WO2021136211A1 - Procédé et dispositif pour déterminer un résultat d'autorisation - Google Patents

Procédé et dispositif pour déterminer un résultat d'autorisation Download PDF

Info

Publication number
WO2021136211A1
WO2021136211A1 PCT/CN2020/140406 CN2020140406W WO2021136211A1 WO 2021136211 A1 WO2021136211 A1 WO 2021136211A1 CN 2020140406 W CN2020140406 W CN 2020140406W WO 2021136211 A1 WO2021136211 A1 WO 2021136211A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
terminal device
network device
access
access network
Prior art date
Application number
PCT/CN2020/140406
Other languages
English (en)
Chinese (zh)
Inventor
张博
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021136211A1 publication Critical patent/WO2021136211A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • This application relates to the field of communication technology, and in particular to a method and device for determining an authorization result.
  • the Internet of Everything technology includes not only narrowband internet of things, NB-LOT) technology and enhanced machine type communication (eMTC) technology, It may also include IoT, end-to-end (device to device, D2D) technology, and so on.
  • IoT or end-to-end technology can also be referred to as proximity-based services (Proximity-based services, ProSe).
  • ProSe proximity-based services
  • a terminal device can communicate with the network through another terminal device.
  • one terminal device can access the operator's network through another terminal device to perform registration procedures, data transmission and other services.
  • the other terminal device may also be referred to as a relay terminal device.
  • the embodiments of the present application provide a method and device for determining an authorization result, which can effectively determine the relay service of a relay terminal device and prevent the terminal device from accessing the network through an unauthorized relay terminal device.
  • an embodiment of the present application provides a method for determining an authorization result, and the method includes:
  • the access network device receives a first message sent by a second terminal device, where the first message is used to instruct the first terminal device to request access to the network through the second terminal device, and the first message includes the second terminal device.
  • Identification information of the terminal device the access network device determines the authorization result of the second terminal device according to the identification information of the second terminal device; the access network device sends a second message to the first core network device, The second message includes the authorization result of the second terminal device; the access network device receives a response message of the second message sent by the first core network device.
  • the authorization result of the second terminal device may be the result of the second terminal device being authorized to perform the relay service.
  • the RAN determines that UE2 is authorized to perform the relay service, and then sends a second message including the authorization result of UE2 to AMF1, so that the AMF1 can be based on the UE2's authorization result.
  • the authorization result allows UE1 to access the network through UE2.
  • Implementing the embodiments of this application can enable AMF1 to obtain the authorization result of UE2, thereby safely and effectively allowing UE1 to access the network through UE2.
  • the access network device stores the authorization result of the second terminal device.
  • the method before the access network device determines the authorization result of the second terminal device according to the identification information of the second terminal device, the method further includes: The second core network device sends a third message, the third message includes the identification information of the second terminal device, and the third message is used to request the authorization result of the second terminal device; the access network The device receives a response message of a third message sent by the second core network device, where the response message of the third message includes the authorization result of whether the second terminal device is authorized to perform the relay service; the access network device Save the authorization result of the second terminal device.
  • the identification information of the second terminal device includes a relay identification of the second terminal device.
  • the method further includes: the access network device sends a response message of the first message to the second terminal device, and the response message of the first message is used to indicate the first message A terminal device is allowed to access the network through the second terminal device.
  • the response message of the first message includes the authorization result of the second terminal device.
  • an embodiment of the present application provides a method for determining an authorization result, and the method includes:
  • the first core network device receives a second message sent by the access network device, where the second message includes the authorization result of the second terminal device; the first core network device determines the The second terminal device is authorized to perform a relay service; the first core network device sends a response message of the second message to the access network device.
  • the method before the first core network device receives the second message sent by the access network device, the method further includes: the access network device receives the first message sent by the second terminal device. A message; wherein, the first message is used to instruct the first terminal device to request access to the network through the second terminal device, and the first message includes the identification information of the second terminal device; the access The network device determines that the second terminal device is authorized to perform the relay service, and sends the second message to the first core network device.
  • the method further includes: the access network device sends the second core network device to the second core network device.
  • the third message includes the identification information of the second terminal device, and the third message is used to request the authorization result of the second terminal device;
  • the second core network device receives the access The third message sent by the network device, and sending a response message of the third message to the access network device;
  • the determining by the access network device that the second terminal device is authorized to perform the relay service includes: the access network device determines that the second terminal device is authorized to perform the relay according to the response message of the third message business.
  • the method further includes: the access network device sends a response message of the first message to the second terminal device, and the response message of the first message is used to indicate the first message A terminal device is allowed to access the network through the second terminal device.
  • beneficial effects of the second aspect can be referred to the beneficial effects of the first aspect, which will not be repeated here.
  • embodiments of the present application provide a communication device, which may be a network device, a device in a network device, or a device that can be used in conjunction with a network device.
  • the communication device may also be a chip system.
  • the communication device can execute the methods described in the first aspect and various possible implementation manners of the first aspect.
  • the communication device may execute the methods described in the second aspect and various possible implementation manners of the second aspect.
  • the function of the communication device can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more units corresponding to the above-mentioned functions.
  • the unit can be software and/or hardware.
  • the network device may be an access network device.
  • the network device may be the first core network device.
  • the network device may be a second core network device.
  • an embodiment of the present application provides a communication system, the communication system includes: a first core network device, configured to receive a second message sent by an access network device, the second message including the authorization of the second terminal device Result; the first core network device is also used to determine that the second terminal device is authorized to perform relay services according to the authorization result of the second terminal device; the first core network device is also used to The access network device sends a response message to the second message.
  • the system further includes: an access network device, configured to receive a first message sent by the second terminal device; wherein, the first message is used to instruct the first terminal The device requests to access the network through the second terminal device, and the first message includes the identification information of the second terminal device; the access network device is also used to determine that the second terminal device is authorized to perform relay Service, sending the second message to the first core network device.
  • an access network device configured to receive a first message sent by the second terminal device; wherein, the first message is used to instruct the first terminal The device requests to access the network through the second terminal device, and the first message includes the identification information of the second terminal device; the access network device is also used to determine that the second terminal device is authorized to perform relay Service, sending the second message to the first core network device.
  • the access network device is further configured to send a third message to the second core network device, where the third message includes the identification information of the second terminal device, and The third message is used to request the authorization result of the second terminal device;
  • the system further includes: a second core network device, configured to receive the third message sent by the access network device, and send a response message of the third message to the access network device;
  • the network access device is specifically configured to determine, according to the response message of the third message, that the second terminal device is authorized to perform the relay service.
  • the access network device is further configured to send a response message of a first message to the first terminal device, and the response message of the first message is used to instruct the first terminal The device allows access to the network through the second terminal device.
  • an embodiment of the present application provides a communication device, the communication device includes a processor, and when the processor invokes a computer program in a memory, as in the first aspect and various possible implementation manners of the first aspect The method described is executed.
  • the processor invokes the computer program in the memory
  • the methods described in the second aspect and various possible implementation manners of the second aspect are executed.
  • the processor calls the computer program, the method described in any one of the first core network device, the second core network device, and the access network device is executed.
  • an embodiment of the present application provides a communication device.
  • the communication device includes a processor and a memory.
  • the memory is used to store computer-executable instructions; the processor is used to execute the computer-executable instructions to enable the
  • the communication device executes the methods described in the first aspect and various possible implementation manners of the first aspect.
  • the processor invokes the computer to execute instructions
  • the methods described in the second aspect and various possible implementation manners of the second aspect are executed.
  • the processor invokes the computer to execute instructions
  • the method described in any one of the first core network device, the second core network device, and the access network device is executed.
  • an embodiment of the present application provides a communication device.
  • the communication device includes a processor, a memory, and a transceiver.
  • the transceiver is used to receive signals or send signals; and the memory is used to store program codes;
  • the processor is configured to call the program code to execute the method described in the first aspect.
  • the processor calls the program code
  • the methods described in the second aspect and various possible implementation manners of the second aspect are executed.
  • the processor calls the program code
  • the method described in any one of the first core network device, the second core network device, and the access network device is executed.
  • an embodiment of the present application provides a communication device.
  • the communication device includes a processor and an interface circuit.
  • the interface circuit is configured to receive code instructions and transmit them to the processor; the processor runs the The code instructions execute the methods described in the first aspect and various possible implementations of the first aspect.
  • the processor runs the code instructions to execute the methods described in the second aspect and various possible implementation manners of the second aspect. For example, the method described in any one of the first core network device, the second core network device, and the access network device is executed.
  • an embodiment of the present application provides a computer-readable storage medium, the computer-readable storage medium is used to store instructions, and when the instructions are executed, the first aspect and the various possibilities of the first aspect Implementation The method described is implemented.
  • the methods described in the second aspect and various possible implementation manners of the second aspect are implemented.
  • the method described in any one of the first core network device, the second core network device, and the access network device is implemented.
  • embodiments of the present application provide a computer program product including instructions, which when executed, enable the methods described in the first aspect and various possible implementations of the first aspect to be implemented.
  • the methods described in the second aspect and various possible implementation manners of the second aspect are implemented.
  • the method described in any one of the first core network device, the second core network device, and the access network device is implemented.
  • an embodiment of the present application provides a computer program for executing the first aspect and various possible implementation manners of the first aspect.
  • an embodiment of the present application provides a computer program for executing the second aspect and various possible implementation manners of the second aspect.
  • the computer program is used to execute the method described in any one of the first core network device, the second core network device, and the access network device.
  • FIG. 1 is a schematic diagram of a network architecture provided by an embodiment of the present application.
  • FIG. 2 is a schematic diagram of a network architecture provided by an embodiment of the present application.
  • FIG. 3 is a schematic flowchart of a method for determining an authorization result provided by an embodiment of the present application
  • FIG. 4 is a schematic flowchart of a method for determining an authorization result provided by an embodiment of the present application
  • FIG. 5 is a schematic structural diagram of a communication device provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a communication system provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a communication device provided by an embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a method for determining an authorization result provided by an embodiment of the present application.
  • At least one (item) refers to one or more
  • multiple refers to two or more than two
  • at least two (item) refers to two or three and three
  • “and/or” is used to describe the association relationship of associated objects, which means that there can be three kinds of relationships.
  • a and/or B can mean: there is only A, only B, and both A and B. In this case, A and B can be singular or plural.
  • the character “/” generally indicates that the associated objects before and after are in an "or” relationship.
  • the following at least one item (a) or similar expressions refers to any combination of these items, including any combination of a single item (a) or a plurality of items (a).
  • At least one of a, b, or c can mean: a, b, c, "a and b", “a and c", “b and c", or "a and b and c" ", where a, b, and c can be single or multiple.
  • the method for determining the authorization result provided in this application can be applied to various communication systems, such as the Internet of Things (IoT) system, the narrowband Internet of Things (NB-IoT) system, and the long-term evolution ( Long term evolution, LTE) system, it can also be the fifth generation (5th-generation, 5G) communication system, it can also be a hybrid architecture of LTE and 5G, it can also be a 5G new radio (NR) system, and future communications New communication systems, etc. appearing in development.
  • IoT Internet of Things
  • NB-IoT narrowband Internet of Things
  • LTE long-term evolution
  • 5G fifth generation
  • 5G 5G new radio
  • NR 5G new radio
  • FIG. 1 is a schematic diagram of a network architecture provided by an embodiment of the present application.
  • the various parts involved in FIG. 1 are as follows:
  • the terminal device 110 is also referred to as user equipment (UE), terminal, and so on.
  • a terminal device is a device with a wireless transceiver function. It can be connected to one or more core networks (core networks) via the (radio) access network ((radio) access network, (R) AN) 120 access network equipment, CN) to communicate. It can be deployed on land, including indoor or outdoor, handheld, wearable, or vehicle-mounted; it can also be deployed on the water, such as on a ship, and it can also be deployed in the air, such as on an airplane, balloon, or satellite.
  • core networks core networks
  • R radio access network
  • CN access network equipment
  • Terminal devices can be mobile phones, tablets, computers with wireless transceiver functions, virtual reality (VR) terminal devices, augmented reality (AR) terminal devices, industrial control (industrial control) Wireless terminals in ), wireless terminals in self-driving, wireless terminals in remote medical, wireless terminals in smart grid, and wireless terminals in transportation safety , Wireless terminals in smart cities, wireless terminals in smart homes, etc.
  • VR virtual reality
  • AR augmented reality
  • industrial control industrial control
  • Wireless terminals in wireless terminals in self-driving
  • wireless terminals in remote medical wireless terminals in smart grid
  • wireless terminals in transportation safety Wireless terminals in smart cities, wireless terminals in smart homes, etc.
  • the terminal equipment includes a remote terminal equipment (remote UE) and a relay terminal equipment (relay UE).
  • a relay UE can be understood as a UE that can directly access the network (or a base station); or, a relay UE can be understood as a UE that can be covered by a signal; or, a relay UE can be understood as a UE in the coverage area of the base station.
  • a relay UE can be understood as a UE with a relay function, where the relay function refers to a UE without signal coverage, and can access the operator's network through a relay UE with signal coverage.
  • the remote UE can be understood as a UE that cannot be covered by the signal. In other words, the remote UE needs to rely on a relay UE to be able to access the network.
  • the network architecture includes UE1, UE2, and UE3, and the UE1, UE2, and UE3 belong to the same ProSe group.
  • UE1 and UE2 can be understood as remote UEs
  • UE3 can be understood as relay UEs.
  • the remote UE can access the operator's network through a relay UE, perform a registration process, or establish a protocol data unit (protocol data unit, PDU) session, send user data, and so on.
  • the relay UE can establish a communication connection with the remote UE to provide services for the remote UE to access the network.
  • the remote UE can use Internet services, use the call function, and so on through the relay UE.
  • the remote UE and the relay UE may communicate through proximity-based services (Proximity-based services, ProSe).
  • ProSe proximity-based services
  • the short-distance-based service may include a device-to-device (D2D) service or a vehicle-to-everything (V2X) service and so on.
  • D2D device-to-device
  • V2X vehicle-to-everything
  • the relay UE may also be referred to as a UE-to-network relay.
  • (Radio) access network ((radio) access network, (R) AN) 120 used to provide network access functions for authorized terminal equipment in a specific area, and can use different quality transmissions according to the level of terminal equipment, business needs, etc. tunnel.
  • (R)AN can manage wireless resources, provide access services for terminal devices, and then complete the forwarding of control information and/or data information between the terminal device and the core network (CN).
  • the access network device in the embodiment of the present application is a device that provides a wireless communication function for terminal devices, and may also be referred to as a network device.
  • the access network equipment may include: next generation node base station (gNB) in 5G system, evolved node B (evolved node B, eNB) in long term evolution (LTE), wireless Network controller (radio network controller, RNC), node B (node B, NB), base station controller (BSC), base transceiver station (BTS), home base station (for example, home evolved nodeB) , Or home node B (HNB), base band unit (BBU), transmission point (transmitting and receiving point, TRP) (or called transmission receiving point), transmission point (TP), small base station equipment (pico), mobile switching center, or network equipment in the future network.
  • gNB next generation node base station
  • eNB evolved node B
  • LTE long term evolution
  • RNC wireless Network controller
  • node B node B
  • BSC base station controller
  • the user plane function (UPF) network function 130 is used for packet routing and forwarding, quality of service (QoS) processing of user plane data, and so on.
  • QoS quality of service
  • the data network (DN) network function 140 is used to provide a data transmission network.
  • Access and mobility management function (AMF) network function 150 can be used to implement mobility management entity (mobility management entity, MME) functions except session management Other functions, such as lawful interception and access authorization/authentication functions.
  • MME mobility management entity
  • the AMF network function is hereinafter referred to as AMF.
  • the AMF network function includes a remote AMF and a relay AMF.
  • the remote AMF is: an AMF used to provide services for a remote UE;
  • the relay AMF is: a relay AMF is used to provide services for a relay UE AMF.
  • the session management function (SMF) 160 is mainly used for session management, terminal device Internet protocol (IP) address allocation and management, selection of manageable user plane functions, policy control and charging function interfaces End point and downlink data notification, etc.
  • IP Internet protocol
  • the policy control network function 170 such as a policy control function (PCF) is a unified policy framework used to guide network behavior, and provides policy rule information for control plane functions (such as AMF, SMF network functions, etc.).
  • PCF policy control function
  • the authentication server function (authentication server function, AUSF) 180 is used for authentication services, generating keys to implement two-way authentication for terminal devices, and supporting a unified authentication framework.
  • the unified data management (UDM) network function 190 can be used to process terminal device identification, access authentication, registration, and mobility management. It can be understood that the UDM network function is hereinafter referred to as UDM for short.
  • the application function (AF) 1100 is used for data routing affected by applications, access to network opening functions, and interaction with the policy framework for policy control.
  • the network slice selection function can be used to determine network slice instances, select AMF network functions, and so on.
  • Network storage network functions such as including network repository function (NRF) can be used to maintain real-time information of all network functions and services in the network.
  • NRF network repository function
  • the network architecture shown in FIG. 1 may also include a ProSe function, and the ProSe function may be used to perform the management and control of the ProSe service, and so on.
  • the mobility management network function in the embodiment of the present application may be the AMF network function 150 shown in FIG. 1, or may be other network functions having the aforementioned AMF network function 150 in the future communication system.
  • the mobility management network function in this application may also be a mobility management entity (MME) in long term evolution (LTE), etc.
  • MME mobility management entity
  • the AMF network function 150 is referred to as AMF for short, and the terminal device 110 is referred to as UE. That is, the AMF described later in the embodiments of this application can be replaced with mobility management network functions or core network equipment, and the UE can be either Replace with terminal equipment.
  • the network architecture shown in Figure 1 (such as the 5G network architecture) adopts a service-based architecture.
  • the traditional network element functions (or network functions) are split into several self-contained, self-contained, network functions based on network function virtualization (NFV) technology.
  • NFV network function virtualization
  • Self-management and reusable network function service modules can realize customized network function reconstruction through flexible definition of service module collections, and form business processes through a unified service call interface externally.
  • the schematic diagram of the network architecture shown in FIG. 1 can be understood as a schematic diagram of a service-based 5G network architecture in a non-roaming scenario. For roaming scenarios, the embodiments of this application are also applicable.
  • the aforementioned network function or function may be a network element in a hardware device, a software function running on dedicated hardware, or a virtualization function instantiated on a platform (for example, a cloud platform).
  • the remote terminal device is UE1
  • the relay terminal device is UE2
  • the AMF that provides services for the remote terminal device is AMF1, which provides services for the relay terminal device.
  • the AMF is AMF2
  • the access network equipment is RAN.
  • FIG. 3 is a schematic flowchart of a method for determining an authorization result provided by an embodiment of the present application. This method can be applied to the network architecture shown in FIG. 1 and/or FIG. 2. As shown in Figure 3, the method includes:
  • the RAN receives a first message sent by UE2, where the first message is used to instruct UE1 to request access to the network through UE2, and the first message includes identification information of UE2.
  • the identification information of UE2 is included in the first message, so that after receiving the first message, the RAN knows that UE1 requests to access the network through UE2.
  • the identification information of UE2 may include an identifier (identifier, ID) of UE2.
  • the ID of the UE2 may include the permanent identity of UE2, such as the international mobile subscriber identity (IMSI), the subscription permanent identifier (SUPI), the subscriber encapsulated identifier (SUCI) or general public subscription. Any one or more of ID (generic public subscription identifier, GPSI).
  • ID of the UE2 may include the temporary identity of the UE2, such as a globally unique temporary UE identity (GUTI).
  • GUI globally unique temporary UE identity
  • the ID of the UE2 may also include the relay ID of the UE2; the relay ID of the UE2 may be the UE identification of the relay service, or the relay ID of the UE2 may be the UE identification of the ProSe service.
  • the identification information of UE2 may include any one or more of IMSI, SUPI, SUCI, GPSI, or relay ID of UE2. It can be understood that, in order to distinguish the permanent identity, temporary identity, and relay identity of UE2, the identification information of UE2 in the following description is UE2's ID and/or UE2's relay ID.
  • the first message may also include the identification information of UE1.
  • the identification information of the UE1 may include the ID of the UE1, and the ID of the UE1 may include the permanent identification of the UE1, such as any one or more of the IMSI, SUPI, and SUCI of the UE1.
  • the ID of the UE1 may include the temporary identification of the UE1, such as the GUTI of the UE1.
  • the ID of the UE1 may also include the remote ID of the UE1.
  • the RAN can know which UE (such as UE1) needs to access the network through UE2.
  • the identification information of UE1 may include IMSI, SUPI, SUCI, GPSI, etc.
  • the identification information of UE1 in the following description is the ID of UE1 and/or the remote ID of UE1.
  • the remote ID of UE1 and the relay ID of UE2 can be configured by the short-distance service function. That is, the identification information related to the service can be configured by the short-distance service function.
  • the specific format of the identification information related to the service is not limited in the embodiment of the present application.
  • the first message may be a message sent by UE1 to the RAN through UE2; or, the first message may be a message sent by UE2 to the RAN.
  • the first message is a message sent by UE2 to the RAN, which can be understood as: UE1 sends a fourth message to UE2; then, after UE2 receives the fourth message, it parses the fourth message and generates the first message.
  • one processing method of parsing is to encapsulate the fourth message in the first message, so that the UE2 sends the first message to the RAN.
  • the identification information of UE2 may be carried in the fourth message itself, or may be encapsulated in the first message together with the fourth message after UE2 receives the fourth message.
  • the identification information of UE1 may be carried in the fourth message itself.
  • the method shown in FIG. 3 will be described by taking the first message as an example that the UE2 sends to the RAN.
  • step 302 the method shown in FIG. 3 further includes:
  • UE1 sends a fourth message to UE2, where the fourth message is used to request access to the network, and the fourth message includes identification information of UE1; correspondingly, UE2 receives the fourth message.
  • UE2 when UE2 receives the fourth message, it can encapsulate the identification information of UE1 in the first message, so as to send the first message to the RAN.
  • the fourth message when the UE2 receives the fourth message, the fourth message may be encapsulated in the first message, so as to send the first message to the RAN.
  • the fourth message may also include a non-access stratum (NAS) request.
  • the NAS request may include a registration access request and so on.
  • UE2 may encapsulate the NAS request in the first message, or encapsulate the fourth message in the first message, so as to send the first message to the RAN.
  • the NAS request may also be a normal uplink NAS message.
  • the fourth message includes the NAS request and the identification information of UE1, and UE2 receives the fourth message, and may encapsulate the NAS request and the identification information of UE1 in the first message.
  • the first message is sent to the RAN.
  • the first message may also include first indication information (indicator), and the first indication information is used to indicate that the data contained in the first message is for the remote UE of the relay. Data; or, the first indication information is used to indicate that the first message includes information in the fourth message from UE1.
  • the first indication information may be included in the NAS request, or the first indication information may be information encapsulated in the first message together with the fourth message when the UE2 receives the fourth message.
  • the method shown in FIG. 3 further includes: AMF1 checks UE1 to determine the authorization result of UE1.
  • the authorization result of the UE1 includes the result of whether the UE1 is applicable to the ProSe service, and/or the result of whether the UE1 is authorized to perform the remote UE service.
  • the method for the AMF1 to verify the UE can perform the verification according to the subscription information of the UE1.
  • the AMF1 obtains the subscription information of the UE1, this embodiment of the application does not limit it.
  • the subscription information may be acquired by AMF1 from UDM, or the subscription information may also be acquired by AMF1 from the short-distance service function.
  • the AMF1 may also obtain second indication information from the UDM or the short-distance service function, and the second indication information is used to indicate the authorization result of the UE1.
  • the RAN determines the authorization result of the UE2 according to the identification information of the UE2; and sends a second message to the AMF1; the second message includes the authorization result of the UE2.
  • AMF1 receives the second message.
  • the authorization result of the UE2 may include the result of whether the UE2 is applicable to the ProSe service, and/or the result of whether the UE2 is authorized to perform the relay service.
  • the authorization result of UE2 may include the result that UE2 is authorized to perform the relay service.
  • the authorization result of the UE2 may include the application of the ProSe service to the UE2 and the result of the UE2 being authorized to perform the relay service.
  • the authorization result of the UE2 may include the result that the UE2 applies the ProSe service and the UE2 is not authorized to perform the relay service.
  • the UE2 being authorized to perform the relay service can also be understood as: the UE2 can be authorized to perform the relay function; alternatively, the UE2 can be the relay node of the remote UE. And the UE2 is authorized to perform the relay service, which may also indicate that the UE2 applies the ProSe service.
  • the RAN may determine whether the UE2 is authorized to perform the relay service according to stored information, and the stored information includes the identification information of the UE2 and the authorization result of the UE2.
  • the authorization result of the UE2 may be sent by AMF2 to the RAN voluntarily, so that the RAN saves it.
  • the authorization result of the UE2 may also be stored by the RAN by requesting the AMF2 to send the authorization result by the RAN.
  • the RAN may also request the authorization result from AMF2 after receiving the second message.
  • the details can be as follows:
  • the RAN sends a third message to AMF2, the third message includes the identification information of UE2, and the third message is used to request the authorization result of UE2.
  • the AMF2 receives the third message.
  • the AMF2 sends a response message of the third message to the RAN.
  • the RAN receives the response message of the third message sent by the AMF2.
  • the embodiment of the present application does not limit how the RAN determines AMF2.
  • the temporary identity of UE2 includes the address of AMF2, or the RAN can determine AMF2 according to the network information in the identity information of UE2.
  • the AMF2 after the AMF2 receives the third message for requesting the authorization result of the UE2, it can send the authorization result of the UE2 to the RAN.
  • the response message of the third message may include the authorization result of the UE2.
  • the response message of the third message may also include the identification information of UE2.
  • Step 3031) and step 3032) may be the third message sent by the RAN to the AMF2 to determine the authorization result of the UE2 after the RAN receives the first message of the UE2.
  • the response message of the third message may also include rejection information, and the rejection information may be used to indicate that UE1 is denied access to the network through UE2.
  • the response message of the third message may also include a rejection type, and the rejection type is used to indicate that the UE2 is not authorized to perform a relay function. Further, in the case that the RAN determines that the UE2 is not authorized to perform the relay service according to the identification information of the UE2, the RAN may discard the first message.
  • the method shown in step 3031) and step 3032) may also be a third message sent by the RAN to the AMF2 in order to determine the authorization result of the UE2 before receiving the first message.
  • the RAN can save the authorization result of UE2 after receiving the authorization result of UE2. Therefore, after receiving the first message, the authorization result of the UE2 can be sent to the AMF1.
  • the third message can be a message from UE2; alternatively, it can be a message sent by UE2 to the RAN, and then sent to the AMF2 through the RAN; or, it can also be sent by UE1 to UE2, and then UE2 through RAN Message sent to this AMF2. It can be understood that by including the identification information of the UE2, the AMF2 can clearly know the UE (such as UE2) requesting authorization of the relay service.
  • the third message may be understood as: the third message is used to request authorization for the relay service of UE2.
  • the third message can be applied to the following scenario: UE1 notifies UE2 to request access to the network, and UE2 requests AMF2 to authorize its own relay service.
  • the method shown in the embodiment of the present application may further include: 3033) the AMF2 verifies the UE2 to determine the authorization result of the UE2.
  • the AMF2 may determine the authorization result of the UE2 according to the subscription information of the UE2. For example, the AMF2 may obtain the subscription information of the UE2 from UDM, or the AMF2 may also obtain the subscription information of the UE2 from the ProSe function. Alternatively, the AMF2 sends a message for requesting the authorization result of UE2 to the proximity service function; after receiving the message, the proximity service function stores UE2 subscription information in UDM or unified data repository (UDR), etc. The entity requests subscription information.
  • the contract information can be issued by the operator's network and stored in the UDM or short-distance service function.
  • the AMF2 may also obtain third indication information from the UDM or the short-distance service function, and the third indication information is used to indicate the authorization result of the UE2. That is, the third indication information may be used to indicate whether the UE2 is authorized to perform the ProSe service and/or whether it is authorized to perform the relay function of the ProSe service.
  • AMF1 sends a response message of the second message to the RAN.
  • the RAN receives the response message of the second message sent by the AMF1.
  • the second message may include the authorization result of UE2, and may also include part or all of the information in the first message.
  • the second message may also include part or all of the information in the fourth message.
  • UE2 after UE2 receives the fourth message, it can encapsulate the fourth message in the first message; thereby sending the first message to the RAN, the RAN receives the first message, and encapsulates the first message in the second message ; Then send the second message to AMF1.
  • UE2 receives the fourth message, and encapsulates the non-access stratum request in the fourth message in the first message, thereby sending the first message to the RAN.
  • the RAN receives the first message, and encapsulates the identification information of the UE2 in the first message in the first message, thereby sending the second message to AMF1. It can be understood that the embodiment of the present application does not limit the manner in which the message is generated. For another example, if the RAN receives a first message, and the first message includes the first indication information, the RAN may encapsulate the first indication information in a second message, so as to send the second message to AMF1. By including the first indication information in the second message, the AMF1 can receive the first indication information and verify the relay service of the UE2.
  • the response message of the second message includes a non-access stratum (NAS) message sent to UE1.
  • the NAS message may be used to respond to the NAS request included in the fourth message.
  • the NAS message may also have integrity protection, that is, it can be a NAS message after NAS activation, or a NAS security mode instruction message, and so on. By performing integrity protection on the NAS, other attackers can be prevented from modifying the content in the response message of the second message.
  • the response message of the second message may be used to indicate that AMF1 has processed the NAS request sent by UE1 to UE2.
  • the response message of the second message includes a NAS message
  • it may also indicate that AMF1 has processed the NAS request sent by UE1, which indicates that AMF1 authorizes UE1 to access the network through UE2.
  • AMF1 informs UE1 that the UE2 it accesses is authorized to use the ProSe service and/or relay function by sending a NAS message carrying the authorization result of UE2 to UE1.
  • the response message of the second message may also include the authorization result of UE1.
  • AMF1 after AMF1 receives the second message, it can also verify the relay service of UE2. If the check is passed, AMF1 sends a response message of the second message to the RAN. The response message of the second message is used to indicate that UE1 is allowed to access the network through UE2. If the check fails, AMF2 may discard the second message; or, the response message of the second message may be used to indicate that UE1 is denied access to the network.
  • the method for the AMF1 to verify the relay service of the UE2 such as: the AMF1 judges whether the identification information of the UE2 included in the message for requesting access to the network is consistent with the identification information of the UE2 included in the second message ; If they are consistent; AMF1 can determine that UE1 can access the network through UE2; if they are not consistent, AMF1 can determine that the relay UE requested by UE1 and the relay UE authorized by the RAN are not the same UE, then the AMF1 can discard the second news.
  • the response message of the second message may include rejection information or rejection reason, and so on.
  • the RAN sends a response message of the first message to UE2, where the response message of the first message is used to indicate that UE1 is allowed to access the network through UE2.
  • the UE2 receives the response message of the first message.
  • the response message of the first message may include the authorization result of UE1. If UE1 is not authorized to perform remote UE functions and/or short-distance communication service functions, UE2 can reject UE1's access, disconnect the connection or send a rejection message to UE1.
  • the rejection message may also include a rejection identifier, which is used to indicate that the UE1 is not authorized to perform the function of the remote UE and/or the short-distance communication service function.
  • the response message of the first message may be the response message of the second message of AMF1 forwarded by the RAN.
  • the response message of the first message may also include the authorization result of UE2.
  • the response message of the first message may include part or all of the information in the response message of the second message, part or all of the information in the second message, part or all of the information in the first message, and part of the fourth message. Or any one or more of all the information.
  • the response message of the first message refer to the description of the response message of the fourth message or the second message for analogy, which will not be repeated here.
  • the method shown in FIG. 3 may further include:
  • UE2 sends a response message of the fourth message to UE1.
  • the UE1 receives the response message of the fourth message.
  • the response message of the fourth message may include the authorization result of UE2, part or all of the information in the response message of the first message, part or all of the information in the response message of the second message, and part of the second message. Or any one or more of all the information, part or all of the information in the first message, and part or all of the information in the fourth message.
  • the response message of the fourth message refer to the description of the response message of the second message for analogy, which will not be repeated here.
  • the response message of the fourth message may include a non-access stratum (NAS) message sent by AMF1 to UE1, and the NAS message includes information indicating whether UE2 is authorized to perform the relay function. Through the indication information, the UE1 can determine whether the accessing UE2 is authorized.
  • NAS non-access stratum
  • step 303 can be replaced with:
  • the RAN sends a fifth message to AMF2, the fifth message is used to request the authorization result of UE2, and the fifth message includes the address of AMF1 and identification information of UE2.
  • the AMF2 receives the fifth message.
  • AMF2 sends a response message of the fifth message to AMF1, and the response message of the fifth message includes the authorization result of UE2 and the identification information of UE2.
  • AMF1 receives the response message of the fifth message.
  • the AMF2 can determine the authorization result of the UE2 according to the identification information of the UE2.
  • the address of AMF1 included in the fifth message can be used to instruct AMF2 to send the authorization result of UE2 to AMF1.
  • the RAN can determine the address of AMF2 according to the identification information of UE2, and determine the address of AMF1 according to the identification information of UE1. Therefore, by sending the address of AMF1 to AMF2, AMF2 can directly send the authorization result of UE2 to AMF1. It is understandable that AMF2 may directly send a response message of the fifth message to AMF1, and may also send a response message of the fifth message to AMF1 through other network elements.
  • the RAN determines that UE2 is authorized to perform the relay service, and then sends a second message including the authorization result of UE2 to AMF1, so that the AMF1 can be based on the UE2's authorization result.
  • the authorization result allows UE1 to access the network through UE2.
  • Implementing the embodiments of this application can enable AMF1 to obtain the authorization result of UE2, thereby allowing UE1 to access the network through UE2 in time.
  • FIG. 4 is a schematic diagram of a scenario of a method for determining an authorization result provided by an embodiment of the present application. As shown in Figure 4, the method includes:
  • UE2 accesses AMF2 through RAN, completes the network registration process, and accesses the operator network.
  • UE1 accesses AMF1 through RAN, completes the network registration process, and accesses the operator network.
  • the UE2 determines whether the UE2 applies the ProSe service through the AMF2 or the ProSe function. And the UE1 determines whether the UE1 is applicable to the ProSe service through the AMF1 or the ProSe function.
  • AMF2 may obtain UE2's subscription information from UDM, and determine whether the UE2 can use the ProSe service according to the UE2's subscription information, and/or determine whether the UE2 can perform the relay service.
  • AMF2 may obtain UE2's subscription information and so on from the short-distance service function.
  • the above step 403 may also be implemented when the UE2 accesses the AMF2 and performs the registration procedure.
  • AMF2 can obtain the subscription information of UE2 from the UDM or short-range service function according to the request of UE2 to determine whether the UE2 can be authorized to perform the ProSe service, or to determine whether the UE2 is authorized to perform the service Following the business. Then obtain the authorization result of the UE2.
  • the AMF2 can also save the authorization result of the UE2, such as saving the UE2 ID and the authorization result of the UE2, or save the relay ID of the UE2 and the authorization result of the UE2.
  • the AMF1 may also obtain the subscription information of the UE1 from the UDM or the short-distance service function according to the registration request of the UE1. Therefore, the AMF1 determines whether the UE1 can use the ProSe service, and/or determines whether the UE1 can perform the service of the remote UE, and then obtains the authorization result of the UE1. And the AMF1 can also save the authorization result of the UE1, such as saving the UE1 ID and the authorization result of the UE1, or saving the remote ID of the UE1 and the authorization result of the UE1.
  • UE1 executes the discovery process.
  • UE1 performs the discovery process, which can be understood as: UE1 discovers that it can access the network through UE2. Alternatively, it can also be understood as: UE1 finds that the distance to UE2 is closer than the distance to the base station. For example, UE1 may determine that UE2 is a relay UE by receiving a broadcast message of UE2.
  • UE1 sends an indirect communication request to UE2, where the indirect communication request includes UE1 ID and/or remote ID.
  • the UE2 receives the indirect communication request.
  • the UE2 sends a relay service request (relay UE service request) to the AMF2 through the RAN.
  • the relay service request includes the UE2 ID and/or the UE2 relay ID.
  • AMF2 receives the relay service request.
  • the relay service request may also include the ID of UE1 and/or the remote ID of UE1.
  • relay service request in step 406 can be understood as the third message in step 3031) shown in FIG. 3.
  • AMF2 checks UE2 to determine the authorization result of UE2.
  • the AMF2 can verify whether the UE2 is authorized to perform the relay function; or, the AMF2 can also verify whether the UE2 is authorized to perform the relay service function of the remote UE through the relay UE.
  • AMF2 may determine the authorization result of UE2 according to locally stored information.
  • the AMF2 may obtain the authorization result of the UE2 from the UDM or the short-distance service function.
  • AMF2 sends an NG interface application protocol (NG application protocol, NGAP) message to the RAN, where the NGAP message includes proximity authorization indication (ProSe authorized) information.
  • NGAP NG interface application protocol
  • the RAN receives the NGAP message and saves the short-range authorization instruction.
  • the short-range authorization indication information is used to indicate that the UE2 non-access communication request is authorized.
  • the NGAP message may also include authorization success indication information, which is used to indicate that the UE2 is authorized to perform the relay function; or used to indicate that the remote UE is authorized to perform the relay service through the relay UE.
  • the NGAP message may also include UE2's ID and/or UE2's relay ID.
  • the NGAP message may also include the ID of UE1 and/or the remote ID of UE1.
  • the RAN may also store the UE2 ID and/or the relay ID of UE2, as well as the UE1 ID and/or the remote ID of UE1.
  • NGAP message in step 408 can be understood as a response message to the third message shown in FIG. 3.
  • the RAN sends a radio resource control (radio resource control, RRC) message to UE2.
  • RRC radio resource control
  • the RRC message includes short-range authorization indication information.
  • the UE2 receives the RRC message.
  • UE2 sends a response message to UE1.
  • response message is used to indicate that UE2 is allowed to use the indirect communication service.
  • the above steps 405-410 can be understood as the following scenario: if the UE1 informs the UE2 to request access to the network, the UE2 requests the AMF2 to authorize its own relay service.
  • the method shown in FIG. 4 may not include steps 406-409 and may not be done.
  • the UE2 may also send the identification information of the UE1 to the AMF1 through the RAN.
  • the AMF1 can determine whether the UE1 is authorized to use the short-range communication service and/or the remote service (that is, the function of the remote UE) according to the identification information of the UE1.
  • the authorization result of UE1 is sent to UE2. If the verification is successful, UE2 continues to perform; otherwise, UE2 interrupts the process or sends a rejection message to UE1.
  • the rejection message may also include a rejection indication, indicating that the UE1 is not authorized to use the near field communication service and/or the function of the remote UE.
  • UE1 sends a remote UE non-access request (remote UE NAS request) to UE2, where the remote UE non-access request includes UE1 ID and/or UE1's remote ID.
  • UE2 receives the remote UE non-access request.
  • the remote UE non-access request may also include UE2's ID and/or UE2's relay ID.
  • the UE2 ID and/or the relay ID of UE2 may be obtained by UE1 in step 404; or may be obtained in step 410, and so on.
  • the UE2 can also check whether it is in the same PLMN service network as the UE1; if it is not in the same PLMN service network, the process is interrupted or a rejection message is sent to UE1.
  • the rejection message may also include a rejection indication, indicating that UE1 and UE2 belong to different PLMN service networks.
  • the verification method here can be determined by the service network identifier carried in the identifier of UE1 or the service network identifier separately sent by UE1 to UE2 to compare whether it is the same as the service network accessed by UE2.
  • the remote UE non-access request can be understood as the fourth message in step 301 shown in FIG. 3.
  • UE2 sends an uplink RRC message to the RAN, where the uplink RRC message includes a non-access request.
  • the RAN receives the uplink RRC message.
  • uplink RRC message can be understood as the first message in step 301 shown in FIG. 3.
  • the RAN determines that UE2 is authorized to perform the relay service.
  • the method for the RAN to determine that the UE2 is authorized to perform the relay service can be determined according to the authorization result and the identification information saved by the RAN in step 408, for example.
  • the RAN sends an NGAP message to AMF1, where the NGAP message includes the authorization result of UE2 and the ID of UE2; or, the NGAP message includes the authorization result of UE2 and the relay ID of UE2.
  • the NGAP message also includes a non-access request.
  • the NGAP message can be understood as the second message in step 303 shown in FIG. 3.
  • AMF1 determines that UE2 is authorized to perform the relay service. For a specific authorization verification method, refer to the embodiment in FIG. 3.
  • AMF1 determines whether the UE2 ID in the NGAP message sent by the RAN is consistent with the UE2 ID in the remote UE non-access request sent by UE1; if they are the same, it is determined that the authorization of UE2 is successful; if they are inconsistent, UE1 is denied access Network request.
  • the AMF1 may also discard the NGAP message and so on.
  • AMF1 sends a downlink NAS message to UE1 through RAN and UE2, where the downlink NAS message is used to instruct UE1 to access the network through UE2 or to authorize UE2 to perform a relay service.
  • the downlink NAS message can be understood as a response message to the second message in step 304 shown in FIG. 3.
  • the downlink NAS message may be understood as the response message of the first message in step 305 shown in FIG. 3; or the response message of the fourth message in step 306.
  • the downlink NAS message also includes the UE2 ID and/or relay ID.
  • the UE1 determines the authorization to access the network according to the downlink NAS message.
  • the UE1 may also determine whether the relay ID of the UE2 in the downlink NAS message is consistent with the ID of the relay UE discovered in the discovery process. If they are consistent, it is determined to access the network; if they are inconsistent, the UE1 The process of accessing the network can also be interrupted; or another relay UE can be reselected to access the network.
  • the transfer of the authorization information of the UE2 is completed by the base station, which avoids the transfer of authorization parameters between AMFs and reduces the impact between AMFs.
  • steps 413-415 above can also be replaced with:
  • the RAN forwards the uplink RRC message sent by UE2 to AMF1.
  • the AMF1 receives the uplink RRC message.
  • AMF1 sends a request message to AMF2, and the request message is used to request the authorization result of UE2.
  • the AMF2 receives the request message.
  • the request message carries UE2 ID and/or relay ID.
  • the AMF1 may determine the address of the AMF2 according to the UE2 ID and/or the relay ID of the UE2 included in the uplink RRC message.
  • the AMF2 can determine whether the UE2 is authorized to perform the relay service according to the UE2 ID and/or the relay ID of the UE2. In the case that the AMF2 determines that the UE2 is authorized to perform the relay service, the AMF2 performs step 425).
  • AMF2 sends a response message of the request message to AMF1.
  • the AMF1 receives the response message of the request message.
  • the AMF1 determines that the UE2 is authorized to perform the relay service according to the response message of the request message.
  • steps 413-415 above can also be replaced with:
  • the RAN forwards the uplink RRC message sent by UE2 to AMF1.
  • the AMF1 receives the uplink RRC message.
  • AMF1 sends a request message to UDM or the short-distance service function, and the request message is used to request the authorization result of UE2.
  • the UDM or short-distance service function receives the request message.
  • the request message carries UE2 ID and/or relay ID.
  • the UDM or short-distance service function sends a response message of the request message to AMF1.
  • the AMF1 receives the response message of the request message.
  • the AMF1 determines that the UE2 is authorized to perform the relay service according to the response message of the request message.
  • the data transfer is completed through the interface between AMFs, which avoids the transfer of authorization parameters and the like through the base station.
  • the method shown in the embodiment of this application uses AMF2 as an example to verify whether UE2 is authorized to perform relay services or short-distance service functions; or AMF1 as an example to verify whether UE1 is authorized to perform remote services or short-distance services service function.
  • the above method may also be executed by SMF.
  • SMF1 Take SMF1 as an example to describe: Here, UE1 accesses SMF1 through UE2, RAN and AMF1. At this time, SMF1 checks whether UE2 can use the relay function. The specific method is as follows: AMF1 sends the authorization result of UE2 to SMF1; or, SMF1 is determined according to the identification information of UE2 (the specific confirmation method is the same as that determined by AMF2 according to the identification information of UE2); or SMF1 requests AMF2 and obtains it from AMF2. If SMF1 successfully verifies UE2, it sends a verification success indication to AMF1, and then AMF1 continues to execute other processes without restriction.
  • AMF1 sends the authorization result of UE2 to SMF1; or, SMF1 is determined according to the identification information of UE2 (the specific confirmation method is the same as that determined by AMF2 according to the identification information of UE2); or SMF1 requests AMF2 and obtains it from AMF2. If SMF1 successfully verifies UE2,
  • the embodiment of the present application also includes the following possibility. If the AMF1 successfully verifies the UE2, it may not send the UE2 authorization verification success indication to the RAN, or the UE2, or the UE1. AMF1 can normally perform UE1's business processes, such as UE1 registration, session establishment, and so on. The business process is not interrupted, which means that the authorization verification of UE2 is successful.
  • the embodiment of the present application also includes the following possibility. If the RAN verifies UE2 successfully, the UE2 authorization verification success indication may not be sent to UE2 or UE1.
  • the RAN can normally perform UE1's service procedures, such as UE1 registration, session establishment, and so on.
  • the business process is not interrupted, which means that the authorization verification of UE2 is successful.
  • FIG. 5 is a schematic structural diagram of a communication device provided by an embodiment of the present application.
  • the wireless communication device can be used to execute the method for determining the authorization result provided in this application. As shown in Figure 5,
  • the transceiver unit 501 is configured to receive a first message sent by a second terminal device, where the first message is used to instruct the first terminal device to request access to the network through the second terminal device, and the first message includes the second terminal device ’S identification information;
  • the processing unit 502 is configured to determine the authorization result of the second terminal device according to the identification information of the second terminal device;
  • the transceiver unit 501 is further configured to send a second message to the first core network device, the second message including the authorization result of the second terminal device; and also to receive a second message sent by the first core network device Response message.
  • the access network device stores the authorization result of the second terminal device.
  • the transceiver unit 501 is further configured to send a third message to the second core network device, the third message includes the identification information of the second terminal device, and the third message is used to request The authorization result of the second terminal device;
  • the transceiver unit 501 is further configured to receive a response message of the third message sent by the second core network device;
  • the processing unit 502 is also used to save the authorization result of the second terminal device.
  • the identification information of the second terminal device includes the relay identification of the second terminal device.
  • the transceiving unit 501 is further configured to send a response message of the first message to the second terminal device, and the response message of the first message is used to indicate that the first terminal device is allowed to pass through the second terminal device.
  • the terminal equipment is connected to the network.
  • the response message of the first message includes the authorization result of the second terminal device.
  • the processing unit 502 may be implemented by one or more processors, and the transceiver unit 501 may be implemented by a transceiver.
  • the processing unit 502 can be implemented by one or more processing circuits, and the transceiver unit 501 can be implemented by an interface circuit (or an input/output interface, a communication interface, an interface, etc.).
  • FIG. 6 is a schematic structural diagram of a communication system provided by an embodiment of the present application.
  • the communication system can be used to implement the methods shown in FIG. 3 and FIG. 4.
  • the communication system includes:
  • the first core network device 601 is configured to receive a second message sent by the access network device, where the second message includes the authorization result of the second terminal device;
  • the first core network device 601 is further configured to determine that the second terminal device is authorized to perform the relay service according to the authorization result of the second terminal device;
  • the first core network device 601 is further configured to send a response message of the second message to the access network device.
  • system further includes:
  • the access network device 602 is configured to receive a first message sent by the second terminal device; where the first message is used to instruct the first terminal device to request access to the network through the second terminal device, and the first message includes Identification information of the second terminal device;
  • the access network device 602 is also used to determine that the second terminal device is authorized to perform a relay service, and send the second message to the first core network device.
  • the access network device 602 is further configured to send a third message to the second core network device, the third message includes the identification information of the second terminal device, and the third message is used To request the authorization result of the second terminal device;
  • the second core network device 603 is configured to receive the third message sent by the access network device, and send a response message of the third message to the access network device;
  • the access network device 602 is specifically configured to determine, according to the response message of the third message, that the second terminal device is authorized to perform the relay service.
  • the access network device 602 is also used to send a response message of the first message to the second terminal device, and the response message of the first message is used to instruct the first terminal device to allow passage through The second terminal device accesses the network.
  • the foregoing first core network device may include a processing unit and a transceiving unit, and the transceiving unit may be used to perform a method related to transceiving signals.
  • the transceiver unit may be used to receive a second message sent by an access network device, and send a response message of the second message to the access network device.
  • the processing unit may be configured to determine that the second terminal device is authorized to perform the relay service according to the authorization result of the second terminal device.
  • the processing unit is also used to verify the ProSe service of the first terminal device and so on.
  • the foregoing second core network device may include a processing unit and a transceiving unit.
  • the transceiver unit may be used to receive the third message sent by the access network device.
  • the transceiver unit is also configured to send a response message of the third message to the access network device.
  • the processing unit may be used to verify the terminal device and determine the authorization result of the second terminal device.
  • FIG. 7 is a schematic structural diagram of a communication device provided by an embodiment of the present application.
  • the communication device may be used as an access network device. In another embodiment, the communication device may be used as the first core network device. In another embodiment, the communication device can be used as a second core network device.
  • the specific implementation of the communication device can refer to the methods shown in FIG. 3 and FIG. 4.
  • the device 70 includes at least one processor 720 for implementing the implementation of this application.
  • the processing unit of the first core network device or the second core network device (not shown in the drawings) is implemented by a processor, and the transceiver unit is implemented by a transceiver, as shown in FIG. 7, the apparatus 70 includes at least one processing unit.
  • the device 720 is configured to implement the function of the first core network device or the second core network device in the method provided in the embodiment of the present application.
  • the device 70 may also include a transceiver 710.
  • the transceiver can be used to communicate with other devices through the transmission medium.
  • the processor 720 uses the transceiver 710 to send and receive data (such as sending and receiving messages, etc.), and is used to implement the method described in the foregoing method embodiment.
  • the device 70 may further include at least one memory 730 for storing program instructions and/or data.
  • the memory 730 and the processor 720 are coupled.
  • the coupling in the embodiments of the present application is an indirect coupling or communication connection between devices, units or modules, and may be in electrical, mechanical or other forms, and is used for information exchange between devices, units or modules.
  • the processor 720 may operate in cooperation with the memory 730.
  • the processor 720 may execute program instructions stored in the memory 730.
  • connection medium between the above-mentioned transceiver 710, the processor 720, and the memory 730 is not limited in the embodiment of the present application.
  • the memory 730, the processor 720, and the transceiver 710 are connected by a bus 740 in FIG. 7, and the bus is represented by a thick line in FIG. 7.
  • the connection mode between other components is only for schematic illustration. , Is not limited.
  • the bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, only one thick line is used in FIG. 7, but it does not mean that there is only one bus or one type of bus.
  • the processor may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, which may implement or Perform the methods, steps, and logic block diagrams disclosed in the embodiments of the present application.
  • the general-purpose processor may be a microprocessor or any conventional processor or the like.
  • the steps of the method disclosed in combination with the embodiments of the present application may be directly embodied as execution and completion by a hardware processor, or execution and completion by a combination of hardware and software modules in the processor.
  • the memory in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory.
  • the non-volatile memory can be read-only memory (ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), and electrically available Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
  • the volatile memory may be random access memory (RAM), which is used as an external cache.
  • RAM random access memory
  • static random access memory static random access memory
  • dynamic RAM dynamic RAM
  • DRAM dynamic random access memory
  • synchronous dynamic random access memory synchronous DRAM, SDRAM
  • double data rate synchronous dynamic random access memory double data rate SDRAM, DDR SDRAM
  • enhanced synchronous dynamic random access memory enhanced SDRAM, ESDRAM
  • synchronous connection dynamic random access memory serial DRAM, SLDRAM
  • direct rambus RAM direct rambus RAM
  • the present application also provides a computer program product, the computer program product includes: computer program code, when the computer program code runs on a computer, the computer executes FIG. 3 and/or FIG. 4 shows the method in the embodiment.
  • the present application also provides a computer-readable medium that stores program code, and when the program code runs on a computer, the computer executes FIG. 3 and/or FIG. 4 shows the method in the embodiment.
  • the present application also provides a computer program that can be used to execute the method in the embodiment shown in FIG. 3 and/or FIG. 4.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website, computer, server, or data center.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a high-density digital video disc (digital video disc, DVD)), or a semiconductor medium (for example, a solid state disk (solid state disc, SSD)) etc.
  • component used in this specification are used to denote computer-related entities, hardware, firmware, a combination of hardware and software, software, or software in execution.
  • the component may be, but is not limited to, a process, a processor, an object, an executable file, an execution thread, a program, and/or a computer running on a processor.
  • the application running on the computing device and the computing device can be components.
  • One or more components may reside in processes and/or threads of execution, and components may be located on one computer and/or distributed between two or more computers.
  • these components can be executed from various computer readable media having various data structures stored thereon.
  • the component can be based on, for example, a signal having one or more data packets (e.g. data from two components interacting with another component in a local system, a distributed system, and/or a network, such as the Internet that interacts with other systems through a signal) Communicate through local and/or remote processes.
  • a signal having one or more data packets (e.g. data from two components interacting with another component in a local system, a distributed system, and/or a network, such as the Internet that interacts with other systems through a signal) Communicate through local and/or remote processes.
  • this application also includes methods for authorizing UE1 to allow access to certain slices and/or sessions through relay UE2 .
  • FIG. 8 is a schematic diagram of a scenario of another authorization result determination method provided by this application. As shown in Figure 8, the method includes:
  • UE2 accesses AMF2 through RAN, completes the network registration process, and accesses the operator's network.
  • AMF2 stores UE2's subscription information. This subscription information is received from UDM when AMF2 sends a subscription data acquisition request to UDM during UE2 registration.
  • the UE2 subscription information includes the slice information that the UE2 is allowed to access; or the UE2 subscription information includes the slice information for which the UE2 is allowed to provide the service of the relay function.
  • the slice information here can be a slice identifier, or network slice selection assistance information (NSSAI), or single network slice selection assistance information (S-NSSAI), S-NSSAI, etc. Information or identification of the slice.
  • NSSAI network slice selection assistance information
  • S-NSSAI single network slice selection assistance information
  • Mode 1 is that UE2 broadcasts information.
  • UE1 uses the broadcast information of UE2 to determine to use the relay service provided by UE2, and then access UE2.
  • Mode 2 is that UE1 sends broadcast information to broadcast that it wants to use the relay service, and UE2 determines that it can provide the relay service for UE1, and then responds to UE1's broadcast information.
  • the method shown in FIG. 8 may further include step 801 and step 802.
  • UE2 serves as a relay to send broadcast information, where the broadcast information includes slice information 2 or the code of slice information 2.
  • Slice information 2 is used to indicate which slices UE2 can provide relay services for as a relay.
  • the coding of slice information 2 can also be broadcast here; but the receiver UE1 can determine the corresponding slice information 2 according to the coding of slice information 2.
  • the slice information 2 or the code of slice information 2 may also be carried in the relay service code of the broadcast message for transmission.
  • UE1 receives the broadcast information sent by UE2, and determines that it wants to access slice information 2 or the slice service corresponding to the code of slice information 2 through UE2, then UE1 sends SUCI1 and slice information 1 to UE2, where slice information 1 is UE1 hopes to pass.
  • the slice information corresponding to the accessed slice service can be sent to UE2 through a PC5 communication request.
  • the UE1 may determine the slice information 2 according to the encoding of the slice information 2.
  • the UE1 may preset a list of slice information 2 corresponding to the encoding of the slice information 2, or during the registration process, receive this list from the UDM through the AMF network element, and then determine the slice information 2.
  • the slice corresponding to the slice information 2 or the encoding of the slice information 2 may be the same as the slice corresponding to the slice information 1, or include the slice corresponding to the slice information 1.
  • slice information 2 includes 5 S-NSSAIs
  • slice information 1 is 1 of the above 5 S-NSSAIs.
  • step 801 is optional.
  • UE1 sends PC5 communication request information, which includes slice information 1 and SUCI1.
  • slice information 1 is slice information corresponding to the slice service that UE1 wants to access through the relay.
  • the UE2 determines that it can provide the relay service for the slice information 1 for the UE1, and then continues.
  • Optionally send a response that can provide a relay service to UE1.
  • UE2 sends a relay service request to AMF2, which includes SUCI1 and slice information 1, where SUCI1 and slice information 1 are information corresponding to remote UE1.
  • UE2 determines whether to provide a relay service for the slice corresponding to slice information 1.
  • UE2 may save the slice information configured to UE2 by the network to allow UE2 to provide relay services. According to the saved slice information, UE2 can determine whether to provide a relay service for slice information 1 sent by UE1. If the service can be provided, continue execution; otherwise, send a rejection message to UE1.
  • UE2 also sends a relay indication 1 to tell AMF2 that this service request is a relay service request.
  • the foregoing relay service request is a special request message type that can be used to instruct UE2 to perform a message sent by the relay function.
  • SUCI1 and slice information 1 can be placed in a special container and sent to AMF2.
  • This container is used to indicate that it is the container sent by the UE2 performing the relay function, which includes the SUCI1 and slice information 1 of the remote UE1.
  • AMF2 can be the AMF2 that saves UE2's subscription information in step 800; or a new AMF, but can request the AMF2 that saves UE2's subscription information, and obtain UE2's subscription information.
  • AMF2 is used here.
  • the AMF2 determines according to the relay indication 1 that the message 803 is a message sent by the UE2 performing the relay function; then the following verification in step 804 is triggered.
  • step 804 can also be replaced with: AMF2 determines according to the message type of the relay service request that it is a message sent by UE2 performing the relay function; then the following verification is triggered.
  • step 804 can also be replaced with: AMF2 determines according to a special container that it is the container sent by UE2 performing the relay function; then the following verification is triggered.
  • AMF2 determines whether UE2 can provide a relay service for slice information 1 according to UE2's subscription information. Specifically, AMF2 determines whether slice information 1 is one of the slice information that UE2 is allowed to access in the subscription information of UE2; and/or one of slice information that allows UE2 to serve as a relay function in the UE2 subscription information. If the slice information 1 meets the above-mentioned first checksum/or the second check, AMF2 continues to execute; otherwise, AMF2 sends a rejection message to UE2.
  • the optional rejection message carries a rejection indication, which is used to indicate that UE2 is not allowed to provide a relay service for slice information 1.
  • UE2 After UE2 receives the rejection message sent by AMF2, it sends a PC5 communication rejection message to UE1, rejecting UE1 to use the relay function of UE2.
  • the optional rejection message carries a rejection indication, which is used to indicate that UE2 cannot provide a relay service for slice information 1.
  • AMF2 continues to execute. AMF sends an authentication request to AUSF, which includes SUCI1.
  • AUSF obtains the authentication vector of SUCI1 corresponding to UE1 and SUPI1 (ie, SUPI of UE1) from UDM, which is the identifier of UE1 corresponding to SUPI1 after SUPI1 is decrypted by SUCI1.
  • AUSF and UE1 perform authentication through UE2, RAN and AMF2.
  • AUSF After the authentication is successful, AUSF sends an authentication response to AMF2, which carries SUPI1.
  • the authentication methods shown in steps 805-807 provided in the embodiments of the present application are not limited.
  • the authentication method may be executed according to the current 5G authentication process. Or, it can be implemented in accordance with relevant standards or agreements.
  • AMF2 sends a subscription data acquisition request, which carries SUPI1.
  • SUPI2 can also be carried.
  • SUPI2 may be the permanent identifier of UE2 saved by AMF2 in step 800.
  • AMF2 can also send slice information 1.
  • AMF2 may also send a relay service indication 2 indicating that this is a request for subscription information corresponding to the remote UE1, that is, the subscription information corresponding to SUPI1; or indicating that this is a request for performing authorization determination of the remote UE1, such as slice information 1. Whether it is authorized or not.
  • UDM determines UE1 subscription information according to SUPI1, and sends UE1 subscription information to AMF2 through a subscription data acquisition response message.
  • the UE1 subscription information includes at least one of the slice information that UE1 is allowed to access, the slice information that UE1 is allowed to access as a remote UE, whether it is allowed to use remote UE services, and whether the slice information to which it belongs needs to perform slice authentication.
  • the UDM receives the relay service indication 2 and SUPI2, and determines according to the relay service indication 2 that this is a request for subscription information corresponding to the remote UE1, that is, the subscription information corresponding to SUPI1; or indicates that this is to perform the authorization of the remote UE1 Determine the request, and then determine whether the UE corresponding to SUPI2 (such as UE2) is allowed to perform the relay function. This can be determined based on the contract information corresponding to SUPI2. If the relay function is allowed, the subscription information of UE1 is determined according to SUPI1.
  • the UDM receives the relay service indication 2 and determines that this is the subscription information corresponding to the remote UE1 requested by the AMF2, that is, the subscription information corresponding to the SUPI1; then the UE1 subscription information is determined.
  • the UDM receives the relay service indication 2 and determines that this is the authorization determination request of the remote UE1, such as the authorization determination of the slice information 1.
  • the UE1 subscription information is first determined according to SUPI1, and then the UDM determines whether the slice information 1 is UE1 One of the slice information that the UE1 is allowed to access in the subscription information; determine whether the slice information 1 is one of the slice information that the UE accesses as a remote UE; or determine whether the UE1 is allowed to use the remote UE service. If at least one of the above judgments is passed, an indication that the authorization judgment is successful is sent to AMF2, and AMF executes step 811. Otherwise, UDM sends an indication of authorization failure to AMF2.
  • AMF2 can send a rejection message to UE2.
  • the optional rejection message carries a rejection indication, which is used to indicate that the UE1 is not allowed to access the slice service corresponding to the slice information 1, or the remote UE serves.
  • UE2 After UE2 receives the rejection message sent by AMF2, it sends a PC5 communication rejection message to UE1, rejecting UE1 to use the relay function of UE2.
  • the rejection message carries a rejection indication, which is used to indicate that UE1 is not allowed to access the slice service corresponding to slice information 1.
  • UDM optionally does not need to send UE1 subscription information to AMF2.
  • the method shown in FIG. 8 may further include step 810 and subsequent steps shown below.
  • AMF2 determines whether slice information 1 is one of the slice information that UE1 is allowed to access in the UE subscription information.
  • the AMF2 may also determine whether the slice information 1 is one of the slice information that the remote end allows the UE to access as UE1;
  • AMF2 determines whether UE1 is allowed to use remote UE services
  • AMF2 After the above AMF2 verification is passed, if all three conditions in the above 810 are passed (if all are yes), and if any one or two conditions in the above 810 are passed, AMF2 continues to execute . Otherwise, AMF2 sends a rejection message to UE2.
  • the optional rejection message carries a rejection indication, which is used to indicate that the UE1 is not allowed to access the slice service corresponding to the slice information 1, or the remote UE serves.
  • UE2 After UE2 receives the rejection message sent by AMF2, it sends a PC5 communication rejection message to UE1, rejecting UE1 to use the relay function of UE2.
  • the rejection message carries a rejection indication, which is used to indicate that UE1 is not allowed to access the slice service corresponding to slice information 1.
  • the AMF2 determines whether the service corresponding to the slice information 1 needs to perform slice authentication according to the subscription information of the UE1. If slice authentication needs to be performed, a slice authentication process is triggered, and slice authentication between UE1 and AMF2, network slice specific authentication and authorization (NSSAAF) and AAA is completed. If AMF2 determines that the slice authentication is successful, it continues; otherwise, AMF2 sends a rejection message to UE2.
  • the optional rejection message carries a rejection indication, which is used to indicate that UE1 is not allowed to access the slice service corresponding to slice information 1, or the remote UE serves. After UE2 receives the rejection message sent by AMF2, it sends a PC5 communication rejection message to UE1, rejecting UE1 to use the relay function of UE2.
  • the rejection message carries a rejection indication, which is used to indicate that UE1 is not allowed to access the slice service corresponding to slice information 1.
  • the action of AMF2 to verify UE2 can also be executed in this step.
  • the embodiment of the present application does not limit the sequence of step 804 and step 810.
  • AMF2 sends an authorization result to UE2.
  • the authorization result includes whether UE1 is allowed to access the slice service corresponding to slice information 1 through UE2; or whether UE1 is allowed to use the slice corresponding to slice information 1.
  • the above authorization result may not be sent. If AMF2 does not send a rejection message to UE2, it can also mean that the authorization verification of AMF2 has passed.
  • the authorization result indicates that UE1 is authorized to access the slice service corresponding to slice information 1 through UE2, or is authorized to use the slice service corresponding to slice information 1, continue execution. Otherwise, send a rejection message to UE1.
  • the optional rejection message carries a rejection indication, which is used to indicate that UE1 is not allowed to access the slice service corresponding to slice information 1.
  • UE2 sends a PC5 communication response message to UE1. If UE1 does not receive the PC5 communication rejection message, it means that the slice information 1 of UE1 has passed the verification.
  • the above-mentioned slice information 2 may also be data network name (data network name, DNN) information.
  • DNN information is used to indicate the information of the DNN network that UE1 wants to access through UE2.
  • the authorization check of whether the UE1 is allowed to access the DNN through the relay UE2 is similar to the check of the slice information described above, and will not be repeated.
  • the communication device provided in the embodiment of the present application may also be used to execute the method shown in FIG. 8, which will not be described in detail here.

Abstract

L'invention concerne un procédé et un dispositif pour déterminer un résultat d'autorisation, comprenant les étapes suivantes : un dispositif de réseau d'accès reçoit un premier message transmis par un second équipement terminal, le premier message étant utilisé pour ordonner à un premier équipement terminal de demander l'accès à un réseau par l'intermédiaire du second équipement terminal, et le premier message comprenant des informations d'identification du second équipement terminal ; le dispositif de réseau d'accès détermine un résultat d'autorisation du second équipement terminal sur la base des informations d'identification du second équipement terminal ; le dispositif de réseau d'accès transmet un second message à un dispositif de réseau central, le second message comprenant un résultat d'autorisation du second équipement terminal ; et le dispositif de réseau d'accès reçoit un message de réponse transmis par le premier dispositif de réseau central pour le second message. La mise en œuvre de la présente invention détermine efficacement un service de relais d'un équipement terminal de relais, empêchant ainsi un équipement terminal d'accéder à un réseau par l'intermédiaire d'un équipement terminal de relais non autorisé.
PCT/CN2020/140406 2019-12-31 2020-12-28 Procédé et dispositif pour déterminer un résultat d'autorisation WO2021136211A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911425151.0 2019-12-31
CN201911425151.0A CN113132334B (zh) 2019-12-31 2019-12-31 授权结果的确定方法及装置

Publications (1)

Publication Number Publication Date
WO2021136211A1 true WO2021136211A1 (fr) 2021-07-08

Family

ID=76686492

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/140406 WO2021136211A1 (fr) 2019-12-31 2020-12-28 Procédé et dispositif pour déterminer un résultat d'autorisation

Country Status (2)

Country Link
CN (1) CN113132334B (fr)
WO (1) WO2021136211A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114339753A (zh) * 2021-12-31 2022-04-12 中国电信股份有限公司 通信数据处理方法、系统、电子设备和可读存储介质
WO2023142569A1 (fr) * 2022-01-30 2023-08-03 华为技术有限公司 Procédé et appareil de communication, et support de stockage lisible et système de puce

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115996437A (zh) * 2021-10-20 2023-04-21 华为技术有限公司 中继通信的方法和装置
CN116471640A (zh) * 2022-01-11 2023-07-21 华为技术有限公司 一种通信方法、装置及系统
CN116489625A (zh) * 2022-01-14 2023-07-25 华为技术有限公司 一种通信方法及设备
WO2024065334A1 (fr) * 2022-09-28 2024-04-04 北京小米移动软件有限公司 Procédé, appareil et dispositif de génération de jeton d'autorisation d'un équipement d'utilisateur (ue), et support de stockage

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015005900A1 (fr) * 2013-07-08 2015-01-15 Nokia Siemens Networks Oy Établissement d'une connexion réseau de données par paquet par l'intermédiaire d'un équipement utilisateur relais
CN106470382A (zh) * 2015-08-14 2017-03-01 中兴通讯股份有限公司 授权验证方法、配置信息接收方法、装置、基站及终端
WO2018126452A1 (fr) * 2017-01-06 2018-07-12 华为技术有限公司 Procédé et dispositif de vérification d'autorisation
WO2018145084A1 (fr) * 2017-02-06 2018-08-09 Intel IP Corporation Équipement d'utilisateur (ue), nœud b évolué (enb) et procédés d'indication de paramètres pour un agencement de relais

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108174380A (zh) * 2016-12-08 2018-06-15 华为技术有限公司 接入网络设备的方法及其终端设备、网络设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015005900A1 (fr) * 2013-07-08 2015-01-15 Nokia Siemens Networks Oy Établissement d'une connexion réseau de données par paquet par l'intermédiaire d'un équipement utilisateur relais
CN106470382A (zh) * 2015-08-14 2017-03-01 中兴通讯股份有限公司 授权验证方法、配置信息接收方法、装置、基站及终端
WO2018126452A1 (fr) * 2017-01-06 2018-07-12 华为技术有限公司 Procédé et dispositif de vérification d'autorisation
WO2018145084A1 (fr) * 2017-02-06 2018-08-09 Intel IP Corporation Équipement d'utilisateur (ue), nœud b évolué (enb) et procédés d'indication de paramètres pour un agencement de relais

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on Architecture Enhancements to ProSe UE-to-Network Relay (Release 15)", 3GPP STANDARD ; TECHNICAL REPORT ; 3GPP TR 23.733, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. V2.0.0, 7 September 2017 (2017-09-07), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, pages 1 - 82, XP051336883 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114339753A (zh) * 2021-12-31 2022-04-12 中国电信股份有限公司 通信数据处理方法、系统、电子设备和可读存储介质
WO2023142569A1 (fr) * 2022-01-30 2023-08-03 华为技术有限公司 Procédé et appareil de communication, et support de stockage lisible et système de puce

Also Published As

Publication number Publication date
CN113132334A (zh) 2021-07-16
CN113132334B (zh) 2022-12-27

Similar Documents

Publication Publication Date Title
US20230016378A1 (en) Pdu session management
WO2021136211A1 (fr) Procédé et dispositif pour déterminer un résultat d'autorisation
US20200296142A1 (en) User Group Establishment Method and Apparatus
US11470674B2 (en) Communication method and communications apparatus
US20230029714A1 (en) Authorization method, policy control function device, and access and mobility management function device
US11729599B2 (en) Communication system
US20230156833A1 (en) Packet Forwarding Method, Apparatus, and System
WO2021197175A1 (fr) Procédé de découverte de serveur d'application et dispositif associé
US20230087407A1 (en) Authentication and authorization method and apparatus
US20220272577A1 (en) Communication method and communication apparatus
WO2022199451A1 (fr) Procédé et appareil de commutation de session
CN116723507B (zh) 针对边缘网络的终端安全方法及装置
WO2023016160A1 (fr) Procédé d'établissement de session et appareil associé
CN113727342A (zh) 网络注册的方法和装置
WO2023087965A1 (fr) Procédé et appareil de communication
WO2023011630A1 (fr) Procédé et appareil de vérification d'autorisation
US20220264435A1 (en) Access control method and communications apparatus
WO2022148469A1 (fr) Procédé, appareil et système de protection de sécurité
WO2021073382A1 (fr) Appareil et procédé d'enregistrement
WO2022021165A1 (fr) Procédé de découverte de relais et terminal
WO2022170798A1 (fr) Procédé de détermination de stratégie et appareil de communication
US20240155325A1 (en) Information obtaining method and apparatus, and system
WO2023072271A1 (fr) Procédé et appareil de gestion d'un contexte de sécurité
WO2022188156A1 (fr) Procédé de communication et appareil de communication
US20220272533A1 (en) Identity authentication method and communications apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20911240

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20911240

Country of ref document: EP

Kind code of ref document: A1