WO2022267959A1

WO2022267959A1 - Method and apparatus for acquiring capability exposure information, and communication device

Info

Publication number: WO2022267959A1
Application number: PCT/CN2022/098961
Authority: WO
Inventors: 朱磊; 种璟; 唐小勇; 罗柯; 游正朋
Original assignee: 中移(成都)信息通信科技有限公司; 中国移动通信集团有限公司
Priority date: 2021-06-24
Filing date: 2022-06-15
Publication date: 2022-12-29
Also published as: CN115529590A

Abstract

Disclosed in the embodiments of the present application are a method and apparatus for acquiring capability exposure information, and a communication device. The method comprises: a first device sending a first request to a third device, wherein the first request is used for requesting capability exposure, and the first request comprises identity authentication information used for authentication; and the first device acquiring capability exposure information from the third device, wherein the capability exposure information is obtained after the identity authentication information is authenticated by the third device.

Description

A capability opening information acquisition method, device and communication equipment

Cross References to Related Applications

This application is based on a Chinese patent application with application number 202110705559.4 and a filing date of June 24, 2021, and claims the priority of this Chinese patent application. The entire content of this Chinese patent application is hereby incorporated into this application by reference.

technical field

The present application relates to wireless communication technologies, and in particular to a method, device and communication equipment for acquiring capability opening information.

Background technique

As a new generation of communication technology, the fifth-generation mobile communication technology (5G) has many advantages such as large bandwidth, low latency, high reliability, high connection, ubiquitous network, etc., thereby promoting the rapid development and change of vertical industries, such as smart medical, The rise of smart education and smart agriculture.

Multi-access edge computing (MEC) technology, as one of the key technologies in the evolution of 5G, is an information technology (IT) general Platform; relying on MEC technology, traditional external applications can be pulled into the operator's interior to provide users with localized application services, which are closer to users, thereby improving user experience and giving full play to the value of edge networks.

The combination of 5G and MEC technology can introduce different technology combinations for different industry demand scenarios, such as quality of service (QoS, Quality of Service), end-to-end network slicing, network capability exposure, edge cloud, etc., so as to provide customized s solution.

In related technologies, a solution combining 5G and MEC technology as shown in Figure 1 is adopted, and this solution has security risks. Therefore, in some scenarios, by setting up devices (or called gateways), the service proxy for network capability exposure between the core network and the MEC platform (MEP) and between the user plane function (UPF, User Plane Function) and the MEP is realized , so as to ensure and improve the network security capability of the communication system. However, in this scenario, there is currently no effective solution for how to obtain network openness information.

Contents of the invention

Embodiments of the present application provide a method, an apparatus, and a communication device for acquiring capability opening information.

The technical scheme of the embodiment of the application is realized in this way:

In the first aspect, the embodiment of this application provides a method for acquiring capability openness information, the method including:

The first device sends a first request to the third device; the first request is used to request capability release; the first request includes identity authentication information for authentication;

The first device acquires capability opening information from the third device; the capability opening information is obtained after the identity authentication information is authenticated by the third device.

In some optional embodiments, the method also includes:

The first device sends a second request to the second device, where the second request is used to request capability information; the capability information is used to indicate capabilities that the first device can obtain;

The first device receives the capability information from the second device.

In some optional embodiments, the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, Internet Protocol (IP, Internet Protocol) address of the third device , Identity authentication information of the third device.

In some optional embodiments, the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier.

In some optional embodiments, the wireless network information service capability identifier includes at least one of the following: wireless access network information identifier, slice capability identifier, access user capability identifier, multi-standard network access identifier, and data statistics report capability logo.

In some optional embodiments, the type information of the third device includes at least one of the following: a radio access network identifier, a network function identifier of a core network, and a third-party system identifier.

In some optional embodiments, the method also includes:

In a case where the first device cannot acquire the capability release information from the third device, the first device sends first information to the second device, where the first information is used to indicate a capability acquisition failure;

The first device receives second information from the second device, where the second information includes capability acquisition fault repair information.

In some optional embodiments, the method also includes:

The first device sends a first access authentication request to the second device, where the first access authentication request includes authentication requirement information and capability information supported by the first device;

The first device receives a first access authentication response from the second device, where the first access authentication response includes authentication information of the fourth device;

The first device sends a broadcast message based on the authentication information of the fourth device; the broadcast message is used for the fourth device receiving the broadcast message to initiate access authentication;

The first device receives a second access authentication request from a fourth device;

The first device authenticates the fourth device based on the authentication information of the fourth device, and sends a second access authentication response to the fourth device after passing the authentication.

In some optional embodiments, the capability information supported by the first device includes at least one of the following information: an identifier of the first device, a network type supported by the first device, an An indication of whether to support capability opening, an indication of whether the first device indicates Internet Security Protocol (IPSec, Internet Protocol Security), performance information of the first device, and an indication of whether the first device supports wide-area interconnection.

In some optional embodiments, the performance information of the first device includes at least one of the following: interface bandwidth of the first device, and the number of fourth devices supported by the first device.

In some optional embodiments, the authentication information of the fourth device includes at least one of the following information: the identity of the fourth device, the IP address of the fourth device, the domain name of the fourth device, the identity authentication of the fourth device information.

In some optional embodiments, the method further includes: the first device sending the capability information to a fourth device.

In some optional embodiments, when the capability information includes a slice capability identifier, the capability information further includes configuration information of slice parameter templates, the number of slice parameter templates, and identifiers of slice parameter templates.

In some optional embodiments, the configuration information of the slice parameter template includes at least one of the following slice parameters and their value ranges:

The slice supports the maximum number of users;

slice service area;

Slicing end-to-end delay;

the mobility class of the terminal in the slice;

slice resource sharing level;

Slice reliability requirements.

In some optional embodiments, the method also includes:

The first device receives a first slice configuration request from the fourth device; the first slice configuration request includes indication information for indicating a standard slice parameter template type and an identifier of a standard slice parameter template, or Include instructions for indicating the type of custom slice parameter template along with custom template parameters;

The first device determines corresponding standard template parameters based on the identifier of the standard slice parameter template, and sends a second slice configuration request to the second device after passing the legal check of the standard template parameters or the custom template parameters The second slice configuration request includes the standard template parameters or the custom template parameters, and the standard template parameters or the custom template parameters are used for the second device to complete the configuration of network slices;

The first device receives a second slice configuration response from the second device, and the second slice configuration response includes a network slice instance identifier;

The first device sends a first slice configuration response to the fourth device, where the first slice configuration response includes the network slice instance identifier.

In the second aspect, the embodiment of the present application also provides a method for acquiring capability openness information, the method including:

The third device receives a first request from the first device; the first request is used to request capability release; the first request includes identity authentication information for authentication;

The third device authenticates the first device based on the identity authentication information, and sends capability opening information to the first device after the authentication is passed.

In some optional embodiments, the sending capability opening information to the first device includes:

The third device opens a capability application programming interface, and sends capability opening information to the first device based on the opened capability application programming interface.

In some optional embodiments, the method also includes:

transmitting a message between the third device and the first device;

If the third device does not receive the message from the first device, terminating opening of the capability application programming interface to the first device.

In some optional embodiments, the method also includes:

The third device authenticates the first device through the second device;

The third device sends capability information to the second device, where the capability information is used to indicate the capability that the first device can obtain, and the capability information is sent after the first device is authenticated.

In some optional embodiments, the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, IP address of the third device, identity authentication of the third device information.

In the third aspect, the embodiment of the present application also provides a method for acquiring capability opening information, the method including:

the second device receives a second request from the first device, the second request requesting capability information;

The second device sends the capability information to the first device, where the capability information is used to indicate the capability that the first device can obtain.

In some optional embodiments, the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, Internet Protocol IP address of the third device, Identity authentication information.

In some optional embodiments, the method also includes:

The second device receives a first access authentication request from the first device, where the first access authentication request includes authentication requirement information and capability information supported by the first device;

After the second device passes the authentication on the first device, it sends a first access authentication response to the first device, where the first access authentication response includes authentication information of the fourth device; The authentication information of the fourth device is used for the fourth device to access the first device.

In some optional embodiments, the capability information list supported by the first device includes at least one of the following information: an identifier of the first device, a network type supported by the first device, the first An indication of whether the device supports network capability opening, an indication of whether the first device indicates IPSec, performance information of the first device, and an indication of whether the first device supports wide area interconnection.

In a fourth aspect, the embodiment of the present application also provides a method for acquiring capability openness information, the method including:

The fourth device receives capability information from the first device, where the capability information is used to indicate capabilities that the first device can obtain;

The fourth device performs corresponding capability processing based on the capability information.

In some optional embodiments, the fourth device receives capability information from the first device, including:

The proxy function component of the fourth device performs information interaction with the first device, and receives capability information from the first device;

Correspondingly, the fourth device performs corresponding processing based on the capability information, including:

The application component of the fourth device performs corresponding processing based on the capability information.

In some optional embodiments, the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier;

Wherein, the wireless network information service capability identifier includes at least one of the following: a wireless access network information identifier, a slice capability identifier, an access user capability identifier, a multi-standard network access identifier, and a data statistics report capability identifier.

In some optional embodiments, when the wireless network information service capability identifier includes an access user capability identifier, the fourth device performs corresponding capability processing based on the capability information, including:

The fourth device manages the accessing user based on the accessing user capability identifier.

In some optional embodiments, the method also includes:

The fourth device sends at least one of the following information to the first device: mobile phone number of the access user, user name of the access user, IP address of the access user, and access application identifier.

In some optional embodiments, when the wireless network information service capability identifier includes a slice capability identifier, the capability information further includes configuration information of a slice parameter template, the number of slice parameter templates, and the identifier of a slice parameter template ;

Wherein, the configuration information of the slice parameter template includes at least one of the following slice parameters and their value ranges:

The slice supports the maximum number of users;

slice service area;

Slicing end-to-end delay;

the mobility class of the terminal in the slice;

slice resource sharing level;

Slice reliability requirements.

In some optional embodiments, the fourth device performs corresponding capability processing based on the capability information, including:

The fourth device sends a first slice configuration request to the first device, and the first slice configuration request includes indication information for indicating a standard slice parameter template type, or for indicating a custom slice parameter template Instructions for types and custom template parameters;

The fourth device receives a first slice configuration response from the first device, where the first slice configuration response includes the network slice instance identifier.

In some optional embodiments, the method also includes:

the fourth device receives a broadcast message from the first device;

Based on the broadcast message, the fourth device sends a second access authentication request to the first device; the second access authentication request is used by the first device to perform access authentication on the fourth device ;

A second access authentication response from the first device is received.

In the fifth aspect, the embodiment of the present application further provides an apparatus for acquiring capability openness information, the apparatus includes: a first sending unit and a first receiving unit; wherein,

The first sending unit is configured to send a first request to a third device; the first request is used to request capability opening; the first request includes identity authentication information for authentication;

The first receiving unit is configured to acquire capability opening information from the third device; the capability opening information is obtained after the identity authentication information is authenticated by the third device.

In the sixth aspect, the embodiment of the present application further provides an apparatus for acquiring capability openness information, the apparatus including: a second receiving unit, a second processing unit, and a second sending unit; wherein,

The second receiving unit is configured to receive a first request from the first device; the first request is used to request capability opening; the first request includes identity authentication information for authentication;

The second processing unit is configured to authenticate the first device based on the identity authentication information;

The second sending unit is configured to send capability opening information to the first device after the second processing unit passes the authentication.

In the seventh aspect, the embodiment of the present application further provides an apparatus for acquiring capability openness information, the apparatus including: a third receiving unit and a third sending unit; wherein,

The third receiving unit is configured to receive a second request from the first device, where the second request is used to request capability information;

The third sending unit is configured to send the capability information to the first device, where the capability information is used to indicate the capability that the first device can obtain.

In an eighth aspect, the embodiment of the present application further provides a device for acquiring capability openness information, the device comprising: a fourth receiving unit and a fourth processing unit; wherein,

The fourth receiving unit is configured to receive capability information from the first device, where the capability information is used to indicate the capability that the first device can obtain;

The fourth processing unit is configured to process corresponding capabilities based on the capability information.

In the ninth aspect, the embodiment of the present application also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the above-mentioned first aspect, the second aspect, and the third aspect of the embodiment of the present application are realized. Or the steps of the method described in the fourth aspect.

In the tenth aspect, the embodiment of the present application also provides a communication device, including a memory, a processor, and a computer program stored in the memory and operable on the processor. When the processor executes the program, the implementation of the present application is implemented. For example, the steps of the method described in the first aspect, the second aspect, the third aspect or the fourth aspect.

In the method, device, and communication device for acquiring capability opening information provided in the embodiments of the present application, the first device sends a first request to the third device; the first request is used to request capability opening; the first request includes Authenticated identity authentication information; the first device acquires capability release information from the third device; the capability release information is obtained after the identity authentication information is authenticated by the third device. By adopting the technical solution of the embodiment of the present application, it is realized that the industry gateway (ie, the first device) can obtain capability opening information from the third device (ie, the capability source, such as RAN, 5GC, and a third-party network).

Description of drawings

Figure 1 is a schematic diagram of a system structure combining 5G and MEC technology in related technologies;

Fig. 2 is a schematic structural diagram of the system structure of 5G industry cloud-network integration according to the embodiment of the present application;

FIG. 3 is a first schematic flowchart of a method for acquiring capability opening information according to an embodiment of the present application;

FIG. 4 is a second schematic flow diagram of a method for acquiring capability opening information according to an embodiment of the present application;

FIG. 5 is a third schematic flowchart of a method for acquiring capability opening information according to an embodiment of the present application;

FIG. 6 is a schematic flowchart 4 of a method for acquiring capability opening information according to an embodiment of the present application;

FIG. 7 is a schematic diagram of a network capability open architecture for 5G industry cloud-network integration in an application embodiment of the present application;

FIG. 8 is a schematic diagram of the MEP capability opening function architecture of the application embodiment of the present application;

FIG. 9 is a schematic diagram of an interaction process of a method for acquiring capability opening information according to an embodiment of the present application;

FIG. 10 is a schematic diagram of an access authentication interaction flow in a method for acquiring capability opening information according to an embodiment of the present application;

FIG. 11 is a schematic diagram of a slice configuration flow in a method for acquiring capability opening information according to an embodiment of the present application;

FIG. 12 is a first structural diagram of a device for acquiring capability opening information according to an embodiment of the present application;

FIG. 13 is a second schematic diagram of the composition and structure of the device for acquiring capability opening information in the embodiment of the present application;

FIG. 14 is a third schematic diagram of the composition and structure of the device for acquiring capability opening information according to the embodiment of the present application;

FIG. 15 is a fourth schematic diagram of the composition and structure of the device for acquiring capability opening information according to the embodiment of the present application;

FIG. 16 is a schematic diagram of a hardware composition structure of a communication device according to an embodiment of the present application.

detailed description

The present application will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

As shown in Figure 1, among the related technologies, the solutions combining 5G and MEC technologies mainly include:

1) In order to enable low-latency, high-bandwidth, and highly-reliable edge applications in vertical industries, UPF sinks to industry customer parks, close to MEC edge servers (also called MEC platforms (MEPs)), through UPF’s local distribution technology ( That is, the uplink filter/IPv6 branch point (UL-CL/IPv6 BP, Uplink Classifier/IPv6 Branching Point) forwards the data to the MEP;

2) The application function (AF, Application Function) in the core network is lowered to the MEP side to provide better data flow control strategies (such as coding strategies, QoS strategies, routing strategies, etc.) for applications deployed on the MEP.

However, the combination of 5G and MEC technology shown in Figure 1 specifically has the following security risks:

First, the security risks caused by the deployment locations of UPF and MEP.

Specifically, UPF and MEP are logically separated in function, but they can be deployed in two ways, namely: merged deployment and separate deployment; among them, merged deployment refers to deploying UPF and MEP in the same computer room or even on the same physical device ; Separate deployment refers to deploying UPF and MEP in different equipment rooms. In actual application, the combined deployment method is not suitable for vertical industries (such as smart medical care, smart education, smart agriculture, etc.), because: if UPF and MEP are combined and deployed in the operator's computer room, it violates the requirements of industry customers for their application. The data cannot be out of the security requirements of the campus; and if UPF and MEP are combined and deployed in the equipment room of the industrial customer campus, it is very detrimental to the operation and maintenance of the operator, and will increase the security risk for the entire core network. Therefore, for vertical industry applications, UPF and MEP should be deployed separately. Specifically, UPF can be deployed in the operator's computer room, and MEP can be deployed in the industrial customer campus computer room. However, in the scenario where UPF and MEP are deployed separately, the data security between UPF and MEP cannot be guaranteed, and there are security risks.

Second, the security risks caused by ubiquitous network access.

Specifically, the architecture shown in Figure 1 does not involve access and data transmission of non-5G networks. In other words, related technologies do not provide access solutions for non-5G networks when 5G and MEC technologies are combined. There are many types of access technologies for terminals in vertical industries, including 4G, Wi-Fi, Bluetooth, Zigbee, and narrowband IoT in addition to 5G. Networking (NB-IoT, Narrow Band-Internet of Things), wired network (Wireline), etc. Terminal data connected to these non-5G networks may not be transmitted to the MEP through the 5G network, making it impossible for the MEP to respond to various types of access technologies. Access control, traffic control, and security monitoring of terminal data cannot guarantee the network and data security of MEP, and there are security risks.

Third, the security risks caused by the opening of network capabilities.

Specifically, as shown in Figure 1, in related technologies, the network exposure function of the MEP is realized by connecting the AF on the MEP with the network exposure function (NEF, Network Exposure Function) of the 5G core network (5GC, 5G Core). Can be expressed as Service Capability Exposure Function, abbreviated as SCEF). However, since the security level of each MEP is not uniform, when MEPs open network capabilities to the outside world, the core network may suffer from security loopholes in the application of network capabilities on a certain MEP or the security mechanism of a certain MEP itself. attack, there is a security risk.

In addition, in related technologies, MEP can only obtain network capabilities from 5GC, and the network capabilities that 5GC can provide cannot fully meet and accurately cover the business needs of vertical industries, for example, it cannot provide location information for non-5G network access terminals. At the same time, there are various sources of data for MEP network capabilities, including 5GC, Radio Access Network (RAN, Radio Access Network) and third-party systems.

Fourth, security risks caused by local shunting.

Specifically, as shown in Figure 1, in related technologies, the data forwarding from the terminal to the local MEP relies on the UL-CL/IPv6 BP technology of UPF, which implements local distribution based on the IP quintuple or prefix of the message. In practical applications, for vertical industries, using UL-CL/IPv6 BP technology for local distribution will expose the IP address information of industry users' MEPs on the public network, which not only has the risk of user privacy data leakage, but also may lead to MEP IP address information. A network attack on the address poses a network security risk.

Among them, in practical applications, in order to avoid network security risks caused by using UL-CL/IPv6 BP technology for local offloading, it is also possible to consider setting a dedicated data network name (DNN, Data Network Name) for MEP to achieve local offloading. However, this method needs to configure a separate DNN for each MEP, and requires a large number of DNN configurations on the core network. Moreover, for the scenario where one terminal accesses multiple MEPs, the user needs to continuously switch DNNs on the terminal, which seriously affects the user experience.

In addition, in practical applications, in vertical industry application scenarios, in addition to the requirements for local distribution, there are also requirements for wide-area interconnection between MEPs, such as data sharing between different hospitals, remote collaborative diagnosis and other scenarios. However, in related technologies, UPF only supports a protocol data unit (PDU, Protocol Data Unit) session from a terminal to a data network (DN, Data Network), and does not support a connection from a DN to a DN. In other words, UPF only supports the data connection between terminals and MEPs, and does not support the interconnection between MEPs.

Based on this, in various embodiments of the present application, as shown in FIG. 2 , an industry gateway (also called a gateway) is set, and the network capabilities between the core network and the MEP and between the UPF and the MEP are realized through the industry gateway. Open business agent; in this way, the data security of the communication system can be guaranteed, the network security capability of the communication system can be improved, and user experience can be improved.

Exemplarily, in practical applications, the industry gateway is set between the UPF and the MEP; the MEP can be a device in the MEC network.

Based on at least the schematic system structure shown in FIG. 2 , the following embodiments of the present application are proposed.

An embodiment of the present application provides a method for acquiring capability opening information. Fig. 3 is a schematic flowchart of a method for acquiring capability opening information according to an embodiment of the present application; as shown in Fig. 3 , the method includes:

Step 101: the first device sends a first request to the third device; the first request is used to request capability release; the first request includes identity authentication information for authentication;

Step 102: The first device acquires capability opening information from the third device; the capability opening information is obtained after the identity authentication information is authenticated by the third device.

The method for acquiring capability opening information in this embodiment is applied to the first device. Exemplarily, the first device is an industry gateway shown in FIG. 2 , which may also be called a gateway, a gateway device, etc., and may be expressed as iGW in English. The third device is a network capability source, that is, a general term for related networks and systems that can open capability information (or capability data, network capability information or data) to the first device. Exemplarily, the third device may be at least one of RAN, core network (such as 5GC) or third-party network (such as Zigbee/Wifi/Bluetooth/NB-IoT/wired network, etc.) one. The embodiment of the present application does not limit the names of the first device and the third device, as long as the respective functions of the first device and the third device can be realized.

In this embodiment, the first device sends a first request to the third device, and the first request is used to request capability release, that is, requests the third device to release a capability. Wherein, the first request includes identity authentication information used for authentication, and is used to send to the third device for local authentication. After the third device passes the authentication based on the identity authentication information, the third device passes through an open capability application programming interface (API, Application Programming Interface) (also referred to as a network capability API), through an open capability API interface , the third device may send capability opening information to the first device, that is, the first device may acquire the capability opening information from the third device through an open capability API interface.

The capabilities described in the various embodiments of the present application may also be referred to as network capabilities. Exemplarily, the capabilities include at least one of the following: location service capability, wireless network information service capability, monitoring capability, preconfiguration capability, policy/plan fee capacity. Correspondingly, the capability opening information may be capability information (or capability data) corresponding to each capability and released by a related third device.

In this embodiment, the first request includes identity authentication information for authentication, and the identity authentication information is the identity authentication information of the third device, which is used for the third device when the first device accesses the third device. Identity authentication information for the device to authenticate the first device. Exemplarily, the identity authentication information may include account name and password.

Optionally, the first request may further include an identifier for indicating a request for opening a capability, and the identifier for indicating a request for opening a capability is used for the first device to request the third device to open a capability API to it. Exemplarily, the identifier used to indicate the requesting open capability may at least be realized by a Boolean variable, a character string, a numerical parameter or a bitmap (bitmap). When implementing the flag for indicating the open capability is implemented in the form of a Boolean variable, for example, "False" is used to indicate that the open capability is not requested, and "True" is used to indicate that the open capability is requested. When the identifier for requesting the open capability is implemented in the form of a character string, for example, "No" is used to indicate that the open capability is not requested, and "Yes" is used to indicate that the open capability is requested. When the identifier for indicating the open capability is implemented in the form of a numerical parameter, for example, 0 is used to indicate that the open capability is not requested, and other numbers represent the open capability requested. When implementing the flag for indicating the requesting open capability in the form of a bitmap: use a bit to identify whether the first device requests the third device to open the capability to it, if the bit is set to 1, it indicates that the open capability is requested, and the bit Setting it to 0 indicates that no open capability is requested.

In some optional embodiments of the present application, the method further includes: the first device sends a second request to the second device, and the second request is used to request capability information; the capability information is used to Indicating the capability that the first device can obtain; the first device receives the capability information from the second device.

In this embodiment, the second device may be a management system or an operation system, such as a Business Support System (BSS, Business Support System)/Operation Support System (OSS, Operation Support System). The embodiment of the present application does not limit the name of the second device, as long as the function of the second device can be realized.

In this embodiment, the method of this embodiment can be executed before step 101, that is, the first device can first send a second request to the second device to request which capabilities the first device can obtain, and to request that the first device can related information of the connected third device, and then send a first request to the relevant third device according to the obtained capability information, so as to request the relevant third device to release the capability information, so that the first device can obtain the information from the third device. Ability to open information.

Optionally, the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, IP address of the third device, and identity authentication information of the third device.

Exemplarily, the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier.

Exemplarily, the wireless network information service capability identifier includes at least one of the following: a wireless access network information identifier, a slice capability identifier, an access user capability identifier, a multi-standard network access identifier, and a data statistics report capability identifier.

Exemplarily, the type information of the third device includes at least one of the following: a radio access network identifier, a network function identifier of a core network, and a third-party system identifier.

In this embodiment, the first device may obtain the capability information through information or control signaling, and the capability information may also be network capability information. Exemplarily, the foregoing capability information is a set of information sets, which may also be called a capability information list or a network capability information list.

Exemplarily, the content of the capability information may be as shown in Table 1, including the capability identifier corresponding to various capabilities obtained by the first device capability, and the type of the third device (that is, the network capability source) corresponding to each capability identifier (Network capability sources such as 5GC, RAN, or third-party networks) and the identity authentication information of the third device corresponding to each capability identifier, and the identity authentication information is used for the third device to perform local authentication.

Table 1

In this embodiment, the capability information may be implemented in the form of a capability information set or a capability information list. Exemplarily, the capability information may include a capability list and a third device information list. The capability list may include at least one capability identifier, which is used to indicate which type of capability the first device can acquire from the third device.

Exemplarily, the capability identification may be implemented in the following ways: a bitmap (bitmap), a character string, a numerical parameter, and the like. in:

Bitmap implementation method: each capability identifier can be represented by bits in the bitmap. For example, the bitmap uses N bits (bits) to store field information. For example, the 0th bit to the 4th bit in Table 2 can be used to successively represent the wireless network information service (RNIS) capability identifier, the location service (LBS) capability identifier, the monitoring capability identifier, the preset Configuration capability identifier and policy/charging capability identifier; other bits are reserved for identifiers of other network capability types. When it is necessary to support the opening of a certain type of capability, set the corresponding bit to 1, and set it to 0 if it does not support opening. For example, when the first device supports opening the location service capability and the wireless network information service (RNIS) capability to the third device, the first bit and the second bit from the right side of Table 2 are set to 1, and the remaining bits are set to 0.

Table 2

0

...

0

1

String implementation method: each capability identifier can be represented by a string, for example, "ce-RNIS" can be used to represent the wireless network information service capability identifier, and "ce-LBS" can be used to represent the location service capability identifier. Certainly, in the embodiment of the present application, the above-mentioned character strings are not limited to be used to represent the corresponding capability identifiers, and arbitrarily set character strings may be used to represent the corresponding capability identifiers.

Numerical parameter implementation method: each capability identifier can be represented by a number. For example: 01 represents a radio network information service (RNIS) capability identifier, 02 represents a location service capability identifier, 03 represents a monitoring capability identifier, 04 represents a pre-configuration capability identifier, 05 represents a policy/charging capability identifier, and so on. Certainly, in the embodiment of the present application, the above-mentioned numbers are not limited to use to represent the corresponding capability identifiers, and arbitrarily set numbers may be used to represent the corresponding capability identifiers.

In this embodiment, the information list of the third device is used to indicate related information of the third device. The information list of the third device may include at least one of the type information of the third device, the domain name of the third device, the IP address of the third device, and the identity authentication information of the third device.

Exemplarily, the type information of the third device may be represented by a type identifier of the third device. Exemplarily, the type identification of the third device can be realized at least by means of a character string or a numerical parameter. When the type of the third device is represented by a string, each type is represented by a string, such as "source-Zigbee" representing the type of the third device is Zigbee, and "source-BLE" representing the type of the third device is Bluetooth . When the type of the third device is represented by a numerical parameter, each type can be represented by a number, "07" represents that the type of the third device is Bluetooth, and "01" represents that the type of the third device is Zigbee.

Exemplarily, the domain name of the third device may be represented by a domain name identifier of the third device. Exemplarily, the domain name identification of the third device can be implemented at least in the form of a character string, for example: "www.cmii-imep1.cn" is used to represent a domain name address of a third device.

Exemplarily, the IP address of the third device may be represented by an IP address identifier of the third device. Exemplarily, the IP address identification of the third device can be realized at least by means of a character string, for example: "117.136.0.22" is used to represent the IP address of a third device.

Exemplarily, the identity authentication information of each third device may include an account name and a password, which are used for the third device to perform local authentication on the first device when the first device accesses the third device. Exemplarily, the identity authentication information of the third device can be realized at least by a character string or a numerical parameter. When the identity authentication information of the third device is realized in the form of character strings, for example, "hxfe-iGW" is used to represent the account name of the first device for accessing a third device, and "asjdkajsew" is used to represent the account name of the first device in a third device. A password to access the third device. When the identity authentication information of the third device is realized by means of numerical parameters, for example, "123563" is used to represent the account name of the first device to access a third device, and "123141233" is used to represent the account name of the first device to access Enter the password of the third device.

In this embodiment, the first device may send the first request to the third device based on information such as the domain name and/or IP address of the third device in the above capability information by obtaining the above capability information from the second device, And the identity authentication information of the third device may also be obtained from the above capability information, so that the identity authentication information is carried in the first request.

In some optional embodiments, the method further includes: in a case where the first device cannot obtain the capability opening information from the third device, the first device sends the first information to the second device, The first information is used to indicate a capability acquisition failure; the first device receives second information from the second device, where the second information includes capability acquisition failure recovery information.

In this embodiment, for example, after the first device sends the first request to the third device and the third device opens a capability API, the first device and the third device transmit a message So that the third device decides to continue opening the capability API or terminate the opening capability API. Wherein, the transmitted message may also be referred to as a heartbeat message. In the case that the third device decides to terminate the capability opening API, the first device cannot receive the capability opening information from the third device, nor can it receive the message transmitted by the first device; When the communication link between the third devices is abnormal, the first device sends first information to the second device, and the first information is used to indicate a capability acquisition failure; the first device receives the information from the second device Second information, where the second information includes capability acquisition fault recovery information.

In one embodiment, the first device continues to send messages to the third device, and if the third device receives the message sent by the first device and can determine that the communication link with the first device is normal, it can continue to open the capability API; correspondingly, if the third device cannot receive the message sent by the first device, it can determine that the communication link with the first device is abnormal, and then it can determine to terminate the open capability API. In another embodiment, the third device can send a message to the first device, and the third device returns a message to the third device after receiving the message sent by the first device; if the third device receives the message within a preset time range To the message returned by the third device, it can be determined that the communication link with the first device is normal, and then the capability API can be continued to be opened; correspondingly, if the third device does not receive the message returned by the third device within the preset time range message, it can be determined that the communication link with the first device is abnormal, and then it can be determined to terminate the open capability API.

In some optional embodiments of the present application, the method further includes: the first device sends a first access authentication request to the second device, and the first access authentication request includes authentication requirement information and Capability information supported by the first device; the first device receives a first access authentication response from the second device, and the first access authentication response includes authentication information of the fourth device; the second A device sends a broadcast message based on the authentication information of the fourth device; the broadcast message is used for the fourth device receiving the broadcast message to initiate access authentication; the first device receives a second connection from the fourth device An incoming authentication request; the first device authenticates the fourth device based on the authentication information of the fourth device, and sends a second access authentication response to the fourth device after passing the authentication.

In this embodiment, before the first device requests capability release from the third device, a multi-level access authentication process needs to be performed among the first device, the second device, and the fourth device. Here, the first device first initiates access authentication to the second device to determine whether the first device has access to the system; after determining that the first device has access to the system, it can be determined that the first device has access to the system Complete, the first device obtains the first access authentication response from the second device, and the first access authentication response includes the authentication information of the fourth device, so that when the fourth device initiates the second access to the first device After the authentication request, the first device can perform local authentication on the fourth device that initiated the access request based on the authentication information of the fourth device included in the authentication response, and after the authentication is passed, it can be determined that the fourth device accesses the first device Finish.

In various embodiments of the present application, the fourth device may be the MEP shown in FIG. 2 , and may also be called an MEC platform, an MEC server, and the like. The embodiment of the present application does not limit the name of the fourth device, as long as the function of the fourth device can be realized.

In this embodiment, the above-mentioned access authentication request (for example, including the first access authentication request and the second access authentication request) may also be referred to as request, access request, authentication request, etc.; correspondingly, the above-mentioned access authentication response (for example, including the first access authentication response and the second access authentication response) may also be referred to as a response, an access response, an authentication response, and so on. In this embodiment, the names of the access authentication request and the access authentication response are not limited.

In this embodiment, the first device may send the first access authentication request to the second device through message, information or signaling, so as to report the authentication requirement information and the authentication requirements supported by the first device through the first access authentication request. capability information.

Optionally, the authentication requirement information may also be referred to as access authentication requirement information. Exemplarily, the authentication requirement information may be represented by an authentication requirement identifier and an access authentication request identifier, that is, the first access authentication request includes the authentication requirement identifier or access authentication request identifier, indicating that the message, The information or signaling is used to request access authentication, which means that the first device requests the second device to verify or authenticate the identity of the first device, so as to complete the access on the second device.

Exemplarily, the implementation of the authentication requirement identifier or the access authentication request identifier includes at least the following: Boolean variables, character strings, numeric parameters or bitmaps (bitmap); wherein: the description of each implementation can be specifically Refer to Table 3 below. It should be noted that the embodiments of the present application are not limited to the Boolean variables, strings, and numeric parameters listed in Table 3 to indicate whether to request access to the second device, and any set of Boolean variables, strings, and numeric parameters can be used. Indicates whether to request access to the second device; in the embodiment of the present application, it is not limited to the specific bit of the bitmap to use the value shown in Table 3 to indicate whether to request access to the second device, or vice versa, such as the bit value is 0 means access is requested, and the bit value is 1 means no access is requested.

table 3

Optionally, the capability information supported by the first device includes at least one of the following information: an identifier of the first device, a network type supported by the first device, and whether the first device supports capability opening , an indication of whether the first device indicates IPSec, performance information of the first device, and an indication of whether the first device supports wide area interconnection.

Optionally, the performance information of the first device includes at least one of the following: interface bandwidth of the first device, and the number of fourth devices supported by the first device.

Exemplarily, the capability information supported by the first device can be referred to in Table 4, for example, it can include the identity of the first device, the network type supported by the first device (such as 5G, 4G, WIFI, BLE, etc.) , performance information of the first device, whether the first device supports capability opening, whether the first device supports IPSec, whether the first device supports wide area interconnection, and the like.

Table 4

In this embodiment, the function of the identity of the first device is to indicate the identity information of the first device to the second device, and each first device connected to the second device has a unique identity. Exemplarily, the identity of the first device has at least the following implementation manners: character string and numeric parameters. When a character string is used to implement identity identification, for example, character strings such as "schx-iGW", "hnzdy-iGW", and "bjzyy-iGW" may be used to indicate different first devices. When the identity identification is implemented with numerical parameters, for example, "001", "002", and "006" may be used to represent different first devices. It should be noted that the embodiments of the present application are not limited to the string and numeric parameters listed above representing the identity of the first device, and any set of strings and numeric parameters may be used to represent the identity of the first device.

In this embodiment, the capability information supported by the first device is used to report the basic capability information possessed by the first device to the second device. in:

The network type supported by the first device may be indicated by the identifier of the network type supported by the first device. Exemplarily, the identification of the network type supported by the first device can be implemented at least in the form of a character string, a numerical parameter, or a bitmap. When the network type supported by the first device is represented by a character string, each network type is represented by a character string, such as "WiFi", "Wireline", "NB-IoT", "Bluetooth", etc. respectively represent the corresponding network types . When a numerical parameter is used to represent the network type supported by the first device, each network type can be represented by a number, such as: 01 represents WiFi, 02 represents NB-IoT, 03 represents Bluetooth, and so on. When bitmap is used to indicate the network type supported by the first device: use each bit to identify a network type, for example, bitmap uses N bits to store field information, bit0 indicates WiFi, bit1 indicates NB-IoT, bit2 indicates Bluetooth, etc. , when the first device supports which network types, the corresponding bit is set to 1, and correspondingly, when the first device does not support which network types, the corresponding bit is set to 0.

The interface bandwidth of the first device may be represented by an interface bandwidth identifier. Exemplarily, the interface bandwidth identifier may be implemented in the form of a character string, and is used to indicate the maximum interface bandwidth supported by the first device. For example, "xx-bw:50Gbps" indicates that the interface bandwidth of the first device is 50Gbps.

The number of fourth devices supported by the first device may be indicated by an identifier of the number of supported fourth devices, where the identifier of the number of supported fourth devices is used to indicate the maximum number of fourth devices that the first device supports access to. Exemplarily, the identification of the fourth number of supported devices can be realized by means of a character string or a numerical parameter. When the identification of the number of supported fourth devices is expressed in a character string, for example, "MEPs-num: 20" is used to indicate access of up to 20 fourth devices that the first device can support. When the number of supported fourth devices is indicated by a numerical parameter, for example, the number "20" is used to indicate access of up to 20 fourth devices supported by the first device.

Whether the first device supports capability opening may be indicated by an identifier of whether the capability opening is supported, which is used to indicate whether the first device supports capability opening for the fourth device. Exemplarily, the identification of whether the capability opening is supported has at least the following implementation manners: a Boolean variable, a character string, a numerical parameter, or a bitmap. When a Boolean variable is used to indicate whether the capability opening is supported, for example, "False" means that the capability opening is not supported, and "True" means that the capability opening is supported. When a character string is used to indicate whether the capability opening is supported, for example, "No" means that the capability opening is not supported, and "Yes" means that the capability opening is supported. When a numerical parameter is used to indicate whether the capability opening is supported, for example, 0 indicates that the capability opening is not supported, and other numbers indicate that the capability opening is supported. When using a bitmap to indicate whether the capability opening is supported, a bit can be used to indicate whether the capability opening is supported. For example, if the bit is set to 1, it indicates that the capability opening is supported, and if the bit is set to 0, it indicates that the capability opening is not supported.

Whether the first device supports IPSec may be indicated by an IPSec support flag, which is used to indicate whether the first device supports IPSec. Exemplarily, the identification of whether to support IPSec has at least the following implementation manners: a Boolean variable, a character string, a numerical parameter, or a bitmap. When the Boolean variable is used to indicate whether the IPSec is supported, for example, "False" indicates that IPSec is not supported, and "True" indicates that IPSec is supported. When the IPSec flag is indicated by a character string, for example, "No" means that IPSec is not supported, and "Yes" means that IPSec is supported. When a numerical parameter is used to indicate whether to support IPSec, for example, 0 indicates that IPSec is not supported, and other numbers indicate that IPSec is supported. When using a bitmap to indicate whether the IPSec is supported, a bit may be used to indicate whether IPSec is supported. For example, if the bit is set to 1, it indicates that IPSec is supported, and if the bit is set to 0, it indicates that IPSec is not supported.

Whether the first device supports wide-area interconnection may be indicated by whether the first device supports wide-area interconnection or not, and is used to indicate whether the first device supports wide-area interconnection. Wherein, the wide-area interconnection refers to the mutual connection between different data networks (DN, Data Network). In this embodiment, it may refer to whether the first device can be used to realize the mutual connection between multiple fourth devices. Exemplarily, the identification of whether to support wide-area interconnection has at least the following implementation manners: a Boolean variable, a character string, a numerical parameter, or a bitmap. When the Boolean variable is used to indicate whether the wide area interconnection is supported, for example, "False" means that the wide area interconnection is not supported, and "True" means that the wide area interconnection is supported. When a character string is used to indicate whether the WAN interconnection is supported, for example, "No" means that the WAN interconnection is not supported, and "Yes" means that the WAN interconnection is supported. When a numerical parameter is used to indicate whether the wide area interconnection is supported, for example, 0 means that the wide area interconnection is not supported, and other numbers indicate that the wide area interconnection is supported. When using a bitmap to indicate whether the wide-area interconnection is supported, a bit can be used to identify whether the wide-area interconnection is supported. For example, if the bit is set to 1, it means that it supports wide-area interconnection, and if the bit is set to 0, it means that it does not support wide-area interconnection. interconnected.

In this embodiment, the second device authenticates the first device, and after determining that the first device has the authority to access the system, sends a first access authentication response to the second device; the first access authentication response includes Authentication information of each fourth device capable of accessing the first device, where the authentication information of the fourth device is used by the first device to locally authenticate the fourth device requesting access. Exemplarily, the authentication information of the fourth device is used to indicate which fourth devices can access the first device, and the authentication information of the fourth device includes addresses and The identity authentication information is used to support the access authentication of the fourth device accessed by the first device.

Optionally, after the second device passes the authentication (or passes the authentication) on the first device, it can obtain capability information that the first device can obtain from the third device, and then, the second device After receiving the second request from the first device, send the capability information to the first device.

Optionally, the authentication information of the fourth device includes at least one of the following information: an identity of the fourth device, an IP address of the fourth device, a domain name of the fourth device, and identity authentication information of the fourth device. Exemplarily, the identity authentication information of the fourth device may include information such as an account number and a password of the fourth device.

Exemplarily, the authentication information of the fourth device can refer to Table 5, for example, it can include the identity of the fourth device, the IP address of the fourth device, the domain name of the fourth device, and the identity authentication information of the fourth device .

table 5

身份标识ID	IP地址IP address	域名domain name	身份认证信息Authentication information
MEP1 MEP1		IP地址1IP address 1	域名domain name	账号、密码等account number, password, etc.
MEP2MEP2	IP地址2IP address 2	--	账号、密码等account number, password, etc.
……	……	……	……

In this embodiment, the authentication information of the fourth device may include an identity set (or list) of the fourth device, and the identity set (or list) of the fourth device may include at least one identity of the fourth device . Exemplarily, the implementation manner of the identity of the fourth device includes at least a character string or a numerical parameter. When the identity of the fourth device is expressed in a character string, for example, "schx-MEP1", "schx-MEP2", and "hnzdy-MEP" are used to represent different fourth devices. When the identity of the fourth device is represented by a numerical parameter, for example, "001", "002", and "006" are used to represent different fourth devices.

In this embodiment, the authentication information of the fourth device may include an IP address set (or list) of the fourth device, and the IP address set (or list) of the fourth device may include at least one IP address set (or list) of the fourth device. IP address. Exemplarily, the IP address of the fourth device can be implemented at least in the form of a character string, for example, "117.136.0.22" is used to represent an IP address of the fourth device.

In this embodiment, the authentication information of the fourth device may include a domain name set (or list) of the fourth device, and the domain name set (or list) of the fourth device may include at least one domain name of the fourth device. Exemplarily, the domain name of the fourth device can be realized by at least a character string, for example, "www.cmii-imep1.cn" is used to represent a domain name of the fourth device.

In this embodiment, the authentication information of the fourth device may include an identity authentication information set (or list) of the fourth device, and the identity authentication information set (or list) of the fourth device may include at least one fourth The identity authentication information of the device, each piece of identity authentication information may include, for example, an account name and a password, and is used for access authentication of a fourth device that can be accessed. Exemplarily, the identity authentication information of the fourth device may at least be implemented in the form of a character string or a numerical parameter. When the identity authentication information of the fourth device is realized in the form of character strings, for example, "cmii-imep1" represents an account name of the fourth device, and "asjdkajsew" represents the corresponding password of the fourth device. When the identity authentication information of the fourth device is realized by a numerical parameter, for example, "1234123" is used to represent an account name of a fourth device, and "123141233" is used to represent a corresponding password of the fourth device.

In some optional embodiments of the present application, the method further includes: the first device sending the capability information to a fourth device.

In this embodiment, the first device sends the capability information that can be obtained by itself to the connected fourth device, so that the fourth device can obtain the capability information supported by the first device and open it to applications on the fourth device. In this way, the unified supervision function of capability opening can be realized.

Optionally, when the capability information includes a slice capability identifier, the capability information also includes configuration information of slice parameter templates, the number of slice parameter templates, and identifiers of slice parameter templates.

Optionally, the configuration information of the slice parameter template includes at least one of the following slice parameters and their value ranges:

The slice supports the maximum number of users;

slice service area;

Slicing end-to-end delay;

the mobility class of the terminal in the slice;

slice resource sharing level;

Slice reliability requirements.

In some optional embodiments, the method further includes: the first device receiving a first slice configuration request from the fourth device; the first slice configuration request includes parameters for indicating standard slices The indication information of the template type and the identification of the standard slice parameter template, or the indication information indicating the type of the custom slice parameter template and the custom template parameters; the first device determines the corresponding Standard template parameters, after passing the legal check of the standard template parameters or the custom template parameters, send a second slice configuration request to the second device, and the second slice configuration request includes the standard template parameters or the custom template parameters The custom template parameter, the standard template parameter or the custom template parameter is used for the second device to complete the configuration of network slicing; the first device receives the second slice configuration response from the second device, The second slice configuration response includes a network slice instance identifier; the first device sends a first slice configuration response to the fourth device, and the first slice configuration response includes the network slice instance identifier.

In this embodiment, the fourth device sends the first slice configuration request to the first device based on an application application. Wherein, the type of the slice parameter template may include a standard slice parameter template type and a custom slice parameter template type, then the first slice configuration request may include indication information for indicating the standard slice parameter template type, in this case Next, the first slice configuration request may include an identifier indicating the type of the standard slice parameter template and the identifier (or number) of the standard slice parameter template, or the first slice configuration request may include the Indicates the ID of the custom slice parameter template type along with the custom template parameter. Optionally, in other embodiments, the first slice configuration request may further include at least one of the request type, the request task identifier, and the identity identifier of the first device.

Exemplarily, the request type may be represented by numbers or character strings. In the case of representing the request type in a numerical manner, for example, the number 1 may represent a slice configuration request, and the number 2 may represent a network capability delivery request. Certainly, in the embodiment of the present application, the above-mentioned numbers are not limited to use to represent the corresponding request types, and any set numbers may be used to represent the corresponding request types. In the case of expressing the request type in a character string, for example, the character string ab represents a slice configuration request, and the character string cd represents a network capability delivery request. Certainly, in the embodiment of the present application, the above character strings are not limited to use to represent the corresponding request types, and any set character strings may be used to represent the corresponding request types.

In this embodiment, the requested task identifier is an identifier of a uniquely represented task in the system.

Exemplarily, the identity of the first device may be represented by a character string or a number. In this embodiment, character strings in different formats may be used to represent the identity. For example, the identity may be represented by a string in the format of a Universally Unique Identifier (UUID, Universally Unique Identifier). UUID uses a universal unique identifier standardized by the Open Software Foundation (OSF, Open Software Foundation). The standard format of UUID contains 32 hexadecimal numbers, divided into five segments by hyphens, in the form of 8-4-4-4 The 32 characters of -12, for example, the ID can be expressed as: 880e8400-e29b-41d4-a716-446655440000. For another example, the identity is identified by a string in NUID format. NUID uses a UID library of the NATS project organized by the Cloud Native Computing Foundation (CNCF, Cloud Native Computing Foundation), using 62 characters (0-9a-zA-Z ) to generate a 22-bit string, and the result is divided into two parts: the first 12 bits are true random numbers, and the last 10 are pseudo-random numbers; for example, the identity can be expressed as: M4bZr7xyO3toV6T6iC7lWB. In the case that the identity is represented by numbers, the identity may be identified by, for example, a 64-bit integer. Exemplarily, Snowflake is an algorithm introduced by Twitter to generate a unique ID in a distributed environment, and generates a 64-bit integer. In this embodiment, the 64-bit integer can be used to represent the identity, and the Long type is used in programming languages such as Java. to store.

Exemplarily, the identifier used to indicate the standard slice parameter template type included in the first slice configuration request may be represented by a number or a character string. For example, in the case where numbers are used to indicate the slice parameter template type, the number 0 may be used to indicate the standard slice parameter template type, and the number 1 may be used to indicate the custom slice parameter template type. Certainly, in the embodiment of the present application, the above numbers are not limited to use the above numbers to represent the corresponding slice parameter template types, and arbitrary set numbers may be used to represent the corresponding slice parameter template types. For another example, in the case where a string is used to indicate the slice parameter template type, the string "standard" can be used to indicate the standard slice parameter template type, and the string "custom" can be used to indicate the custom slice parameter template type . Certainly, in the embodiment of the present application, the above character strings are not limited to represent the corresponding slice parameter template types, and any set character strings may be used to represent the corresponding slice parameter template types.

In this embodiment, when the first slice configuration request includes custom template parameters, for example, the specific content of the custom template parameters can be referred to in Table 6 below. Wherein, the parameter SNSSAIList indicates the set of S-NSSAI supported in NSSI. Each S-NSSAI includes a slice/service type (SST) and an optional slice distinguisher (SD) field. In related technologies, three SSTs are predefined: enhanced mobile broadband (eMBB), ultra-reliable Low Latency Communications (URLLC) and Massive Internet of Things (MIoT). The parameter PerfReq formulates requirements for NSSI according to related technologies, such as empirical data rate, area traffic (density) and UE density information and so on.

Table 6

Exemplarily, the JSON format template corresponding to the above custom template parameters is as follows:

The first device judges the authority of the fourth device, and completes a legality check on standard template parameters or custom template parameters, such as checking whether there are unrecognized parameters, whether the parameters exceed the value range, etc., here mainly It is to perform a legality check on the custom template parameters; after the legality check is completed: in the case that the slice parameter template type is a standard slice parameter template type, the first device selects according to the identification (or number) of the standard slice parameter template The corresponding standard slice parameter template, carrying the slice parameters corresponding to the standard slice parameter template, sends a second slice configuration request to the second device; or, when the slice parameter template type is a custom slice parameter template type, the first The device sends a second slice configuration request to the second device carrying the custom template parameter. Exemplarily, the second slice configuration request includes template parameters (such as standard slice template parameters or custom template parameters), and the second slice configuration request may also include a task identifier and an identity identifier of the second device Wait. Correspondingly, the first device may send a slice configuration response to the fourth device, and the slice configuration response may include the identity of the fourth device, a reply type, and a reply description; wherein, the reply type indicates Whether the slice request was successful.

Exemplarily, examples of the above reply types can be referred to in Table 7 below. Different reply types can be represented by different numbers or string values. For example, the number 0 can indicate that the slicing request is normal, that is, the slicing request is successful; the number 1 indicates an illegal identity, that is, the identity of the fourth device that initiates the slicing request is illegal; the number 2 indicates that the request type is wrong, that is, the type requested by the slice configuration request initiated by the fourth device is wrong, and so on.

Table 7

回复类型reply type	响应信息说明Response message description
00	正常normal
11	非法身份illegal status
22	请求类型错误wrong request type
33	切片参数类型错误Slice parameter type error
44	自定义模板参数不符合要求Custom template parameters do not meet requirements
55	系统异常System exception

After the second device interacts with a Communication Service Management Function (CSMF, Communication Service Management Function) to complete the actual configuration of the slice, it sends a second slice configuration response to the first device; the second slice configuration response includes a network slice Instance ID. Optionally, in addition to the network slice instance identifier, the second slice configuration response may also include a reply type, a reply description, and the identity of the first device. Wherein, the reply type indicates whether the network slicing configuration is successful. Further, the first device sends a first slice configuration response to the fourth device, where the first slice configuration response includes the network slice instance identifier.

Exemplarily, examples of reply types included in the slice configuration response sent by the second device to the first device can be referred to in Table 8 below. Different reply types can be represented by different numbers or string values, for example The number 0 indicates that the slice configuration is normal, that is, the network slice configuration is successful; the number 1 indicates an illegal identity, the number 2 indicates that the request type is wrong, and so on.

Table 8

回复类型reply type	响应信息说明Response message description
00	正常normal
11	非法身份illegal status
22	请求类型错误wrong request type
33	系统异常System exception

Based on the foregoing embodiments, the embodiments of the present application further provide a method for acquiring capability opening information. FIG. 4 is a schematic flow diagram II of a method for acquiring capability opening information in an embodiment of the present application; as shown in FIG. 4 , the method includes:

Step 201: The third device receives a first request from the first device; the first request is used to request capability release; the first request includes identity authentication information for authentication;

Step 202: The third device authenticates the first device based on the identity authentication information, and sends capability opening information to the first device after the authentication is passed.

The method for acquiring capability opening information in this embodiment is applied to a third device. Exemplarily, the third device is a network capability source, that is, a general term for related networks and systems that can open capability information (or capability data, network capability information or data) to the first device. Exemplarily, the third device may be at least one of RAN, core network (such as 5GC) or third-party network (such as Zigbee/Wifi/Bluetooth/NB-IoT/wired network, etc.) one. The first device is an industry gateway shown in FIG. 2 , which may also be called a gateway, a gateway device, etc., and may be expressed as iGW in English. The embodiment of the present application does not limit the names of the first device and the third device, as long as the respective functions of the first device and the third device can be realized.

In this embodiment, the third device receives the first request sent by the first device, and the first request is used to request capability release, that is, to request the third device to release a capability. Wherein, the first request includes identity authentication information used for authentication, and is used to send to the third device for local authentication.

In some optional embodiments, the sending capability opening information to the first device includes: opening a capability application programming interface by the third device, and sending the capability application programming interface to the first device based on the opened capability application programming interface. The device sends capability opening information.

In this embodiment, after the third device passes the authentication based on the identity authentication information, the third device can use an open capability API (also called a network capability API) and an open capability API interface to enable the third device to Send capability opening information to the first device.

In some optional embodiments, the method further includes: transmitting a message between the third device and the first device; if the third device does not receive the message from the first device , Terminate opening the capability application programming interface to the first device.

In this embodiment, for example, after the first device sends the first request to the third device and the third device opens a capability API, the first device and the third device transmit a message So that the third device decides to continue opening the capability API or terminate the opening capability API. Wherein, the transmitted message may also be referred to as a heartbeat message.

In some optional embodiments, the method further includes: the third device authenticates the first device through the second device; the third device sends capability information to the second device, and the capability The information is used to indicate the capabilities that the first device can obtain, and the capability information is sent after the first device is authenticated.

In this embodiment, before the first device requests capability release from the third device, a multi-level access authentication process needs to be performed among the first device, the second device, and the fourth device. Here, the first device first initiates access authentication to the second device, that is, the first device sends a first access authentication request to the second device to determine whether the first device has access to the system; After having the permission to access the system, it can be determined that the first device has access to the system, and the second device sends a first access authentication response to the first device. In this case, the second device can complete the authentication process for the first device with the third device according to the supported capability information reported by the first device when requesting access. The supported capability information reported by a device determines whether the first device can obtain the capability information released by the third device. After the third device passes the authentication of the first device, the third device sends the capability information to the second device, and after the first device requests the capability information from the second device, the second device sends the The first device sends the capability information.

Optionally, the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, Internet Protocol IP address of the third device, identity authentication information of the third device.

In this embodiment, the third device may send the foregoing capability information to the second device through information or control signaling, and the capability information may also be network capability information. Exemplarily, the foregoing capability information is a set of information sets, which may also be called a capability information list or a network capability information list. Specifically, for the specific content of the capability information, reference may be made to the foregoing embodiments, and details are not repeated here.

Based on the foregoing embodiments, the embodiments of the present application further provide a method for acquiring capability opening information. Fig. 5 is a schematic flow diagram III of a method for acquiring capability opening information in an embodiment of the present application; as shown in Fig. 5 , the method includes:

Step 301: the second device receives a second request from the first device, where the second request is used to request capability information;

Step 302: The second device sends the capability information to the first device, where the capability information is used to indicate the capability that the first device can obtain.

The method for acquiring capability opening information in this embodiment is applied to the second device. Exemplarily, the second device may be a management system or an operation system, such as a BSS/OSS. The embodiment of the present application does not limit the name of the second device, as long as the function of the second device can be realized.

In this embodiment, the second device may send the capability information through information or control signaling, and the capability information may also be network capability information. Exemplarily, the foregoing capability information is a set of information sets, which may also be called a capability information list or a network capability information list. Specifically, for the capability information, reference may be made to what is described in the foregoing embodiments, and details are not repeated here.

In some optional embodiments of the present application, the method further includes: the second device receiving a first access authentication request from the first device, the first access authentication request including authentication requirement information and capability information supported by the first device; after the second device passes the authentication on the first device, it sends a first access authentication response to the first device, and the first access authentication response The authentication information of the fourth device is included; the authentication information of the fourth device is used for the fourth device to access the first device.

In this embodiment, before the first device requests capability release from the third device, a multi-level access authentication process needs to be performed among the first device, the second device, and the fourth device. Here, the first device first initiates access authentication to the second device to determine whether the first device has access to the system; after determining that the first device has access to the system, it can be determined that the first device has access to the system Complete, the first device obtains the access authentication response from the second device, and the access authentication response includes the authentication information of the fourth device, so that after the fourth device initiates an access request to the first device, the first device Local authentication may be performed on the fourth device that initiates the access request based on the authentication information of the fourth device included in the authentication response, and after passing the authentication, it may be determined that the fourth device has completed accessing the first device.

Optionally, the second device may receive the first access authentication request from the first device through message, information or signaling, so as to obtain the authentication requirement information reported by the first device through the first access authentication request and Capability information supported by the first device.

Exemplarily, the authentication requirement information may also be referred to as access authentication requirement information. Exemplarily, the authentication requirement information may be indicated by an authentication requirement identifier, that is, the first access authentication request includes the authentication requirement indication, indicating that the message, information or signaling is used to request access authentication .

In some optional embodiments, the capability information list supported by the first device includes at least one of the following information: an identifier of the first device, a network type supported by the first device, the first An indication of whether the device supports network capability opening, an indication of whether the first device indicates the Internet security protocol IPSec, performance information of the first device, and an indication of whether the first device supports wide-area interconnection.

For the capability information supported by the first device described in this embodiment, reference may be made to the foregoing embodiments, and details are not repeated here.

In this embodiment, the second device authenticates the first device, and after determining that the first device has the authority to access the system, sends a first access authentication response to the second device; the first access authentication response includes The authentication information of each fourth device capable of accessing the first device, and the authentication response of the fourth device is used for the first device to locally authenticate the fourth device requesting access.

For details about the authentication information of the fourth device in this embodiment, reference may be made to the foregoing embodiments, and details are not repeated here.

The embodiment of the present application also provides a method for acquiring capability opening information. FIG. 6 is a schematic flow diagram IV of a method for acquiring capability opening information according to an embodiment of the present application; as shown in FIG. 6 , the method includes:

Step 401: The fourth device receives capability information from the first device, where the capability information is used to indicate the capability that the first device can obtain;

Step 402: The fourth device performs corresponding capability processing based on the capability information.

The method for acquiring capability opening information in this embodiment is applied to a fourth device. Exemplarily, the fourth device may be an MEP shown in FIG. 2 , and may also be called an MEC platform, an MEC server, or the like. The embodiment of the present application does not limit the name of the fourth device, as long as the function of the fourth device can be realized.

In this embodiment, the first device sends the capability information that can be obtained by itself to the connected fourth device, so that the fourth device can obtain the capability information supported by the first device and open it to applications on the fourth device. In this way, the unified supervision function of capability opening can be realized. Exemplarily, the fourth device may obtain the above capability information through an API provided by the first device.

In some optional embodiments of the present application, the receiving of the capability information from the first device by the fourth device includes: the proxy function component of the fourth device performs information interaction with the first device, and receives the capability information from the first device. Network capability information of the device; correspondingly, the fourth device performs corresponding processing based on the capability information, including: an application component of the fourth device performs corresponding processing based on the network capability information.

In this embodiment, for the capability information, reference may be made to the specific descriptions in the foregoing embodiments, and details are not repeated here.

Optionally, the capability identifier includes at least one of the following: location service capability identifier, wireless network information service capability identifier, monitoring capability identifier, preconfiguration capability identifier, policy/charging capability identifier; wherein, the wireless network information service The capability identifier includes at least one of the following: a wireless access network information identifier, a slice capability identifier, an access user capability identifier, a multi-standard network access identifier, and a data statistics report capability identifier.

Optionally, the type information of the third device includes at least one of the following: a radio access network identifier, a network function identifier of a core network, and a third-party system identifier.

In this embodiment, the fourth device may obtain the above-mentioned capability information through the API provided by the first device; for example, the above-mentioned capability information is a set of information collection, which may also be called a capability information list or a network capability information list .

For example, the capabilities that the first device can obtain include but are not limited to UE event monitoring capabilities, pre-configuration capabilities, routing policy configuration capabilities, data statistics reporting capabilities, wireless access network information, network slicing capabilities, positioning capabilities (such as 5G, WiFi, Bluetooth or GPS), positioning data, user access capabilities, multi-standard network access capabilities, Quality of Service (QoS, Quality of Service) capabilities, etc.

In some optional embodiments, when the wireless network information service capability identifier includes an access user capability identifier, the fourth device performs corresponding capability processing based on the capability information, including: the fourth device Accessing users are managed based on the accessing user capability identification.

Optionally, the method further includes: the fourth device sending at least one of the following information to the first device: mobile phone number of the access user, user name of the access user, IP address of the access user, Access application ID.

In this embodiment, the fourth device can manage the users accessing the fourth device through the access user capability provided by the first device, and then the fourth device can send the The information includes but is not limited to at least one of the following: mobile phone number of the access user, user name of the access user, IP address of the access user, and access application identifier (such as application ID).

In some optional embodiments, when the wireless network information service capability identifier includes a slice capability identifier, the capability information also includes configuration information of slice parameter templates, the number of slice parameter templates, and the number of slice parameter templates. Identification; wherein, the configuration information of the slice parameter template includes at least one of the following slice parameters and their value ranges:

The slice supports the maximum number of users;

slice service area;

Slicing end-to-end delay;

the mobility class of the terminal in the slice;

slice resource sharing level;

Slice reliability requirements.

Optionally, the fourth device performs corresponding capability processing based on the capability information, including: the fourth device sends a first slice configuration request to the first device, and the first slice configuration request includes: Including indication information for indicating a standard slice parameter template type, or indication information for indicating a custom slice parameter template type and custom template parameters; the fourth device receives the first slice configuration from the first device In response, the first slice configuration response includes the network slice instance identifier.

The first device judges the authority of the fourth device, and completes a legality check on standard template parameters or custom template parameters, such as checking whether there are unrecognized parameters, whether the parameters exceed the value range, etc., here mainly It is to perform a legality check on the custom template parameters; after the legality check is completed: in the case that the slice parameter template type is a standard slice parameter template type, the first device selects according to the identification (or number) of the standard slice parameter template The corresponding standard slice parameter template, carrying the slice parameters corresponding to the standard slice parameter template, sends a second slice configuration request to the second device; or, when the slice parameter template type is a custom slice parameter template type, the first The device sends a second slice configuration request to the second device carrying the custom template parameter. Exemplarily, the second slice configuration request includes template parameters (such as standard slice template parameters or custom template parameters), and the second slice configuration request may also include a task identifier and an identity identifier of the second device Wait.

After the second device interacts with the CSMF to complete the actual slice configuration, it sends a second slice configuration response to the first device; the second slice configuration response includes a network slice instance identifier. Optionally, in addition to the network slice instance identifier, the second slice configuration response may also include a reply type, a reply description, and the identity of the first device. Wherein, the reply type indicates whether the network slicing configuration is successful. Further, the first device sends a first slice configuration response to the fourth device, where the first slice configuration response includes the network slice instance identifier.

In some optional embodiments of the present application, the method further includes: the fourth device receiving a broadcast message from the first device; based on the broadcast message, the fourth device sends a message to the first device sending a second access authentication request; the second access authentication request is used by the first device to perform access authentication on the fourth device; and receiving a second access authentication response from the first device.

In this embodiment, before the first device requests capability release from the third device, a multi-level access authentication process needs to be performed among the first device, the second device, and the fourth device. Here, the first device first initiates access authentication to the second device to determine whether the first device has access to the system; after determining that the first device has access to the system, it can be determined that the first device has access to the system Complete, the first device obtains the first access authentication response from the second device, the first access authentication response includes the authentication information of the fourth device; the first device sends a broadcast message; the fourth device receives the broadcast message After initiating the second access authentication request to the first device, the first device may perform local authentication on the fourth device that initiated the access request based on the authentication information of the fourth device included in the authentication response, and after passing the authentication, may If it is determined that the fourth device has completed accessing the first device, the first device sends a second access authentication response to the fourth device.

Fig. 7 is a schematic diagram of the network capability opening architecture of 5G industry cloud-network integration in the application embodiment of the present application; as shown in Fig. between MEPs and third-party systems (which may include third-party networks and third-party network capabilities), and on the basis of the network capability opening of the industry gateway through proxy mode, the industry The gateway can open the network capability information (or capability opening information) to the MEP.

Figure 8 is a schematic diagram of the MEP capability exposure function architecture of the application embodiment of the present application; The functional component can be recorded as the iGW-Agent functional component, which enables the fourth device to obtain the capability information supported by the first device, and uniformly open it to the application (APP) on the MEP, so as to realize the unified supervision function of network capability exposure.

Adopting the technical solution of the embodiment of the present application, in the first aspect, the embodiment of the present application realizes that the industry gateway (that is, the first device) can obtain the capability opening information from the third device (that is, the capability source, such as RAN, 5GC, and a third-party network) .

In the second aspect, the heartbeat message is used to detect the connection status between the first device and the third device, and an error redundancy mechanism for the first device to obtain capability opening information is realized.

In the third aspect, the multi-level access authentication scheme based on the industry gateway ensures the normal connection and information interaction of each functional module under the industry cloud-network integration system architecture, so as to support the subsequent interaction of network open information.

In the fourth aspect, on the basis of the industry cloud-network integration architecture, through the interaction between MEP, industry gateways, and OSS, the unified configuration and supervision of network capability opening on MEPs is realized, and MEPs are supported to realize access user management through industry gateways , network slicing configuration and other self-service network management functions, compared with related technologies, the technical solutions of the embodiments of the present application are more secure, and the network capabilities available to the MEP are more abundant.

The capability opening method in the embodiment of the present application will be described below with reference to specific examples. In the following examples, the first device is an industry gateway, the second device is a BSS/OSS, the third device is a capability source, and the fourth device is an MEP.

example one

FIG. 9 is a schematic diagram of an interaction flow of a method for acquiring capability opening information according to an embodiment of the present application; as shown in FIG. 9 , the method includes:

Step 501: Multi-level access authentication is completed between the industry gateway, BSS/OSS, and MEP.

Here, the multi-level access process includes such steps as the industry gateway reporting its authentication requirements and supported capability information list when accessing the BSS/OSS, and the BSS/OSS sending the MEP authentication information to the industry gateway.

It should be noted that the MEP is not shown in the figure, and the detailed description of the multi-level access process can be referred to in Example 2.

Step 502: The BSS/OSS completes the authentication process with the capability source according to the supported capability information reported by the industry gateway when requesting access, and obtains the capability information list (that is, the capability information that can be obtained by the first device in the above embodiment) .

Here, the capability sources include RAN, 5GC, third-party networks, etc.

Exemplarily, the capability information list includes at least one of the following information: capability identifier, capability source type information, capability source domain name, capability source IP address, and capability source identity authentication information.

Step 503: The industry gateway requests the capability information list from the BSS/OSS to know its available capabilities.

Step 504: BSS/OSS sends the capability information list to the industry gateway.

Step 505: The industry gateway requests capability opening from the capability source according to the capability information list issued by the BSS/OSS (that is, the first device sends the first request to the third device in the foregoing embodiments).

Here, the capability opening request includes identity authentication information (such as account name and password) for authentication

Step 506: The capability source performs local authentication on the identity of the industry gateway requesting network capability opening. After passing the authentication, step 507 is executed.

Here, the capability source verifies the identity authentication information carried in the capability opening request according to the identity authentication information interacted with the BSS/OSS, and after the verification is passed, it is determined that the identity authentication of the industry gateway is passed.

Step 507: The capability source opens the capability API to the industry gateway.

Step 508: A heartbeat message for maintaining network capability interaction is transmitted between the industry gateway and the capability source opening.

If the heartbeat message is maintained successfully, go to step 512 and enter the network capability opening process.

If the heartbeat message fails to be maintained, go to step 509 .

Step 509: The heartbeat maintenance fails, and the capability source terminates the opening of the capability API of the industry gateway.

Step 510: The industry gateway reports to the BSS/OSS the failure information indicating that the acquisition of network capabilities fails, and requests instructions for the next action.

Step 511: BSS/OSS sends failure recovery information to the industry gateway to instruct and support the industry gateway to restart and obtain capability opening information from the capability source.

Step 512: The industry gateway obtains the capability opening information from the capability source based on the open capability API.

Example two

FIG. 10 is a schematic diagram of an access authentication interaction flow in a method for acquiring capability opening information according to an embodiment of the present application; as shown in FIG. 10 , the method includes:

Step 601: The industry gateway initiates an access authentication request to the BSS/OSS, and reports authentication requirement information and a list of capability information supported by the industry gateway.

Here, the access authentication request is the first access authentication request in the foregoing embodiments.

Step 602: The BSS/OSS authenticates the industry gateway, judges whether the industry gateway has the right to access the system, and performs subsequent steps after the authentication is passed.

Step 603: BSS/OSS sends an access authentication response to the industry gateway.

Here, the access authentication response is the first access authentication response in the foregoing embodiments; the access authentication response includes the authentication information of the MEP that accesses the industry gateway, and the authentication information of the MEP includes the access permission The MEP ID list of the industry gateway (which may include one or more MEP IDs), the authority level of each MEP and other MEP-related configuration information.

Step 604: The industry gateway initiates a broadcast, and the function of the broadcast indicates that it is in an accessible state.

Step 605: After receiving the broadcast from the industry gateway, the MEP sends an access request to the industry gateway.

Here, the access request is the second access authentication request in the foregoing embodiments.

Step 606: The industry gateway performs local authentication on the MEP requesting access according to the authentication information of the MEP issued by the BSS/OSS.

Step 607: The industry gateway sends an access response to the MEP that has passed the authentication.

Here, the access response is the second access authentication response in the foregoing embodiment, and the second received authentication response indicates that the MEP passes the authentication.

Step 608: After the access authentication of the industry gateway, capability source, BSS/OSS, and MEP is successful, the process of capability opening as in Example 1 can be entered.

Example three

FIG. 11 is a schematic diagram of a slice configuration flow in a method for acquiring capability opening information according to an embodiment of the present application; as shown in FIG. 11 , the method includes:

Step 701: The MEP sends a slice configuration request to the industry gateway.

Here, the slice configuration request is the first slice configuration request in the foregoing embodiments. Exemplarily, the slice configuration request may include request type (used to indicate slice configuration request), request task ID, identity of industry gateway, slice parameter template type (used to indicate standard slice parameter template type or custom slice parameter template type); if it is a standard slice parameter template type, the slice configuration request also includes a standard template number; if it is a custom slice parameter template type, then the slice configuration request also includes custom template parameters.

Step 702: Based on the slice configuration request, the industry gateway checks the authority of the MEP and checks the legitimacy of the carried parameters.

Here, the industry gateway mainly checks the legality of the custom template parameters. For example, check whether there are unrecognized parameters, whether the parameters exceed the value range, etc.

Step 703: The industry gateway sends a slice configuration request to the OSS.

Here, the slice configuration request is the second slice configuration request in the foregoing embodiments. Exemplarily, the slice configuration request may include request type (which may be used to indicate the slice configuration request), request task ID, OSS identity, slice template parameters and other content.

Step 704: The OSS sends a slice configuration response to the industry gateway, and the slice configuration response includes a slice instance ID.

Here, after the OSS interacts with the CSMF to complete the actual configuration of the network slice, it sends a slice configuration response to the industry gateway, and the slice configuration response is the second slice configuration response in the foregoing embodiment. Exemplarily, the slice configuration response may include a reply type (used to indicate whether the slice configuration is successful), a reply description (one-to-one correspondence with the reply type), the identity of the first device, and a slice instance ID (indicating that the network slice is number in the system), etc.

Step 705: The industry gateway sends a slice configuration response to the MEP, and the slice configuration response includes a slice instance ID.

Here, the slice configuration response is the first slice configuration response in the foregoing embodiments.

The embodiment of the present application also provides a device for acquiring capability opening information. FIG. 12 is a schematic diagram of the composition and structure of a device for acquiring capability opening information according to an embodiment of the present application. As shown in FIG. 12 , the device includes: a first sending unit 11 and a first receiving unit 12; wherein,

The first sending unit 11 is configured to send a first request to a third device; the first request is used to request capability opening; the first request includes identity authentication information for authentication;

The first receiving unit 12 is configured to acquire capability opening information from the third device; the capability opening information is obtained after the identity authentication information is authenticated by the third device.

In some optional embodiments of the present application, the first sending unit 11 is further configured to send a second request to the second device, where the second request is used to request capability information; the capability information is used to indicating capabilities available to the first device;

The first receiving unit 12 is further configured to receive the capability information from the second device.

In some optional embodiments of the present application, the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, IP address of the third device, third device identity authentication information.

In some optional embodiments of the present application, the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier.

In some optional embodiments of the present application, the wireless network information service capability identifier includes at least one of the following: wireless access network information identifier, slice capability identifier, access user capability identifier, multi-standard network access identifier, data Statistical Reporting Capability ID.

In some optional embodiments of the present application, the type information of the third device includes at least one of the following: a radio access network identifier, a network function identifier of a core network, and a third-party system identifier.

In some optional embodiments of the present application, the first sending unit 11 is further configured to send the second device the sending first information, where the first information is used to indicate a capability acquisition failure;

The first receiving unit 12 is further configured to receive second information from the second device, where the second information includes capability acquisition fault recovery information.

In some optional embodiments of the present application, the device further includes a first processing unit 13;

The first sending unit 11 is further configured to send a first access authentication request to the second device, where the first access authentication request includes authentication requirement information and capability information supported by the first device;

The first receiving unit 12 is further configured to receive a first access authentication response from the second device, where the first access authentication response includes authentication information of the fourth device;

The first sending unit 11 is further configured to send a broadcast message based on the authentication information of the fourth device; the broadcast message is used for the fourth device receiving the broadcast message to initiate access authentication;

The first receiving unit 12 is further configured to receive a second access authentication request from the fourth device;

The first processing unit 13 is configured to authenticate the fourth device based on the authentication information of the fourth device;

The first sending unit 11 is further configured to send a second access authentication response to the fourth device after the first processing unit 13 passes the authentication on the fourth device.

In some optional embodiments of the present application, the capability information supported by the first device includes at least one of the following information: an identifier of the first device, a network type supported by the first device, the An indication of whether the first device supports capability opening, an indication of whether the first device indicates Internet Security Protocol (IPSec), performance information of the first device, and an indication of whether the first device supports wide area interconnection.

In some optional embodiments of the present application, the performance information of the first device includes at least one of the following: interface bandwidth of the first device, and the number of fourth devices supported by the first device.

In some optional embodiments of the present application, the authentication information of the fourth device includes at least one of the following information: the identity of the fourth device, the IP address of the fourth device, the domain name of the fourth device, the fourth device identity authentication information.

In some optional embodiments of the present application, the first sending unit 11 is further configured to send the capability information to a fourth device.

In some optional embodiments of the present application, when the capability information includes a slice capability identifier, the capability information also includes configuration information of a slice parameter template, the number of slice parameter templates, and the identifier of a slice parameter template .

In some optional embodiments of the present application, the configuration information of the slice parameter template includes at least one of the following slice parameters and their value ranges:

The slice supports the maximum number of users;

slice service area;

Slicing end-to-end delay;

the mobility class of the terminal in the slice;

slice resource sharing level;

Slice reliability requirements.

The first receiving unit 12 is further configured to receive a first slice configuration request from the fourth device; the first slice configuration request includes indication information for indicating a standard slice parameter template type and a standard slice The identity of the parameter template, or include an indication of the type of the custom slice parameter template and the custom template parameter;

The first processing unit 13 is configured to determine a corresponding standard template parameter based on the identifier of the standard slice parameter template, and perform a legal check on the standard template parameter or the custom template parameter;

The first sending unit 11 is further configured to send a second slice configuration request to the second device after the first processing unit 13 passes the legality check on the standard template parameters or the custom template parameters, and the The second slice configuration request includes the standard template parameters or the custom template parameters, and the standard template parameters or the custom template parameters are used by the second device to complete the configuration of network slices;

The first receiving unit 12 is further configured to receive a second slice configuration response from the second device, where the second slice configuration response includes a network slice instance identifier;

The first sending unit 11 is further configured to send a first slice configuration response to the fourth device, where the first slice configuration response includes the network slice instance identifier.

In the embodiment of the present application, the apparatus is applied to the first device. The first processing unit 13 in the described device can be by central processing unit (CPU, Central Processing Unit), digital signal processor (DSP, Digital Signal Processor), micro control unit (MCU, Microcontroller Unit) or can in actual application Programmable gate array (FPGA, Field-Programmable Gate Array) realizes; The first sending unit 11 and the first receiving unit 12 in the described device can pass communication module (comprising: basic communication suite, operating system, Communication modules, standardized interfaces and protocols, etc.) and transceiver antennas.

The embodiment of the present application also provides a device for acquiring capability opening information. FIG. 13 is a second schematic diagram of the composition and structure of the device for acquiring capability opening information according to the embodiment of the present application. As shown in FIG. 13 , the device includes: a second receiving unit 21, a second processing unit 22, and a second sending unit 23; wherein,

The second receiving unit 21 is configured to receive a first request from a first device; the first request is used to request capability release; the first request includes identity authentication information for authentication;

The second processing unit 22 is configured to authenticate the first device based on the identity authentication information;

The second sending unit 23 is configured to send capability opening information to the first device after the second processing unit 22 passes the authentication.

In some optional embodiments of the present application, the second processing unit 22 is further configured as an open-capability application programming interface;

The second sending unit 23 is configured to send capability opening information to the first device based on the open capability API.

In some optional embodiments of the present application, the second processing unit 22 is configured to transmit messages between the first device and the second sending unit 23 and the second receiving unit 21; When the second receiving unit 21 receives the message from the first device, stop opening the capability application programming interface to the first device.

In some optional embodiments of the present application, the apparatus further includes a first authentication unit configured to authenticate the first device through a second device;

The second sending unit 23 is further configured to send capability information to the second device, where the capability information is used to indicate the capability that the first device can obtain, and the capability information is sent by the first authentication unit to It is sent after the first device passes the authentication.

In some optional embodiments of the present application, the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, Internet Protocol IP address of the third device, third device 3. Identity authentication information of the device.

In the embodiment of the present application, the apparatus is applied to a third device. The second processing unit 22 in the described device and the described first authentication unit can be realized by CPU, DSP, MCU or FPGA in practical application; The second sending unit 23 and the second receiving unit 21 in the described device, in In practical applications, it can be realized through communication modules (including: basic communication suites, operating systems, communication modules, standardized interfaces and protocols, etc.) and transceiver antennas.

The embodiment of the present application also provides a device for acquiring capability opening information. FIG. 14 is a third schematic diagram of the composition and structure of an apparatus for acquiring capability opening information according to an embodiment of the present application. As shown in FIG. 14 , the apparatus includes: a third receiving unit 32 and a third sending unit 31; wherein,

The third receiving unit 32 is configured to receive a second request from the first device, where the second request is used to request capability information;

The third sending unit 31 is configured to send the capability information to the first device, where the capability information is used to indicate the capability that the first device can obtain.

In some optional embodiments of the present application, the third receiving unit 32 is further configured to receive a first access authentication request from the first device, and the first access authentication request includes authentication requirement information and capability information supported by the first device;

The third sending unit 31 is further configured to send a first access authentication response to the first device after the first device is authenticated, and the first access authentication response includes the fourth device's Authentication information: the authentication information of the fourth device is used for the fourth device to access the first device.

In some optional embodiments of the present application, the capability information list supported by the first device includes at least one of the following information: an identifier of the first device, a network type supported by the first device, the An indication of whether the first device supports network capability opening, an indication of whether the first device indicates Internet Security Protocol (IPSec), performance information of the first device, and an indication of whether the first device supports wide area interconnection.

In the embodiment of the present application, the apparatus is applied in the second device. The third sending unit 31 and the third receiving unit 32 in the device can be implemented by communication modules (including: basic communication suite, operating system, communication modules, standardized interfaces and protocols, etc.) and transceiver antennas in practical applications.

The embodiment of the present application also provides a device for acquiring capability opening information. Fig. 15 is a schematic diagram 4 of the composition and structure of the device for acquiring capability opening information according to the embodiment of the present application. As shown in Fig. 15 , the device includes: a fourth receiving unit 41 and a fourth processing unit 42; wherein,

The fourth receiving unit 41 is configured to receive capability information from the first device, where the capability information is used to indicate the capability that the first device can obtain;

The fourth processing unit 42 is configured to perform corresponding capability processing based on the capability information.

In some optional embodiments of the present application, the fourth receiving unit 41 is configured to perform information interaction with the first device through a proxy function component, and receive capability information from the first device;

The fourth processing unit 42 is configured to perform corresponding processing based on the capability information through an application component.

In some optional embodiments of the present application, the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier;

The fourth processing unit 42 is configured to manage the accessing user based on the access user capability identifier when the wireless network information service capability identifier includes the access user capability identifier.

In some optional embodiments of the present application, the apparatus further includes a fourth sending unit 43 configured to send at least one of the following information to the first device: the mobile phone number of the access user, the user of the access user Name, IP address of the access user, and access application identifier.

In some optional embodiments of the present application, when the wireless network information service capability identifier includes a slice capability identifier, the capability information further includes configuration information of slice parameter templates, the number of slice parameter templates, and slice parameter the identity of the template;

The slice supports the maximum number of users;

slice service area;

Slicing end-to-end delay;

the mobility class of the terminal in the slice;

slice resource sharing level;

Slice reliability requirements.

In some optional embodiments of the present application, the fourth processing unit 42 is configured to send a first slice configuration request to the first device through the fourth sending unit 43, and the first slice configuration The request includes indication information for indicating a standard slice parameter template type, or indication information for indicating a custom slice parameter template type and custom template parameters; the fourth receiving unit 41 receives the information from the first device A first slice configuration response, where the first slice configuration response includes the network slice instance identifier.

In some optional embodiments of the present application, the fourth receiving unit 41 is further configured to receive a broadcast message from the first device;

The fourth sending unit 43 is further configured to send a first access authentication request to the first device based on the broadcast message; the first access authentication request is used by the first device to Four devices are authenticated;

The fourth receiving unit 41 is further configured to receive a second access authentication response from the first device.

In the embodiment of the present application, the apparatus is applied to a fourth device. The fourth processing unit 42 in the described device can be realized by CPU, DSP, MCU or FPGA in practical application; The 4th sending unit 43 and the 4th receiving unit 41 in the described device can pass communication module Group (including: basic communication suite, operating system, communication module, standardized interface and protocol, etc.) and implementation of transceiver antennas.

It should be noted that when the device for acquiring capability opening information provided by the above-mentioned embodiments acquires capability opening information, it only uses the division of the above-mentioned program modules as an example for illustration. In practical applications, the above-mentioned processing can be assigned to different Completion of program modules means that the internal structure of the device is divided into different program modules to complete all or part of the processing described above. In addition, the apparatus for obtaining capability openness information provided in the above embodiments and the embodiment of the method for obtaining capability openness information belong to the same concept, and the specific implementation process thereof is detailed in the method embodiment, and will not be repeated here.

An embodiment of the present application further provides a communication device, where the communication device is the first device, the second device, the third device, or the fourth device in the foregoing embodiments. FIG. 16 is a schematic diagram of the hardware composition structure of the communication device according to the embodiment of the present application. As shown in FIG. 16 , the communication device includes a memory 52, a processor 51, and a computer program stored in the memory 52 and operable on the processor 51 , when the processor 51 executes the program, implements the steps of the method for acquiring capability openness information that the embodiment of the present application applies to the first device; or, when the processor 51 executes the program, implements the embodiment of the present application Steps of the method for acquiring capability openness information applied to the second device; or, when the processor 51 executes the program, implement the steps of the method for acquiring capability openness information applied in the third device in this embodiment of the present application or, when the processor 51 executes the program, implement the steps of the method for acquiring capability openness information applied to the fourth device in the embodiment of the present application.

Optionally, the communication device may further include one or more network interfaces 53 . It can be understood that various components in the communication device are coupled together through the bus system 54 . It can be understood that the bus system 54 is used to realize connection and communication between these components. In addition to the data bus, the bus system 54 also includes a power bus, a control bus and a status signal bus. However, the various buses are labeled as bus system 54 in FIG. 16 for clarity of illustration.

It can be understood that the memory 52 may be a volatile memory or a non-volatile memory, and may also include both volatile and non-volatile memories. Among them, the non-volatile memory can be read-only memory (ROM, Read Only Memory), programmable read-only memory (PROM, Programmable Read-Only Memory), erasable programmable read-only memory (EPROM, Erasable Programmable Read-Only Memory) Only Memory), Electrically Erasable Programmable Read-Only Memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), Magnetic Random Access Memory (FRAM, ferromagnetic random access memory), Flash Memory (Flash Memory), Magnetic Surface Memory , CD, or CD-ROM (Compact Disc Read-Only Memory); magnetic surface storage can be disk storage or tape storage. The volatile memory may be random access memory (RAM, Random Access Memory), which is used as an external cache. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM, Static Random Access Memory), Synchronous Static Random Access Memory (SSRAM, Synchronous Static Random Access Memory), Dynamic Random Access Memory Memory (DRAM, Dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, Synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (DDRSDRAM, Double Data Rate Synchronous Dynamic Random Access Memory), enhanced Synchronous Dynamic Random Access Memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), Synchronous Link Dynamic Random Access Memory (SLDRAM, SyncLink Dynamic Random Access Memory), Direct Memory Bus Random Access Memory (DRRAM, Direct Rambus Random Access Memory ). The memory 52 described in the embodiments of the present application is intended to include, but not be limited to, these and any other suitable types of memory.

The methods disclosed in the foregoing embodiments of the present application may be applied to the processor 51 or implemented by the processor 51 . The processor 51 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in the processor 51 or instructions in the form of software. The aforementioned processor 51 may be a general-purpose processor, DSP, or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. The processor 51 may implement or execute various methods, steps, and logic block diagrams disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. In combination with the steps of the method disclosed in the embodiments of the present application, it can be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, and the storage medium is located in the memory 52, and the processor 51 reads the information in the memory 52, and completes the steps of the foregoing method in combination with its hardware.

In an exemplary embodiment, the communication device may be implemented by one or more Application Specific Integrated Circuit (ASIC, Application Specific Integrated Circuit), DSP, Programmable Logic Device (PLD, Programmable Logic Device), Complex Programmable Logic Device (CPLD, Complex Programmable Logic Device), FPGA, general-purpose processor, controller, MCU, microprocessor (Microprocessor), or other electronic components are used to implement the aforementioned method.

In an exemplary embodiment, the embodiment of the present application further provides a computer-readable storage medium, such as a memory 52 including a computer program, and the computer program can be executed by the processor 51 of the communication device to complete the steps in the foregoing method. The computer-readable storage medium can be memories such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface memory, optical disk, or CD-ROM; it can also be various devices including one or any combination of the above memories.

The computer-readable storage medium provided in the embodiment of the present application stores a computer program thereon, and when the program is executed by a processor, implements the steps of the method for acquiring capability opening information applied in the first device in the embodiment of the present application; or, When the program is executed by the processor, it implements the steps of the method for acquiring capability openness information that this embodiment of the present application applies to the second device; or, when the program is executed by the processor, it implements the steps of the embodiment of the present application that is applied to the third device. The steps of the method for acquiring capability openness information; or, when the program is executed by the processor, implement the steps of the method for acquiring capability openness information applied to the fourth device in the embodiment of the present application.

The methods disclosed in several method embodiments provided in this application can be combined arbitrarily to obtain new method embodiments under the condition of no conflict.

The features disclosed in several product embodiments provided by this application can be combined arbitrarily without conflict to obtain new product embodiments.

The features disclosed in several method or device embodiments provided in this application can be combined arbitrarily without conflict to obtain new method embodiments or device embodiments.

In the several embodiments provided in this application, it should be understood that the disclosed devices and methods may be implemented in other ways. The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods, such as: multiple units or components can be combined, or May be integrated into another system, or some features may be ignored, or not implemented. In addition, the mutual coupling, or direct coupling, or communication connection between the various components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms. of.

The units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or distributed to multiple network units; Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application can be integrated into one processing unit, or each unit can be used as a single unit, or two or more units can be integrated into one unit; the above-mentioned integration The unit can be realized in the form of hardware or in the form of hardware plus software functional unit.

Those of ordinary skill in the art can understand that all or part of the steps for realizing the above-mentioned method embodiments can be completed by hardware related to program instructions, and the aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the It includes the steps of the above method embodiments; and the aforementioned storage medium includes: various media that can store program codes such as removable storage devices, ROM, RAM, magnetic disks or optical disks.

Alternatively, if the above-mentioned integrated units of the present application are realized in the form of software function modules and sold or used as independent products, they can also be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the embodiment of the present application is essentially or the part that contributes to the prior art can be embodied in the form of a software product. The computer software product is stored in a storage medium and includes several instructions for Make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: various media capable of storing program codes such as removable storage devices, ROM, RAM, magnetic disks or optical disks.

The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.

Claims

A method for acquiring capability opening information, the method comprising:

The first device sends a first request to the third device; the first request is used to request capability release; the first request includes identity authentication information for authentication;

The first device acquires capability opening information from the third device; the capability opening information is obtained after the identity authentication information is authenticated by the third device.
The method according to claim 1, wherein the method further comprises:

The first device sends a second request to the second device, where the second request is used to request capability information; the capability information is used to indicate capabilities that the first device can obtain;

The first device receives the capability information from the second device.
The method according to claim 2, wherein the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, Internet protocol IP address of the third device, third device 3. Identity authentication information of the device.
The method according to claim 3, wherein the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier.
The method according to claim 4, wherein the wireless network information service capability identifier includes at least one of the following: wireless access network information identifier, slice capability identifier, access user capability identifier, multi-standard network access identifier, data Statistical Reporting Capability ID.
The method according to claim 3, wherein the type information of the third device includes at least one of the following: a radio access network identifier, a network function identifier of a core network, and a third-party system identifier.
The method according to any one of claims 1 to 6, wherein the method further comprises:

In the case that the first device cannot obtain the capability release information from the third device, the first device sends first information to the second device, where the first information is used to indicate a capability acquisition failure;

The first device receives second information from the second device, where the second information includes capability acquisition fault repair information.
The method according to claim 2, wherein the method further comprises:

The first device sends a first access authentication request to the second device, where the first access authentication request includes authentication requirement information and capability information supported by the first device;

The first device receives a first access authentication response from the second device, where the first access authentication response includes authentication information of the fourth device;

The first device sends a broadcast message based on the authentication information of the fourth device; the broadcast message is used for the fourth device receiving the broadcast message to initiate access authentication;

The first device receives a second access authentication request from a fourth device;

The first device authenticates the fourth device based on the authentication information of the fourth device, and sends a second access authentication response to the fourth device after passing the authentication.
The method according to claim 8, wherein the capability information supported by the first device includes at least one of the following information: an identifier of the first device, a network type supported by the first device, the An indication of whether the first device supports capability opening, an indication of whether the first device indicates the Internet security protocol IPSec, performance information of the first device, and an indication of whether the first device supports wide-area interconnection.
The method according to claim 9, wherein the performance information of the first device includes at least one of the following: interface bandwidth of the first device, and the number of fourth devices supported by the first device.
The method according to claim 8, wherein the authentication information of the fourth device includes at least one of the following information: the identity of the fourth device, the IP address of the fourth device, the domain name of the fourth device, the fourth device identity authentication information.
The method according to any one of claims 2 to 11, wherein the method further comprises:

The first device sends the capability information to a fourth device.
The method according to claim 12, wherein, in the case that the capability information includes a slice capability identifier, the capability information further includes configuration information of a slice parameter template, the number of slice parameter templates, and the identifier of a slice parameter template .
The method according to claim 13, wherein the configuration information of the slice parameter template includes at least one of the following slice parameters and their value ranges:

The slice supports the maximum number of users;

slice service area;

Slicing end-to-end delay;

the mobility class of the terminal in the slice;

slice resource sharing level;

Slice reliability requirements.
The method according to claim 13 or 14, wherein the method further comprises:

The first device receives a first slice configuration request from the fourth device; the first slice configuration request includes indication information for indicating a standard slice parameter template type and an identifier of a standard slice parameter template, or Include instructions for indicating the type of custom slice parameter template along with custom template parameters;

The first device determines corresponding standard template parameters based on the identifier of the standard slice parameter template, and sends a second slice configuration request to the second device after passing the legal check of the standard template parameters or the custom template parameters The second slice configuration request includes the standard template parameters or the custom template parameters, and the standard template parameters or the custom template parameters are used for the second device to complete the configuration of network slices;

The first device receives a second slice configuration response from the second device, and the second slice configuration response includes a network slice instance identifier;

The first device sends a first slice configuration response to the fourth device, where the first slice configuration response includes the network slice instance identifier.
A method for acquiring capability opening information, the method comprising:

The third device receives a first request from the first device; the first request is used to request capability release; the first request includes identity authentication information for authentication;

The third device authenticates the first device based on the identity authentication information, and sends capability opening information to the first device after the authentication is passed.
The method according to claim 16, wherein the sending capability opening information to the first device comprises:

The third device opens a capability application programming interface, and sends capability opening information to the first device based on the opened capability application programming interface.
The method according to claim 17, wherein said method further comprises:

transmitting a message between the third device and the first device;

If the third device does not receive the message from the first device, terminating opening of the capability application programming interface to the first device.
The method according to claim 16, wherein the method further comprises:

The third device authenticates the first device through the second device;

The third device sends capability information to the second device, where the capability information is used to indicate the capability that the first device can obtain, and the capability information is sent after the first device is authenticated.
The method according to claim 19, wherein the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, Internet Protocol IP address of the third device, third device 3. Identity authentication information of the device.
The method according to claim 20, wherein the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier.
The method according to claim 21, wherein the wireless network information service capability identifier includes at least one of the following: wireless access network information identifier, slice capability identifier, access user capability identifier, multi-standard network access identifier, data Statistical Reporting Capability ID.
The method according to claim 21, wherein the type information of the third device includes at least one of the following: a radio access network identifier, a network function identifier of a core network, and a third-party system identifier.
A method for acquiring capability opening information, the method comprising:

the second device receives a second request from the first device, the second request requesting capability information;

The second device sends the capability information to the first device, where the capability information is used to indicate the capability that the first device can obtain.
The method according to claim 24, wherein the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, Internet Protocol IP address of the third device, third device 3. Identity authentication information of the device.
The method according to claim 25, wherein the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier.
The method according to claim 26, wherein the wireless network information service capability identifier includes at least one of the following: wireless access network information identifier, slice capability identifier, access user capability identifier, multi-standard network access identifier, data Statistical Reporting Capability ID.
The method according to claim 25, wherein the type information of the third device includes at least one of the following: a radio access network identifier, a network function identifier of a core network, and a third-party system identifier.
The method according to any one of claims 24 to 28, wherein the method further comprises:

The second device receives a first access authentication request from the first device, where the first access authentication request includes authentication requirement information and capability information supported by the first device;

After the second device passes the authentication on the first device, it sends a first access authentication response to the first device, where the first access authentication response includes authentication information of the fourth device; The authentication information of the fourth device is used for the fourth device to access the first device.
The method according to claim 29, wherein the capability information list supported by the first device includes at least one of the following information: the identifier of the first device, the network type supported by the first device, the An indication of whether the first device supports network capability opening, an indication of whether the first device indicates the Internet security protocol IPSec, performance information of the first device, and an indication of whether the first device supports wide-area interconnection.
The method according to claim 30, wherein the performance information of the first device includes at least one of the following: interface bandwidth of the first device, and the number of fourth devices supported by the first device.
The method according to claim 29, wherein the authentication information of the fourth device includes at least one of the following information: the identity of the fourth device, the IP address of the fourth device, the domain name of the fourth device, the fourth device identity authentication information.
A method for acquiring capability opening information, the method comprising:

The fourth device receives capability information from the first device, where the capability information is used to indicate capabilities that the first device can obtain;

The fourth device performs corresponding capability processing based on the capability information.
The method of claim 33, wherein the fourth device receiving capability information from the first device comprises:

The proxy function component of the fourth device performs information interaction with the first device, and receives capability information from the first device;

Correspondingly, the fourth device performs corresponding processing based on the capability information, including:

The application component of the fourth device performs corresponding processing based on the capability information.
The method according to claim 33, wherein the capability information includes at least one of the following information: capability identifier, type information of the third device, domain name of the third device, Internet Protocol IP address of the third device, third device 3. Identity authentication information of the device.
The method according to claim 35, wherein the capability identifier includes at least one of the following: a location service capability identifier, a wireless network information service capability identifier, a monitoring capability identifier, a preconfiguration capability identifier, and a policy/charging capability identifier;

Wherein, the wireless network information service capability identifier includes at least one of the following: a wireless access network information identifier, a slice capability identifier, an access user capability identifier, a multi-standard network access identifier, and a data statistics report capability identifier.
The method according to claim 35, wherein the type information of the third device includes at least one of the following: a radio access network identifier, a network function identifier of a core network, and a third-party system identifier.
The method according to claim 36, wherein, when the wireless network information service capability identifier includes an access user capability identifier, the fourth device performs corresponding capability processing based on the capability information, including:

The fourth device manages the accessing user based on the accessing user capability identifier.
The method of claim 38, wherein the method further comprises:

The fourth device sends at least one of the following information to the first device: mobile phone number of the access user, user name of the access user, IP address of the access user, and access application identifier.
The method according to claim 36, wherein, when the wireless network information service capability identifier includes a slice capability identifier, the capability information further includes configuration information of slice parameter templates, the number of slice parameter templates, and slice parameter templates. the identity of the template;

Wherein, the configuration information of the slice parameter template includes at least one of the following slice parameters and their value ranges:

The slice supports the maximum number of users;

slice service area;

Slicing end-to-end delay;

the mobility class of the terminal in the slice;

slice resource sharing level;

Slice reliability requirements.
The method according to claim 40, wherein the fourth device performs corresponding capability processing based on the capability information, comprising:

The fourth device sends a first slice configuration request to the first device, and the first slice configuration request includes indication information for indicating a standard slice parameter template type, or for indicating a custom slice parameter template Instructions for types and custom template parameters;

The fourth device receives a first slice configuration response from the first device, where the first slice configuration response includes the network slice instance identifier.
The method according to any one of claims 33 to 41, wherein the method further comprises:

the fourth device receives a broadcast message from the first device;

Based on the broadcast message, the fourth device sends a second access authentication request to the first device; the second access authentication request is used by the first device to perform access authentication on the fourth device ;

A second access authentication response from the first device is received.
A device for acquiring capability openness information, the device comprising: a first sending unit and a first receiving unit; wherein,

The first sending unit is configured to send a first request to a third device; the first request is used to request capability opening; the first request includes identity authentication information for authentication;

The first receiving unit is configured to acquire capability opening information from the third device; the capability opening information is obtained after the identity authentication information is authenticated by the third device.
A device for acquiring capability opening information, the device comprising: a second receiving unit, a second processing unit, and a second sending unit; wherein,

The second receiving unit is configured to receive a first request from the first device; the first request is used to request capability opening; the first request includes identity authentication information for authentication;

The second processing unit is configured to authenticate the first device based on the identity authentication information;

The second sending unit is configured to send capability opening information to the first device after the second processing unit passes the authentication.
A device for acquiring capability openness information, the device comprising: a third receiving unit and a third sending unit; wherein,

The third receiving unit is configured to receive a second request from the first device, where the second request is used to request capability information;

The third sending unit is configured to send the capability information to the first device, where the capability information is used to indicate the capability that the first device can obtain.
A device for acquiring capability openness information, the device comprising: a fourth receiving unit and a fourth processing unit; wherein,

The fourth receiving unit is configured to receive capability information from the first device, where the capability information is used to indicate the capability that the first device can obtain;

The fourth processing unit is configured to process corresponding capabilities based on the capability information.
A computer-readable storage medium, on which a computer program is stored, and when the program is executed by a processor, the steps of the method according to any one of claims 1 to 15 are realized; or,

When the program is executed by the processor, it realizes the steps of the method described in any one of claims 16 to 23; or,

When the program is executed by the processor, it realizes the steps of the method described in any one of claims 24 to 32; or,

When the program is executed by the processor, the steps of the method described in any one of claims 33 to 42 are realized.
A communication device, comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, when the processor executes the program, the steps of the method according to any one of claims 1 to 15 are implemented; or,

When the processor executes the program, the steps of the method according to any one of claims 16 to 23 are realized; or,

When the processor executes the program, the steps of the method according to any one of claims 24 to 32 are implemented; or,

The steps of the method described in any one of claims 33 to 42 are implemented when the processor executes the program.