WO2020034971A1 - 分配ebi的方法和装置 - Google Patents
分配ebi的方法和装置 Download PDFInfo
- Publication number
- WO2020034971A1 WO2020034971A1 PCT/CN2019/100460 CN2019100460W WO2020034971A1 WO 2020034971 A1 WO2020034971 A1 WO 2020034971A1 CN 2019100460 W CN2019100460 W CN 2019100460W WO 2020034971 A1 WO2020034971 A1 WO 2020034971A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user plane
- information
- pdu session
- eps
- encryption
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/12—Setup of transport tunnels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/37—Managing security policies for mobile devices or for controlling mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/16—Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
- H04W28/24—Negotiating SLA [Service Level Agreement]; Negotiating QoS [Quality of Service]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/30—Connection release
- H04W76/32—Release of transport tunnels
Definitions
- the present invention relates to the field of communications, and in particular, to a method and device for allocating EBI.
- a fifth-generation mobile based on quality of service flow (QoS Flow) as shown in FIG. 1A is proposed Communication technology service quality (5th generation, quality of service, 5G QoS) model.
- the 5G QoS model supports guaranteed bitrate (GBR) QoS Flow and non-guaranteed bitrate (non-GBR).
- GRR guaranteed bitrate
- non-GBR non-guaranteed bitrate
- QoS Flow the data flow controlled by the same QoS Flow has the same QoS guarantee.
- the UE can establish one or more PDU sessions with the 5GS.
- Each packet data unit (PDU) session can establish one or more QoS flows.
- Each QoS flow consists of A QoS Data Flow Identifier (QFI) is used for identification.
- QFI uniquely represents the QoS Flow ID in a PDU session.
- PDU sessions in 5GS can be migrated to EPS, and a packet data network (packet data network) corresponding to the PDU session is established in EPS. , PDN) connection.
- the QoS Flow in the PDU session will map an EPS bearer (EPS bearer) in the PDN connection.
- EPS bearer EPS bearer
- the technical problem to be solved by the embodiments of the present invention is to provide a method and device for allocating EBI, which realizes the allocation of EBI that meets requirements for EPS, avoids allocating EBI that does not meet user plane security requirements to EPS bearers, and realizes signaling savings. Overhead and waste of EBI resources.
- the present application provides a method for allocating EBI, which includes: when the user plane security execution information of a PDU session matches the user plane encryption protection information of an EPS, the transmission management device sends an EBI allocation to the access management device Request information, where the EBI allocation request information is used to request allocation of EBI allocation request information for an EPS bearer whose QoS is mapped in the EPS, and the PDU session includes at least one QoS Flow.
- the transmission management device sends the EBI allocation request message information to the access management device only when the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS match. Only when the user plane of the EPS satisfies the security requirements of the PDU session, the EBI is requested to be allocated to avoid the assignment of EBI that does not meet the user plane security requirements to the EPS bearer.
- SMF + PGW-C obtains user plane security execution information and EPS user plane encryption protection information associated with the PDU session, and QoS Flow is located in the PDU session;
- the transmission management device sends an EBI allocation request to the access management device.
- the EBI allocation request carries a PDU session identifier, and the PDU session identifier is the PDU session. Identity.
- the EPS bearer that needs to be mapped in the EPS for QoS flows When the UE initiates a PDU session establishment request in a non-roaming or local grooming scenario, the PDU session supports between 5GS and EPS. For interworking; indicate that EBI needs to be allocated for ESP bearers whose QoS is mapped in EPS; or
- the UE initiates a PDU session modification in a non-roaming scenario or a roaming scenario based on local grooming.
- the PDU session supports interworking between 5GS and EPS; or
- the UE or network device initiates a PDU session modification based on the routing home roaming scenario, and the PDU session supports interworking between 5GS and EPS; or
- the UE or the network requested a PDU session modification procedure.
- the user plane security execution information of the PDU session includes: integrity protection requirement information and encryption requirement information, and the user plane encryption protection information of the EPS includes user plane encryption activation information;
- the integrity protection information indicates that the PDU session is not integrity protected, and the encryption requirement information indicates that the PDU session is not encrypted, the user plane security execution information of the PDU session and the user plane of the EPS The encryption protection information is matched; or
- the integrity protection information indicates that the PDU session is not integrity protected, the encryption requirement information indicates that the PDU session is encrypted, and the user plane encryption activation information indicates that the EPS has activated user plane encryption.
- the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS.
- the user plane security execution information of the PDU session includes: integrity protection requirement information and encryption requirement information, and the user plane encryption protection information of the EPS includes user plane encryption activation information;
- the integrity protection requirement information indicates that the PDU session is integrity protected, the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match.
- the transmission management device when the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match, the transmission management device does not send an EBI allocation request to the access management device.
- the transmission management device obtains user plane security execution information or receives user plane security execution information from a PCF PDU session according to the subscription information.
- the present application provides a method for allocating EBI, including: an access management device receives EBI allocation request information from a transmission management device, and the EBI allocation request information is used to request EPS bearer allocation mapped in EPS for QoS Flow EBI; when the user plane security execution information of the PDU session where the QoS Flow is located matches the user plane encryption protection information of the EPS, the access management device sends an EBI allocation response to the transmission management device, and the EBI allocation response carries an access request.
- the access management device when the access management device receives the EBI allocation request information, the access management device will only perform QoS for the QoS flow in EPS when the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS.
- the EPS bearers mapped in the EBI are allocated to avoid the allocation of EBIs that do not meet user plane security requirements to the EPS bearers.
- the user plane security execution information of the PDU session includes integrity protection requirement information and encryption requirement information
- the EPS user plane encryption protection information includes: user plane encryption activation information
- Integrity protection requirement information indicates that the PDU session is not integrity protected. Encryption requirement information indicates that the PDU session is not encrypted.
- the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS match; or
- Integrity protection requirement information indicates that the PDU session is not integrity protected.
- Encryption requirement information indicates that the PDU session is encrypted.
- User plane encryption activation information indicates that the user plane encryption of the EPS is activated. The user plane security execution information of the PDU session and the user of the EPS The encryption protection information is matched.
- the user plane security execution information of the PDU session includes integrity protection requirement information and encryption requirement information.
- the EPS user plane encryption protection information includes: user plane encryption activation information; the integrity protection requirement information indicates the PDU.
- the user plane security execution information of the PDU session does not match the user plane encryption protection information of the EPS.
- the access management device when the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match, the access management device sends EBI allocation response information to the transmission management device, and the EBI allocation response information carries EBI allocation failure reason information.
- this application provides an EBI release method, including:
- the access management device obtains user plane security execution information of a PDU session, wherein the PDU session includes at least one QoS Flow, and the QOS Flow is associated with an EPS bearer, and the EPS bearer has been assigned an EBI;
- the access management device sends an EBI to a transmission management device serving the EPS bearer Release request information, where the EBI release request information is used to indicate that the EPS bearer needs to be released.
- the access management device judges whether the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS match if the EBI is allocated to the EPS mapped by the QoS in the EPS. , Release the EBI previously allocated for EPS, to avoid the use of EBI that does not meet user plane security requirements when the UE moves from 5GS to EPS.
- the user plane security execution information of the PDU session includes: integrity protection requirement information and encryption requirement information
- the EPS user plane encryption protection information includes: user plane encryption activation information
- the integrity protection requirement information indicates that the PDU session is integrity protected, and then the user plane security execution information of the PDU session does not match the user plane encryption protection information of the EPS.
- the user plane security execution information of the PDU session includes integrity protection requirement information and encryption requirement information
- the user plane encryption protection information of the EPS includes user plane encryption activation information
- Integrity protection requirement information indicates that the PDU session is not integrity protected.
- Encryption requirement information indicates that the PDU session is encrypted.
- the user plane encryption activation information indicates that the user plane encryption of the EPS is activated. Then, the user plane security execution information of the PDU session and the EPS Of user plane encryption protection information is matched; or
- Integrity protection requirement information indicates that the PDU session is not integrity protected. Encryption requirement information indicates that the PDU session is not encrypted. The user plane security execution information of the PDU session and the user plane encryption protection information of the EPS match.
- the access management device when the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS match, the access management device does not release the EBI carried by the EPS.
- the method before the access management device obtains the user plane security execution information of the PDU session, the method further includes:
- the access management device receives a PDU session identifier from the transmission management device and user plane security execution information corresponding to the PDU session identifier.
- the user plane encryption protection information of the EPS is from the mobile management device in the EPS.
- Another aspect of the present application provides a device for distributing EBI, which is used to implement a function of a transmission management device behavior in each possible design in the first aspect.
- the functions may be implemented by hardware, and may also be implemented by hardware executing corresponding software.
- the hardware or software includes one or more modules corresponding to the functions described above.
- the structure of the transmission management device includes a processor and a transceiver, and the processor is configured to determine whether the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS match.
- the transceiver is configured to send EBI allocation request information to the access management device when the judgment result of the processor is yes, the EBI allocation request information is used to request that EBI be allocated to an EPS bearer whose QoS Flow is mapped in the EPS,
- the PDU session includes at least one QoS Flow.
- the transmission management apparatus may further include a memory, which is used for coupling with the processor, and stores program instructions and data necessary for the network device.
- Another aspect of the present application provides an apparatus for distributing EBI, and the apparatus has a function of realizing the behavior of the access management apparatus in each possible design of the second aspect.
- the functions may be implemented by hardware, and may also be implemented by hardware executing corresponding software.
- the hardware or software includes one or more modules corresponding to the functions described above.
- the modules may be software and / or hardware.
- the structure of the access management device includes a transceiver and a processor, and the transceiver is configured to receive EBI allocation request information from the transmission management device; wherein the EBI allocation request is used to request QoS Flow.
- the EPS bearer mapped in the EPS is assigned an EBI.
- a processor configured to determine whether the user plane security execution information of the PDU session in which the QoS flow is located matches the user plane encryption protection information of the EPS.
- the transceiver is further configured to: when the determination result of the processing unit is yes, send EBI allocation response information to the transmission management device; wherein the EBI allocation response information carries the access management device as the EPS bearer Assigned EBI.
- the access management apparatus may further include a memory, which is configured to be coupled to the processor and stores program instructions and data necessary for the network device.
- a further aspect of the present application provides a device for allocating an EBI.
- the device has a function of implementing the behavior of an access management device in each possible design of the third aspect.
- the functions may be implemented by hardware, and may also be implemented by hardware executing corresponding software.
- the hardware or software includes one or more modules corresponding to the functions described above.
- the modules may be software and / or hardware.
- the structure of the access management device includes a transceiver and a processor, and the processor is configured to obtain user plane security execution information of the PDU session, where the PDU session includes at least one QoS Flow, and the QoS Flow Associated with an EPS bearer, which has been assigned an EBI.
- the processor is further configured to determine whether the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS that is pre-stored or pre-configured; the transceiver is configured to determine the result of the processing unit as If not, an EBI release request is sent to a transmission management device serving the EPS bearer, and the EBI release request is used to indicate that the EBI of the EPS bearer needs to be released.
- the access management apparatus may further include a memory, which is configured to be coupled to the processor and stores program instructions and data necessary for the network device.
- a further aspect of the present application provides a computer storage medium including instructions that, when run on a computer, cause the computer to perform the method according to any one of the first aspect to each possible implementation manner of the first aspect.
- a further aspect of the present application provides a computer program product containing instructions, which when executed on a computer, causes the computer to perform the method according to any one of the first aspect to each possible implementation manner of the first aspect.
- a further aspect of the present application provides a computer storage medium, including instructions, which, when run on a computer, cause the computer to perform the method according to any one of the second aspect to each possible implementation manner of the second aspect.
- Another aspect of the present application is a computer program product containing instructions, which when executed on a computer, causes the computer to perform the method according to any one of the second aspect to the second possible implementation manner of each of the possible aspects.
- a further aspect of the present application provides a computer storage medium including instructions that, when run on a computer, cause the computer to execute the method according to any one of the third to third possible implementation manners.
- Another aspect of the present application provides a computer program product containing instructions, which when executed on a computer, causes the computer to execute the method according to any one of the third to third possible implementation manners.
- FIG. 1A is a schematic diagram of mapping of QoS and Flow in 5GS according to an embodiment of the present invention
- FIG. 1B is another schematic structural diagram of a communication system according to an embodiment of the present invention.
- FIG. 1C is another schematic structural diagram of a communication system according to an embodiment of the present invention.
- FIG. 1D is another schematic structural diagram of a communication system according to an embodiment of the present invention.
- FIG. 1E is a schematic flowchart of establishing a PDU session according to an embodiment of the present invention.
- FIG. 1F is a schematic flowchart of a method for allocating an EBI according to an embodiment of the present invention
- FIG. 2 is another schematic flowchart of a method for allocating an EBI according to an embodiment of the present invention
- FIG. 3 is another schematic flowchart of a method for allocating an EBI according to an embodiment of the present invention.
- FIG. 4 is another schematic flowchart of a method for allocating EBI according to an example of the present invention.
- FIG. 5 is a schematic structural diagram of a device according to an embodiment of the present invention.
- FIG. 6 is another schematic structural diagram of a device according to an embodiment of the present invention.
- FIG. 1B is an architecture diagram of a communication system based on a non-roaming scenario for interworking between 5GS and EPC / E-UTRAN based on 5GS and EPS interworking according to an embodiment of the present invention.
- the communication system of FIG. 1B is an architecture diagram of a communication system based on a non-roaming scenario for interworking between 5GS and EPC / E-UTRAN based on 5GS and EPS interworking according to an embodiment of the present invention.
- unified data management + home user server unified data management + home subscriber server (UDM + HSS)
- policy and charging functions + policy and charging rules function (policy and charging function) function PCF + PCRF
- session management function + control plane PDN gateway session management function + PDN gateway control plane (SMF + PGW-C)
- user plane function + user plane PDN network element user plane plane function + PDN gateway user plane
- UPF + PGW-U serving gateway
- SGW mobility management entity
- MME evolved universal terrestrial radio access network
- e-UTRAN user equipment
- UE access and mobility management function
- NG-RAN next generation radio access network
- UE2 next generation radio access network
- UDM + HSS is a network element composed of HSS in EPS and UDM in 5GS
- PCF + PCRF is a network element composed of PCRF in EPS and PCF in 5GS
- SMF + PGW-C is A network element in which PGW-C in EPS and SMF in 5GS are combined
- UPF + PGW-U is a network element in which PGW-U in EPS and UPF in 5GS are combined.
- MME and E-UTRAN are network elements in EPS
- AMF and NG-RAN are network elements in 5GS
- UE1 accesses through E-UTRAN (core network)
- UE2 accesses through NG-RAN (core network)
- UE1 And UE2 can refer to the same UE.
- the S6a interface represents the communication interface between the MME and HSS + UDM.
- the S11 interface represents a communication interface between the MME and the SGW.
- the S1-MME interface represents a communication interface between the MME and the E-UTRAN.
- the S1-U interface represents a communication interface between E-UTRAN and SGW.
- the N10 interface represents the communication interface between HSS + UDM and SMF + PGW-C.
- the S5-C interface represents the communication interface of the control plane between the SGW and SMF + PGW-C.
- the S5-U interface represents a user plane communication interface between the SGW and the UPF + PGW-U.
- the N7 interface represents the communication interface between PCF + PCRF and SMF + PGW-C.
- N4 represents the communication interface between SMF + PGW-C and UPF + PGW-U.
- the N8 interface represents the communication interface between HSS + UDM and AMF.
- the N15 interface represents the communication interface between PCF + PCRF and AMF.
- the N11 interface represents the communication interface between SMF + PGW-C and AMF.
- the N3 interface represents the communication interface between UPF + PGW-U and NG-RAN.
- the N2 interface represents a communication interface between NG-RAN and AMF.
- the N1 interface represents a communication interface between the AMF and the UE.
- FIG. 1C is an architecture diagram of a communication system based on a 5GS and EPS interworking local roaming scenario (Local breakout architecture for 5G and EPC / E-UTRAN) according to an embodiment of the present invention.
- the communication system of Figure 1C includes UDM + HSS, home policy and charging function + home policy and charging function + home policy and charging function (h-PCF + h-PCRF), roaming Local policy and charging function + roaming policy and charging rule function (visited policy and charging function + visited policy and charging function, v-PCF + v-PCRF), SMF + PGW-C, UPF + PGW-U, SGW, MME, E-UTRAN, UE1, AMF, NG-RAN, and UE2.
- UDM + HSS is a network element composed of HSS in EPS and UDM in 5GS
- h-PCF + h-PCRF and v-PCF + v-PCRF are a combination of PCRF in EPS and PCF in 5GS
- SMF + PGW-C is a combination of PGW-C in EPS and SMF in 5GS
- UPF + PGW-U is a combination of PGW-U in EPS and UPF in 5GS Network element.
- MME and E-UTRAN are network elements in EPS
- AMF and NG-RAN are network elements in 5GS
- UE1 resides in E-UTRAN
- UE2 resides in NG-RAN.
- HSS + UDM is located in the home public land mobile network (HPLMN), and other network elements in the communication system are located in the roamed public land mobile network VPLMN.
- HPLMN home public land mobile network
- the S6a interface represents the communication interface between the MME and HSS + UDM.
- the S11 interface represents a communication interface between the MME and the SGW.
- the S1-MME interface represents a communication interface between the MME and the E-UTRAN.
- the S1-U interface represents a communication interface between E-UTRAN and SGW.
- the N10 interface represents the communication interface between HSS + UDM and SMF + PGW-C.
- the S5-C interface represents the communication interface of the control plane between the SGW and SMF + PGW-C.
- the S5-U interface represents a user plane communication interface between the SGW and the UPF + PGW-U.
- the N24 interface represents the communication interface between h-PCF + h-PCRF and v-PCF + v-PCRF
- the N7 interface represents the communication interface between v-PCF + v-PCRF and SMF + PGW-C
- N4 represents the communication interface between SMF + PGW-C and UPF + PGW-U.
- the N8 interface represents the communication interface between HSS + UDM and AMF.
- the N15 interface represents the communication interface between v-PCF + v-PCRF and AMF.
- the N11 interface represents the communication interface between SMF + PGW-C and AMF.
- the N3 interface represents the communication interface between UPF + PGW-U and NG-RAN.
- the N2 interface represents a communication interface between NG-RAN and AMF.
- the N1 interface represents the communication interface between the AMF and the UE.
- FIG. 1D is an architecture diagram of a communication system based on home-routed roaming architecture (interworking between 5GS and EPC / E-UTRAN) based on 5GS and EPS interworking according to an embodiment of the present invention.
- the communication system in Figure 1D includes: HSS + UDM, h-PCF + h-PCRF, SMF + PGW-C, UPF + PGW-U, SGW, MME, E-UTRAN, UE1, v-PCF, v-SMF, UPF , AMF, NG-RAN, and UE2.
- HSS + UDM is a network element composed of HSS in EPS and UDM in 5GS.
- h-PCF + h-PCRF is a network element composed of PCF in 5GS and PCRF in EPS.
- SMF + PGW-C is a network element composed of SMG in 5GS and PGW-C in EPS.
- UPF + PGW-U is a network element composed of UPF in 5GS and PGW-U in EPS.
- HSS + UDM, h-PCF + h-PCRF, SMF + PGW-C, UPF + PGW-U are located in HPLMN, and other network elements in the communication system are located in VPLMN.
- the S6a interface represents the communication interface between the MME and HSS + UDM.
- the S11 interface represents a communication interface between the MME and the SGW.
- the S1-MME interface represents a communication interface between the MME and the E-UTRAN.
- the S1-U interface represents a communication interface between E-UTRAN and SGW.
- the N10 interface represents the communication interface between HSS + UDM and SMF + PGW-C.
- the N7 interface represents the communication interface between h-PCF + h-PCRF and SMF + PGW-C.
- the N4 interface represents the communication interface between SMF + PGW-C and UPF + PGW-U.
- the S8-C interface represents the communication interface of the control plane between the SMF + PGW-C and the SGW.
- the S8-U interface represents the user plane communication interface between the SGW and UPF + PGW-U.
- N26 represents the communication interface between the MME and the AMF.
- N10 represents the communication interface between HSS + UDM and v-SMF.
- the N24 interface represents the communication interface between h-PCF + h-PCRF and v-PCF.
- the N16 interface represents the communication interface between SMF + PGW-C and v-SMF.
- the N9 interface represents the communication interface between UPF + PGW-U and UPF.
- the N15 interface represents the communication interface between v-PCF and AMF.
- the N11 interface represents the communication interface between v-SMF and AMF.
- the N4 interface represents the communication interface between UPF and v-SMF.
- the N3 interface represents the communication interface between UPF and NG-RAN.
- the N2 interface represents the communication interface between AMF and NG-RAN.
- the N1 interface represents a communication interface between the UE and the
- FIG. 1B The functions of each network element in FIG. 1B, FIG. 1C, and FIG. 1D are described below:
- UPF + PGW-U Used for user data transmission management.
- this network element can be used for both EPS data transmission and 5G data transmission functions.
- SMF + PGW-C used for session establishment, deletion, and modification management.
- this network element can not only provide EPS session management functions, but also provide 5G session management functions.
- PCF + PCRF It is used for policy and charging control entities.
- this network element can provide terminal devices with both EPS policy and charging control, and 5G policy and charging control.
- HSS + UDM It is used to store the user's subscription data.
- this network element stores both the contract information of the EPS of the terminal device and the 5G contract information of the terminal device.
- 5G wireless access network (radio access network, RAN): Provides a wireless air interface for terminal devices to access the core network, thereby obtaining corresponding services.
- RAN radio access network
- Evolved universal terrestrial radio access network used for radio resource management, to establish, modify, or delete air interface resources for terminal devices. Provides terminal devices with the transmission of data and signaling.
- AMF used for user access and mobility management, mainly including user registration management, reachability management mobility management, paging management, access authentication and authorization of non-access layer signaling encryption and integrity protection, etc. .
- MME used for user mobility management. For example, it mainly includes user's attachment management, reachability management, mobility management, paging management, access authentication, and encryption and integrity protection of authorized non-access layer signaling.
- SGW User plane gateway
- E-UTRAN user plane termination point As a local mobile anchor point for handover between base stations. Manage the routing and transmission of data packets, add packet labels at the transport layer, etc.
- the UE in this application is a device with wireless communication capabilities and can be deployed on land, including indoor or outdoor, handheld, wearable, or vehicle-mounted; it can also be deployed on the water (such as a ship); it can also be deployed in the air (Such as on airplanes, balloons, and satellites).
- the terminal device may be a mobile phone, a tablet computer, a computer with a wireless transmitting and receiving function, a virtual reality (VR) terminal device, an augmented reality (AR) terminal device, or an industrial control device.
- wireless terminal in industrial control wireless terminal in self driving, wireless terminal in remote medical, wireless terminal in smart grid, transportation safety Wireless terminals, wireless terminals in smart cities, wireless terminals in smart homes, and the like.
- the terminal device may also be a handheld device with wireless communication function, a vehicle-mounted device, a wearable device, a computing device, or other processing device connected to a wireless modem, and the like.
- Terminal equipment can be called different names in different networks, for example: terminal equipment, access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication Equipment, user agents or user devices, cellular phones, cordless phones, session initiation protocol (SIP) phones, wireless local loop (WLL) stations, personal digital processing (PDA), Terminal equipment in 5G networks or future evolution networks.
- SIP session initiation protocol
- WLL wireless local loop
- PDA personal digital processing
- FIG. 1E is a schematic flowchart of establishing a PDU session in 5GS according to an embodiment of the present invention. The process includes:
- the UE sends a PDU session establishment request (PDU session establishment request) to the AMF, and the AMF receives a PDU session establishment request from the UE.
- the PDU session establishment request is used to establish a PDU session in the EGS.
- AMF selects SMF.
- the AMF sends a PDU session establishment request to the SMF, and the SMF receives a PDU session establishment request from the AMF.
- the SMF can send a PDU session establishment request to the AMF through the Nsmf interface.
- the SMF registers in the UDM and obtains the contract information from the UDM.
- the contract information includes user plane security policies.
- the SMF sends a PDU session establishment response (PDU session establishment response) to the AMF, and the AMF receives the PDU session establishment response from the SMF.
- the SMF may reject the establishment of the PDU session in this step, and the reason value of the rejection is carried in the PDU session establishment response.
- SMF performs PCF selection.
- the SMF requests policy rules from the PCF.
- the SMF may obtain the dynamic user plane security policy of the PDU session from the PCF to update the user plane security policy in the contract information.
- the SMF sends information related to the PDU session to the PCF (for example, the UE's IP address / prefix, trigger status, etc.), and the PCF receives the information related to the PDU session reported from the SMF.
- the PCF for example, the UE's IP address / prefix, trigger status, etc.
- the SMF sends tunnel information and rule information to the UPF, and the UPF receives tunnel information and rule information from the SMF.
- the SMF sends a PDU session identifier, and session management information (session management information, SM information) and session management container (session management container, SM container) associated with the PDU session identifier to the AMF.
- session management information session management information, SM information
- session management container session management container, SM container
- the AMF sends a PDU session request to the NG-RAN, and the RAN receives the PDU session request from the AMF.
- the PDU session request includes SM information and NAS messages.
- the AMF sends the SM Information to the RAN through the N2 interface.
- the NAS message includes the SM container to the RAN. That is, the AMF sends the SM container to the RAN through the transparent transmission method.
- SM Information protects user plane policy enforcement of PDU sessions.
- the NG-RAN and the UE perform access network specific resource setup (AN specific resource setup).
- the NR-RAN sends a PDU session establishment acceptance to the UE.
- the NG-RAN sends a PDU session request acknowledgement (PDU session request ACK) to the AMF, and the AMF accepts the PDU session request acknowledgement from the NG-RAN.
- PDU session request ACK PDU session request acknowledgement
- the AMF sends an update session management context request (PDU session update SM context request) to the SMF, and the SMF accepts an update session management context request from the AMF.
- the request can be sent through the Nsmf interface.
- the SMF sends a session modification request to the UPF, and the UPF receives the session modification request from the SMF.
- the request can be sent through the N4 interface.
- the UPF sends a session modification response (session modification response) to the SMF, and the SMF receives a session modification response from the SMF. This response can be sent over the N4 interface.
- session modification response session modification response
- the SMF sends an update session management context response (PDU session update SM context response) to the AMF, and the AMF receives an update session management context response from the SMF.
- PDU session update SM context response PDU session update SM context response
- the session management context status notification sent by the SMF to the AMF (PDU, session, SM, context, status).
- the AMF receives the session management context status notification from the SMF.
- the SMF configures an IPv6 address for the UPF and the UE.
- FIG. 1F is an EBI allocation process according to an embodiment of the present invention.
- the process includes:
- the PGW-C + SMF will request the EBI for the corresponding default EPS bearer / dedicated GBR EPS bearer from the AMF.
- the creation process of the default QoS Flow is during the PDU Session establishment process initiated by the UE, and the creation process of the GBR QoS Flow is during the PDU Session modification process initiated by the UE or the network.
- the SMF sends an EBI allocation request to the AMF.
- the EBI allocation request carries the PDU session identifier and the allocation and preemption priority (ARP list) Namf_Communication_EBIAssignment service request, requesting to obtain the EBI allocated by the AMF. PDU Session ID and ARP list.
- Steps 3-6 are only used by the AMF to release the previously allocated EBI (Note: The number of EBIs in the EPS is limited).
- the AMF may cancel the previously allocated EBI based on ARP and S-NSSAI and send a request to update the session management context to the SMF + PGW-C serving the EPS bearer. (Note: AMF can assign EBI to multiple SMFs, so the SMF in this step may not be the same as the SMF that sent the request to AMF in step 2.)
- the SMF sends a session management container (N1, SM container) and session management information (N2, SM information) to the AMF, which are respectively used to notify the UE and the RAN of the released EBI.
- N1, SM container session management container
- N2, SM information session management information
- the AMF first pages the UE, and then the UE initiates the Service Request process.
- the N2 SM information element and the N1 SM container element in the N2 Session message in the Service Request process are brought to the RAN and UE.
- the AMF is brought to the RAN and the UE through the N2 SM information element and the N1 SM container information element in the N2 Session Request message.
- the UE triggers a PDU session modification process.
- the AMF sends an EBI allocation response to the SMF + PGW-C. If the AMF successfully allocates the EBI, the EBI allocation response carries the allocated EBI. If the AMF fails to allocate the EBI, the EBI allocation response finds that carry failure. Cause value, for example: the failure cause value is insufficient EBI number, the AMF will respond to the assigned EBI to the SMF. If the allocation is not successful, the AMF responds with a cause value indicating that the EBI allocation failed.
- SMF + PGW-C modifies the user plane tunnel information.
- the SMF sends N1 SM container and N2 SM information to the AMF, which are used to notify the UE and the RAN of the EBI released, respectively.
- the AMF sends the allocated EBI to the UE and the RAN.
- the UE, the RAN, and the network side modify the tunnel information.
- the AMF allocates EBI to the EPS bearer. Because the user plane security requirements of 5GS are higher than the user plane security capabilities of EPS, after a PDU session that supports EPS migration is migrated to EPS, the user plane security capabilities of EPS may not meet the user plane security requirements of PDU sessions.
- the EBI allocated by the EPS bearer in which the QoS Flow is mapped in the EPS is unavailable, which results in a waste of limited EBI resources in the EPS, and also increases unnecessary signaling overhead.
- the present application proposes the solutions of FIGS. 2 to 4.
- FIG. 2 is a schematic flowchart of a method for allocating EBI according to an embodiment of the present invention.
- the method includes:
- the transmission management device determines that the user plane security execution information of the PDU session matches the user plane security protection information of the EPS.
- one or more QoS flows can be established in a PDU session.
- the PDU session supports migration to EPS, that is, the PDU session supports establishment of a corresponding PDN connection in the EPS.
- the QoS Flow maps one in the EPS.
- EPS bearer Among them, the EPS bearer mapped by QoS and Flow represents the EPS bearer corresponding to QoS in 5GS and EPS.
- the UE After the UE moves from 5GS to EPS, the UE establishes a PDN connection corresponding to the PDU session in the EPS. Accordingly, the PDU The QoS Flow in the session maps the EPS bearer in the PDN connection.
- the UE After the PDN connection is successfully established, the UE initiates a process of releasing the PDU session, and one or more QoS Flows in the corresponding PDU session are also released.
- the EBI needs to be allocated for the EPS bearer whose QoS is mapped in the EPS: 1.
- the UE In the roaming scenario of non-roaming in FIG. 1B and local grooming in FIG. 1C, The UE initiated the establishment of a PDU session; 2.
- the UE In the roaming scenario of the home route of FIG. 1D, the UE initiated the establishment of a PDU session; 3.
- the roaming scenario of FIG. 1B non-roaming and FIG.
- the transmission management device in this embodiment is used to manage PDU sessions in 5GS and manage PDN connections in EPS, including responsible for establishment, modification, and deletion of PDU sessions, and establishment, modification, and deletion of PDN connections.
- the transmission management device may be composed of SMF and PGW-C are two types of devices, and it can also be a device with the functions of SMF and PGW-C.
- the non-roaming scenario indicates that the home network provides services to the UE.
- the roaming scenario of the home route indicates the home network gateways (h-SMF + PGW-C and h-UPF + PGW-U) roaming access, which means that roaming users obtain services provided by the home network through the home network gateway H-PGW access.
- Locally groomed roaming scenarios indicate that roaming users access the corresponding services through gateways (v-SMF + PGW-C and v-UPF + PGW-U) of the visited network, and the service provider can be the home network or the visit The internet.
- the transmission management device obtains a session management policy of the PDU session from the PCF.
- the PDU session management policy includes a field indicating whether migration to EPS is supported.
- the session management policy includes EPS support indication. Field, the value of the EPS support indication is "1" to indicate that the PDU session supports migration to EPS; the value of the EPS support indication is "0" indicates that the PDU session does not support migration to EPS.
- the acquiring, by the transmission management device, the user plane security execution information of the PDU session includes: SMF + PGW-C is pre-stored or pre-configured with a mapping relationship between the PDU session identifier and the user plane security execution information.
- SMF + PGW-C determines the user plane security execution information corresponding to the PDU session ID according to the mapping relationship; or SMF + PGW-C obtains the user plane security policy contracted in UDM, and the user plane security policy includes the user plane security execution information; or SMF + PGW-C obtains the corresponding user plane security execution information from the PCF.
- the acquiring, by the transmission management device, the user plane encryption protection information of the EPS includes: the transmission management device pre-stores or preconfigures the user plane encryption protection information of the EPS, and the SMF obtains the user plane encryption protection information of the EPS locally; Or the transmission management device receives the user plane encryption protection information of the EPS sent by the MME in the EPS; or the transmission management device receives the user plane encryption protection information of the EPS from the PCRF.
- the transmission management device determines whether the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS. The essence is whether the user plane security capability of the EPS can meet the user plane security requirements of the PDU session. If the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS, it indicates that the user plane security capabilities of the EPS meet the user plane security requirements of the PDU session; if the user plane security execution information of the PDU session and the EPS user The plane encryption protection information does not match, indicating that the user plane security capabilities of the EPS do not meet the user plane security requirements of the PDU session.
- the user plane security execution information of the PDU session includes integrity protection requirement information and encryption requirement information
- the user plane encryption protection information of the EPS includes: user plane encryption activation information
- the user plane security requirement information of the PDU session indicates that the PDU session is not integrity protected
- the user plane encryption protection information of the EPS indicates that the user plane encryption is activated by the EPS
- the user plane security execution information of the PDU session and the user plane encryption protection of the EPS The information is matched.
- the integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted indicates that the PDU session does not require integrity protection.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and encryption requirement information can be expressed in bits. It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device determines that the integrity protection requirement information is not needed and the encryption requirement information is not needed, the transmission management device does not need to analyze the user plane encryption protection information, that is, whether the user plane encryption activation information is activated or unactivated, the transmission management device It can be directly determined that the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS.
- the integrity protection requirement information indicates that the PDU session is not integrity protected
- the encryption requirement information indicates that the PDU session is encrypted
- the user encryption activation information indicates that EPS has activated user plane encryption
- the PDU session The user plane security execution information matches the user plane encryption protection information of the EPS.
- integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted that the PDU session does not need to be integrity protected.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and the encryption requirement information can be expressed in bits. It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device determines that the integrity protection requirement information is not required, the encryption requirement information is required, and the user plane encryption activation information is activated, the transmission management device determines that the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS are matched.
- the user plane security execution information of the PDU session includes: integrity protection requirement information;
- the integrity requirement information indicates that the PDU session is integrity protected
- the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match.
- integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted that the PDU session does not need to be integrity protected.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and the encryption requirement information can be expressed in bits. It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device can directly determine the user plane security execution information of the PDU session without analyzing the encryption protection requirement information and the user plane encryption activation information.
- the user plane encryption protection information does not match the EPS.
- the transmission management device sends EBI allocation request information to the access management device, and the access management device receives the EBI allocation request information from the transmission management device.
- the transmission management device determines that the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS
- the transmission management device sends EBI allocation request information to the access management device
- the EBI allocation request information carries the PDU session identifier.
- the PDU session identifier indicates the identity of the PDU session.
- the access management device receives the EBI allocation request information sent from the transmission management device.
- the access management device determines that there is an available EBI in the EPS, it allocates the available EBI to the EPS bearer.
- the access management device initiates an EBI release process, releases the previously allocated EBI, and then allocates the EBI to the EPS bearer.
- the access management device sends an EBI allocation response to the SMF + PGW-C. If the EBI is successfully allocated for the EPS bearer, the EBI allocation response carries the allocated EBI; if the EBI is not successfully allocated for the EPS, the EBI allocation response carries the reason for the allocation failure. .
- the access management device may be AMF in 5GS.
- the judgment condition for the transmission management device to send the EBI allocation request information to the access management device is not limited to only the judgment condition described in S201, and may also include one or more other judgment conditions, such as other judgment conditions.
- the data network name (DNN) of the PDU session is the local data network (LADN), that is, the user plane security execution information of the PDU session and the user plane security protection information of the EPS are matched. And when the DNN of the PDU session is LADN, the transmission management device sends the EBI allocation request information to the access management device.
- LADN local data network
- the transmission management device when the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match, the transmission management device does not send an EBI allocation request to the access management device, that is, only when the PDU is When the user plane security execution information of the session matches the user plane encryption protection information of the EPS, the transmission management device sends an EBI allocation request to the access management device to avoid that the user plane security capabilities of the EPS do not meet the requirements of the PDU session and cause the EBI resource Waste and overhead of the signaling process.
- FIG. 3 is another schematic flowchart of an EBI allocation method according to an embodiment of the present invention.
- the method includes:
- the access management device receives EBI allocation request information sent from the transmission management device, and the access management device receives EBI allocation request information sent from the transmission management device.
- the access management device is configured to manage access and mobility of the UE in the 5GS, and the access management device may be an AMF.
- the transmission management device is used to manage PDU sessions in 5GS and manage PDN connections in EPS, including the establishment, modification, and deletion of PDU sessions, and the establishment, modification, and deletion of PDN connections.
- the transmission management device can be composed of SMF and PGW-C. Two types of devices can be constructed, and it can also be a type of device with the functions of SMF and PGW-C.
- the access management device may be AMF in 5GS. In the case that EBI needs to be allocated for the EPS bearer whose QoS is mapped in the EPS, the transmission management device sends EBI allocation request information to the access management device.
- the EBI allocation request information carries the PDU session identifier, and the PUD session identifier is the identity identifier of the PDU session.
- the PDU session includes the QoS Flow, and the PDU session supports migration to EPS.
- the access management device After receiving the EBI allocation request information from the transmission management device, the access management device determines that EBI needs to be allocated for the EPS bearer. The access management device determines whether there is an available EBI in the EPS, and if so, executes S302. If there is no available EBI in the EPS, the access management device initiates an EBI release process to release the previously allocated EBI, and there are available EBIs in the EPS. When EBI is executed, S302 is executed.
- the access management device determines that the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS.
- the access management device obtains the user plane security execution information of the PDU session, and obtains the user plane encryption protection information of the EPS.
- the user plane security execution information of the PDU session and the EPS user plane encryption protection information match to indicate the user plane security of the EPS. Capabilities meet the security needs of PDU sessions.
- the access management device acquiring the user plane security execution information of the PDU session includes: the access management device pre-stores or preconfigures a mapping relationship between the PDU session identifier and the user plane security execution information, The AMF determines the corresponding user plane security execution information according to the PDU session identifier in the EBI allocation request; or the AMF obtains the user plane security execution information corresponding to the PDU session identifier from the PCF; or the AMF obtains the user plane security corresponding to the PDU session identifier from the SMF Implementation information.
- the access management device obtaining the user plane encryption protection information of the EPS includes: the access management device prestores or preconfigures the user plane encryption protection information of the EPS; or the access management device receives the information sent from the MME.
- the user plane of the EPS protects the information.
- the access management device determines whether the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS. The essence is whether the user plane security capability of the EPS can meet the user plane security requirements of the PDU session. If the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS, it indicates that the user plane security capabilities of the EPS meet the user plane security requirements of the PDU session; if the user plane security execution information of the PDU session and the EPS user The plane encryption protection information does not match, indicating that the user plane security capabilities of the EPS do not meet the user plane security requirements of the PDU session.
- the user plane security execution information of the PDU session includes integrity protection requirement information and encryption requirement information
- the user plane encryption protection information of the EPS includes: user plane encryption activation information
- the user plane security requirement information of the PDU session indicates that the PDU session is not integrity protected
- the user plane encryption protection information of the EPS indicates that user plane encryption is activated by the EPS
- the user plane security execution information of the PDU session and the user plane encryption protection of the EPS The information is matched.
- integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted that the PDU session does not need to be integrity protected.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and the encryption requirement information can be expressed in bits. It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device determines that the integrity protection requirement information is not needed and the encryption requirement information is not needed, the transmission management device does not need to analyze the user plane encryption protection information, that is, whether the user plane encryption activation information is activated or unactivated, the transmission management device It can be directly determined that the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS.
- the integrity protection requirement information indicates that the PDU session is not integrity protected
- the encryption requirement information indicates that the PDU session is encrypted
- the user encryption activation information indicates that EPS has activated user plane encryption
- the PDU session The user plane security execution information matches the user plane encryption protection information of the EPS.
- integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted that the PDU session does not need to be integrity protected.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and encryption requirement information can be expressed in bits It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device determines that the integrity protection requirement information is not required, the encryption requirement information is required, and the user plane encryption activation information is activated, the transmission management device determines that the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS are matched.
- the user plane security execution information of the PDU session includes: integrity protection requirement information;
- the integrity requirement information indicates that the PDU session is integrity protected
- the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match.
- integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted that the PDU session does not need to be integrity protected.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and encryption requirement information can be expressed in bits It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device can directly determine the user plane security execution information of the PDU session without analyzing the encryption protection requirement information and the user plane encryption activation information.
- the user plane encryption protection information does not match the EPS.
- the access management device sends EBI allocation response information to the transmission management device, and the access management device receives the EBI allocation response information from the transmission management device.
- the access management device allocates EBI for the EPS bearer, and the access management device sends an EBI allocation response to SMF + PGW-C.
- the EBI allocation response carries the EBI allocated for the EPS bearer
- the access management device when the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match, the access management device does not allocate an EBI for the EPS bearer, and the access management device manages the transmission to the transmission.
- the device sends an EBI allocation response, and the EBI allocation response information carries a cause value of the allocation failure, which indicates that the user plane security requirements of the PDU session are not met.
- the determination condition that the access management device sends the EBI allocation response information carrying the allocated EBI to the transmission management device is not limited to only the determination condition described in S302, and may also include one or more other determination conditions.
- the other judgment condition is that the data network name (DNN) of the PDU session is the local data network (LADN), that is, the user plane security execution information of the PDU session and the user plane security protection of the EPS are simultaneously met.
- the access management device will send the EBI allocation response information carrying the allocated EBI to the transmission management device.
- the access management device when the embodiment of the present invention is implemented, when the access management device receives the EBI allocation request information, the access management device will perform QoS flow only when the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS.
- the EPS bearers mapped in the EPS are assigned EBIs to avoid assigning EBIs that do not meet user plane security requirements to the EPS bearers.
- FIG. 4 is a schematic flowchart of an EBI release method according to an embodiment of the present invention.
- the method includes:
- the access management device acquires user plane security execution information of a PDU session and user plane encryption protection information of an EPS.
- the access management device is configured to manage access and mobility of the UE in the 5GS, and the access management device may be an AMF.
- the access management device has allocated the EBI for the EPS bearer mapped by Qos Flow in the EPS based on the method of allocating EBI in FIG. 1E, and then the access management device obtains the user plane security execution information of the PDU session and the EPS. User plane encryption to protect information.
- the access management device may be AMF in 5GS.
- the access management device acquiring the user plane security execution information of the PDU session includes: the access management device pre-stores or preconfigures a mapping relationship between the PDU session identifier and the user plane security execution information, The access management device determines the corresponding user plane security execution information according to the PDU session identifier in the EBI allocation request; or the access management device obtains the user plane security execution information corresponding to the PDU session identifier from the PCF.
- the access management device obtaining the user plane encryption protection information of the EPS includes: the access management device prestores or preconfigures the user plane encryption protection information of the EPS; or the access management device receives the information sent from the MME.
- the user plane of the EPS protects the information.
- the access management device determines that the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match.
- the access management device determines whether the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS. The essence is whether the user plane security capability of the EPS can meet the user plane security requirements of the PDU session. If the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS, it indicates that the user plane security capabilities of the EPS meet the user plane security requirements of the PDU session; if the user plane security execution information of the PDU session and the EPS user The plane encryption protection information does not match, indicating that the user plane security capabilities of the EPS do not meet the user plane security requirements of the PDU session.
- the user plane security execution information of the PDU session includes integrity protection requirement information and encryption requirement information
- the user plane encryption protection information of the EPS includes: user plane encryption activation information
- the user plane security requirement information of the PDU session indicates that the PDU session is not integrity protected
- the user plane encryption protection information of the EPS indicates that the user plane encryption is activated by the EPS
- the user plane security execution information of the PDU session and the user plane encryption protection of the EPS The information is matched.
- integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted that the PDU session does not need to be integrity protected.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and the encryption requirement information can be expressed in bits It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device determines that the integrity protection requirement information is not needed and the encryption requirement information is not needed, the transmission management device does not need to analyze the user plane encryption protection information, that is, whether the user plane encryption activation information is activated or unactivated, the transmission management device It can be directly determined that the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS.
- the integrity protection requirement information indicates that the PDU session is not integrity protected
- the encryption requirement information indicates that the PDU session is encrypted
- the user encryption activation information indicates that EPS has activated user plane encryption
- the PDU session The user plane security execution information matches the user plane encryption protection information of the EPS.
- integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted that the PDU session does not need to be integrity protected.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and the encryption requirement information can be expressed in bits. It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device determines that the integrity protection requirement information is not required, the encryption requirement information is required, and the user plane encryption activation information is activated, the transmission management device determines that the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS are matched.
- the user plane security execution information of the PDU session includes: integrity protection requirement information;
- the integrity requirement information indicates that the PDU session is integrity protected
- the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match.
- integrity protection requirement information includes three forms: required, preferred, and not required.
- Required indicates that the PDU session needs to be protected by integrity, preferred indicates that the PDU session is preferentially protected by integrity, and noted that the PDU session does not need to be integrity protected.
- the integrity protection requirement information can be represented by bits, and different values of the bits correspond to different integrity protection requirement information.
- Encryption protection requirement information includes three forms: required, preferred, and not required. Required indicates that the PDU session needs to be encrypted, preferred indicates that the PDU session is preferentially encrypted, not required indicates that the PDU session does not need to be encrypted, and encryption requirement information can be expressed in bits. It indicates that different values of bits are used to represent different encryption requirements information.
- User plane encrypted activation information includes two forms: activated and unactivated.
- the transmission management device can directly determine the user plane security execution information of the PDU session without analyzing the encryption protection requirement information and the user plane encryption activation information.
- the user plane encryption protection information does not match the EPS.
- the access management device sends the EBI release request information to the transmission management device, and the transmission management device receives the EBI release request information from the access management device.
- the transmission management device is used to manage PDU sessions in 5GS and manage PDN connections in EPS, including responsible for the establishment, modification, and deletion of PDU sessions, and the establishment, modification, and deletion of PDN connections.
- the transmission management device may be composed of SMF and PGW-C is composed of two devices, and it can also be a device with SMF and PGW-C functions.
- the access management device determines that the EBI previously allocated for the EPS bearer needs to be released, and the access management device transmits management corresponding to the ESP bearer.
- the device sends EBI release request information.
- the EBI release request information carries the EBI that needs to be released and a release cause value.
- the release cause value indicates that the user plane security requirements of the PDU session are not met.
- the access management device judges whether the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS match if the EBI has been assigned to the EPS mapped by the QoS in the EPS.
- the EBI previously released for EPS is released to prevent the EPS bearer from using EBI that does not meet user plane security requirements when the UE moves from 5GS to EPS.
- FIG. 5 is a schematic structural diagram of a device according to an embodiment of the present invention.
- the device 5 may include a processing unit 501 and a transceiver unit 502.
- Embodiment 1 A processing unit 501 is configured to determine whether user plane security execution information of a PDU session and user plane encryption protection information of an EPS match.
- the processing unit 501 is configured to execute S201 in FIG. 2.
- the sending and receiving unit 502 is configured to send an EBI allocation request message to the access management device when the judgment result of the processing unit is yes, and the EBI allocation request message is used to request that an EBI be allocated to an EPS bearer whose QoS is mapped in the EPS.
- the PDU session includes at least one QoS Flow.
- the transceiver unit 502 is configured to execute S202 in FIG. 2.
- the user plane security execution information of the PDU session includes: integrity protection requirement information and encryption requirement information
- the EPS user plane encryption protection information includes: user plane encryption activation information
- the integrity protection requirement information indicates that the PDU session is not integrity protected, the encryption requirement information indicates that the PDU session is not encrypted, the user plane security execution information of the PDU session, and the user of the EPS The encryption protection information is matched; or
- the integrity protection requirement information indicates that the PDU session is not integrity protected.
- the encryption requirement information indicates that the PDU session is encrypted.
- the user plane encryption activation information indicates that the user plane encryption of the EPS is activated.
- the user plane security execution information matches the user plane encryption protection information of the EPS.
- the user plane security execution information of the PDU session includes integrity protection requirement information and encryption requirement information
- the user plane encryption protection information of the EPS includes user plane encryption activation information
- the integrity protection requirement information indicates that integrity protection is performed.
- the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match.
- the processing unit 501 is further configured to: when the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match, the transmission management device does not send The access management device sends an EBI allocation request.
- the device 5 may be a transmission management device, for example, the transmission management device is composed of two types of devices: SMF and PGW-C, or may be a device having functions of SMF and PGW-C.
- the device 5 may also be a field-programmable gate array (FPGA), a dedicated integrated chip, a system chip (SoC), a central processing unit (CPU), and other related functions.
- FPGA field-programmable gate array
- SoC system chip
- CPU central processing unit
- NP Network processor
- NP digital signal processing circuit
- microcontroller microcontroller unit, MCU
- PLD programmable controller
- PLD programmable logic device
- Embodiment 2 The transceiver unit 502 is configured to receive the EBI allocation request information from the transmission management device; wherein the EBI allocation request is used to request the EBI to be allocated for the EPS bearer whose QoS is mapped in the EPS; for example, the transceiver unit 502 is used for Step S301 in FIG. 3 is executed.
- the processing unit 501 is configured to determine whether the user plane security execution information of the PDU session where the Qos Flow is located and the user plane encryption protection information of the EPS match; for example, the processing unit 501 is configured to execute S302 in FIG. 3.
- the transceiver unit 502 is further configured to send an EBI allocation response message to the transmission management device when the judgment result of the processing unit is yes, wherein the EBI allocation response information carrying device 5 allocates an EBI allocated to the EPS bearer.
- the transceiver unit 502 is configured to execute S303 in FIG. 3.
- the user plane security execution information of the PDU session includes: integrity protection requirement information and encryption requirement information
- the EPS user plane encryption protection information includes: user plane encryption activation information
- the integrity protection requirement information indicates that integrity protection is not performed
- the encryption requirement information indicates that encryption is not performed
- the user plane security execution information of the PDU session and the EPS user plane encryption protection information are matched
- the integrity protection requirement information indicates that integrity protection is not performed, the encryption requirement information indicates that encryption is performed, the user plane encryption capability information indicates that user plane encryption is supported, the user plane security execution information of the PDU session, and the EPS The user plane encryption protection information is matched.
- the user plane security execution information of the PDU session includes: integrity protection requirement information and encryption requirement information
- the EPS user plane encryption protection information includes: user plane encryption activation information
- the The integrity protection requirement information indicates that the PDU session is integrity protected.
- the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match.
- the transceiver unit 502 is further configured to send an EBI allocation response message to the transmission management device when the determination result of the processing unit 501 is no, and the EBI allocation response information carries the EBI allocation. Reason information for the failure.
- the transceiver unit 502 is further configured to receive a user corresponding to the PDU session identifier and the PDU session identifier from the transmission management device during the establishment or modification of the PDU session. Face safety enforcement information.
- the device 5 may be an access management device, for example, the access management device may be an AMF in 5GS.
- the device 5 may also be a field-programmable gate array (FPGA), a dedicated integrated chip, a system chip (SoC), a central processing unit (CPU), and other related functions.
- FPGA field-programmable gate array
- SoC system chip
- CPU central processing unit
- NP Network processor
- NP digital signal processing circuit
- microcontroller microcontroller unit, MCU
- PLD programmable controller
- PLD programmable logic device
- Embodiment 3 A processing unit 501 is configured to obtain user plane security execution information of a PDU session.
- the PDU session includes at least one QoS Flow, which is associated with an EPS bearer, and the EPS bearer is assigned an EBI; for example:
- the processing unit 501 is configured to execute S401 in FIG. 4.
- the processing unit 501 is further configured to determine whether the user plane security execution information of the PDU session matches the user plane encryption protection information of the EPS that is stored or preconfigured; for example, the processing unit 501 is configured to execute S402 in FIG. 4. .
- the transceiver unit 502 is configured to send an EBI release request to a transmission management device serving the EPS bearer when the judgment result of the processing unit is negative, and the EBI release request is used to indicate that the EBI of the EPS bearer needs to be freed.
- the transceiver unit 502 is configured to execute S403 in FIG. 4.
- the user plane security execution information of the PDU session includes: integrity protection requirement information and encryption requirement information
- the EPS user plane encryption protection information includes: user plane encryption capability information
- the integrity protection requirement information indicates that integrity protection is performed.
- the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS do not match.
- the user plane security execution information of the PDU session includes integrity protection requirement information and encryption requirement information
- the user plane encryption protection information of the EPS includes: user plane encryption activation information
- the integrity protection requirement information indicates that the PDU session is not integrity protected, the encryption requirement information indicates that the PDU session is not encrypted, the user plane security execution information of the PDU session, and the user of the EPS The encryption protection information is matched; or
- the integrity protection requirement information indicates that integrity protection is not performed
- the encryption requirement information indicates that the PDU session is encrypted
- the user plane encryption capability information indicates that user plane encryption is supported
- the user plane security execution information and address of the PDU session is matched.
- the processing unit 501 is further configured not to release the EBI carried by the EPS when the user plane security execution information of the PDU session and the user plane encryption protection information of the EPS match.
- the transceiver unit 502 is further configured to receive a user corresponding to the PDU session identifier and the PDU session identifier from the transmission management device during the establishment or modification of the PDU session. Face safety enforcement information.
- the user plane encryption protection information of the EPS is from a mobile management entity MME, and the MME is an MME to which the PDU session is to be migrated.
- the device 5 may be an access management device, for example, the access management device may be an AMF in 5GS.
- the device 5 may also be a field-programmable gate array (FPGA), a dedicated integrated chip, a system chip (SoC), a central processing unit (CPU), and other related functions.
- FPGA field-programmable gate array
- SoC system chip
- CPU central processing unit
- NP Network processor
- NP digital signal processing circuit
- microcontroller microcontroller unit, MCU
- PLD programmable controller
- PLD programmable logic device
- FIG. 6 is a schematic structural diagram of a device according to an embodiment of the present invention.
- the device 6 is referred to as the device 6.
- the device 6 may be integrated with the foregoing transmission management device or access management device.
- the device includes a memory 602 and a processing unit. 601, a transceiver 603.
- the memory 602 may be an independent physical unit, and may be connected to the processor 601 and the transceiver 603 through a bus.
- the memory 602, the processor 601, and the transceiver 603 may also be integrated together and implemented by hardware.
- the memory 602 is configured to store a program that implements the foregoing method embodiments or modules of the device embodiments, and the processor 601 calls the program to perform the operations of the foregoing method embodiments.
- the device 6 may also include only a processor.
- the memory for storing the program is located outside the device 6, and the processor 601 is connected to the memory through a circuit / wire for reading and executing the program stored in the memory.
- the processor may be a central processing unit (CPU), a network processor (NP), or a combination of a CPU and an NP.
- CPU central processing unit
- NP network processor
- the processor may further include a hardware chip.
- the hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof.
- the PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a general array logic (GAL), or any combination thereof.
- the memory may include volatile memory (for example, random-access memory (RAM); the memory may also include non-volatile memory (for example, flash memory) , Hard disk (HDD) or solid-state drive (SSD); the storage may also include a combination of the above types of storage.
- volatile memory for example, random-access memory (RAM)
- non-volatile memory for example, flash memory
- HDD Hard disk
- SSD solid-state drive
- the storage may also include a combination of the above types of storage.
- the sending module or the transmitter performs the steps sent by the foregoing method embodiments
- the receiving module or the receiver performs the steps received by the foregoing method embodiments
- other steps are performed by other modules or processors.
- the transmitting module and the receiving module may constitute a transceiver module
- the receiver and the transmitter may constitute a transceiver.
- An embodiment of the present application further provides a computer storage medium storing a computer program, where the computer program is used to execute the method for distributing EBI provided by the foregoing embodiment.
- the embodiment of the present application further provides a computer program product containing instructions, which when executed on a computer, causes the computer to execute the EBI allocation provided by the foregoing embodiment.
- this application may be provided as a method, a system, or a computer program product. Therefore, this application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Moreover, this application may take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
- computer-usable storage media including, but not limited to, disk storage, CD-ROM, optical storage, etc.
- These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing device to work in a particular manner such that the instructions stored in the computer-readable memory produce a manufactured article including an instruction device, the instructions
- the device implements the functions specified in one or more flowcharts and / or one or more blocks of the block diagram.
- These computer program instructions can also be loaded on a computer or other programmable data processing device, so that a series of steps can be performed on the computer or other programmable device to produce a computer-implemented process, which can be executed on the computer or other programmable device.
- the instructions provide steps for implementing the functions specified in one or more flowcharts and / or one or more blocks of the block diagrams.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Quality & Reliability (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (30)
- 一种分配演进分组系统承载标识EBI的方法,其特征在于,包括:当分组数据单元PDU会话的用户面安全执行信息和演进分组系统EPS的用户面加密保护信息匹配时,传输管理装置向接入管理装置发送EBI分配请求信息,所述EBI分配请求信息用于请求为服务质量流QoS Flow在EPS中映射的EPS承载分配EBI,所述PDU会话包括至少一个QoS Flow。
- 根据权利要求1所述的方法,其特征在于,所述PDU会话的用户面安全执行信息包括:完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括:用户面加密激活信息;其中,所述完整性保护需求信息表示所述PDU会话未被完整性保护,所述加密需求信息表示所述PDU会话未被加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的;或所述完整性保护需求信息表示PDU会话未被完整性保护,所述加密需求信息表示PDU会话被加密,所述用户面加密激活信息表示所述EPS的用户面加密被激活,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是匹配的。
- 根据权利要求1所述的方法,其特征在于,所述PDU会话的用户面安全执行信息包括完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括用户面加密激活信息;所述完整性保护需求信息表示进行完整性保护,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是不匹配的。
- 根据权利要求3所述的方法,其特征在于,还包括:在所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息不匹配的情况下,所述传输管理装置不向所述接入管理装置发送EBI分配请求。
- 一种分配EBI的方法,其特征在于,包括:接入管理装置接收来自传输管理装置的EBI分配请求信息;其中,所述EBI分配请求用于请求为QoS Flow在EPS中映射的EPS承载分配EBI,;当所述Qos Flow所在的PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息匹配时,所述接入管理装置向所述传输管理装置发送EBI分配响应信息;其中,所述EBI分配响应信息携带所述接入管理装置为所述EPS承载分配的EBI。
- 根据权利要求5所述的方法,其特征在于,所述PDU会话的用户面安全执行信息包括:完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括:用户面加密激活信息;其中,所述完整性保护需求信息表示不进行完整性保护,所述加密需求信息表示不进行加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的;或所述完整性保护需求信息表示不进行完整性保护,所述加密需求信息表示进行加密,所述用户面加密能力信息表示支持用户面加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的。
- 根据权利要求5所述的方法,其特征在于,所述PDU会话的用户面安全执行信息包括:完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括:用户面加密激活信息;所述完整性保护需求信息表示PDU会话被完整性保护,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是不匹配的。
- 根据权利要求5或7所述的方法,还包括:在所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息不匹配的情况下,所述接入管理装置向所述传输管理装置发送EBI分配响应信息,所述EBI分配响应信息携带EBI分配失败的原因信息。
- 根据权利要求5至8任意一项所述的方法,其特征在于,所述接入管理装置接收来自传输管理装置的EBI分配请求信息之前,还包括:在所述PDU会话的建立或修改过程中,所述接入管理装置接收来自所述传输管理装置的所述PDU会话标识和所述PDU会话标识对应的用户面安全执行信息。
- 一种分配EBI的方法,其特征在于,包括:接入管理装置获取PDU会话的用户面安全执行信息;其中,PDU会话包括至少一个QoS Flow,所述QoS Flow与EPS bearer关联,所述EPS承载已分配有EBI;当所述PDU会话的用户面安全执行信息和预存储或预配置的所述EPS的用户面加密保护信息不匹配的情况下,所述接入管理装置向服务于所述EPS承载的传输管理装置发送EBI释放请求,所述EBI释放请求用于指示所述EPS承载的EBI需要被释放。
- 根据权利要求10所述的方法,其特征在于,所述PDU会话的用户面安全执行信息包括:完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括:用户面加密能力信息;所述完整性保护需求信息表示进行完整性保护,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是不匹配的。
- 根据权利要求10所述的方法,其特征在于,PDU会话的用户面安全执行信息包括完整性保护需求信息和加密需求信息,EPS的用户面加密保护信息包括:用户面加密激活信息;其中,所述完整性保护需求信息表示所述PDU会话未被完整性保护,所述加密需求信息表示所述PDU会话未被加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的;或所述完整性保护需求信息表示不进行完整性保护,所述加密需求信息表示PDU会话被加密,所述用户面加密能力信息表示支持用户面加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的。
- 根据权利要求10或12所述的方法,还包括:当所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是匹配时,所述接入管理装置不释放所述EPS承载的EBI。
- 根据权利要求10至13任意一项所述的方法,其特征在于,所述接入管理装置获取PDU会话的用户面安全执行信息之前,还包括:在所述PDU会话的建立或修改过程中,所述接入管理装置接收来自所述传输管理装置的所述PDU会话标识和所述PDU会话标识对应的用户面安全执行信息。
- 根据权利要求10至14任意一项所述的方法,其特征在于,所述EPS的用户面加密保护信息是来自移动管理实体MME的,所述MME是所述PDU会话待迁移到的MME。
- 一种分配演进分组系统承载标识EBI的装置,其特征在于,包括:处理单元,用于判断PDU会话的用户面安全执行信息和EPS的用户面加密保护信息是否匹配;收发单元,用于在所述处理单元的判断结果为是时,向接入管理装置发送EBI分配请求信息,所述EBI分配请求信息用于请求为QoS Flow在EPS中映射的EPS承载分配EBI,所述PDU会话包括至少一个QoS Flow。
- 根据权利要求1所述的装置,其特征在于,所述PDU会话的用户面安全执行信息包括:完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括:用户面加密激活信息;其中,所述完整性保护需求信息表示所述PDU会话未被完整性保护,所述加密需求信息表示所述PDU会话未被加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的;或所述完整性保护需求信息表示PDU会话未被完整性保护,所述加密需求信息表示PDU会话被加密,所述用户面加密激活信息表示所述EPS的用户面加密被激活,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是匹配的。
- 根据权利要求16所述的装置,其特征在于,所述PDU会话的用户面安全执行信息 包括完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括用户面加密激活信息;所述完整性保护需求信息表示进行完整性保护,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是不匹配的。
- 根据权利要求18所述的装置,其特征在于,所述处理单元,还用于在所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息不匹配的情况下,所述传输管理装置不向所述接入管理装置发送EBI分配请求。
- 一种分配EBI的装置,其特征在于,包括:收发单元,用于接收来自传输管理装置的EBI分配请求信息;其中,所述EBI分配请求用于请求为QoS Flow在EPS中映射的EPS承载分配EBI;处理单元,用于判断所述Qos Flow所在的PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是否匹配;所述收发单元,还用于在所述处理单元的判断结果为是时,向所述传输管理装置发送EBI分配响应信息;其中,所述EBI分配响应信息携带所述装置为所述EPS承载分配的EBI。
- 根据权利要求20所述的装置,其特征在于,所述PDU会话的用户面安全执行信息包括:完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括:用户面加密激活信息;其中,所述完整性保护需求信息表示不进行完整性保护,所述加密需求信息表示不进行加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的;或所述完整性保护需求信息表示不进行完整性保护,所述加密需求信息表示进行加密,所述用户面加密能力信息表示支持用户面加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的。
- 根据权利要求20所述的装置,其特征在于,所述PDU会话的用户面安全执行信息包括:完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括:用户面加密激活信息;所述完整性保护需求信息表示PDU会话被完整性保护,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是不匹配的。
- 根据权利要求20或22所述的装置,其特征在于,所述收发单元,还用于在所述处理单元的判断结果为否的情况下,向所述传输管理装置发送EBI分配响应信息,所述EBI分配响应信息携带EBI分配失败的原因信息。
- 根据权利要求20至23任意一项所述的装置,其特征在于,所述收发单元,还用于在所述PDU会话的建立或修改过程中,接收来自所述传输管理 装置的所述PDU会话标识和所述PDU会话标识对应的用户面安全执行信息。
- 一种分配EBI的装置,其特征在于,包括:处理单元,用于获取PDU会话的用户面安全执行信息;其中,PDU会话包括至少一个QoS Flow,所述QoS Flow与EPS bearer关联,所述EPS承载已分配有EBI;所述处理单元,还用于判断所述PDU会话的用户面安全执行信息和预存储或预配置的所述EPS的用户面加密保护信息是否匹配;所述收发单元,用于在所述处理单元的判断结果为否时,向服务于所述EPS承载的传输管理装置发送EBI释放请求,所述EBI释放请求用于指示所述EPS承载的EBI需要被释放。
- 根据权利要求25所述的装置,其特征在于,所述PDU会话的用户面安全执行信息包括:完整性保护需求信息和加密需求信息,所述EPS的用户面加密保护信息包括:用户面加密能力信息;所述完整性保护需求信息表示进行完整性保护,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是不匹配的。
- 根据权利要求25所述的装置,其特征在于,PDU会话的用户面安全执行信息包括完整性保护需求信息和加密需求信息,EPS的用户面加密保护信息包括:用户面加密激活信息;其中,所述完整性保护需求信息表示所述PDU会话未被完整性保护,所述加密需求信息表示所述PDU会话未被加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的;或所述完整性保护需求信息表示不进行完整性保护,所述加密需求信息表示PDU会话被加密,所述用户面加密能力信息表示支持用户面加密,所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息为匹配的。
- 根据权利要求25或27所述的装置,其特征在于,所述处理单元,还用于当所述PDU会话的用户面安全执行信息和所述EPS的用户面加密保护信息是匹配时,不释放所述EPS承载的EBI。
- 根据权利要求25至28任意一项所述的装置,其特征在于,所述收发单元,还用于在所述PDU会话的建立或修改过程中,接收来自所述传输管理装置的所述PDU会话标识和所述PDU会话标识对应的用户面安全执行信息。
- 根据权利要求25至29任意一项所述的装置,其特征在于,所述EPS的用户面加密保护信息是来自移动管理实体MME的,所述MME是所述PDU会话待迁移到的MME。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR112021002388-7A BR112021002388A2 (pt) | 2018-08-13 | 2019-08-13 | método e aparelho para atribuir ebi |
EP19849468.4A EP3836727B1 (en) | 2018-08-13 | 2019-08-13 | Method and apparatus for allocating ebi |
EP22207406.4A EP4216652A1 (en) | 2018-08-13 | 2019-08-13 | Method and apparatus for assigning ebi |
CA3109203A CA3109203A1 (en) | 2018-08-13 | 2019-08-13 | Method and apparatus for assigning ebi |
US17/174,581 US11849313B2 (en) | 2018-08-13 | 2021-02-12 | Method and apparatus for assigning EBI |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810918782.5A CN110831244B (zh) | 2018-08-13 | 2018-08-13 | 分配ebi的方法和装置 |
CN201810918782.5 | 2018-08-13 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/174,581 Continuation US11849313B2 (en) | 2018-08-13 | 2021-02-12 | Method and apparatus for assigning EBI |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020034971A1 true WO2020034971A1 (zh) | 2020-02-20 |
Family
ID=69525110
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/100460 WO2020034971A1 (zh) | 2018-08-13 | 2019-08-13 | 分配ebi的方法和装置 |
Country Status (6)
Country | Link |
---|---|
US (1) | US11849313B2 (zh) |
EP (2) | EP4216652A1 (zh) |
CN (2) | CN110831244B (zh) |
BR (1) | BR112021002388A2 (zh) |
CA (1) | CA3109203A1 (zh) |
WO (1) | WO2020034971A1 (zh) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11240699B2 (en) | 2018-11-19 | 2022-02-01 | Mediatek Inc. | Insufficient resources in the UE during PDU session establishment procedure |
US11284458B2 (en) * | 2019-02-18 | 2022-03-22 | Mediatek Inc. | Handling of mapped EPS bearer context with duplicate EPS bearer ID |
CN114980105A (zh) * | 2021-02-21 | 2022-08-30 | 华为技术有限公司 | 通信方法及通信装置 |
GB2614409A (en) * | 2021-11-02 | 2023-07-05 | Samsung Electronics Co Ltd | Improvements in and relating to QOS error handling during disaster roaming service |
KR20230161813A (ko) * | 2022-05-19 | 2023-11-28 | 삼성전자주식회사 | 네트워크 장비 내의 컴퓨팅과 결합된 차세대 이동통신 시스템을 위한 방법 및 장치 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012050841A1 (en) * | 2010-09-28 | 2012-04-19 | Research In Motion Corporation | Method and apparatus for releasing connection with local gw when ue moves out of the residential/enterprise network coverage |
CN108124238A (zh) * | 2016-11-28 | 2018-06-05 | 大唐移动通信设备有限公司 | 一种集群组的信令处理方法和装置 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101800958A (zh) * | 2009-02-10 | 2010-08-11 | 中兴通讯股份有限公司 | 获取紧急会话信息的方法和系统 |
US10499443B2 (en) * | 2015-07-31 | 2019-12-03 | Huawei Technologies Co., Ltd. | Data transmission method, related device, and system |
WO2017111781A1 (en) | 2015-12-23 | 2017-06-29 | Intel Corporation | Group-based eps bearer architecture |
KR102423098B1 (ko) * | 2016-08-01 | 2022-07-21 | 삼성전자 주식회사 | 무선 통신 네트워크에서 데이터 통신을 관리하는 방법 및 장치 |
US10275828B2 (en) | 2016-11-02 | 2019-04-30 | Experian Health, Inc | Expanded data processing for improved entity matching |
CN108347410B (zh) * | 2017-01-24 | 2021-08-31 | 华为技术有限公司 | 安全实现方法、设备以及系统 |
-
2018
- 2018-08-13 CN CN201810918782.5A patent/CN110831244B/zh active Active
- 2018-08-13 CN CN202210012717.2A patent/CN114286337A/zh active Pending
-
2019
- 2019-08-13 BR BR112021002388-7A patent/BR112021002388A2/pt unknown
- 2019-08-13 EP EP22207406.4A patent/EP4216652A1/en active Pending
- 2019-08-13 CA CA3109203A patent/CA3109203A1/en active Pending
- 2019-08-13 WO PCT/CN2019/100460 patent/WO2020034971A1/zh unknown
- 2019-08-13 EP EP19849468.4A patent/EP3836727B1/en active Active
-
2021
- 2021-02-12 US US17/174,581 patent/US11849313B2/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012050841A1 (en) * | 2010-09-28 | 2012-04-19 | Research In Motion Corporation | Method and apparatus for releasing connection with local gw when ue moves out of the residential/enterprise network coverage |
CN108124238A (zh) * | 2016-11-28 | 2018-06-05 | 大唐移动通信设备有限公司 | 一种集群组的信令处理方法和装置 |
Non-Patent Citations (2)
Title |
---|
ERICSSON: "Allocation of EPS bearer ID in 5GS", SA WG2 MEETING #121 S 2-173322, 19 May 2017 (2017-05-19), XP051281818 * |
See also references of EP3836727A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP3836727A1 (en) | 2021-06-16 |
BR112021002388A2 (pt) | 2021-05-04 |
CA3109203A1 (en) | 2020-02-20 |
US20210168595A1 (en) | 2021-06-03 |
EP3836727B1 (en) | 2022-12-14 |
CN114286337A (zh) | 2022-04-05 |
CN110831244B (zh) | 2022-01-14 |
EP4216652A1 (en) | 2023-07-26 |
EP3836727A4 (en) | 2021-09-15 |
US11849313B2 (en) | 2023-12-19 |
CN110831244A (zh) | 2020-02-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11463946B2 (en) | System and method for UE context and PDU session context management | |
JP7130769B2 (ja) | 通信方法および通信装置 | |
WO2020034971A1 (zh) | 分配ebi的方法和装置 | |
CN110166580B (zh) | 资源管理的方法、设备及系统 | |
US20200383035A1 (en) | Communications method and apparatus | |
WO2020063317A1 (zh) | 一种通信方法及装置 | |
WO2017167203A1 (zh) | 一种服务质量的控制方法和装置 | |
WO2018006773A1 (zh) | 信息、数据发送方法及装置、接入网和系统 | |
WO2009049529A1 (fr) | Procédé d'établissement de support de charge et dispositif associé | |
WO2022001761A1 (zh) | 通信方法及装置 | |
CN102612096B (zh) | 一种ip数据包的传输方法和设备 | |
CN114830818B (zh) | 管理QoS的方法、中继终端、PCF网元、SMF网元及远程终端 | |
WO2019137194A1 (zh) | 一种用户面数据安全保护方法及装置 | |
WO2017113207A1 (zh) | 一种业务消息传输方法、第一终端及网络侧设备 | |
EP4319297A2 (en) | Communication method and communications apparatus | |
US11991516B2 (en) | Session migration method and apparatus | |
EP3823323A1 (en) | Data transmission method and related apparatus | |
WO2021042381A1 (zh) | 一种通信方法、装置及系统 | |
WO2022061916A1 (zh) | 一种通信方法及装置 | |
WO2023207637A1 (zh) | 通信方法及装置 | |
WO2023207838A1 (zh) | 一种通信方法及设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19849468 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 3109203 Country of ref document: CA |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112021002388 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 2019849468 Country of ref document: EP Effective date: 20210308 |
|
ENP | Entry into the national phase |
Ref document number: 112021002388 Country of ref document: BR Kind code of ref document: A2 Effective date: 20210208 |