WO2021208857A1 - 接入控制方法及通信设备 - Google Patents
接入控制方法及通信设备 Download PDFInfo
- Publication number
- WO2021208857A1 WO2021208857A1 PCT/CN2021/086626 CN2021086626W WO2021208857A1 WO 2021208857 A1 WO2021208857 A1 WO 2021208857A1 CN 2021086626 W CN2021086626 W CN 2021086626W WO 2021208857 A1 WO2021208857 A1 WO 2021208857A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- npn
- certificate
- information
- access
- network
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 186
- 238000004891 communication Methods 0.000 title claims abstract description 174
- 238000004590 computer program Methods 0.000 claims description 12
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 102000004207 Neuropilin-1 Human genes 0.000 description 73
- 108090000772 Neuropilin-1 Proteins 0.000 description 73
- 102000004213 Neuropilin-2 Human genes 0.000 description 66
- 108090000770 Neuropilin-2 Proteins 0.000 description 66
- 230000008569 process Effects 0.000 description 18
- 101000704557 Homo sapiens Sulfiredoxin-1 Proteins 0.000 description 14
- 102100031797 Sulfiredoxin-1 Human genes 0.000 description 14
- 230000006870 function Effects 0.000 description 14
- 238000007726 management method Methods 0.000 description 7
- 238000013475 authorization Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000013507 mapping Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000013523 data management Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000000047 product Substances 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Definitions
- the embodiments of the present invention relate to the field of wireless communication technologies, and in particular, to an access control method and communication equipment.
- NPN Non-Public Network
- communication network technology can be used for internal businesses such as the enterprise or dedicated to employees in the enterprise.
- Non-public networks are different from public network services provided by operators to public users. Because the deployment range of NPN is small, and the service may be exclusive, therefore, the number of NPNs that the terminal can access is large.
- a terminal needs to have a certificate that can pass the authentication of the network to access a network. It will be a complicated task to configure certificates for all NPNs that can be accessed by the terminal.
- the NPN may not be able to pre-configure a global subscriber identity module (Universal Subscriber Identity Module, USIM) for the terminal like an operator, and store a certificate for accessing the network in the USIM. Therefore, how to effectively implement the certificate configuration and network access control of the terminal is a technical problem to be solved urgently at present.
- USIM Universal Subscriber Identity Module
- the embodiment of the present invention provides an access control method and communication equipment, which are used to solve the problem of how to effectively implement the certificate configuration of the terminal and the network access control.
- the present invention is implemented as follows:
- an embodiment of the present invention provides an access control method applied to a first communication device, including:
- the first information includes at least one of the following: information of the non-public network NPN of the first independent network, index information of the second network, first indication information, second indication information, third indication information, fourth Instruction information, instruction information for requesting certificate download, instruction information for requesting the first access method, type information of the first access method, type information of the certificate download method;
- the information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting the certificate of the first NPN, requesting access to the first NPN through the second certificate, requesting access to the NPN type network Permissions
- the first indication information is used to request the right to access the first NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network;
- the second indication information is used to request the certificate of the first NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network;
- the third indication information is used to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access;
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the certificate of the current access network;
- the second certificate includes a certificate already possessed by the first communication device
- the first access method includes: an access method for accessing the first network in order to download a certificate for accessing the second network; the first network and the second network are the same network or different networks ;
- the type information of the first access mode indicates at least one of the following: the first access mode of the control plane type, and the first access mode of the user plane type;
- the type information of the certificate download method indicates at least one of the following items: a control plane type certificate download method, and a user plane type certificate download method.
- an embodiment of the present invention provides an access control method applied to a second communication device, including:
- the execution of the first operation includes at least one of the following:
- the first server is one of the following: a configuration server that configures a certificate of the second NPN for the terminal, a configuration server that configures a certificate for accessing the NPN for the terminal, and the terminal needs to download the certificate for accessing the NPN The accessed server; the second server is a configuration server that configures a second certificate for the terminal; the second information includes all or part of the information in the first information.
- an embodiment of the present invention provides an access control method, which is applied to a third communication device, and includes:
- the execution of the second operation includes at least one of the following:
- the second certificate includes a certificate already possessed by the terminal
- the second NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN;
- the third NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN;
- the second NPN is the same as or different from the third NPN.
- an embodiment of the present invention provides an access control method, which is applied to a fourth communication device, and includes:
- the third information includes at least one of the certificate information of the second NPN and the update information of the second certificate;
- the second certificate includes the certificate already possessed by the first communication device;
- the second NPN Is one or more NPN;
- the fourth network is one of the following: other networks different from the second NPN, and other networks different from the second network;
- the certificate information of the second NPN includes at least one of the following: a certificate of the second NPN, information of a network allowed to access through the certificate of the second NPN, and permission to access an NPN type network through the second NPN certificate;
- the certificate information of the current access network includes at least one of the following: information of the network that is allowed to access through the certificate of the current access network, indication information that allows access to the requested NPN through the certificate of the current access network, and permission to pass Instruction information for the certificate of the current access network to access the NPN type network;
- the update information of the second certificate includes at least one of the following: information about the network that is allowed to be accessed through the second certificate, the authority to allow access to the NPN type network through the second certificate, and the requested NPN to be accessed through the second certificate.
- an embodiment of the present invention provides a communication device, where the communication device is a first communication device and includes:
- the sending module is used to send the first information
- the first information includes at least one of the following: information of the non-public network NPN of the first independent network, index information of the second network, first indication information, second indication information, third indication information, fourth Instruction information, instruction information for requesting certificate download, instruction information for requesting the first access method, type information of the first access method, type information of the certificate download method;
- the information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting the certificate of the first NPN, requesting access to the first NPN through the second certificate, requesting access to the NPN type network Permissions
- the first indication information is used to request the right to access the first NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network;
- the second indication information is used to request the certificate of the first NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network;
- the third indication information is used to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access;
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the certificate of the current access network;
- the second certificate includes a certificate already possessed by the first communication device
- the first access method includes: an access method for accessing the first network in order to download a certificate for accessing the second network; the first network and the second network are the same network or different networks ;
- the type information of the first access mode indicates at least one of the following: the first access mode of the control plane type, and the first access mode of the user plane type;
- the type information of the certificate download method indicates at least one of the following items: a control plane type certificate download method, and a user plane type certificate download method.
- an embodiment of the present invention provides a communication device, where the communication device is a second communication device, and includes:
- the first obtaining module is used to obtain first information
- the first execution module is configured to execute a first operation according to the first information
- the execution of the first operation includes at least one of the following:
- the first server is one of the following: a configuration server that configures a certificate of the second NPN for the terminal, a configuration server that configures a certificate for accessing the NPN for the terminal, and the terminal needs to download the certificate for accessing the NPN The accessed server; the second server is a configuration server that configures a second certificate for the terminal; the second information includes all or part of the information in the first information.
- an embodiment of the present invention provides a communication device, where the communication device is a third communication device and includes:
- the second acquisition module is used to acquire the first information or the second information
- the second execution module is configured to execute a second operation according to the first information or the second information
- the execution of the second operation includes at least one of the following:
- the second certificate includes a certificate already possessed by the terminal
- the second NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN;
- the third NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN;
- the second NPN is the same as or different from the third NPN.
- an embodiment of the present invention provides a communication device, where the communication device is a fourth communication device and includes:
- the third acquisition module is configured to acquire third information; wherein, the third information includes at least one of the certificate information of the second NPN and the update information of the second certificate; the second certificate includes that the first communication device has Have a certificate; the second NPN is one or more NPNs;
- the third execution module is configured to execute the operation of accessing the second NPN or the fourth network according to the third information
- the fourth network is one of the following: other networks different from the second NPN, and other networks different from the second network;
- the certificate information of the second NPN includes at least one of the following: a certificate of the second NPN, information of a network allowed to access through the certificate of the second NPN, and permission to access an NPN type network through the second NPN certificate;
- the certificate information of the current access network includes at least one of the following: information of the network that is allowed to access through the certificate of the current access network, indication information that allows access to the requested NPN through the certificate of the current access network, and permission to pass Instruction information for the certificate of the current access network to access the NPN type network;
- the update information of the second certificate includes at least one of the following: information about the network that is allowed to be accessed through the second certificate, the authority to allow access to the NPN type network through the second certificate, and the requested NPN to be accessed through the second certificate.
- an embodiment of the present invention provides a communication device, including a processor, a memory, and a computer program stored on the memory and running on the processor, the computer program being executed by the processor
- a communication device including a processor, a memory, and a computer program stored on the memory and running on the processor, the computer program being executed by the processor
- an embodiment of the present invention provides a computer-readable storage medium having a computer program stored on the computer-readable storage medium, and when the computer program is executed by a processor, the access control method provided in the first aspect is implemented Or, implement the steps of the access control method provided by the second aspect, or implement the steps of the access control method provided by the third aspect, or implement the steps of the access control method provided by the fourth aspect.
- the network when requesting the permission to access the NPN, may decide to allocate a certificate corresponding to the NPN or add the access permission of the requested NPN network to the existing certificate of the terminal; when requesting the permission to access multiple NPNs At this time, the network can allocate only one NPN certificate, but can access multiple NPNs through the NPN certificate, or the network can add the requested NPN network access authority to the existing certificate of the terminal. As a result, it is possible to effectively implement the certificate configuration and network access control of the terminal.
- FIG. 1 is a schematic flowchart of an access control method according to an embodiment of the present invention
- FIG. 2 is a schematic flowchart of an access control method according to another embodiment of the present invention.
- FIG. 3 is a schematic flowchart of an access control method according to another embodiment of the present invention.
- FIG. 4 is a schematic flowchart of an access control method according to another embodiment of the present invention.
- Fig. 5 is a schematic flowchart of an access control method according to a specific embodiment of the present invention.
- Fig. 6 is a structural diagram of a communication device provided by the present invention.
- Fig. 7 is a structural diagram of another communication device provided by the present invention.
- Fig. 8 is a structural diagram of another communication device provided by the present invention.
- Fig. 9 is a structural diagram of another communication device provided by the present invention.
- Fig. 10 is a structural diagram of another communication device provided by the present invention.
- words such as “exemplary” or “for example” are used to represent examples, illustrations, or illustrations. Any embodiment or design solution described as “exemplary” or “for example” in the embodiments of the present invention should not be construed as being more preferable or advantageous than other embodiments or design solutions. To be precise, words such as “exemplary” or “for example” are used to present related concepts in a specific manner.
- obtaining can be understood as obtaining from configuration, receiving, receiving after request, obtaining through self-learning, obtaining based on unreceived information, or obtaining after processing based on received information. It is determined according to actual needs, which is not limited in the embodiment of the present invention.
- sending may include broadcasting, which is broadcast in system messages and returns after responding to the request.
- the non-public network is an abbreviation of the non-public network.
- Non-public network can be called one of the following: non-public communication network.
- the non-public network may include at least one of the following deployment modes: a physical non-public network, a virtual non-public network, and a non-public network implemented on the public network.
- the non-public network is a non-independent network (Public Network Integrated, PNI) NPN, which supports a Closed Access Group (CG) in the operator's PLMN (Public Land Mobile Network) network.
- CG Closed Access Group
- a CAG can consist of a group of terminals.
- the non-public network is an independent network NPN (referred to as SNPN for short).
- the network identification of SNPN can be composed of PLMN ID and NID.
- the non-public network service is an abbreviation of the non-public network service.
- Non-public network services can also be referred to as one of the following: non-public network network services, non-public communication services, non-public network communication services, non-public network network services, or other names. It should be noted that the naming method is not specifically limited in the embodiment of the present invention.
- the non-public network is a closed access group, and in this case, the non-public network service is a network service of the closed access group.
- the non-public network may include or be referred to as a private network.
- the private network may be referred to as one of the following: a private communication network, a private network, a local area network (LAN), a private virtual network (PVN), an isolated communication network, a dedicated communication network, or other names. It should be noted that the naming method is not specifically limited in the embodiment of the present invention.
- non-public network services may include or be referred to as private network services.
- Private network service can be called one of the following: private network network service, private communication service, private network service, private network service, local area network (LAN) service, private virtual network (PVN) service, isolated communication network service, Dedicated communication network service, dedicated network service or other naming. It should be noted that the naming method is not specifically limited in the embodiment of the present invention.
- the public network is an abbreviation for public network.
- the public network can be referred to as one of the following: public communication network or other nomenclature. It should be noted that the naming method is not specifically limited in the embodiment of the present invention.
- public network service is an abbreviation of public network service.
- Public network services can also be referred to as one of the following: public network network services, public communication services, public network communication services, public network network services, or other names. It should be noted that the naming method is not specifically limited in the embodiment of the present invention.
- one certificate for accessing the NPN can access multiple NPNs.
- One way is direct access, such as accessing NPN1 through the certificate of NPN1; the other way is indirect access, such as accessing NPN1 through the certificate of NPN2 or PLMN.
- a user terminal User Equipment, UE
- the UE can request the network for the permission to access NPN1.
- the UE already has an NPN2 or PLMN certificate the UE can request additional access to other networks, such as NPN1, or it is up to the network to decide whether to configure the UE with an NPN1 certificate or to increase the authority of the network to which the UE already has certificate access. But this requires the network to provide authorization and/or update the UE's subscription.
- the network does not know which NPN access rights the UE specifically wants to obtain, or the network does not know which networks the UE wants to add to which already have a certificate to be able to access.
- NPN2 When a UE wants to access NPN1 and NPN2, but has not been configured with NPN1 and NPN2 certificates, when the UE requests authorization to access the network or the current network certificate under NPN1, the network currently does not know that the UE except for NPN1 In addition to the access authorization request, there are other NPN (such as NPN2) access authorization requests.
- the certificate configuration server corresponding to different NPNs may be different.
- the network elements in the network such as Access and Mobility Management Function (AMF), after receiving the request of the UE, directly or indirectly obtain the certificate of the UE's access network from the certificate configuration server Configuration. If the UE wants to obtain the NPN certificate or the access authority is different from the currently accessed NPN, the network does not know how to select the configuration server of the NPN certificate for the UE.
- AMF Access and Mobility Management Function
- the UE provides a list of NPN networks that it wants to access when requesting an NPN subscription.
- the network (such as AMF) requests the NPN certificate from the configuration server on behalf of the UE.
- the configuration server can also be selected according to the network list of the NPN that the UE requests to access.
- the certificate configured by the network for the UE includes a list of NPNs that the certificate can access.
- the terminal can directly request the NPN certificate from the configuration service.
- NPN includes but is not limited to one of the following: SNPN (NPN for independent networking), PNI SNPN (Public network integrated NPN)
- PNI SNPN Public network integrated NPN
- the network type of the second network may include but is not limited to one of the following: PLMN, SNPN, NPN (such as SNPN, or PNI NPN), etc.
- the certificate may be referred to as a signing certificate.
- the certificate of the network may be referred to as the contract certificate of the network.
- the terminal configured with the certificate also has the contract certificate in the network.
- the certificate of the network (such as the certificate of the first NPN, the certificate of the second NPN, the certificate of the second network, the certificate of the NPN) is the certificate of the network configured for the terminal.
- the certificate of the network can enable the terminal to pass the authentication of the network.
- the certificate of the network may include at least one of the following: subscription information of the terminal on the network, long-term key(s) (also called root key) , The subscription identifier (such as SUPI).
- the subscription identifier is used to uniquely identify the subscription.
- the certificate of the network can be used for mutual authentication between the terminal and the network.
- the terminal uses the subscription identifier as or generates an identifier of the terminal on the network when accessing the network.
- the subscription identifier includes the network identifier and the terminal identifier.
- the network includes at least one of the following: NPN, PLMN.
- the certificate of the first NPN, the certificate of the second NPN, and the certificate of the second network in this document conform to the definition of the certificate of the network.
- the network includes but is not limited to one of the following: a first NPN, a second NPN, a second network, and an NPN.
- the third-party certificate is a type of certificate other than the network certificate configured for the terminal.
- the third party may be a terminal manufacturer, or an application.
- the third-party certificate may include, but is not limited to, at least one of the following: the terminal's contract information with the third-party, long-term key(s) or password, and the terminal then The third-party subscription identifier (such as IMSI, or PEI, or user name and/or key).
- requesting the right to access the network includes requesting a certificate that enables the terminal to pass the network authentication.
- the certificate may be a certificate that the terminal is in the network or outside the network.
- the certificate (such as the certificate of the service provider, the certificate of other networks outside the network, or the certificate of a third party).
- the information of the network that is allowed to access through the certificate of the first NPN includes the certificate of the first NPN which enables the terminal to pass the authentication of the network and/or enables the terminal to authenticate the network .
- the network is a network that allows access through the certificate of the first NPN, and includes the first NPN.
- the information of the network that is allowed to access through the certificate of the second NPN includes the certificate of the second NPN which enables the terminal to pass the authentication of the network and/or enables the terminal to authenticate the network .
- the network is a network that allows access through the certificate of the second NPN, and includes the second NPN.
- the information of the network that is allowed to access through the certificate of the NPN includes the certificate of the NPN which enables the terminal to pass the authentication of the network and/or enables the terminal to authenticate the network.
- the network is a network that allows access through the certificate of the NPN, and includes the NPN.
- the information of the network that is allowed to be accessed through the certificate of the second network includes that the second certificate enables the terminal to pass the authentication of the network and/or enables the terminal to authenticate the network.
- the network is a network that is allowed to be accessed through the certificate of the second network, and includes the second network.
- the NPN information includes identification information of the NPN.
- the information of the network includes identification information of the network.
- the communication device may include at least one of the following: a communication network element and a terminal.
- the communication network element may include at least one of the following: a core network network element and a radio access network network element.
- the core network element may include, but is not limited to, at least one of the following: core network equipment, core network nodes, core network functions, core network elements, and mobility management entities (Mobility Management Entity, MME), Access Management Function (AMF), Session Management Function (SMF), User Plane Function (UPF), Serving GW (SGW), PDN Gateway ( PDN Gate Way, PDN gateway), policy control function (Policy Control Function, PCF), policy and charging rules function unit (Policy and Charging Rules Function, PCRF), GPRS service support node (Serving GPRS Support Node, SGSN, general wireless Packet service (General Packet Radio Service, GPRS), gateway GPRS support node (Gateway GPRS Support Node, GGSN), unified data management (Unified Data Management, UDM), unified data storage (Unified Data Repository, UDR), home user server (Home Subscriber Server, HSS) and Application Function (AF).
- MME Mobility Management Entity
- AMF Access Management Function
- SMF Ses
- the RAN network element may include but is not limited to at least one of the following: radio access network equipment, radio access network node, radio access network function, radio access network unit, 3GPP (3rd Generation Partnership Project) Radio access network, non-3GPP radio access network, Centralized Unit (CU), Distributed Unit (DU), base station, evolved Node B (eNB), 5G base station (gNB), Radio Network Controller (RNC), Base Station (NodeB), Non-3GPP Interworking Function (N3IWF), Access Controller (AC) Node, Access Point (Access Point) , AP) device or wireless local area network (Wireless Local Area Networks, WLAN) node, N3IWF.
- radio access network equipment radio access network node, radio access network function, radio access network unit, 3GPP (3rd Generation Partnership Project) Radio access network, non-3GPP radio access network, Centralized Unit (CU), Distributed Unit (DU), base station, evolved Node B (eNB), 5G base station (gNB), Radio Network Controller (RNC), Base Station (NodeB
- the terminal may include a relay supporting terminal function and/or a terminal supporting relay function.
- the terminal can also be called a terminal device or a user terminal (User Equipment, UE).
- the terminal can be a mobile phone, a tablet (Personal Computer), a laptop (Laptop Computer), a personal digital assistant (Personal Digital Assistant, PDA), Terminal-side devices such as Mobile Internet Device (MID), Wearable Device (Wearable Device), or in-vehicle device, it should be noted that the specific type of terminal is not limited in the embodiment of the present invention.
- the first access mode includes: an access mode for accessing the first network in order to download a certificate for accessing the second network.
- the first access method of the control plane type includes: an access method of accessing the first network in order to download the certificate for accessing the second network, and the method of downloading the certificate for accessing the second network is control The type of certificate download method.
- the first access method of the user plane type includes: an access method of accessing the first network in order to download the certificate for accessing the second network, and the method of downloading the certificate for accessing the second network is user A face-type certificate downloading method; the first network and the second network are the same network or different networks.
- the "right for requesting access to the first NPN" includes a certificate for requesting the first NPN, and the certificate of the first NPN is used for accessing the first NPN.
- the type information of the first access mode includes the type information of the first access mode supported and/or requested by the terminal.
- the type information of the certificate download mode includes the type information of the certificate download mode supported and/or requested by the terminal.
- the address information of the first server includes at least one of the following: IP (Internet Protocol) address of the first server, MAC (Media Access Control) address of the first server, and port of the first server No.
- IP Internet Protocol
- MAC Media Access Control
- the certificate for accessing the NPN includes the certificate of the NPN.
- an embodiment of the present invention provides an access control method, which is applied to a first communication device;
- the first communication device includes but is not limited to: a terminal; the method includes:
- Step 11 Send the first message.
- the first information may include at least one of the following: information of the first NPN, index information of the second network, first indication information, second indication information, third indication information, and fourth indication information.
- the information of the first NPN may include one or more NPN identities.
- the information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting the certificate of the first NPN, requesting access to the first NPN through the second certificate, requesting access to the NPN type network Permissions.
- the first indication information is used to request the right to access the first NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network.
- the second indication information is used to request the certificate of the first NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network.
- the third indication information is used to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access.
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the current access network certificate.
- the second certificate may include a certificate already possessed by the first communication device
- the first access method includes: an access method for accessing the first network in order to download a certificate for accessing the second network; the first network and the second network are the same network or different networks ;
- the type information of the first access mode indicates at least one of the following: the first access mode of the control plane type, and the first access mode of the user plane type;
- the type information of the certificate download method indicates at least one of the following items: a control plane type certificate download method, and a user plane type certificate download method.
- the certificate already possessed by the first communication device may include one of the following: a certificate of the second network already possessed by the first communication device, a certificate of a third party possessed by the first communication device, and service provision already possessed by the first communication device The certificate of the supplier.
- the third-party certificate is another type of certificate different from the network certificate, such as the certificate of the terminal manufacturer or the certificate of the application (APP).
- the service provider includes but is not limited to one of the following: a second network (such as PLMN, or NPN (such as SNPN, or PNI NPN), etc.), a third party.
- the index information of the second network may include: identification information of the second network.
- the identification information of the second network may be included in the terminal identification of the terminal in the second network and sent to the network.
- the first NPN requested above may be one of the following: all NPNs, one NPN, and multiple NPNs.
- the second network may be a network different from the first NPN.
- the second network may include, but is not limited to: NPN, PLMN, and PNI NPN other than the first NPN.
- the first information is sent to the target end.
- the target end includes: core network elements (such as AMF).
- the core network element may be one of the following: the core network element of the first NPN, the core network element of the second network, or the core network element of the third network.
- requesting the right to access the first NPN includes requesting a certificate that enables the first communication device to pass the first NPN authentication, and the certificate may be a certificate of the first NPN or a certificate other than the first NPN.
- the certificate of the third party such as the certificate of the second network.
- the certificate may be a certificate of a part of the NPNs in the first NPN.
- the first NPN includes NPN1 and NPN2.
- a certificate of NPN1 may be configured for the first communication device, and the certificate of NPN1 can enable the first communication device to pass the authentication of NPN1 and NPN2.
- the current access network is a network that receives the first information.
- the current access network may be one of the following: a first NPN, a second network, or a third network.
- the first NPN includes multiple NPNs
- the current access network may be one NPN in the first NPN.
- the combination of items included in the first information includes but is not limited to the following implementations:
- the first information only includes: information of the first NPN.
- the first information includes: first indication information. It is not difficult to understand that, in a case where the first indication information is used to request the right to access the network currently, or to request the right to access the NPN type network, the information of the first NPN may not be included.
- the first information includes: second indication information. It is not difficult to understand that, in a case where the second indication information is used for requesting a certificate for accessing the network currently, or for requesting a certificate for accessing an NPN type network, the information of the first NPN may not be included.
- the first information includes: fourth indication information. It is not difficult to understand that when the fourth indication information is used to request the right to access the NPN type network through the certificate of the current access network, the information of the first NPN may not be included.
- the first information includes: information of the first NPN and first indication information. It is not difficult to understand that when the first indication information is used to request the right to access the first NPN, the information of the first NPN needs to be provided.
- the first information includes: information of the first NPN and second indication information. It is not difficult to understand that when the second indication information is used to request the certificate of the first NPN, the information of the first NPN needs to be provided.
- the first information includes: information of the first NPN and third indication information. It is not difficult to understand that if the third indication information is used to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access, it is necessary to provide the first NPN.
- One NPN information is not difficult to understand that if the third indication information is used to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access, it is necessary to provide the first NPN.
- the first information includes: third indication information and index information of the second network. It is not difficult to understand that the third indication information may be used to request the right to access the first NPN through the second certificate; if the currently accessed network is not the second network, the index information of the second network needs to be provided.
- the first information includes: fourth indication information and index information of the second network. It is not difficult to understand that the fourth indication information may be used to request the permission to access the NPN type network through the second certificate; if the currently accessed network is not the second network, the index information of the second network needs to be provided.
- the first information includes: information of the first NPN, third indication information, and index information of the second network. It is not difficult to understand that the third indication information can be used to request the permission to access the first NPN through the second certificate; if the currently accessed network is the third network, the index information of the second network and the first NPN need to be provided Information.
- the information of the first NPN may include identification information of the first NPN.
- the identification information of the first NPN may consist of PLMN ID and NID.
- the identification information of the first PNI NPN may be composed of a PLMN ID.
- the terminal can request the permission to access the first NPN, and the network can determine whether to configure the certificate of the first NPN for the terminal, or to add the pass-through certificate to the second certificate already possessed by the terminal. The permission of the second certificate to access the first NPN.
- the terminal may request the certificate of the first NPN to request the right to access the first NPN.
- the terminal may request to access the first NPN through the second certificate to request the right to access the first NPN.
- the terminal may send first information when accessing the second network, and the first information is, for example, identification information of the first NPN. At this time, the first information may not include the information of the second network.
- the terminal may send first information when accessing the first NPN, the first information is, for example, first indication information, used to request the right to access the first NPN; or, the first NPN
- first information is, for example, first indication information, used to request the right to access the first NPN; or, the first NPN
- One piece of information is, for example, the second indication information, which is used to request the certificate of the first NPN; or, the first information is, for example, the third indication information, which is used to request to access the first NPN through the second certificate.
- the terminal may send first information when accessing an NPN type network.
- the first information is, for example, fourth indication information, which is used to request the right to access the NPN type network.
- the terminal may send first information when accessing the third network, and the first information is, for example, identification information of the first NPN.
- the third network may be different from the second network and the first NPN.
- the method may further include:
- the third information includes at least one of certificate information of the second NPN and update information of the second certificate;
- an operation of accessing the second NPN or the fourth network is performed.
- the fourth network may be one of the following: other networks different from the second NPN (for example, other NPNs different from the first NPN, or PLMN), and other networks different from the second network.
- other networks different from the second NPN for example, other NPNs different from the first NPN, or PLMN
- other networks different from the second network for example, other NPNs different from the first NPN, or PLMN
- the second NPN is equivalent to the first NPN, that is, all NPNs in the first NPN. In another embodiment, when the first NPN includes multiple NPNs, the second NPN is a subset of the first NPN, that is, the second NPN is part of the NPN in the first NPN.
- the network only performs access authorization for part of the NPN in the first NPN (that is, the second NPN), and only the first communication device is configured with the certificate of the part of the NPN.
- the terminal requests access rights for NPN1, NPN2, and NPN3.
- the network may only allow the terminal to obtain the permission to access NPN1 and NPN2, and configure the terminal with the certificate of NPN1 and the certificate of NPN2.
- the terminal can only access NPN1 through the NPN1 certificate.
- the terminal can only access NPN2 through the NPN2 certificate.
- the network authorizes access to multiple NPNs in the first NPN, but only the first communication device is configured with a partial NPN certificate (ie, the second NPN), and through the partial NPN certificate, Multiple NPNs can be connected.
- the terminal requests access rights for NPN1, NPN2, and NPN3. It is not difficult to understand that the network may allow terminals to access NPN1 and NPN2.
- the network can only configure the NPN2 certificate for the terminal, but through the NPN2 certificate, not only the NPN2 can be accessed, but also the NPN1 can be accessed.
- the NPN1 that can be accessed through the certificate of NPN2 may be called the equivalent NPN of NPN2, the NPN that allows the terminal of NPN2 to roam, or the NPN that can provide access for NPN2.
- NPN2 may be referred to as the service provider of NPN1.
- the certificate information of the second NPN includes at least one of the following: a certificate of the second NPN, information (such as network identification information) of a network that is allowed to access through the certificate of the second NPN, and a certificate that is allowed to pass through the second NPN.
- the permission of the certificate to access the NPN type network may include other networks except the second NPN.
- the other networks other than the second NPN include at least one of the following: other NPNs, PLMN, and PNI NPN other than the second NPN.
- the second NPN may be referred to as a service provider of the other network.
- the other network may be referred to as an equivalent network of the second NPN, a network in which the terminal of the second NPN allows roaming, or a network that can provide access for the second NPN.
- the certificate information of the current network access may include at least one of the following: information (such as network identification information (such as network identification information of NPN)) of the network that is allowed to be accessed through the certificate of the current network access, allowing The indication information of accessing the requested NPN through the certificate of the current access network, and the indication information of allowing access to the NPN type network through the certificate of the current access network.
- the network allowed to be accessed through the certificate of the current access network may include other networks except the current access network.
- the other networks other than the current access network may include at least one of the following: NPN, PLMN, and PNI NPN other than the current access network.
- the current access network may be referred to as a service provider of the other network.
- the other network may be referred to as an equivalent network of the current access network, a network to which the terminal of the current access network is allowed to roam, or a network that can provide access to the current access network.
- the update information of the second certificate may include at least one of the following: information about the network that is allowed to be accessed through the second certificate (for example, network identification information (such as NPN identification information)), and that is allowed to be accessed through the second certificate.
- the network allowed to access through the second certificate may include other networks except the second network.
- the other networks except the second network include at least one of the following: NPN, PLMN, and PNI NPN other than the second network.
- the second network may be referred to as a service provider of the other network.
- the other network may be referred to as an equivalent network of the second network, a network in which the terminal of the second network allows roaming, or a network capable of providing access to the second network.
- the network allowed to be accessed through the certificate of the second NPN includes a fourth network.
- the network allowed to be accessed through the second certificate includes a fourth network.
- the update information of the second certificate includes network identification information of all networks that are allowed to be accessed through the second certificate. That is, for a network that does not request access permission for the terminal, the network also sends the network identification information of the network that is allowed to access through the second certificate to the terminal.
- the update information of the second certificate only adds the identification information of the NPN that is allowed to access the first NPN that is requested.
- the terminal can access the fourth network through the certificate of the second NPN.
- the access to the fourth network through the certificate of the second NPN may include: when accessing to the fourth network, the provided UE identity is the UE identity corresponding to the certificate of the second NPN (such as SUPI, SUCI, or NAI, etc.), so The UE identity may include the identity information of the second NPN. For example, the UE identity is provided through a registration request.
- the terminal when the network identification information of the network that is allowed to access through the second certificate includes the identity of the fourth network, the terminal can access the fourth network through the second certificate.
- the access to the fourth network through the second certificate includes: when accessing the fourth network, the provided UE identity is the UE identity corresponding to the second certificate (such as SUPI, SUCI, or NAI, etc.), and the UE identity can be Contains identification information of the second network.
- At least one of the following items is received: address information of the first server, and identification information of the NPN corresponding to the first server.
- the NPN corresponding to the first server includes: a certificate that can be configured by the first server for accessing the NPN.
- the certificate for accessing the NPN includes a certificate of the NPN.
- the address information of the first server and/or the identification information of the NPN corresponding to the first server is obtained from a network (such as a second communication device).
- the network may be a network accessed by the terminal through the first access method (such as onboarding, such as O-SNPN)
- the fourth condition includes at least one of the following:
- the terminal supports and/or requests the control plane type of certificate download method
- the terminal supports and/or requests the first access mode of the control plane type
- the terminal does not support and/or does not request the user plane type of certificate download method
- the terminal does not support and/or does not request the first access mode of the user plane type
- the first server is not a configuration server for the certificate of the first NPN.
- the address of the first server is used for the user-plane type of certificate download mode or the user-plane type of first access mode.
- the relevant information of the first server (such as the address information of the first server and/or the corresponding information of the first server) sent by the network can be NPN identification information) is ignored or discarded.
- the terminal supporting and/or requesting the control plane type certificate download mode may include the terminal only supporting and/or only requesting the control plane type certificate download mode.
- the first access mode in which the terminal supports and/or requests the control plane type may include the first access mode in which the terminal only supports and/or only requests the control plane type.
- the network when requesting permission to access the NPN, can decide to allocate a certificate corresponding to the NPN or add the access permission of the requested NPN network to the existing certificate of the terminal; when requesting access to multiple NPNs
- the network can allocate only one NPN certificate, but can access multiple NPNs through the NPN certificate, or the network can add the requested NPN network access permission to the existing certificate of the terminal.
- the first NPN includes NPN1 and NPN2, the network can only allocate the certificate of NPN1, and the first communication device, such as a terminal, can access NPN1 and NPN2 through the certificate of NPN1.
- NPN2 can be an equivalent NPN of NPN1 or an NPN that allows roaming.
- the second NPN is NPN1.
- an embodiment of the present invention provides an access control method applied to a second communication device;
- the second communication device includes but is not limited to a core network element (such as AMF), and the core network may be One of the following: the core network element of the first NPN, the core network element of the second network, or the core network element of the third network; the method includes:
- Step 21 Obtain the first information.
- the second communication device may obtain the first information from the terminal.
- Step 22 Perform a first operation according to the first information.
- execution of the first operation may include at least one of the following:
- the first server is one of the following: a configuration server that configures a certificate of the second NPN for the terminal, a configuration server that configures a certificate for accessing the NPN for the terminal, and the terminal needs to download the certificate for accessing the NPN Visited server;
- the second server is a configuration server that configures a second certificate for the terminal.
- the second NPN may be all or part of the NPN in the first NPN.
- the second NPN is an NPN in the first NPN that allows the terminal to be configured with a certificate. It is not difficult to understand that all or only part of the requested first NPN is allowed to configure the corresponding certificate for the terminal. It is not difficult to understand that, for example, the terminal requests access rights of NPN1, NPN2, and NPN3, but only NPN1 and NPN2 are allowed to access.
- the network can configure the terminal with NPN1 and NPN2 certificates.
- the network can configure a certificate of NPN1 for the terminal and can access NPN2 through the certificate of NPN1.
- the configured NPN certificate can be saved through this method. It is not difficult to understand that the second NPN may be a subset of the NPN that allows the terminal to obtain access rights.
- the third NPN may be all or part of the NPN in the first NPN.
- the third NPN is an NPN in the first NPN that allows the terminal to obtain access rights. It is not difficult to understand that only part of the requested first NPN allows the terminal to obtain access rights. It is not difficult to understand that, for example, the terminal requests the access rights of NPN1, NPN2, and NPN3, but only NPN1 and NPN2 are allowed to access.
- the network may update the second certificate for the terminal and increase the authority to access the NPN1 and NPN2 through the second certificate.
- the second information may include at least one of the following: NPN information, index information of the second network (such as identification information of the second network), first indication information, second indication information, and third indication information , The fourth instruction information.
- the NPN in the second information may be all or part of the NPN in the first NPN in the first information. It is not difficult to understand that for the NPN requested to obtain access rights, only part of the NPN may be allowed or confirmed to obtain access rights.
- the NPN may include one of the following: a first NPN, a second NPN, and a third NPN.
- the first NPN is as described in the embodiment in FIG. 1, and the second NPN is as described in the previous embodiment, and will not be repeated here.
- the third NPN is as described in the previous embodiment, and will not be repeated here.
- the second NPN and the third NPN may be the same or different.
- the NPN information can be used for at least one of the following: requesting the right to access the NPN, requesting the NPN certificate, requesting the access to the NPN through a second certificate, and requesting the right to access the NPN type network.
- the first indication information is used to request the right to access the NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network.
- the second indication information is used to request the certificate of the NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network.
- the third indication information is used to request the right to access the NPN through the second certificate, or to request the right to access the NPN through the certificate of the current network access.
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the current access network certificate.
- the NPN when there is an agreement between the network receiving the first information and one or more NPNs, the NPN is allowed to be accessed through the certificate of the network.
- the first indication information for example, for requesting the permission to access the NPN type network
- the second indication information for example, for requesting the certificate for accessing the NPN type network
- the third indication information for example, for requesting to pass the current
- the certificate for accessing the network is used to access the NPN authority
- the fourth indication information for example, used to request the authority to access the NPN type network through the second certificate, or used to request access through the certificate of the current network access
- the network may update the certificate information of the network for the terminal, including the access authority of the NPN type network.
- NPN1, NPN2, and NPN3 have protocols that allow the terminal to use the certificate information of NPN1 to access NPN2 and NPN3.
- NPN1 can open the authority for the terminal and indicate it to the terminal.
- One implementation is to add NPN2 and NPN3 to the information of the network that is allowed to access through the certificate of NPN1.
- the certificate information of NPN1 indicates that access to an NPN type network is allowed.
- the second network has an agreement with NPN1, NPN2, and NPN3, allowing the terminal to use the certificate information of the second network to access NPN1, NPN2, and NPN3.
- the terminal sends the first information to the second network.
- the second network may open the authority for the terminal and indicate it to the terminal.
- One implementation is to add NPN1, NPN2, and NPN3 to the information of the network that is allowed to access through the certificate of the second network.
- Another implementation manner is to indicate permission to access an NPN type network in the certificate information of the second network.
- the second certificate may include a certificate already possessed by the first communication device.
- the certificate already possessed by the first communication device may include one of the following: a certificate of the second network already possessed by the first communication device, a certificate of a third party already possessed by the first communication device, and a service provider already possessed by the first communication device
- the certificate of the supplier may include one of the following: a certificate of the second network already possessed by the first communication device, a certificate of a third party already possessed by the first communication device, and a service provider already possessed by the first communication device
- the certificate of the supplier The third-party certificate is another type of certificate different from the network certificate, such as the certificate of the terminal manufacturer or the certificate of the application (APP).
- the service provider includes but is not limited to one of the following: a second network (such as PLMN, or NPN (such as SNPN, or PNI NPN), etc.), a third party.
- the second information may include all the information in the first information, that is, the acquired first information.
- the second information may include part of the information in the first information, that is, part of the information in the acquired first information. It is not difficult to understand that part of the information in the first information can only be used to index the certificate configuration server, and does not need to be sent to the related server.
- the second communication device may perform at least one of the following by acquiring the subscription information of the terminal, the network policy and/or the allowed device list of the NPN: confirm whether the terminal is allowed to obtain the permission to access the first NPN, and confirm Whether it is allowed to configure the certificate information of the first NPN for the terminal, and confirm whether it is allowed to add the permission for the terminal to access the first NPN through the second certificate.
- the subscription information of the terminal may include at least one of the following: NPN information (such as NPN identification information) that allows the terminal to obtain access rights; NPN information (such as NPN identification information) that allows the terminal to be configured with a certificate;
- the NPN information (such as NPN identification information) of the access authority is allowed to be added on the basis of the existing certificate of the terminal.
- the network policy may be referred to as an operator policy
- the network policy may include one of the following: in the case of confirming that the terminal is allowed to obtain the right to access a certain NPN, configure the terminal with the certificate information of the NPN; confirm that the terminal is allowed to obtain In the case of the authority to access a certain NPN, the terminal adds the authority to access the NPN on the basis of the existing certificate.
- the second communication device may directly add (or be referred to as appending) the terminal's permission to access the third NPN through the second certificate, or configure the terminal with a certificate of the second NPN.
- the second communication device may request the second server to add the terminal's right to access the third NPN through the second certificate.
- the second communication device may request the first server to configure the certificate of the second NPN for the terminal.
- the method of obtaining the first information may include, but is not limited to, one of the following implementations:
- the terminal may request the first NPN for the right to access the first NPN by sending the first information.
- the first information may not include the information of the first NPN, but include the first indication information.
- the first indication information may be understood as being used to request the right to access the network currently.
- the terminal may request one of the first NPNs for the right to access the first NPN.
- the access authority of the first NPN may be realized by obtaining the certificate information of the first NPN or by adding the authority of accessing the first NPN through the second certificate.
- the terminal may request the second network for the permission to access the first NPN by sending the first information. It is not difficult to understand that in this manner, the first information needs to include the information of the first NPN. In this manner, the first information may not include the index information of the second network.
- the terminal may send third indication information to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access.
- the third indication information may be understood as the right to request access to the first NPN through the certificate of the current access network.
- the terminal may request the first NPN or the third network to increase the right to access the first NPN through the second certificate by sending the first information. It is not difficult to understand that in this manner, the first information needs to include the index information of the second network.
- the index information of the second network can be used to index the second server.
- the second communication device may determine the first server (for example, determine the address of the first server) according to at least one of the following:
- the terminal is currently connected to the network.
- the terminal accesses the first NPN and sends the first information to the first NPN.
- the second communication device is a device in the first NPN
- the first server can be determined according to the current access network and the mapping relationship between the address of the first server and the current access network.
- the terminal accesses the second NPN and sends the first information to the second NPN.
- the second communication device is a device in the second NPN
- the first server can be determined according to the current access network and the mapping relationship between the address of the first server and the current access network.
- the first server may be determined according to the information of the first NPN and the mapping relationship between the address of the first server and the identification information of the NPN.
- the type information of the first access mode indicates at least one of the following: the first access mode of the control plane type, and the first access mode of the user plane type;
- the type information of the certificate downloading method indicates at least one of the following: a control plane type of certificate downloading method, and a user plane type of certificate downloading method.
- the address information of the first server and/or the identification information of the NPN corresponding to the first server is sent to the terminal.
- sending the address information of the first server and/or the identification information of the NPN corresponding to the first server includes: when the third condition is met, sending the address information of the first server and/or the identification of the NPN corresponding to the first server information.
- the third condition includes:
- the type information of the first access mode indicates the first access mode of the user plane type
- the type information of the certificate download mode indicates the certificate download mode of the user plane type.
- the network may not send relevant information of the first server (such as the address information of the first server and/or the first access mode). Identification information of the NPN corresponding to a server). In other words, for a terminal that supports and/or requests a user-plane type of certificate download mode or a user-plane type of first access mode, the network may send relevant information of the first server.
- the second communication device may perform the operation of determining the first server, determining the second information, and/or performing the operation of sending the second information to the first server when the first condition is met.
- the first condition may include at least one of the following:
- the second NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN.
- the confirming that the terminal is allowed to obtain the right to access the first NPN may include confirming that the terminal is allowed to obtain the right to access a part of the NPN of the first NPN.
- the certificate information confirming permission to configure the first NPN for the terminal may include certificate information confirming permission to configure part of the NPN of the first NPN for the terminal.
- the second communication device may determine the second server (for example, determine the address of the second server) according to at least one of the following:
- the terminal is currently connected to the network.
- the second communication device is a device in the second network
- the second server can be confirmed through the network currently accessed by the terminal and/or the second server address corresponding to the currently accessed network.
- the second server may be determined according to the information of the first NPN and the mapping relationship between the address of the second server and the NPN identification information.
- the second server may be determined according to the index information of the second network and the mapping relationship between the second server address and the network identification information.
- the second communication device may perform the operation of determining the second server, determining the second information, and/or performing the operation of sending the second information to the second server when the second condition is satisfied.
- the second condition may include at least one of the following:
- the third NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN.
- the confirming that the terminal is allowed to obtain the right to access the first NPN may include confirming that the terminal is allowed to obtain the right to access a part of the NPN of the first NPN.
- the confirming that the terminal is allowed to increase the right to access the first NPN through the second certificate may include confirming that the terminal is allowed to increase the right to access part of the NPN of the first NPN through the second certificate.
- the method may further include:
- the certificate information of the second NPN may be sent to at least one of the following: a first communication device (including a terminal), a user data management device (such as UDM, HSS and/or UDR).
- a first communication device including a terminal
- a user data management device such as UDM, HSS and/or UDR
- the method may further include:
- the update information of the second certificate is obtained from the second server.
- the update information of the second certificate may be sent to at least one of the following: the first communication device (including the terminal), the user data management device (such as UDM, HSS and/or UDR).
- the first communication device including the terminal
- the user data management device such as UDM, HSS and/or UDR.
- the second communication device can confirm whether the terminal is allowed to obtain the right to access the NPN, or whether to configure the corresponding NPN certificate information for the terminal, or determine what the terminal needs Certificate configuration server, etc., so as to effectively realize the terminal certificate configuration and network access control.
- an embodiment of the present invention provides an access control method applied to a third communication device;
- the third communication device includes but is not limited to: a first server, a second server, or a core network element (such as AMF).
- the core network may be one of the following: the core network element of the first NPN, the core network element of the second network, or the core network element of the third network.
- the method includes:
- Step 31 Obtain the first information or the second information.
- the first information may include at least one of the following: information of the first NPN, index information of the second network, first indication information, second indication information, third indication information, and fourth indication information.
- information of the first NPN the index information of the second network, the first indication information, the second indication information, the third indication information, and the fourth indication information in the first information, the details may be as described in the embodiment shown in FIG. 1 I will not repeat them here.
- the second information may include at least one of the following: NPN information, index information of the second network (such as identification information of the second network), first indication information, second indication information, third indication information, fourth indication information.
- the NPN information can be used for at least one of the following: requesting the right to access the NPN, requesting the NPN certificate, requesting the access to the NPN through a second certificate, and requesting the right to access the NPN type network.
- the first indication information is used to request the right to access the NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network.
- the second indication information is used to request the certificate of the NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network.
- the third indication information is used to request the right to access the NPN through the second certificate, or to request the right to access the NPN through the certificate of the current network access.
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the current access network certificate.
- the second certificate may include a certificate already possessed by the first communication device.
- the certificate already possessed by the first communication device may include one of the following: a certificate of the second network already possessed by the first communication device, a certificate of a third party already possessed by the first communication device, and a service provider already possessed by the first communication device
- the certificate of the supplier may include one of the following: a certificate of the second network already possessed by the first communication device, a certificate of a third party already possessed by the first communication device, and a service provider already possessed by the first communication device
- the certificate of the supplier The third-party certificate is another type of certificate different from the network certificate, such as the certificate of the terminal manufacturer or the certificate of the application (APP).
- the service provider includes but is not limited to one of the following: a second network (such as PLMN, or NPN (such as SNPN, or PNI NPN), etc.), a third party.
- the first information may be obtained from a first communication device, or the first information may be obtained from a second communication device.
- the first communication device sends the first information to the second communication device, and the second communication device sends the first information to the third communication device.
- the second information may be obtained from a second communication device.
- the first communication device sends the first information to the second communication device, and the second communication device generates the second information according to the first information, and then sends the second information to the third communication device.
- the NPN of the second information may be all or part of the NPN of the first NPN in the first information.
- the NPN may include one of the following: a first NPN, a second NPN, and a third NPN.
- the first NPN is described in the embodiment of FIG. 1, and the second NPN is described in the embodiment of FIG. 2, which will not be repeated here.
- the third NPN is described in the embodiment of FIG. 2 and will not be repeated here.
- the second NPN and the third NPN may be the same or different.
- Step 32 Perform a second operation according to the first information or the second information.
- execution of the second operation may include at least one of the following:
- the second certificate may include a certificate already possessed by the first communication device.
- the certificate already possessed by the first communication device may include one of the following: a certificate of the second network already possessed by the first communication device, and a certificate of a third party already possessed by the first communication device.
- the third-party certificate is another type of certificate different from the network certificate, such as the certificate of the terminal manufacturer or the certificate of the application (APP).
- the second network may include but is not limited to one of the following: PLMN, NPN (such as SNPN, or PNI NPN), etc.
- the second NPN may be all or part of the NPN in the first NPN.
- the second NPN is an NPN in the first NPN that allows the terminal to be configured with a certificate. It is not difficult to understand that all or only part of the requested first NPN is allowed to configure the corresponding certificate for the terminal. It is not difficult to understand that, for example, the terminal requests access rights of NPN1, NPN2, and NPN3, but only NPN1 and NPN2 are allowed to access.
- the network can configure the terminal with NPN1 and NPN2 certificates.
- the network can configure a certificate of NPN1 for the terminal and can access NPN2 through the certificate of NPN1.
- the configured NPN certificate can be saved through this method. It is not difficult to understand that the second NPN may be a subset of the NPN that allows the terminal to obtain access rights.
- the third NPN may be all or part of the NPN in the first NPN.
- the third NPN is an NPN in the first NPN that allows the terminal to obtain access rights. It is not difficult to understand that only part of the requested first NPN allows the terminal to obtain access rights. It is not difficult to understand that, for example, the terminal requests the access rights of NPN1, NPN2, and NPN3, but only NPN1 and NPN2 are allowed to access.
- the network may update the second certificate for the terminal and increase the authority to access the NPN1 and NPN2 through the second certificate.
- the certificate information of the second NPN may include at least one of the following: a certificate of the second NPN, information (such as network identification information) of a network allowed to access through the certificate of the second NPN, and permission to access the NPN through the second NPN certificate Type network permissions.
- the network allowed to access through the certificate of the second NPN may include other networks except the second NPN, and the other networks except the second NPN include at least one of the following: other than the second NPN NPN, PLMN, PNI NPN.
- the second NPN may be referred to as a service provider of the other network.
- the other network may be referred to as an equivalent network of the second NPN, a network in which the terminal of the second NPN allows roaming, or a network that can provide access for the second NPN.
- the second NPN is a subset of the first NPN when the first NPN includes multiple NPNs.
- the update information of the second certificate may include at least one of the following: information (such as network identification information) of the network that is allowed to be accessed through the second certificate, permission to access the NPN type network through the second certificate, The indication information of allowing access to the requested NPN through the second certificate, and the indication information of allowing access to the NPN type network through the second certificate.
- the network allowed to access through the second certificate may include other networks except the second network.
- the other networks except the second network include at least one of the following: NPN, PLMN, and PNI NPN other than the second network.
- the second network may be referred to as a service provider of the other network.
- the other network may be referred to as an equivalent network of the second network, a network that allows the terminal of the second network to roam, or a network that can provide access to the second network.
- the network allowed to access through the second certificate includes at least one requested NPN (for example, at least one NPN in the first NPN, the second NPN, or the third NPN).
- the sent update information of the second certificate includes network identification information of all networks that are allowed to be accessed through the second certificate, not only the identification information of the requested NPN (such as the identification information of the first NPN). Identification information of at least one NPN, the second NPN, or the third NPN).
- the update information of the second certificate includes network identification information of all networks that are allowed to be accessed through the second certificate. That is, for a network that does not request access permission for the terminal, the network also sends the network identification information of the network that is allowed to access through the second certificate to the terminal.
- the update information of the second certificate only adds the identification information of the NPN that is allowed to access the first NPN that is requested.
- the first information is obtained from a first source, and the first source includes one of the following: a first communication device (including a terminal).
- the second information is obtained from a second source
- the second source includes: a second communication device, a network through which the terminal sends the first information, and a network accessed by the terminal.
- sending the certificate information of the second NPN or sending the update information of the second certificate to the target end including at least one of the following: the first communication device (including the terminal), the second communication device, and the first communication device.
- the information network (such as the UDM or UDR in the network receiving the first information), the user management device in the second network, the network device in the second NPN (such as the user management device), and the network currently accessed by the terminal. It is not difficult to understand that when a new network certificate is configured or updated, it needs to be synchronized to the first communication device (including the terminal) and the network at the same time, so that when the terminal accesses the network, the network can authenticate the terminal. When the terminal allows access to the second network through the first network certificate, the second network may also request the first network to authenticate the terminal.
- the third communication device can configure the required certificate information for the terminal based on the acquired second information, thereby effectively realizing the certificate configuration and network access control of the terminal.
- an embodiment of the present invention provides an access control method, which is applied to a first communication device;
- the first communication device includes but is not limited to: a terminal; the method includes:
- Step 41 Obtain the third information.
- Step 42 Perform an operation of accessing the second NPN or the fourth network according to the third information.
- the third information may include at least one of certificate information of the second NPN and update information of the second certificate.
- the second NPN may generally refer to one or more NPNs.
- the certificate of the second NPN can be obtained directly; in another embodiment, the certificate of the second NPN can be obtained after requesting the first NPN.
- the second NPN is equivalent to the first NPN; in another embodiment, the second NPN is a subset of the first NPN, for example, the first NPN includes multiple In the case of one NPN, the second NPN may be part of the NPN in the first NPN.
- the certificate information of the second NPN includes at least one of the following: a certificate of the second NPN, information (such as network identification information) of a network that is allowed to access through the certificate of the second NPN, and a certificate that is allowed to pass through the second NPN.
- the permission of the certificate to access the NPN type network may include other networks except the second NPN, and the other networks except the second NPN include at least one of the following: except the second NPN Other NPN, PLMN, PNI NPN.
- the second NPN may be referred to as a service provider of the other network.
- the other network may be referred to as an equivalent network of the second NPN, a network in which the terminal of the second NPN allows roaming, or a network that can provide access for the second NPN.
- the current access network is a network that sends the first information or a network that obtains the third information.
- the fourth network may be different from the current access network.
- the first information is specifically described in the embodiment of FIG. 1.
- the certificate information of the current network access may include at least one of the following: information (such as network identification information (such as network identification information of NPN)) of the network that is allowed to be accessed through the certificate of the current network access, allowing The indication information of accessing the requested NPN through the certificate of the current access network, and the indication information of allowing access to the NPN type network through the certificate of the current access network.
- the information of the network that is allowed to be accessed through the certificate of the current access network may include other networks except the current access network.
- the other networks except the current access network include at least one of the following: NPN, PLMN, and PNI NPN other than the current access network.
- the current access network may be referred to as a service provider of the other network.
- the other network may be referred to as an equivalent network of the current access network, a network to which the terminal of the current access network allows roaming, or a network that can provide access to the current access network.
- the update information of the second certificate may include at least one of the following: information about the network that is allowed to be accessed through the second certificate (for example, network identification information (such as NPN identification information)), and that is allowed to be accessed through the second certificate.
- the network that is allowed to access through the second certificate may include other networks except the second network, and the other networks except the second network include at least one of the following: NPN other than the second network , PLMN, PNI NPN.
- the second network may be referred to as a service provider of the other network.
- the other network may be referred to as an equivalent network of the second network, a network that allows the terminal of the second network to roam, or a network that can provide access to the second network.
- the network allowed to be accessed through the certificate of the second NPN includes a fourth network.
- the network allowed to be accessed through the second certificate includes a fourth network.
- the update information of the second certificate includes network identification information of all networks that are allowed to be accessed through the second certificate. That is, for a network that does not request access permission for the terminal, the network also sends the network identification information of the network that is allowed to access through the second certificate to the terminal.
- the update information of the second certificate only adds the identification information of the NPN that is allowed to access the first NPN that is requested.
- the fourth network may be one of the following: other networks different from the second NPN (for example, other NPNs different from the second NPN, or PLMN), and other networks different from the network requesting the access permission of the first NPN , Or another network different from the second network.
- the terminal can access the fourth network through the certificate of the second NPN.
- the access to the fourth network through the certificate of the second NPN may include: when accessing the fourth network, the provided UE identifier is the UE identifier corresponding to the certificate of the second NPN (such as SUPI, SUCI, or NAI, etc.).
- the UE identity may include the identity information of the second NPN. For example, the UE identity is provided through a registration request.
- the terminal may access the fourth network through the second certificate.
- the access to the fourth network through the second certificate includes: when accessing the fourth network, the provided UE identity is the UE identity corresponding to the second certificate (such as SUPI, SUCI, or NAI, etc.), and the UE identity can be Contains identification information of the second network.
- the terminal may access the fourth network through the certificate of the first NPN.
- the access to the fourth network through the certificate of the first NPN may include: when accessing the fourth network, the provided UE identity is the UE identity corresponding to the certificate of the first NPN (such as SUPI, SUCI, or NAI, etc.), so The UE identity may include the identity information of the first NPN.
- the method may further include: sending the first information.
- the related content of the sending of the first information can be described in the embodiment shown in FIG. 1, and will not be repeated here.
- the second NPN is equivalent to the first NPN; in another embodiment, the second NPN is a subset of the first NPN, such as the first NPN. When multiple NPNs are included in the NPN, the second NPN may be part of the NPN in the first NPN.
- the network only performs access authorization for part of the NPN in the first NPN (that is, the second NPN), and only the first communication device is configured with the certificate of the part of the NPN.
- the terminal requests access rights for NPN1, NPN2, and NPN3.
- the network may only allow the terminal to obtain the permission to access NPN1 and NPN2, and configure the terminal with the certificate of NPN1 and the certificate of NPN2.
- the terminal can only access NPN1 through the NPN1 certificate.
- the terminal can only access NPN2 through the NPN2 certificate.
- the network authorizes access to multiple NPNs in the first NPN, but only the first communication device is configured with a partial NPN certificate (ie, the second NPN), and through the partial NPN certificate, Multiple NPNs can be connected.
- the terminal requests access rights for NPN1, NPN2, and NPN3. It is not difficult to understand that the network may allow terminals to access NPN1 and NPN2.
- the network can only configure the NPN2 certificate for the terminal, but through the NPN2 certificate, not only the NPN2 can be accessed, but also the NPN1 can be accessed.
- the NPN1 that can be accessed through the certificate of NPN2 may be referred to as the equivalent NPN of NPN2, the NPN that allows the terminal of NPN2 to roam, or the NPN that can provide access for NPN2.
- NPN2 may be referred to as the service provider of NPN1.
- the third information is obtained from a source end, and the source end includes one of the following: a first communication device, a second communication device, a network receiving the first information, and a currently connected network.
- the network when the permission to access multiple NPNs is requested, the network can allocate only one NPN certificate, but can access multiple NPNs through the NPN certificate. Thus, the network access control of the terminal can be effectively realized.
- the UE's NPN certificate configuration process may include the following steps:
- Step 51 The UE initiates a registration request to the AMF of the first network through the NG-RAN.
- the registration request includes the NPN list list of the UE's request to obtain access credentials (credential).
- the UE already has the credtial of NPN1 and requests to add the credential of NPN2.
- the AMF can authenticate the UE by accessing the certificate of NPN1.
- the UE does not have a certificate of NPN1, and requests certificates of NPN1 and NPN2 at the same time. At this time, the UE needs to be authenticated through the default credential (default credential) or the UDM corresponding to the SUPI provided by the UE.
- Step 52 AMF selects a configuration server according to the NPN list, and sends a certificate configuration request to the configuration server.
- Step 53 If the UE has not been authenticated in the above steps, optionally, the configuration server authenticates the UE through the authentication server.
- Step 54 After passing the authentication, the configuration server sends a configuration response to the UE through the AMF to configure the UE.
- the configuration server of NPN1 can update the certificate of NPN1 to supplement the NPN2 that allows roaming. Or the NPN2 configuration server separately configures the NPN2 certificate for the UE.
- the configuration server may synchronize the UE's certificate to UDM.
- an embodiment of the present invention provides a communication device.
- the communication device is a first communication device.
- the communication device 60 includes:
- the sending module 61 is used to send the first information
- the first information includes at least one of the following: information of the non-public network NPN of the first independent network, index information of the second network, first indication information, second indication information, third indication information, fourth Instruction information, instruction information for requesting certificate download, instruction information for requesting the first access method, type information of the first access method, type information of the certificate download method;
- the information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting the certificate of the first NPN, requesting access to the first NPN through the second certificate, requesting access to the NPN type network Permissions
- the first indication information is used to request the right to access the first NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network;
- the second indication information is used to request the certificate of the first NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network;
- the third indication information is used to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access;
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the certificate of the current access network;
- the second certificate may include a certificate already possessed by the first communication device.
- the certificate already possessed by the first communication device includes: a certificate of the second network already possessed by the first communication device, and a certificate of a third party already possessed by the first communication device.
- the third-party certificate is another type of certificate different from the network certificate, such as the certificate of the terminal manufacturer or the certificate of the application (APP).
- the communication device 60 may further include:
- the third obtaining module is configured to obtain third information; wherein the third information includes at least one of certificate information of the second NPN and update information of the second certificate;
- the third execution module is configured to execute the operation of accessing the second NPN or the fourth network according to the third information
- the fourth network is one of the following: other networks different from the second NPN, and other networks different from the second network;
- the second NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN.
- the certificate information of the second NPN includes at least one of the following: the certificate of the second NPN, the information of the network that is allowed to access through the certificate of the second NPN, and the information of the network that is allowed to access the NPN type network through the second NPN certificate. Permissions
- the update information of the second certificate includes at least one of the following: information of the network that is allowed to be accessed through the second certificate, the authority to allow access to the NPN type network through the second certificate, and the permission to access through the second certificate
- the indication information of the requested NPN and the indication information of allowing access to the NPN type network through the second certificate includes at least one of the following: information of the network that is allowed to be accessed through the second certificate, the authority to allow access to the NPN type network through the second certificate, and the permission to access through the second certificate.
- the network allowed to be accessed through the certificate of the second NPN includes the fourth network
- the network allowed to be accessed through the second certificate includes the fourth network.
- At least one of the following items is received: address information of the first server, and identification information of the NPN corresponding to the first server.
- the NPN corresponding to the first server includes a certificate that can be configured by the first server for accessing the NPN.
- the certificate for accessing the NPN includes a certificate of the NPN.
- the address information of the first server and/or the identification information of the NPN corresponding to the first server is obtained from the network.
- the network may be a network accessed by the terminal through the first access method (such as onboarding, such as O-SNPN)
- the fourth condition includes at least one of the following:
- the terminal supports and/or requests the control plane type of certificate download method
- the terminal supports and/or requests the first access mode of the control plane type
- the terminal does not support and/or does not request the user plane type of certificate download method
- the terminal does not support and/or does not request the first access mode of the user plane type
- the first server is not a configuration server for the certificate of the first NPN.
- the address of the first server is used for the user-plane type of certificate download mode or the user-plane type of first access mode.
- the related information of the first server sent by the network may be ignored or discarded.
- the terminal supporting and/or requesting the control plane type certificate download mode may include the terminal only supporting and/or requesting the control plane type certificate download mode.
- the first access mode in which the terminal supports and/or requests the control plane type may include the first access mode in which the terminal only supports and/or requests the control plane type.
- the communication device 60 can implement the various processes implemented in the method embodiment shown in FIG. 1 of the present invention and achieve the same beneficial effects. To avoid repetition, details are not described herein again.
- an embodiment of the present invention provides a communication device.
- the communication device is a second communication device.
- the communication device 70 includes:
- the first obtaining module 71 is configured to obtain first information
- the first execution module 72 is configured to execute a first operation according to the first information
- the execution of the first operation includes at least one of the following:
- the first server is one of the following: a configuration server that configures a certificate for the second NPN for the terminal, a configuration server that configures a certificate for accessing the NPN for the terminal, and the terminal needs to download the certificate for accessing the NPN
- the accessed server is a configuration server that configures a second certificate for the terminal
- the second information includes all or part of the information in the first information.
- the first information includes at least one of the following: information of the first NPN, index information of the second network, first indication information, second indication information, third indication information, fourth indication information, Instruction information for requesting certificate download, instruction information for requesting the first access method, type information of the first access method, and type information of the certificate download method;
- the information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting the certificate of the first NPN, requesting access to the first NPN through the second certificate, requesting access to the NPN type network Permissions
- the first indication information is used to request the right to access the first NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network;
- the second indication information is used to request the certificate of the first NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network;
- the third indication information is used to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access;
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the certificate of the current access network;
- the second certificate may include a certificate already possessed by the first communication device.
- the certificate already possessed by the first communication device may include one of the following: a certificate of the second network already possessed by the first communication device, and a certificate of a third party already possessed by the first communication device.
- the third-party certificate is another type of certificate different from the network certificate, such as the certificate of the terminal manufacturer or the certificate of the application (APP).
- the type information of the first access mode indicates at least one of the following: the first access mode of the control plane type, and the first access mode of the user plane type;
- the type information of the certificate downloading method indicates at least one of the following: a control plane type of certificate downloading method, and a user plane type of certificate downloading method.
- the address information of the first server and/or the identification information of the NPN corresponding to the first server is sent to the terminal.
- the first execution module 72 when the third condition is met, sends the address information of the first server and/or the identification information of the NPN corresponding to the first server.
- the third condition includes:
- the type information of the first access mode indicates the first access mode of the user plane type
- the type information of the certificate download mode indicates the certificate download mode of the user plane type.
- the network may not send relevant information of the first server (such as the address information of the first server and/or the first access mode). Identification information of the NPN corresponding to a server). In other words, for a terminal that supports and/or requests a user-plane type of certificate download mode or a user-plane type of first access mode, the network may send relevant information of the first server.
- the first execution module 72 may perform the operation of determining the first server, determining the second information, and/or performing the operation of sending the second information to the first server when the first condition is met;
- the first condition includes at least one of the following:
- the second NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN.
- the first execution module 72 may perform the operation of determining the second server, determining the second information, and/or performing the operation of sending the second information to the first server when the second condition is met; wherein, The second condition includes at least one of the following:
- the third NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN.
- the communication device 70 can implement the various processes implemented in the method embodiment shown in FIG. 2 of the present invention and achieve the same beneficial effects. To avoid repetition, details are not described herein again.
- an embodiment of the present invention provides a communication device.
- the communication device is a third communication device.
- the communication device 80 includes:
- the second obtaining module 81 is configured to obtain the first information or the second information
- the second execution module 82 is configured to execute a second operation according to the first information or the second information
- the execution of the second operation includes at least one of the following:
- the second certificate includes a certificate already possessed by the terminal
- the second NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN;
- the third NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN;
- the second NPN is the same as or different from the third NPN.
- the first information includes at least one of the following: information of the first NPN, index information of the second network, first indication information, second indication information, third indication information, fourth indication information, Instruction information for requesting certificate download, instruction information for requesting the first access method, type information of the first access method, and type information of the certificate download method;
- the information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting the certificate of the first NPN, requesting access to the first NPN through the second certificate, requesting access to the NPN type network Permissions
- the first indication information is used to request the right to access the first NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network;
- the second indication information is used to request the certificate of the first NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network;
- the third indication information is used to request the right to access the first NPN through the second certificate, or to request the right to access the first NPN through the certificate of the current network access;
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the current access network certificate.
- the second information includes at least one of the following: NPN information, index information of the second network, first indication information, second indication information, third indication information, and fourth indication information;
- the NPN information can be used for at least one of the following: requesting permission to access the NPN, requesting the certificate of the NPN, requesting the permission to access the NPN through a second certificate, and requesting the permission to access the NPN type network;
- the first indication information is used to request the right to access the NPN, or used to request the current right to access the network, or used to request the right to access the NPN type network;
- the second indication information is used to request the certificate of the NPN, or used to request the certificate of the current access network, or used to request the certificate of access to the NPN type network;
- the third indication information is used to request the right to access the NPN through the second certificate, or to request the right to access the NPN through the certificate of the current network access;
- the fourth indication information is used to request the right to access the NPN type network through the second certificate, or to request the right to access the NPN type network through the current access network certificate.
- the certificate information of the first NPN includes at least one of the following: the certificate of the first NPN, the information of the network that is allowed to access through the certificate of the first NPN, and the information of the network that is allowed to access the NPN type network through the first NPN certificate. Permissions
- the certificate information of the second NPN includes at least one of the following: the certificate of the second NPN, the information of the network that is allowed to access through the certificate of the second NPN, and the information of the network that is allowed to access the NPN type network through the second NPN certificate. Permissions
- the update information of the second certificate includes at least one of the following: information of the network that is allowed to be accessed through the second certificate, the authority to allow access to the NPN type network through the second certificate, and the permission to access through the second certificate
- the indication information of the requested NPN and the indication information of allowing access to the NPN type network through the second certificate includes at least one of the following: information of the network that is allowed to be accessed through the second certificate, the authority to allow access to the NPN type network through the second certificate, and the permission to access through the second certificate.
- the second NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN.
- the communication device 80 can implement each process implemented in the method embodiment shown in FIG. 3 of the present invention and achieve the same beneficial effects. To avoid repetition, details are not described herein again.
- an embodiment of the present invention provides a communication device.
- the communication device is a fourth communication device.
- the communication device 90 includes:
- the third obtaining module 91 is configured to obtain third information; wherein the third information includes at least one of the certificate information of the second NPN and the update information of the second certificate; the second certificate includes the first communication device Already have a certificate; the second NPN is one or more NPNs;
- the third execution module 92 is configured to execute an operation of accessing the second NPN or the fourth network according to the third information
- the fourth network is one of the following: other networks different from the second NPN, and other networks different from the second network;
- the certificate information of the second NPN includes at least one of the following: a certificate of the second NPN, information of a network allowed to access through the certificate of the second NPN, and permission to access an NPN type network through the second NPN certificate;
- the certificate information of the current access network includes at least one of the following: information of the network that is allowed to access through the certificate of the current access network, indication information that allows access to the requested NPN through the certificate of the current access network, and permission to pass Instruction information for the certificate of the current access network to access the NPN type network;
- the update information of the second certificate includes at least one of the following: information about the network that is allowed to be accessed through the second certificate, the authority to allow access to the NPN type network through the second certificate, and the requested NPN to be accessed through the second certificate.
- the communication device 90 can implement the various processes implemented in the method embodiment shown in FIG. 4 of the present invention and achieve the same beneficial effects. To avoid repetition, details are not described herein again.
- FIG. 10 is a schematic structural diagram of another communication device provided by an embodiment of the present invention.
- the computer program running on the processor the various components in the communication device 100 are coupled together through the bus interface 103, when the computer program is executed by the processor 101, the implementation in the method embodiment shown in FIG. 1 can be implemented
- Each process can achieve the same technical effect. To avoid repetition, I won’t repeat it here.
- the embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, each process implemented in the method embodiment shown in FIG. 1 is implemented, Or, implement each process implemented in the method embodiment shown in FIG. 2, or implement each process implemented in the method embodiment shown in FIG. 3, or implement each process implemented in the method embodiment shown in FIG. 4 , And can achieve the same technical effect, in order to avoid repetition, I will not repeat them here.
- the computer-readable storage medium such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk, or optical disk, etc.
- the technical solution of the present invention essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to make a terminal (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the method described in each embodiment of the present invention.
- a terminal which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (24)
- 一种接入控制方法,应用于第一通信设备,包括:发送第一信息;其中,所述第一信息包括以下至少一项:第一非公众网络NPN的信息、第二网络的索引信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息、用于请求证书下载的指示信息、用于请求第一接入方式的指示信息、第一接入方式的类型信息、证书下载方式的类型信息;所述第一NPN的信息能够用于以下至少一项:请求接入第一NPN的权限、请求第一NPN的证书、请求通过第二证书接入第一NPN、请求接入NPN类型的网络的权限;所述第一指示信息用于请求接入第一NPN的权限,或用于请求当前接入网络的权限,或用于请求接入NPN类型网络的权限;所述第二指示信息用于请求第一NPN的证书,或用于请求当前接入网络的证书,或用于请求接入NPN类型网络的证书;所述第三指示信息用于请求通过第二证书接入第一NPN的权限,或用于请求通过当前接入网络的证书接入第一NPN的权限;所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限;所述第二证书包括第一通信设备已经具有的证书;其中,所述第一接入方式包括:为了下载用于接入第二网络的证书而接入第一网络的接入方式;所述第一网络和所述第二网络是同一个网络或者不同的网络;所述第一接入方式的类型信息指示以下至少一项:控制面类型的第一接入方式、用户面类型的第一接入方式;所述证书下载方式的类型信息指示以下至少一项目:控制面类型的证书下载方式、用户面类型的证书下载方式。
- 根据权利要求1所述的方法,其中,所述发送第一信息之后,所述方 法还包括:获取第三信息;其中,所述第三信息包括第二NPN的证书信息和所述第二证书的更新信息中的至少一者;根据所述第三信息,执行接入第二NPN或第四网络的操作;其中,所述第四网络是以下之一:不同于第二NPN的其他网络、不同于第二网络的其他网络;所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN。
- 根据权利要求2所述的方法,其中,所述第二NPN的证书信息包括以下至少一项:第二NPN的证书、允许通过第二NPN的证书接入的网络的信息、允许通过第二NPN证书接入NPN类型网络的权限;和/或,所述第二证书的更新信息包括以下至少一项:允许通过第二证书接入的网络的信息、允许通过第二证书接入NPN类型网络的权限、允许通过第二证书接入被请求的NPN的指示信息、允许通过第二证书接入NPN类型的网络的指示信息。
- 根据权利要求3所述的方法,其中,所述允许通过第二NPN的证书接入的网络包括所述第四网络;和/或所述允许通过第二证书接入的网络包括所述第四网络。
- 根据权利要求1所述的方法,其中,所述发送第一信息的步骤之后,接收以下至少一项:第一服务器的地址信息,第一服务器对应的NPN的标识信息。
- 根据权利要求5所述的方法,其中,当满足第四条件时,忽略或丢弃所述第一服务器的地址信息和/或第一服务器对应的NPN的标识信息。所述第四条件包括以下至少一项:终端支持和/或请求控制面类型的证书下载方式终端支持和/或请求控制面类型的第一接入方式;终端不支持和/或不请求用户面类型的证书下载方式终端不支持和/或不请求用户面类型的第一接入方式;所述第一服务器不是第一NPN的证书的配置服务器。
- 一种接入控制方法,应用于第二通信设备,包括:获取第一信息;根据所述第一信息,执行第一操作;其中,所述执行第一操作包括以下至少一项:确认终端对接入第一NPN的权限的请求;确认是否允许终端获取接入第一NPN的权限;确认是否允许为终端配置第一NPN的证书信息;确认是否允许为终端增加通过第二证书接入第一NPN的权限;确认是否允许为终端增加通过第二证书接入NPN类型网络的权限;确认为终端配置第二NPN的证书信息,或者确认为终端增加通过第二证书接入第三NPN的权限,或者确认为终端增加通过第二证书接入NPN类型网络的权限;确定第一服务器;发送第一服务器的地址信息和/或第一服务器对应的NPN的标识信息;确定第二服务器;确定第二信息;向第一服务器、和/或第二服务器发起终端的证书配置请求或配置更新请求;向第一服务器、和/或第二服务器发送第二信息;其中,所述第一服务器是以下之一:为终端配置第二NPN的证书的配置服务器,为终端配置用于接入NPN的证书的配置服务器,终端为了下载用于接入NPN的证书而需要访问的服务器;所述第二服务器是为终端配置第二证书的配置服务器;所述第二信息包括所述第一信息中的全部信息或者部分信息。
- 根据权利要求7所述的方法,其中,所述第一信息包括以下至少一项:第一NPN的信息、第二网络的索引信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息、用于请求 证书下载的指示信息、用于请求第一接入方式的指示信息、第一接入方式的类型信息、证书下载方式的类型信息;所述第一NPN的信息能够用于以下至少一项:请求接入第一NPN的权限、请求第一NPN的证书、请求通过第二证书接入第一NPN、请求接入NPN类型的网络的权限;所述第一指示信息用于请求接入第一NPN的权限,或用于请求当前接入网络的权限,或用于请求接入NPN类型网络的权限;所述第二指示信息用于请求第一NPN的证书,或用于请求当前接入网络的证书,或用于请求接入NPN类型网络的证书;所述第三指示信息用于请求通过第二证书接入第一NPN的权限,或用于请求通过当前接入网络的证书接入第一NPN的权限;所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限;所述第二证书包括终端已经具有的证书;所述第一接入方式的类型信息指示以下至少一项:控制面类型的第一接入方式、用户面类型的第一接入方式;所述证书下载方式的类型信息指示以下至少一项:控制面类型的证书下载方式、用户面类型的证书下载方式。
- 根据权利要求7所述的方法,其中,发送第一服务器的地址信息和/或第一服务器对应的NPN的标识信息包括:当满足第三条件时,发送第一服务器的地址信息和/或第一服务器对应的NPN的标识信息;其中,所述第三条件包括:所述第一接入方式的类型信息指示用户面类型的第一接入方式;所述证书下载方式的类型信息指示用户面类型的证书下载方式。
- 根据权利要求7所述的方法,其中,所述第二通信设备在满足第一条件的情况下,执行确定第一服务器的操作、确定第二信息和/或执行向第一服务器发送第二信息的操作;其中,所述第一条件包括以下至少一项:确认允许终端获取接入第一NPN的权限;确认允许为终端配置第一NPN的证书信息;确认为终端配置第二NPN的证书信息;获取第一信息中的第一指示信息;获取第一信息中的第二指示信息;获取第一信息中的第一NPN的信息;其中,所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN。
- 根据权利要求7所述的方法,其中,所述第二通信设备在满足第二条件的情况下,执行确定第二服务器的操作、确定第二信息和/或执行向第一服务器发送第二信息的操作;其中,所述第二条件包括以下至少一项:确认允许终端获取接入第一NPN的权限;确认允许为终端增加通过第二证书接入第一NPN的权限;确认为终端增加通过第二证书接入第三NPN的权限;获取第一信息中的第一指示信息;获取第一信息中的第三指示信息;获取第一信息中的第四指示信息;获取第一信息中的第一NPN的信息;获取第一信息中的第二网络的索引信息;其中,所述第三NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN。
- 根据权利要求7所述的方法,其中,所述向第一服务器发送第二信息的步骤之后,所述方法还包括:获取第二NPN的证书信息;发送所述获取的第二NPN的证书信息;和/或所述向第二服务器发送第二信息的步骤之后,所述方法还包括:获取第二证书的更新信息;发送所述获取的第二证书的更新信息。
- 一种接入控制方法,应用于第三通信设备,包括:获取第一信息或第二信息;根据所述第一信息或第二信息,执行第二操作;其中,所述执行第二操作包括以下至少一项:确认终端对接入第一NPN的权限的请求;确认是否允许为终端配置第一NPN的证书信息;确认是否允许为终端配置第一NPN的证书信息;确认是否允许为终端增加通过第二证书接入第一NPN的权限;确认是否允许为终端增加通过第二证书接入NPN类型网络的权限;为终端配置第二NPN的证书信息,或者为终端增加通过所述第二证书接入第三NPN的权限,或者为终端增加通过所述第二证书接入NPN类型网络的权限;发送第二NPN的证书信息,或者发送第二证书的更新信息;其中,所述第二证书包括终端已经具有的证书;所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;所述第三NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;所述第二NPN与所述第三NPN相同或者不同。
- 根据权利要求13所述的方法,其中,所述第一信息包括以下至少一项:第一NPN的信息、第二网络的索引信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息;所述第一NPN的信息能够用于以下至少一项:请求接入第一NPN的权限、请求第一NPN的证书、请求通过第二证书接入第一NPN、请求接入NPN类型的网络的权限;所述第一指示信息用于请求接入第一NPN的权限,或用于请求当前接入网络的权限,或用于请求接入NPN类型网络的权限;所述第二指示信息用于请求第一NPN的证书,或用于请求当前接入网络的证书,或用于请求接入NPN类型网络的证书;所述第三指示信息用于请求通过第二证书接入第一NPN的权限,或用于请求通过当前接入网络的证书接入第一NPN的权限;所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限。
- 根据权利要求13所述的方法,其中,所述第二信息包括以下至少一项:NPN的信息、第二网络的索引信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息;所述NPN的信息能够用于以下至少一项:请求接入NPN的权限、请求所述NPN的证书、请求通过第二证书接入所述NPN、请求接入NPN类型的网络的权限;所述第一指示信息用于请求接入所述NPN的权限,或用于请求当前接入网络的权限,或用于请求接入NPN类型网络的权限;所述第二指示信息用于请求所述NPN的证书,或用于请求当前接入网络的证书,或用于请求接入NPN类型网络的证书;所述第三指示信息用于请求通过第二证书接入所述NPN的权限,或用于请求通过当前接入网络的证书接入所述NPN的权限;所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限。
- 根据权利要求13所述的方法,其中,所述第一NPN的证书信息包括以下至少一项:第一NPN的证书、允许通过第一NPN的证书接入的网络的信息、允许通过第一NPN证书接入NPN类型网络的权限;和/或,所述第二NPN的证书信息包括以下至少一项:第二NPN的证书、允许通过第二NPN的证书接入的网络的信息、允许通过第二NPN证书接入NPN类型网络的权限;和/或,所述第二证书的更新信息包括以下至少一项:允许通过第二证书接入的网络的信息、允许通过第二证书接入NPN类型网络的权限、允许通过第二证书接入被请求的NPN的指示信息、允许通过第二证书接入NPN类型的网络的指示信息;其中,所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN。
- 一种接入控制方法,应用于第一通信设备,包括:获取第三信息;其中,所述第三信息包括第二NPN的证书信息和第二证书的更新信息中的至少一者;所述第二证书包括第一通信设备已经具有的证书;第二NPN是一个或多个NPN;根据所述第三信息,执行接入第二NPN或第四网络的操作;其中,所述第四网络是以下之一:不同于第二NPN的其他网络、不同于第二网络的其他网络;所述第二NPN的证书信息包括以下至少一项:第二NPN的证书、允许通过第二NPN的证书接入的网络的信息、允许通过第二NPN证书接入NPN类型网络的权限;所述当前接入网络的证书信息包括以下至少一项:允许通过当前接入网络的证书接入的网络的信息、允许通过当前接入网络的证书接入被请求的NPN的指示信息、允许通过当前接入网络的证书接入NPN类型的网络的指示信息;所述第二证书的更新信息包括以下至少一项:允许通过第二证书接入的网络的信息、允许通过第二证书接入NPN类型网络的权限、允许通过第二证书接入被请求的NPN的指示信息、允许通过第二证书接入NPN类型的网络的指示信息。
- 根据权利要求17所述的方法,其中,所述允许通过第二NPN的证书接入的网络包括所述第四网络;和/或所述允许通过第二证书接入的网络包括所述第四网络。
- 一种通信设备,所述通信设备为第一通信设备,包括:发送模块,用于发送第一信息;其中,所述第一信息包括以下至少一项:第一独立组网的非公众网络NPN的信息、第二网络的索引信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息、用于请求证书下载的指示信息、用于请求第一接入方式的指示信息、第一接入方式的类型信息、证书下载方式的类型信息;所述第一NPN的信息能够用于以下至少一项:请求接入第一NPN的权限、请求第一NPN的证书、请求通过第二证书接入第一NPN、请求接入NPN 类型的网络的权限;所述第一指示信息用于请求接入第一NPN的权限,或用于请求当前接入网络的权限,或用于请求接入NPN类型网络的权限;所述第二指示信息用于请求第一NPN的证书,或用于请求当前接入网络的证书,或用于请求接入NPN类型网络的证书;所述第三指示信息用于请求通过第二证书接入第一NPN的权限,或用于请求通过当前接入网络的证书接入第一NPN的权限;所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限;所述第二证书包括第一通信设备已经具有的证书;其中,所述第一接入方式包括:为了下载用于接入第二网络的证书而接入第一网络的接入方式;所述第一网络和所述第二网络是同一个网络或者不同的网络;所述第一接入方式的类型信息指示以下至少一项:控制面类型的第一接入方式、用户面类型的第一接入方式;所述证书下载方式的类型信息指示以下至少一项目:控制面类型的证书下载方式、用户面类型的证书下载方式。
- 一种通信设备,所述通信设备为第二通信设备,包括:第一获取模块,用于获取第一信息;第一执行模块,用于根据所述第一信息,执行第一操作;其中,所述执行第一操作包括以下至少一项:确认终端对接入第一NPN的权限的请求;确认是否允许终端获取接入第一NPN的权限;确认是否允许为终端配置第一NPN的证书信息;确认是否允许为终端增加通过第二证书接入第一NPN的权限;确认是否允许为终端增加通过第二证书接入NPN类型网络的权限;确认为终端配置第二NPN的证书信息,或者确认为终端增加通过第二证书接入第三NPN的权限,或者确认为终端增加通过第二证书接入NPN类型网络的权限;确定第一服务器;发送第一服务器的地址信息和/或第一服务器对应的NPN的标识信息;确定第二服务器;确定第二信息;向第一服务器、和/或第二服务器发起终端的证书配置请求或配置更新请求;向第一服务器、和/或第二服务器发送第二信息;其中,所述第一服务器是以下之一:为终端配置第二NPN的证书的配置服务器,为终端配置用于接入NPN的证书的配置服务器,终端为了下载用于接入NPN的证书而需要访问的服务器;所述第二服务器是为终端配置第二证书的配置服务器;所述第二信息包括所述第一信息中的全部信息或者部分信息。
- 一种通信设备,所述通信设备为第三通信设备,包括:第二获取模块,用于获取第一信息或第二信息;第二执行模块,用于根据所述第一信息或第二信息,执行第二操作;其中,所述执行第二操作包括以下至少一项:确认终端对接入第一NPN的权限的请求;确认是否允许为终端配置第一NPN的证书信息;确认是否允许为终端配置第一NPN的证书信息;确认是否允许为终端增加通过第二证书接入第一NPN的权限;确认是否允许为终端增加通过第二证书接入NPN类型网络的权限;为终端配置第二NPN的证书信息,或者为终端增加通过所述第二证书接入第三NPN的权限,或者为终端增加通过所述第二证书接入NPN类型网络的权限;发送第二NPN的证书信息,或者发送第二证书的更新信息;其中,所述第二证书包括终端已经具有的证书;所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;所述第三NPN是所述第一NPN中所有NPN,或者是所述第一NPN中 的一部分NPN;所述第二NPN与所述第三NPN相同或者不同。
- 一种通信设备,所述通信设备为第四通信设备,包括:第三获取模块,用于获取第三信息;其中,所述第三信息包括第二NPN的证书信息和第二证书的更新信息中的至少一者;所述第二证书包括第一通信设备已经具有的证书;第二NPN是一个或多个NPN;第三执行模块,用于根据所述第三信息,执行接入第二NPN或第四网络的操作;其中,所述第四网络是以下之一:不同于第二NPN的其他网络、不同于第二网络的其他网络;所述第二NPN的证书信息包括以下至少一项:第二NPN的证书、允许通过第二NPN的证书接入的网络的信息、允许通过第二NPN证书接入NPN类型网络的权限;所述当前接入网络的证书信息包括以下至少一项:允许通过当前接入网络的证书接入的网络的信息、允许通过当前接入网络的证书接入被请求的NPN的指示信息、允许通过当前接入网络的证书接入NPN类型的网络的指示信息;所述第二证书的更新信息包括以下至少一项:允许通过第二证书接入的网络的信息、允许通过第二证书接入NPN类型网络的权限、允许通过第二证书接入被请求的NPN的指示信息、允许通过第二证书接入NPN类型的网络的指示信息。
- 一种通信设备,包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如权利要求1至6中任一项所述的接入控制方法的步骤,或者,实现如权利要求7至12中任一项所述的接入控制方法的步骤,或者,实现如权利要求13至16中任一项所述的接入控制方法的步骤,或者,实现如权利要求17或18所述的接入控制方法的步骤。
- 一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至6中任一项所述的接入控制方法的步 骤,或者,实现如权利要求7至12中任一项所述的接入控制方法的步骤,或者,实现如权利要求13至16中任一项所述的接入控制方法的步骤,或者,实现如权利要求17或18所述的接入控制方法的步骤。
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010307389.X | 2020-04-17 | ||
CN202010307389 | 2020-04-17 | ||
CN202110078153.8A CN113556746A (zh) | 2020-04-17 | 2021-01-20 | 接入控制方法及通信设备 |
CN202110078153.8 | 2021-01-20 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021208857A1 true WO2021208857A1 (zh) | 2021-10-21 |
Family
ID=78084048
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/086626 WO2021208857A1 (zh) | 2020-04-17 | 2021-04-12 | 接入控制方法及通信设备 |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2021208857A1 (zh) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109391940A (zh) * | 2017-08-02 | 2019-02-26 | 华为技术有限公司 | 一种接入网络的方法、设备及系统 |
CN110753346A (zh) * | 2019-10-30 | 2020-02-04 | 北京微智信业科技有限公司 | 移动通信专网密钥生成方法、装置及控制器 |
-
2021
- 2021-04-12 WO PCT/CN2021/086626 patent/WO2021208857A1/zh active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109391940A (zh) * | 2017-08-02 | 2019-02-26 | 华为技术有限公司 | 一种接入网络的方法、设备及系统 |
CN110753346A (zh) * | 2019-10-30 | 2020-02-04 | 北京微智信业科技有限公司 | 移动通信专网密钥生成方法、装置及控制器 |
Non-Patent Citations (3)
Title |
---|
ERICSSON; SONY; NOKIA; NOKIA SHANGHAI BELL; OPPO; FUTUREWEI; INTEL; CHINA TELECOM; LENOVO; MOTOROLA MOBILITY; CONVIDA WIRELESS; CI: "KI#4: Conclusion update – UE Onboarding indications", 3GPP DRAFT; S2-2008467, vol. SA WG2, 9 November 2020 (2020-11-09), pages 1 - 3, XP051952522 * |
INTEL: "NPN access authentication based on PLMN subscription and credentials", 3GPP DRAFT; S1-191560-WASS1-191374-WASS1-191192-AVPROD-NPN-PLMN-V5, vol. SA WG1, 9 May 2019 (2019-05-09), Suzhou, China, pages 1 - 6, XP051743721 * |
QUALCOMM INCORPORATED: "Adding network binding requirement to the keys issue #1.1 on standalone public networks", 3GPP DRAFT; S3-190993_V3_UPDATE_OF_S3-190789, vol. SA WG3, 18 March 2019 (2019-03-18), Stockholm (Sweden), pages 1 - 2, XP051697916 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2842287A1 (en) | Content control in telecommunications networks | |
JP7372254B2 (ja) | 3gpp・セルラー外のアクセスのための、5gネットワークにおけるアクセス・ノードの選択、及び、合法的な傍受に従う地域的要件の表示傍受を意識したアクセス・ノードの選択 | |
WO2020048469A1 (zh) | 一种通信的方法及装置 | |
US8023484B1 (en) | Method for obtaining a mobile internet protocol address | |
WO2016180113A1 (zh) | WiFi语音业务发起的方法、LTE通信设备、终端及通信系统 | |
US11962585B2 (en) | Guest onboarding of devices onto 3GPP-based networks with use of realm-based discovery of identity providers and mutual authentication of identity federation peers | |
WO2020147833A1 (zh) | 支持ue关联的方法及通信设备 | |
EP3335394A1 (en) | Method and apparatus for extensible authentication protocol | |
WO2022171086A1 (zh) | 支持信息获得的方法、装置、设备及可读存储介质 | |
US11812520B2 (en) | Methods and systems for providing network connectivity to a secure access service edge (SASE) domain | |
US8036222B1 (en) | Method for obtaining a mobile internet protocol address | |
JP2023527193A (ja) | サービス取得方法、装置、通信機器及び可読記憶媒体 | |
WO2017129101A1 (zh) | 路由控制方法、装置及系统 | |
US8279872B1 (en) | Method for obtaining a mobile internet protocol address | |
WO2020208294A1 (en) | Establishing secure communication paths to multipath connection server with initial connection over public network | |
WO2021208857A1 (zh) | 接入控制方法及通信设备 | |
US11622313B1 (en) | Methods and systems for transitioning between client-less and client-based network connectivity to a secure access service edge (SASE) domain | |
CN114071465A (zh) | 接入控制方法、装置及通信设备 | |
JP7090719B2 (ja) | 移動通信ネットワーク構成及び移動通信ネットワーク構成を非公衆ネットワークをサポートするように動作させる方法 | |
CN115038081B (zh) | 通信方法和通信设备 | |
WO2022022739A1 (zh) | 接入控制方法、装置及通信设备 | |
WO2014121613A1 (zh) | 一种位置信息的获取方法及相应装置 | |
CN113556746A (zh) | 接入控制方法及通信设备 | |
CN113498055B (zh) | 接入控制方法及通信设备 | |
WO2022037611A1 (zh) | 接入网络、网络选择的方法、装置及通信设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21788951 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21788951 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/04/2023) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21788951 Country of ref document: EP Kind code of ref document: A1 |