WO2022127808A1 - 授信中继通信方法、装置、终端及网络侧设备 - Google Patents
授信中继通信方法、装置、终端及网络侧设备 Download PDFInfo
- Publication number
- WO2022127808A1 WO2022127808A1 PCT/CN2021/138236 CN2021138236W WO2022127808A1 WO 2022127808 A1 WO2022127808 A1 WO 2022127808A1 CN 2021138236 W CN2021138236 W CN 2021138236W WO 2022127808 A1 WO2022127808 A1 WO 2022127808A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- trust relationship
- relationship
- relay communication
- network function
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 229
- 238000004891 communication Methods 0.000 title claims abstract description 206
- 230000006870 function Effects 0.000 claims description 132
- 238000012795 verification Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 16
- 230000000694 effects Effects 0.000 description 11
- 238000007726 management method Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 241000699670 Mus sp. Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000007599 discharging Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/66—Trust-dependent, e.g. using trust scores or trust relationships
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/02—Communication route or path selection, e.g. power-based or shortest path routing
- H04W40/22—Communication route or path selection, e.g. power-based or shortest path routing using selective relaying for reaching a BTS [Base Transceiver Station] or an access point
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/24—Connectivity information management, e.g. connectivity discovery or connectivity update
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
Definitions
- the present invention requires the priority of a Chinese patent application with an application number of 202011503936.8 and an invention title of "Credit Relay Communication Method, Device, Terminal and Network Side Equipment” submitted to the Chinese Patent Office on December 17, 2020. The contents are incorporated herein by reference.
- the present application belongs to the technical field of wireless communication, and in particular relates to a method, device, terminal and network side equipment for credit relay communication.
- the relay terminal (User Equipment, UE) can identify the data of the remote UE (Packet Data Convergence Protocol (PDCP) above) at the Protocol Data Unit (PDU) layer level, if the relay UE is not a trusted Any relay, there are security risks or privacy risks.
- PDCP Packet Data Convergence Protocol
- PDU Protocol Data Unit
- the embodiments of the present application provide a method, device, terminal and network side equipment for trusted relay communication, which can solve the problem of inability to determine whether the communication peer is credible when establishing a relay connection and/or relay communication.
- a method for trusting relay communication is provided, which is applied to a first UE.
- the method includes: receiving relationship information delivered by a network side, where the relationship information is used to indicate a trust relationship of the first UE. ; Receive the identification information sent by the second UE, and based on the relationship information and the identification information, perform relay connection and/or relay communication with the second UE, or refuse to perform relaying with the second UE Connect and/or relay communications.
- a trust relay communication device comprising: a first receiving module configured to receive relationship information delivered by a network side, wherein the relationship information is used to indicate a trust relationship of the first UE; a second receiving module, configured to receive identification information sent by a second UE; a communication module, configured to perform relay connection and/or relay communication with the second UE based on the relationship information and the identification information, or , refusing to perform relay connection and/or relay communication with the second UE.
- a method for trusting relay communication applied to a first network function entity, including: sending relationship information to a first UE, wherein the relationship information is used to indicate a trust relationship of the first UE.
- a trust relay communication device comprising: a first obtaining module, configured to obtain relationship information, wherein the relationship information is used to indicate the trust relationship of the first UE; and a second sending module, for sending the relationship information.
- a method for trusting relay communication applied to a second network function, comprising: receiving a first trust relationship acquisition request sent by the first network function, wherein the first trust relationship acquisition request carries the first trust relationship acquisition request.
- the first trust relationship acquisition request carries the first trust relationship acquisition request.
- User identity or terminal identity of a UE sending the trust relationship of the first UE to the first network function.
- a sixth aspect provides a trust relay communication device, comprising: a fourth receiving module configured to receive a first trust relationship acquisition request sent by a first network function, wherein the first trust relationship acquisition request carries the first trust relationship acquisition request.
- a user identity or terminal identity of a UE configured to send the trust relationship of the first UE to the first network function.
- a method for trust-authorization relay communication is provided, applied to a third network function, including: receiving a trust relationship authentication request sent by a first UE, wherein the trust relationship authentication request carries a second UE The user identity or terminal identity information of the first UE; based on the trust relationship of the first UE, send the trust relationship authentication result to the first UE.
- a communication device for trusting and relaying including: a fifth receiving module, configured to receive a trust relationship authentication request sent by a first UE, wherein the trust relationship authentication request carries a second UE and the fourth sending module, configured to send the trust relationship authentication result to the first UE based on the trust relationship of the first UE.
- a communication method for trusting and relaying which is applied to a first access network device, including: receiving a trust relationship of a first UE sent by a second access network device or a third network function; based on the trust relationship, execute the resource scheduling established by the first UE and the second UE in the PC5 connection or reject the resource scheduling established by the first UE and the second UE in the PC5 connection.
- a trust relay communication device comprising: a sixth receiving module, configured to receive the trust relationship of the first UE sent by the second access network device or the third network function; and an execution module, configured to based on For the trust relationship, execute the resource scheduling established by the first UE and the second UE in the PC5 connection or reject the resource scheduling established by the first UE and the second UE in the PC5 connection.
- a terminal in an eleventh aspect, includes a processor, a memory, and a program or instruction stored on the memory and executable on the processor, the program or instruction being executed by the processor When implementing the steps of the method as described in the first aspect.
- a twelfth aspect provides a network-side device, the network-side device includes a processor, a memory, and a program or instruction stored on the memory and executable on the processor, the program or instruction being When the processor executes, the steps of the method as described in the third aspect, or the steps of the method as described in the fifth aspect, or the steps of the method as described in the seventh aspect, or the steps of the method as described in the ninth aspect are realized. steps of the method described.
- a thirteenth aspect provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or instruction is executed by a processor, the steps of the method according to the first aspect are implemented, or the The steps of the method of the third aspect, or the steps of implementing the method of the fifth aspect, or the steps of implementing the method of the seventh aspect, or the steps of implementing the method of the ninth aspect.
- a fourteenth aspect provides a chip, the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is configured to run a terminal program or instruction, and the implementation is as described in the first aspect
- the steps of the method, the processor is used to run the network side device program or instructions, to implement the steps of the method as described in the third aspect, or to implement the steps of the method as described in the fifth aspect, or to realize the steps of the method as described in the seventh aspect.
- a fifteenth aspect provides a computer program product, which is stored in a non-transitory storage medium, and when the computer program product is executed by the processor, implements the steps of the method according to the first aspect, Or implement the steps of the method as described in the third aspect, or implement the steps of the method as described in the fifth aspect, or implement the steps of the method as described in the seventh aspect, or implement the steps of the method as described in the ninth aspect. step.
- the first UE receives the relationship information indicating the trust relationship of the first UE sent by the network side, and when receiving the identification information sent by the second UE, based on the relationship information and the identification information, perform relay connection and/or relay communication with the second UE, or refuse to perform relay connection and/or relay communication with the second UE, that is, when the first UE according to the trust relationship and
- the identification information determines that the second UE is a trusted UE, then perform relay connection and/or relay communication with the second UE, otherwise, refuse to perform relay connection and/or relay communication with the second UE.
- FIG. 1 shows a schematic diagram of a wireless communication system to which an embodiment of the present application can be applied
- FIG. 2 shows a schematic flowchart of a method for credit relay communication provided by an embodiment of the present application
- FIG. 3 shows another schematic flowchart of the credit relay communication method provided by the embodiment of the present application
- FIG. 4 shows another schematic flowchart of the credit relay communication method provided by the embodiment of the present application.
- FIG. 5 shows another schematic flowchart of the credit relay communication method provided by the embodiment of the present application.
- FIG. 6 shows another schematic flowchart of the credit relay communication method provided by the embodiment of the present application.
- FIG. 7 shows another schematic flow chart of the credit relay communication method provided by the embodiment of the present application.
- FIG. 8 shows yet another schematic flowchart of a method for credit relay communication provided by an embodiment of the present application.
- FIG. 9 shows another schematic flow chart of the credit relay communication method provided by the embodiment of the present application.
- FIG. 10 shows a schematic structural diagram of a credit relay communication device provided by an embodiment of the present application.
- FIG. 11 shows another schematic structural diagram of a credit relay communication device provided by an embodiment of the present application.
- FIG. 12 shows another schematic structural diagram of a trust relay communication device provided by an embodiment of the present application.
- FIG. 13 shows another schematic structural diagram of a credit relay communication device provided by an embodiment of the present application.
- FIG. 14 shows another schematic structural diagram of a credit relay communication device provided by an embodiment of the present application.
- FIG. 15 shows a schematic structural diagram of a communication device provided by an embodiment of the present application.
- FIG. 16 shows a schematic diagram of a hardware structure of a terminal provided by an embodiment of the present application.
- FIG. 17 shows a schematic diagram of a hardware structure of a network-side device provided by an embodiment of the present application.
- first, second and the like in the description and claims of the present application are used to distinguish similar objects, and are not used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments of the present application can be practiced in sequences other than those illustrated or described herein, and "first”, “second” distinguishes Usually it is a class, and the number of objects is not limited.
- the first object may be one or multiple.
- “and/or” in the description and claims indicates at least one of the connected objects, and the character “/" generally indicates that the associated objects are in an "or” relationship.
- LTE Long Term Evolution
- LTE-Advanced LTE-Advanced
- LTE-A Long Term Evolution-Advanced
- CDMA Code Division Multiple Access
- TDMA Time Division Multiple Access
- FDMA Frequency Division Multiple Access
- OFDMA Orthogonal Frequency Division Multiple Access
- SC-FDMA Single-carrier Frequency-Division Multiple Access
- system and “network” in the embodiments of the present application are often used interchangeably, and the described technology can be used not only for the above-mentioned systems and radio technologies, but also for other systems and radio technologies.
- NR New Radio
- the following description describes a New Radio (NR) system for example purposes, and uses NR terminology in most of the description below, but these techniques can also be applied to applications other than NR system applications, such as 6th Generation , 6G) communication system.
- NR New Radio
- FIG. 1 shows a schematic diagram of a wireless communication system to which an embodiment of the present application can be applied.
- the wireless communication system includes a terminal 11 and a network-side device 12 .
- the terminal 11 may also be called a terminal device or a user terminal (User Equipment, UE), and the terminal 11 may be a mobile phone, a tablet computer (Tablet Personal Computer), a laptop computer (Laptop Computer) or a notebook computer, a personal digital computer Assistant (Personal Digital Assistant, PDA), handheld computer, netbook, ultra-mobile personal computer (ultra-mobile personal computer, UMPC), mobile Internet device (Mobile Internet Device, MID), wearable device (Wearable Device) or vehicle-mounted device (VUE), pedestrian terminal (PUE) and other terminal-side devices, wearable devices include: bracelets, headphones, glasses, etc.
- PDA Personal Digital Assistant
- the network side device 12 may be a base station (ie, an access network device) or a core network, where the base station may be referred to as a Node B, an evolved Node B, an access point, a Base Transceiver Station (BTS), a radio base station , radio transceiver, Basic Service Set (BSS), Extended Service Set (ESS), Node B, Evolved Node B (eNB), Home Node B, Home Evolved Node B, WLAN Access Ingress point, WiFi node, Transmitting Receiving Point (TRP) or some other suitable term in the field, as long as the same technical effect is achieved, the base station is not limited to specific technical vocabulary, it should be noted that in this application In the embodiment, only the base station in the NR system is used as an example, but the specific type of the base station is not limited.
- the core network can be composed of multiple network functions, such as Direct Discovery Name Management Function (DDNMF), Unified Data Management Function (UDM), and Access and Mobility Management Function (AMF), etc. These network functions can be set on the same network entity or on different network entities.
- DDNMF Direct Discovery Name Management Function
- UDM Unified Data Management Function
- AMF Access and Mobility Management Function
- FIG. 2 shows a schematic flowchart of a communication method for trusting and relaying in an embodiment of the present application, and the method 200 may be executed by a first UE.
- the method may be performed by software or hardware installed on the first UE.
- the method may include the following steps.
- S210 Receive relationship information delivered by the network side, where the relationship information is used to indicate the trust relationship of the first UE.
- the network side may deliver relationship information indicating the trust relationship (also referred to as a binding relationship) of the first UE to the first UE, and the first UE may determine which UEs are available according to the relationship information.
- Trust UE that is, trusted UE.
- the relationship information may include at least one of the following (1) to (7).
- the first relay service code For example, the network side can deliver the association identifier to the first UE and the second UE that have a trust relationship, and in the relay discovery phase or the connection establishment phase, the second UE can use the first relay service code as part or all of it Based on the received identification information and the first relay service code issued by the network side, the first UE confirms that the second UE is a trusted terminal, and selects the second UE to establish a relay connection .
- association identifier where the association identifier is used to indicate that the first UE has a trust relationship with the second UE, or the association identifier is used to indicate a second UE that has a trust relationship with the first UE
- the terminal identity or user identity of the UE may indicate that the first UE has a trust relationship with the second UE.
- it may be the correspondence between the terminal identity or user identity of the first UE and the terminal identity or user identity of the second UE.
- the associated identifier may also be a terminal identifier or a user identifier of a second UE that has a trust relationship with the first UE, that is, the associated identifier may be one or more terminal identifiers or user identifiers, indicating the one or more terminal identifiers or user identifiers.
- the second UE corresponding to one or more terminal identities or user identities has a trust relationship with the first UE, that is, the second UE corresponding to one or more terminal identities or user identities is a trusted UE.
- the communication terminals with the trust relationship have the same first group of secret keys.
- the network side may deliver the first set of keys to the first UE and the second UE having a trust relationship.
- the second UE can use the first set of secret keys to encrypt the communication information, and the first UE successfully decrypts the communication information using the first set of secret keys, then confirms that the second UE For the credit terminal.
- the second UE may also use the first set of secret keys to sign the authentication information (for example, the terminal identity or user identity of the second UE), and sign the signature information (or (called verification information) is sent to the first UE, the first UE verifies the signature information using the first set of secret keys issued by the network side, and if the verification is passed, the second UE is confirmed as a trusted terminal.
- the authentication information for example, the terminal identity or user identity of the second UE
- sign the signature information or (called verification information) is sent to the first UE
- the first UE verifies the signature information using the first set of secret keys issued by the network side, and if the verification is passed, the second UE is confirmed as a trusted terminal.
- the authentication information is used to verify the identification information.
- the network side can issue authentication information to the first UE and the second UE that have a trust relationship.
- the second UE can use the authentication information to generate identification information and send it to the first UE and the second UE.
- a UE the first UE uses the authentication information to verify the identification information, and if the verification is passed, the second UE is confirmed as a trusted terminal.
- the authentication information may be information such as a verification code, a password, and the like.
- the first UE determines the service type of the second UE according to the identification information of the second UE, determines whether the service type of the second UE is a specific service type, and if so, confirms the second UE's service type.
- the UE is a trusted terminal.
- First slice information It is indicated by the first slice information that the communication terminal on the slice indicated by the first slice information has a trust relationship.
- the network side may consider that there is a trust relationship between communication terminals on a specific slice.
- the first UE determines the slice where the second UE is located according to the identification information of the second UE, and determines whether the slice where the second UE is located is the slice indicated by the first slice information, and if If yes, confirm that the second UE is a trusted terminal.
- First Protocol Data Unit (PDU) session type information It is indicated by the first PDU session type that a communication terminal that executes a PDU session of the type indicated by the first PDU session type information has a trust relationship.
- the network side may consider that there is a trust relationship between communication terminals executing a specific PDU session type.
- the first UE determines the PDU session executed by the second UE according to the identification information of the second UE, and determines whether the PDU session executed by the second UE is the type information of the first PDU session The indicated PDU session, if yes, confirm that the second UE is a trusted terminal.
- the relationship information may only include any one of the above (1) to (7), or may include any combination of two or more of the above (1) to (7).
- the relationship information may include the first relay service code and the first group of secret keys, and the first UE may determine whether to select the second relay service code according to the first relay service code during the relay discovery or relay connection process.
- the UE performs relay communication, and if selected, the first UE and the second UE perform mutual authentication based on the second set of secret keys to determine whether the opposite end is a trusted terminal.
- S212 Receive the identification information sent by the second UE, and based on the relationship information and the identification information, perform a relay connection and/or relay communication with the second UE, or refuse to perform a relay connection with the second UE Relay connections and/or relay communications.
- the first UE determines whether the second UE is a trusted terminal based on the relationship and the identification information, that is, determines whether the second UE is credible, and determines that the second UE is a trusted terminal, then The second UE is selected to perform relay connection and/or relay communication.
- the identification information may include at least one of the following (1) to (7).
- the second relay service code may be delivered by the network side to the second UE.
- the relationship information delivered by the network side includes the association identifier.
- the second UE may generate the encryption information or authentication information based on the second set of keys delivered by the network side.
- the encrypted information may be information obtained by the second UE using the second set of keys to encrypt the information to be encrypted.
- the information to be encrypted may be the terminal identification or user identification of the second UE, or the information to be encrypted may also be encrypted. It may be the communication information sent by the second UE to the first UE.
- the authentication information may be a result obtained by the second UE using the second set of secret keys to calculate the authentication information according to a predetermined algorithm (for example, signature information), where the authentication information may be a terminal identifier or a user identifier of the second UE, or is a random number generated by the second UE, etc.
- a predetermined algorithm for example, signature information
- the authentication information may be a terminal identifier or a user identifier of the second UE, or is a random number generated by the second UE, etc.
- the relationship information delivered by the corresponding network side includes the group key.
- the verification information is the result obtained by performing verification and calculation on the specified information to be verified.
- the information to be verified may be the second relay service code sent by the network side to the second UE, or the second relay service code.
- the slice information where the UE is located may also be the PDU session information executed by the second UE.
- the information can be the verification code or password issued by the network side;
- the second service type information indicates the service type of the service performed by the second UE.
- the second slice information indicates the slice where the second UE is located.
- the relationship information may include the slice information.
- the second PDU session type information indicates the type of PDU session performed by the second UE.
- the identification information may only include any one of the above (1) to (7), or may include any combination of two or more of the above (1) to (7).
- the identification information may include the second relay service code and the second group of secret keys, and the first UE may, in the process of relay discovery or relay connection, use the second relay service code sent by the second UE according to the It is judged whether to select the second UE for relay communication, and if so, the first UE and the second UE perform mutual authentication based on the second set of secret keys to determine whether the opposite end is a trusted terminal.
- the identification information may include the second relay service code and the second group of secret keys
- the first UE may, in the process of relay discovery or relay connection, use the second relay service code sent by the second UE according to the It is judged whether to select the second UE for relay communication, and if so, the first UE and the second UE perform mutual authentication based on the second set of secret keys to determine whether the opposite end is a trusted terminal.
- the identification information may correspond to the relationship information.
- the relationship information includes the first relay service code
- the identification information includes the second relay service code
- the identification information includes the PDU session type executed by the second UE.
- the identification information may not correspond to the relationship information.
- the identification information may include the second PDU session type and the second relay service code executed by the second UE, while the relationship information may not include the PDU session type.
- the first UE can judge whether the second UE is a trusted terminal according to the first relay service code and the second relay service code.
- there is no limitation in this embodiment of the present application as long as the first UE can determine whether the second UE has a trust relationship with the first UE according to the relationship information and the identification information.
- the first UE may first receive the relationship information sent by the network side, and then receive the identification information sent by the second UE, or may first receive the identification information sent by the second UE, and then receive the relationship information sent by the network side. information.
- the method further includes: sending the identification information of the second UE to the network side; then S210 may include: receiving the network side's identification information for the second UE A result returned by the identification information, wherein the result includes the relationship information. That is to say, in this possible implementation manner, after receiving the identification information sent by the second UE, the first UE sends the identification information of the second UE to the network side, and the network side receives the identification information of the second UE Then, the relationship information is returned to the first UE.
- the first UE may acquire the relationship information from the network side during relay discovery or relay connection, that is, when it needs to verify whether the second UE is a trusted UE.
- the first UE may choose to perform relay connection and/or relay communication with the second UE, and after performing the relay connection and/or relay communication Or in the process of relaying communication, in order to prevent the received relationship information from being acquired by other untrusted UEs during the discovery process, the first UE may also request the network side to authenticate the second UE again.
- the method may further include: when performing relay connection and/or relay communication with the second UE, the first UE sends a trust relationship authentication request to the third network function, Wherein, the trust relationship authentication request carries the user identity or terminal identity information of the second UE; receives the trust relationship authentication result sent by the third network function; based on the trust relationship authentication result and the second UE Perform relay connection and/or relay communication, or refuse to perform relay connection and/or relay communication with the second UE.
- the first UE sends a trust relationship authentication request to the third network function to request the third network function to authenticate the trust relationship between the first UE and the second UE, and the third network function receives After the trust relationship authentication request, the trust relationship between the first UE and the second UE is authenticated, the authentication result is returned to the first UE, and the trust relationship authentication result returned by the third network function indicates that the first UE and the second UE are In the case where the two UEs have a trust relationship, the first UE performs relay connection and/or relay communication with the second UE, or, when the authentication result of the trust relationship indicates that the first UE and the second UE do not have trust In the case of a relationship, the relay connection and/or relay communication with the second UE is refused.
- the relationship information is acquired by other untrusted UEs during the discovery process, and the trusted UE pretending to be the first UE can be avoided, and the security of relay communication can be further ensured.
- the third network function may be AMF.
- the third network function may determine whether the first UE and the second UE have a trust relationship according to the trust relationship of the first UE.
- the first UE receives the relationship information indicating the trust relationship of the first UE sent by the network side, and when receiving the identification information sent by the second UE, based on The relationship information and the identification information, perform relay connection and/or relay communication with the second UE, or refuse to perform relay connection and/or relay communication with the second UE, that is, when the first
- a UE determines that the second UE is a trusted UE according to the trust relationship and the identification information, it performs relay connection and/or relay communication with the second UE; otherwise, it refuses to perform relay with the second UE Connect and/or relay communications.
- FIG. 3 shows another schematic flow chart of a method for trusting and relaying communication provided by an embodiment of the present application, and the method 300 may be executed by a first network function.
- the method may be performed by software or hardware installed on the first network function.
- the method may include the following steps.
- S310 Send relationship information to the first UE, where the relationship information is used to indicate the trust relationship of the first UE.
- the relationship information is the same as the relationship information in the method 200.
- the first network function may send the relationship information to each member terminal having a trust relationship. For example, if the first UE has a trust relationship with the second UE, the first network function may send the relationship information to both the first UE and the second UE.
- the first network function may acquire the trust relationship of the first UE from the second network function or an application server, and send relationship information to the first UE based on the trust relationship. Therefore, in this possible implementation manner, before S310, the method may further include the following steps 1 to 2.
- Step 1 Send a request for obtaining a trust relationship to a second network function or an application server, where the request for obtaining a trust relationship carries the user identity or terminal identity of the first UE.
- Step 2 Receive the trust relationship of the first UE returned by the second network function or the application server.
- the trust relationship may be an association relationship between two or more users, that is, the trust relationship indicates an association relationship between two or more users.
- the first UE signs a contract, it indicates that it can serve as a remote terminal of the second UE, or the second UE indicates that it can serve as the first UE when signing a contract. the relay terminal, the first UE has an association relationship with the second UE.
- the trust relationship acquisition request may further carry the user identity or terminal identity of the second UE, that is, the trust relationship acquisition request is used to request to acquire the trust relationship between the first UE and the second UE.
- the two or more users may be users of one of the following: a specific service, a specific slice, a specific data network name (Data Network Name, DNN), and a specific PDU session. That is, two or more users with a specific service, a specific slice, a specific DNN or a specific PDU session have an association relationship, that is, these users can be trusted terminals, and the terminal corresponding to one user can be used as the corresponding terminal of another user.
- the second network function may return the trust relationship to the first network function, and the application server may generate the relationship information according to the trust relationship, and use the first network function to convert the relationship information Transparently transmitted to the first UE. Therefore, optionally, S310 may include: generating the relationship information based on the trust relationship returned by the second network function, and delivering the relationship information to the first UE; or forwarding the information to the first UE. the trust relationship returned by the application server.
- the first network function may be, in the case of receiving the identification information of the second UE sent by the first UE, to send the relationship information to the first UE.
- the first network function includes but is not limited to DDNMF.
- the first network function can deliver the relationship information to the first UE, so that the first UE can determine whether the communication peer, that is, the second UE, is available based on the relationship information. It can improve the security of relay communication.
- FIG. 4 shows another schematic flow chart of the method for trusting and relaying communication provided by an embodiment of the present application.
- the method 400 may be executed by a second network function.
- the method may be performed by software or hardware installed on the second network function.
- the method may include the following steps.
- S410 Receive a first trust relationship acquisition request sent by the first network function, where the first trust relationship acquisition request carries the user identity or terminal identity of the first UE.
- the first network function may be the first network function in the method 300
- the second network function may be the second network function in the method 300 .
- the trust relationship of the first UE may be obtained according to the user identity or terminal identity of the first UE.
- the trust relationship is an association relationship between two or more users.
- the two or more users are users of one of the following: a specific service, a specific slice, a specific DNN, and a specific PDU session.
- the second network function can determine whether the first UE belongs to a specific service, a specific slice, a specific DNN, and a specific PDU session according to the user identity or terminal identity of the first UE, and if so, Then, the trust relationship of the first UE may be acquired based on a specific service, a specific slice, a specific DNN, and a specific PDU session.
- the first trust relationship acquisition request may further carry the user identity or terminal identity of the second UE
- the second network function may be based on the user identity or terminal identity of the first UE and the second UE identity Determines whether the first UE and the second UE belong to a specific service, a specific slice, a specific DNN, and a specific PDU session. If so, it is determined that the first UE and the second UE have a trust relationship.
- S412 Send the trust relationship of the first UE to the first network function.
- the first network function after receiving the trust relationship of the first UE, the first network function generates the relationship information and sends it to the first UE.
- the relationship information For details, reference may be made to the description in the foregoing method 300, which will not be repeated here.
- the method may further include: receiving a second trust relationship acquisition request from a third network function, wherein the second trust relationship acquisition request carries the identification information of the first UE; sending The trust relationship of the first UE is to the third network function.
- the second network function includes but is not limited to UDM.
- the second network function can send the trust relationship of the first UE to the first network function when receiving the request for obtaining the trust relationship of the first network function, so that the first network function can send the trust relationship of the first UE to the first network function.
- the function may, based on the trust relationship, obtain the relationship information described in the above methods 200 and 300, and send the relationship information to the first UE, so that the first UE can use the relay connection and/or relay communication based on The relationship information determines whether the relay peer is a trusted UE, so as to ensure the security of relay communication.
- FIG. 5 shows another schematic flow chart of the method for trusting and relaying communication provided by an embodiment of the present application.
- the method 500 may be executed by a third network function.
- the method may be performed by software or hardware installed on the third network function.
- the method may include the following steps.
- S510 Receive a trust relationship authentication request sent by the first UE, where the trust relationship authentication request carries the user identity or terminal identity information of the second UE.
- the first UE may send the trust relationship authentication request to the third network function when receiving the identification information of the second UE.
- the first UE may send the trust relationship authentication request to the third network function when receiving the identification information of the second UE.
- the third network function may be the third network function in methods 200 to 400 .
- the third network function may determine whether the second UE is a trusted UE of the first UE based on the trust relationship of the first UE, that is, determine whether the second UE is a trusted UE of the first UE Have a relationship of trust.
- the trust relationship may be the same as the trust relationship in the method 400 , for details, please refer to the relevant description in the above-mentioned method 400 .
- the third network function may determine whether the first UE and the second UE both belong to a specific service, a specific slice, A specific DNN, and a specific PDU session, if yes, it is determined that the first UE and the second UE have a trust relationship.
- the third network function may determine whether the user identity or terminal identity of the second UE is one of one or more user identities or terminal identities, if If yes, the second UE is a trusted UE of the first UE.
- the first UE may send the trust relationship authentication result to the third network function when the second UE performs relay connection and/or relay communication.
- the second UE performs relay connection and/or relay communication.
- the third network function may acquire the trust relationship of the first UE from the second network function. Therefore, in this possible implementation manner, before sending the trust relationship authentication result to the first UE, the method further includes: sending a trust relationship acquisition request to the second network function, wherein the trust relationship acquisition request carries There is the identification information of the first UE; and the trust relationship of the first UE returned by the second network function is received.
- the trust relationship acquisition request carries There is the identification information of the first UE; and the trust relationship of the first UE returned by the second network function is received.
- the third network function may also send the trust relationship of the first UE to the access network device corresponding to the first UE, so that the access network device can assign the first UE and the first UE to the access network device.
- the access network device can assign the first UE and the first UE to the access network device.
- the third network function can authenticate the trust relationship between the first UE and the second UE, and authenticate the trust relationship between the first UE and the second UE.
- the right result is returned to the first UE, so that the first UE can know whether the second UE is a trusted UE, and then determine whether to continue to perform relay connection and/or relay communication with the second UE, so as to ensure the safety of relay communication. .
- FIG. 6 shows another schematic flow chart of the method for communicating by trusting and relaying provided by the embodiment of the present application.
- the method 600 may be executed by the first access network.
- the method may be performed by software or hardware installed on the first access network device.
- the method may include the following steps.
- S610 Receive the trust relationship of the first UE sent by the second access network device or the third network function.
- the first access network device may receive the trust relationship of the first UE sent by the third network function.
- the first access network device may receive the trust relationship of the first UE sent by the third network function.
- the first access network device receives the trust relationship of the first UE sent by the third network function.
- the first access network device may also receive the trust relationship sent by the second access network device. For example, during the handover process of the first UE, the trust relationship sent by the second access device is received, where the second access device is the source access device in the handover process, and the first access device is the source access device in the handover process. An access device is the target access device in the handover process.
- the trust relationship of the first UE is the same as the trust relationship of the first UE in the foregoing methods 200 to 500.
- S620 based on the trust relationship, perform resource scheduling established by the connection between the first UE and the second UE on the PC5 or reject the resource scheduling established by the first UE and the second UE on the PC5.
- the first access network device can determine whether the second UE is a trusted UE of the first UE according to the trust relationship, and if so, execute the connection establishment between the first UE and the second UE in PC5 Otherwise, the resource scheduling established by the connection between the first UE and the second UE on PC5 is rejected, so as to further ensure the security of relay communication.
- FIG. 7 shows another schematic flow chart of the method for trusting relay communication provided by an embodiment of the present application.
- the method 700 may be executed by the first UE, the 5G DDNMF, the UDM, and the application server (AF).
- the method may be performed by software or hardware installed on the first UE, the 5G DDNMF, the UDM and the application server (AF).
- the method may include the following steps.
- the first UE sends a discovery (discovery) request to the 5G DDNMF, where the discovery request is used to request the network side to provide a relay service code (relay service code).
- the discovery request may carry 0 or more The identity of the second UE (user identity or terminal identity).
- the 5G DDNMF sends a binding relationship acquisition request (also referred to as a trust relationship acquisition request) to the UDM and/or the application server, where the binding relationship acquisition request is used to acquire the binding relationship of the first UE (also referred to as a trust relationship acquisition request) trust relationship), the binding relationship is a relationship between two or more users.
- a binding relationship acquisition request also referred to as a trust relationship acquisition request
- the binding relationship acquisition request is used to acquire the binding relationship of the first UE (also referred to as a trust relationship acquisition request) trust relationship
- the binding relationship is a relationship between two or more users.
- the request for obtaining the binding relationship further includes an identifier of the second UE, which is used to indicate a request to obtain the association relationship between the first UE and the second UE.
- the UDM provides a binding relationship to the 5G DDNMF, and the 5G DDNMF generates relationship information based on the binding relationship provided by the UDM; or, the application server determines the binding relationship with the first UE based on the service layer, and generates the relationship based on the binding relationship. information.
- the relationship information may include at least one of the following: a first relay service code, a group key, and indication information indicating whether the first UE and the second UE have a binding relationship (for example, if the indication information includes the identifier of the second UE) , indicating that the first UE and the second UE have a binding relationship), or a user identity or terminal identity (the identity may include one or more, that is, one or more users bound by the first UE), authentication information , Service type (such as binding relationship on a specific service), binding slice (binding relationship on a specific slice), binding DNN (binding relationship on a specific DNN), binding PDU session type (Binding relationship on a specific PDU session type), etc.
- Service type such as binding relationship on a specific service
- binding slice binding relationship on a specific slice
- binding DNN binding relationship on a specific DNN
- binding PDU session type Binding relationship on a specific PDU session type
- the 5G DDNMF may deliver the relationship information to each user equipment with a binding relationship, that is, to each user equipment with a binding relationship.
- the 5G DDNMF or the application server sends the first relay service code and/or group key to the first UE.
- FIG. 8 shows another schematic flow chart of a method for trusting relay communication provided by an embodiment of the present application.
- the method 800 may be executed by the first UE, the AMF, and the UDM.
- the method may be performed by software or hardware installed on the first UE, AMF and UDM.
- the method may include the following steps.
- the first UE sends a binding relationship authentication request (also referred to as a trust relationship acquisition request) to the AMF, where the binding relationship authentication request carries the identifier of the second UE, and the binding relationship authentication request is used for Request AMF to authenticate whether the second UE has a binding relationship with the first UE.
- a binding relationship authentication request also referred to as a trust relationship acquisition request
- the AMF sends the binding relationship to retrieve the UDM, which is used to retrieve the binding relationship of the first UE, and the retrieval request message carries the identifier of the first UE.
- the AMF receives the binding relationship provided by the UDM.
- the AMF determines whether the first UE and the second UE have a binding relationship based on the binding relationship, and sends the determination result to the first UE.
- FIG. 9 shows another schematic flow chart of a method for communicating by a trusted relay provided by an embodiment of the present application.
- the method 900 may be executed by a first UE and a second UE.
- the method may be performed by software or hardware installed in the first UE and the second UE.
- the method may include the following steps.
- the first UE and the second UE are performing a discovery process or a connection establishment process.
- S912 Identification information carried by the first UE in the discovery message or the direct communication request message, where the identification information is used to indicate the trust relationship of the first UE.
- the identification information may include the first relay service code and the group key.
- the second UE selects the first UE based on the identification information and the relationship information delivered by the network side.
- the second UE can determine whether the first relay service code sent by the first UE is the same as the second relay service code in the relationship information sent by the network side, and if they are the same, the second UE can select the first UE for relaying .
- the second UE and the first UE are mutually authenticated based on the group key, and determine whether the opposite end is a trusted UE.
- the second UE when the second UE performs relay connection and/or relay communication with the first UE, it can determine whether the opposite end is a trusted UE, thereby ensuring the safety of relay communication .
- the execution subject may be a credit relay communication device, or a control module in the credit relay communication device for executing the credit relay communication method.
- the method for performing a credit relay communication by a credit relay communication device is taken as an example to describe the credit relay communication device provided by the embodiments of the present application.
- FIG. 10 shows a schematic structural diagram of a credit relay communication apparatus provided by an embodiment of the application.
- the credit relay communication apparatus 1000 may include: a first receiving module 1001 , a second receiving module 1002 and a communication module 1003 .
- the first receiving module 1001 is configured to receive relationship information delivered by the network side, where the relationship information is used to indicate the trust relationship of the first UE;
- the second receiving module 1002 is configured to Receive the identification information sent by the second UE;
- the communication module 1003 is configured to perform relay connection and/or relay communication with the second UE based on the relationship information and the identification information, or refuse to communicate with the second UE The two UEs perform relay connections and/or relay communications.
- the relationship information includes at least one of the following:
- association identifier is used to indicate that the first UE has a trust relationship with the second UE, or the association identifier is used to indicate the terminal identifier of the second UE that has a trust relationship with the first UE, or User ID;
- the first set of secret keys is the first set of secret keys
- the authentication information is used to verify the identification information
- the first PDU session type information The first PDU session type information.
- the identification information includes at least one of the following:
- Verification information the verification information is the result obtained by performing verification calculation on the specified information to be verified
- the second protocol data unit PDU session type information The second protocol data unit PDU session type information.
- it further includes: a first sending module, wherein,
- the first sending module configured to send the identification information of the second UE to the network side before the first receiving module 1001 receives the relationship information delivered by the network side;
- the first receiving module 1001 receiving the relationship information delivered by the network side includes: receiving a result returned by the network side for the identification information of the second UE, where the result includes the relationship information.
- the communication module 1003 is further configured to:
- a trust relationship authentication request is sent to a third network function, wherein the trust relationship authentication request carries the user of the second UE identification or terminal identification information;
- the credit relay communication device in the embodiment of the present application may be a device, or may be a component, an integrated circuit, or a chip in a terminal.
- the device may be a mobile terminal or a non-mobile terminal.
- the mobile terminal may include, but is not limited to, the types of terminals 11 listed above, and the non-mobile terminal may be a server, a network attached storage (NAS), a personal computer (personal computer, PC), a television ( television, TV), teller machine, or self-service machine, etc., which are not specifically limited in the embodiments of the present application.
- the trusted relay communication device in the embodiment of the present application may be a device with an operating system.
- the operating system may be an Android (Android) operating system, an ios operating system, or other possible operating systems, which are not specifically limited in the embodiments of the present application.
- the credit relay communication device provided in the embodiment of the present application can implement each process implemented by the first UE in the method embodiments of FIG. 2 to FIG. 9 , and achieve the same technical effect. To avoid repetition, details are not repeated here.
- FIG. 11 shows another schematic structural diagram of a credit relay communication apparatus provided by an embodiment of the present application.
- the credit relay communication apparatus 1100 includes: a first obtaining module 1101 and a second sending module 1102 .
- the first obtaining module 1101 is configured to obtain relationship information, where the relationship information is used to indicate the trust relationship of the first UE; the second sending module 1102 is configured to send the relationship information .
- the relationship information includes at least one of the following:
- association identifier is used to indicate that the first UE has a trust relationship with the second UE, or the association identifier is used to indicate the terminal identifier of the second UE that has a trust relationship with the first UE, or User ID;
- the first set of secret keys is the first set of secret keys
- the authentication information is used to verify the identification information
- the first PDU session type information The first PDU session type information.
- the method further includes: a third receiving module, wherein:
- the second sending module 1102 is further configured to send a trust relationship acquisition request to a second network function or an application server before sending the relationship information to the first UE, wherein the trust relationship acquisition request carries the first UE's user identity or terminal identity;
- the third receiving module is configured to receive the trust relationship of the first UE returned by the second network function or the application server.
- the trust relationship is an association relationship between two or more users.
- the two or more users are users of one of the following: a specific service, a specific slice, a specific DNN, and a specific PDU session.
- the second sending module 1102 sends relationship information to the first UE, including:
- the relationship information is generated and delivered to the first UE; or,
- the trust relationship returned by the application server is forwarded to the first UE.
- the credit relay communication device provided in the embodiment of the present application can implement each process of realizing the first network function in the method embodiments of FIG. 2 to FIG. 9 , and achieve the same technical effect. To avoid repetition, details are not repeated here.
- FIG. 12 shows another schematic structural diagram of a credit relay communication apparatus provided by an embodiment of the present application.
- the credit relay communication apparatus 1200 may include: a fourth receiving module 1201 and a third sending module 1202 .
- the fourth receiving module 1201 is configured to receive a first trust relationship acquisition request sent by a first network function, where the first trust relationship acquisition request carries the user identity or terminal identity of the first UE ; a third sending module 1202, configured to send the trust relationship of the first UE to the first network function.
- the trust relationship is an association relationship between two or more users.
- the two or more users are users of one of the following: a specific service, a specific slice, a specific DNN, and a specific PDU session.
- the first trust relationship acquisition request further carries the user identity or terminal identity of the second UE.
- the fourth receiving module 1202 is further configured to receive a second trust relationship acquisition request from a third network function, where the second trust relationship acquisition request carries the information of the first UE. identification information; the third sending module 1202 is further configured to send the trust relationship of the first UE to a third network function.
- the credit relay communication device provided in the embodiment of the present application can implement the various processes of implementing the second network function in the method embodiments of FIG. 2 to FIG. 9, and achieve the same technical effect. To avoid repetition, details are not repeated here.
- FIG. 13 shows another schematic structural diagram of a credit relay communication apparatus provided by an embodiment of the present application.
- the credit relay communication apparatus 1300 may include: a fifth receiving module 1301 and a fourth sending module 1302 .
- the fifth receiving module 1301 is configured to receive a trust relationship authentication request sent by the first UE, wherein the trust relationship authentication request carries the user identity or terminal identity information of the second UE;
- the fourth sending module 1302 is configured to send the trust relationship authentication result to the first UE based on the trust relationship of the first UE.
- the fourth sending module 1302 is further configured to send a trust relationship acquisition request to the second network function before sending the trust relationship authentication result to the first UE, wherein the trust relationship acquisition request carries the identification information of the first UE; the fifth receiving module 1301 is further configured to receive the trust relationship of the first UE returned by the second network function.
- the fourth sending module 1302 is further configured to send the trust relationship to the access network device corresponding to the first UE.
- the credit relay communication device provided by the embodiment of the present application can implement each process of implementing the third network function in the method embodiments of FIG. 2 to FIG. 9 , and achieve the same technical effect. To avoid repetition, details are not repeated here.
- FIG. 14 shows another schematic structural diagram of the credit relay communication apparatus provided by the embodiment of the present application.
- the credit relay communication apparatus 1400 may include a sixth receiving module 1401 and an executing module 1402 .
- the sixth receiving module 1401 is configured to receive the trust relationship of the first UE sent by the second access network device or the third network function; the executing module 1402 is configured to execute the first UE based on the trust relationship.
- the resource scheduling established by the connection between a UE and the second UE in PC5 or the resource scheduling established by the connection between the first UE and the second UE in PC5 is rejected.
- the sixth receiving module 1401 receives the trust relationship of the first UE sent by the second access network device or the third network function, including:
- the trust relationship sent by the second access device is received, where the second access device is the source access device in the handover process, and the first access device is the source access device in the handover process.
- the incoming device is the target access device in the handover process.
- the credit relay communication apparatus provided in the embodiments of the present application can implement each process implemented by the first access network device in the method embodiments of FIG. 2 to FIG. 9 , and achieve the same technical effect. To avoid repetition, details are not described here.
- an embodiment of the present application further provides a communication device 1500 , including a processor 1501 , a memory 1502 , and programs or instructions stored in the memory 1502 and executable on the processor 1501
- a communication device 1500 including a processor 1501 , a memory 1502 , and programs or instructions stored in the memory 1502 and executable on the processor 1501
- the communication device 1500 is a terminal
- the program or instruction is executed by the processor 1501
- each process of the above-mentioned embodiment of the credit relay communication method 200 can be realized, and the same technical effect can be achieved.
- the communication device 1500 is a network-side device, when the program or instruction is executed by the processor 1501, each process of the above-mentioned embodiments of the credit relay communication method 300 to 600 can be realized, and the same technical effect can be achieved. Repeat.
- FIG. 16 is a schematic diagram of a hardware structure of a terminal implementing an embodiment of the present application.
- the terminal 1600 includes but is not limited to: a radio frequency unit 1601, a network module 1602, an audio output unit 1603, an input unit 1604, a sensor 1605, a display unit 1606, a user input unit 1607, an interface unit 1608, a memory 1609, a processor 1610 and other components .
- the terminal 1600 may also include a power source (such as a battery) for supplying power to various components, and the power source may be logically connected to the processor 1610 through a power management system, so as to manage charging, discharging, and power consumption through the power management system management and other functions.
- a power source such as a battery
- the terminal structure shown in FIG. 16 does not constitute a limitation on the terminal, and the terminal may include more or less components than shown, or combine some components, or arrange different components, which will not be repeated here.
- the input unit 1604 may include a graphics processor (Graphics Processing Unit, GPU) 16041 and a microphone 16042. Such as camera) to obtain still pictures or video image data for processing.
- the display unit 1606 may include a display panel 16061, which may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like.
- the user input unit 1607 includes a touch panel 16071 and other input devices 16072 . Touch panel 16071, also called touch screen.
- the touch panel 16071 may include two parts, a touch detection device and a touch controller.
- Other input devices 16072 may include, but are not limited to, physical keyboards, function keys (such as volume control keys, switch keys, etc.), trackballs, mice, and joysticks, which are not described herein again.
- the radio frequency unit 1601 receives the downlink data from the network side device, and then processes it to the processor 1610; in addition, sends the uplink data to the network side device.
- the radio frequency unit 1601 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like.
- Memory 1609 may be used to store software programs or instructions as well as various data.
- the memory 1609 may mainly include a storage program or instruction area and a storage data area, wherein the stored program or instruction area may store an operating system, an application program or instruction required for at least one function (such as a sound playback function, an image playback function, etc.) and the like.
- the memory 1609 may include a high-speed random access memory, and may also include a non-volatile memory, wherein the non-volatile memory may be a read-only memory (Read-Only Memory, ROM), a programmable read-only memory (Programmable ROM, PROM) ), erasable programmable read-only memory (ErasablePROM, EPROM), electrically erasable programmable read-only memory (Electrically EPROM, EEPROM) or flash memory.
- ROM Read-Only Memory
- PROM programmable read-only memory
- ErasablePROM ErasablePROM
- EPROM electrically erasable programmable read-only memory
- EEPROM electrically erasable programmable read-only memory
- flash memory for example at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device.
- the processor 1610 may include one or more processing units; optionally, the processor 1610 may integrate an application processor and a modem processor, wherein the application processor mainly processes the operating system, user interface, application programs or instructions, etc., Modem processors mainly deal with wireless communications, such as baseband processors. It can be understood that, the above-mentioned modulation and demodulation processor may not be integrated into the processor 1610.
- the radio frequency unit 1601 is configured to receive relationship information sent by the network side, where the relationship information is used to indicate the trust relationship of the first UE; and receive identification information sent by the second UE;
- a processor 1610 configured to perform relay connection and/or relay communication with the second UE based on the relationship information and the identification information, or refuse to perform relay connection and/or relay communication with the second UE relay communication.
- the network device 1700 includes: an antenna 1701 , a radio frequency device 1702 , and a baseband device 1703 .
- the antenna 1701 is connected to the radio frequency device 1702 .
- the radio frequency device 1702 receives information through the antenna 1701, and sends the received information to the baseband device 1703 for processing.
- the baseband device 1703 processes the information to be sent and sends it to the radio frequency device 1702
- the radio frequency device 1702 processes the received information and sends it out through the antenna 1701 .
- the above-mentioned frequency band processing apparatus may be located in the baseband apparatus 1703 , and the method performed by the network side device in the above embodiments may be implemented in the baseband apparatus 1703 .
- the baseband apparatus 1703 includes a processor 1704 and a memory 1705 .
- the baseband device 1703 may include, for example, at least one baseband board on which a plurality of chips are arranged, as shown in FIG. 17 , one of the chips is, for example, the processor 1704 , which is connected to the memory 1705 to call a program in the memory 1705 to execute
- the network devices shown in the above method embodiments operate.
- the baseband device 1703 may further include a network interface 1706 for exchanging information with the radio frequency device 1702, and the interface is, for example, a common public radio interface (CPRI for short).
- CPRI common public radio interface
- the network-side device in this embodiment of the present invention further includes: an instruction or program stored in the memory 1705 and executable on the processor 1704, and the processor 1704 invokes the instruction or program in the memory 1705 to execute the instructions or programs in FIG. 11 to FIG. 14 . In order to avoid repetition, it is not repeated here.
- Embodiments of the present application further provide a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or instruction is executed by a processor, each process of the above embodiment of the method for trust-granting relay communication is implemented, and can To achieve the same technical effect, in order to avoid repetition, details are not repeated here.
- the processor is the processor in the terminal described in the foregoing embodiment.
- the readable storage medium includes a computer-readable storage medium, such as a computer read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a magnetic disk or an optical disk, and the like.
- An embodiment of the present application further provides a chip, where the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is used for running network-side device programs or instructions to implement the above-mentioned credit relaying
- the chip includes a processor and a communication interface
- the communication interface is coupled to the processor
- the processor is used for running network-side device programs or instructions to implement the above-mentioned credit relaying
- a computer program product comprising a processor, a memory, and a program or instruction stored on the memory and executable on the processor, when the program or instruction is executed by the processor.
- the chip mentioned in the embodiments of the present application may also be referred to as a system-on-chip, a system-on-chip, a system-on-chip, or a system-on-a-chip, or the like.
- the method of the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation.
- the technical solution of the present application can be embodied in the form of a software product in essence or in a part that contributes to the prior art, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, CD-ROM), including several instructions to make a terminal (which may be a mobile phone, a computer, a server, or a network device, etc.) execute the methods described in the various embodiments of this application.
- a storage medium such as ROM/RAM, magnetic disk, CD-ROM
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本申请公开了一种授信中继通信方法、装置、终端及网络侧设备,属于无线通信技术领域。其中,一种授信中继通信方法,应用于第一UE,该方法包括:接收网络侧下发的关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;接收第二UE发送的识别信息,基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
Description
交叉引用
本发明要求在2020年12月17日提交中国专利局、申请号为202011503936.8、发明名称为“授信中继通信方法、装置、终端及网络侧设备”的中国专利申请的优先权,该申请的全部内容通过引用结合在本发明中。
本申请属于无线通信技术领域,具体涉及一种授信中继通信方法、装置、终端及网络侧设备。
在现有通信系统中,对于层三(Layer 3,L3)方式的中继通信,在没有非3GPP互通功能(Non-3GPP InterWorking Function,N3IWF)参与的场景下,中继(relay)终端(User Equipment,UE)能够在协议数据单元(Protocol Data Unit,PDU)层级别识别远端(remote)UE的数据(分组数据汇聚协议(Packet Data Convergence Protocol,PDCP)以上),如果中继UE不是一个受信任的中继,则存在安全隐患或隐私隐患。但在目前的中继通信中,在建立中继连接和/或中继通信时,尚未给出确定通信对端是否可信的技术方案。
发明内容
本申请实施例提供一种授信中继通信方法、装置、终端及网络侧设备,能够解决在建立中继连接和/或中继通信时,无法确定通信对端是否可信的问 题。
第一方面,提供了一种授信中继通信方法,应用于第一UE,该方法包括:接收网络侧下发的关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;接收第二UE发送的识别信息,基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
第二方面,提供了一种授信中继通信装置,包括:第一接收模块,用于接收网络侧下发的关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;第二接收模块,用于接收第二UE发送的识别信息;通信模块,用于基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
第三方面,提供了一种授信中继通信方法,应用于第一网络功能实体,包括:发送关系信息给第一UE,其中,所述关系信息用于指示所述第一UE的信任关系。
第四方面,提供了一种授信中继通信装置,包括:第一获取模块,用于获取关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;第二发送模块,用于发送所述关系信息。
第五方面,提供了一种授信中继通信方法,应用于第二网络功能,包括:接收第一网络功能发送的第一信任关系获取请求,其中,所述第一信任关系获取请求中携带第一UE的用户标识或者终端标识;发送所述第一UE的信任关系给第一网络功能。
第六方面,提供了一种授信中继通信装置,包括:第四接收模块,用于接收第一网络功能发送的第一信任关系获取请求,其中,所述第一信任关系获取请求中携带第一UE的用户标识或者终端标识;第三发送模块,用于发送所述第一UE的信任关系给所述第一网络功能。
第七方面,提供了一种授信中继通信方法,应用于第三网络功能,包括: 接收第一UE发送的信任关系鉴权请求,其中,所述信任关系鉴权请求中携带有第二UE的用户标识或终端标识信息;基于第一UE的信任关系,发送信任关系鉴权结果给第一UE。
第八方面,提供了一种授信中继通信装置,包括:第五接收模块,用于接收第一UE发送的信任关系鉴权请求,其中,所述信任关系鉴权请求中携带有第二UE的用户标识或终端标识信息;第四发送模块,用于基于第一UE的信任关系,发送信任关系鉴权结果给第一UE。
第九方面,提供了一种授信中继通信方法,应用于第一接入网设备,包括:接收第二接入网设备或者第三网络功能发送的第一UE的信任关系;基于所述信任关系,执行第一UE与第二UE在PC5连接建立的资源调度或者拒绝第一UE与第二UE在PC5连接建立的资源调度。
第十方面,提供了一种授信中继通信装置,包括:第六接收模块,用于接收第二接入网设备或者第三网络功能发送的第一UE的信任关系;执行模块,用于基于所述信任关系,执行第一UE与第二UE在PC5连接建立的资源调度或者拒绝第一UE与第二UE在PC5连接建立的资源调度。
第十一方面,提供了一种终端,该终端包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序或指令,所述程序或指令被所述处理器执行时实现如第一方面所述的方法的步骤。
第十二方面,提供了一种网络侧设备,该网络侧设备包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序或指令,所述程序或指令被所述处理器执行时实现如第三方面所述的方法的步骤,或实现如第五方面所述的方法的步骤,或实现如第七方面所述的方法的步骤,或实现如第九方面所述的方法的步骤。
第十三方面,提供了一种可读存储介质,所述可读存储介质上存储程序或指令,所述程序或指令被处理器执行时实现如第一方面所述的方法的步骤,或实现如第三方面所述的方法的步骤,或实现如第五方面所述的方法的步骤, 或实现如第七方面所述的方法的步骤,或实现如第九方面所述的方法的步骤。
第十四方面,提供了一种芯片,所述芯片包括处理器和通信接口,所述通信接口和所述处理器耦合,所述处理器用于运行终端程序或指令,实现如第一方面所述的方法的步骤,所述处理器用于运行网络侧设备程序或指令,实现如第三方面所述的方法的步骤,或实现如第五方面所述的方法的步骤,或实现如第七方面所述的方法的步骤,或实现如第九方面所述的方法的步骤。
第十五方面,提供了一种计算机程序产品,该计算机程序产品存储于非瞬态的存储介质,所述计算机程序产品被所述处理器执行时实现如第一方面所述的方法的步骤,或实现如第三方面所述的方法的步骤,或实现如第五方面所述的方法的步骤,或实现如第七方面所述的方法的步骤,或实现如第九方面所述的方法的步骤。
在本申请实施例中,第一UE接收网络侧下发的指示所述第一UE的信任关系的关系信息,在接收到第二UE发送的识别信息时,基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信,即当第一UE根据所述信任关系和所述识别信息判断第二UE为信任的UE时,则与第二UE执行中继连接和/或中继通信,否则,拒绝与所述第二UE执行中继连接和/或中继通信。从而确保只与授信的终端执行中继连接和/或中继通信,保证中继通信的安全。
图1示出本申请实施例可应用的一种无线通信系统的示意图;
图2示出本申请实施例提供的授信中继通信方法的一种流程示意图;
图3示出本申请实施例提供的授信中继通信方法的另一种流程示意图;
图4示出本申请实施例提供的授信中继通信方法的又一种流程示意图;
图5示出本申请实施例提供的授信中继通信方法的又一种流程示意图;
图6示出本申请实施例提供的授信中继通信方法的又一种流程示意图;
图7示出本申请实施例提供的授信中继通信方法的又一种流程示意图;
图8示出本申请实施例提供的授信中继通信方法的又一种流程示意图;
图9示出本申请实施例提供的授信中继通信方法的又一种流程示意图;
图10示出本申请实施例提供的授信中继通信装置的一种结构示意图;
图11示出本申请实施例提供的授信中继通信装置的另一种结构示意图;
图12示出本申请实施例提供的授信中继通信装置的又一种结构示意图;
图13示出本申请实施例提供的授信中继通信装置的又一种结构示意图;
图14示出本申请实施例提供的授信中继通信装置的又一种结构示意图;
图15示出本申请实施例提供的一种通信设备的结构示意图;
图16示出本申请实施例提供的一种终端的硬件结构示意图;
图17示出本申请实施例提供的一种网络侧设备的硬件结构示意图。
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员所获得的所有其他实施例,都属于本申请保护的范围。
本申请的说明书和权利要求书中的术语“第一”、“第二”等是用于区别类似的对象,而不用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施,且“第一”、“第二”所区别的对象通常为一类,并不限定对象的个数,例如第一对象可以是一个,也可以是多个。此外,说明书以及权利要求中“和/或”表示所连接对象的至少其中之一,字符“/”一般表示前后关联对象是一种“或”的关系。
值得指出的是,本申请实施例所描述的技术不限于长期演进型(Long Term Evolution,LTE)/LTE的演进(LTE-Advanced,LTE-A)系统,还可用 于其他无线通信系统,诸如码分多址(Code Division Multiple Access,CDMA)、时分多址(Time Division Multiple Access,TDMA)、频分多址(Frequency Division Multiple Access,FDMA)、正交频分多址(Orthogonal Frequency Division Multiple Access,OFDMA)、单载波频分多址(Single-carrier Frequency-Division Multiple Access,SC-FDMA)和其他系统。本申请实施例中的术语“系统”和“网络”常被可互换地使用,所描述的技术既可用于以上提及的系统和无线电技术,也可用于其他系统和无线电技术。以下描述出于示例目的描述了新空口(NewRadio,NR)系统,并且在以下大部分描述中使用NR术语,但是这些技术也可应用于NR系统应用以外的应用,如第6代(6
thGeneration,6G)通信系统。
图1示出本申请实施例可应用的一种无线通信系统的示意图。无线通信系统包括终端11和网络侧设备12。其中,终端11也可以称作终端设备或者用户终端(User Equipment,UE),终端11可以是手机、平板电脑(Tablet Personal Computer)、膝上型电脑(Laptop Computer)或称为笔记本电脑、个人数字助理(Personal Digital Assistant,PDA)、掌上电脑、上网本、超级移动个人计算机(ultra-mobile personal computer,UMPC)、移动上网装置(Mobile Internet Device,MID)、可穿戴式设备(Wearable Device)或车载设备(VUE)、行人终端(PUE)等终端侧设备,可穿戴式设备包括:手环、耳机、眼镜等。需要说明的是,在本申请实施例并不限定终端11的具体类型。网络侧设备12可以是基站(即接入网设备)或核心网,其中,基站可被称为节点B、演进节点B、接入点、基收发机站(Base Transceiver Station,BTS)、无线电基站、无线电收发机、基本服务集(Basic Service Set,BSS)、扩展服务集(Extended Service Set,ESS)、B节点、演进型B节点(eNB)、家用B节点、家用演进型B节点、WLAN接入点、WiFi节点、发送接收点(TransmittingReceivingPoint,TRP)或所述领域中其他某个合适的术语,只要达到相同的技术效果,所述基站不限于特定技术词汇,需要说明的是,在本申请实施例中仅以NR系统 中的基站为例,但是并不限定基站的具体类型。
核心网可以由多个网络功能组成,例如,直接发现名称管理功能(DDNMF)、统一数据管理功能(Unified Data Management,UDM)以及接入和移动管理功能(Access and Mobility Management Function,AMF)等,这些网络功能可以设置在同一网络实体上,也可以设置在不同的网络实体上。
下面结合附图,通过具体的实施例及其应用场景对本申请实施例提供的授信中继通信方法进行详细地说明。
图2示出本申请实施例中的授信中继通信方法的一种流程示意图,该方法200可以由第一UE执行。换言之,所述方法可以由安装在第一UE上的软件或硬件来执行。如图2所示,该方法可以包括以下步骤。
S210,接收网络侧下发的关系信息,其中,所述关系信息用于指示所述第一UE的信任关系。
在本申请实施例中,网络侧可以向第一UE下发指示第一UE的信任关系(也可以称为绑定关系)的关系信息,第一UE根据该关系信息,可以确定哪些UE是可信UE,即授信UE。
在一个可能的实现方式中,所述关系信息可以包括以下(1)至(7)中至少之一。
(1)第一中继业务码。例如,网络侧可以将该关联标识下发给具有信任关系的第一UE和第二UE,在中继发现阶段或连接建立阶段,第二UE可以将该第一中继业务码作为部分或全部的识别信息,发送给第一UE,第一UE基于接收到的识别信息和网络侧下发的第一中继业务码,确认第二UE是授信终端,选择所述第二UE建立中继连接。
(2)关联标识,其中,所述关联标识用于指示所述第一UE与所述第二UE具有信任关系,或者所述关联标识用于指示与所述第一UE具有信任关系的第二UE的终端标识或者用户标识。也就是说,在该可能的实现方式中,网络侧下发的关系信息可以是指示所述第一UE与所述第二UE具有信任关 系。例如,可以是第一UE的终端标识或用户标识与第二UE的终端标识或用户标识的对应关系。或者,该关联标识也可以是与所述第一UE具有信任关系的第二UE的终端标识或用户标识,也就是说,该关联标识可以是一个或多个终端标识或用户标识,指示该一个或多个终端标识或用户标识对应的第二UE与所述第一UE具有信任关系,即一个或多个终端标识或用户标识对应的第二UE为授信UE。
(3)第一组秘钥。其中,具有信任关系的通信终端具有相同的第一组秘钥。例如,网络侧可以向具有信任关系的第一UE和第二UE下发第一组秘钥。在中继发现或中继连接过程中,第二UE可以使用该第一组秘钥对通信信息进行加密,第一UE使用该第一组秘钥对通信信息进行解密成功,则确认第二UE为授信终端。或者,在中继发现或中继连接过程中,第二UE也可以使用该第一组秘钥对待认证信息(例如,第二UE的终端标识或用户标识)进行签名,将签名信息(也可以称为校验信息)发送给第一UE,第一UE使用网络侧下发的第一组秘钥对该签名信息进行验签,如果验签通过,则确认第二UE为授信终端。
(4)鉴权信息,其中,所述鉴权信息用于对所述识别信息进行校验。例如,网络侧可以向具有信任关系的第一UE和第二UE下发鉴权信息,在中继发现或中继连接过程中,第二UE可以使用该鉴权信息生成识别信息,发送给第一UE,第一UE使用该鉴权信息对该识别信息进行校验,校验通过,则确认第二UE为授信终端。其中,鉴权信息可以是验证码、密码等信息。
(5)第一业务类型信息。通过第一业务类型信息,指示执行所述第一业务类型信息指示的业务的终端具有信任关系。在该可能的实现方式中,网络侧可以认为特定的业务类型的通信终端之间具有信任关系。在中继发现或中继连接过程中,第一UE根据第二UE的识别信息确定第二UE的业务类型,判断第二UE的业务类型是否为特定的业务类型,如果是,则确认第二UE为授信终端。
(6)第一切片信息。通过所述第一切片信息指示在所述第一切片信息指示的切片上的通信终端具有信任关系。在该可能的实现方式中,网络侧可以认为特定的切片上的通信终端之间具有信任关系。在中继发现或中继连接过程中,第一UE根据第二UE的识别信息确定第二UE所在的切片,判断第二UE所在的切片是否为所述第一切片信息指示的切片,如果是,则确认第二UE为授信终端。
(7)第一协议数据单元(PDU)会话类型信息。通过所述第一PDU会话类型指示执行所述第一PDU会话类型信息指示的类型的PDU会话的通信终端具有信任关系。在该可能的实现方式中,网络侧可以认为执行特定的PDU会话类型的通信终端之间具有信任关系。在中继发现或中继连接过程中,第一UE根据第二UE的识别信息确定第二UE所执行的PDU会话,判断第二UE所执行的PDU会话是否为所述第一PDU会话类型信息指示的PDU会话,如果是,则确认第二UE为授信终端。
需要说明的是,所述关系信息可以只包含上述(1)至(7)中的任一项,也可以包括上述(1)至(7)中的两项或多项的任意组合。例如,所述关系信息中可以包括第一中继业务码和第一组秘钥,则第一UE可以在中继发现或中继连接过程中,根据第一中继业务码判断是否选择第二UE进行中继通信,如果选择,则第一UE和第二UE再基于第二组秘钥进行相互认证,以确定对端是否为授信终端。当然,在具体应用中,还可以有其它的组合,具体本申请实施例中不作限定。
S212,接收第二UE发送的识别信息,基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
在S212中,第一UE基于所述关系和所述识别信息,判断所述第二UE是否为授信终端,即判断所述第二UE是否可信,确定所述第二UE为授信终端,则选择所述第二UE执行中继连接和/或中继通信。
在一个可能的实现方式中,所述识别信息可以包括以下(1)至(7)中至少之一。
(1)第二中继业务码。其中,该第二中继业务可以是网络侧下发给第二UE的。
(2)所述第二UE的终端标识或用户标识。在该可能的实现方式中,对应的,网络侧下发的关系信息中包括所述关联标识。
(3)基于第二组秘钥生成的加密信息或认证信息。在该可能的实现方式中,第二UE可以基于网络侧下发的第二组秘钥生成所述加密信息或认证信息。在具体应用中,加密信息可以是第二UE使用第二组秘钥对待加密信息进行加密得到的信息,例如,待加密信息可以是第二UE的终端标识或用户标识,或者,待加密信息也可以是第二UE向第一UE发送的通信信息。认证信息可以是第二UE使用第二组秘钥对待认证信息按照预定算法进行计算得到的结果(例如,签名信息),其中,待认证信息可以是第二UE的终端标识或用户标识,还可以是第二UE生成的随机数等。在该可能的实现方式中,对应的网络侧下发的关系信息中包括所述组秘钥。
(4)校验信息。所述校验信息为对指定的待校验信息进行校验计算得到的结果,例如,待校验信息可以是网络侧下发给第二UE的第二中继业务码,也可以是第二UE所在的切片信息,还可以是第二UE执行的PDU会话信息等,第二UE使用预定的鉴权信息对待校验信息进行校验计算,得到所述校验信息,其中,预定的鉴权信息可以是网络侧下发的验证码或密码等;
(5)第二业务类型信息。该第二业务类型信息指示第二UE执行的业务的业务类型。
(6)第二切片信息。该第二切片信息指示第二UE所在的切片。在该可能的实现方式中,所述关系信息可以包括所述切片信息。
(7)第二PDU会话类型信息。该第二PDU会话类型信息指示第二UE所执行PDU会话类型。
需要说明的是,所述识别信息可以只包含上述(1)至(7)中的任一项,也可以包括上述(1)至(7)中的两项或多项的任意组合。例如,所述识别信息中可以包括第二中继业务码和第二组秘钥,则第一UE可以在中继发现或中继连接过程中,根据第二UE发送的第二中继业务码判断是否选择第二UE进行中继通信,如果选择,则第一UE和第二UE再基于第二组秘钥进行相互认证,以确定对端是否为授信终端。当然,在具体应用中,还可以有其它的组合,具体本申请实施例中不作限定。
另外,所述识别信息可以与所述关系信息相对应。例如,关系信息中包括第一中继业务码,则识别信息中包括第二中继业务码,如果关系信息中包括PDU会话类型,则识别信息中包括第二UE执行的PDU会话类型。当然,识别信息也可以不与所述关系信息相对应,例如,识别信息中可以包括第二UE执行的第二PDU会话类型和第二中继业务码,而关系信息中可以不包括PDU会话类型,但包括第一中继业务码,则第一UE可以根据第一中继业务码和第二中继业务码判断第二UE是否为授信终端。具体本申请实施例中不作限定,只要第一UE根据所述关系信息和所述识别信息能够判断出所述第二UE与所述第一UE是否具有信任关系即可。
需要说明的是,在实际应用中,接收网络侧下发的关系信息和接收第二UE发送的识别信息没有一定的先后顺序。例如,第一UE可以先接收网络侧下发的关系信息,再接收所述第二UE发送的识别信息,也可以先接收所述第二UE发送的识别信息,再接收网络侧下发的关系信息。
例如,在一个可能的实现方式中,在S210之前,所述方法还包括:向网络侧发送所述第二UE的识别信息;则S210可以包括:接收所述网络侧针对所述第二UE的识别信息返回的结果,其中,所述结果包括所述关系信息。也就是说,在该可能的实现方式中,第一UE在接收到第二UE发送的识别信息后,向网络侧发送所述第二UE的识别信息,网络侧接收到第二UE的识别信息后,向第一UE返回所述关系信息。通过该可能的实现方式,第一 UE可以在中继发现或中继连接中,即需要验证第二UE是否为授信UE的情况下,从网络侧获取所述关系信息。
在一个可能的实现方式中,在S212中,第一UE判断所述第二UE为授信UE后,可以选择与第二UE进行中继连接和/或中继通信,在执行中继连接和/或中继通信的过程,为了避免接收到的关系信息在发现过程中被其他非信任UE获取,第一UE还可以请求网络侧对第二UE再次进行鉴权。因此,在该可能的实现方式中,该方法还可以包括:在与所述第二UE执行中继连接和/或中继通信时,第一UE发送信任关系鉴权请求给第三网络功能,其中,所述信任关系鉴权请求中携带有所述第二UE的用户标识或终端标识信息;接收第三网络功能发送的信任关系鉴权结果;基于信任关系鉴权结果与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。在该可能的实现方式中,第一UE向第三网络功能发送信任关系鉴权请求,请求第三网络功能对第一UE与第二UE的信任关系进行鉴权,第三网络功能在接收到信任关系鉴权请求后,对第一UE和第二UE的信任关系进行鉴权,将鉴权结果返回给第一UE,在第三网络功能返回的信任关系鉴权结果指示第一UE和第二UE具有信任关系的情况下,第一UE与所述第二UE执行中继连接和/或中继通信,或者,在所述信任关系鉴权结果指示第一UE和第二UE不具有信任关系的情况下,拒绝与所述第二UE执行中继连接和/或中继通信。通过该可能的实现方式,可以避免由于所述关系信息在发现过程中被其他非信任UE获取,冒充第一UE的信任UE,可以进一步保证中继通信的安全。
在上述可能的实现方式中,可选的,第三网络功能可以为AMF。第三网络功能可以根据所述第一UE的信任关系判断所述第一UE和所述第二UE是否具有信任关系。
在本申请实施例提供的上述授信中继通信方法中,第一UE接收网络侧下发的指示所述第一UE的信任关系的关系信息,在接收到第二UE发送的 识别信息时,基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信,即当第一UE根据所述信任关系和所述识别信息判断第二UE为信任的UE时,则与第二UE执行中继连接和/或中继通信,否则,拒绝与所述第二UE执行中继连接和/或中继通信。从而确保只与授信的终端执行中继连接和/或中继通信,保证中继通信的安全。
图3示出本申请实施例提供的授信中继通信方法的另一种流程示意图,该方法300可以由第一网络功能执行。换言之,所述方法可以由安装在第一网络功能上的软件或硬件来执行。如图3所示,该方法可以包括以下步骤。
S310,发送关系信息给第一UE,其中,所述关系信息用于指示所述第一UE的信任关系。
在申请实施例中,所述关系信息与方法200中的关系信息相同,具体可以参见方法200中的相关描述,在此不再赘述。
在本申请实施例中,第一网络功能可以向具有信任关系的各个成员终端发送所述关系信息。例如,第一UE与第二UE具有信任关系,则第一网络功能可以向第一UE和第二UE均发送所述关系信息。
在一个可能的实现方式中,第一网络功能可以从第二网络功能或应用服务器获取所述第一UE的信任关系,基于所述信任关系向第一UE发送关系信息。因此,在该可能的实现方式中,在S310之前,该方法还可以包括以下步骤1至步骤2。
步骤1,向第二网络功能或应用服务器发送信任关系获取请求,其中,所述信任关系获取请求中携带所述第一UE的用户标识或者终端标识。
步骤2,接收所述第二网络功能或应用服务器返回的第一UE的信任关系。
可选的,所述信任关系可以为两个或多个用户之间的关联关系,即所述信任关系指示两个或多个用户之间的关联关系。例如,在签约层面上具有关联关系,例如,第一UE在签约时,指示其可以作为第二UE的远端(remote) 终端,或者,第二UE在签约时,指示其可以作为第一UE的中继终端,则第一UE与第二UE具有关联关系。
可选的,所述信任关系获取请求中还可以携带第二UE的用户标识或终端标识,即所述信任关系获取请求用于请求获取第一UE与第二UE的信任关系。
可选的,该两个或多个用户可以为以下之一的用户:特定业务、特定切片、特定数据网络名(Data Network Name,DNN)、和特定PDU会话。即具有特定业务、特定切片、特定DNN或特定PDU会话的两个或多个用户之间具有关联关系,即这些用户之间可以为授信终端,其中一个用户对应的终端可以作为另一个用户对应的终端的中继终端。
在上述可能的实现方式中,第二网络功能可以向第一网络功能返回的所述信任关系,而应用服务器可以根据所述信任关系生成所述关系信息,通过第一网络功能将所述关系信息透传给第一UE。因此,可选的,S310可以包括:基于所述第二网络功能返回的所述信任关系,生成所述关系信息,并下发给所述第一UE;或者,向所述第一UE转发所述应用服务器返回的所述信任关系。
在本申请实施例的一个可能的实现方式中,第一网络功能可以是在接收到第一UE发送的第二UE的识别信息的情况下,向所述第一UE发送所述关系信息。
在本申请实施例中,第一网络功能包括但不限于DDNMF。
通过本申请实施例提供的授信中继通信方法,第一网络功能可以向第一UE下发所述关系信息,从而使得第一UE可以根据该关系信息判断通信对端即第二UE是否为可信的UE,提高中继通信的安全性。
图4示出本申请实施例提供的授信中继通信方法的另一种流程示意图,该方法400可以由第二网络功能执行。换言之,所述方法可以由安装在第二网络功能上的软件或硬件来执行。如图4所示,该方法可以包括以下步骤。
S410,接收第一网络功能发送的第一信任关系获取请求,其中,所述第一信任关系获取请求中携带第一UE的用户标识或者终端标识。
在本申请实施例中,第一网络功能可以为方法300中的第一网络功能,第二网络功能可以为方法300中的第二网络功能。
在本申请实施例中,在接收到第一信任关系获取请求后,根据所述第一UE的用户标识或终端标识,可以获取第一UE的信任关系。
在一个可能的实现方式中,信任关系为两个或多个用户之间的关联关系。
可选的,所述两个或多个用户为以下之一的用户:特定业务、特定切片、特定DNN、和特定PDU会话。第二网络功能在接收到第一信任关系获取请求后,根据第一UE的用户标识或者终端标识,可以判断第一UE是否属于特定业务、特定切片、特定DNN、和特定PDU会话,如果是,则可以基于特定业务、特定切片、特定DNN、和特定PDU会话获取第一UE的信任关系。
在一个可能的实现方式中,所述第一信任关系获取请求中还可以携带第二UE的用户标识或终端标识,则第二网络功能可以根据第一UE的用户标识或者终端标识以及第二UE的用户标识或终端标识判断第一UE和第二UE是否都属于特定业务、特定切片、特定DNN、和特定PDU会话,如果是,则确定第一UE和第二UE具有信任关系。
S412,发送所述第一UE的信任关系给第一网络功能。
在本申请实施例中,第一网络功能在接收到第一UE的信任关系后,生成所述关系信息,发送给第一UE,具体可以参见上述方法300中的描述,在此不再赘述。
在一个可能的实现方式中,该方法还可以包括:接收第三网络功能的第二信任关系获取请求,其中,所述第二信任关系获取请求中携带有所述第一UE的标识信息;发送所述第一UE的信任关系给所述第三网络功能。
在本申请实施例中,第二网络功能包括但不限于UDM。
通过本申请实施例提供的授信中继通信方法,第二网络功能可以在接收到第一网络功能的信任关系获取请求时,向第一网络功能发送第一UE的信任关系,从而使得第一网络功能可以基于该信任关系,获取上述方法200和300中所述的关系信息,并将该关系信息发送给第一UE,进而使得第一UE可以在中继连接和/或中继通信中,基于该关系信息判断中继对端是否为可信任的UE,以保证中继通信的安全。
图5示出本申请实施例提供的授信中继通信方法的又一种流程示意图,该方法500可以由第三网络功能执行。换言之,所述方法可以由安装在第三网络功能上的软件或硬件来执行。如图5所示,该方法可以包括以下步骤。
S510,接收第一UE发送的信任关系鉴权请求,其中,所述信任关系鉴权请求中携带有第二UE的用户标识或终端标识信息。
在一个可能的实现方式中,第一UE可以在接收到第二UE的识别信息时,向第三网络功能发送所述信任关系鉴权请求,具体可以参见方法200中的相关描述,在此不再赘述。
在本申请实施例中,第三网络功能可以为方法200至400中的第三网络功能。
S512,基于第一UE的信任关系,发送信任关系鉴权结果给第一UE。
在本申请实施例中,第三网络功能可以基于第一UE的信任关系,判断第二UE是否为所述第一UE的可信UE,即判断所述第二UE是否与所述第一UE具有信任关系。
在一个可能的实现方式中,所述信任关系可以与方法400中的信任关系相同,具体参见上述方法400中的相关描述。
在一个可能的实现方式中,第三网络功能可以根据第一UE的用户标识或者终端标识以及第二UE的用户标识或终端标识判断第一UE和第二UE是否都属于特定业务、特定切片、特定DNN、和特定PDU会话,如果是,则确定第一UE和第二UE具有信任关系。
或者,在所述信任关系为一个或多个用户标识或终端标识时,第三网络功能可以判断第二UE的用户标识或终端标识是否为一个或多个用户标识或终端标识中的一个,如果是,则所述第二UE为所述第一UE的可信UE。
在一个可能的实现方式中,第一UE可以在第二UE执行中继连接和/或中继通信时,向所述第三网络功能发送所述信任关系鉴权结果,具体可以参见方法200中的相关描述,在此不再赘述。
在一个可能的实现方式中,第三网络功能可以从第二网络功能获取所述第一UE的信任关系。因此,在该可能的实现方式中,在发送信任关系鉴权结果给第一UE之前,所述方法还包括:向第二网络功能发送信任关系获取请求,其中,所述信任关系获取请求中携带有第一UE的标识信息;接收所述第二网络功能返回的所述第一UE的信任关系。具体可以参见上述方法400中的相关描述,在此不再赘述。
在又一个可能的实现方式中,第三网络功能还可以将所述第一UE的信任关系发送给第一UE对应的接入网设备,从而使得接入网设备可以在分配第一UE与第二UE的中继通信资源时,判断第一UE与第二UE是否互为授信UE,从而确定同意或拒绝第一UE与第二UE的中继通信中的网络调度模式的资源分配。
通过本申请实施例提供的授信中继通信方法,第三网络功能在接收到第一UE发送的信任关系鉴权请求,可以对第一UE与第二UE的信任关系进行鉴权,并将鉴权结果返回给第一UE,从而使得第一UE可以获知第二UE是否为可信UE,进而判断是否与第二UE继续执行中继连接和/或中继通信,以保证中继通信的安全。
图6示出本申请实施例提供的授信中继通信方法的又一种流程示意图,该方法600可以由第一接入网执行。换言之,所述方法可以由安装在第一接入网设备上的软件或硬件来执行。如图6所示,该方法可以包括以下步骤。
S610,接收第二接入网设备或者第三网络功能发送的第一UE的信任关 系。
在本申请实施例中,第一接入网设备可以接收第三网络功能发送的第一UE的信任关系,具体可以参见方法500中的相关描述。
例如,第一接入网设备在第一UE的注册过程或服务请求过程中,接收第三网络功能发送的第一UE的信任关系。
或者,第一接入网设备也可以接收第二接入网设备发送的所述信任关系。例如,在所述第一UE的切换过程中,接收所述第二接入设备发送的所述信任关系,其中,所述第二接入设备为切换过程中的源接入设备,所述第一接入设备为切换过程中的目标接入设备。
在本申请实施例中,第一UE的信任关系与上述方法200至500中的第一UE的信任关系相同,具体可以参见上述方法200至500中的相关描述,在此不再赘述。
S620,基于所述信任关系,执行第一UE与第二UE在PC5连接建立的资源调度或者拒绝第一UE与第二UE在PC5连接建立的资源调度。
在本申请实施例中,第一接入网设备根据所述信任关系,可以判断第二UE是否为第一UE的可信任UE,如果是,则执行第一UE与第二UE在PC5连接建立的资源调度,否则,拒绝第一UE与第二UE在PC5连接建立的资源调度,从而可以进一步保证中继通信的安全。
图7示出本申请实施例提供的授信中继通信方法的又一种流程示意图,该方法700可以由第一UE、5G DDNMF、UDM和应用服务器(AF)执行。换言之,所述方法可以由安装在第一UE、5G DDNMF、UDM和应用服务器(AF)上的软件或硬件来执行。如图7所示,该方法可以包括以下步骤。
S711,第一UE发送发现(discovery)请求给5G DDNMF,所述发现请求用于请求网络侧提供中继服务码(relay service code),可选的,所述发现请求可以携带0个到多个第二UE的标识(用户标识或终端标识)。
S712,5G DDNMF发送绑定关系获取请求(也可以称为信任关系获取请 求)给UDM和/或应用服务器,所述绑定关系获取请求用于获取第一UE的绑定关系(也可以称为信任关系),所述绑定关系为两个或多个用户之间的关系。
可选的,所述绑定关系获取请求中还包含第二UE的标识,用于表示请求获取第一UE与第二UE的关联关系。
S713:UDM提供绑定关系给5G DDNMF,5G DDNMF基于UDM提供的所述绑定关系生成关系信息;或者,应用服务器基于业务层面确定与第一UE的绑定关系,并基于绑定关系生成关系信息。
其中,关系信息可以包括以下至少之一:第一中继业务码、组密钥、指示第一UE和第二UE是否具有绑定关系的指示信息(例如,如果指示信息包括第二UE的标识,则指示第一UE和第二UE具有绑定关系)、或者用户标识或终端标识(该标识可以包括一个或多个,即表示第一UE绑定的一个或多个用户)、鉴权信息、业务类型(如在某个特定业务上的绑定关系)、绑定切片(在特定切片上的绑定关系)、绑定DNN(在特定DNN上的绑定关系)、绑定PDU会话类型(在特定PDU会话类型上的绑定关系)等。
在一个可能的实现方式中,5G DDNMF可以将所述关系信息下发给具有绑定关系的各个用户设备,即下发给具有绑定关系的各个用户设备。
S714,5G DDNMF或应用服务器将所述第一relay service code和/或组密钥发送给第一UE。
图8示出本申请实施例提供的授信中继通信方法的又一种流程示意图,该方法800可以由第一UE、AMF和UDM执行。换言之,所述方法可以由安装在第一UE、AMF和UDM上的软件或硬件来执行。如图8所示,该方法可以包括以下步骤。
S811,第一UE发送绑定关系鉴权请求(也可以称为信任关系获取请求)到AMF,所述绑定关系鉴权请求携带第二UE的标识,所述绑定关系鉴权请求用于请求AMF鉴权所述第二UE是否与所述第一UE具有绑定关系。
S812,AMF发送绑定关系检索到UDM,用于检索第一UE的绑定关系,检索请求消息中携带第一UE标识。
S813,AMF接收到UDM提供的绑定关系。
S814,AMF基于绑定关系判断所述第一UE与第二UE是否具有绑定关系,并将判定结果发送给第一UE。
图9示出本申请实施例提供的授信中继通信方法的又一种流程示意图,该方法900可以由第一UE和第二UE执行。换言之,所述方法可以由安装在第一UE和第二UE的软件或硬件来执行。如图9所示,该方法可以包括以下步骤。
S911,第一UE和第二UE在执行发现过程或者连接建立过程。
S912,第一UE在发现消息或者直接通信请求消息中携带的识别信息,所述识别信息用于指示第一UE的信任关系。
其中,所述识别信息中可以包括第一中继业务码和组秘钥。
S913,第二UE基于识别信息和网络侧下发的关系信息,选择所述第一UE。
第二UE可以判断第一UE发送的第一中继业务码是否与网络侧下发的关系信息中的第二中继业务码相同,如果相同,则第二UE可以选择第一UE进行中继。
S914,第二UE和第一UE基于组秘钥相互认证,确定对端是否为授信UE。
通过本申请实施例提供的上述授信中继通信方法,第二UE在与第一UE进行中继连接和/或中继通信时,可以确定对端是否为授信UE,从而保证中继通信的安全。
需要说明的是,本申请实施例提供的授信中继通信方法,执行主体可以为授信中继通信装置,或者,该授信中继通信装置中的用于执行授信中继通信方法的控制模块。本申请实施例中以授信中继通信装置执行授信中继通信 方法为例,说明本申请实施例提供的授信中继通信装置。
图10示出申请实施例提供的授信中继通信装置的一种结构示意图,如图10所示该授信中继通信装置1000可以包括:第一接收模块1001、第二接收模块1002和通信模块1003。
在本申请实施例中,第一接收模块1001,用于接收网络侧下发的关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;第二接收模块1002,用于接收第二UE发送的识别信息;通信模块1003,用于基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
在一个可能的实现方式中,所述关系信息包括以下至少之一:
第一中继业务码;
关联标识,所述关联标识用于指示所述第一UE与所述第二UE具有信任关系,或者所述关联标识用于指示与所述第一UE具有信任关系的第二UE的终端标识或者用户标识;
第一组秘钥;
鉴权信息,所述鉴权信息用于对所述识别信息进行校验;
第一业务类型信息;
第一切片信息;
第一PDU会话类型信息。
在一个可能的实现方式中,所述识别信息包括以下至少之一:
第二中继业务码;
所述第二UE的终端标识或用户标识;
基于第二组秘钥生成的加密信息或认证信息;
校验信息,所述校验信息为对指定的待校验信息进行校验计算得到的结果;
第二业务类型信息;
第二切片信息;
第二协议数据单元PDU会话类型信息。
在一个可能的实现方式中,还包括:第一发送模块,其中,
所述第一发送模块,用于在所述第一接收模块1001在接收网络侧下发的所述关系信息之前,向网络侧发送所述第二UE的识别信息;
所述第一接收模块1001接收网络侧下发的关系信息,包括:接收所述网络侧针对所述第二UE的识别信息返回的结果,其中,所述结果包括所述关系信息。
在一个可能的实现方式中,所述通信模块1003还用于:
在与所述第二UE执行中继连接和/或中继通信时,发送信任关系鉴权请求给第三网络功能,其中,所述信任关系鉴权请求中携带有所述第二UE的用户标识或终端标识信息;
接收第三网络功能发送的信任关系鉴权结果;
基于信任关系鉴权结果与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
本申请实施例中的授信中继通信装置可以是装置,也可以是终端中的部件、集成电路、或芯片。该装置可以是移动终端,也可以为非移动终端。示例性的,移动终端可以包括但不限于上述所列举的终端11的类型,非移动终端可以为服务器、网络附属存储器(Network Attached Storage,NAS)、个人计算机(personal computer,PC)、电视机(television,TV)、柜员机或者自助机等,本申请实施例不作具体限定。
本申请实施例中的授信中继通信装置可以为具有操作系统的装置。该操作系统可以为安卓(Android)操作系统,可以为ios操作系统,还可以为其他可能的操作系统,本申请实施例不作具体限定。
本申请实施例提供的授信中继通信装置能够实现图2至图9的方法实施例中第一UE实现的各个过程,并达到相同的技术效果,为避免重复,这里 不再赘述。
图11示出本申请实施例提供的授信中继通信装置的另一种结构示意图,如图11所示,该授信中继通信装置1100包括:第一获取模块1101和第二发送模块1102。
在本申请实施例中,第一获取模块1101,用于获取关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;第二发送模块1102,用于发送所述关系信息。
在一个可能的实现方式中,所述关系信息包括以下至少之一:
第一中继业务码;
关联标识,所述关联标识用于指示所述第一UE与所述第二UE具有信任关系,或者所述关联标识用于指示与所述第一UE具有信任关系的第二UE的终端标识或者用户标识;
第一组秘钥;
鉴权信息,所述鉴权信息用于对所述识别信息进行校验;
第一业务类型信息;
第一切片信息;
第一PDU会话类型信息。
在一个可能的实现方式中,还包括:第三接收模块,其中:
所述第二发送模块1102还用于在发送所述关系信息给第一UE之前,向第二网络功能或应用服务器发送信任关系获取请求,其中,所述信任关系获取请求中携带所述第一UE的用户标识或者终端标识;
所述第三接收模块,用于接收所述第二网络功能或应用服务器返回的第一UE的信任关系。
在一个可能的实现方式中,所述信任关系为两个或多个用户之间的关联关系。
在一个可能的实现方式中,所述两个或多个用户为以下之一的用户:特 定业务、特定切片、特定DNN、和特定PDU会话。
在一个可能的实现方式中,所述第二发送模块1102发送关系信息给第一UE,包括:
基于所述第二网络功能返回的所述信任关系,生成所述关系信息,并下发给所述第一UE;或者,
向所述第一UE转发所述应用服务器返回的所述信任关系。
本申请实施例提供的授信中继通信装置能够实现图2至图9的方法实施例中第一网络功能实现的各个过程,并达到相同的技术效果,为避免重复,这里不再赘述。
图12示出本申请实施例提供的授信中继通信装置的又一种结构示意图,如图12所示,该授信中继通信装置1200可以包括:第四接收模块1201和第三发送模块1202。
在本申请实施例中,第四接收模块1201,用于接收第一网络功能发送的第一信任关系获取请求,其中,所述第一信任关系获取请求中携带第一UE的用户标识或者终端标识;第三发送模块1202,用于发送所述第一UE的信任关系给第一网络功能。
在一个可能的实现方式中,所述信任关系为两个或多个用户之间的关联关系。
在一个可能的实现方式中,所述两个或多个用户为以下之一的用户:特定业务、特定切片、特定DNN、和特定PDU会话。
在一个可能的实现方式中,所述第一信任关系获取请求中还携带有第二UE的用户标识或终端标识。
在一个可能的实现方式中,所述第四接收模块1202还用于接收第三网络功能的第二信任关系获取请求,其中,所述第二信任关系获取请求中携带有所述第一UE的标识信息;所述第三发送模块1202还用于发送所述第一UE的信任关系给第三网络功能。
本申请实施例提供的授信中继通信装置能够实现图2至图9的方法实施例中第二网络功能实现的各个过程,并达到相同的技术效果,为避免重复,这里不再赘述。
图13示出本申请实施例提供的授信中继通信装置的又一种结构示意图,如图13所示,该授信中继通信装置1300可以包括:第五接收模块1301和第四发送模块1302。
在本申请实施例中,第五接收模块1301,用于接收第一UE发送的信任关系鉴权请求,其中,所述信任关系鉴权请求中携带有第二UE的用户标识或终端标识信息;第四发送模块1302,用于基于第一UE的信任关系,发送信任关系鉴权结果给第一UE。
在一个可能的实现方式中,所述第四发送模块1302还用于在发送信任关系鉴权结果给第一UE之前,向第二网络功能发送信任关系获取请求,其中,所述信任关系获取请求中携带有第一UE的标识信息;所述第五接收模块1301还用于接收所述第二网络功能返回的所述第一UE的信任关系。
在一个可能的实现方式中,所述第四发送模块1302还用于将所述信任关系发送给所述第一UE对应的接入网设备。
本申请实施例提供的授信中继通信装置能够实现图2至图9的方法实施例中第三网络功能实现的各个过程,并达到相同的技术效果,为避免重复,这里不再赘述。
图14示出本申请实施例提供的授信中继通信装置的又一种结构示意图,如图14所示,该授信中继通信装置1400可以包括第六接收模块1401和执行模块1402。
在本申请实施例中,第六接收模块1401,用于接收第二接入网设备或者第三网络功能发送的第一UE的信任关系;执行模块1402,用于基于所述信任关系,执行第一UE与第二UE在PC5连接建立的资源调度或者拒绝第一UE与第二UE在PC5连接建立的资源调度。
在一个可能实现方式中,所述第六接收模块1401接收第二接入网设备或者第三网络功能发送的第一UE的信任关系,包括:
在所述第一UE的注册过程或服务请求过程中,接收所述第三网络功能发送的所述信任关系;或者,
在所述第一UE的切换过程中,接收所述第二接入设备发送的所述信任关系,其中,所述第二接入设备为切换过程中的源接入设备,所述第一接入设备为切换过程中的目标接入设备。
本申请实施例提供的授信中继通信装置能够实现图2至图9的方法实施例中第一接入网设备实现的各个过程,并达到相同的技术效果,为避免重复,这里不再赘述。
可选的,如图15所示,本申请实施例还提供一种通信设备1500,包括处理器1501、存储器1502、以及存储在存储器1502上并可在所述处理器1501上运行的程序或指令,例如,该通信设备1500为终端时,该程序或指令被处理器1501执行时实现上述授信中继通信方法200实施例的各个过程,且能达到相同的技术效果。该通信设备1500为网络侧设备时,该程序或指令被处理器1501执行时实现上述授信中继通信方法300至600实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。
图16为实现本申请实施例的一种终端的硬件结构示意图。
该终端1600包括但不限于:射频单元1601、网络模块1602、音频输出单元1603、输入单元1604、传感器1605、显示单元1606、用户输入单元1607、接口单元1608、存储器1609、以及处理器1610等部件。
本领域技术人员可以理解,终端1600还可以包括给各个部件供电的电源(比如电池),电源可以通过电源管理系统与处理器1610逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。图16中示出的终端结构并不构成对终端的限定,终端可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置,在此不再赘述。
应理解的是,本申请实施例中,输入单元1604可以包括图形处理器(Graphics Processing Unit,GPU)16041和麦克风16042,图形处理器16041对在视频捕获模式或图像捕获模式中由图像捕获装置(如摄像头)获得的静态图片或视频的图像数据进行处理。显示单元1606可包括显示面板16061,可以采用液晶显示器、有机发光二极管等形式来配置显示面板16061。用户输入单元1607包括触控面板16071以及其他输入设备16072。触控面板16071,也称为触摸屏。触控面板16071可包括触摸检测装置和触摸控制器两个部分。其他输入设备16072可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆,在此不再赘述。
本申请实施例中,射频单元1601将来自网络侧设备的下行数据接收后,给处理器1610处理;另外,将上行的数据发送给网络侧设备。通常,射频单元1601包括但不限于天线、至少一个放大器、收发信机、耦合器、低噪声放大器、双工器等。
存储器1609可用于存储软件程序或指令以及各种数据。存储器1609可主要包括存储程序或指令区和存储数据区,其中,存储程序或指令区可存储操作系统、至少一个功能所需的应用程序或指令(比如声音播放功能、图像播放功能等)等。此外,存储器1609可以包括高速随机存取存储器,还可以包括非易失性存储器,其中,非易失性存储器可以是只读存储器(Read-OnlyMemory,ROM)、可编程只读存储器(ProgrammableROM,PROM)、可擦除可编程只读存储器(ErasablePROM,EPROM)、电可擦除可编程只读存储器(ElectricallyEPROM,EEPROM)或闪存。例如至少一个磁盘存储器件、闪存器件、或其他非易失性固态存储器件。
处理器1610可包括一个或多个处理单元;可选的,处理器1610可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序或指令等,调制解调处理器主要处理无线通信,如基带处理器。可以理解的是,上述调制解调处理器也可以不集成到处理器1610中。
其中,射频单元1601,用于接收网络侧下发的关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;接收第二UE发送的识别信息;
处理器1610,用于基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
具体地,本申请实施例还提供了一种网络侧设备。如图17所示,该网络设备1700包括:天线1701、射频装置1702、基带装置1703。天线1701与射频装置1702连接。在上行方向上,射频装置1702通过天线1701接收信息,将接收的信息发送给基带装置1703进行处理。在下行方向上,基带装置1703对要发送的信息进行处理,并发送给射频装置1702,射频装置1702对收到的信息进行处理后经过天线1701发送出去。
上述频带处理装置可以位于基带装置1703中,以上实施例中网络侧设备执行的方法可以在基带装置1703中实现,该基带装置1703包括处理器1704和存储器1705。
基带装置1703例如可以包括至少一个基带板,该基带板上设置有多个芯片,如图17所示,其中一个芯片例如为处理器1704,与存储器1705连接,以调用存储器1705中的程序,执行以上方法实施例中所示的网络设备操作。
该基带装置1703还可以包括网络接口1706,用于与射频装置1702交互信息,该接口例如为通用公共无线接口(common public radio interface,简称CPRI)。
具体地,本发明实施例的网络侧设备还包括:存储在存储器1705上并可在处理器1704上运行的指令或程序,处理器1704调用存储器1705中的指令或程序执行图11至图14所示各模块执行的方法,并达到相同的技术效果,为避免重复,故不在此赘述。
本申请实施例还提供一种可读存储介质,所述可读存储介质上存储有程序或指令,该程序或指令被处理器执行时实现上述授信中继通信方法实施例 的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。
其中,所述处理器为上述实施例中所述的终端中的处理器。所述可读存储介质,包括计算机可读存储介质,如计算机只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等。
本申请实施例另提供了一种芯片,所述芯片包括处理器和通信接口,所述通信接口和所述处理器耦合,所述处理器用于运行网络侧设备程序或指令,实现上述授信中继通信方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。
提供了一种计算机程序产品,该计算机程序产品包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序或指令,所述程序或指令被所述处理器执行时实现上述授信中继通信方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。
应理解,本申请实施例提到的芯片还可以称为系统级芯片,系统芯片,芯片系统或片上系统芯片等。
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。此外,需要指出的是,本申请实施方式中的方法和装置的范围不限按示出或讨论的顺序来执行功能,还可包括根据所涉及的功能按基本同时的方式或按相反的顺序来执行功能,例如,可以按不同于所描述的次序来执行所描述的方法,并且还可以添加、省去、或组合各种步骤。另外,参照某些示例所描述的特征可在其他示例中被组合。
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实施例所述的方法。
上面结合附图对本申请的实施例进行了描述,但是本申请并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本申请的启示下,在不脱离本申请宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本申请的保护之内。
Claims (47)
- 一种授信中继通信方法,应用于第一终端UE,包括:接收网络侧下发的关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;接收第二UE发送的识别信息,基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
- 根据权利要求1所述的方法,其中,所述关系信息包括以下至少之一:第一中继业务码;关联标识,所述关联标识用于指示所述第一UE与所述第二UE具有信任关系,或者所述关联标识用于指示与所述第一UE具有信任关系的第二UE的终端标识或者用户标识;第一组秘钥;鉴权信息,所述鉴权信息用于对所述识别信息进行校验;第一业务类型信息;第一切片信息;第一协议数据单元PDU会话类型信息。
- 根据权利要求1所述的方法,其中,所述识别信息包括以下至少之一:第二中继业务码;所述第二UE的终端标识或用户标识;基于第二组秘钥生成的加密信息或认证信息;校验信息,所述校验信息为对指定的待校验信息进行校验计算得到的结果;第二业务类型信息;第二切片信息;第二协议数据单元PDU会话类型信息。
- 根据权利要求1所述的方法,其中,在接收网络侧下发的所述关系信息之前,所述方法还包括:向网络侧发送所述第二UE的识别信息;接收网络侧下发的关系信息,包括:接收所述网络侧针对所述第二UE的识别信息返回的结果,其中,所述结果包括所述关系信息。
- 根据权利要求1至4任一项所述的方法,其中,所述方法还包括:在与所述第二UE执行中继连接和/或中继通信时,发送信任关系鉴权请求给第三网络功能,其中,所述信任关系鉴权请求中携带有所述第二UE的用户标识或终端标识信息;接收第三网络功能发送的信任关系鉴权结果;基于信任关系鉴权结果与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
- 一种授信中继通信方法,应用于第一网络功能,包括:发送关系信息给第一UE,其中,所述关系信息用于指示所述第一UE的信任关系。
- 根据权利要求6所述的方法,其中,所述关系信息包括以下至少之一:第一中继业务码;关联标识,所述关联标识用于指示所述第一UE与所述第二UE具有信任关系,或者所述关联标识用于指示与所述第一UE具有信任关系的第二UE的终端标识或者用户标识;第一组秘钥;鉴权信息,所述鉴权信息用于对所述识别信息进行校验;第一业务类型信息;第一切片信息;第一协议数据单元PDU会话类型信息。
- 根据权利要求6所述的方法,其中,在发送所述关系信息给第一UE之前,所述方法还包括:向第二网络功能或应用服务器发送信任关系获取请求,其中,所述信任 关系获取请求中携带所述第一UE的用户标识或者终端标识;接收所述第二网络功能或应用服务器返回的第一UE的信任关系。
- 根据权利要求8所述的方法,其中,所述信任关系为两个或多个用户之间的关联关系。
- 根据权利要求9所述的方法,其中,所述两个或多个用户为以下之一的用户:特定业务、特定切片、特定数据网络名DNN、和特定PDU会话。
- 根据权利要求8所述的方法,其中,发送关系信息给第一UE,包括:基于所述第二网络功能返回的所述信任关系,生成所述关系信息,并下发给所述第一UE;或者,向所述第一UE转发所述应用服务器返回的所述关系信息。
- 一种授信中继通信方法,应用于第二网络功能,包括:接收第一网络功能发送的第一信任关系获取请求,其中,所述第一信任关系获取请求中携带第一UE的用户标识或者终端标识;发送所述第一UE的信任关系给第一网络功能。
- 根据权利要求12所述的方法,其中,所述信任关系为两个或多个用户之间的关联关系。
- 根据权利要求13所述的方法,其中,所述两个或多个用户为以下之一的用户:特定业务、特定切片、特定DNN、和特定PDU会话。
- 根据权利要求12所述的方法,其中,所述第一信任关系获取请求中还携带有第二UE的用户标识或终端标识。
- 根据权利要求12所述的方法,其中,所述方法还包括:接收第三网络功能的第二信任关系获取请求,其中,所述第二信任关系获取请求中携带有所述第一UE的标识信息;发送所述第一UE的信任关系给所述第三网络功能。
- 一种授信中继通信方法,应用于第三网络功能,包括:接收第一UE发送的信任关系鉴权请求,其中,所述信任关系鉴权请求中携带有第二UE的用户标识或终端标识信息;基于所述第一UE的信任关系,发送信任关系鉴权结果给所述第一UE。
- 根据权利要求17所述的方法,其中,在发送信任关系鉴权结果给第一UE之前,所述方法还包括:向第二网络功能发送信任关系获取请求,其中,所述信任关系获取请求中携带有第一UE的标识信息;接收所述第二网络功能返回的所述第一UE的信任关系。
- 根据权利要求18所述的方法,其中,还包括:将所述信任关系发送给所述第一UE对应的接入网设备。
- 一种授信中继通信方法,应用于第一接入网设备,包括:接收第二接入网设备或者第三网络功能发送的第一UE的信任关系;基于所述信任关系,执行第一UE与第二UE在PC5连接建立的资源调度或者拒绝第一UE与第二UE在PC5连接建立的资源调度。
- 根据权利要求20所述的方法,其中,接收第二接入网设备或者第三网络功能发送的第一UE的信任关系,包括:在所述第一UE的注册过程或服务请求过程中,接收所述第三网络功能实体发送的所述信任关系;或者,在所述第一UE的切换过程中,接收所述第二接入设备发送的所述信任关系,其中,所述第二接入设备为切换过程中的源接入设备,所述第一接入设备为切换过程中的目标接入设备。
- 一种授信中继通信装置,包括:第一接收模块,用于接收网络侧下发的关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;第二接收模块,用于接收第二UE发送的识别信息;通信模块,用于基于所述关系信息和所述识别信息,与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
- 根据权利要求22所述的装置,其中,所述关系信息包括以下至少之 一:第一中继业务码;关联标识,所述关联标识用于指示所述第一UE与所述第二UE具有信任关系,或者所述关联标识用于指示与所述第一UE具有信任关系的第二UE的终端标识或者用户标识;第一组秘钥;鉴权信息,所述鉴权信息用于对所述识别信息进行校验;第一业务类型信息;第一切片信息;第一协议数据单元PDU会话类型信息。
- 根据权利要求22所述的装置,其中,所述识别信息包括以下至少之一:第二中继业务码;所述第二UE的终端标识或用户标识;基于第二组秘钥生成的加密信息或认证信息;校验信息,所述校验信息为对指定的待校验信息进行校验计算得到的结果;第二业务类型信息;第二切片信息;第二协议数据单元PDU会话类型信息。
- 根据权利要求22所述的装置,其中,还包括:第一发送模块,其中,所述第一发送模块,用于在所述第一接收模块在接收网络侧下发的所述关系信息之前,向网络侧发送所述第二UE的识别信息;所述第一接收模块接收网络侧下发的关系信息,包括:接收所述网络侧针对所述第二UE的识别信息返回的结果,其中,所述结果包括所述关系信息。
- 根据权利要求22至25任一项所述的装置,其中,所述通信模块还 用于:在与所述第二UE执行中继连接和/或中继通信时,发送信任关系鉴权请求给第三网络功能,其中,所述信任关系鉴权请求中携带有所述第二UE的用户标识或终端标识信息;接收第三网络功能发送的信任关系鉴权结果;基于信任关系鉴权结果与所述第二UE执行中继连接和/或中继通信,或者,拒绝与所述第二UE执行中继连接和/或中继通信。
- 一种授信中继通信装置,包括:第一获取模块,用于获取关系信息,其中,所述关系信息用于指示所述第一UE的信任关系;第二发送模块,用于发送所述关系信息。
- 权利要求27所述的装置,其中,所述关系信息包括以下至少之一:第一中继业务码;关联标识,所述关联标识用于指示所述第一UE与所述第二UE具有信任关系,或者所述关联标识用于指示与所述第一UE具有信任关系的第二UE的终端标识或者用户标识;第一组秘钥;鉴权信息,所述鉴权信息用于对所述识别信息进行校验;第一业务类型信息;第一切片信息;第一协议数据单元PDU会话类型信息。
- 根据权利要求27所述的装置,其中,还包括:第三接收模块,其中:所述第二发送模块还用于在发送所述关系信息给第一UE之前,向第二网络功能或应用服务器发送信任关系获取请求,其中,所述信任关系获取请求中携带所述第一UE的用户标识或者终端标识;所述第三接收模块,用于接收所述第二网络功能或应用服务器返回的第一UE的信任关系。
- 根据权利要求29所述的装置,其中,所述信任关系为两个或多个用户之间的关联关系。
- 根据权利要求30所述的装置,其中,所述两个或多个用户为以下之一的用户:特定业务、特定切片、特定DNN、和特定PDU会话。
- 根据权利要求29所述的装置,其中,所述第二发送模块发送关系信息给第一UE,包括:基于所述第二网络功能返回的所述信任关系,生成所述关系信息,并下发给所述第一UE;或者,向所述第一UE转发所述应用服务器返回的所述信任关系。
- 一种授信中继通信装置,包括:第四接收模块,用于接收第一网络功能发送的第一信任关系获取请求,其中,所述第一信任关系获取请求中携带第一UE的用户标识或者终端标识;第三发送模块,用于发送所述第一UE的信任关系给第一网络功能。
- 根据权利要求33所述的装置,其中,所述信任关系为两个或多个用户之间的关联关系。
- 根据权利要求34所述的装置,其中,所述两个或多个用户为以下之一的用户:特定业务、特定切片、特定DNN、和特定PDU会话。
- 根据权利要求33所述的装置,其中,所述第一信任关系获取请求中还携带有第二UE的用户标识或终端标识。
- 根据权利要求33所述的装置,其中,所述第四接收模块还用于接收第三网络功能的第二信任关系获取请求,其中,所述第二信任关系获取请求中携带有所述第一UE的标识信息;所述第三发送模块还用于发送所述第一UE的信任关系给第三网络功能。
- 一种授信中继通信装置,包括:第五接收模块,用于接收第一UE发送的信任关系鉴权请求,其中,所述信任关系鉴权请求中携带有第二UE的用户标识或终端标识信息;第四发送模块,用于基于第一UE的信任关系,发送信任关系鉴权结果 给第一UE。
- 根据权利要求38所述的装置,其中,所述第四发送模块还用于在发送信任关系鉴权结果给第一UE之前,向第二网络功能发送信任关系获取请求,其中,所述信任关系获取请求中携带有第一UE的标识信息;所述第五接收模块还用于接收所述第二网络功能返回的所述第一UE的信任关系。
- 根据权利要求39所述的装置,其中,所述第四发送模块还用于将所述信任关系发送给所述第一UE对应的接入网设备。
- 一种授信中继通信装置,包括:第六接收模块,用于接收第二接入网设备或者第三网络功能发送的第一UE的信任关系;执行模块,用于基于所述信任关系,执行第一UE与第二UE在PC5连接建立的资源调度或者拒绝第一UE与第二UE在PC5连接建立的资源调度。
- 根据权利要求41所述的装置,其中,所述第六接收模块接收第二接入网设备或者第三网络功能发送的第一UE的信任关系,包括:在所述第一UE的注册过程或服务请求过程中,接收所述第三网络功能发送的所述信任关系;或者,在所述第一UE的切换过程中,接收所述第二接入设备发送的所述信任关系,其中,所述第二接入设备为切换过程中的源接入设备,所述第一接入设备为切换过程中的目标接入设备。
- 一种终端,包括处理器,存储器及存储在所述存储器上并可在所述处理器上运行的程序或指令,所述程序或指令被所述处理器执行时实现如权利要求1至5任一项所述的授信中继通信方法的步骤。
- 一种网络侧设备,包括处理器,存储器及存储在所述存储器上并可在所述处理器上运行的程序或指令,所述程序或指令被所述处理器执行时实现如权利要求6至11任一项所述的授信中继通信方法的步骤,或实现如权利 要求12至16任一项所述的授信中继通信方法的步骤,或实现如权利要求17至19任一项所述的授信中继通信方法的步骤,或实现如权利要求20或21所述的授信中继通信方法的步骤。
- 一种可读存储介质,其中,所述可读存储介质上存储程序或指令,所述程序或指令被所述处理器执行时实现如权利要求1至5任一项所述的授信中继通信方法的步骤,或者实现如权利要求6至11任一项所述的授信中继通信方法的步骤,或实现如权利要求12至16任一项所述的授信中继通信方法的步骤,或实现如权利要求17至19任一项所述的授信中继通信方法的步骤,或实现如权利要求20或21所述的授信中继通信方法的步骤。
- 一种芯片,所述芯片包括处理器和通信接口,所述通信接口和所述处理器耦合,所述处理器用于运行终端程序或指令,所述程序或指令被所述处理器执行时实现如权利要求1至5任一项所述的授信中继通信方法的步骤,或者实现如权利要求6至11任一项所述的授信中继通信方法的步骤,或实现如权利要求12至16任一项所述的授信中继通信方法的步骤,或实现如权利要求17至19任一项所述的授信中继通信方法的步骤,或实现如权利要求20或21所述的授信中继通信方法的步骤。
- 一种计算机程序产品,该计算机程序产品存储于非瞬态的存储介质,所述计算机程序产品被所述处理器执行时实现如权利要求1至5任一项所述的授信中继通信方法的步骤,或者实现如权利要求6至11任一项所述的授信中继通信方法的步骤,或实现如权利要求12至16任一项所述的授信中继通信方法的步骤,或实现如权利要求17至19任一项所述的授信中继通信方法的步骤,或实现如权利要求20或21所述的授信中继通信方法的步骤。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP21905735.3A EP4231681A4 (en) | 2020-12-17 | 2021-12-15 | METHOD AND DEVICE FOR SECURE RELAY COMMUNICATION, TERMINAL AND NETWORK-SIDE DEVICE |
US18/210,069 US20230328532A1 (en) | 2020-12-17 | 2023-06-14 | Communication method and apparatus for trusted or untrusted relay, terminal, and network side device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011503936.8 | 2020-12-17 | ||
CN202011503936.8A CN114650537A (zh) | 2020-12-17 | 2020-12-17 | 授信中继通信方法、装置、终端及网络侧设备 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/210,069 Continuation US20230328532A1 (en) | 2020-12-17 | 2023-06-14 | Communication method and apparatus for trusted or untrusted relay, terminal, and network side device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022127808A1 true WO2022127808A1 (zh) | 2022-06-23 |
Family
ID=81989875
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/138236 WO2022127808A1 (zh) | 2020-12-17 | 2021-12-15 | 授信中继通信方法、装置、终端及网络侧设备 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20230328532A1 (zh) |
EP (1) | EP4231681A4 (zh) |
CN (1) | CN114650537A (zh) |
WO (1) | WO2022127808A1 (zh) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106162803A (zh) * | 2015-04-02 | 2016-11-23 | 中兴通讯股份有限公司 | 一种中继ue接入控制方法及装置 |
CN107889080A (zh) * | 2016-09-29 | 2018-04-06 | 中兴通讯股份有限公司 | 一种支持远端用户设备移动性的方法及装置 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150406B (zh) * | 2006-09-18 | 2011-06-08 | 华为技术有限公司 | 基于802.1x协议的网络设备认证方法及系统及相关装置 |
US8839373B2 (en) * | 2010-06-18 | 2014-09-16 | Qualcomm Incorporated | Method and apparatus for relay node management and authorization |
CN104469695B (zh) * | 2013-09-12 | 2019-02-05 | 华为技术有限公司 | 网络接入方法、近距离通信服务器、中继终端及终端 |
CN106162929B (zh) * | 2015-04-07 | 2021-08-06 | 中兴通讯股份有限公司 | 在设备直通系统中用户终端与中继节点的通信方法和装置 |
CN106470382A (zh) * | 2015-08-14 | 2017-03-01 | 中兴通讯股份有限公司 | 授权验证方法、配置信息接收方法、装置、基站及终端 |
WO2018076553A1 (zh) * | 2016-10-27 | 2018-05-03 | 华为技术有限公司 | 一种接入网络的方法及设备 |
WO2018126452A1 (zh) * | 2017-01-06 | 2018-07-12 | 华为技术有限公司 | 授权验证方法和装置 |
US10736070B2 (en) * | 2017-07-26 | 2020-08-04 | Blackberry Limited | Method and system for use of a relay user equipment in an internet protocol multimedia subsystem |
-
2020
- 2020-12-17 CN CN202011503936.8A patent/CN114650537A/zh active Pending
-
2021
- 2021-12-15 EP EP21905735.3A patent/EP4231681A4/en active Pending
- 2021-12-15 WO PCT/CN2021/138236 patent/WO2022127808A1/zh unknown
-
2023
- 2023-06-14 US US18/210,069 patent/US20230328532A1/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106162803A (zh) * | 2015-04-02 | 2016-11-23 | 中兴通讯股份有限公司 | 一种中继ue接入控制方法及装置 |
CN107889080A (zh) * | 2016-09-29 | 2018-04-06 | 中兴通讯股份有限公司 | 一种支持远端用户设备移动性的方法及装置 |
Non-Patent Citations (3)
Title |
---|
SAMSUNG: "Updates to solution#1 in TR 33.847", 3GPP DRAFT; S3-202611, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. e-meeting; 20201012 - 20201016, 2 October 2020 (2020-10-02), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051937912 * |
SAMSUNG: "Updates to solution#1 in TR 33.847", 3GPP DRAFT; S3-202683, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. e-meeting; 20201012 - 20201016, 16 October 2020 (2020-10-16), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051939665 * |
See also references of EP4231681A4 * |
Also Published As
Publication number | Publication date |
---|---|
US20230328532A1 (en) | 2023-10-12 |
EP4231681A1 (en) | 2023-08-23 |
CN114650537A (zh) | 2022-06-21 |
EP4231681A4 (en) | 2024-03-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US12010519B2 (en) | Information sharing method, terminal device, storage medium, and computer program product | |
US20220303276A1 (en) | Network connection method, hotspot terminal and management terminal | |
US11178125B2 (en) | Wireless network connection method, wireless access point, server, and system | |
US9769732B2 (en) | Wireless network connection establishment method and terminal device | |
US10341860B2 (en) | Learned dual band WIFI network association | |
US10298398B2 (en) | Peer discovery, connection, and data transfer | |
US8594632B1 (en) | Device to-device (D2D) discovery without authenticating through cloud | |
US9843579B2 (en) | Dynamically generated SSID | |
US9154955B1 (en) | Authenticated delivery of premium communication services to trusted devices over an untrusted network | |
EP2617222B1 (en) | Dynamic account creation with secured hotspot network | |
JP6668407B2 (ja) | 移動通信システムに用いられる端末認証方法及び装置 | |
CN107567017B (zh) | 无线连接系统、装置及方法 | |
US11924635B2 (en) | Security authentication method and apparatus thereof, and electronic device | |
JP2016533694A (ja) | ユーザアイデンティティ認証方法、端末及びサーバ | |
WO2023280194A1 (zh) | 网络连接管理方法、装置、可读介质、程序产品及电子设备 | |
JP2014509468A (ja) | 無線ネットワーククレデンシャルを帯域外配信するための方法及びシステム | |
US12101633B2 (en) | Encrypted traffic detection | |
WO2023226778A1 (zh) | 身份认证方法、装置、电子设备及计算机可读存储介质 | |
WO2022127808A1 (zh) | 授信中继通信方法、装置、终端及网络侧设备 | |
WO2018032984A1 (zh) | 一种接入认证方法、ue和接入设备 | |
WO2023000139A1 (zh) | 传输凭证的方法、装置、通信设备及存储介质 | |
WO2022100640A1 (zh) | 通信转移的方法、终端及网络侧设备 | |
US20230276231A1 (en) | Authentication Between Wireless Devices and Edge Servers | |
WO2022206662A1 (zh) | 中继pdu会话建立的确定方法及装置、终端 | |
WO2024137758A1 (en) | System and method for secure ranging service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21905735 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2021905735 Country of ref document: EP Effective date: 20230516 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |