WO2022095966A1 - 一种通信方法、相关装置和系统 - Google Patents
一种通信方法、相关装置和系统 Download PDFInfo
- Publication number
- WO2022095966A1 WO2022095966A1 PCT/CN2021/129025 CN2021129025W WO2022095966A1 WO 2022095966 A1 WO2022095966 A1 WO 2022095966A1 CN 2021129025 W CN2021129025 W CN 2021129025W WO 2022095966 A1 WO2022095966 A1 WO 2022095966A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- sepp
- roaming
- message
- ipx
- feedback
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 180
- 238000004891 communication Methods 0.000 title claims abstract description 70
- 230000008569 process Effects 0.000 claims abstract description 94
- 230000004044 response Effects 0.000 claims description 120
- 230000006870 function Effects 0.000 claims description 41
- 230000011664 signaling Effects 0.000 claims description 39
- 238000012545 processing Methods 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012546 transfer Methods 0.000 claims description 11
- 239000011814 protection agent Substances 0.000 claims description 3
- 101000684181 Homo sapiens Selenoprotein P Proteins 0.000 claims 93
- 102100023843 Selenoprotein P Human genes 0.000 claims 93
- 229940119265 sepp Drugs 0.000 claims 93
- 230000005540 biological transmission Effects 0.000 description 11
- 238000012986 modification Methods 0.000 description 11
- 230000004048 modification Effects 0.000 description 11
- 238000007726 management method Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000001514 detection method Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 3
- 239000002699 waste material Substances 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 238000001816 cooling Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/18—Service support devices; Network management devices
Definitions
- the present application relates to the field of communication technologies, and in particular, to a communication method, related apparatus and system.
- the 3rd generation partner project defines a security and edge protection proxy (SEPP) device as a border security gateway for the 5G core network (5G core, 5GC).
- SEPP security and edge protection proxy
- FIG. 1 the SEPP device 101 and the SEPP device 102 communicate through an N32-C (N32c for short) link and an N32-F (N32f for short) link.
- the SEPP device 102 receives the roaming signaling from the SEPP device 101 and forwarded by one or more IP exchange service (IP exchange service, IPX) devices included in the N32f link. If the SEPP device 102 determines that the roaming signaling cannot be processed, the SEPP device 102 sends an error report to the SEPP device 101 through the N32c link, and the error report indicates that the SEPP device 102 cannot process the roaming signaling.
- IP exchange service IP exchange service
- Embodiments of the present application provide a communication method, a related device, and a system, which are used to reduce the occupation of N32c link resources in the process of sending an error report.
- an embodiment of the present invention provides a communication method, the method includes: a first security and border agent SEPP device receives a roaming message from an IP switching operator IPX device, where the roaming message is used to implement the first SEPP device roaming service with the second SEPP device; the first SEPP device determines that the roaming message cannot be processed, and sends a feedback message to the IPX device, where the feedback message is used to indicate that the first SEPP device cannot process the roaming message.
- the first SEPP device determines that it cannot process the roaming message from the second SEPP device, the first SEPP device can send a message to the second SEPP device through the N32f link to indicate that the first SEPP device cannot The feedback message processed by the roaming message, so as to realize the sending of the error report by sending the feedback message. Since the feedback message is transmitted through the N32f link, it can be seen that the transmission of the feedback message does not need to occupy the resources of the N32c link, and the transmission of the roaming message and the feedback message can be realized through the N32f link, reducing the transmission of the first SEPP device to the second SEPP. The device indicates the difficulty of processing the roaming message, which improves the efficiency.
- the way that the IPX device included in the N32f link sends a feedback message to the second SEPP device can improve the utilization rate of each IPX device, make full use of each IPX device on the N32f link, and avoid transmission through the N32c link.
- the IPX device effectively occupies system resources, which improves the utilization efficiency of system resources and avoids waste of system resources.
- the method further includes: in the case that the target shared key has been exchanged between the first SEPP device and the second SEPP device through the N32c link, the first SEPP device The SEPP device releases the N32c link, and the target shared key is used to implement secure communication between the first SEPP device and the second SEPP device.
- the method further includes: the first SEPP device sends a release request message to the second SEPP device through the N32c link, where the release request message is used to request the second SEPP device to release the N32c link.
- the method further includes: the first SEPP device releases the connection relationship between the transport layer security (transport layer security, TLS) link and the N32c link, and clears the connection with the N32c link. Link-related resources to release the N32c link. After the N32c link is released, the TLS link can be released.
- transport layer security transport layer security
- the process of transmitting the feedback message through the N32f link is performed between the first SEPP device and the second SEPP device.
- the first SEPP device and the second SEPP device can communicate with the N32c link.
- the channel is released, thereby effectively saving the overhead of maintaining the long connection of the N32c link.
- the method further includes: the first SEPP device sends a message to the IPX device. Send a roaming request message, where the roaming request message is used to request a roaming service from the second SEPP device, and the roaming request message includes the address of the second SEPP device; the roaming message is generated by the second SEPP device according to the roaming request message Roaming response message.
- the first SEPP device acts as a requester of the roaming service
- the second SEPP device acts as a responder of the roaming service.
- the first SEPP device requests a roaming service from the second SEPP device through the roaming request message.
- the method further includes: the first SEPP device determines the address of the corresponding second SEPP device according to the N32f context identifier included in the roaming message; the first SEPP device generates the address of the second SEPP device; A feedback message, where the feedback message includes the address of the second SEPP device, and the feedback message is used to indicate that the first SEPP device cannot process the roaming response message.
- the first SEPP device determines that the roaming response message cannot be processed, the first SEPP device sends a feedback message to the second SEPP device through the N32f link. Sending the feedback message to the second SEPP device through the N32f does not need to occupy the resources of the N32c link, thereby improving the utilization rate of each IPX device included in the N32c link.
- the roaming message is a roaming request message for requesting a roaming service from the first SEPP device, and the roaming message includes the address of the first SEPP device.
- the first SEPP device acts as a responder of the roaming service
- the second SEPP device acts as a requester of the roaming service.
- the second SEPP device requests a roaming service from the first SEPP device through the roaming message.
- the method further includes: the first SEPP device determines that the roaming message satisfies at least one of the following items, and then determines that the first SEPP device cannot process the roaming message: Failed to decrypt the roaming message, failed the integrity check of the roaming message, failed the integrity check of the modified block of the roaming message, failed to apply a JSON patch to the modified block of the roaming message, or reconstructed from the roaming message Hypertext Transfer Security Next Generation HTTP/2 message failed.
- the feedback message is further used to indicate the reason why the first SEPP device cannot process the roaming message, where the reason may be one or more of the following reasons item:
- reconstructing the HTTP/2 message according to the roaming message may be to extract the HTTP/2 message in the message body of the roaming message.
- the feedback message includes an N32f context identifier, where the N32f context identifier is used to indicate a target shared key for decrypting the feedback message.
- the method further includes: the first SEPP device sends the feedback message to the network function NF.
- an embodiment of the present invention provides a communication method, the method includes: a second security and border proxy SEPP device receives a signaling message sent from a network function device NF, and sends a roaming message to an IP switching operator IPX device, The roaming message is used to implement a roaming service between the first SEPP device and the second SEPP device, and the roaming message includes the signaling message; the second SEPP device receives a feedback message from the IPX device, and the feedback message is used to indicate that the first SEPP device cannot process the roaming message.
- the method further includes: in the case that the target shared key has been exchanged between the first SEPP device and the second SEPP device through the N32c link, the second SEPP device The SEPP device releases the N32c link, and the target shared key is used to implement secure communication between the first SEPP device and the second SEPP device.
- the second SEPP device receives a release request message from the first SEPP device, where the release request message is used to request the second SEPP device to release the N32c link.
- the second SEPP device clears the resources related to the N32c link on the second SEPP device side according to the release request message N32c link. After the N32c link is released, the TLS link can be released.
- the method further includes: the second SEPP device receives data from the IPX device.
- the roaming request message is used to request a roaming service from the second SEPP device, and the roaming request message includes the address of the second SEPP device; the second SEPP device generates a roaming response message according to the roaming request message, the The roaming response message is the roaming message.
- the feedback message includes the address of the second SEPP device, and the feedback message is used to indicate that the first SEPP device cannot process the roaming response message.
- the roaming message is a roaming request message for requesting a roaming service from the first SEPP device, and the roaming message includes the address of the first SEPP device.
- the feedback message is further used to indicate the reason why the first SEPP device cannot process the roaming message.
- the reason is at least one of the following: the roaming message cannot be decrypted, the integrity detection of the roaming message fails, the modification block of the roaming message The integrity check of the roaming message fails, the application of the JSON patch to the modified block of the roaming message fails, or the reconstruction of the Next Generation Hypertext Transfer Security Protocol HTTP/2 message from the roaming message fails.
- the feedback message includes an N32f context identifier
- the method further includes: the second SEPP device obtains the N32f The target shared key corresponding to the context identifier; the second SEPP device decrypts the feedback message by using the target shared key.
- embodiments of the present invention provide a security and border protection agent SEPP device, including: at least one processor and a mutually coupled memory, where computer program codes are stored in the memory, and the processor invokes and executes the memory in the memory.
- the computer program code of the SEPP device causes the SEPP device to perform the method shown in any one of the above-mentioned first aspects or to perform the method shown in any of the above-mentioned second aspects.
- an embodiment of the present invention provides a security and border protection proxy SEPP device, including: a receiving unit, a processing unit, and a sending unit, where the receiving unit is configured to perform any one of the above-mentioned first aspect or second aspect.
- the receiving-related steps the processing unit is used to perform the processing-related steps shown in any one of the above-mentioned first aspect or the second aspect
- the sending unit is used to perform any one of the above-mentioned first or second aspects The steps associated with sending are shown.
- an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the computer program can perform any of the above-mentioned first aspects. method or perform the method shown in any one of the above second aspects.
- an embodiment of the present invention provides a communication system, including a first security and border proxy SEPP device and a second SEPP device, wherein the first SEPP device is configured to perform as shown in any one of the foregoing first aspects method, the second SEPP device is configured to execute the method shown in any one of the above second aspects.
- an embodiment of the present invention provides a communication apparatus, including: at least one input device, a processor, and at least one output device; wherein the input device is configured to perform any one of the first or second aspects above.
- the receiving-related steps shown the processor is used to execute the processing-related steps shown in any one of the first aspect or the second aspect, and the output device is used to execute any one of the first or second aspects.
- the steps associated with sending are shown.
- an embodiment of the present invention provides a communication device, including: an input interface circuit, a logic circuit, and an output interface circuit, where the logic circuit is configured to execute the above-mentioned first aspect executed by the first SEPP device in the embodiment of the present application The method shown in any one of the above, or the logic circuit is configured to execute the method shown in any one of the above-mentioned second aspect performed by the second SEPP device in the embodiment of the present application.
- an embodiment of the present invention provides a computer program product including instructions, when the computer program product is run on a computer device, the computer device is made to execute any one of the above-mentioned first aspects that can be executed by a first SEPP device The method shown in the item, or, the computer device is caused to perform the method shown in any one of the above-mentioned second aspect which can be performed by the second SEPP device.
- an embodiment of the present invention provides a communication system, including a first security and border proxy SEPP device and an IPX device, where the IPX device is configured to send a roaming message to the first SEPP device, and the roaming message uses is configured to implement the roaming service between the first SEPP device and the second SEPP device; the first SEPP device is configured to execute the method shown in any one of the foregoing first aspects.
- an embodiment of the present invention provides a communication system, including: a network function device NF and a second security and border protection proxy SEPP device, the network function device NF is configured to perform sending to the second SEPP device The step of signaling message; the second SEPP device is configured to execute the method shown in any one of the above second aspect.
- the address of the SEPP device may be a fully qualified domain name (fully qualified domain name, FQDN), physical address, IP address, etc. of the SEPP device.
- the address of the SEPP device may be referred to as the identity of the SEPP device.
- the roaming message may be a service discovery request or a network slicing request.
- Fig. 1 is a kind of structural example diagram of the communication system
- FIG. 2 is a schematic diagram of a 5G network architecture provided by an embodiment of the present application.
- Fig. 3 is another kind of structural example diagram of the communication system
- FIG. 4 is a flowchart of steps of a communication method provided by an embodiment of the present application.
- FIG. 5 is a flowchart of steps of another communication method provided by an embodiment of the present application.
- FIG. 6 is a flowchart of steps of another communication method provided by an embodiment of the present application.
- FIG. 7 is a structural example of a SEPP device provided by an embodiment of the present application.
- FIG. 8 is a schematic structural diagram of a communication device according to an embodiment of the present application.
- FIG. 9 is a schematic diagram of an interface of a single board in a communication device according to an embodiment of the present application.
- FIG. 10 is another structural example of the SEPP device provided by the embodiment of the present application.
- FIG. 2 is a schematic diagram of a 5G network architecture exemplified by an embodiment of the present application.
- the 5G network splits some functional equipment of the 4G network (such as mobility management entity (MME), etc.), and defines an architecture based on a service-oriented architecture.
- MME mobility management entity
- FIG. 2 the functions similar to the MME in the 4G network are split into an access and mobility management function (AMF) and a session management function (SMF) and many more.
- AMF access and mobility management function
- SMF session management function
- a user equipment accesses a data network (DN) by accessing an operator network, so that the UE can use services provided by the operator or a third party on the data network.
- DN data network
- the user terminal, user equipment, terminal equipment, mobile terminal or terminal in the embodiments of the present application may be collectively referred to as UE. That is, unless otherwise specified, the UEs described later in the embodiments of the present application can be replaced with user terminals, user equipment, terminal equipment, mobile terminals or terminals, and of course, they can also be interchanged.
- the access and mobility management function is a control plane functional device in the 3GPP network, which is mainly responsible for the access control and mobility management of the UE accessing the operator's network.
- the security anchor function (security anchor function, SEAF) may be deployed in the AMF, or the SEAF may also be deployed in another device different from the AMF. In FIG. 2, the SEAF is deployed in the AMF as an example. When SEAF is deployed in AMF, SEAF and AMF may be collectively referred to as AMF.
- a session management function is a control plane functional device in a 3GPP network.
- the SMF is mainly used to manage the packet data unit (packet data unit, PDU) session of the UE.
- the PDU session is a channel for transmitting PDUs, and the UE can send PDUs to and from the DN through the PDU session.
- the SMF is responsible for management such as establishment, maintenance and deletion of PDU sessions.
- a data network also known as a packet data network (PDN) is a network outside the 3GPP network.
- PDN packet data network
- the 3GPP network can access multiple DNs, and multiple services provided by operators or third parties can be deployed on the DNs.
- the unified data management entity is also a control plane functional device in the 3GPP network, and the UDM is mainly responsible for storing the subscription data, credentials (credential) and persistent identity of the subscriber (UE) in the 3GPP network. subscriber permanent identifier, SUPI), etc. These data can be used for authentication and authorization of the UE to access the operator's 3GPP network.
- UDM can also integrate the functions of home subscriber server (HSS) and home location register (HLR) in the network.
- HSS home subscriber server
- HLR home location register
- the authentication server function (authentication server function, AUSF) is also a control plane functional device in the 3GPP network, and the AUSF is mainly used for the first-level authentication (that is, the 3GPP network authenticates its subscribers).
- the network exposure function is also a control plane function device in the 3GPP network.
- NEF is mainly responsible for opening the external interface of 3GPP network to third parties in a secure manner.
- the network repository function is also a control plane functional device in the 3GPP network. It is mainly responsible for storing the configuration and service profiles of the accessible network functions (NF) and providing network functions for other network elements. discovery service.
- the user plane function is the gateway for the communication between the 3GPP network and the DN.
- the policy control function is a control plane functional device in the 3GPP network, which is used to provide the policy of the PDU session to the SMF.
- Policies may include charging, quality of service (QoS), authorization-related policies, and the like.
- the access network is a sub-network of the 3GPP network. To access the 3GPP network, the UE first passes through the AN. In the wireless access scenario, AN is also called radio access network (RAN).
- RAN radio access network
- the SEPP device As a border security gateway of the 5G core network (5GC), the SEPP device is mainly used as the agent for the interconnection between the operator networks.
- the signaling messages between the internal network function (NF) of the 5G core network and the roaming network are forwarded through the SEPP device. .
- a 3GPP network refers to a network that conforms to the 3GPP standard.
- the part other than the UE and the DN in FIG. 2 can be regarded as a 3GPP network.
- 3GPP networks are not limited to 5G networks, but also include 2G, 3G, and 4G networks.
- 3GPP networks are operated by operators.
- N1, N2, N3, N4, N6, etc. in the architecture shown in FIG. 2 represent reference points between related entities or network functions, respectively. Nausf, Namf... etc. respectively represent service-oriented interfaces of related network functions.
- 3GPP networks and non-3GPP networks may coexist, and some network elements in 5G networks may also be applied to some non-5G networks.
- the SEPP device as a border security gateway, supports the integrity and confidentiality protection of the transmission message, and also supports the IPX device to identify or modify at least one of the content of the transmission message, wherein the SEPP device modifies
- the transport message may modify the header of the transport message for the SEPP device.
- An IPX device may include a Diameter routing agent (DRA) device or a domain name server (DNS). Additionally, IPX devices may be referred to as hypertext transfer protocol (HTTP) proxies.
- DRA Diameter routing agent
- DNS domain name server
- HTTP hypertext transfer protocol
- the SEPP device may also be referred to as SEPP for short (for example, the first SEPP device is referred to as the first SEPP, the second SEPP device is referred to as the second SEPP, and so on), that is, SEPP and SEPP devices can be mixed.
- SEPP SEPP
- the IPX device is referred to as IPX for short (for example, the first IPX device is referred to as the first IPX, the second IPX device is referred to as the second IPX, and so on), that is, IPX and IPX devices can be mixed.
- the types of SEPP devices can be divided into visiting SEPP devices (visit SEPP devices, vSEPP devices) and home SEPP devices (home SEPP devices, hSEPP devices).
- the SEPP device 101 and the SEPP device 102 may be connected through an N32 interface.
- the SEPP device 101 and the SEPP device 102 are directly connected through the N32-C (N32c for short) interface, and the N32c interface is used between the SEPP device 101 and the SEPP device 102
- the communication link is the N32c link, and the N32c link is used to perform initial handshake and negotiation between the SEPP device 101 and the SEPP device 102 to transmit the N32 message.
- the SEPP device 102 can also be connected to the IPX device through the N32-F (N32f for short) interface, and the IPX device is then connected to the SEPP device 101 through the N32f interface.
- the link between the SEPP device 101 and the SEPP device 102 based on the N32f interface for communication is the N32f link.
- the N32f interface is used to implement communication between the network function 103 and the network function 104 .
- the network function 103 is a network function connected to the SEPP device 101
- the network function 104 is a network device connected to the SEPP device 102 .
- IPX devices may be connected between the SEPP device 101 and the SEPP device 102. This embodiment does not limit the number of IPX devices connected between the SEPP device 101 and the SEPP device 102. For example, as shown in FIG. 1, the SEPP An IPX device 105 and an IPX device 106 are sequentially connected between the device 101 and the SEPP device 102 .
- the description of the types of the two connected SEPP devices is an optional example, and is not limited.
- the types of SEPP equipment can be further divided into consumer SEPP equipment (consumer's SEPP equipment, cSEPP) and producer's SEPP equipment (producer's SEPP equipment, pSEPP).
- the vSEPP device may be a pSEPP device and the hSEPP device may be a cSEPP device.
- the vSEPP device may also be a cSEPP device and the hSEPP device may be a pSEPP device.
- one 5GC deploys one SEPP device as an example for illustration, and this embodiment does not limit the number of SEPP devices deployed by one 5GC.
- the public land mobile network (PLMN) of operator A includes 5GC310 and SEPP devices 311 respectively connected to 5GC310...SEPP devices 31N, the specific value of N is not limited in this embodiment , as long as N is a positive integer greater than 1.
- Operator A is interconnected with multiple other operator networks (or roaming partners for short), wherein different roaming partners have different PLMNs.
- FIG. 3 an example is illustrated by taking operator A corresponding to roaming partner 1 and roaming partner C as an example , wherein the PLMN of the roaming partner 1 includes the 5GC 320 and the SEPP devices 321 . . . SEPP devices 32M respectively connected to the 5GC 320 .
- the PLMN of the roaming partner C includes the 5GC330 and the SEPP devices 331... SEPP devices 33P respectively connected to the 5GC330.
- the specific values of M and P are not limited in this embodiment, as long as M and P are positive integers greater than 1, respectively. .
- the SEPP device 311 of the operator A and the SEPP device 321 of the roaming partner 1 communicate through the N32c link and the N32f link.
- the SEPP device 31N of the operator A and the SEPP device 33P of the roaming partner C communicate through the N32c link and the N32f link.
- an embodiment of the present application provides a communication method.
- the communication method shown in this embodiment it is possible to perform an error reporting process between two SEPP devices without requiring an N32c link and an N32f link.
- the coordination between them effectively reduces the complexity of executing the error reporting process and improves the efficiency.
- the execution process of the communication method provided by the present application will be described below with reference to FIG. 4 :
- Step 401 Establish an N32c link and an N32f link between the first SEPP device and the second SEPP device.
- the first SEPP device and the second SEPP device shown in this embodiment may belong to PLMNs of different operators, and the first SEPP device shown in this embodiment is the requester of the roaming service, and the second SEPP device is the roaming service the responder.
- the first SEPP device is cSEPP
- the second SEPP device is pSEPP
- the first SEPP device is a vSEPP device
- the second SEPP device is an hSEPP device.
- first and second in the first SEPP device and the second SEPP device are used to distinguish two different SEPP devices, and it should be understood that the first SEPP device and the second SEPP device
- the SEPP devices are interchangeable, that is, the first SEPP device is the responder of the roaming service, and the second SEPP device is the requester of the roaming service.
- the first SEPP device and the second SEPP device may agree on a security mechanism for protecting messages transmitted on the N32f.
- Step a1 The first SEPP device sends a first request message to the second SEPP device, where the first request message at least includes initial security negotiation data and the address of the first SEPP device.
- the initial security negotiation data is security negotiation data supported by the first SEPP device, and the security negotiation data may be an N32 interconnection security protocol (protocol for N32interconnect security, PRINS) parameter or a transport layer security (transport layer security, TLS) parameter at least one of.
- N32 interconnection security protocol protocol for N32interconnect security, PRINS
- transport layer security transport layer security
- the first SEPP device pre-stores the address of the second SEPP device, then when the N32c link between the first SEPP device and the second SEPP device is established, the first SEPP device can The second SEPP device of the address of the second SEPP device sends the first request message.
- the first request message may further include information of an operator to which the first SEPP device belongs, an identifier of the first SEPP device, and the like.
- the first request message may also carry the address of the second SEPP device.
- Step a2 The second SEPP device sends a first response message to the first SEPP device.
- the first response message includes a "200" status code and target security negotiation data selected by the second SEPP device.
- the target security negotiation data is determined by the second SEPP device and supported by both the first SEPP device and the second SEPP device.
- the second SEPP device may send the first response message to the first SEPP device based on the address of the first SEPP device included in the first request message.
- the first SEPP device and the second SEPP device implement the above steps a1 and a2 to establish the N32c link.
- the first SEPP device and the second SEPP device perform initial handshake and negotiation between the first SEPP device and the second SEPP device through the N32c link to transmit the N32 message, thereby realizing the establishment of the N32f link.
- Step 402 The first NF sends a first signaling message to the first SEPP device.
- the first NF and the first SEPP device belong to the same PLMN, and the first NF requests a roaming service from the PLMN to which the second SEPP device belongs through the first signaling message.
- the specific business type is not limited.
- the roaming service may be any one of a roaming registration service, a roaming deregistration service, or a roaming location discovery service.
- the service of roaming registration refers to that the UE belonging to the PLMN of the first SEPP device moves to the PLMN to which the second SEPP device belongs, and the first signaling message is used to request to register the UE to the PLMN of the second SEPP device. In the PLMN, so that the UE can use the roaming service of the PLMN to which the second SEPP device belongs.
- the service of roaming deregistration refers to that the UE deregisters from the PLMN to which the second SEPP device belongs, and no longer uses the roaming service of the PLMN to which the second SEPP device belongs.
- the service of roaming location discovery means that the UE belonging to the PLMN of the first SEPP moves to the PLMN to which the second SEPP device belongs, and the first signaling message is used to request the second SEPP device to send the location information of the UE .
- step 401 There is no limitation in execution timing between step 401 and step 402 in this embodiment.
- Step 403 The first SEPP device sends a roaming request message to the IPX device.
- the roaming request message shown in this embodiment is a roaming message used to request a roaming service from the second SEPP.
- the first signaling message is a next-generation hypertext transfer protocol over secure/2 (https/2) message.
- the first SEPP device may convert the first signaling message into a roaming request message that can be transmitted via the N32f interface.
- the roaming request message satisfies the N32f interface protocol, so that the roaming request message can be transmitted through the N32f interface.
- the first SEPP device When the first SEPP device receives the first signaling message from the first NF, the first SEPP device can convert the first signaling message into a roaming request message.
- the roaming request message includes at least the encrypted first signaling message, the address of the second SEPP device, and the N32f context identifier.
- the first SEPP device can encrypt the first signaling message by using a target shared key (shared key for short) to generate the roaming request message, and the target shared key is described below:
- the first SEPP device and the second SEPP device invoke a transport layer security (TLS) protocol stack to establish a TLS link between the first SEPP device and the second SEPP device.
- TLS transport layer security
- the first SEPP device and the second SEPP device can use the TLS link to perform secure communication, and then the first SEPP device and the second SEPP device can use the TLS link for secure communication.
- An N32c link and an N32f link are established between the two SEPP devices. For the specific process of establishing the N32c link and the N32f link, please refer to step 401 for details, and details will not be repeated.
- the first SEPP device and the second SEPP device derive a target shared key through the TLS link, where the target shared key is used to protect the transmission of related messages on the N32f link.
- the first SEPP device and the second SEPP device when the first SEPP device and the second SEPP device establish an N32f link, the first SEPP device and the second SEPP device respectively establish an N32f context.
- the context of the N32f stored by the first SEPP device includes at least the correspondence between the N32f context identifier, the target shared key and the address of the second SEPP device.
- the context of the N32f stored by the second SEPP device includes at least the correspondence between the N32f context identifier, the target shared key and the address of the first SEPP device.
- the first SEPP device and the second SEPP device can exchange messages through the N32f link based on the N32f context.
- the corresponding relationship shown in this embodiment may be stored or recorded in a functional relationship, a table, or a mapping relationship or the like.
- the second SEPP device When the second SEPP device receives the N32f context identifier, the second SEPP device can decrypt the encrypted first signaling message by using the target shared key corresponding to the N32f context identifier to obtain the second SEPP device. a signaling message.
- the first SEPP device has acquired the roaming request message
- the first SEPP sends the roaming request message to the second SEPP device in the following manner.
- the first SEPP device sends the roaming request message to the IPX device through the N32f interface.
- the first SEPP device pre-stores the address of the IPX device, and then the first SEPP device can send the roaming request message to the IPX device having the IPX address.
- the IPX device sends the roaming request message to the second SEPP device having the address of the second SEPP device according to the address of the second SEPP device included in the roaming request message.
- the N32f link between the first SEPP device and the second SEPP device includes multiple IPX devices, for example, as shown in FIG. 1 as an example, the N32f link includes two IPX devices, namely IPX device 105 and IPX device 106 .
- the first SEPP device sends the roaming request message to the IPX device 105 connected to the first SEPP device through the N32f interface.
- the IPX device 106 determines, through the address of the second SEPP device included in the roaming request message, that the next-hop IPX device used to send the roaming request message to the second SEPP device is the IPX device 106, then the IPX device 105 can The roaming request message is sent to IPX device 106 .
- the IPX device 106 sends the roaming request message to the second SEPP device having the address of the second SEPP device through the address of the second SEPP device included in the roaming request message.
- the roaming request message shown in this embodiment mainly consists of a request header and a request body.
- the request header at least includes the HTTP/2 protocol version used by the exchange message between the first SEPP device and the second SEPP device.
- the request body includes the above roaming request message.
- Step 404 The IPX device sends a roaming request message to the second SEPP device.
- Step 405 The second SEPP device determines whether the roaming request message can be processed, if so, executes step 406, and if not, executes step 407.
- the second SEPP device can determine that the second SEPP device cannot process the roaming request message:
- the second SEPP device cannot decrypt the roaming request message, the second SEPP device fails to check the integrity of the roaming request message, the second SEPP device fails to check the integrity of the modification block of the roaming request message, and the second SEPP device fails to check the integrity of the roaming request message.
- the second SEPP device fails to apply the JSON patch to the modification block of the roaming request message or the second SEPP device fails to reconstruct the HTTP/2 message according to the roaming message.
- the fact that the second SEPP device cannot decrypt the roaming request message may be that the second SEPP device obtains the target shared key corresponding to the N32f context ID according to the N32f context ID included in the roaming request message, and then obtains the target shared key through the target shared key Decrypt the encrypted first signaling message, and if the second SEPP determines that the encrypted first signaling message cannot be decrypted based on the shared key, determine that the second SEPP device cannot decrypt the roaming request message.
- the failure of the integrity detection of the roaming request message by the second SEPP device may be that if the integrity detection of the roaming request message by the second SEPP device fails, it is determined that the roaming request message has been tampered with.
- the failure of the second SEPP device to check the integrity of the modification block of the roaming request message specifically refers to that the modification block of the roaming request message is the part that has been changed in the roaming request message, and the second SEPP device has the modification block of the roaming request message. If the integrity check of the modified block fails, it is determined that the modified block of the roaming request message has been tampered with.
- the failure of the second SEPP device to reconstruct the HTTP/2 message according to the roaming request message specifically refers to that, in this embodiment, in order to realize that the PLMN to which the second SEPP device belongs can realize the roaming requested by the roaming request message from the first SEPP device service, the second SEPP device can reconstruct the roaming request message into an HTTP/2 message, so that the second NF belonging to the second PLMN can process the second signaling message to implement the roaming request requested by the first SEPP business. It can be seen that if the second SEPP device cannot successfully reconstruct the roaming request message into an HTTP/2 message, the second SEPP device determines that the reconstruction of the HTTP/2 message fails.
- Step 406 The second SEPP device sends the second signaling message to the second NF.
- the second SEPP device can process the roaming request message
- the second SEPP device can obtain the second signaling message, and send the second signaling message to the second NF, so that the first The second NF executes the corresponding roaming service according to the second signaling message.
- the second NF can register the UE in the second PLMN, so that the second PLMN provides the UE with a roaming service.
- the second signaling message is used to deregister the UE from the second PLMN to which the second NF belongs, the second NF can deregister the UE from the second PLMN, so that the second PLMN will no longer log out to the second PLMN.
- the UE provides roaming services.
- Step 407 The second SEPP device sends a first roaming response message to the IPX device.
- the second SEPP device when the second SEPP device determines that the roaming request message cannot be processed, the second SEPP device can generate a first roaming response message, where the first roaming response message is used to indicate the second roaming request message.
- SEPP equipment cannot process feedback messages for roaming request messages.
- the first roaming response message includes a first indication message, where the first indication message is used to indicate an event that the second SEPP device cannot process the roaming request message.
- This embodiment does not limit the specific content of the first indication message, as long as both the first SEPP device and the second SEPP device have determined that the first indication message is used to indicate the event that the roaming request message cannot be processed .
- the first roaming is transmitted through the N32f link between the first SEPP device and the second SEPP device. From the response message, it can be seen that the first roaming response message shown in this embodiment satisfies the N32f interface protocol, so that the first roaming response message can be transmitted through the N32f interface.
- the second SEPP device returns the first roaming response message through the path of receiving the roaming request message. For example, as shown in FIG. 1 , if the first SEPP device 101 passes through the IPX device 105 and the IPX device in turn The device 106 sends the roaming request message to the second SEPP device 102, and the second SEPP device 102 returns the first roaming response message to the first SEPP device 101 through the IPX device 106 and the IPX device 105 in sequence.
- the second SEPP device determines a target IPX device, where the target IPX device is an IPX device that sends the roaming request message to the second SEPP device.
- the target IPX device is the IPX device 106 .
- the first roaming response message can be sent to the target IPX, so as to return the first roaming response message to the first roaming response message.
- the purpose of a SEPP device It can be seen that when the target IPX device (ie IPX device 106) receives the first roaming response message, the IPX device 106 can send the first roaming response message to the IPX device 105, and the IPX device 105 can send the first roaming response message to the first roaming response message.
- a SEPP device sends the first roaming response message.
- Step 408 The IPX device sends a first roaming response message to the first SEPP device.
- the first SEPP device may determine that the second SEPP device cannot perform the roaming request message according to the first indication message included in the first roaming response message. deal with.
- the first SEPP device may perform corresponding processing, for example, if the second indication message is used to indicate that the second SEPP device cannot Decrypt the roaming request message, the first SEPP device can re-encrypt the first signaling message based on the shared key to regenerate the roaming request message, and send the regenerated roaming request message to the second SEPP through the N32f link send.
- Step 409 The second SEPP sends the first indication message to the second NF.
- Step 409 shown in this embodiment is an optional step to be executed. If this step is executed, the execution sequence between step 409 and step 407 is not limited in this embodiment.
- the second NF receives the first indication message, it can be determined that the second SEPP device cannot process the roaming request message from the first SEPP device, and further determines that the second SEPP device cannot realize the communication between the second SEPP device and the first SEPP device. roaming service.
- the second SEPP may also send a second indication message to the second NF.
- the second indication message is used to indicate the reason why the second SEPP device cannot process the roaming request message.
- the second NF can determine the specific reason why the second SEPP device cannot process the roaming request message based on the second indication message.
- Step 410 The first SEPP device sends a first indication message to the first NF.
- the first SEPP device can obtain the first indication message from the first roaming response message, and convert the format of the first indication message into an https/2 message, so that the first NF can receive and process the first indication message.
- the first instruction message can be obtained.
- the first SEPP device may also send the second indication message to the first NF.
- the specific sending process please refer to the process of sending the first indication message. Do repeat.
- the second SEPP device can send the message to the first SEPP device through the N32f link.
- the first roaming response message used to indicate that the second SEPP device cannot process the roaming request message. Because the first roaming response message is transmitted through the N32f link, it can be seen that the transmission of the first roaming response message does not need to occupy the resources of the N32c link, and the transmission of the roaming request message and the first roaming response message can be realized through the N32f link,
- the difficulty for the second SEPP device to indicate to the first SEPP device that the roaming request message cannot be processed is reduced, and the efficiency is improved.
- the IPX device included in the N32f link sends the first roaming response message to the first SEPP device, which can improve the utilization rate of each IPX device, make full use of each IPX device on the N32f link, and avoid the need to pass the N32c
- the IPX device invalidly occupies system resources, which improves the utilization efficiency of system resources and avoids waste of system resources.
- the specific message format of the first roaming response message is not limited in this embodiment, as long as the first roaming response message is used to indicate to the first SEPP device that the second SEPP device cannot process the roaming request message, and the following
- the first roaming response message is specifically described with reference to a specific example:
- the first roaming response message shown in this example mainly consists of a response header and a response body.
- the response header may include a status code, wherein the status code consists of three decimal numbers, the first decimal number defines the type of the status code, and the last two numbers are used for classification. Different status codes represent different meanings, and the status code included in the first roaming response message shown in this embodiment may be "200" or "400", which is not limited in this embodiment.
- the response body includes an event indicating that the second SEPP device cannot process the roaming request message.
- the response header or the response body may further include a second indication message, and the second indication message indicates that the second SEPP
- the reason why the device cannot process the roaming request message is exemplified in this embodiment by taking the response body including the second indication message as an example.
- the second SEPP device may pre-determine the correspondence between different fields and the reason why the second SEPP device cannot process the roaming request message.
- This embodiment does not limit the content included in each field, as long as the first SEPP device cannot process the roaming request message. It is sufficient that the device and the second SEPP device can mutually agree on the reason indicated by each field that the roaming request message cannot be processed.
- the second SEPP device determines that the reason why the roaming request message cannot be processed is that the roaming request message cannot be decrypted, it obtains a first field indicating that the roaming request message cannot be decrypted, and the second SEPP device obtains the first field indicating that the roaming request message cannot be decrypted.
- the SEPP device can set the first field in the second indication message.
- the second SEPP device determines that the reason why the roaming request message cannot be processed is that the integrity detection of the modification block of the roaming request message fails, obtain the integrity of the modification block used to indicate the roaming message. For the second field that fails to be detected, the second SEPP device can set the second field in the second indication message.
- the format of the first roaming response message can be pre-agreed between the first SEPP device and the second SEPP device shown in this embodiment, and the first roaming response message can be transmitted via the N32f link.
- the specific content of a roaming response message please refer to the above description, and details are not repeated.
- FIG. 5 illustrates how the first SEPP device indicates to the second SEPP device if the first SEPP device cannot process the roaming response message under the condition that the second SEPP device can successfully process the roaming request message
- Step 501 Establish an N32c link and an N32f link between the first SEPP device and the second SEPP device.
- Step 502 The first NF sends a first signaling message to the first SEPP device.
- Step 503 The first SEPP device sends a roaming request message to the IPX device.
- Step 504 The IPX device sends a roaming request message to the second SEPP device.
- steps 501 to 504 shown in this embodiment please refer to steps 401 to 404 shown in FIG. 4 for details, and the specific execution process will not be repeated in this embodiment.
- Step 505 The second SEPP device sends the second signaling message to the second NF.
- step 505 For the description of the execution process of step 505 shown in this embodiment, please refer to step 406 shown in FIG. 4 for details, and the specific execution process will not be repeated in this embodiment.
- Step 506 The second SEPP device sends a second roaming response message to the IPX device.
- Step 507 The IPX device sends a second roaming response message to the first SEPP device.
- the second roaming response message is a message used to implement roaming between the first SEPP device and the second SEPP device.
- the second SEPP device can successfully process the roaming request message from the first SEPP device. It can be seen that the second roaming response message shown in this embodiment includes a third indication message, and the third indication message is used to indicate the second SEPP The device was able to successfully process the roaming request message.
- the second roaming response message shown in this embodiment includes the third indication message.
- FIG. 4 For the process of sending the second roaming response message to the first SEPP device by the second SEPP device shown in this embodiment, please refer to FIG. 4 for details. The process of the second SEPP device sending the first roaming response message to the first SEPP device shown in step 408 of step 408 will not be described in detail.
- Step 508 The first SEPP device determines whether the second roaming response message can be processed, and if so, executes step 509, and if not, executes step 510.
- the first SEPP device determines that the received second roaming response message satisfies at least one of the following, the first SEPP device can determine that the first SEPP device cannot process the roaming request message:
- the first SEPP device cannot decrypt the second roaming response message, the first SEPP device fails to check the integrity of the second roaming response message, and the first SEPP device completes the modification block of the second roaming response message.
- Step 509 The first SEPP device sends a third indication message to the first NF.
- the first SEPP device can process the second roaming response message
- the first SEPP device can obtain the third indication message and send the third indication message to the first NF, so that the first SEPP device can obtain the third indication message.
- the first NF determines that the second NF can implement the roaming service requested by the first NF.
- the roaming service please refer to the embodiment shown in FIG. 4 in detail, and details are not repeated.
- Step 510 The first SEPP device sends a third roaming response message to the IPX device.
- the first SEPP device when the first SEPP device determines that the second roaming response message cannot be processed, the first SEPP device can generate a third roaming response message, where the third roaming response message includes the fourth indication message, the fourth indication message is used to indicate the event that the first SEPP device cannot process the second roaming response message.
- Step 511 The IPX device sends a third roaming response message to the second SEPP device.
- the first SEPP device returns the third roaming response message through the path of receiving the second roaming response message. For example, as shown in FIG. 1 , if the second SEPP device 102 sequentially passes through the IPX device 106 and the IPX device 105 sends the second roaming response message to the first SEPP device 101, then the first SEPP device 101 sends the third roaming response message to the second SEPP device 102 through the IPX device 105 and the IPX device 106 in sequence.
- the first SEPP device stores the correspondence between the N32f context identifier, the target shared key, and the address of the second SEPP device, and the first SEPP device can use the N32f context identifier included in the second roaming response message , and determine the address of the corresponding second SEPP device.
- the first SEPP device sends the third roaming response message to the second SEPP device based on the address of the second SEPP device.
- this embodiment is shown to transmit the message through the N32f link between the first SEPP device and the second SEPP device.
- the third roaming response message it can be seen that the third roaming response message shown in this embodiment satisfies the N32f interface protocol, so that the third roaming response message can be transmitted through the N32f interface.
- Steps 510 to 511 shown in this embodiment are optional steps, that is, when the first SEPP device determines that the second roaming response message cannot be processed, the first SEPP device can send the third roaming response message to the first NF. indication message without sending the third roaming response message to the second SEPP device.
- Step 512 The second SEPP sends a fourth indication message to the second NF.
- the second SEPP device parses the fourth indication message from the third roaming response message, and converts the format of the fourth indication message into an https/2 message, so that the second NF can receive and process the fourth indication message.
- the fourth indication message For the specific processing process of the fourth indication message, reference may be made to the process of processing the first indication message by the first NF shown in FIG. 4 , which is not described in detail in this embodiment.
- the first SEPP device can send the second SEPP device to the second SEPP device through the N32f link.
- the device sends a third roaming response message for indicating that the first SEPP device cannot process the second roaming response message. Because the third roaming response message is transmitted through the N32f link, it can be seen that the transmission of the third roaming response message does not need to occupy the resources of the N32c link, and the third roaming response message can be transmitted through the N32f link, reducing the first
- the SEPP device indicates to the second SEPP device the difficulty of being unable to process the second roaming response message, which improves efficiency.
- the IPX device included in the N32f link sends the third roaming response message to the second SEPP device, which can improve the utilization rate of each IPX device, make full use of each IPX device on the N32f link, and avoid the need to pass the N32c
- the IPX device effectively occupies the system resources, which improves the utilization efficiency of the system resources and avoids the waste of the system resources.
- Step 601 Establish an N32c link and an N32f link between the first SEPP device and the second SEPP device.
- step 601 For the specific execution process of step 601 shown in this embodiment, please refer to step 401 shown in FIG. 4 for details, and the specific execution process will not be repeated.
- Step 602 The first SEPP device sends a release request message to the second SEPP device.
- an error reporting process can be performed based on the N32f link.
- the N32c link can be released in this embodiment.
- the first SEPP device sends a release request message to the second SEPP device through the N32c link, where the release request message is used to request the second SEPP device to release the N32c link.
- the release request message includes at least the address of the second SEPP device and a fifth indication message, where the fifth indication message is used to instruct the second SEPP device to release the event of the N32c link.
- Step 603 The second SEPP device releases the N32c link according to the release request message.
- the second SEPP device when the second SEPP device receives the release request message, it can determine to release the N32c link according to the fifth indication message.
- the second SEPP device clears the resources related to the N32c link on the side of the second SEPP device according to the release request message N32c link. Among them, after the N32c link is released, the TLS link is also released.
- Step 604 the first SEPP device releases the N32c link.
- the first SEPP device can release the connection relationship between the TLS link and the N32c link when the N32f link is successfully established, and clear the resources related to the N32c link on the second SEPP device side, so as to realize the connection between the N32c link and the N32c link. release of the link.
- Step 605 The first NF sends a first signaling message to the first SEPP device.
- This embodiment does not limit the execution sequence between step 605 and step 602 to step 604 .
- Step 606 The first SEPP device sends a roaming request message to the IPX device.
- Step 607 The IPX device sends a roaming request message to the second SEPP device.
- Step 608 The second SEPP device determines whether the roaming request message can be processed, and if so, executes step 609, and if not, executes step 610.
- Step 609 The second SEPP device sends the second signaling message to the second NF.
- Step 610 The second SEPP device sends a first roaming response message to the IPX device.
- Step 611 The IPX device sends a first roaming response message to the first SEPP device.
- Step 612 The second SEPP sends a first indication message to the second NF.
- Step 613 The first SEPP device sends a first indication message to the first NF.
- step 605 to step 613 shown in this embodiment please refer to step 402 to step 410 shown in FIG. 4 for details, and details are not repeated in this embodiment.
- an error reporting process can be performed between the first SEPP device and the second SEPP device through the N32f link, and in the case that the N32f link is successfully established, the first SEPP device and the second SEPP device Two SEPP devices can release the N32c link, thereby effectively saving the overhead for maintaining the long connection of the N32c link.
- the SEPP device 700 specifically includes: a receiving unit 701 , a processing unit 702 and a sending unit 703 .
- SEPP device 700 If the SEPP device 700 is used as the first SEPP device, then,
- a receiving unit 701 configured to receive a roaming message from an IP switching operator IPX device, where the roaming message is used to implement a roaming service between the first SEPP device and the second SEPP device;
- a processing unit 702 configured to determine that the roaming message cannot be processed
- the sending unit 703 is configured to send a feedback message to the IPX device, where the feedback message is used to indicate that the roaming message cannot be processed.
- the receiving unit 701 , the processing unit 702 and the sending unit 703 cooperate with each other to implement the communication method provided by the above-mentioned embodiment executed by the first SEPP device.
- the receiving unit 701 , the processing unit 702 and the sending unit 703 cooperate with each other to implement the communication method provided by the above-mentioned embodiment executed by the first SEPP device.
- the specific implementation process and beneficial effects reference may be made to the description of the above-mentioned aspects.
- the processing unit 702 is configured to, in the case that the target shared key has been exchanged between the first SEPP device and the second SEPP device through the N32c link, the first SEPP device releases the N32c link, The target shared key is used to implement secure communication between the first SEPP device and the second SEPP device.
- the sending unit 703 is configured to send a roaming request message to the IPX device, where the roaming request message is used to request a roaming service from the second SEPP device, and the roaming request message includes the address of the second SEPP device.
- the roaming message is a roaming response message generated by the second SEPP device according to the roaming request message.
- the receiving unit 701 is configured to acquire the feedback message, where the feedback message includes the address of the second SEPP device, and the feedback message is used to indicate that the first SEPP device cannot process the roaming response message.
- the processing unit 702 is used to determine that the roaming message satisfies at least one of the following items, then determine that the first SEPP device cannot process the roaming message:
- the feedback message is further used to indicate the reason why the first SEPP device cannot process the roaming message.
- the feedback message includes an N32f context identifier, where the N32f context identifier is used to indicate a target shared key for decrypting the feedback message.
- the sending unit 703 is further configured to send the feedback message to the network function NF.
- the sending unit 703 is configured to send a roaming message to the IP switching operator IPX device, where the roaming message is used to implement a roaming service between the first SEPP device and the second SEPP device;
- the receiving unit 701 is configured to receive a feedback message from the IPX device, where the feedback message is used to indicate that the first SEPP device cannot process the roaming message.
- the receiving unit 701 , the processing unit 702 and the sending unit 703 cooperate with each other to implement the communication method provided by the above-mentioned embodiment executed by the second SEPP device.
- the receiving unit 701 , the processing unit 702 and the sending unit 703 cooperate with each other to implement the communication method provided by the above-mentioned embodiment executed by the second SEPP device.
- the specific implementation process and beneficial effects reference may be made to the description of the above-mentioned aspects.
- the processing unit 702 is configured to release the N32c link when the target shared key has been exchanged between the first SEPP device and the second SEPP device through the N32c link, the target shared key Used to implement secure communication between the first SEPP device and the second SEPP device.
- the receiving unit 701 is configured to receive a roaming request message from the IPX device, where the roaming request message is used to request a roaming service from the second SEPP device, and the roaming request message includes the address of the second SEPP device;
- the processing unit 702 is configured to generate a roaming response message according to the roaming request message, where the roaming response message is the roaming message.
- the feedback message includes the address of the second SEPP device, and the feedback message is used to indicate that the first SEPP device cannot process the roaming response message.
- the roaming message is a roaming request message for requesting a roaming service from the first SEPP device, and the roaming message includes the address of the first SEPP device.
- the feedback message is further used to indicate the reason why the first SEPP device cannot process the roaming message.
- the reason is at least one of the following:
- the processing unit 702 is configured to obtain the target shared key corresponding to the N32f context identifier; and decrypt the feedback message by using the target shared key.
- FIG. 8 is a schematic diagram of the structure of the communication device provided by the embodiment of the present application.
- FIG. 9 is a diagram of an example of an interface of a communication board 830 in a communication device provided by an embodiment of the present application.
- the communication device mainly includes a cabinet 800 and a communication single board 830 installed in the cabinet.
- the communication single board 830 is mainly composed of a circuit board, chips and electronic components mounted on the circuit board, and can provide communication services.
- the number of the communication boards 830 may be increased or decreased according to actual needs, and the specific number is not limited in this embodiment.
- the cabinet 800 further includes a fan frame 820 for installing a cooling fan and a cabinet management board 810 for managing the cabinet.
- the cabinet management board 810 is used to manage the working status of the entire cabinet, for example, managing the power-on status, working temperature, and alarm status of the cabinet.
- the communication board 830 includes a plurality of input/output interfaces, such as a display interface 832 for an external display, network interfaces 831 and 833 for connecting to a communication network, and Universal Serial Bus (USB) interfaces 834.
- the above-mentioned network interface 833 may be an Ethernet interface
- the network interface 831 may be an optical fiber interface.
- the communication board 830 also includes a power interface 836 for connecting a power supply and an expansion slot 835 for extending the function of the communication board 830 .
- the SEPP device provided in this embodiment may be the first SEPP device or the second SEPP device shown in the above method embodiments.
- the SEPP device can be a general-purpose computer, which includes a processor 1001 , a memory 1002 , a bus 1003 , an input device 1004 , an output device 1005 and a network interface 1006 .
- memory 1002 may include computer storage media in the form of volatile and/or non-volatile memory, such as read-only memory and/or random access memory.
- Memory 1002 may store operating systems, application programs, other program modules, executable code, and program data.
- Input devices 1004 may be used to input commands and information to SEPP devices, such as a keyboard or a pointing device such as a mouse, trackball, touchpad, microphone, joystick, game pad, satellite dish, scanner, or similar device. These input devices may be connected to the processor 1001 through the bus 1003 .
- the output device 1005 can be used for the SEPP device to output information. In addition to the monitor, the output device 1005 can also be used for other peripheral output devices, such as speakers and/or printing devices. These output devices can also be connected to the processor 1001 through the bus 1003. .
- the SEPP device may be connected to a communication network, such as a local area network (LAN), through the network interface 1006.
- a communication network such as a local area network (LAN)
- LAN local area network
- the computer-implemented instructions stored in the SEPP device may be stored in a remote storage device, rather than being limited to local storage.
- the SEPP device may perform the method operations on the first SEPP device side in the above method embodiments, or may perform the above method implementations.
- the method operates on the side of the second SEPP device.
- the above-mentioned computer can be implemented by using actual hardware, and can also be implemented by using virtualized hardware, such as a virtual machine.
- the virtual machine provides virtual CPU, storage, network and other resources, and these virtual resources are obtained based on the virtualization of the underlying hardware resources.
- the software package corresponding to the SEPP device can be deployed on the virtual machine, and the SEPP device can be called a virtualised network function (VNF) device.
- VNF virtualised network function
- These NFV devices can have the same functional behavior and behavior as traditional network function devices.
- external interface For example, with N32-F interface.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (38)
- 一种通信方法,其特征在于,所述方法包括:第一安全和边界代理SEPP设备接收来自IP交换运营商IPX设备的漫游消息,所述漫游消息用于实现所述第一SEPP设备和第二SEPP设备之间的漫游业务;所述第一SEPP设备确定无法处理所述漫游消息,向所述IPX设备发送反馈消息,所述反馈消息用于指示所述第一SEPP设备无法处理所述漫游消息。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:在所述第一SEPP设备和所述第二SEPP设备之间已通过N32c链路交换目标共享密钥的情况下,所述第一SEPP设备释放所述N32c链路,所述目标共享密钥用于实现所述第一SEPP设备和所述第二SEPP设备之间的安全通信。
- 根据权利要求1或2所述的方法,其特征在于,所述第一安全和边界代理SEPP设备接收来自IP交换运营商IPX设备的漫游消息之前,所述方法还包括:所述第一SEPP设备向所述IPX设备发送漫游请求消息,所述漫游请求消息用于向所述第二SEPP设备请求漫游业务,所述漫游请求消息包括所述第二SEPP设备的地址;所述漫游消息为所述第二SEPP设备根据所述漫游请求消息生成的漫游响应消息。
- 根据权利要求3所述的方法,其特征在于,所述方法还包括:所述第一SEPP设备根据所述漫游消息确定所述第二SEPP设备的地址,所述反馈消息包括所述第二SEPP设备的地址,所述反馈消息用于指示所述第一SEPP设备无法处理所述漫游响应消息。
- 根据权利要求1或2所述的方法,其特征在于,所述漫游消息为用于向所述第一SEPP设备请求漫游业务的漫游请求消息,所述漫游消息包括所述第一SEPP设备的地址。
- 根据权利要求1至5任一项所述的方法,其特征在于,所述方法还包括:所述第一SEPP设备确定所述漫游消息满足如下所示的至少一项,则确定所述第一SEPP设备无法处理所述漫游消息:无法对所述漫游消息进行解密、对所述漫游消息的完整性检测失败、对所述漫游消息的修改块的完整性检测失败、对所述漫游消息的修改块应用JSON补丁程序失败、或根据所述漫游消息重建下一代超文本传输安全协议HTTP/2消息失败。
- 根据权利要求1至6任一项所述的方法,其特征在于,所述反馈消息还用于指示所述第一SEPP设备无法处理所述漫游消息的原因。
- 根据权利要求1至7任一项所述的方法,其特征在于,所述反馈消息包括N32f上下文标识,所述N32f上下文标识用于指示对所述反馈消息进行解密的目标共享密钥。
- 根据权利要求1至8任一项所述的方法,其特征在于,所述第一SEPP设备确定无法处理所述漫游消息之后,所述方法还包括:所述第一SEPP设备向网络功能NF发送所述反馈消息。
- 一种通信方法,其特征在于,所述方法包括:第二安全和边界代理SEPP设备接收来自网络功能设备NF发送的信令消息,向IP交换运营商IPX设备发送漫游消息,所述漫游消息用于实现所述第一SEPP设备和第二SEPP设 备之间的漫游业务,所述漫游消息中包括所述信令消息;所述第二SEPP设备接收来自所述IPX设备的反馈消息,所述反馈消息用于指示所述第一SEPP设备无法处理所述漫游消息。
- 根据权利要求10所述的方法,其特征在于,所述方法还包括:在所述第一SEPP设备和所述第二SEPP设备之间已通过N32c链路交换目标共享密钥的情况下,所述第二SEPP设备释放所述N32c链路,所述目标共享密钥用于实现所述第一SEPP设备和所述第二SEPP设备之间的安全通信。
- 根据权利要求10或11所述的方法,其特征在于,所述第二安全和边界代理SEPP设备向IP交换运营商IPX设备发送漫游消息之前,所述方法还包括:所述第二SEPP设备接收来自所述IPX设备的漫游请求消息,所述漫游请求消息用于向所述第二SEPP设备请求漫游业务,所述漫游请求消息包括所述第二SEPP设备的地址;所述第二SEPP设备根据所述漫游请求消息生成漫游响应消息,所述漫游响应消息为所述漫游消息。
- 根据权利要求12所述的方法,其特征在于,所述反馈消息包括所述第二SEPP设备的地址,所述反馈消息用于指示所述第一SEPP设备无法处理所述漫游响应消息。
- 根据权利要求10或11所述的方法,其特征在于,所述漫游消息为用于向所述第一SEPP设备请求漫游业务的漫游请求消息,所述漫游消息包括所述第一SEPP设备的地址。
- 根据权利要求10至14任一项所述的方法,其特征在于,所述反馈消息还用于指示所述第一SEPP设备无法处理所述漫游消息的原因。
- 根据权利要求15所述的方法,其特征在于,所述原因为如下所示的至少一项:无法对所述漫游消息进行解密、对所述漫游消息的完整性检测失败、对所述漫游消息的修改块的完整性检测失败、对所述漫游消息的修改块应用JSON补丁程序失败、或根据所述漫游消息重建下一代超文本传输安全协议HTTP/2消息失败。
- 根据权利要求10至16任一项所述的方法,其特征在于,所述反馈消息包括N32f上下文标识,所述第二SEPP设备接收来自所述IPX设备的反馈消息之后,所述方法还包括:所述第二SEPP设备获取所述N32f上下文标识对应的目标共享密钥;所述第二SEPP设备通过所述目标共享密钥对所述反馈消息进行解密。
- 一种安全和边界保护代理SEPP设备,其特征在于,所述SEPP设备包括:接收单元,用于接收来自IP交换运营商IPX设备的漫游消息,所述漫游消息用于实现所述SEPP设备和另一SEPP设备之间的漫游业务;处理单元,用于确定无法处理所述漫游消息,通过发送单元向所述IPX设备发送反馈消息,所述反馈消息用于指示所述SEPP设备无法处理所述漫游消息。
- 根据权利要求18所述的设备,其特征在于,所述处理单元还用于,在所述SEPP设备和所述另一SEPP设备之间已通过N32c链路交换目标共享密钥的情况下,释放所述N32c链路,所述目标共享密钥用于实现所述SEPP设备和所述另一SEPP设备之间的安全通信。
- 根据权利要求18或19所述的设备,其特征在于,所述发送单元还用于,向所述 IPX设备发送漫游请求消息,所述漫游请求消息用于向所述另一SEPP设备请求漫游业务,所述漫游请求消息包括所述另一SEPP设备的地址;所述漫游消息为所述另一SEPP设备根据所述漫游请求消息生成的漫游响应消息。
- 根据权利要求20所述的设备,其特征在于,所述处理单元还用于,根据所述漫游消息确定所述另一SEPP设备的地址,所述反馈消息包括所述另一SEPP设备的地址,所述反馈消息用于指示所述SEPP设备无法处理所述漫游响应消息。
- 根据权利要求18或19所述的设备,其特征在于,所述漫游消息为用于向所述SEPP设备请求漫游业务的漫游请求消息,所述漫游消息包括所述SEPP设备的地址。
- 根据权利要求18至22任一项所述的设备,其特征在于,所述处理单元还用于,确定所述漫游消息满足如下所示的至少一项,则确定所述处理单元无法处理所述漫游消息:无法对所述漫游消息进行解密、对所述漫游消息的完整性检测失败、对所述漫游消息的修改块的完整性检测失败、对所述漫游消息的修改块应用JSON补丁程序失败、或根据所述漫游消息重建下一代超文本传输安全协议HTTP/2消息失败。
- 根据权利要求18至23任一项所述的设备,其特征在于,所述反馈消息还用于指示所述SEPP设备无法处理所述漫游消息的原因。
- 根据权利要求18至24任一项所述的设备,其特征在于,所述反馈消息包括N32f上下文标识,所述N32f上下文标识用于指示对所述反馈消息进行解密的目标共享密钥。
- 根据权利要求18至25任一项所述的设备,其特征在于,所述发送单元还用于,向网络功能NF发送所述反馈消息。
- 一种安全和边界保护代理SEPP设备,其特征在于,所述SEPP设备包括接收单元、发送单元和处理单元,所述接收单元用于:接收来自网络功能设备NF发送的信令消息,所述处理单元用于:通过所述发送单元向IP交换运营商IPX设备发送漫游消息,所述漫游消息用于实现另一SEPP设备和所述SEPP设备之间的漫游业务,所述漫游消息中包括所述信令消息;所述接收单元还用于:接收来自所述IPX设备的反馈消息,所述反馈消息用于指示所述另一SEPP设备无法处理所述漫游消息。
- 根据权利要求27所述的设备,其特征在于,所述处理单元还用于,在所述另一SEPP设备和所述SEPP设备之间已通过N32c链路交换目标共享密钥的情况下,处理单元释放所述N32c链路,所述目标共享密钥用于实现所述另一SEPP设备和所述SEPP设备之间的安全通信。
- 根据权利要求27或28所述的设备,其特征在于,所述接收单元还用于,接收来自所述IPX设备的漫游请求消息,所述漫游请求消息用于向所述SEPP设备请求漫游业务,所述漫游请求消息包括所述SEPP设备的地址;所述处理单元还用于,根据所述漫游请求消息生成漫游响应消息,所述漫游响应消息 为所述漫游消息。
- 根据权利要求29所述的设备,其特征在于,所述反馈消息包括所述SEPP设备的地址,所述反馈消息用于指示所述另一SEPP设备无法处理所述漫游响应消息。
- 根据权利要求27或28所述的设备,其特征在于,所述漫游消息为用于向所述另一SEPP设备请求漫游业务的漫游请求消息,所述漫游消息包括所述另一SEPP设备的地址。
- 根据权利要求27至31任一项所述的设备,其特征在于,所述反馈消息还用于指示所述另一SEPP设备无法处理所述漫游消息的原因。
- 根据权利要求32所述的设备,其特征在于,所述原因为如下所示的至少一项:无法对所述漫游消息进行解密、对所述漫游消息的完整性检测失败、对所述漫游消息的修改块的完整性检测失败、对所述漫游消息的修改块应用JSON补丁程序失败、或根据所述漫游消息重建下一代超文本传输安全协议HTTP/2消息失败。
- 根据权利要求27至33任一项所述的设备,其特征在于,所述处理单元还用于:获取所述N32f上下文标识对应的目标共享密钥;通过所述目标共享密钥对所述反馈消息进行解密。
- 一种安全和边界保护代理SEPP设备,其特征在于,包括:至少一个处理器和相互耦合的存储器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述SEPP设备执行如权利要求1-17任意一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时能够完成权利要求1至17任意一项所述的方法。
- 一种通信系统,其特征在于,包括第一安全和边界代理SEPP设备和IPX设备,所述IPX设备用于向所述第一SEPP设备发送漫游消息,所述漫游消息用于实现所述第一SEPP设备和第二SEPP设备之间的漫游业务;所述第一SEPP设备配置于执行如权利要求1至9任一项所述的方法。
- 一种通信系统,其特征在于,包括:网络功能设备NF和第二安全和边界保护代理SEPP设备,所述网络功能设备NF配置于执行向所述第二SEPP设备发送信令消息的步骤;所述第二SEPP设备配置于执行上述权利要求10至17任一项所述的方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP21888658.8A EP4228300A4 (en) | 2020-11-06 | 2021-11-05 | COMMUNICATION METHOD, AND ASSOCIATED APPARATUS AND SYSTEM |
JP2023526867A JP2023548531A (ja) | 2020-11-06 | 2021-11-05 | 通信方法、関連する装置及びシステム |
CA3197771A CA3197771A1 (en) | 2020-11-06 | 2021-11-05 | Communication method, related apparatus, and system |
US18/308,751 US20230269579A1 (en) | 2020-11-06 | 2023-04-28 | Communication method, related apparatus, and system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011232419.1 | 2020-11-06 | ||
CN202011232419.1A CN114531675A (zh) | 2020-11-06 | 2020-11-06 | 一种通信方法、相关装置和系统 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/308,751 Continuation US20230269579A1 (en) | 2020-11-06 | 2023-04-28 | Communication method, related apparatus, and system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022095966A1 true WO2022095966A1 (zh) | 2022-05-12 |
Family
ID=81457542
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/129025 WO2022095966A1 (zh) | 2020-11-06 | 2021-11-05 | 一种通信方法、相关装置和系统 |
Country Status (6)
Country | Link |
---|---|
US (1) | US20230269579A1 (zh) |
EP (1) | EP4228300A4 (zh) |
JP (1) | JP2023548531A (zh) |
CN (1) | CN114531675A (zh) |
CA (1) | CA3197771A1 (zh) |
WO (1) | WO2022095966A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115150809A (zh) * | 2022-06-29 | 2022-10-04 | 中国电信股份有限公司 | 异网漫游处理方法、装置及存储介质 |
WO2024001563A1 (zh) * | 2022-06-29 | 2024-01-04 | 中兴通讯股份有限公司 | 消息的路由方法及装置、系统 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115022032A (zh) * | 2022-05-31 | 2022-09-06 | 中国电信股份有限公司 | 通信方法、安全边缘保护代理和通信系统 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019220006A1 (en) * | 2018-05-16 | 2019-11-21 | Nokia Technologies Oy | Error handling framework for security management in a communication system |
WO2020058041A1 (en) * | 2018-09-21 | 2020-03-26 | Nokia Technologies Oy | Method and apparatus for secure messaging between network functions |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102595367B (zh) * | 2011-01-07 | 2015-01-28 | 中兴通讯股份有限公司 | 漫游用户与归属地间分组交换业务的实现方法及系统 |
PL3756326T3 (pl) * | 2018-02-19 | 2022-02-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Negocjowanie zabezpieczenia w architekturach opartych na usłudze (SBA) |
US11050788B2 (en) * | 2018-07-30 | 2021-06-29 | Cisco Technology, Inc. | SEPP registration, discovery and inter-PLMN connectivity policies |
-
2020
- 2020-11-06 CN CN202011232419.1A patent/CN114531675A/zh active Pending
-
2021
- 2021-11-05 WO PCT/CN2021/129025 patent/WO2022095966A1/zh active Application Filing
- 2021-11-05 JP JP2023526867A patent/JP2023548531A/ja active Pending
- 2021-11-05 CA CA3197771A patent/CA3197771A1/en active Pending
- 2021-11-05 EP EP21888658.8A patent/EP4228300A4/en active Pending
-
2023
- 2023-04-28 US US18/308,751 patent/US20230269579A1/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019220006A1 (en) * | 2018-05-16 | 2019-11-21 | Nokia Technologies Oy | Error handling framework for security management in a communication system |
WO2020058041A1 (en) * | 2018-09-21 | 2020-03-26 | Nokia Technologies Oy | Method and apparatus for secure messaging between network functions |
Non-Patent Citations (3)
Title |
---|
"3 Generation Partnership Project; Technical Specification Group Services and System Aspects; 5G Security Assurance Specification (SCAS) for the Security Edge Protection Proxy (SEPP) network product class (Release 16)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TS 33.517, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. V16.1.0, 31 December 2019 (2019-12-31), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , pages 1 - 17, XP051841025 * |
"3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Public Land Mobile Network (PLMN) Interconnection; Stage 3 (Release 15)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TS 29.573, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. CT WG4, no. V15.3.1, 23 October 2019 (2019-10-23), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , pages 1 - 70, XP051840457 * |
See also references of EP4228300A4 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115150809A (zh) * | 2022-06-29 | 2022-10-04 | 中国电信股份有限公司 | 异网漫游处理方法、装置及存储介质 |
WO2024001563A1 (zh) * | 2022-06-29 | 2024-01-04 | 中兴通讯股份有限公司 | 消息的路由方法及装置、系统 |
Also Published As
Publication number | Publication date |
---|---|
CN114531675A (zh) | 2022-05-24 |
CA3197771A1 (en) | 2022-05-12 |
EP4228300A4 (en) | 2024-03-27 |
JP2023548531A (ja) | 2023-11-17 |
US20230269579A1 (en) | 2023-08-24 |
EP4228300A1 (en) | 2023-08-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2022095966A1 (zh) | 一种通信方法、相关装置和系统 | |
JP6371644B2 (ja) | 単一の登録手順を使用するクライアントのグループの安全な登録 | |
WO2021063057A1 (zh) | 漫游信令消息发送的方法、相关设备和通信系统 | |
WO2019220172A1 (en) | Token-based debugging for a service-based architecture | |
TWI812678B (zh) | 終端訊息的傳遞方法及相關產品 | |
JP7485788B2 (ja) | 安全な通信方法と関連する装置及びシステム | |
US20240048986A1 (en) | Communication method and apparatus | |
US20210168614A1 (en) | Data Transmission Method and Device | |
US20230156468A1 (en) | Secure Communication Method, Related Apparatus, and System | |
WO2021164458A1 (zh) | 通信方法和相关装置及计算机可读存储介质 | |
CN114024664B (zh) | 安全通信方法、相关装置及系统 | |
KR20200044592A (ko) | 다중 경로 전송 시스템, 그리고 이의 다중 경로 전송 방법 | |
US12008108B2 (en) | Extended authentication method and apparatus for generic bootstrapping architecture, and storage medium | |
US20210165885A1 (en) | Extended Authentication Method And Apparatus For Generic Bootstrapping Architecture, And Storage Medium | |
CN114978591B (zh) | 一种基于安全防护的场域网数据交互系统及方法 | |
WO2023141945A1 (en) | Authentication mechanism for access to an edge data network based on tls-psk | |
US20240137764A1 (en) | User Equipment Authentication and Authorization Procedure for Edge Data Network | |
WO2023284623A1 (zh) | 一种数据同步方法、装置及系统 | |
US20240146702A1 (en) | Traffic management with asymmetric traffic encryption in 5g networks | |
WO2024078313A1 (zh) | 认证授权的方法与通信装置 | |
WO2023011263A1 (zh) | 消息传输方法及通信装置 | |
Agostini et al. | OpenCAPWAP v2. 0: the new open‐source implementation of the CAPWAP protocol | |
CN114828038A (zh) | 接入网系统 | |
McClellan et al. | Disruptive technologies and their affect on global telecommunications. | |
CN107438246A (zh) | 一种无线路由器、无线路由器间加密通讯方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21888658 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2023526867 Country of ref document: JP |
|
ENP | Entry into the national phase |
Ref document number: 3197771 Country of ref document: CA |
|
ENP | Entry into the national phase |
Ref document number: 2021888658 Country of ref document: EP Effective date: 20230509 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |