WO2022166878A1 - 核心网系统 - Google Patents

核心网系统 Download PDF

Info

Publication number
WO2022166878A1
WO2022166878A1 PCT/CN2022/074961 CN2022074961W WO2022166878A1 WO 2022166878 A1 WO2022166878 A1 WO 2022166878A1 CN 2022074961 W CN2022074961 W CN 2022074961W WO 2022166878 A1 WO2022166878 A1 WO 2022166878A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
function
core network
service
network system
Prior art date
Application number
PCT/CN2022/074961
Other languages
English (en)
French (fr)
Inventor
康艳超
Original Assignee
维沃移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 维沃移动通信有限公司 filed Critical 维沃移动通信有限公司
Priority to EP22749157.8A priority Critical patent/EP4266720A4/en
Publication of WO2022166878A1 publication Critical patent/WO2022166878A1/zh
Priority to US18/229,658 priority patent/US20230379853A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • H04W8/14Mobility data transfer between corresponding nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/06Registration at serving network Location Register, VLR or user mobility server
    • H04W8/065Registration at serving network Location Register, VLR or user mobility server involving selection of the user mobility server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/10Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface

Definitions

  • the only interface between the terminal and the core network entity is the N1 interface between the terminal and the Access and Mobility Management Function (AMF). NAS) protocol to communicate.
  • AMF Access and Mobility Management Function
  • the information (or messages, signaling, etc.) transmitted on the N1 interface includes not only the information between the terminal and the AMF, but also the information between the terminal and other core network functions, such as the terminal and session management functions Session management messages between (Session Management Function, SMF), short messages between terminals and Short Message Service (Short Message Service, SMS) functions, etc.
  • the information sent by the terminal to other core network functions needs to be encapsulated in the N1 interface NAS message that is protected by security and sent to the AMF uniformly. After decryption by the AMF, other information encapsulated in the NAS message is forwarded.
  • the downlink messages sent to the terminal by other core network functions must also be sent to the AMF first, and then encapsulated in the N1 interface NAS by the AMF, and then sent to the N1 interface after integrity protection and encryption processing. terminal, which leads to low efficiency of information transfer between the terminal and core network functions.
  • the embodiments of the present application provide a core network system, which can solve the problem of low information transmission efficiency between a terminal and a core network function.
  • a core network system including: a terminal and multiple core network functions, wherein the terminal and at least one of the multiple core network functions directly perform information through a service-based architecture (SBA) interface interact.
  • SBA service-based architecture
  • the terminal and at least one of the multiple core network functions directly exchange information through the SBA interface.
  • the communication between the terminal and the core network function can be improved. Information transmission efficiency.
  • the embodiments of the present application can also solve the problem that the traditional NAS protocol interface cannot be well compatible with the SBA-based core network architecture, and can meet the evolution trend of the whole network programmability.
  • FIG. 1 is a schematic structural diagram of a core network system according to an embodiment of the present application.
  • FIG. 2 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application
  • FIG. 3 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application
  • FIG. 4 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application
  • FIG. 5 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application
  • FIG. 6 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application
  • FIG. 7 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application
  • FIG. 8 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application
  • FIG. 9 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application.
  • FIG. 11 is a schematic flowchart of a service that a core network system can provide for a terminal according to an embodiment of the present application.
  • 6G The 6th Generation (6G) communication system is described below for example purposes, and 6G terminology is used in most of the description below, but these techniques can also be applied to applications other than 6G system applications, such as 5G evolution systems, 7G system and so on.
  • the embodiment of the present application provides a non-access stratum (Non-Access Stratum, NAS) interface/protocol service-based architecture (Service-based Architecture, SBA) solution, and introduces a core network system including a terminal .
  • the core network system includes a terminal and multiple core network functions, wherein the terminal and at least one of the multiple core network functions directly exchange information through an SBA interface, or in other words, the terminal and the multiple core network functions At least one of them communicates directly through the SBA interface.
  • the terminal and all core network functions in the core network system can communicate directly through the SBA interface.
  • the terminal and at least one of the multiple core network functions directly exchange information through the SBA interface.
  • the communication between the terminal and the core network function can be improved. Information transmission efficiency.
  • the embodiments of the present application can also solve the problem that the traditional NAS protocol interface cannot be well compatible with the SBA-based core network architecture, and can meet the evolution trend of the whole network programmability.
  • the core network functions mentioned in the various embodiments of this application are generally functional entities that can implement certain functions. Therefore, other technical terms may also be used to replace these core network functions. For example, “network element selection function” and the like are replaced by technical terms such as “network element selection entity” and “core network function selection entity”.
  • FIG. 1 is a schematic structural diagram of a core network system according to an embodiment of the present application.
  • a terminal and multiple core network functions are connected through the core network SBA bus, and the terminal can pass the core network SBA bus. Services provided by multiple core network functions are invoked, and multiple core network functions can provide services for terminals through the core network SBA bus.
  • the core network functions in the core network system include: network element selection function, security management function (or called NAS security function), context management function, statistical information management function, subscription management function, Access control function, mobility management function, session management function, location service function, Short Message Service (Short Message Service, SMS) function.
  • security management function or called NAS security function
  • context management function statistical information management function
  • subscription management function or called Access control function
  • mobility management function or called session management function
  • location service function Short Message Service (Short Message Service, SMS) function.
  • SMS Short Message Service
  • the core network system shown in FIG. 1 schematically shows a plurality of core network functions.
  • the core network system may include the above-mentioned actual part of the core network functions.
  • FIG. 1 is only an optional embodiment, and part of the core network functions may be replaced by other core network functions.
  • the plurality of core network functions include at least one of the following: a network element selection function, a security management function (or referred to as a NAS security function), a context management function, and a statistical information management function.
  • the multiple core network functions may further include at least one of the following: an access control function and a mobility management function.
  • the plurality of core network functions include at least one of the following: a subscription management function; a session management function; a location service function; and a short message service function.
  • This embodiment can separate the NAS security function (NAS security function) from the access and mobility management function (Access and Mobility Management Function, AMF) as an independent core network function, and the NAS security function supports the SBA interface.
  • the NAS security function may further include an AUSF (Authentication Server Function, authentication server) function, which is used for authentication of 3gpp access and non-3gpp access.
  • AUSF Authentication Server Function, authentication server
  • the services provided by the NAS security function to the terminal include, for example: initial authentication and key generation services; security mode establishment services, and the like.
  • the services provided by the NAS security function to other core network functions include, for example, a security mode establishment service; a NAS message encryption service; a NAS message decryption service, and the like.
  • the NAS security function may also be used to provide a terminal context (or terminal security context) for the target core network function before the target core network function communicates with the terminal.
  • a context management function (context management function), which is used to provide services including at least one of the following: a terminal context (Context) query service, and a terminal context update service.
  • This embodiment introduces a new context management function and supports the SBA interface.
  • the services provided by the context management function entity to the terminal include, for example, a terminal context query service and a terminal context update function.
  • a terminal context query service For example, the identification of the core network function that provides a certain service for the terminal, or the context related to a certain service is provided for the terminal.
  • the services provided by the context management function to other core network functions include, for example, a terminal context query service and a terminal context update function.
  • a terminal context is provided for the target core network function, or a context related to a certain service of the terminal is provided; for another example, after the target core network function communicates with the terminal, a new terminal context is generated or the existing context of the terminal is updated.
  • the core network function shall send the latest terminal context to the context management function entity.
  • NF selection function Network element selection function
  • NF selection function which is used to provide services including at least one of the following: according to the terminal requirements, select the required core network function for the terminal, and select the core network function that needs to be connected for the target network function.
  • This embodiment introduces a new network element selection function and supports the SBA interface.
  • the service provided by the network element selection function to the terminal includes, for example, selecting a core network function that requires a communication connection for the terminal according to the requirements of the terminal.
  • the service provided by the network element selection function to other core network functions includes, for example, selecting a core network function that requires a communication connection for the target network function according to the requirements of the target network function.
  • the target network function may be connected to the core network SBA bus in FIG. 1 , and the target network function may be a core network function or other network functions, such as an access network function.
  • the network element selection function is used to select a core network function capable of providing the service for the terminal according to the type of service requested by the terminal. For example, if the type of the service requested by the terminal is short message, the network element selection function may select the SMS function for the terminal, so that a communication connection is established between the terminal and the SMS function.
  • the terminal can select the access control function before the terminal is successfully registered. After the terminal is successfully registered, the terminal can select the core network function of the registered related service.
  • the mobility management process is the service provided by the network by default, which is optional. Yes, the session management service can also be used as a service provided by the network by default.
  • Statistical information management function the services provided include: statistics and/or feedback of target information.
  • This embodiment introduces a new statistical information management function and supports the SBA interface.
  • the statistical information management function can perform statistics and/or feedback on target information. For example, according to the request of the terminal, the target information that has been counted is fed back to the terminal; according to the request of the target core network function, the target information that has been counted is fed back to the target core network function.
  • the access control function is used to provide access service and initial registration service for the terminal.
  • the mobility management function is used to provide a mobility management service for the terminal.
  • the above-mentioned access control function and mobility management function are the same core network function.
  • the above-mentioned access control function and mobility management function are two independent core network functions.
  • the case where the access control function and the mobility management function are independent will be described below.
  • the access service and initial registration service provided by the access control function may include at least one of the following 1) to 8).
  • the access control function is used as the termination point (Termination of RAN CP interface) of the N2 control plane protocol.
  • the first target network function mentioned in this example may be a network function other than the access control function in the core network system, such as a mobility management function and the like.
  • the N2 control plane messages may be generated locally by the access control function.
  • NAS non-access stratum
  • the access control function acts as a NAS protocol termination point (Termination of NAS(N1)), and can perform encryption and integrity protection (ciphering and integrity protection) on NAS messages.
  • NAS connection management service (Connection management).
  • the termination point of the NAS protocol is in the access control function, so the NAS connection management service can also be implemented by the access control function.
  • the security-related service may include at least one of the following: access authentication service (Access Authentication); access authorization service (Access Authorization); security anchor service (Security Anchor Functionality); network slice authentication and authorization Services (Network Slice-Specific Authentication and Authorization).
  • Non-3GPP Non-3rd Generation Partnership Project
  • Mobility Management Service Mobility Management Service
  • Terminal mobility event notification service (UE mobility event notification).
  • Session Management (SM) business support service For example, provide the transmission of SM messages between the terminal and the session management function (Session Management Function, SMF) (Provide transport for SM messages between UE and SMF); transparent proxy for routing SM messages (Transparent proxy for routing SM messages); EPS Bearer ID allocation for interworking with EPS for interworking with Evolved Packet Switched System (EPS).
  • SMF Session Management Function
  • Short Message Service business support function. For example, provide SMS message transmission (Provide transport for SMS messages between UE and SMSF) between a terminal and a Short Message Service Function (Short Message Service Function, SMSF).
  • SMS message transmission Provide transport for SMS messages between UE and SMSF
  • SMSF Short Message Service Function
  • Location business support function For example, Location Services management for regulatory services (Location Services management for regulatory services); for terminals and Location Management Function (Location Management Function, LMF), and between Radio Access Network (Radio Access Network, RAN) and LMF Location Services messages provide transport services (Provide transport for Location Services messages between UE and LMF as well as between RAN and LMF).
  • LMF Location Management Function
  • CIOT Cellular Internet Of Things
  • External parameter configuration function For example, provide external parameters, such as expected terminal behavior parameters or network configuration parameters (Provisioning of external parameters, Expected UE Behaviour parameters or Network Configuration parameters).
  • the access control function mentioned in each of the foregoing embodiments can also be used to receive an uplink NAS message, and locally process the uplink NAS message or send the third target information in the uplink NAS message to the uplink NAS message.
  • the third target network function For example, the access control function sends the necessary information in the decrypted uplink NAS message to the mobility management function through the serviced interface.
  • the third target network function mentioned in this example may be a network function other than the access control function in the core network system, such as a mobility management function and the like.
  • all NAS messages on the N1 interface can be directly sent by the access network device (such as a base station) to the access control function.
  • the access control function performs decryption processing, it is processed locally or forwarded to the third target network function for processing deal with.
  • the access control function mentioned in the foregoing embodiments may also be used to send a downlink NAS message to the terminal, where the downlink NAS message may be locally generated by the access control function.
  • the fourth target network function or the mobility management function mentioned in the foregoing embodiments can also be used to send the fourth target information to the access control function, and the access control function is also used for Send a downlink NAS message including the fourth target information to the terminal.
  • the mobility management function sends plaintext information that needs to be sent to the terminal to the access control function through a service-oriented interface, and the access control function encrypts and forwards the encrypted downlink NAS message to the terminal.
  • the fourth target network function mentioned in this example may be a network function other than the access control function in the core network system, such as a location service function.
  • the access control function can be used as the termination point of the NAS protocol, and the access control function can be responsible for the encryption and integrity protection of NAS messages, so an important function of the interface between the access control function and the mobility management function is.
  • the access control function decrypts the uplink NAS message, it forwards the necessary information to the mobility management function; and the mobility management function can send the message to be sent to the terminal to the access control function, which is encrypted by the access control function After that, it is forwarded to the terminal through the base station, and the interaction process between the access control function and the mobility management function can be realized based on a service-oriented interface.
  • the core network system separates the access control function and the mobility management function by setting the access control function and the mobility management function, which can make the SBA core network and the SBA-based management plane better Convergence, paving the way for the integration of SBA access network and SBA core network.
  • control plane SBA of the access control function can retain the modular design principle of the traditional core network (such as the 4G core network), and each sub-network function that the access control function can implement is not a free combination of microservices. Rather, it is a collection of specific sub-network functions standardized by protocols.
  • sub-network functions are network functions related to access control, registration, authentication and authorization; the management plane SBA of the mobility management function involves more pure SBA, mobile
  • the performance management function can realize various network internal services (ie, sub-network functions), and during network configuration, various network internal services (ie, sub-network functions) can be freely and flexibly combined.
  • the access control function and the mobility management function are separated, rather than being implemented by one network function (eg, all implemented by AMF), so that the SBA core network and the SBA-based management plane can be better integrated.
  • the terminal and the core network function directly exchange information through the SBA interface, and the NAS message transmitted through the SBA interface includes indication information, and the indication information is used to indicate the communication with the core network.
  • the core network function that the terminal communicates with In this way, through the indication information, different core network functions can be distinguished.
  • the first byte of the NAS message is used to transmit an Extended Protocol Discriminator (Information Element, IE), see Table 1, the Extended Protocol Discriminator indicates that the cell has different values. to characterize and differentiate communication messages between terminals and different core network functions.
  • Information Element Information Element, IE
  • Table 1 the Extended Protocol Discriminator indicates that the cell has different values.
  • the value of the Extended protocol discriminator can be set to 1; for the uplink and downlink communication messages between the terminal and the session management function, the value of the Extended protocol discriminator can be set to 2; the terminal and SMS For the uplink and downlink communication messages between functions, the value of the Extended protocol discriminator can be set to 3; for the uplink and downlink communication messages between the terminal and the Network Exposure Function (NEF), the value of the Extended protocol discriminator can be set to 4; the terminal and location For uplink and downlink communication messages between service functions, the value of Extended protocol discriminator can be set to 5; for uplink and downlink communication messages between terminals and subscription management functions, the value of Extended protocol discriminator can be set to 6.
  • NEF Network Exposure Function
  • the SBA interface mentioned in each of the foregoing embodiments satisfies one of the following: implementation based on Restful interface; implementation based on Restful enhanced interface; implementation based on target SBA service interface protocol.
  • the SBA interface provided by the terminal and multiple core network functions may be implemented based on a Restful interface, and the Restful interface may be implemented based on Hypertext Transfer Protocol (HTTP) 2.0; or the Restful interface may be implemented based on HTTP3 .0 Restful enhanced interface; or, the SBA interface can be implemented based on other SBA service-oriented interface protocols, for example, based on the Packet Forwarding Control Protocol (PFCP).
  • HTTP Hypertext Transfer Protocol
  • PFCP Packet Forwarding Control Protocol
  • the core network system may provide services for the terminal including at least one of the following 1) to 11).
  • Embodiment 1 The initial registration and security establishment process of the terminal.
  • FIG. 2 shows the initial registration process and security establishment process of the terminal. This embodiment omits some steps, such as the terminal identification process, the old context request process, the policy establishment and request process, etc.
  • the security establishment related process is introduced. As shown in FIG. 2, this embodiment includes the following steps.
  • Step 0 An access control function selection process is performed between the terminal and the network element selection function.
  • Step 1 The terminal sends an initial registration message to the access control function.
  • Step 2 A security management function selection process is performed between the network element selection function and the access control function.
  • Step 3 An authentication and security establishment process is performed between the terminal, the security management function and the subscription management function.
  • Step 4 The request and provision process of the terminal security context is performed between the access control function and the security management function.
  • Step 5 The security management function context update process is performed between the security management function and the context management function.
  • Step 6 The access control function sends an initial registration accept message to the terminal.
  • Step 7 An access control function context update process is performed between the access control function and the context management function.
  • Embodiment 2 The mobility registration update process of the terminal.
  • This mobility registration update function may also be referred to as a mobility management procedure. This embodiment will be introduced in two sub-embodiments.
  • Sub-embodiment 1 the mobility management function and the access control function are combined. As shown in FIG. 3 , this embodiment includes the following steps.
  • Step 1 The terminal sends a location update message to the access control function and the mobility management function.
  • Step 2 The location update process of the terminal is performed between the terminal, the access control function and the mobility management function.
  • Step 3 A process of requesting and providing the context of the mobility management function is performed between the mobility management function and the context management function.
  • this embodiment includes the following steps.
  • Step 0 A mobility management function selection process is performed between the terminal and the network element selection function.
  • Step 1 The terminal sends a location update message to the mobility management function.
  • Step 2 The process of requesting and providing the security context of the terminal is performed between the mobility management function and the security management function.
  • Step 3 The terminal's mobility registration update process is performed between the terminal and the mobility management function.
  • the mobility management function updates the terminal context generated or updated in the current process to the context management function.
  • Embodiment 3 a session establishment process of a terminal.
  • FIG. 5 shows the session establishment process of the terminal. This embodiment omits some steps, such as the gateway selection process, the policy establishment and the request process, etc., and only introduces the session establishment related process. As shown in FIG. 5 , this embodiment includes the following steps.
  • Step 0 A session management function selection process is performed between the terminal and the network element selection function.
  • the network element selection function when the network element selection function selects the session management function for the terminal, it can request the required terminal context from the context management function, for example, the established Protocol Data Unit (Protocol Data Unit, PDU) session context, which includes The session management function of the PDU session service that the terminal has established.
  • PDU Protocol Data Unit
  • Step 1 The terminal sends a session establishment message to the session management function.
  • Step 2 The process of requesting and providing the terminal security context is performed between the session management function and the security management function.
  • Step 3 A terminal session establishment process is performed between the terminal and the session management function.
  • Step 4 The session management function context update process is performed between the session management function and the context management function.
  • Embodiment 4 Session modification and release process of terminal
  • FIG. 6 shows the session modification and release process of the terminal. This embodiment omits some steps, such as the gateway selection process, the policy establishment and request process, etc., and only introduces the process related to the session modification and release of the terminal. .
  • this embodiment usually occurs after the third embodiment, that is, the session modification and release process occurs only after the terminal selects the session management function and establishes the session.
  • this embodiment includes the following steps.
  • Step 1 The terminal sends a session modification/release message to the session management function.
  • Step 2 A terminal session modification/release process is performed between the terminal and the session management function.
  • Step 3 The session management function context update process is performed between the session management function and the context management function.
  • Embodiment 5 Security update process of the terminal. As shown in FIG. 7 , this embodiment includes the following steps.
  • Step 0 Execute a security update process trigger between other network functions and security management functions.
  • the trigger condition may be a local trigger, or may be triggered by other network functions, such as a subscription change trigger, a mobile trigger, and the like.
  • Step 1 The terminal security update process is performed between the terminal and the security management function.
  • Step 2 The security management function context update process is performed between the security management function and the context management function.
  • Step 3 The terminal security update process is performed between the security management function and other network functions. For example, update the terminal security algorithm to the core network function that has requested terminal security.
  • Embodiment 6 The short message service process of the terminal. As shown in FIG. 8 , this embodiment includes the following steps.
  • Step 0 An SMS function selection process is performed between the terminal and the network element selection function.
  • Step 1 The terminal sends an sms registration message to the SMS function.
  • Step 2 The process of requesting and providing the terminal security context is performed between the SMS function and the security management function.
  • Step 3 The SMS function sends an sms registration accept message to the terminal.
  • Step 4 An SMS function context update process is performed between the SMS function and the context management function.
  • Step 5 The sms message is transmitted between the terminal and the SMS function.
  • the terminal sends an uplink sms message to the SMS function
  • the SMS function sends a downlink sms message to the terminal.
  • Embodiment 7 Terminal location service process.
  • this embodiment includes the following steps.
  • Step 0 The location service function selection process is performed between the terminal and the network element selection function.
  • Step 1 The terminal sends a location service registration message to the location service function.
  • Step 2 The process of requesting and providing the terminal security context is performed between the location service function and the security management function.
  • Step 3 The location service function sends a location service acceptance message to the terminal.
  • Step 4 The location service function context update process is performed between the location service function and the context management function.
  • Step 5 The location message is transmitted between the terminal and the location service function.
  • the terminal sends an uplink location message to the location service function
  • the location service function sends a downlink location message to the terminal.
  • Embodiment 8 a process of updating configuration parameters related to subscription.
  • this embodiment includes the following steps.
  • Step 1 The request and update process of the terminal security context is performed between the security management function and the subscription management function.
  • Step 2 The subscription management function sends a subscription-related configuration parameter update message to the terminal.
  • Step 3 The terminal sends a subscription-related configuration parameter update confirmation (Acknowledgement, ACK) message to the subscription management function.
  • Acknowledgement ACK
  • Embodiment 9 terminal-related statistical information request process.
  • this embodiment includes the following steps.
  • Step 1 The request and update process of the terminal security context is performed between the security management function and the statistical information management function.
  • Step 2 The statistical information management function sends a terminal-related statistical information request message to the terminal.
  • Step 3 The terminal sends a terminal-related statistical information response message to the statistical information management.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本申请实施例公开了一种核心网系统,包括终端以及多个核心网功能,其中,所述终端和所述多个核心网功能的至少之一通过服务化架构(SBA)接口直接进行信息交互。

Description

核心网系统
交叉引用
本发明要求在2021年2月3日提交中国专利局、申请号为202110150354.4、发明名称为“核心网系统”的中国专利申请的优先权,该申请的全部内容通过引用结合在本发明中。
技术领域
本申请属于通信技术领域,具体涉及一种核心网系统。
背景技术
终端和核心网实体之间的唯一接口为终端和接入和移动管理功能(Access and Mobility Management Function,AMF)之间的N1接口,终端和AMF之间通过非接入层(Non-Access Stratum,NAS)协议进行通信。
在N1接口上传输的信息(或称消息,信令等),不仅仅包括有终端和AMF之间的信息,还包括有终端和其他核心网功能之间的信息,例如,终端和会话管理功能(Session Management Function,SMF)之间的会话管理消息,终端和短消息服务(Short Message Service,SMS)功能之间的短消息等。
相关技术中,终端发送给其他核心网功能之间的信息都需要封装在经过安全保护的N1接口NAS消息里面统一发送给AMF,再由AMF进行解密后,将封装在NAS消息里面的其他信息转发给对应的核心网实体;相应地,其他核心网功能发送给终端的下行消息也都必须先发送给AMF,再由AMF封装在N1接口NAS里面,在经过完整性保护和加密处理后再发送给终端,这会导致终端和核心网功能之间信息传输的效率较低。
发明内容
本申请实施例提供一种核心网系统,能够解决终端和核心网功能之间信息传输效率较低的问题。
第一方面,提供了一种核心网系统,包括:终端以及多个核心网功能,其中,所述终端和所述多个核心网功能的至少之一通过服务化架构(SBA)接口直接进行信息交互。
本申请实施例提供的核心网系统,终端和多个核心网功能的至少之一通过SBA接口直接进行信息交互,相对于通过AMF转发信息的方式而言,可以提高终端和核心网功能之间的信息传输效率。同时,本申请实施例还可以解决传统NAS协议接口不能和SBA化的核心网架构很好兼容的问题,能够满足全网可编程化的进化趋势。
附图说明
图1是根据本申请实施例的核心网系统的结构示意图;
图2是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图;
图3是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图;
图4是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图;
图5是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图;
图6是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图;
图7是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图;
图8是根据本申请实施例的核心网系统能够为终端提供的服务的流程示 意图;
图9是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图;
图10是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图;
图11是根据本申请实施例的核心网系统能够为终端提供的服务的流程示意图。
具体实施方式
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员所获得的所有其他实施例,都属于本申请保护的范围。
以下出于示例目的描述了第6代(6 thGeneration,6G)通信系统,并且在以下大部分描述中使用6G术语,但是这些技术也可应用于6G系统应用以外的应用,例如5G演进系统,7G系统等等。
本申请实施例提供了一种非接入层(Non-Access Stratum,NAS)接口/协议服务化架构(Service-based Architecture,SBA)化的方案,引入了一种包括终端在内的核心网系统。该核心网系统包括终端以及多个核心网功能,其中,所述终端和所述多个核心网功能的至少之一通过SBA接口直接进行信息交互,或者说,终端和所述多个核心网功能的至少之一通过SBA接口进行直接通信。例如,终端和核心网系统中的全部核心网功能可以通过SBA接口进行直接通信。
本申请实施例提供的核心网系统,终端和多个核心网功能的至少之一通过SBA接口直接进行信息交互,相对于通过AMF转发信息的方式而言,可以提高终端和核心网功能之间的信息传输效率。同时,本申请实施例还可以解决传统NAS协议接口不能和SBA化的核心网架构很好兼容的问题,能够 满足全网可编程化的进化趋势。
需要说明的是,本申请各个实施例提到的核心网功能,如网元选择功能等,通常为能够实现某些功能的功能实体,因此,还可以用其它的技术术语来替代这些核心网功能,例如,用“网元选择实体”、“核心网功能选择实体”等技术术语来替代“网元选择功能”等等。
如图1所示,图1是根据本申请实施例的核心网系统的结构示意图,该实施例中,终端和多个核心网功能通过核心网SBA总线连接,终端能够通过所述核心网SBA总线调用多个核心网功能提供的服务,多个核心网功能能够通过所述核心网SBA总线为终端提供服务。
在图1所示的实施例中,核心网系统中的核心网功能包括:网元选择功能,安全管理功能(或称作NAS安全功能),上下文管理功能,统计信息管理功能,签约管理功能,接入控制功能,移动性管理功能,会话管理功能,位置服务功能,短消息服务(Short Message Service,SMS)功能。
需要说明是的是,图1所示的核心网系统中示意性地显示出了多个核心网功能。在其他的一些实施例,核心网系统可以包括上述的现实的部分核心网功能,图1只是一个可选实施例,其中的部分核心网功能还可以用其他核心网功能来替代。在一个例子中,所述多个核心网功能包括如下至少之一:网元选择功能,安全管理功能(或称作NAS安全功能),上下文管理功能,统计信息管理功能。在一个例子中,所述多个核心网功能还可以包括如下至少之一:接入控制功能,移动性管理功能。在一个例子中,所述多个核心网功能包括如下至少之一:签约管理功能;会话管理功能;位置服务功能;短消息服务功能。
以下将对上述多个实施例中提到的核心网功能的主要作用进行介绍。
1)上述安全管理功能(或称作NAS安全功能),用于提供的服务包括如下至少之一:初始鉴权和秘钥生成服务,安全模式建立服务,NAS消息加密服务,NAS消息解密服务。
该实施例可以将NAS安全功能(NAS security function)从接入和移动管 理功能(Access and Mobility Management Function,AMF)中独立出来作为一个独立的核心网功能,且NAS安全功能支持SBA接口。可选的,NAS安全功能还可以包括AUSF(Authentication Server Function,鉴权服务器)功能,用于3gpp接入和非3gpp接入的鉴权。
该NAS安全功能向终端提供的服务(或称作功能,后续类同)例如包括:初始鉴权和秘钥生成服务;安全模式建立服务等。
该NAS安全功能向其他核心网功能提供的服务例如包括:安全模式建立服务;NAS消息加密服务;NAS消息解密服务等。
可选地,所述NAS安全功能,还可以用于在目标核心网功能与终端通信之前,为所述目标核心网功能提供终端上下文(或称终端安全上下文)。
2)上下文管理功能(contextmanagementfunction),用于提供的服务包括如下至少之一:终端上下文(Context)查询服务,终端上下文更新服务。
该实施例引入新的上下文管理功能,支持SBA接口。
该上下文管理功能实体向终端提供的服务例如包括:终端上下文查询服务;终端上下文更新功能。例如,为终端提供某项服务的核心网功能的标识,或者为终端提供某项服务相关的上下文。
该上下文管理功能向其他核心网功能提供的服务例如包括:终端上下文查询服务;终端上下文更新功能。例如,为目标核心网功能提供终端上下文,或者提供终端的某项服务相关的上下文;又例如,目标核心网功能与终端通信后产生了新的终端上下文或者更新了终端现有的上下文,该目标核心网功能要向上下文管理功能实体发送最新的终端上下文。
3)网元选择功能(NF selection function),用于提供的服务包括如下至少之一:根据终端需求为终端选择需要的核心网功能,为目标网络功能选择需要连接的核心网功能。
该实施例引入新的网元选择功能,支持SBA接口。
该网元选择功能向终端提供的服务例如包括:根据终端的需求,为终端选择需要通信连接的核心网功能。
该网元选择功能向其他核心网功能提供的服务例如包括:根据目标网络功能的需求,为目标网络功能选择需要通信连接的核心网功能。该目标网络功能可以与图1中的核心网SBA总线连接,该目标网络功能可以是核心网功能,还可以是其他网络功能,如接入网功能等。
可选地,所述网元选择功能,用于根据终端请求的业务的类型,为终端选择能够提供所述业务的核心网功能。例如,终端请求的业务的类型为短消息,则网元选择功能可以为终端选择SMS功能,使得终端和SMS功能之间建立通信连接。
通常,在终端成功注册之前,终端可以选择接入控制功能,在终端成功注册之后,终端可以选择注册过的相关业务的核心网功能,通常,移动性管理过程为网络默认提供的业务,可选的,会话管理业务也可以作为网络默认提供的业务。
4)统计信息管理功能,用于提供的服务包括:目标信息的统计和/或反馈。
该实施例引入新的统计信息管理功能,支持SBA接口。
该统计信息管理功能可以对目标信息进行统计和/或反馈。例如,根据终端的请求,为终端反馈统计完成的目标信息;根据目标核心网功能的请求,为目标核心网功能反馈统计完成的目标信息等。
5)接入控制功能,用于为终端提供接入服务和初始注册服务。
6)移动性管理功能,用于为终端提供移动性管理服务。
在一个例子中,上述接入控制功能和移动性管理功能为同一个核心网功能。
在另一个例子中,上述接入控制功能和移动性管理功能为两个独立的核心网功能。以下将对接入控制功能和移动性管理功能独立的情况进行说明。
可选地,针对接入控制功能,其提供的接入服务和初始注册服务可以包括如下1)至8)中的至少之一。
1)接收第二接口(N2)控制面消息,并对所述N2控制面消息进行本地 处理或将所述N2控制面消息中的第一目标信息发送给第一目标网络功能。该例子中,接入控制功能作为N2控制面协议的终结点(Termination of RAN CP interface)。该例子中提到的第一目标网络功能可以是核心网系统中接入控制功能之外的网络功能,如移动性管理功能等。
2)接收来自第二目标网络功能的第二目标信息,向接入网设备发送包括有所述第二目标信息的N2控制面消息。该例子中,接入控制功能作为N2控制面协议的终结点(Termination of RAN CP interface(N2))。
3)向接入网设备发送N2控制面消息。该例子中,N2控制面消息可以是接入控制功能本地产生的。
4)非接入层(Non-Access Stratum,NAS)消息的加密和完整性保护服务。该例子中,接入控制功能作为NAS协议终结点(Termination of NAS(N1)),可以对NAS消息进行加密和完整性保护(ciphering and integrity protection)等。
5)NAS连接管理服务(Connection management)。该实施例中,NAS协议的终结点在接入控制功能,所以NAS连接管理服务也可以由接入控制功能来实现。
6)注册管理服务(Registration management)。
7)安全相关服务。可选地,该安全相关服务可以包括如下至少之一:接入鉴权服务(Access Authentication);接入授权服务(Access Authorization);安全锚点服务(Security Anchor Functionality);网络切片鉴权和授权服务(Network Slice-Specific Authentication and Authorization)。
8)非第三代合作伙伴计划(Non-3GPP)接入支撑服务。
可选地,针对移动性管理功能,其提供移动性管理服务可以包括如下1)至9)中的至少之一。
1)可达性管理服务(Reachability management)。
2)移动性管理服务(Mobility Management)。
3)终端移动性事件通知服务(UE mobility event notification)。
4)合法监听业务服务(Lawful intercept)。
5)会话管理(Session Management,SM)业务支撑服务。例如,提供终端和会话管理功能(Session Management Function,SMF)之间的SM消息的传输(Provide transport for SM messages between UE and SMF);路由SM消息的透明代理(Transparent proxy for routing SM messages);用于与演进的分组交换系统(Evolved Packet Switched System,EPS)互通的EPS承载标识分配(EPS Bearer ID allocation for interworking with EPS)。
6)短消息服务(Short Message Service,SMS)业务支撑功能。例如,提供终端和短消息服务功能(Short Message Service Function,SMSF)之间的SMS消息传输(Provide transport for SMS messages between UE and SMSF)。
7)位置业务支撑功能。例如,监管服务的位置服务管理(Location Services management for regulatory services);为终端和位置管理功能(Location Management Function,LMF)之间,以及无线接入网(Radio Access Network,RAN)和LMF之间的位置服务消息提供传输服务(Provide transport for Location Services messages between UE and LMF as well as between RAN and LMF)。
8)蜂窝物联网(Cellular Internet Of Things,CIOT)业务支撑功能。例如,支持控制面CIOT优化(Support for Control Plane CIOT Optimisation);支持用户面CIOT优化(Support for User Plane CIOT Optimisation)。
9)外部参数配置功能。例如,提供外部参数,如预期终端行为参数或网络配置参数(Provisioning of external parameters,Expected UE Behaviour parameters or Network Configuration parameters)。
可选地,前文各个实施例提到的接入控制功能,还可以用于接收上行NAS消息,并对所述上行NAS消息进行本地处理或将所述上行NAS消息中的第三目标信息发送给第三目标网络功能。例如,接入控制功能通过服务化的接口将解密后的上行NAS消息中的必要信息发给移动性管理功能。该例子中提到的第三目标网络功能可以是核心网系统中接入控制功能之外的网络功 能,如移动性管理功能等。
该实施例中,N1接口上的NAS消息都可以由接入网设备(如基站)直接发给接入控制功能,接入控制功能进行解密处理后,本地处理或者转发给第三目标网络功能进行处理。
可选地,前文各个实施例提到的接入控制功能,还可以用于向终端发送下行NAS消息,该下行NAS消息可以是接入控制功能本地产生的。
可选地,第四目标网络功能或者是前文各个实施例提到的移动性管理功能,还可以用于将第四目标信息发送给所述接入控制功能,所述接入控制功能还用于向终端发送包括有所述第四目标信息的下行NAS消息。例如,移动性管理功能通过服务化的接口将明文的需要发给终端的信息发送给接入控制功能,接入控制功能加密之后将加密的下行NAS消息转发给终端。该例子中提到的第四目标网络功能,可以是核心网系统中接入控制功能之外的网络功能,如位置服务功能等。
上述实施例中,接入控制功能可以作为NAS协议的终结点,接入控制功能可以负责NAS消息的加密和完整性保护,所以接入控制功能和移动性管理功能之间的接口的一个重要功能是:接入控制功能将上行NAS消息解密后,将必要信息转发给移动性管理功能;而移动性管理功能可以将需要发给终端的消息发送给接入控制功能,由接入控制功能进行加密后通过基站转发给终端,接入控制功能和移动性管理功能之间的交互过程可以是基于服务化的接口实现的。
本申请实施例提供的核心网系统,通过设置的接入控制功能和移动性管理功能,从而将接入控制功能和移动性管理功能分设,可以使SBA核心网与SBA化的管理面更好的融合,为SBA接入网与SBA核心网的融合做铺垫。
针对上述提到的“使SBA核心网与SBA化的管理面更好的融合”,以下将对其进行说明。该实施例中,接入控制功能的控制面SBA可以保留了传统核心网(如4G核心网)的模块化设计原理,接入控制功能能够实现的各个子网络功能并不是微服务的自由组合,而是通过协议标准化的特定子网络功 能的集合,这些子网络功能是同接入控制,注册,鉴权授权相关的网络功能;移动性管理功能的管理面SBA的涉及更加纯粹的SBA化,移动性管理功能可以实现各种网络内部业务(即子网络功能),在网络配置时,各种网络内部业务(即子网络功能)可以自由灵活的组合。本申请实施例通过将接入控制功能和移动性管理功能分设,而并非是集中由一个网络功能实现(如全部由AMF实现),可以使SBA核心网与SBA化的管理面更好的融合。
可选地,前文各个实施例中提到的核心网系统中,终端和核心网功能通过SBA接口直接进行信息交互,通过该SBA接口传输的NAS消息中包括指示信息,该指示信息用于指示与终端进行通信的核心网功能。这样,通过该指示信息,即可区分出不同的核心网功能。
在一个例子中,NAS消息的第一个字节用于传递扩展协议区分指示(Extended protocol discriminator)信元(Information Element,IE),参见表1,该扩展协议区分指示信元通过不同的取值来表征和区分终端和不同核心网功能之间的通信消息。例如:终端和移动性管理功能之间的上下行通信消息,Extended protocol discriminator值可设为1;终端和会话管理功能之间的上下行通信消息,Extended protocol discriminator值可设为2;终端和SMS功能之间的上下行通信消息,Extended protocol discriminator值可设为3;终端和网络开放功能(Network Exposure Function,NEF)之间的上下行通信消息,Extended protocol discriminator值可设为4;终端和位置服务功能之间的上下行通信消息,Extended protocol discriminator值可设为5;终端和签约管理功能之间的上下行通信消息,Extended protocol discriminator值可设为6。
表1扩展协议区分指示格式
Figure PCTCN2022074961-appb-000001
可选地,前文各个实施例中提到的SBA接口满足如下之一:基于Restful接口实现;基于Restful增强接口实现;基于目标SBA服务化接口协议实现。
该实施例中,终端以及多个核心网功能提供的SBA接口可以基于Restful接口实现,该Restful接口可以是基于超文本传输协议(Hypertext Transfer Protocol,HTTP)2.0实现;或者该Restful接口可以是基于HTTP3.0的Restful增强口;或者,SBA接口可以基于其他SBA服务化接口协议实现,例如,基于包转发控制协议(Packet Forwarding Control Protocol,PFCP)实现。
可选地,本申请各个实施例提供的核心网系统,可以为终端提供的服务包括如下1)至11)中的至少之一。
1)终端的初始注册服务。
2)终端的鉴权授权服务。
3)终端的安全建立服务。
4)终端的移动性管理服务。
5)终端的会话建立服务。
6)终端的会话修改和释放服务。
7)终端的安全更新服务。
8)终端的短消息服务。
9)终端的位置服务。
10)签约相关的配置参数更新服务。
11)终端统计信息请求服务。
为详细说明本申请实施例提供的核心网系统以及核心网系统中的核心网功能的作用,以下将结合几个具体的实施例进行说明。
实施例一:终端的初始注册和安全建立过程。
图2所示的实施例给出终端的初始注册过程和安全建立过程,该实施例省略了一些步骤,如终端标识过程,旧的上下文请求过程,策略建立和请求过程等,仅对初始注册和安全建立相关的过程进行介绍。如图2所示,该实施例包括如下步骤。
步骤0:终端和网元选择功能之间执行接入控制功能选择过程。
步骤1:终端向接入控制功能发送初始注册消息。
步骤2:网元选择功能和接入控制功能之间执行安全管理功能选择过程。
步骤3:终端、安全管理功能和签约管理功能之间执行鉴权与安全建立过程。
步骤4:接入控制功能和安全管理功能之间执行终端安全上下文的请求与提供过程。
步骤5:安全管理功能和上下文管理功能之间执行安全管理功能上下文更新过程。
步骤6:接入控制功能向终端发送初始注册接受消息。
步骤7:接入控制功能和上下文管理功能之间执行接入控制功能上下文更新过程。
步骤8:网元选择功能和接入控制功能更新注册过的服务类型,如会话管理服务,短消息服务,控制面数据服务,位置服务等。之后,终端可以请求选择注册过的服务类型的核心网功能。其中,位置更新服务为默认注册服务。可选的,会话管理服务也可以作为默认注册的服务。
实施例二:终端的移动性注册更新过程。
该移动性注册更新功能还可以称作移动性管理过程。该实施例将分两个子实施例进行介绍。
子实施例一,移动性管理功能与接入控制功能合设。如图3所示,该实施例包括如下步骤。
步骤1:终端向接入控制功能和移动性管理功能发送位置更新消息。
步骤2:终端、接入控制功能和移动性管理功能之间执行终端的位置更新过程。
步骤3:移动性管理功能和上下文管理功能之间执行移动性管理功能上下文的请求与提供过程。
子实施例二,移动性管理功能与接入控制功能分设。如图4所示,该实施例包括如下步骤。
步骤0:终端和网元选择功能之间执行移动性管理功能选择过程。
步骤1:终端向移动性管理功能发送位置更新消息。
步骤2:移动性管理功能和安全管理功能之间执行终端的安全上下文的请求与提供过程。
步骤3:终端和移动性管理功能之间执行终端的移动性注册更新过程。
可选地,在步骤3之后还可以包括如下步骤:移动性管理功能向上下文管理功能更新本次过程中产生或更新的终端上下文。
实施例三:终端的会话建立过程。
图5给出终端的会话建立过程,该实施例省略了一些步骤,如网关选择过程,策略建立和请求过程等,仅对会话建立相关的过程进行介绍。如图5所示,该实施例包括如下步骤。
步骤0:终端和网元选择功能之间执行会话管理功能选择过程。
该实施例中,网元选择功能为终端选择会话管理功能时,可以向上下文管理功能请求所需的终端上下文,例如,已经建立的协议数据单元(Protocol Data Unit,PDU)会话上下文,其中包括为终端已经建立的PDU会话服务的会话管理功能。
步骤1:终端向会话管理功能发送会话建立消息。
步骤2:会话管理功能和安全管理功能之间执行终端安全上下文的请求与提供过程。
步骤3:终端和会话管理功能之间执行终端会话建立过程。
步骤4:会话管理功能和上下文管理功能之间执行会话管理功能上下文更新过程。
实施例四:终端的会话修改和释放过程
图6所示的实施例给出终端的会话修改和释放过程,该实施例省略了一些步骤,如网关选择过程,策略建立和请求过程等,仅对终端的会话修改和释放相关的过程进行介绍。
此外,本实施例通常在实施例三之后发生,即在终端选择了会话管理功能,且建立了会话之后,才会发生会话修改和释放过程。如图6所示,该实 施例包括如下步骤。
步骤1:终端向会话管理功能发送会话修改/释放消息。
步骤2:终端和会话管理功能之间执行终端会话修改/释放过程。
步骤3:会话管理功能和上下文管理功能之间执行会话管理功能上下文更新过程。
实施例五:终端的安全更新过程。如图7所示,该实施例包括如下步骤。
步骤0:其他网络功能和安全管理功能之间执行安全更新过程触发。
该实施例中,触发条件可以是本地触发,也可以是由其他网络功能触发,例如签约更改触发,移动触发等。
步骤1:终端和安全管理功能之间执行终端安全更新过程。
步骤2:安全管理功能和上下文管理功能之间执行安全管理功能上下文更新过程。
步骤3:安全管理功能和其他网络功能之间执行终端安全更新过程。例如,向请求过终端安全的核心网功能更新终端安全算法。
实施例六:终端的短消息服务过程。如图8所示,该实施例包括如下步骤。
步骤0:终端和网元选择功能之间执行SMS功能选择过程。
步骤1:终端向SMS功能发送sms注册消息。
步骤2:SMS功能和安全管理功能之间执行终端安全上下文的请求与提供过程。
步骤3:SMS功能向终端发送sms注册接受消息。
步骤4:SMS功能和上下文管理功能之间执行SMS功能上下文更新过程。
步骤5:终端和SMS功能之间传输sms消息。例如,终端向SMS功能发送上行sms消息,SMS功能向终端发送下行sms消息。
实施例七:终端的位置服务过程。
如图9所示,该实施例包括如下步骤。
步骤0:终端和网元选择功能之间执行位置服务功能选择过程。
步骤1:终端向位置服务功能发送位置服务注册消息。
步骤2:位置服务功能和安全管理功能之间执行终端安全上下文的请求与提供过程。
步骤3:位置服务功能向终端发送位置服务接受消息。
步骤4:位置服务功能和上下文管理功能之间执行位置服务功能上下文更新过程。
步骤5:终端和位置服务功能之间传输位置消息。例如,终端向位置服务功能发送上行位置消息,位置服务功能向终端发送下行位置消息。
实施例八:签约相关的配置参数更新过程。
如图10所示,该实施例包括如下步骤。
步骤1:安全管理功能和签约管理功能之间执行终端安全上下文的请求与更新过程。
步骤2:签约管理功能向终端发送签约相关的配置参数更新消息。
步骤3:终端向签约管理功能发送签约相关的配置参数更新确认(Acknowledgement,ACK)消息。
实施例九:终端相关统计信息请求过程。
如图11所示,该实施例包括如下步骤。
步骤1:安全管理功能和统计信息管理功能之间执行终端安全上下文的请求与更新过程。
步骤2:统计信息管理功能向终端发送终端相关统计信息请求消息。
步骤3:终端向统计信息管理发送终端相关统计信息响应消息。
上面结合附图对本申请的实施例进行了描述,但是本申请并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本申请的启示下,在不脱离本申请宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本申请的保护之内。

Claims (10)

  1. 一种核心网系统,包括:
    终端以及多个核心网功能,其中,所述终端和所述多个核心网功能的至少之一通过服务化架构SBA接口直接进行信息交互。
  2. 根据权利要求1所述的核心网系统,其中,所述核心网功能包括如下至少之一:
    非接入层NAS安全功能,用于提供的服务包括如下至少之一:初始鉴权和秘钥生成服务,安全模式建立服务,NAS消息加密服务,NAS消息解密服务;
    上下文管理功能,用于提供的服务包括如下至少之一:终端上下文查询服务,终端上下文更新服务;
    网元选择功能,用于提供的服务包括如下至少之一:根据终端需求为终端选择需要的核心网功能,为目标网络功能选择需要连接的核心网功能;
    统计信息管理功能,用于提供的服务包括:目标信息的统计和/或反馈。
  3. 根据权利要求2所述的核心网系统,其中,所述NAS安全功能,用于在目标核心网功能与终端通信之前,为所述目标核心网功能提供终端安全上下文。
  4. 根据权利要求2所述的核心网系统,其中,所述网元选择功能,用于根据终端请求的业务的类型,为终端选择能够提供所述业务的核心网功能。
  5. 根据权利要求1或2所述的核心网系统,其中,所述核心网功能包括如下至少之一:
    接入控制功能,用于为终端提供接入服务和初始注册服务;
    移动性管理功能,用于为终端提供移动性管理服务。
  6. 根据权利要求5所述的核心网系统,其中,
    所述接入控制功能和所述移动性管理功能为两个独立的核心网功能;或
    所述接入控制功能和所述移动性管理功能为同一个核心网功能。
  7. 根据权利要求1或2所述的核心网系统,其中,所述核心网功能包括 如下至少之一:
    签约管理功能;
    会话管理功能;
    位置服务功能;
    短消息服务SMS功能。
  8. 根据权利要求1所述的核心网系统,其中,通过所述SBA接口传输的NAS消息中包括指示信息,所述指示信息用于指示与终端进行通信的核心网功能。
  9. 根据权利要求1或8所述的核心网系统,其中,所述SBA接口满足如下之一:
    基于Restful接口实现;
    基于Restful增强接口实现;
    基于目标SBA服务化接口协议实现。
  10. 根据权利要求1所述的核心网系统,其中,所述核心网系统为终端提供的服务包括如下至少之一:
    终端的初始注册服务;
    终端的鉴权授权服务;
    终端的安全建立服务;
    终端的移动性管理服务;
    终端的会话建立服务;
    终端的会话修改或释放服务;
    终端的安全更新服务;
    终端的短消息服务;
    终端的位置服务;
    签约相关的配置参数更新服务;
    终端统计信息请求服务。
PCT/CN2022/074961 2021-02-03 2022-01-29 核心网系统 WO2022166878A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP22749157.8A EP4266720A4 (en) 2021-02-03 2022-01-29 CENTRAL NETWORK SYSTEM
US18/229,658 US20230379853A1 (en) 2021-02-03 2023-08-02 Core network system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110150354.4 2021-02-03
CN202110150354.4A CN114867004A (zh) 2021-02-03 2021-02-03 核心网系统

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/229,658 Continuation US20230379853A1 (en) 2021-02-03 2023-08-02 Core network system

Publications (1)

Publication Number Publication Date
WO2022166878A1 true WO2022166878A1 (zh) 2022-08-11

Family

ID=82622990

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/074961 WO2022166878A1 (zh) 2021-02-03 2022-01-29 核心网系统

Country Status (4)

Country Link
US (1) US20230379853A1 (zh)
EP (1) EP4266720A4 (zh)
CN (1) CN114867004A (zh)
WO (1) WO2022166878A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116056048A (zh) * 2023-02-11 2023-05-02 之江实验室 一种5G服务架构eSBA下的异系统间用户签约信息共享的方法

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116546530B (zh) * 2023-07-03 2023-11-17 阿里巴巴(中国)有限公司 核心网配置方法、装置、设备、存储介质和通信系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190246370A1 (en) * 2017-01-06 2019-08-08 Samsung Electronics Co., Ltd. Method and apparatus for data transport control between wireless network systems
CN110366276A (zh) * 2019-07-03 2019-10-22 中国联合网络通信集团有限公司 服务化架构基站
CN110933623A (zh) * 2018-09-17 2020-03-27 华为技术有限公司 一种通信方法和装置
CN111405567A (zh) * 2020-03-18 2020-07-10 广州爱浦路网络技术有限公司 一种amf扩展方法及amf实体

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10863390B2 (en) * 2018-02-14 2020-12-08 Mediatek Inc. Method and apparatus for non-access stratum transport
EP3808151A1 (en) * 2018-06-15 2021-04-21 Telefonaktiebolaget Lm Ericsson (Publ) A method of and a device for operating network gateway services in a service based telecommunications system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190246370A1 (en) * 2017-01-06 2019-08-08 Samsung Electronics Co., Ltd. Method and apparatus for data transport control between wireless network systems
CN110933623A (zh) * 2018-09-17 2020-03-27 华为技术有限公司 一种通信方法和装置
CN110366276A (zh) * 2019-07-03 2019-10-22 中国联合网络通信集团有限公司 服务化架构基站
CN111405567A (zh) * 2020-03-18 2020-07-10 广州爱浦路网络技术有限公司 一种amf扩展方法及amf实体

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP4266720A4 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116056048A (zh) * 2023-02-11 2023-05-02 之江实验室 一种5G服务架构eSBA下的异系统间用户签约信息共享的方法
CN116056048B (zh) * 2023-02-11 2023-09-01 之江实验室 一种5G服务架构eSBA下的异系统间用户签约信息共享的方法

Also Published As

Publication number Publication date
EP4266720A4 (en) 2024-06-12
US20230379853A1 (en) 2023-11-23
CN114867004A (zh) 2022-08-05
EP4266720A1 (en) 2023-10-25

Similar Documents

Publication Publication Date Title
KR102144303B1 (ko) 키 구성 방법, 보안 정책 결정 방법 및 장치
EP3557840B1 (en) Security implementation method, device and system
KR102601585B1 (ko) Nas 메시지의 보안 보호를 위한 시스템 및 방법
US8990554B2 (en) Network optimization for secure connection establishment or secure messaging
WO2022166878A1 (zh) 核心网系统
JP2020527914A (ja) ネットワークセキュリティ管理方法および装置
WO2018000867A1 (zh) 密钥配置及安全策略确定方法、装置
EP2317694B1 (en) Method and system and user equipment for protocol configuration option transmission
KR20150051568A (ko) 이동 통신 시스템 환경에서 프락시미티 기반 서비스 단말 간 발견 및 통신을 지원하기 위한 보안 방안 및 시스템
US20110002272A1 (en) Communication apparatus and communication method
US20240163713A1 (en) Systems and methods for selectable application-specific quality of service parameters in a wireless network
EP3131325A1 (en) Method, device and communication system for terminal to access communication network
EP3952374B1 (en) Communication method and apparatus
WO2011066779A1 (zh) 业务流加密处理方法及系统
US11576232B2 (en) Method for establishing a connection of a mobile terminal to a mobile radio communication network and communication network device
EP4266727A1 (en) Core network system
KR101094057B1 (ko) 이동 통신시스템의 초기 시그널링 메시지 처리 방법 및장치
WO2022165745A1 (zh) 数据配置方法、装置、系统及存储介质
US20240187245A1 (en) Systems and methods for on-demand validation of distributed ledger records
US20220368524A1 (en) Systems and methods for blockchain-based secure key exchange with key escrow fallback
US20240146702A1 (en) Traffic management with asymmetric traffic encryption in 5g networks
WO2022178888A1 (zh) 一种通信方法及装置
US20240073680A1 (en) First Node, Second Node, Third Node and Methods Performed Thereby, for Handling Encrypted Traffic in a Communications Network
US20220386130A1 (en) Systems and methods for using a unique routing indicator to connect to a network
Saedy et al. Machine-to-machine communications and security solution in cellular systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22749157

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022749157

Country of ref document: EP

Effective date: 20230719

NENP Non-entry into the national phase

Ref country code: DE