresponding to multiple tunnels associated with the IPSec data tunnel of the second network; and, when the IPSec data tunnel is associated with a tunnel with QoS class indication N between the user equipment and the second network, changing the QoS class indication of the fourth tunnel over N, wherein the value of N is obtained from the first network or includes one of the following: 1, 5, 69 and 70; when the IPSec data tunnel is associated with a tunnel containing voice traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the voice traffic; when the IPSec data tunnel is associated with a tunnel containing emergency call traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the emergency call traffic; when the IPSec data tunnel is associated with a tunnel containing high priority traffic between the user equipment and the second network, changing the QoS parameter information of the fourth tunnel according to the QoS parameter information corresponding to the high priority traffic; and when the standardized QoS class indication is presented for the QoS flow of the second network contained in the IPSec data tunnel, changing the QoS class indication of the fourth tunnel according to the standardized QoS class indication. 13. The method according to any one of paragraphs. 7-12, characterized in that the second tunnel and/or the fourth tunnel is a QoS flow; and/or the second tunnel is the second QoS flow or the QoS flow in the first session PDU; and/or the fourth tunnel is the existing QoS flow in the first PDU session; and/or tunnel between the user equipment and the second network - QoS flow between the user equipment and the second network; and/or a tunnel between the user equipment and the second network - QoS flow of the second network; and/or the second tunnel is the second QoS flow, and making a request to the first network to create a second tunnel includes at least one of the following: making a request to the first network to add a second QoS flow to the first session PDU; and sending a request to the first network to change a PDU session or create a first PDU session, a request to change a first PDU session or create a first PDU session containing QoS information of a second QoS flow to be created; and/or the second tunnel is the second QoS flow, the fourth tunnel is the existing QoS flow in the first PDU session, making a request to the first network to change the fourth tunnel over the first tunnel includes at least one of the following options: making a request to the first network to change the fourth QoS flow in the first PDU session; and transmitting a request to the first network to change the session PDU, and the request to change the first session PDU contains QoS information of the fourth QoS flow to be changed; and first session PDU - session PDU in the first network, used to transfer information between the user equipment and the second network. 14. The method according to p. 7, characterized in that The IPSec data tunnel information includes at least one of the following: an IPSec data tunnel identifier, a protocol field pointing to ESP, an IPSec data tunnel security parameter index, and a tunnel identification information associated with the IPSec data tunnel between the subscriber equipment and a second network; and/or the tunnel information between the user equipment and the second network includes at least one of the following: an IPSec data tunnel identifier associated with the tunnel between the user equipment and the second network, an IPSec data tunnel security parameter index associated with the tunnel between the user equipment and the second network , a new tunnel between the user equipment and the second network, a remote tunnel between the user equipment and the second network, information about the quality of service parameters of the tunnel between the user equipment and the second network, indication information of a separate delivery resource, and indication information that a separate delivery resource is not required. 15. The method according to claim 7, characterized in that obtaining IPSec data tunnel information and/or tunnel information between the user equipment and the second network includes obtaining IPSec data tunnel information from the proxy network element and/or obtaining tunnel information between the user equipment and the second network from the second network. 16. Subscriber equipment for wireless communication, including: a sink module for receiving information of the first IPSec tunnel, wherein the first IPSec tunnel is an IPSec tunnel used for transmission of control signals between the user equipment and the second network, and an executing module for performing a first related operation for the tunnel of the first network based on the information of the first IPSec tunnel; wherein the execution of the first associated operation for the tunnel of the first network includes at least one of the following options: submitting to the first network a request to create a first tunnel; submitting to the first network a request to change the third tunnel through the first tunnel; transmitting information about the quality of service (QoS) of the first tunnel to the first network; transmitting the changed QoS information of the third tunnel to the first network; transmitting the first QoS information to the first network; setting uplink and/or downlink packet filter information of the first tunnel according to the first IPSec tunnel information; setting the uplink and/or downlink packet filter information from among the first QoS information according to the first IPSec tunnel information; changing the uplink and/or downlink packet filter information of the third tunnel according to the information of the first IPSec tunnel; setting a component type identifier of the traffic descriptor in the QoS information of the first tunnel according to the security parameter index type; setting a component type identifier of the traffic descriptor in the first QoS information by type of security parameter index; changing the component type identifier of the traffic descriptor in the QoS information of the third tunnel according to the security parameters index type; setting up the first tunnel over a non-guaranteed bit rate (non-GBR) tunnel; setting the QoS information of the first tunnel or the first QoS information to no GBR related QoS parameter information; changing the third tunnel over the non-GBR tunnel; setting the QoS information of the third tunnel to no GBR related QoS parameter information; setting the QoS class indication information in the QoS information of the first tunnel according to the first QoS class indication information; setting indication information in the first QoS information to the first indication information about the QoS class; changing the QoS class indication information in the QoS information of the third tunnel according to the first QoS class indication information; setting the QoS priority in the QoS information of the first tunnel by the first QoS priority; setting a QoS priority in the first QoS information on the first QoS priority; changing the QoS priority in the QoS information of the third tunnel over the first QoS priority; and transmitting information of the first IPSec tunnel to the first network; wherein the first tunnel is used for data transmission of the first IPSec tunnel or for transmission of control signals between the user equipment and the second network; the third tunnel is represented by the tunnel already created for the subscriber unit and the first network; and the first QoS information is represented by new QoS information. 17. Subscriber equipment for wireless communication, including: a sink module for receiving IPSec data tunnel information and/or tunnel information between the user equipment and the second network, wherein the IPSec data tunnel is an IPSec tunnel used to transmit user plane data between the user equipment and the second network, or data a tunnel between the user equipment and the second network; and an executing module for executing second related information for the tunnel of the first network based on the information of the IPSec data tunnel and/or the information of the tunnel between the user equipment and the second network, wherein the execution of the first associated operation for the tunnel of the first network includes at least one of the following options: submitting to the first network a request to create a first tunnel; submitting to the first network a request to change the third tunnel through the first tunnel; transmitting information about the quality of service (QoS) of the first tunnel to the first network; transmitting the changed QoS information of the third tunnel to the first network; transmitting the first QoS information to the first network; setting uplink and/or downlink packet filter information of the first tunnel according to the first IPSec tunnel information; setting the uplink and/or downlink packet filter information from among the first QoS information according to the first IPSec tunnel information; changing the uplink and/or downlink packet filter information of the third tunnel according to the information of the first IPSec tunnel; setting a component type identifier of the traffic descriptor in the QoS information of the first tunnel according to the security parameters index type; setting a component type identifier of the traffic descriptor in the first QoS information by type of security parameters index; changing the component type identifier of the traffic descriptor in the QoS information of the third tunnel according to the security parameters index type; setting up the first tunnel over a non-guaranteed bit rate (non-GBR) tunnel; setting the QoS information of the first tunnel or the first QoS information to no GBR related QoS parameter information; changing the third tunnel over the non-GBR tunnel; setting the QoS information of the third tunnel to no GBR related QoS parameter information; setting the QoS class indication information in the QoS information of the first tunnel according to the first QoS class indication information; setting indication information in the first QoS information to the first indication information about the QoS class; changing the QoS class indication information in the QoS information of the third tunnel according to the first QoS class indication information; setting the QoS priority in the QoS information of the first tunnel by the first QoS priority; setting a QoS priority in the first QoS information on the first QoS priority; changing the QoS priority in the QoS information of the third tunnel over the first QoS priority; and transmitting information of the first IPSec tunnel to the first network; wherein the first tunnel is used for data transmission of the first IPSec tunnel or for transmission of control signals between the user equipment and the second network; the third tunnel is represented by the tunnel already created for the subscriber unit and the first network; and the first QoS information is represented by new QoS information. 18. A method for providing data transfer applicable to an intermediary network element, which includes: determination of the fact of compliance with a given condition; and, when it is determined that the predetermined condition is met, performing an operation related to the IPSec data tunnel for the second network tunnel; wherein the proxy network element is a proxy of the first network for interfacing with the second network; the specified condition includes at least one of the following options: receiving a request to create a tunnel between the user equipment and the second network; receiving a request to change the tunnel between the user equipment and the second network; providing a proxy network element with access to 3GPP; wherein the first network is a 3GPP network; and performing a tunnel binding operation between the user equipment and the second network to the IPSec tunnel; performing an operation related to the IPSec data tunnel for the second network tunnel includes at least one of the following options: determining a binding from the tunnel between the user equipment and the second network to the IPSec data tunnel; creating a separate IPSec data tunnel for each tunnel between the user equipment and the second network, or creating different IPSec data tunnels for different tunnels between the user equipment and the second network; creating a separate IPSec data tunnel for each GBR tunnel between the user equipment and the second network; when the tunnel between the user equipment and the second network meets the separate delivery condition, creating a separate IPSec data tunnel for the tunnel between the user equipment and the second network; creation of an IPSec data tunnel specifically for non-GBR for the GBR tunnel between the user equipment and the second network; binding one or more non-GBR tunnels between the user equipment and the second network to one IPSec data tunnel; creating an IPSec data tunnel specifically for priority for a GBR tunnel between the user equipment and the second network; binding one or more tunnels with the same priority between the user equipment and the second network to one IPSec data tunnel; creating different IPSec data tunnels for tunnels with different priorities between the user equipment and the second network, or linking tunnels with different priorities between the user equipment and the second network to different IPSec data tunnels; creating an IPSec data tunnel specifically for the GBR-related Quality of Service (QoS) parameter information for the tunnel between the user equipment and the second network; creating different IPSsec data tunnels for tunnels with different GBR-related QoS parameter information between the UE and the second network, or linking tunnels with different GBR-related QoS parameter information between the UE and the second network to different IPSec tunnels data; binding one or more tunnels with the same GBR related QoS parameter information between the user equipment and the second network to one IPSec data tunnel; creating an IPSec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network; creating different IPSec data tunnels for tunnels with different QoS class indications between the user equipment and the second network, or linking tunnels with different QoS class indications between the user equipment and the second network to different IPSec data tunnels; binding one or more tunnels with the same QoS class indications between the user equipment and the second network to one IPSec data tunnel; creating an IPSec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network; creation of IPSec data tunnels for tunnels with different QoS class indications between user equipment and the second network; and binding multiple tunnels with the same QoS parameter information between the user equipment and the second network to one IPSec data tunnel; wherein the separate delivery condition includes at least one of the following options: tunnel between user equipment and the second network - GBR tunnel; indication of the QoS class of the tunnel between the user equipment and the second network takes the value N, and N is one of the following values: 1, 5, 69 and 70; tunnel between user equipment and the second network - a tunnel containing voice traffic; tunnel between user equipment and the second network - a tunnel containing emergency call traffic; tunnel between user equipment and the second network - a tunnel containing high priority traffic; the received request to create a tunnel between the user equipment and the second network contains indication information of a separate delivery resource; the QoS information of the existing tunnel associated with the IPSec data tunnel between the user equipment and the second network is different from the QoS information of the tunnel between the user equipment and the second network requested to be created; the indication of the QoS class of the existing tunnel associated with the IPSec data tunnel between the user equipment and the second network is different from the indication of the QoS class of the tunnel between the user equipment and the second network, the establishment of which is requested; the QoS parameter information related to the GBR of the existing tunnel associated with the IPSec data tunnel between the user equipment and the second network is different from the QoS parameter information related to the GBR of the tunnel between the user equipment and the second network, the creation of which is requested; the QoS priority of the existing tunnel associated with the IPSec data tunnel between the user equipment and the second network is different from the priority of the tunnel between the user equipment and the second network, the establishment of which is requested; the non-GBR tunnel is present in the existing tunnels associated with the IPSec data tunnel between the user equipment and the second network; the tunnel between the user equipment and the second network for which a request has been received is a non-GBR tunnel. 19. A method for ensuring data transmission applicable to user equipment, which includes: obtaining IPSec tunnel information, wherein the IPSec tunnel is an IPSec tunnel used for transmission of control signals between the user equipment and the second network, and performing a side operation for the tunnel of the first network based on the information of the IPSec tunnel; wherein the execution of the accompanying operation for the tunnel of the first network includes at least one of the following options: submitting to the first network a request to create or change a tunnel of the first network; setting the packet filter information of the tunnel of the first network to the information of the first IPSec tunnel; requesting the first network to provide one tunnel of the first network for each IPSec tunnel using the tunnel of the first network to transmit data of the IPSec tunnel; and transmitting tunnel packet filter information of the first network to the first network. 20. An intermediary network element, including: a determination module for determining whether the predetermined condition has been met; and an executing module for performing an operation related to the IPSec data tunnel for the second network tunnel when it is determined that the predetermined condition is met; wherein the proxy network element is a proxy of the first network for interfacing with the second network; the given condition includes at least one of the following options: a request is received to create a tunnel between the user equipment and the second network; a request is received to change the tunnel between the user equipment and the second network; the proxy network element provides 3GPP access; the first network is the 3GPP network; and the operation of linking the tunnel between the user equipment and the second network to the IPSec tunnel is performed; however, performing an operation related to the IPSec data tunnel for the tunnel of the second network includes at least one of the following options: determining a binding from the tunnel between the user equipment and the second network to the IPSec data tunnel; creating a separate IPSec data tunnel for each tunnel between the user equipment and the second network, or creating different IPSec data tunnels for different tunnels between the user equipment and the second network; creating a separate IPSec data tunnel for each GBR tunnel between the user equipment and the second network; when the tunnel between the user equipment and the second network meets the separate delivery condition, creating a separate IPSec data tunnel for the tunnel between the user equipment and the second network; creation of an IPSec data tunnel specifically for non-GBR for the GBR tunnel between the user equipment and the second network; binding one or more non-GBR tunnels between the user equipment and the second network to one IPSec data tunnel; creating an IPSec data tunnel specifically for priority for a GBR tunnel between the user equipment and the second network; binding one or more tunnels with the same priority between the user equipment and the second network to one IPSec data tunnel; creating different IPSec data tunnels for tunnels with different priorities between the user equipment and the second network, or linking tunnels with different priorities between the user equipment and the second network to different IPSec data tunnels; creating an IPSec data tunnel specifically for the GBR-related Quality of Service (QoS) parameter information for the tunnel between the user equipment and the second network; creation of different IPSec data tunnels for tunnels with different GBR-related QoS parameter information between the user equipment and the second network, or linking tunnels with different GBR-related QoS parameter information between the user equipment and the second network to different IPSec tunnels data; binding one or more tunnels with the same GBR related QoS parameter information between the user equipment and the second network to one IPSec data tunnel; creating an IPSec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network; creating different IPSec data tunnels for tunnels with different QoS class indications between the user equipment and the second network, or linking tunnels with different QoS class indications between the user equipment and the second network to different IPSec data tunnels; binding one or more tunnels with the same QoS class indications between the user equipment and the second network to one IPSec data tunnel; creating an IPSec data tunnel specifically to indicate the QoS class for the GBR tunnel between the user equipment and the second network; creation of IPSec data tunnels for tunnels with different QoS class indications between user equipment and the second network; and binding multiple tunnels with the same QoS parameter information between the user equipment and the second network to one IPSec data tunnel; wherein the separate delivery condition includes at least one of the following options: tunnel between user equipment and the second network - GBR tunnel; indication of the QoS class of the tunnel between the user equipment and the second network takes the value N, and N is one of the following values: 1, 5, 69 and 70; tunnel between user equipment and the second network - a tunnel containing voice traffic; tunnel between user equipment and the second network - a tunnel containing emergency call traffic; tunnel between user equipment and the second network - a tunnel containing high priority traffic; the received request to create a tunnel between the user equipment and the second network contains indication information of a separate delivery resource; the QoS information of the existing tunnel associated with the IPSec data tunnel between the user equipment and the second network is different from the QoS information of the tunnel between the user equipment and the second network requested to be created; the indication of the QoS class of the existing tunnel associated with the IPSec data tunnel between the user equipment and the second network is different from the indication of the QoS class of the tunnel between the user equipment and the second network, the establishment of which is requested; the QoS parameter information related to the GBR of the existing tunnel associated with the IPSec data tunnel between the user equipment and the second network is different from the QoS parameter information related to the GBR of the tunnel between the user equipment and the second network, the creation of which is requested; the QoS priority of the existing tunnel associated with the IPSec data tunnel between the user equipment and the second network is different from the priority of the tunnel between the user equipment and the second network, the establishment of which is requested; the non-GBR tunnel is present in the existing tunnels associated with the IPSec data tunnel between the user equipment and the second network; the tunnel between the user equipment and the second network for which a request has been received is a non-GBR tunnel. 21. Subscriber equipment for wireless communication, including: a sink module for receiving IPSec tunnel information, wherein the IPSec tunnel is used to transmit control signals between the user equipment and the second network, and an executing module for performing a related operation for the tunnel of the first network based on the information of the IPSec tunnel; wherein the execution of the accompanying operation for the tunnel of the first network includes at least one of the following options: submitting to the first network a request to create or change a tunnel of the first network; setting the packet filter information of the tunnel of the first network to the information of the first IPSec tunnel; requesting the first network to provide one tunnel of the first network for each IPSec tunnel using the tunnel of the first network to transmit data of the IPSec tunnel; and transmitting tunnel packet filter information of the first network to the first network.

Images