WO2022267995A1 - Procédé et appareil de communication, dispositif associé, et support de stockage - Google Patents

Procédé et appareil de communication, dispositif associé, et support de stockage Download PDF

Info

Publication number
WO2022267995A1
WO2022267995A1 PCT/CN2022/099572 CN2022099572W WO2022267995A1 WO 2022267995 A1 WO2022267995 A1 WO 2022267995A1 CN 2022099572 W CN2022099572 W CN 2022099572W WO 2022267995 A1 WO2022267995 A1 WO 2022267995A1
Authority
WO
WIPO (PCT)
Prior art keywords
security policy
security
configuration
computing platform
management request
Prior art date
Application number
PCT/CN2022/099572
Other languages
English (en)
Chinese (zh)
Inventor
游正朋
种璟
唐小勇
朱磊
罗柯
Original Assignee
中移(成都)信息通信科技有限公司
中国移动通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中移(成都)信息通信科技有限公司, 中国移动通信集团有限公司 filed Critical 中移(成都)信息通信科技有限公司
Publication of WO2022267995A1 publication Critical patent/WO2022267995A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present application relates to the communication field, and in particular to a communication method, device, related equipment and storage medium.
  • the fifth-generation mobile communication technology has many advantages such as large bandwidth, low latency, high reliability, high connection, ubiquitous network, etc., thereby promoting the rapid development and change of vertical industries, such as smart medical, The rise of smart education and smart agriculture.
  • MEC mobile edge computing
  • IT information technology
  • API application programming interface
  • the combination of 5G and MEC can introduce different technology combinations for different industry demand scenarios, such as quality of service (QoS), end-to-end network slicing, network capability exposure, edge cloud, etc., so as to provide customized solutions.
  • QoS quality of service
  • end-to-end network slicing network capability exposure
  • edge cloud etc.
  • embodiments of the present application provide a communication method, device, related equipment, and storage medium.
  • An embodiment of the present application provides a communication method applied to a first device, including:
  • the management request is used to request configuration of a security policy for application services on the edge computing platform;
  • a security policy is determined according to the management request; the security policy is used to provide security management functions for application services on the edge computing platform.
  • said determining the management request includes:
  • a first management request is determined based on the first operation; the first management request includes: a first security policy.
  • said determining the management request includes:
  • the second management request includes: a second security policy.
  • the second management request further includes: the priority of the second security policy; the security policy saved by the first device corresponds to an initial priority;
  • the method also includes:
  • said determining the management request includes:
  • a third management request from the edge computing platform is received; the third management request includes a third security policy.
  • the third management request further includes: the priority of the third security policy; the security policy saved by the first device corresponds to an initial priority;
  • the method also includes:
  • the method also includes:
  • the update result at least represents whether the security policy on the first device is updated.
  • the method also includes:
  • the update result at least represents whether the security policy is updated.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • the third configuration strategy is aimed at the Domain Name System (DNS, Domain Name System) of different application services;
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • An embodiment of the present application provides a communication method applied to a second device, including:
  • the second management request is used to request configuration of a security policy for the application service on the edge computing platform;
  • the security policy is used to provide security management for the application service on the edge computing platform Function.
  • the method also includes:
  • An update result from the first device is received; the update result at least represents whether the security policy on the first device is updated.
  • the second management request further includes: the priority of the second security policy; the security policy saved by the first device corresponds to an initial priority;
  • the priority of the second security policy and the initial priority corresponding to the security policy saved by the first device are used by the first device to determine whether to update the security policy.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • a third configuration strategy is aimed at domain name systems of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • An embodiment of the present application provides a communication method applied to an edge computing platform, including:
  • the third management request is used to request configuration of a security policy for the application service on the edge computing platform; the security policy is used to provide security management for the application service on the edge computing platform Function.
  • the third management request further includes: the priority of the third security policy; the security policy saved by the first device corresponds to an initial priority;
  • the priority of the third security policy and the initial priority corresponding to the security policy saved by the first device are used by the first device to determine whether to update the security policy.
  • the method also includes:
  • An update result from the first device is received; the update result at least indicates whether the security policy on the first device is updated.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • a third configuration strategy is aimed at domain name systems of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • An embodiment of the present application provides a communication device, which is set on the first device, including:
  • the first processing unit is configured to determine a management request; the management request is used to request configuration of a security policy for application services on the edge computing platform;
  • a security policy is determined according to the management request; the security policy is used to provide security management functions for application services on the edge computing platform.
  • the first processing unit is configured to determine a first operation for the first device
  • a first management request is determined based on the first operation; the first management request includes: a first security policy.
  • the apparatus further includes: a first communication unit configured to receive a second management request from the second device; the second management request includes: a second security policy.
  • the second management request further includes: the priority of the second security policy; the security policy saved by the first device corresponds to an initial priority;
  • the first processing unit is configured to determine whether to update the security policy stored by the first device according to the priority of the second security policy and the initial priority corresponding to the security policy stored by the first device.
  • the first communication unit is configured to receive a third management request from the edge computing platform; the third management request includes a third security policy.
  • the third management request further includes: the priority of the third security policy; the security policy saved by the first device corresponds to an initial priority;
  • the first processing unit is configured to determine whether to update the security policy saved by the first device according to the priority of the third security policy and the initial priority corresponding to the security policy saved by the first device.
  • the first communication unit is further configured to send the update result to the second device; the update result at least indicates whether the security policy on the first device is updated.
  • the first communication unit is further configured to send an update result to the edge computing platform; the update result at least indicates whether the security policy is updated.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • the third configuration strategy is aimed at Domain Name System DNS of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • An embodiment of the present application provides a communication device, which is set on the second device, including:
  • the second communication unit is configured to send a second management request to the first device; the second management request is used to request configuration of a security policy for application services on the edge computing platform; the security policy is used to configure the edge computing platform
  • the application service on the server provides security management functions.
  • the second communication unit is further configured to receive an update result from the first device; the update result at least indicates whether to update the security policy on the first device.
  • the second management request further includes: the priority of the second security policy; the security policy saved by the first device corresponds to an initial priority;
  • the priority of the second security policy and the initial priority corresponding to the security policy saved by the first device are used by the first device to determine whether to update the security policy.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • a third configuration strategy is aimed at domain name systems of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • An embodiment of the present application provides a communication device, which is set on an edge computing platform, including:
  • the third communication unit is configured to send a third management request to the first device; the third management request is used to request configuration of a security policy for application services on the edge computing platform; the security policy is used to configure the edge computing platform
  • the application service on the server provides security management functions.
  • the third management request further includes: the priority of the third security policy; the security policy saved by the first device corresponds to an initial priority;
  • the priority of the third security policy and the initial priority corresponding to the security policy saved by the first device are used by the first device to determine whether to update the security policy.
  • the third communication unit is further configured to receive an update result from the first device; the update result at least indicates whether to update the security policy on the first device.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • a third configuration strategy is aimed at domain name systems of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • An embodiment of the present application provides a first device, including: a first processor and a first communication interface; wherein,
  • the first processor is configured to determine a management request; the management request is used to request configuration of a security policy for application services on the edge computing platform;
  • a security policy is determined according to the management request; the security policy is used to provide security management functions for application services on the edge computing platform.
  • An embodiment of the present application provides a second device, including: a second processor and a second communication interface; wherein,
  • the second communication interface is configured to send a second management request to the first device; the second management request is used to request configuration of a security policy for application services on the edge computing platform; Application services on the computing platform provide security management functions.
  • An embodiment of the present application provides an edge computing platform, including: a third processor and a third communication interface; wherein,
  • the third communication interface is configured to send a third management request to the first device; the third management request is used to request configuration of a security policy for application services on the edge computing platform; Application services on the computing platform provide security management functions.
  • An embodiment of the present application provides a network device, including: a processor and a memory configured to store a computer program that can run on the processor,
  • the processor is configured to execute the steps of any one of the methods on the first device side above when running the computer program; or,
  • the processor is configured to execute the steps of any one of the methods described above on the second device side when running the computer program; or,
  • the processor is configured to, when running the computer program, execute the steps of any one of the methods described above on the third device side.
  • An embodiment of the present application provides a storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of any one of the methods described above on the first device side are implemented; or,
  • the communication system, method, device, first device, second device, and storage medium provided in the embodiments of the present application includes: the first device determines a management request; the management request is used to request an application service on an edge computing platform Configure the security policy; determine the security policy according to the management request; the security policy is used to provide security management functions for the application services on the edge computing platform.
  • the solution of the embodiment of this application implements the configuration of the security policy on the first device, so that the first device can provide security management functions for the application services on the edge computing platform based on the security policy; The security management and control capability of the configuration data of the computing platform.
  • FIG. 1 is a schematic diagram of a system structure of an MEC in the related art
  • FIG. 2 is a schematic structural diagram of a host layer and a system layer of an MEC in the related art
  • FIG. 3 is a schematic structural diagram of a system for 5G industry cloud-network integration according to an embodiment of the present application
  • FIG. 4 is a schematic structural diagram of a communication system of an application embodiment of the present application.
  • FIG. 5 is a schematic flowchart of a communication method according to an embodiment of the present application.
  • FIG. 6 is a schematic flowchart of another communication method according to an embodiment of the present application.
  • FIG. 7 is a schematic flowchart of another communication method according to an embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a communication method in an application embodiment of the present application.
  • FIG. 9 is a schematic flowchart of another communication method in an application embodiment of the present application.
  • FIG. 10 is a schematic diagram of a permission authorization method according to an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of a communication device according to an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram of another communication device according to an embodiment of the present application.
  • FIG. 13 is a schematic structural diagram of another communication device according to an embodiment of the present application.
  • Fig. 14 is a schematic structural diagram of the first device of the embodiment of the present application.
  • Fig. 15 is a schematic structural diagram of the second device of the embodiment of the present application.
  • FIG. 16 is a schematic structural diagram of a third device according to an embodiment of the present application.
  • MEC is a multi-access edge computing platform standard led by the European Telecommunications Standards Institute (ETSI, European Telecommunications Standards Institute). Connect to the edge computing platform, and provide more efficient business operation services by virtualizing and serving MEC applications, platforms, and resources to meet the differentiated needs of different businesses in terms of processing capabilities.
  • ETSI European Telecommunications Standards Institute
  • the ETSI standard organization defines the The framework of the MEC system shown.
  • the MEC system mainly includes: MEC system-level (MEC system-level), MEC host level (MEC host level), and network layer (Networks).
  • MEC system-level MEC system-level
  • MEC host level MEC host level
  • Network layer Networks
  • the MEC system layer is responsible for the allocation, recovery and coordination of the entire MEC resources to meet the needs of different services for computing and transmission resources.
  • MEC system-level management supports MEC system-level management functions and host-level management functions.
  • MEC system-level management functions include user application lifecycle management agents, operation support systems, and MEC orchestrators.
  • MEC host-level management functions can include MEC platform managers and virtualized infrastructure managers.
  • MEC services provided to terminals and third-party customers (such as commercial enterprises) are managed through the MEC management layer.
  • the MEC host layer is used to provide necessary computing, storage and transmission functions for MEC applications and MEC platforms.
  • the network layer is used to provide different network options (such as 3GPP wireless network, non-3GPP wireless network, and wired network) for upper-layer applications, and dynamically adjust routing strategies according to upper-layer signaling to meet the transmission requirements of different services on the network.
  • network options such as 3GPP wireless network, non-3GPP wireless network, and wired network
  • the MEC host includes: MEC platform and virtual infrastructure (computing, storage, network).
  • the virtual facility includes the data plane, which is used to execute the routing rules received from the MEC platform, in the application (also called MEC app, MEC application or MEP application), service (also called MEC service or MEP service), DNS service/proxy, 3GPP Forward traffic between the network, other access networks, local networks, and external networks.
  • the MEP enables the application to provide and invoke the service, and the MEP itself can also provide the service.
  • the application runs on a virtual machine or a container, and can provide a variety of services (such as: location, wireless network information, traffic management), and the application can also use services provided by other applications, for example: Application A
  • the provided services such as location and traffic management can be used by application B and application C.
  • the service may be provided by the MEP or a certain application. When a certain service is provided by the application, the service may be registered in the service list of the MEP.
  • MEC platform (MEP, MEC platform), supported functions include:
  • MEC applications can discover, notify, use and provide MEC services, including MEC services provided by other platforms (optional).
  • MEC orchestrator (MEO, MEC orchestrator), also known as MEC application orchestrator (MEAO, MEC application orchestrator), is the core of MEC system layer management.
  • the supported functions include:
  • MEC platform management (MEPM, MEC platform manager), supported functions include:
  • MEC application life cycle management (LCM, Life Cycle Management), such as: notify MEAO of related application events;
  • Element mgmt element management function of the MEC platform (MEP, MEC Platform), including virtual network function (VNF, Virtualized Network Function) element management and network service (NS, Network Service) element management, where the NS information element Including physical network function (PNF, Physical Network Function) information element, virtual link information element, VNF forwarding graph (VNF Forwarding Graph) information element;
  • VNF Virtualized Network Function
  • NS Network Service
  • MEC app rules & reqts mgmt MEC application rules and requirements management
  • service authorization such as: service authorization, routing rules, Domain Name System (DNS) configuration and conflict handling
  • DNS Domain Name System
  • VIM Virtualization Infrastructure Manager
  • the main functions of VIM include: allocating, managing, and releasing virtualized resources of virtualized infrastructure, receiving and storing software images, collecting and reporting performance and fault information of virtualized resources.
  • Mx1 , Mx2 , Mp1 , Mp2 , Mp3 , Mm1 , Mm2 . . . Mm9 in FIG. 2 indicate that various devices or modules can call interfaces and/or use corresponding communication protocols for communication.
  • MEC platform management is generally set on the industry gateway.
  • the data on the MEP can be directly connected to the external network, that is, the third-party network through the industry gateway.
  • the existing ETSI protocol does not protect data security in place and cannot adapt to the increasingly There are more and more management requirements for data security and privacy protection.
  • the L-MEPM receives the first information from the MEPM, and provides security management functions for applications on the edge computing platform based on the first information and security policies; the first information is used to perform security management on the applications on the edge computing platform configuration;
  • the MEPM may receive the second information from the MEAO, and send the first information to the first device according to the second information; the second information is used to arrange applications on the edge computing platform.
  • the edge computing platform may be called MEP.
  • the orchestration of applications on the edge computing platform can be understood as: implementing by orchestrating the application programs and/or available resources of each application.
  • the system architecture shown in FIG. 4 needs to provide an effective method for managing security policies, so as to ensure the security protection of the management configuration data on the MEP side.
  • the first device determines a management request; the management request is used to request configuration of a security policy for application services on the edge computing platform; according to the management request, the security policy is determined ; The security policy is used to provide security management functions for application services on the edge computing platform.
  • An embodiment of the present application provides a communication method applied to a first device, as shown in FIG. 5 , the method includes:
  • Step 501 Determine a management request; the management request is used to request configuration of security policies for application services on the edge computing platform;
  • Step 502 Determine a security policy according to the management request; the security policy is used to provide security management functions for application services on the edge computing platform.
  • a first device is set on the side of the edge computing platform, and the first device can communicate with the second device.
  • the first device may be a locally set MEPM, which can be understood as the user sets up a local MEPM, and can perform local management and configuration on applications provided by the MEP.
  • the first device can be deployed locally or integrated into the MEP.
  • the embodiment of the present application does not limit the name of the first device, as long as the function of the first device can be realized.
  • the second device may be an MEPM, and the embodiment of the present application does not limit the name of the second device, as long as the functions of the second device can be realized.
  • the edge computing platform may be called MEP.
  • the security policy can be directly configured by the local administrator through the human-computer interaction interface provided by the first device, that is, the local MEPM.
  • the determining the management request includes:
  • a first management request is determined based on the first operation; the first management request includes: a first security policy.
  • the local administrator performs the first operation through the human-computer interaction interface of the local MEPM
  • the first device determines the first operation for the first device, and determines the management request based on the first operation, that is, the first management request; based on the
  • the first management request may determine a corresponding security policy, which is referred to as the first security policy.
  • the security policy can be directly configured remotely by the remote administrator through the man-machine interaction interface provided by the second device, namely MEPM.
  • the determining the management request includes:
  • the second management request includes: a second security policy.
  • the remote administrator performs the second operation through the human-computer interaction interface of MEPM, the second device determines the second operation for the second device, and determines the management request based on the second operation, that is, the second management request; the second device sends The first device sends a second management request; the first device receives the second management request, and the second security policy may be determined based on the second management request.
  • the priority of security policy is proposed, and based on the priority, it is determined whether the security policy can be configured or updated based on the corresponding management request.
  • the second management request further includes: the priority of the second security policy; the security policy saved by the first device corresponds to the initial priority;
  • the method also includes:
  • the security policy may be configured through a request reported by the edge computing platform.
  • the determining the management request includes:
  • a third management request from the edge computing platform is received; the third management request includes a third security policy.
  • the priority of security policy is proposed, and based on the priority, it is determined whether the security policy can be configured or updated based on the corresponding management request.
  • the third management request further includes: the priority of the third security policy; the security policy saved by the first device corresponds to an initial priority;
  • the method also includes:
  • the first security policy can also have a corresponding priority.
  • the priority of the first security policy, the priority of the second security policy, and the priority of the third security policy can be set by different operators, such as the first The local administrator on the first device side, the remote administrator on the second device side, and the operator on the third device side are set accordingly; the first device receives the first management request, the second management request, and the third management request at the same time.
  • the security policy with the highest priority is determined by comparing the priorities, such as the above-mentioned first security policy, and the security policy saved by the first device is updated according to the first security policy.
  • the priority of the first security policy, the priority of the second security policy, and the priority of the third security policy can also be determined based on their corresponding devices, for example, set the priority of the first device to 1, and the priority of the second device The priority is 2, and the priority of the edge computing platform is 3.
  • the first security policy can also have a priority of 1, the priority of the second security policy is 2, and the priority of the third security policy is 3; when the first device receives two or three of the first management request, the second management request, and the third management request at the same time, by comparing the priorities, determine the security policy with the highest priority, as described in the first security policy, update the security policy stored in the first device according to the first security policy.
  • the two priorities corresponding to the first security policy are 2 (set by the local administrator) and 1 (determined based on the first device), and the two priorities corresponding to the second security policy are 2 (set by the remote administrator) , 2 (determined based on the second device), it is found that the priorities set by the operator are all 2, further comparison is made based on the priorities determined by the device, and it is determined that the priority of the first security policy is higher, then according to the first security policy
  • the policy updates the security policy saved by the first device.
  • the remote administrator on the second device side there may be multiple remote administrators, and different permissions can be assigned to each remote administrator; for the local administrator on the first device side, there may also be multiple remote administrators.
  • different permissions can be assigned to each local administrator. That is to say, various local administrators on the first device side, remote administrators on the second device side, and edge computing platforms can be considered comprehensively, and different permissions (corresponding to different priorities) can be assigned.
  • the above is only based on device configuration priorities. It is just an example and does not make a limitation. In actual application, it should be configured according to actual needs.
  • the first device may notify the second device of an update result of the security policy.
  • the method further includes:
  • the update result at least represents whether the security policy on the first device is updated.
  • the first device may notify the edge computing platform of the update result of the security policy, especially in the case of updating the security policy based on the third management request, notify the update result.
  • the method further includes:
  • the update result at least represents whether the security policy is updated.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • the third configuration strategy is aimed at Domain Name System (DNS) of different application services;
  • DNS Domain Name System
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • An embodiment of the present application provides a communication method applied to a second device, as shown in FIG. 6, the method includes:
  • Step 601 Send a second management request to the first device; the second management request is used to request configuration of a security policy for application services on the edge computing platform; the security policy is used to serve applications on the edge computing platform Provides security management functions.
  • the first device may notify the second device of an update result of the security policy.
  • the method further includes:
  • An update result from the first device is received; the update result at least represents whether the security policy on the first device is updated.
  • the priority of the security policy is proposed, and the first device determines whether the security policy can be configured or updated based on the corresponding management request based on the priority.
  • the second management request further includes: the priority of the second security policy; the security policy saved by the first device corresponds to the initial priority;
  • the priority of the second security policy and the initial priority corresponding to the security policy saved by the first device are used by the first device to determine whether to update the security policy.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • a third configuration strategy is aimed at domain name systems of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • An embodiment of the present application provides a communication method applied to an edge computing platform, as shown in FIG. 7 , the method includes:
  • Step 701 Send a third management request to the first device; the third management request is used to request configuration of a security policy for application services on the edge computing platform; the security policy is used to serve applications on the edge computing platform Provides security management functions.
  • the priority of the security policy is proposed, and the first device determines whether the security policy can be configured or updated based on the corresponding management request based on the priority.
  • the third management request further includes: the priority of the third security policy; the security policy saved by the first device corresponds to an initial priority;
  • the priority of the third security policy and the initial priority corresponding to the security policy saved by the first device are used by the first device to determine whether to update the security policy.
  • the first device may notify the edge computing platform of the update result of the security policy, especially in the case of updating the security policy based on the third management request, notify the update result.
  • the method further includes:
  • An update result from the first device is received; the update result at least indicates whether the security policy on the first device is updated.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • the third configuration strategy is aimed at Domain Name System (DNS) of different application services;
  • DNS Domain Name System
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • the first device is called a local MEPM (L-MEPM, Local MEPM); the second device is a MEPM; and the edge computing platform is called an MEP.
  • L-MEPM Local MEPM
  • MEP edge computing platform
  • the local administrator directly performs operation configuration on the L-MEPM; corresponding to the above configuration through the first management request;
  • the remote administrator configures through the MEPM remote management request; corresponding to the above configuration through the second management request;
  • L-MEPM has the default security policy of each application on the MEP, if several methods are operated at the same time, there may be conflicts or security issues, and it is proposed to configure according to the priority of the security policy.
  • Each remote operator can be stored in an array or other ways.
  • an application group is proposed, and the application group is used to manage multiple application lists of the same security level.
  • a communication method which is configured through a remote management request (equivalent to the above-mentioned second management request) sent by MEPM, as shown in FIG. 8, the method includes:
  • Step 801 MEPM sends a remote management request to L-MEPM
  • the remote administrator initiates a security policy configuration request on the operation and maintenance management device, and initiates a remote management request to the L-MEPM through the MEPM, and the remote management request is used to request configuration or update of the security policy.
  • Method 1 Use a number (Int or Long) to represent the security policy priority. The smaller the number, the higher the priority. The highest priority is set to 0, and the sequence from high to low is 0/1/2/3/4.
  • Method 1 Use a JSON string to indicate the priority of the security policy applied on the MEP
  • Method 2 Use a hash table to represent, Key is the application name, and value is the priority of the security policy.
  • the security policy information which may include the security policy information shown in Table 4 for each application on the MEP.
  • the security level of the application on the MEP is set or updated to "strict"
  • the management configuration data operation of all applications on the MEP is prohibited to configure the MEP, and L-MEPM will actively cut off the management configuration operation of the MEPM.
  • Step 802 the L-MEPM responds to the remote management request.
  • the L-MEPM After the L-MEPM receives the remote management request for the security policy, it judges the security policy according to the "security policy priority" in the remote management request;
  • the L-MEPM sends a message reply to the MEPM.
  • the request information includes but not limited to the content in Table 6.
  • the security policy applied on the MEP changes, it can also proactively report the updated security policy to the L-MEPM, and the priority of the security policy can be higher than the existing security policy of the L-MEPM.
  • a communication method is also provided, which is configured through a local request (equivalent to the above-mentioned third management request) reported by the MEP, as shown in FIG. 9 , the method includes:
  • Step 901 MEP sends a local request to L-MEPM
  • the security policy of an application on the MEP changes, the changed security policy information is sent to the L-MEPM; the content can be shown in Table 8 below:
  • Step 902 the L-MEPM responds to the local request.
  • L-MEPM performs a security policy judgment after receiving a security policy management request.
  • L-MEPM detects that the "Security Policy Priority" parameter in the request message is less than or equal to the existing "Security Policy Priority” parameter , the security policy is updated.
  • the L-MEPM sends a message reply to the MEP, and the reply information may include the information shown in Table 9 below:
  • the method may also include:
  • Step 903 reporting the suspension of the security management authority to the MEPM
  • the security policy After the security policy is updated, there may be changes in the security level of some applications. For example, if it is changed from "General" to "Strict", the update result can be sent to MEPM, as shown in Table 11, to inform the suspension of the security management authority of the application. , that is to tell the MEPM not to send configuration information to the L-MEPM, and the MEPM will not be able to manage and configure the application on the MEP.
  • Step 904 L-MEPM responds to MEPM with a suspension situation
  • the L-MEPM informs the MEPM that it has received and knows that it will not be able to manage and configure this application on the MEP.
  • the embodiment of the present application also provides a communication device, which is set on the first device, as shown in FIG. 11 , the device includes:
  • the first processing unit 1102 is configured to determine a management request; the management request is used to request configuration of a security policy for application services on the edge computing platform;
  • a security policy is determined according to the management request; the security policy is used to provide security management functions for application services on the edge computing platform.
  • the first processing unit 1102 is configured to determine a first operation for the first device
  • a first management request is determined based on the first operation; the first management request includes: a first security policy.
  • the apparatus further includes: a first communication unit 1101 configured to receive a second management request from the second device; the second management request includes: a second security policy.
  • the second management request further includes: the priority of the second security policy; the security policy saved by the first device corresponds to the initial priority;
  • the first processing unit 1102 is configured to determine whether to update the security policy saved by the first device according to the priority of the second security policy and the initial priority corresponding to the security policy saved by the first device.
  • the first communication unit 1101 is configured to receive a third management request from the edge computing platform; the third management request includes a third security policy.
  • the third management request further includes: the priority of the third security policy; the security policy saved by the first device corresponds to an initial priority;
  • the first processing unit 1102 is configured to determine whether to update the security policy saved by the first device according to the priority of the third security policy and the initial priority corresponding to the security policy saved by the first device.
  • the first communication unit 1101 is further configured to send the update result to the second device; the update result at least indicates whether to update the security policy on the first device.
  • the first communication unit 1101 is further configured to send an update result to the edge computing platform; the update result at least indicates whether the security policy is updated.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • a third configuration strategy is aimed at domain name systems of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • the first communication unit 1101 and the first processing unit 1102 may be implemented by a processor in a communication device combined with a communication interface.
  • the embodiment of the present application also provides a communication device, which is set on the second device, as shown in FIG. 12 , the device includes:
  • the second communication unit 1201 is configured to send a second management request to the first device; the second management request is used to request configuration of a security policy for application services on the edge computing platform; the security policy is used for edge computing Application services on the platform provide security management functions.
  • the second communication unit 1201 is further configured to receive an update result from the first device; the update result at least indicates whether to update the security policy on the first device.
  • the second management request further includes: the priority of the second security policy; the security policy saved by the first device corresponds to the initial priority;
  • the priority of the second security policy and the initial priority corresponding to the security policy saved by the first device are used by the first device to determine whether to update the security policy.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • a third configuration strategy is aimed at domain name systems of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • the second communication unit 1201 may be implemented by a communication interface in a communication device.
  • the embodiment of the present application also provides a communication device, which is set on the third device, as shown in FIG. 13 , the device includes:
  • the third communication unit 1301 is configured to send a third management request to the first device; the third management request is used to request configuration of a security policy for application services on the edge computing platform; the security policy is used for edge computing Application services on the platform provide security management functions.
  • the third management request further includes: the priority of the third security policy; the security policy saved by the first device corresponds to an initial priority;
  • the priority of the third security policy and the initial priority corresponding to the security policy saved by the first device are used by the first device to determine whether to update the security policy.
  • the third communication unit 1301 is further configured to receive an update result from the first device; the update result at least indicates whether to update the security policy on the first device.
  • the security policy includes: a security level for each application service in at least one application service;
  • the update result includes a configuration response for the security policy of each application service; the type of the configuration response includes:
  • the security policy includes at least one of the following:
  • the first security level represents the denial of configuration information for all application services on the edge computing platform
  • the second security level characterizes the configuration information allowed for some application services on the edge computing platform
  • the third security level the first security level characterizes the configuration information allowed for all application services on the edge computing platform.
  • the configuration information includes at least one of the following:
  • a first configuration strategy the operation authority of the first configuration strategy for different application services
  • a second configuration strategy is directed at routing rules for different application services
  • a third configuration strategy is aimed at domain name systems of different application services
  • a fourth configuration strategy is aimed at the life cycles of different application services.
  • the third communication unit 1301 may be implemented by a communication interface in a communication device.
  • the embodiment of the present application also provides a first device, as shown in Figure 14, the first device 1400 includes:
  • the first communication interface 1401 is capable of exchanging information with the second device
  • the first processor 1402 is connected to the first communication interface 1401 to implement information interaction with the second device, and is configured to execute the methods provided by one or more technical solutions on the first device side when running a computer program. Instead, the computer program is stored on the first memory 1403 .
  • the first communication interface 1401 is configured to determine a management request; the management request is used to request configuration of a security policy for application services on the edge computing platform;
  • the first processor 1402 is configured to determine a security policy according to the management request; the security policy is used to provide security management functions for application services on the edge computing platform.
  • the first communication interface 1401 is configured to determine a first operation for the first device
  • a first management request is determined based on the first operation; the first management request includes: a first security policy.
  • the first communication interface 1401 is configured to receive a second management request from the second device; the second management request includes: a second security policy.
  • the first processor 1402 is configured to determine whether to update the security policy saved by the first device according to the priority of the second security policy and the initial priority corresponding to the security policy saved by the first device. security policy.
  • the first communication interface 1401 is configured to receive a third management request from the edge computing platform; the third management request includes a third security policy.
  • the first processor 1402 is configured to determine whether to update the security policy saved by the first device according to the priority of the third security policy and the initial priority corresponding to the security policy saved by the first device. security policy.
  • the first communication interface 1401 is further configured to send the update result to the second device; the update result at least indicates whether to update the security policy on the first device.
  • the first communication interface 1401 is further configured to send an update result to the edge computing platform; the update result at least indicates whether the security policy is updated.
  • bus system 1404 various components in the first device 1400 are coupled together through the bus system 1404 .
  • the bus system 1404 is used to realize connection and communication between these components.
  • the bus system 1404 also includes a power bus, a control bus and a status signal bus.
  • the various buses are labeled as bus system 1404 in FIG. 14 .
  • the first memory 1403 in the embodiment of the present application is used to store various types of data to support the operation of the first device 1400 .
  • Examples of such data include: any computer programs for operating on the first device 1400 .
  • the methods disclosed in the foregoing embodiments of the present application may be applied to the first processor 1402 or implemented by the first processor 1402 .
  • the first processor 1402 may be an integrated circuit chip, which has a signal processing capability. In the implementation process, each step of the above method may be implemented by an integrated logic circuit of hardware in the first processor 1402 or an instruction in the form of software.
  • the aforementioned first processor 1402 may be a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like.
  • the first processor 1402 may implement or execute various methods, steps, and logic block diagrams disclosed in the embodiments of the present application.
  • a general purpose processor may be a microprocessor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor.
  • the software module may be located in a storage medium, and the storage medium is located in the first memory 1403, and the first processor 1402 reads the information in the first memory 1403, and completes the steps of the foregoing method in combination with its hardware.
  • the first device 1400 may be implemented by one or more Application Specific Integrated Circuits (ASIC, Application Specific Integrated Circuit), DSP, Programmable Logic Device (PLD, Programmable Logic Device), complex programmable logic device (CPLD, Complex Programmable Logic Device), field-programmable gate array (FPGA, Field-Programmable Gate Array), general-purpose processor, controller, microcontroller (MCU, Micro Controller Unit), microprocessor (Microprocessor), or others Electronic components are implemented for performing the aforementioned methods.
  • ASIC Application Specific Integrated Circuit
  • DSP Programmable Logic Device
  • PLD Programmable Logic Device
  • CPLD Complex Programmable Logic Device
  • FPGA Field-Programmable Gate Array
  • controller controller
  • microcontroller MCU, Micro Controller Unit
  • microprocessor Microprocessor
  • the embodiment of the present application also provides a second device, as shown in FIG. 15 , the second device 1500 includes:
  • the second communication interface 1501 is capable of information interaction with the first device and the third device;
  • the second processor 1502 is connected to the second communication interface 1501 to realize information interaction with the first device and the third device, and is configured to execute one or more technical solutions on the second device side when running a computer program. Methods. Instead, the computer program is stored on the second memory 1503 .
  • the second communication interface 1501 is configured to send a second management request to the first device; the second management request is used to request configuration of a security policy for application services on the edge computing platform; the security policy It is used to provide security management functions for application services on the edge computing platform.
  • the second communication interface 1501 is further configured to receive an update result from the first device; the update result at least indicates whether to update the security policy on the first device.
  • bus system 1504 various components in the second device 1500 are coupled together through the bus system 1504 . It can be understood that the bus system 1504 is used to realize connection and communication between these components. In addition to the data bus, the bus system 1504 also includes a power bus, a control bus and a status signal bus. However, the various buses are labeled as bus system 1504 in FIG. 15 for clarity of illustration.
  • the second memory 1503 in the embodiment of the present application is used to store various types of data to support the operation of the second device 1500 .
  • Examples of such data include: any computer programs for operating on the second device 1500 .
  • the methods disclosed in the foregoing embodiments of the present application may be applied to the second processor 1502 or implemented by the second processor 1502 .
  • the second processor 1502 may be an integrated circuit chip and has signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the second processor 1502 or instructions in the form of software.
  • the aforementioned second processor 1502 may be a general-purpose processor, DSP, or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like.
  • the second processor 1502 may implement or execute various methods, steps, and logic block diagrams disclosed in the embodiments of the present application.
  • a general purpose processor may be a microprocessor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor.
  • the software module may be located in a storage medium, and the storage medium is located in the second storage 1503, and the second processor 1502 reads information in the second storage 1503, and completes the steps of the aforementioned method in combination with its hardware.
  • the second device 1500 may be implemented by one or more ASICs, DSPs, PLDs, CPLDs, FPGAs, general processors, controllers, MCUs, Microprocessors, or other electronic components for performing the aforementioned methods.
  • the embodiment of the present application further provides a third device, as shown in FIG. 16 , the third device 1600 includes:
  • the third communication interface 1601 is capable of exchanging information with the first device and the third device;
  • the third processor 1602 is connected to the third communication interface 1601 to realize information interaction with the first device and the third device, and is configured to execute one or more technical solutions on the third device side when running a computer program. Methods. Instead, the computer program is stored on the third memory 1603 .
  • the third communication interface 1601 is configured to send a third management request to the first device; the third management request is used to request configuration of a security policy for application services on the edge computing platform; the security policy It is used to provide security management functions for application services on the edge computing platform.
  • the third communication interface 1601 is further configured to receive an update result from the first device; the update result at least indicates whether to update the security policy on the first device.
  • bus system 1604 various components in the third device 1600 are coupled together through the bus system 1604 .
  • the bus system 1604 is used to realize connection and communication between these components.
  • the bus system 1604 also includes a power bus, a control bus and a status signal bus.
  • the various buses are labeled as bus system 1604 in FIG. 16 for clarity of illustration.
  • the third memory 1603 in the embodiment of the present application is used to store various types of data to support the operation of the third device 1600 .
  • Examples of such data include: any computer programs for operating on the third device 1600 .
  • the methods disclosed in the foregoing embodiments of the present application may be applied to the third processor 1602 or implemented by the third processor 1602 .
  • the third processor 1602 may be an integrated circuit chip and has signal processing capability. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the third processor 1602 or an instruction in the form of software.
  • the aforementioned third processor 1602 may be a general-purpose processor, DSP, or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like.
  • the third processor 1602 may implement or execute various methods, steps, and logic block diagrams disclosed in the embodiments of the present application.
  • a general purpose processor may be a microprocessor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor.
  • the software module may be located in a storage medium, and the storage medium is located in the third storage 1603, and the third processor 1602 reads information in the third storage 1603, and completes the steps of the foregoing method in combination with its hardware.
  • the third device 1600 may be implemented by one or more ASICs, DSPs, PLDs, CPLDs, FPGAs, general purpose processors, controllers, MCUs, Microprocessors, or other electronic components for performing the aforementioned methods.
  • the memory in the embodiment of the present application may be a volatile memory or a nonvolatile memory, and may also include volatile and nonvolatile memory both.
  • the non-volatile memory can be read-only memory (ROM, Read Only Memory), programmable read-only memory (PROM, Programmable Read-Only Memory), erasable programmable read-only memory (EPROM, Erasable Programmable Read-Only Memory) Only Memory), Electrically Erasable Programmable Read-Only Memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), Magnetic Random Access Memory (FRAM, ferromagnetic random access memory), Flash Memory (Flash Memory), Magnetic Surface Memory , CD, or CD-ROM (Compact Disc Read-Only Memory); magnetic surface storage can be disk storage or tape storage.
  • the volatile memory may be random access memory (RAM, Random Access Memory), which is used as an external cache.
  • RAM random access memory
  • RAM Random Access Memory
  • many forms of RAM are available, such as Static Random Access Memory (SRAM, Static Random Access Memory), Synchronous Static Random Access Memory (SSRAM, Synchronous Static Random Access Memory), Dynamic Random Access Memory Memory (DRAM, Dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, Synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (DDRSDRAM, Double Data Rate Synchronous Dynamic Random Access Memory), enhanced Synchronous Dynamic Random Access Memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), Synchronous Link Dynamic Random Access Memory (SLDRAM, SyncLink Dynamic Random Access Memory), Direct Memory Bus Random Access Memory (DRRAM, Direct Rambus Random Access Memory ).
  • SRAM Static Random Access Memory
  • SSRAM Synchronous Static Random Access Memory
  • DRAM Dynamic Random Access Memory
  • SDRAM Synchronous Dynamic Random Access Memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé et un appareil de communication, un premier dispositif, un second dispositif et un support de stockage. Le procédé comprend les étapes suivantes: un premier dispositif détermine une requête de gestion, la requête de gestion étant utilisée pour demander la configuration d'une politique de sécurité pour un service d'application sur une plateforme informatique en périphérie de réseau; et la détermination de la politique de sécurité en fonction de la demande de gestion, la politique de sécurité étant utilisée pour fournir une fonction de gestion de sécurité pour le service d'application sur la plateforme informatique en périphérie de réseau.
PCT/CN2022/099572 2021-06-24 2022-06-17 Procédé et appareil de communication, dispositif associé, et support de stockage WO2022267995A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110703263.9 2021-06-24
CN202110703263.9A CN115529143A (zh) 2021-06-24 2021-06-24 通信方法、装置、相关设备及存储介质

Publications (1)

Publication Number Publication Date
WO2022267995A1 true WO2022267995A1 (fr) 2022-12-29

Family

ID=84545130

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/099572 WO2022267995A1 (fr) 2021-06-24 2022-06-17 Procédé et appareil de communication, dispositif associé, et support de stockage

Country Status (2)

Country Link
CN (1) CN115529143A (fr)
WO (1) WO2022267995A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138627A (zh) * 2019-07-11 2019-08-16 电子科技大学 量化的边缘计算侧终端安全接入策略选择方法
US20210051177A1 (en) * 2019-08-16 2021-02-18 Verizon Patent And Licensing Inc. Methods and Devices for Virtualizing Device Security Using a Multi-Access Server that is Separate from a Device
CN112788593A (zh) * 2019-11-04 2021-05-11 阿里巴巴集团控股有限公司 安全策略的更新方法及装置、系统
CN112968885A (zh) * 2021-02-02 2021-06-15 中国信息通信研究院 一种边缘计算平台安全防护方法和装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100109B (zh) * 2015-08-19 2019-05-24 华为技术有限公司 一种部署安全访问控制策略的方法及装置
US10110495B1 (en) * 2017-11-22 2018-10-23 Intel Corporation Multi-access edge computing (MEC) service provision based on local cost measurements
WO2019242856A1 (fr) * 2018-06-20 2019-12-26 NEC Laboratories Europe GmbH Système informatique en périphérie multi-accès (mec) et son procédé de fonctionnement
CN110868371B (zh) * 2018-08-27 2022-03-01 中国电信股份有限公司 安全策略的处理方法、系统、云管理平台和子网管理装置
CN111836261B (zh) * 2019-04-22 2021-10-15 华为技术有限公司 数据管理方法、lepm和mepm
CN112822675B (zh) * 2021-01-11 2021-11-23 北京交通大学 面向MEC环境的基于OAuth2.0的单点登录机制

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138627A (zh) * 2019-07-11 2019-08-16 电子科技大学 量化的边缘计算侧终端安全接入策略选择方法
US20210051177A1 (en) * 2019-08-16 2021-02-18 Verizon Patent And Licensing Inc. Methods and Devices for Virtualizing Device Security Using a Multi-Access Server that is Separate from a Device
CN112788593A (zh) * 2019-11-04 2021-05-11 阿里巴巴集团控股有限公司 安全策略的更新方法及装置、系统
CN112968885A (zh) * 2021-02-02 2021-06-15 中国信息通信研究院 一种边缘计算平台安全防护方法和装置

Also Published As

Publication number Publication date
CN115529143A (zh) 2022-12-27

Similar Documents

Publication Publication Date Title
US11277306B2 (en) Sending information of a network repository function instance storing network function instance information
WO2019157955A1 (fr) Procédé d'accès à un dispositif, plate-forme associée et support de stockage informatique
US10701139B2 (en) Life cycle management method and apparatus
KR102439559B1 (ko) 경보 방법 및 디바이스
EP3066607B1 (fr) Appariement dans un système de gestion de réseau distribué utilisant un modèle logique de politique multi-dimensionnel basé sur étiquettes
US10694389B2 (en) Network slice management method, management unit, and system
AU2017404864B2 (en) Network slice management method, unit and system
US9690605B2 (en) Configuration of an edge switch downlink port with a network policy of a published network configuration service type
US10397352B2 (en) Network infrastructure management
US10270648B2 (en) Configuration information management method, device, network element management system and storage medium
US10924966B2 (en) Management method, management unit, and system
US20170289791A1 (en) Communication method and apparatus using network slice
WO2019062994A1 (fr) Procédé, dispositif, et système de gestion de tranches de réseau
US10397132B2 (en) System and method for granting virtualized network function life cycle management
WO2019056883A1 (fr) Procédé de déploiement de tranches de réseau et dispositif associé
US10848366B2 (en) Network function management method, management unit, and system
US20150156079A1 (en) Methods and Apparatus to Dynamically Provide Network Policies
US20190140972A1 (en) Network resource orchestration method and device
WO2019062995A1 (fr) Procédé, dispositif et système de gestion de réseau
CN108881460B (zh) 一种云平台统一监控的实现方法和实现装置
WO2022267995A1 (fr) Procédé et appareil de communication, dispositif associé, et support de stockage
WO2017070963A1 (fr) Procédé, appareil et système pour déployer des ressources virtuelles
US11595444B2 (en) Authenticity assessment of a requestor based on a communication request
US11693703B2 (en) Monitoring resource utilization via intercepting bare metal communications between resources
WO2022267994A1 (fr) Système et procédé de communication, appareil, premier dispositif, deuxième dispositif et support de stockage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22827490

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE