WO2023051631A1 - 数据调用的方法和装置 - Google Patents
数据调用的方法和装置 Download PDFInfo
- Publication number
- WO2023051631A1 WO2023051631A1 PCT/CN2022/122227 CN2022122227W WO2023051631A1 WO 2023051631 A1 WO2023051631 A1 WO 2023051631A1 CN 2022122227 W CN2022122227 W CN 2022122227W WO 2023051631 A1 WO2023051631 A1 WO 2023051631A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network element
- data
- request message
- service
- authorization verification
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 172
- 238000012795 verification Methods 0.000 claims abstract description 370
- 238000013475 authorization Methods 0.000 claims abstract description 284
- 238000012545 processing Methods 0.000 claims abstract description 237
- 230000004044 response Effects 0.000 claims description 132
- 238000003860 storage Methods 0.000 claims description 60
- 238000004891 communication Methods 0.000 claims description 58
- 230000015654 memory Effects 0.000 claims description 41
- 238000004590 computer program Methods 0.000 claims description 17
- 230000006870 function Effects 0.000 description 64
- 230000008569 process Effects 0.000 description 29
- 238000004458 analytical method Methods 0.000 description 24
- 238000007726 management method Methods 0.000 description 24
- 230000008859 change Effects 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 7
- 238000007405 data analysis Methods 0.000 description 7
- 238000013523 data management Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000013524 data verification Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000003190 augmentative effect Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OUSLHGWWWMRAIG-FBCAJUAOSA-N (6r,7r)-7-[[(2z)-2-(furan-2-yl)-2-methoxyiminoacetyl]amino]-3-(hydroxymethyl)-8-oxo-5-thia-1-azabicyclo[4.2.0]oct-2-ene-2-carboxylic acid Chemical compound N([C@@H]1C(N2C(=C(CO)CS[C@@H]21)C(O)=O)=O)C(=O)\C(=N/OC)C1=CC=CO1 OUSLHGWWWMRAIG-FBCAJUAOSA-N 0.000 description 1
- 101150119040 Nsmf gene Proteins 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/082—Access security using revocation of authorisation
Definitions
- the present application relates to the field of communication technologies, and in particular to a method and device for calling data.
- the present application provides a method and device for calling data, so as to meet the user's requirement of exercising the withdrawal right of data usage in the network.
- a data call method which is characterized in that it includes: an authorization verification network element receives a data call request message from a service consumption network element, the data call request message includes the identity of the data owner, and the data call The request message is used to request to call the data of the data owner; the authorization verification network element judges whether the service consumption network element has the ability to support stop processing data, wherein the capability is used to indicate that the service consumption network element supports stop processing from the Authorize and verify the data acquired by the network element; if the service consuming network element does not have the capability, the authorization and verify network element rejects the data call request message.
- support to stop processing the data obtained from the authorization verification network element can mean that the service consumption network element supports to stop processing the data obtained from the authorization verification network element under the instruction of the authorization verification network element, or that the service consumption network element can identify the authorization The instruction information sent by the verification network element to notify the processing data, and support obtaining data from the authorized verification network element according to the instruction information.
- the authorization verification network element judges whether the data call request of the service consumption network element can be executed according to whether the service consumption network element has the ability to stop processing data. If the service consumption network element does not have the ability to support the stop processing of data, the authorization verification network element refuses to execute the data call request of the service consumption network element.
- the right of withdrawal can be exercised at any time, that is, the terminal device can cancel the consent of the service consumption network element to call the data at any time, which can avoid the risk of relevant regulations.
- the authorization verification network element determines whether the service consumption network element has the ability to support stop processing data, including: the authorization verification network element receives the service from the service consumption network element The capability indication information; in response to the data call request message, the authorization verification network element determines whether the service consumption network element has the ability to support stopping processing data according to the capability indication information.
- the authorization verification network element determines whether the consumption network element supports stopping processing the data according to the capability indication information of the service consumption network element, so that it can further judge whether the service can be executed according to whether the service consumption network element has the ability to support the stop processing data Data call requests from consuming NEs.
- the authorization verification network element determines whether the service consumption network element has the ability to stop processing data, including: when the authorization verification network element does not receive the service from the service In the case of consuming the capability indication information of the network element, or in the case that the context of the authorization verification network element does not save the capability indication information of the service consumption network element, the authorization verification network element determines that the service consumer does not have the support to stop processing Data capability, the capability indication information is used to indicate whether the service consuming network element has the capability.
- the service consuming network element reports capability indication information before sending a data call request message, and the capability indication information is used to indicate that the service consuming network element has the ability to support The ability to stop processing data.
- the authorization verification network element can determine that the service consumption network element supports stopping processing the data according to the capability indication information; if the authorization verification network element does not receive the capability indication information, the authorization verification network element determines that the service consumption network element does not support stopping processing the data data.
- the authorization verification network element sends a capability information query request message to the service consuming network element, and the capability information query request message is used to request to query whether the service consuming network element supports stopping processing the data. If the service consuming network element supports stopping processing data, the service consuming network element reports capability indication information to the authorization verification network element, and the capability knowledge information is used to indicate that the service consuming network element supports stopping processing personal data.
- the authorization verification network element can determine that the service consumer supports stopping processing the data according to the capability indication information; if the authorization verification network element does not receive the service consumer network within the set time after sending the capability information query request message If the capability indication information reported by the authorization verification network element determines that the service consumption network element does not support stopping processing the data.
- the authorization verification network element can flexibly judge whether the service consumption network element supports stopping processing the data of the terminal device, so as to determine whether the data call request of the service consumption network element can be executed according to the judgment result.
- the method further includes: the authorization verification network element sends a capability information query request message to the service consumption network element, and the capability information query request message is used to request to query the Whether the service consumption network element has this capability.
- the authorization verification network element can query the request message through the capability information to determine whether the service consumption network element has the ability to stop data processing, so that it can judge whether to process the data request of the service consumption network element according to whether the service consumption network element has this capability .
- the authorization verification network element rejecting the data call request message of the service consumption network element includes: the authorization verification network element sends a data call request message to the service consumption network element A response message, the data invocation response message is used to reject the data invocation request message, the data invocation response message includes a reason value, and the reason value is used to indicate the reason for rejecting the data invocation request message.
- the reason value is used to indicate that the reason for the rejection is that the service consuming network element does not support the capability.
- the authorization verification network element when the service consumption network element does not have the ability to stop processing data, the authorization verification network element sends a response message for rejecting data calls to the service consumption network element, and indicates the rejection to the service consumption network element through the cause value reason. In this way, the service consuming network element can determine the reason for the rejection, so as not to initiate data calls, saving resources.
- the method further includes: the authorization verification network element determining that the data owner allows the service consumption network element to use the data of the data owner.
- the data verification network element can verify whether the service consumption network element has the ability to support stopping data processing after determining that the data owner allows the service consumption network element to use the data of the data owner.
- the data verification network element executes the data call request of the service consumption network element, thereby ensuring that the service consumption network Yuan's data call request has been agreed by the user, and the user can exercise the right of withdrawal.
- the authorization verification network element determines that the data owner allows the service consumption network element to use the data owner's data, including: the authorization verification network element sends the storage network The element sends an intent verification request message, the intent verification request message includes the identity of the data owner, and the intent verification request message is used to request to verify whether the data owner allows the service consumption network element to use the data owner's data; The authorization verification network element receives an intent verification response message from the storage network element; the authorization verification network element determines that the data owner allows the service consumption network element to use the data owner's data according to the intent verification response message.
- the authorization verification network element can verify whether the data owner allows the service consumption network element to use the data owner's data through the storage network element, so as to ensure that the data provided to the service consumption network element has been approved by the data owner, preventing Data is misused.
- a method for calling data includes: a service consumption network element sends a data calling request message to an authorization verification network element, the data calling request message includes the identifier of the data owner, and the data calling request message uses to request to invoke the data of the data owner; the service consumption network element receives a data invocation response message from the authorization verification network element, the data invocation response message is used to reject the data invocation request message, and the data invocation The response message includes a reason value, and the reason value is used to indicate the reason for rejecting the data call request message.
- the service consumption network element can call the response message according to the data sent by the authorization verification network element, and obtain the reason value of the rejection by the authorization verification network element. Therefore, it can be further determined according to the reason value whether the data of the calling data owner can be re-requested.
- the method further includes: according to the cause value, the service consumption network element determines not to request the authorization verification network element to obtain data.
- the service consumption network element may determine whether to request data from the authorization verification network element according to the cause value.
- the reason value indicates that the reason for the rejection is that the service consuming network element does not have the ability to stop processing data
- the service consuming network element determines not to request the authorization verification network element to obtain data.
- the method further includes: the service consuming network element receives a capability information query request message from the authorization verification network element, and the capability information query request message is used to request query Whether the service consumption network element has the ability to support stopping processing data; in response to the capability information query request message, the service consumption network element sends capability indication information to the authorization verification network element, and the capability indication information is used to indicate that the service consumption network element has this capability.
- the service consumption network element can report the capability indication information according to the capability information query request of the authorization verification network element to indicate whether the service consumption network element supports stopping processing the data of the terminal device, so that the authorization verification network element can according to the Whether the service consuming network element supports stopping processing the data of the terminal device determines whether to execute the data calling request of the service consuming network element.
- a device for calling data including: a transceiver unit, configured to receive a data calling request message from a service consumption network element, where the data calling request message includes an identifier of a data owner, and the data calling request message uses Invoking the data of the data owner upon request; the processing unit is used to judge whether the service consumption network element has the ability to support stop processing data, wherein the capability is used to indicate that the service consumption network element supports stop processing from the authorization verification network The data obtained by the element; the processing unit is also configured to reject the data call request message when the service consuming network element does not have the capability.
- the transceiving unit is specifically configured to receive capability indication information from the service consuming network element; in response to the data call request message, the processing unit is specifically configured to Capability indication information, to determine whether the service consuming network element has the capability to stop processing data.
- the processing unit is specifically configured to determine that the service consumer does not have the ability to support stopping processing data, and the capability indication information is used to indicate whether the service consuming network element has the capability.
- the transceiver unit is further configured to send a capability information query request message to the service consumption network element, and the capability information query request message is used to request to query the service consumption network element element has this capability.
- the transceiver unit is specifically configured to send a data invocation response message to the service consuming network element, the data invocation response message is used to reject the data invocation request message, and the data invocation response message is used to reject the data invocation request message, and the data The call response message includes a reason value, which is used to indicate the reason for rejecting the data call request message.
- the device further includes: the authorization verification network element determines that the data owner allows the service consumption network element to use the data of the data owner.
- the transceiving unit is specifically configured to send an intent verification request message to the storage network element, where the intent verification request message includes the identity of the data owner, and the intent verification request message It is used to request to verify whether the data owner allows the service consumption network element to use the data owner’s data; the transceiver unit is also used to receive an intention verification response message from the storage network element; the processing unit is specifically used to, according to the intention The verification response message determines that the data owner allows the service consuming network element to use the data of the data owner.
- a device for calling data including: a transceiver unit, configured to send a data calling request message to an authorization verification network element, where the data calling request message includes an identifier of the data owner, and the data calling request message is used for Request to call the data of the data owner; the transceiver unit is also used to receive a data call response message from the authorization verification network element, the data call response message is used to reject the data call request message, and the data call The response message includes a reason value, and the reason value is used to indicate the reason for rejecting the data call request message.
- the apparatus further includes: a processing unit, configured to determine, according to the cause value, to no longer request the authorization verification network element to acquire data.
- the transceiver unit is further configured to receive a capability information query request message from the authorization verification network element, and the capability information query request message is used to request to query the service consumption Whether the network element has the ability to support stop processing data; in response to the capability information query request message, the transceiver unit is also used to send capability indication information to the authorization verification network element, and the capability indication information is used to indicate whether the service consumption network element is have the ability.
- a communication device is provided, and the device is configured to execute the methods provided in the first aspect to the fourth aspect above.
- the apparatus may include a unit and/or module for executing the methods provided in the first aspect to the fourth aspect, such as a processing unit and/or a communication unit.
- the device is a network device, for example, the device is an authorization verification network element.
- the communication unit may be a transceiver, or an input/output interface; the processing unit may be a processor.
- the apparatus is a chip, a chip system or a circuit used in a network device.
- the communication unit may be an input/output interface, interface circuit, output circuit, input circuit, pin or related circuit on the chip, chip system or circuit etc.
- the processing unit may be a processor, a processing circuit or a logic circuit and the like.
- the device is a chip, a chip system or a circuit in an authorized verification network element.
- the device may include units and/or modules for performing the method provided by the first aspect, such as a processing unit and/or a communication unit.
- the device is a service consumption network element.
- the communication unit may be a transceiver, or an input/output interface;
- the processing unit may be a processor.
- the device is a service consuming network element or a chip, a chip system or a circuit in a service consuming network element.
- the device may include units and/or modules for performing the method provided by the second aspect, such as a processing unit and/or a communication unit.
- the above-mentioned transceiver may be a transceiver circuit.
- the above input/output interface may be an input/output circuit.
- a communication device which includes: a memory for storing a program; a processor for executing the program stored in the memory, and when the program stored in the memory is executed, the processor is used for executing the above-mentioned first aspect to The method provided by the second aspect.
- the present application provides a processor configured to execute the methods provided in the above aspects.
- the process of sending the above information and obtaining/receiving the above information in the above method can be understood as the process of outputting the above information by the processor and the process of receiving the input of the above information by the processor.
- the processor When outputting the above information, the processor outputs the above information to the transceiver for transmission by the transceiver. After the above information is output by the processor, other processing may be required before reaching the transceiver.
- the transceiver acquires/receives the above-mentioned information and inputs it into the processor. Furthermore, after the transceiver receives the above information, the above information may need to be processed before being input to the processor.
- the receiving request message mentioned in the foregoing method may be understood as the processor receiving input information.
- processor For the operations of transmitting, sending, and acquiring/receiving involved in the processor, if there is no special description, or if it does not conflict with its actual function or internal logic in the relevant description, it can be understood more generally as the processor Output and receive, input and other operations, rather than the transmission, transmission and reception operations performed directly by radio frequency circuits and antennas.
- the above-mentioned processor may be a processor dedicated to performing these methods, or may be a processor that executes computer instructions in a memory to perform these methods, such as a general-purpose processor.
- the above-mentioned memory can be a non-transitory (non-transitory) memory, such as a read-only memory (read only memory, ROM), which can be integrated with the processor on the same chip, or can be respectively arranged on different chips.
- ROM read-only memory
- a computer-readable storage medium where the computer-readable medium stores program code for execution by a device, and the program code includes a method for executing the methods provided in the first aspect to the second aspect above.
- a computer program product including instructions is provided, and when the computer program product is run on a computer, the computer is made to execute the methods provided in the first aspect to the second aspect above.
- a chip in a tenth aspect, includes a processor and a communication interface, and the processor reads instructions stored in a memory through the communication interface, and executes the methods provided in the first to second aspects above.
- the chip may further include a memory, the memory stores instructions, the processor is used to execute the instructions stored in the memory, and when the instructions are executed, the processor is used to execute the above-mentioned first The methods provided in the first aspect to the second aspect.
- Fig. 1 is a schematic diagram of a network structure applicable to the embodiment of the present application.
- Fig. 2 is a schematic flowchart of a method for calling data.
- Fig. 3 is an exemplary flow chart of a data calling method provided by an embodiment of the present application.
- Fig. 4 is an exemplary flow chart of another data calling method provided by an embodiment of the present application.
- Fig. 5 is an exemplary flow chart of another data calling method provided by an embodiment of the present application.
- Fig. 6 is a schematic block diagram of an apparatus for calling data provided by an embodiment of the present application.
- FIG. 7 is a schematic structural diagram of a device for calling data provided by an embodiment of the present application.
- the present application provides a communication system, which includes a service consumption network element (10) and an authorization verification network element (20).
- the authorization verification network element is used to: receive a data call request message from the service consumption network element, the data call request message includes the identification of the data owner, and the data call request message is used to request call the data of the data owner; Judging whether the service consuming network element has the ability to support stopping processing the data; if the service consuming network element does not have the ability to support stopping processing the data, rejecting the data call request message of the service consuming network element.
- the technical solution provided by this application can be applied to various communication systems, such as: the fifth generation (5th generation, 5G) or new radio (new radio, NR) system, long term evolution (long term evolution, LTE) system, LTE frequency division Duplex (frequency division duplex, FDD) system, LTE time division duplex (time division duplex, TDD) system, etc.
- 5G fifth generation
- NR new radio
- long term evolution long term evolution
- LTE long term evolution
- LTE frequency division Duplex frequency division duplex
- FDD frequency division duplex
- TDD time division duplex
- the technical solution provided by this application can also be applied to device to device (device to device, D2D) communication, vehicle to everything (vehicle-to-everything, V2X) communication, machine to machine (machine to machine, M2M) communication, machine type Communication (machine type communication, MTC), and Internet of things (internet of things, IoT) communication system or other communication systems.
- D2D device to device
- V2X vehicle-to-everything
- M2M machine to machine
- M2M machine type Communication
- MTC machine type communication
- IoT Internet of things
- FIG. 1 it is a schematic diagram of a fifth generation (5th generation, 5G) network architecture based on a service architecture.
- the 5G network architecture shown in (b) of FIG. 1 may include three parts, namely a terminal device part, a data network (data network, DN) and an operator network part.
- a terminal device part namely a terminal device part, a data network (data network, DN) and an operator network part.
- DN data network
- operator network part namely a data network (data network, DN) and a operator network part.
- the operator network may include one or more of the following network elements: authentication server function (authentication server function, AUSF) network element, network exposure function (network exposure function, NEF) network element, policy control function (policy control function, PCF) network element, unified data management (unified data management, UDM) network element, unified database (unified data repository, UDR), network storage function (network repository function, NRF) network element, application function (application function, AF) ) network elements, access and mobility management function (access and mobility management function, AMF) network elements, session management function (session management function, SMF) network elements, radio access network (radioaccess network, RAN) and user plane functions (user plane function, UPF) network element, etc.
- authentication server function authentication server function, AUSF
- NEF network exposure function
- policy control function policy control function
- PCF policy control function
- unified data management unified data management
- UDM unified database
- NRF network repository function
- application function application function, AF
- AMF access and mobility management function
- Terminal device it can also be called user equipment (UE), which is a device with wireless transceiver function, which can be deployed on land, including indoor or outdoor, handheld or vehicle-mounted; it can also be deployed in On the water (such as ships, etc.); can also be deployed in the air (such as aircraft, balloons and satellites, etc.).
- the terminal device may be a mobile phone, a tablet computer (pad), a computer with a wireless transceiver function, a virtual reality (virtual reality, VR) terminal, an augmented reality (augmented reality, AR) terminal, an industrial control (industrial control ), wireless terminals in self driving, wireless terminals in remote medical, wireless terminals in smart grid, wireless terminals in transportation safety , wireless terminals in smart cities, wireless terminals in smart homes, etc.
- the terminal device here refers to a 3rd generation partnership project (3rd generation partnership project, 3GPP) terminal.
- 3rd generation partnership project 3rd generation partnership project
- the above-mentioned terminal device can establish a connection with the operator network through an interface provided by the operator network (such as N1, etc.), and use services such as data and/or voice provided by the operator network.
- the terminal device can also access the DN through the operator's network, and use the operator's service deployed on the DN, and/or the service provided by a third party.
- the above-mentioned third party may be a service party other than the operator's network and the terminal device, and may provide other services such as data and/or voice for the terminal device.
- the specific form of expression of the above-mentioned third party can be determined according to the actual application scenario, and is not limited here.
- Wireless access network radio access network, RAN
- RAN radio access network
- the RAN is a sub-network of the operator's network and an implementation system between service nodes and terminal equipment in the operator's network.
- the terminal equipment To access the operator's network, the terminal equipment first passes through the RAN, and then can be connected to the service node of the operator's network through the RAN.
- the RAN device in this application is a device that provides a wireless communication function for a terminal device, and the RAN device is also called an access network device.
- the RAN equipment in this application includes but is not limited to: next-generation base station (g nodeB, gNB), evolved node B (evolved node B, eNB), radio network controller (radio network controller, RNC) in 5G, node B (node B, NB), base station controller (base station controller, BSC), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved nodeB, or home node B, HNB), baseband unit (baseBand unit, BBU), transmission point (transmitting and receiving point, TRP), transmission point (transmitting point, TP), mobile switching center, etc.
- UPF User plane function
- QoS quality of service
- the user plane network element may be a user plane function (user plane function, UPF) network element.
- UPF user plane function
- the user plane network element may still be a UPF network element, or may have other names, which are not limited in this application.
- Multicast/broadcast-user plane function (MB-UPF)
- MB-UPF is mainly responsible for sending multicast broadcast streams to RAN (or UPF), which can perform packet filtering and distribution of multicast broadcast streams, and realize QoS enhancement and counting/reporting of multicast broadcast services.
- RAN or UPF
- MB-UPF and UPF are not strictly distinguished, and (MB-)UPF is used to represent MB-UPF or UPF.
- Data network used to provide a network for transmitting data.
- the data network element may be a data network element.
- the data network element may still be a DN network element, or may have other names, which are not limited in this application.
- Access and mobility management network elements are mainly used for mobility management and access management, etc., and can be used to implement other functions in MME functions except session management, such as lawful interception and access authorization/authentication.
- the access and mobility management network element may be an access and mobility management function (access and mobility management function, AMF).
- AMF access and mobility management function
- the access and mobility management device may still be an AMF, or may have other names, which are not limited in this application.
- Session management function (session management function, SMF): mainly used for session management, user equipment network interconnection protocol (internet protocol, IP) address allocation and management, selection of manageable user plane functions, policy control and charging function interface endpoints and downlink data notifications, etc.
- SMF session management function
- the session management network element may be a session management function network element.
- the session management network element may still be an SMF network element, or may have other names, which are not limited in this application.
- Multicast/broadcast-session management function (MB-SMF)
- MB-SMF is mainly responsible for multicast broadcast session management and control of multicast broadcast transmission. According to the policy rules of multicast broadcast services provided by PCF or locally configured, MB-UPF and RAN are configured accordingly to complete the transmission of multicast broadcast streams. . In this application, MB-SMF and SMF are not strictly distinguished, and (MB-)SMF is used to represent MB-SMF or SMF.
- PCF Policy control function
- the policy control network element may be a policy and charging rules function (policy and charging rules function, PCRF) network element.
- policy control network element may be a policy control function PCF network element.
- the policy control network element may still be a PCF network element, or may have other names, which are not limited in this application.
- Application function (Application function, AF): It is used for data routing influenced by applications, wireless access network open function network elements, and interaction with policy frameworks for policy control, etc.
- the application network element may be an application function network element.
- the application network element may still be an AF network element, or may have other names, which are not limited in this application.
- Unified data management used to process UE identification, access authentication, registration and mobility management.
- the data management network element may be a unified data management network element; in a 4G communication system, the data management network element may be a home subscriber server (HSS) network element.
- HSS home subscriber server
- the unified data management may still be a UDM network element, or may have other names, which are not limited in this application.
- Unified data repository It mainly includes the following functions: the access function of contract data, policy data, application data and other types of data.
- AUSF Authentication server function
- the authentication server may be an authentication server functional network element.
- the authentication server functional network element may still be an AUSF network element, or may have other names, which are not limited in this application.
- Data network is a network located outside the operator's network.
- the operator's network can access multiple DNs, and multiple services can be deployed on the DN, which can provide data and/or voice for terminal equipment. and other services.
- DN is a private network of a smart factory.
- the sensors installed in the workshop of the smart factory can be terminal devices.
- the control server of the sensor is deployed in the DN, and the control server can provide services for the sensor.
- the sensor can communicate with the control server, obtain instructions from the control server, and transmit the collected sensor data to the control server according to the instructions.
- DN is a company's internal office network, and the mobile phone or computer of the company's employees can be a terminal device, and the employee's mobile phone or computer can access information and data resources on the company's internal office network.
- Nausf, Nnef, Npcf, Nudm, Naf, Namf, Nsmf, N1, N2, N3, N4, and N6 are interface serial numbers.
- interface serial numbers refer to the meanings defined in the 3GPP standard protocol, and there is no limitation here.
- various network elements can communicate through the interfaces shown in the figure.
- the UE and the AMF may interact through the N1 interface, and the interaction message may be called an N1 message (N1Message), for example.
- N1Message N1 message
- the RAN and the AMF can interact through the N2 interface, and the N2 interface can be used for sending non-access stratum (non-access stratum, NAS) messages, etc.
- the RAN and UPF can interact through the N3 interface, and the N3 interface can be used to transmit user plane data, etc.
- the SMF and UPF can interact through the N4 interface, and the N4 interface can be used to transmit information such as the tunnel identification information of the N3 connection, data cache indication information, and downlink data notification messages.
- the UPF and DN can interact through the N6 interface, and the N6 interface can be used to transmit data on the user plane.
- the relationship between other interfaces and each network element is shown in FIG. 1 , and for the sake of brevity, details are not described here one by one.
- the above-mentioned network architecture applied to the embodiment of the present application is only an example network architecture described from the perspective of a service-oriented architecture, and the network architecture applicable to the embodiment of the present application is not limited thereto. Any network element that can implement the above-mentioned All functional network architectures are applicable to this embodiment of the application.
- Functional network elements for example, can be combined into network slices on demand.
- These core network elements can be independent devices, or they can be integrated into the same device to implement different functions. This application does not limit the specific forms of the above network elements.
- the above-mentioned network element or function may be a network element in a hardware device, or a software function running on dedicated hardware, or a virtualization function instantiated on a platform (for example, a cloud platform).
- the network device is the access and mobility management network element AMF
- the base station is the radio access network RAN as an example for description.
- network functional network element entities such as AMF, SMF network element, PCF network element, BSF network element, and UDM network element are all called network function (network function, NF) network elements; or, in another
- network function network function, NF
- a collection of network elements such as AMF, SMF, PCF, BSF, and UDM can be called control plane functional network elements.
- the network architecture and business scenarios described in the embodiments of the present application are for more clearly illustrating the technical solutions of the embodiments of the present application, and do not constitute limitations on the technical solutions provided by the embodiments of the present application.
- the technical solutions provided by the embodiments of this application are also applicable to similar technical problems.
- Computer-readable media may include, but are not limited to: magnetic storage devices (e.g., hard disk, floppy disk, or tape, etc.), optical disks (e.g., compact disc (compact disc, CD), digital versatile disc (digital versatile disc, DVD) etc.), smart cards and flash memory devices (for example, erasable programmable read-only memory (EPROM), card, stick or key drive, etc.).
- magnetic storage devices e.g., hard disk, floppy disk, or tape, etc.
- optical disks e.g., compact disc (compact disc, CD), digital versatile disc (digital versatile disc, DVD) etc.
- smart cards and flash memory devices for example, erasable programmable read-only memory (EPROM), card, stick or key drive, etc.
- various storage media described herein can represent one or more devices and/or other machine-readable media for storing information.
- the term "machine-readable medium” may include, but is not limited to, wireless channels and various other media capable of storing, containing and/or carrying instructions and/or data.
- a data processing method 200 is briefly introduced with reference to FIG. 2 .
- the method 200 includes:
- the NF service consumer sends a data call request message to the NWDAF.
- the NF service consumer can also be called NF consumer, and the NF service consumer can be, for example, a network element such as AF or PCF that requests analysis data.
- the NF service consumer sends a data call request (Nnwdaf_AnalyticsSubscription_Subscribe Request) message to NWDAF.
- the message includes the identification of the user equipment (such as the SUPI of the user equipment) and the analysis identification (Analytics ID), which is used to indicate the current analysis, for example, the analysis identification is used to identify the mobility analysis (UE mobility Analytics ID) of the user equipment. ), and for another example, the analysis identifier is used to identify the communication analysis (UE communication Analytics) of the user equipment, etc.
- the NWDAF judges whether to verify the user intention.
- the NWDAF judges whether the data invocation needs to verify the user's intention according to the local policy, that is, judges whether the user agrees to the data invocation.
- NWDAF judges whether this call involves the operation of the user's personal data according to the local policy. If so, NWDAF determines that it is necessary to verify the user's intention for this call; Validate user intent.
- NWDAF can obtain the verification result through UDM.
- the NWDAF sends a subscription information request message to the UDM.
- the NWDAF sends a subscription information request (Nudm_SDM_Get Request) message to the UDM, and the subscription information request message is used to request to obtain the subscription information of the user equipment, and the request message includes the identification of the user equipment (such as the SUPI of the user equipment) .
- the UDM acquires user subscription information.
- the UDM receives the subscription information request message from the NWDAF, and then acquires the subscription information of the user equipment according to the identifier of the user equipment carried in the subscription information request message.
- the subscription information includes an operation indication and a user intention indication.
- the data operation instruction is used to indicate the operation on the data
- the specific form of the data operation instruction may be an API name, and optionally, an API input may also be added.
- the user intention indication is used to indicate whether the user agrees to the data operation indicated by the data operation. For example, if the user intention indicator is 1, it means that the user agrees to the operation of the data by the data operation instruction; for another example, if the user intention indicator is 0, it indicates that the user does not agree to the operation of the data by the data operation instruction.
- the contract information may also include the identifier of the data processor.
- the identifier of the data processor can be PLMN ID, AS ID, etc.
- the user intention indication is used to indicate whether to agree to the data processor performing the operation corresponding to the data operation indication on the data.
- the UDM sends a subscription information response message to the NWDAF.
- the UDM after the UDM obtains the user subscription information, it sends a subscription information response (Nudm_SDM_Get Response) message to the NWDAF.
- the subscription information response message includes a user intention indication and a data operation indication, and optionally also includes an identification of a data processor.
- the NWDAF determines user intent.
- the NWDAF receives the subscription information response message from the UDM, and then judges whether the user agrees to the operation corresponding to the data operation instruction according to the information carried in the subscription information response message. For example, NWDAF searches for the user intention corresponding to the data operation corresponding to the analysis identifier carried in the data call request message in step 201 from the data operation indication and user intention indication carried in the subscription information response message, if the user intention is agree , it means that the user agrees to the operation corresponding to the analysis logo; if the user intention is to disagree, it means that the user does not agree to the operation corresponding to the analysis logo.
- the NWDAF sends a subscription information subscription request message to the UDM.
- the NWDAF determines that the user's intention is that the user agrees to the corresponding operation indicated by the data operation, the NWDAF sends a subscription information subscription request (Nudm_SDM_Subscribe Request) message to the UDM, and the subscription information request message includes the identifier of the user equipment (for example, the ID of the user equipment SUPI).
- the subscription information request message also includes a subscription type for the device, where the subscription type is used to indicate the subscription type agreed by the user equipment.
- the subscription information request message is used to request subscription to the subscription information change event. After the subscription is successful, once the subscription information of the user equipment changes, the UDM will notify the NWDAF.
- the UDM sends a subscription information subscription response message to the NWDAF.
- the UDM after receiving the subscription information subscription request message from the NWDAF, the UDM sends a subscription information subscription response (Nudm_SDM_Subscribe Reponse) message to the NWDAF, where the subscription information subscription response message is used to indicate that the subscription subscription information change event is successful.
- a subscription information subscription response Nudm_SDM_Subscribe Reponse
- the NWDAF sends a data call response message to the NF service consumer.
- NWDAF may skip steps 207 to 208, and directly send a data call response (Nnwdaf_AnalyticsSubscription_Subscribe Response) message to the NF service consumer,
- the data call response message is used to indicate that the data call request fails.
- NWDAF determines that the user intends to agree to the corresponding operation indicated by the data operation, then NWDAF sends a data call response (Nnwdaf_AnalyticsSubscription_Subscribe Response) message to the NF service consumer, and the data call response message is used to indicate that the data call request is successful.
- a data call response Nnwdaf_AnalyticsSubscription_Subscribe Response
- the NWDAF sends a user data request message to the NF service provider.
- the NWDAF may send a user data request message to the NF service provider (NF consumer), and the user data request message includes the identification of the user equipment (such as the user equipment SUPI), the user data request message is used to request to obtain the user data of the user equipment.
- NF consumer NF service provider
- the user data request message includes the identification of the user equipment (such as the user equipment SUPI)
- the user data request message is used to request to obtain the user data of the user equipment.
- the NF service provider sends a user data response message to the NWDAF.
- the NF service provider after receiving the user data request message from the NEWDAF, the NF service provider sends a user data response (Nnf_EventExposure_Notify) message to the NWDAF, where the user data response message includes the user data requested by the NWDAF.
- the NF service provider here is AMF
- the user data here is the location data (such as TAI, etc.) of the user equipment
- the NF service provider here is SMF
- the user data here is the location data of the user equipment Communication data (such as communication interval, communication rate, etc.).
- the NWDAF sends a data analysis notification message to the NF service consumer.
- NWDAF obtains user data from the user data response message from the NF service provider, and according to the analysis requested by the service consumer (the analysis indicated by the analysis identifier carried in the data call request message in step 201), the user The data is analyzed and processed to obtain the analysis results.
- the analysis result may include, for example, location statistical information of the user equipment, or communication feature information of the user equipment.
- the NWDAF sends a data analysis notification (Nnwdaf_AnalysisSubscription_Notify) message to the NF service consumer, and the data analysis notification message includes the analysis result.
- the UDM updates the user subscription information.
- the user intention in the user subscription information in step 204 indicates that the user equipment agrees to the operation corresponding to the data operation instruction, but at this time the user wishes to exercise the right of withdrawal, that is, the user equipment no longer agrees to the operation corresponding to the data operation instruction, At this time, the user's subscription information will be changed. For example, if the user equipment no longer agrees to analyze its mobility, the analysis identifier in the subscription information is changed to "Disagree" for the data operation corresponding to the user equipment mobility analysis (UE mobility Analytics). Correspondingly, the UDM updates the user subscription information.
- UE mobility Analytics user equipment mobility analysis
- the UDM sends a subscription information change notification message to the NWDAF.
- the UDM since the NWDAF has subscribed to the subscription information change event, after the UDM updates the user subscription information, the UDM sends a subscription information change notification message to the NWDAF, and the subscription information change notification message carries the changed subscription information.
- the NWDAF sends a data call notification message to the NF service consumer.
- NWDAF receives the subscription information change notification message sent by UDM, and determines that the user equipment no longer agrees to the operation corresponding to the data operation instruction according to the subscription information carried in the subscription information change notification message, then NWDAF sends the NF service consumer A data call notification (Nnwdaf_AnalyticsSubscription_Notify) message, the data call notification message includes a termination indication (Termination Request), and the termination indication is used to instruct the NF service consumer to terminate processing user data.
- a data call notification (Nnwdaf_AnalyticsSubscription_Notify) message
- the data call notification message includes a termination indication (Termination Request)
- the termination indication is used to instruct the NF service consumer to terminate processing user data.
- the NF service consumer sends a data call to the NWDAF to subscribe to the notification message.
- the NF service consumer receives the data call notification message sent by NWDAF, it terminates processing user data according to the termination instruction in the data call notification message, and sends a data call unsubscribe notification message to NWDAF for To subscribe to the analysis event of step 201.
- FIG. 3 shows an exemplary flow chart of a data calling method 300 provided by an embodiment of the present application.
- the method 300 includes:
- the service consumption network element sends a data call request message to the authorization verification network element.
- the data invocation request message includes the identifier of the data owner, and the data invocation request message is used to request invoking the data of the data owner, or in other words, the data invocation request message is used to request the data of the data owner to process.
- the data owner may be, for example, a terminal device, or other network elements storing data.
- the data call request message may also include an operation indication, which is used to instruct the service consuming network element to perform specific operations on the data owner's data, such as collecting, reading, analyzing, sharing, and so on.
- an operation indication which is used to instruct the service consuming network element to perform specific operations on the data owner's data, such as collecting, reading, analyzing, sharing, and so on.
- the service consuming network element here may be various network elements requesting data or services, and the name is only an example, and does not impose any limitation on the functions or characteristics of the network element.
- the service consuming network element may also be called a data using network element, a data requesting network element, a data user, and the like.
- the service consuming network element may be a network element requesting analysis data such as AF and PCF.
- the authorization verification network element judges whether the service consumption network element has the ability to stop processing data.
- the authorization verification network element judges whether the service consuming network element has the ability to support stopping processing data. Among them, having the ability to support stop processing data is used to indicate that the service consumption network element supports stop processing data obtained from the authorization verification network element.
- support to stop processing the data obtained from the authorization verification network element can mean that the service consumption network element supports to stop processing the data obtained from the authorization verification network element under the instruction of the authorization verification network element, or that the service consumption network element can identify the authorization The instruction information sent by the verification network element to notify the processing data, and support obtaining data from the authorized verification network element according to the instruction information.
- the support to stop processing data obtained from the authorization verification network element can be used to indicate that the service consumption network element supports stopping calling data through the authorization verification network element, and/or the service consumption network element supports deletion of data obtained through the authorization verification network element.
- the following is an exemplary description of several possible implementation modes for the authorization verification network element to determine whether the service consumption network element has the ability to support stopping processing data.
- the service consumption network element reports its own capability indication information to the authorization verification network element, and the capability indication information is used to indicate whether the service consumption network element has the ability to stop processing the data, that is, the capability indication information is used to Indicate that the service consuming network element supports stopping processing data, or the indication information is used to indicate that the service consuming network element does not support stopping processing data.
- the capability indication information may be carried in the above data call request message, or in any message before the data call request message.
- the authorization verification network element After the authorization verification network element receives the capability indication information of the service consuming network element, it can save the capability indication information in the context, and the capability indication information is associated with the service consuming network element identifier.
- the authorization verification network element can determine whether the service consumption network element has the ability to stop processing data according to the capability indication information of the service consumption network element.
- the service consumption network element when the service consumption network element has the ability to support the stop processing of data, the service consumption network element reports to the authorization verification network element the indication information that has the ability to support the stop processing data, and the indication information can be carried in the above data
- the call request message may also be carried in any message before the data call request message.
- the authorization verification network element After receiving the indication information, the authorization verification network element may save the indication information in the context.
- the authorization verification network element receives the data call request message from the service consumption network element, if the message carries the indication information that supports the ability to stop processing data, or the authorization verification network element obtains the information related to the service from the context.
- the authorization verification network element determines that the service consumption network element supports the stop processing of the data owner’s data; in another case, the authorization verification network element receives If the data call request message from the service consumption network element does not carry the indication information supporting the ability to stop processing data, the authorization verification network element has not obtained the information associated with the identity of the service consumption network element from the context. If there is indication information supporting the ability to stop processing data, the authorization verification network element determines that the service consumption network element does not support stopping processing the data of the data owner.
- the authorization verification network element after the authorization verification network element receives the data call request message from the service consumption network element, the authorization verification network element sends a capability information query request message to the service consumption network element, and the capability information query request message is used for Request to query whether the service consuming network element supports stopping processing the data owner's data.
- the service consumption network element receives a capability information query request message from the authorization verification network element, and then the service consumption network element sends a capability information query response message to the authorization verification network element, the capability information query response message includes capability indication information, The capability indication information is used to indicate whether the service consuming network element supports stopping processing the data of the data owner.
- the authorization verification network element receives the capability query response message from the service consuming network element, and then determines whether the service consuming network element has the ability to stop processing data according to the capability indication information carried in the response message.
- the service consumption network element receives the capability information query request message from the authorization verification network element, and if the service consumption network element has the ability to stop processing data, the service consumption network element sends the capability information to the authorization verification network element A query response message, where the capability information query response message includes indication information that supports the capability to stop processing data.
- the authorization verification network element receives the capability information query response message from the service consumption network element, and then determines that the service consumption network element has the ability to stop processing data according to the indication information carried in the response message; if the service consumption network element If the network element does not have the ability to stop processing data, the service consumption network element does not need to reply.
- the authorization verification network element sends a capability information query request message to the service consumption network element, if it does not receive a response message from the service consumption network element within the set time, the authorization verification network element determines that the service consumption network element is not Have the ability to support stopping processing data.
- the authorization verification network element sends a data call response message to the service consumption network element.
- the service consumption network element rejects the data call request of the service consumption network element. For example, the authorization verification network element sends a data invocation response message to the service consumption network element, the data invocation response message is used to reject the data invocation request message, the data invocation response message includes a reason value, and the reason value is used to indicate that the data invocation is rejected The reason for requesting the message. As an example, the reason value is used to indicate that the reason for the rejection is that the service consuming network element does not have the ability to support stopping processing data.
- the service consuming network element receives the data call response message, and according to the cause value carried in the response message, the service consuming network element determines not to request the authorization verification network element to acquire the data of the data owner, or the service The consuming network element determines not to request any data owner's data from the authorized verification network element, or the service consuming network element determines not to request any data owner's data involving user privacy from the authorized verification network element.
- the authorization verification network element determines that the service consumption network element has the ability to stop processing data, then further, the service consumption network element verifies whether the data owner allows the service consumption network element to use the data ownership through the storage network element data of the recipient. For example, the authorization verification network element sends an intention verification request message to the storage network element, the intention verification request message includes the identity of the data owner, and the intention verification request message is used to request verification whether the data owner allows the service consumption network element to use The data of the data owner, or the intent verification request message is used to request to verify whether the data owner allows the service consumption network element to process the data of the data owner.
- the storage network element receives the intention verification request message from the service consumption network element, according to the intention verification request message, the storage network element obtains the contract information of the data owner, and the storage network element judges whether the data owner is The service consuming network element is allowed to use the data of the data owner. Then the storage network element sends an intent verification response message to the authorization verification network element, the intent verification response message is used to respond to the intent verification request message, and the intent verification response message is used to indicate whether the data owner allows the service consumption network element to use the Data Owner's Data.
- the authorization verification network element receives the intent verification response message, and determines whether the data owner allows the service consumption network element to use the data owner's data according to the intent verification response message.
- the authorization verification network element sends a data call response message to the service consumption network element, and the data call response message is used to reject the data call request of the service consumption network element , the data call response message carries a reason value, which is used to indicate that the reason for the rejection is that the data owner does not allow the service consumption network element to use the data owner’s data; if the data owner allows the service consumption network element to use the data, all If the data of the data owner is not obtained, the verification network element is authorized to request the service provider network element to obtain the data of the data owner.
- the authorization verification network element may first verify whether the data owner allows the service consuming network element to use the data of the data owner. When the data owner does not allow the service consumption network element to use the data owner's data, the authorized verification network element refuses the data call request of the service consumption network element, and can no longer verify whether the service consumption network element has the ability to support the stop processing data; When the data owner allows the service consumption network element to use the data of the data owner, the authorization verification network element further judges whether the service consumption network element has the ability to stop processing data.
- the authorization verification network element after receiving the data invocation request message from the service consuming network element, the authorization verification network element verifies that the data owner does not have the ability to stop processing data when the service consuming network element Whether to allow the service consumption network element to use the data of the data owner. If the service consumption network element does not have the ability to stop processing data, the data owner still allows the service consumption network element to use the data owner's data, then the authorization verification network element does not need to verify whether the service consumption network element has the support The ability to stop processing data and directly execute subsequent processes.
- the authorization verification network element judges whether the data call request of the service consumption network element can be executed according to whether the service consumption network element has the ability to stop processing data. If the service consumption network element does not have the ability to support the stop processing of data, the authorization verification network element refuses to execute the data call request of the service consumption network element.
- the data owner can exercise the right of withdrawal at any time, that is, the data owner can cancel the permission of the service consumption network element to own the data at any time. The call of the data of the user can avoid the risk of relevant regulations.
- FIG. 4 shows an exemplary flow chart of a data calling method 400 provided by an embodiment of the present application.
- the method 400 includes:
- the service consumption network element sends the instruction information #1 supporting the stop of the data processing capability to the authorization verification network element.
- the indication information #1 is used to indicate that the service consuming network element has the ability to support stopping processing user data
- the ability to support stopping processing data is used to indicate that the service consuming network element supports stopping processing the information obtained from the authorization verification network element.
- the ability to support stopping processing data may indicate that the service consumption network element supports stopping processing data obtained by the authorization verification network element under the instruction of the authorization verification network element.
- the support for stopping the processing of user data may include, for example, support for revoking calls to user data, and/or deleting acquired personal data, and the like.
- the service consuming network element has the ability to support stopping data processing, which means that the service consuming network element can stop processing personal data according to the instruction of the data verifier, and the specific implementation method can refer to step 420 .
- the user data here represents the relevant information of an identifiable natural person, or the personal data information of the user.
- the service consuming network element should send the indication information #1 supporting the stop of the data processing capability to the authorization verification network element before requesting to call the user data.
- the service consuming network element may send the indication information #1 that supports stopping the data processing capability to the authorization verification network element during the process of establishing a connection with the authorization verification network element.
- the service consuming network element can request Before invoking user data, send instruction information #1 supporting the stop of data processing capability to the authorization verification network element.
- the service consuming network element may also indicate to the authorization verification network element that it does not support stopping data processing.
- the service consumption network element can use a reserved value to indicate the ability to stop data processing. When the reserved value is 0, it means that the service consumption network element does not have the ability to support stopping data processing. When the reserved value is 1, it means that the service consumption The network element has the ability to support stopping data processing.
- the service consuming network element here may be the party that requests the service among the two parties that communicate based on the service-oriented interface, and the service consuming network element may also be referred to as a data using network element, a data user, a requesting end, or a data requesting network.
- the service consuming network element may be a network element requesting analysis data such as AF and PCF.
- the authorization verification network element here may also be referred to as an authorization verification network element, an authorization verification network element, etc., and the authorization verification network element may be a network element for data analysis such as NWDAF, NEF, and DCCF. It should be understood that different data analysis requirements of service consumption network elements may correspond to different authorization verification network elements.
- the authorization verification network element saves the support stop data processing capability indication information #1 to the context.
- the authorization verification network element receives the support stop data processing capability indication information #1 from the service consuming network element, it saves the support stop data processing capability indication information #1 in the context.
- the support stop data processing capability indication information #1 is associated with the identifier of the service consuming network element.
- the authorization verification network element sends a response message to the service consumption network element.
- the response message may include an ACK to indicate that the authorization verification network element has successfully received the support stop data processing capability indication information #1.
- the response message may also include support stop data processing capability indication information #2, where the support stop data processing capability indication information #2 is used to indicate that the authorization verification network element has the capability to support stop processing personal data.
- the authorization verification network element has the ability to support the stop processing of personal data, which means that the authorization verification network element can notify the service consumption network element to stop processing personal data, see step 419 for the specific implementation.
- the service consumption network element sends a data call request message to the authorization verification network element.
- the service consumption network element sends a data call request message to the authorization verification network element, where the data call request message is used to request to operate on user data.
- the data call request message includes the identifier #1 of the user equipment, and the identifier #1 of the user equipment may be SUPI, GPSI, etc. of the user equipment, which is not limited here.
- the data call request message may also include a data call identifier, which may indicate specific operations on user data, such as collecting, reading, analyzing, and sharing user data.
- the specific form of the data call identifier may be an API name, such as Nnef_Location, Nnef_UEIdentifier_Get, Nnwdaf_AnalyticsSubscription_Subscribe, etc.
- the service consumption network element is an application server AS of a certain application
- the authorized verification network element is NEF
- the AS invokes an API opened by NEF to request UE identification (such as Nnef_UEIdentifier_Get, whose input user information can be set to a certain UE's IP Address), that is, the data call identifier is Nnef_UEIdentifier_Get at this time, and this operation represents the AS requesting to obtain the user identification information corresponding to the input IP address, then the data call request message calling the API instructs the AS to take the user's personal data (ie, identity information) read operation.
- UE identification such as Nnef_UEIdentifier_Get, whose input user information can be set to a certain UE's IP Address
- the service consumption network element is PCF
- the authorization verification network element is NWDAF
- PCF calls NWDAF to provide data analysis API, and provides the location of user equipment, such as Nnwdaf_AnalyticsSubscription_Subscribe, and its input analytics ID is set to UE mobility analytics
- Target of Analytics Reporting is set to the SUPI of a certain UE, where the analytics ID is the above-mentioned data call identifier, and the data call identifier is set to UE mobility analytics, indicating that the PCF requests the NWDAF to analyze the mobility data of the user equipment.
- step 404 and step 401 can be combined and sent, that is, the support stop data processing capability indication information #1 in 401 can be carried in the data invocation request message in 404, that is, the service consumption network element can send the data invocation request message at the same time , and report support stop data processing capability indication information #1.
- the authorization verification network element judges whether to verify the user intention.
- the authorization verification network element after the authorization verification network element receives the data call request message from the service consumption network element, it judges whether the data call needs to verify the user's intention (or verify the user's consent result) according to the local policy, that is, judges whether the data call needs to be verified. Check whether the user allows the service consumption network element to use the user's data.
- the authorization verification network element judges whether the call involves the operation of the user's personal data according to the local policy. If it is involved, the authorization verification network element determines that it is necessary to verify the user's intention for this call; The network element determines that there is no need to verify the user intention for this call.
- the authorized verifier verifies the user's intention for this data call, or the authorization verification network element judges whether the user agrees to perform the corresponding operation on the user data, or the authorization verification network element verification Whether the user allows the service consumption network element to use the user's data.
- the authorization verification network element obtains the user subscription information from the storage network element, and then judges the user's intention according to the user subscription information. For example:
- the authorization verification network element sends a subscription information request message to the storage network element.
- the subscription information request message includes the identifier #2 of the user equipment, and the subscription information request message is used to request to acquire the subscription information of the user equipment.
- the identity #2 of the user equipment may be the same identity as the identity #1 of the user equipment, or may be an identity converted from the identity #1 of the user equipment, which is not limited in this application.
- the ID #1 of the user equipment is the GPSI of the user equipment
- the ID #2 of the user equipment is SUPI, and the SUPI is converted according to the GPSI.
- the storage network element acquires user subscription information.
- the storage network element receives the subscription information request message from the authorization verification network element, and then obtains the subscription information of the user equipment according to the identification #2 of the user equipment carried in the subscription information request message, or obtains the subscription information related to the subscription information request message.
- the subscription information includes a data operation instruction and a user intention instruction corresponding to the data operation instruction.
- the data operation instruction is used to indicate an operation on the data, and the specific form of the data operation instruction may be an API name, and optionally, an API input may also be added.
- the user intention indication may also be referred to as a user consent result, and is used to indicate whether the user agrees to the operation of the data by the data operation indication. For example, if the user intention indicator is 1, it means that the user agrees to the operation of the data by the data operation instruction; for another example, if the user intention indicator is 0, it indicates that the user does not agree to the operation of the data by the data operation instruction.
- the contract information may also include the identifier of the data processor.
- the identifier of the data processor can be PLMN ID, AS ID, etc. If the subscription information includes the identifier of the data processor, the user intention indication is used to indicate whether to agree to the data processor performing the operation corresponding to the data operation indication on the data.
- the storage network element sends a subscription information response message to the authorization verification network element.
- the subscription information response message includes the subscription information of the user equipment, and the subscription information includes a data operation instruction and a user intention instruction corresponding to the data operation instruction, and optionally also includes an identifier of a data processor.
- the authorization verification network element receives the subscription information response message from the storage network element, and judges whether the user equipment agrees to perform the operation indicated by the data call identifier according to the subscription information carried in the subscription information response message.
- the authorization verification network element acquires the subscription information of the user equipment from the subscription information response message, and determines the user intention corresponding to the operation indicated by the data call identifier according to the subscription information. For example, the authorization checker finds the operation corresponding to the data call identifier among the operations corresponding to the data operation instruction, and then obtains the user intention instruction corresponding to the operation.
- the authorization verification network element can also obtain the identity of the corresponding data processor according to the operation corresponding to the data call identity, and verify whether the identity of the data processor includes the service consumption ID of the network element.
- the authorization verification network element requests the storage network element to judge the user's intention. For example:
- the authorization verification network element sends a user intention verification request message to the storage network element.
- the user intention verification request message includes the identifier #2 of the user equipment, and the data call identifier.
- the user intention verification request message also includes the identifier of the data processor.
- the user intention verification request message is used to request verification of the user intention corresponding to the operation indicated by the data invocation identifier, or in other words, the user intention verification request message is used to request whether the user agrees to perform the operation indicated by the data invocation identifier.
- the identity #2 of the user equipment may be the same identity as the identity #1 of the user equipment, or may be an identity converted from the identity #1 of the user equipment, which is not limited in this application.
- the ID #1 of the user equipment is the GPSI of the user equipment
- the ID #2 of the user equipment is SUPI
- the SUPI is converted according to the GPSI.
- the data invocation identifier is an identifier carried in the data invocation request message and indicates that the service consuming network element requests a specific operation on the data.
- the storage network element determines the user intention according to the user subscription information.
- the storage network element receives the user intention verification request message from the authorization verification network element, and obtains the subscription information of the user equipment according to the user equipment identifier #2 carried in the user intention verification request message.
- the storage network element determines the user intention corresponding to the operation indicated by the data call identifier according to the subscription information of the user equipment, or the authorized storage network element determines whether the user equipment agrees to perform the operation indicated by the data call identifier according to the subscription information of the user equipment. indicated action. For example, the storage network element finds the operation corresponding to the data call identifier among the operations corresponding to the data operation indication, and then determines the user intention corresponding to the operation.
- the contract information also includes the identifier of the data processor
- the storage network element can also obtain the identifier of the corresponding data processor according to the operation corresponding to the data call identifier, and verify whether the identifier of the data processor includes the service consumption ID of the network element.
- the storage network element sends a user intention verification response message to the authorization verification network element.
- the user intention verification response message includes user intention indication information, and the user intention indication information is used to indicate whether the user equipment agrees to perform the operation corresponding to the data call identifier on the user data.
- the authorization verification network element receives the user intention verification request message from the storage network element, and determines the user intention corresponding to the data call instruction according to the user intention indication carried in the user intention verification request message.
- the authorization verification network element sends a data call response message to the service consumption network element, and the data call response message is used to reject the data call request message of the service consumption network element .
- the authorization verification network element judges whether the service consumption network element supports stopping data processing.
- the authorization verification network element determines whether the service consumption network element supports stopping data processing, or whether it has the ability to support stopping data processing.
- the authorization verification network element judges whether the service consumption network element has the ability to stop data processing according to the local context. specific,
- the authorization verification network element searches the local context for support stop data processing capability indication information #1 corresponding to the identifier of the service consuming network element according to the identifier of the service consuming network element. If the indication information #1 exists in the context, the authorization verification network element determines that the service consumption network element has the ability to support stopping data processing. If there is no capability information #1 in the context, the authorization verification network element determines that the service consumption network element does not have the ability to support stopping data processing, or the service consumption network element does not support stopping data processing.
- the authorization verification network element may first determine the user's intention, and then determine whether the service consumption network element has the ability to stop data processing, or first determine whether the service consumption network element has the data processing capability, and then determine the user's intention. This application does not Do limited.
- step 412 may also be performed before scheme 1 or scheme 2.
- the authorization verification network element determines that the data call needs to verify the user's intention according to the judgment result of 405
- the authorization verification network element first judges whether the service consumption network element has the ability to support stopping data processing, and specifically judges For the method, refer to step 412, which will not be repeated here.
- the authorization verification network element can skip steps 406 to 408, or steps 409 to 411, and directly execute step 413, that is, send a data call to the service consumption network element
- the response message is used to reject the data call request message of the service consumption network element.
- the service consuming network element may report the indication information that does not support stopping data processing capability before or at the same time as step 404.
- the authorization verification network element receives the indication information that does not support the stop of data processing capability reported by the service consumption network element, it saves the indication information that does not support the stop of data processing capability in the context, and correlates with the identification of the service consumption network element couplet.
- the authorization verification network element judges whether the service consumption network element has the ability to support stop data processing according to the local context, and may also include: if the local context contains the unsupported stop data associated with the identity of the service consumption network element processing capability indication information, the authorization and verification network element determines that the service consumption network element does not have the ability to support stopping data processing, or the service consumption network element does not support stopping data processing, and at this time the authorization and verification network element sends data to the service consumption network element The invocation response message is used to reject the data invocation request message of the service consumption network element.
- the authorization verification network element determines that the user agrees to perform the operation corresponding to the data call identifier on the user data, and the service consumption network element supports stopping data processing, the authorization verification network element requests the service provider network element to obtain user data according to the data call request message.
- the authorization verification network element sends a user data request message to the service providing network element.
- the user data request message is used to request user data required by the data call request.
- the service providing network element here may be the party that provides services among the two parties that communicate based on the service interface, and the service consuming network element may also be called a data providing network element, data provider, service provider, producer wait.
- the service providing network element may be, for example, a network element that provides data, such as AMF and SMF.
- the service providing network element sends user data #1 to the authorization verification network element.
- the service providing network element receives the user data request message from the authorization verification network element, and then sends user data #1 to the authorization verification network element according to the request message.
- the authorization verification network element sends user data #2 to the service consumption network element.
- the authorization verification network element receives the user data #1 from the service providing network element, and then processes the user data #1 according to the operation corresponding to the data call identifier to obtain the user data #2.
- the service consumption network element is the application server AS
- the authorization verification network element is NEF
- the AS calls the API opened by NEF for requesting user equipment identification (such as Nnef_UEIdentifier_Get, whose input user information is set to the IP address of a certain user equipment) , then in this example, both user data #1 and user data #2 may be identification information of the user corresponding to the requested IP address.
- the service consumption network element is PCF
- the authorized verification network element is NWDAF
- PCF calls the data analysis API provided by NWDAF, and provides analysis UE location (for example, Nnwdaf_AnalyticsSubscription_Subscribe, whose input analytics ID is set to UE mobility analytics, Target of Analytics Reporting is set to the SUPI of a certain user equipment), then in this example, user data #1 is the location information of the UE, and user data #2 is the analysis result obtained according to the location information of the UE.
- the UDM updates the user subscription information.
- the user wants to change the intention to process user data from consent to disagree, or the user wants to cancel the consent to the processing of user data, or the user no longer agrees to the service consumption network element using the user's data , which will result in changes to the user's subscription information.
- the user equipment no longer agrees to analyze its mobility, the user intention corresponding to the data operation corresponding to the analysis flag in the subscription information is changed to "disagree".
- the UDM updates the user subscription information.
- the storage network element sends a subscription information change notification message to the authorization verification network element.
- the storage network element sends a subscription information change notification message to the authorization verification network element, and the subscription information change notification message carries the changed subscription information.
- the authorization verification network element sends a data invocation notification message to the service consumption network element.
- the authorization verification network element receives the subscription information change notification message sent by the storage network element, and determines that the user equipment no longer agrees to the operation corresponding to the data call indication according to the subscription information carried in the subscription information change notification message, then authorizes The verification network element sends a data call notification (Nnwdaf_AnalyticsSubscription_Notify) message to the service consumption network element, the data call notification message includes a termination indication (Termination Request), and the termination indication is used to instruct the service consumption network element to terminate processing user data, or the The termination indication is used to instruct the service consuming network element to terminate invoking user data.
- a data call notification (Nnwdaf_AnalyticsSubscription_Notify) message
- the data call notification message includes a termination indication (Termination Request)
- the termination indication is used to instruct the service consumption network element to terminate processing user data
- the termination indication is used to instruct the service consuming network element to terminate invoking user data.
- the service consumption network element stops processing personal data.
- the service consumption network element receives the data call notification message from the authorization verification network element, and according to the data call notification message, it is determined that the user no longer agrees to perform the operation corresponding to the user data, and the service consumption network element stops the user
- the data is processed, or the service consumption network element notifies the operation corresponding to the user data execution instruction.
- the service consumption network element cancels the subscription to the data call, and deletes the personal data, etc.
- the service consumption network element can send the cancel data call message to the authorization verification network element again, so as to cancel the previous subscription to the data call.
- the unsubscribe data call message may contain Nnwdaf_AnalyticsSubscription_Unsubscribe, etc.
- the service consuming network element deletes the previously obtained user data #2.
- FIG. 5 shows an exemplary flow chart of a method 500 for calling data.
- the method 500 includes:
- the service consumption network element sends a data call request message to the authorization verification network element.
- the authorization verification network element judges whether to verify user intention.
- steps 501 and 502 are similar to steps 404 and 405 in the method 400, and details are not repeated here.
- the authorization verification network element determines that the current data transfer does not need to verify the user's intention, the authorization verification network element skips steps 503 to 510 .
- the authorization verification network element sends a data invocation response message to the service consumption network element, where the data invocation response message is used to reject the data invocation request of the service consumption network element.
- the authorization verification network element determines that the user intention needs to be verified for this data call, the authorization verification network element verifies the user intention through the storage network element.
- the specific verification method is similar to the verification scheme provided in method 400, that is, steps 503 to 508 are similar to steps 407 to 412 in method 400, and will not be repeated here.
- the authorization verification network element verifies whether the service consumption network element supports stopping data processing, or the authorization verification network element verifies whether the service consumption network element has the ability to stop data processing .
- the authorization verification network element sends a stop data processing capability verification request message to the service consumption network element.
- the stop data processing capability verification request message is used to request to obtain the ability of the service consuming network element to stop data processing, or in other words, the stop data processing capability verification request message is used to query whether the service consuming network element has the ability to support stop data processing deal with.
- the service consumption network element sends a stop data processing capability verification response message to the authorization verification network element.
- the service consumption network element in response to the stop data processing capability verification request message from the authorization verification network element, the service consumption network element sends a stop data processing capability verification response message to the authorization verification network element, and the stop data processing capability verification response message includes capability indication information , the capability indication information is used to indicate whether the service consuming network element supports stopping data processing.
- the authorization verification network element receives the stop data processing capability verification response message from the service consuming network element, and determines whether the service consuming network element supports stopping data processing according to the capability indication information carried in the response message.
- the service consuming network element if the service consuming network element supports stopping data processing, the service consuming network element, after receiving the stop data processing capability verification request message from the authorization verification network element, verifies by stopping the data processing capability
- the response message sends the support stop data processing capability indication information to the authorization verification network element, and the support stop data processing capability indication information is used to indicate that the service consumption network element supports stop data processing; if the service consumption network element does not support stop data processing, the service After receiving the request message for stopping the verification of data processing capability from the authorization verification network element, the consuming network element may not reply the request message for stopping the verification of data processing capability.
- a timer can be set. If the timer expires, the authorization verification network element still has not received the stop data sent from the service consumption network element. processing capability verification response message, the authorization verification network element determines that the service consumption network element does not support stopping data processing.
- the authorization verification network element may first determine the user's intention, and then determine whether the service consumption network element has the ability to stop data processing, or first determine whether the service consumption network element has the data processing capability, and then determine the user's intention. This application does not Do limited.
- the authorization verification network element determines that the service consumption network element does not have the ability to support stopping data processing, then at 511, the authorization verification network element sends a data call response message to the service consumption network element, and the data call response message is used to refuse the service consumption network element The data call request message.
- the authorization verification network element determines that the service consumption network element has the ability to support stopping data processing, and the user agrees to perform the operation corresponding to the data call identifier on the user data
- the authorization verification network element obtains user data #1 through the service providing network element, and sends The service consuming network element sends the processed user data #2, and the specific process is shown in steps 512 to 514. It should be understood that steps 512 to 514 and steps 414 to 416 in the method 400 are not described repeatedly for the sake of brevity.
- steps 515 to 518 are similar to steps 417 to 420 in the method 400, and for the sake of brevity, repeated description is omitted.
- Fig. 6 is a schematic block diagram of an apparatus for authorization verification provided by an embodiment of the present application.
- the device 10 includes a transceiver unit 11 and a processing unit 12 .
- the transceiver unit 11 can implement a corresponding communication function, and the processing unit 12 is used for data processing.
- the transceiver unit 11 may also be called a communication interface or a communication unit.
- the device 10 may also include a storage unit, which may be used to store instructions and/or data, and the processing unit 12 may read the instructions and/or data in the storage unit, so that the communication device implements the aforementioned methods. example.
- a storage unit which may be used to store instructions and/or data
- the processing unit 12 may read the instructions and/or data in the storage unit, so that the communication device implements the aforementioned methods. example.
- the device 10 can be used to execute the actions performed by the authorization verification network element in the above method embodiments.
- the device 10 can be an authorization verification network element or a component that can be configured in the authorization verification network element.
- the transceiver unit 11 is used for To perform operations related to sending and receiving on the authorization verification network element side in the above method embodiments, the processing unit 12 is configured to perform processing related operations on the authorization verification network element in the above method embodiments.
- the device 10 is used to perform actions performed by the authorization verification network element in the embodiment shown in FIG. 3 above.
- the transceiver unit is configured to receive a data invocation request message from a service consumption network element, the data invocation request message includes the identifier of the data owner, and the data invocation request message is used to request invocation of the data owner's Data; a processing unit, used to determine whether the service consuming network element has the ability to support stopping processing data, wherein the ability to support stopping processing data is used to indicate that the service consuming network element supports stopping processing obtained from the authorization verification network element data; the processing unit is further configured to reject the data call request message when the service consuming network element does not have the capability.
- the transceiving unit is specifically configured to receive capability indication information from the service consuming network element
- the processing unit In response to the data call request message, the processing unit is specifically configured to determine whether the service consuming network element has the capability to support stopping processing data according to the capability indication information.
- the processing unit specifically It is used to determine that the service consumer does not have the capability to stop processing data, and the capability indication information is used to indicate whether the service consuming network element has the capability.
- the transceiving unit is further configured to send a capability information query request message to the service consuming network element, where the capability information query request message is used to request to query whether the service consuming network element has the capability.
- the transceiver unit is specifically configured to send a data invocation response message to the service consuming network element, the data invocation response message is used to reject the data invocation request message, the data invocation response message includes a cause value, and the cause value is used for The reason for indicating the rejection is that the service consuming network element does not support the capability.
- the authorization verification network element determines that the data owner allows the service consumption network element to use the data of the data owner.
- the transceiving unit is specifically configured to send an intent verification request message to the storage network element, the intent verification request message includes the identity of the data owner, and the intent verification request message is used to request to verify whether the data owner allows the service
- the consuming network element uses the data of the data owner; the transceiving unit is further configured to receive an intent verification response message from the storage network element; the processing unit is specifically configured to determine that the data owner allows the service consumption according to the intent verification request message Network elements use the data of the data owner.
- the device 10 can be used to execute the actions performed by the service consumption network element in the method embodiment above.
- the device 10 can be a service consumption network element or a component that can be configured in the service consumption network element.
- the transceiver unit 11 The processing unit 12 is configured to perform operations related to processing on the service consuming network element side in the above method embodiments.
- the transceiver unit is configured to send a data call request message to an authorization verification network element, where the data call request message includes an identifier of the data owner, and the data call request message is used to request call of the data owner the data of the user; the transceiving unit is also used to receive a capability information query request message from the authorization verification network element, and the capability information query request message is used to request to query whether the service consumption network element has the capability to stop processing data capability; in response to the capability information query request message, the transceiver unit is further configured to send capability indication information to the authorization verification network element, where the capability indication information is used to indicate whether the service consumption network element has the ability.
- the transceiver unit is further configured to receive a data invocation response message from the authorization verification network element, the data invocation response message is used to reject the data invocation request message, and the data invocation response message includes a reason value , the reason value is used to indicate that the reason for the rejection is that the service consuming network element does not have the capability;
- the device further includes: a processing unit, configured to determine that the service consuming network element no longer Request data from the authorization verification network element.
- the device 10 can implement the steps or processes corresponding to the authorization verification network element in the method 400 to the method 500 according to the embodiment of the present application, and the device 10 can include a method for executing the method 400 in FIG. 4 to the method in FIG. 5 An element of the method performed by the authorized verification network element in 500 . Moreover, each unit in the apparatus 10 and the above-mentioned other operations and/or functions are for realizing the corresponding processes of the method 400 to the method 500 respectively.
- the processing unit 12 is used to instruct any step in 402 , 405 , 412 in the method 400 .
- the transceiver unit 11 can be used to execute any of the steps 501, 503, 505, 506, 508, 509-514, 516, and 517 in the method 500.
- the processing unit 12 may be used to perform step 502 in method 500 .
- the device 10 can implement steps or processes corresponding to the execution of the service consumption network element in the method 400 to the method 500 according to the embodiment of the present application, and the device 10 can include a method for executing the method 400 in FIG. 4 to the method in FIG. 5
- the service in 500 consumes elements of the method executed by the network element.
- each unit in the apparatus 10 and the above-mentioned other operations and/or functions are for realizing the corresponding processes of the method 400 to the method 500 respectively.
- the transceiver unit 11 can be used to execute any of the steps 401, 403, 404, 413, 416, and 419 in the method 400, and the processing unit 12 can be used to execute 420 of method 400 .
- the embodiment of the present application also provides an authentication and authorization device 20 .
- the device 20 includes a processor 21, the processor 21 is coupled with a memory 22, the memory 22 is used for storing computer programs or instructions and/or data, and the processor 21 is used for executing the computer programs or instructions and/or data stored in the memory 22, so that The methods in the above method embodiments are performed.
- the device 20 includes one or more processors 21 .
- the device 20 may further include a memory 22 .
- the device 20 may include one or more memories 22 .
- the memory 22 can be integrated with the processor 21, or set separately.
- the device 20 may further include a transceiver 23 for receiving and/or sending signals.
- the processor 21 is used to control the transceiver 23 to receive and/or send signals.
- the device 20 is used to implement the operations performed by the authorization verification network element in the above method embodiments.
- the processor 21 is configured to implement processing-related operations performed by the authorization verification network element in the above method embodiments
- the transceiver 23 is configured to implement transceiving-related operations performed by the authorization verification network element in the above method embodiments.
- the device 20 is configured to implement the operations performed by the service consumption network element in the above method embodiments.
- the processor 21 is configured to implement processing-related operations performed by the service consuming network element in the above method embodiments
- the transceiver 23 is configured to implement transceiving-related operations performed by the service consuming network element in the above method embodiments.
- the embodiment of the present application also provides a processing device, including a processor and an interface; the processor is configured to execute the method in any one of the above method embodiments.
- the above processing device may be one or more chips.
- the processing device may be a field programmable gate array (field programmable gate array, FPGA), an application specific integrated circuit (ASIC), or a system chip (system on chip, SoC). It can be a central processor unit (CPU), a network processor (network processor, NP), a digital signal processing circuit (digital signal processor, DSP), or a microcontroller (micro controller unit) , MCU), can also be a programmable controller (programmable logic device, PLD) or other integrated chips.
- CPU central processor unit
- NP network processor
- DSP digital signal processor
- microcontroller micro controller unit
- PLD programmable logic device
- the embodiment of the present application also provides a computer-readable storage medium, on which is stored the first network element (NF service provider) or the second network element (NF service consumer) or the third Computer instructions of a method performed by a network element (NRF).
- NF service provider the first network element
- NF service consumer the second network element
- NEF network element
- the computer when the computer program is executed by a computer, the computer can implement the method described above by the first network element (NF service provider) or the second network element (NF service consumer) or the third network element (NRF). method of execution.
- NF service provider first network element
- NF service consumer second network element
- NRF third network element
- the embodiment of the present application also provides a computer program product containing instructions.
- the computer implements the method performed by a network element (or NF service provider) in the above method embodiments, or by the second network element.
- An embodiment of the present application further provides a communication system, where the communication system includes the first network element, the second network element, and the third network element in the foregoing embodiments.
- the embodiment of the present application does not specifically limit the specific structure of the execution subject of the method provided in the embodiment of the present application, as long as the program that records the code of the method provided in the embodiment of the present application can be executed according to the method provided in the embodiment of the present application Just communicate.
- the subject of execution of the method provided by the embodiment of the present application may be a terminal device or a network device, or a functional module in the terminal device or network device that can call a program and execute the program.
- the computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media.
- Usable media may include, but are not limited to, magnetic media or magnetic storage devices (for example, floppy disks, hard disks (such as removable hard disks), magnetic tapes), optical media (for example, optical disks, compact discs, etc.) , CD), digital versatile disc (digital versatile disc, DVD, etc.), smart cards and flash memory devices (such as erasable programmable read-only memory (EPROM), card, stick or key drive, etc. ), or semiconductor media (such as solid state disk (SSD), U disk, read-only memory (ROM), random access memory (RAM), etc. can store programs The medium of the code.
- SSD solid state disk
- U disk read-only memory
- RAM random access memory
- Various storage media described herein can represent one or more devices and/or other machine-readable media for storing information.
- the term "machine-readable medium” may include, but is not limited to, wireless channels and various other media capable of storing, containing and/or carrying instructions and/or data.
- the memory mentioned in the embodiments of the present application may be a volatile memory or a nonvolatile memory, or may include both volatile memory and nonvolatile memory.
- the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
- the volatile memory may be random access memory (RAM).
- RAM can be used as an external cache.
- RAM may include the following forms: static random access memory (static RAM, SRAM), dynamic random access memory (dynamic RAM, DRAM), synchronous dynamic random access memory (synchronous DRAM, SDRAM) , double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory (synchlink DRAM, SLDRAM) and Direct memory bus random access memory (direct rambus RAM, DR RAM).
- static random access memory static random access memory
- dynamic RAM dynamic random access memory
- DRAM synchronous dynamic random access memory
- SDRAM synchronous DRAM
- double data rate SDRAM double data rate SDRAM
- DDR SDRAM double data rate SDRAM
- ESDRAM enhanced synchronous dynamic random access memory
- SLDRAM synchronous connection dynamic random access memory
- Direct memory bus random access memory direct rambus RAM, DR RAM
- the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components
- the memory storage module may be integrated in the processor.
- memories described herein are intended to include, but are not limited to, these and any other suitable types of memories.
- the disclosed devices and methods may be implemented in other ways.
- the device embodiments described above are only illustrative.
- the division of the above units is only a logical function division. In actual implementation, there may be other division methods.
- multiple units or components can be combined or can be Integrate into another system, or some features may be ignored, or not implemented.
- the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
- the units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to implement the solutions provided in this application.
- each functional unit in each embodiment of the present application may be integrated into one unit, each unit may exist separately physically, or two or more units may be integrated into one unit.
- a computer can be a general purpose computer, special purpose computer, computer network, or other programmable device.
- the computer can be a personal computer, a server, or a network device, etc.
- Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g. Coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) to another website site, computer, server or data center.
- DSL digital subscriber line
- wireless such as infrared, wireless, microwave, etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
本申请提供了一种数据调用的方法和装置,该方法可以包括:授权验证网元接收来自服务消费网元的数据调用请求消息,该数据调用请求消息包括终端设备的标识,该数据调用请求消息用于请求调用该终端设备的数据;该授权验证网元判断该服务消费网元是否具备支持停止处理数据的能力;在该服务消费网元不具备支持停止处理数据的能力的情况下,该授权验证网元拒绝该服务消费网元的该数据调用请求消息。该方案可以满足用户行使数据使用的撤回权的需求。
Description
本申请要求于2021年09月30日提交中国专利局、申请号为202111166931.5、申请名称为“数据调用的方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本申请涉及通信技术领域,尤其涉及一种数据调用的方法和装置。
《个人信息保护法》以及《General Data Protection Regulation,GDPR》等保护个人信息的法律都对如何保护个人信息提出了要求。例如,如果企业想处理个人信息,需要获取用户的同意。如果用户在授权企业处理自己的个人信息之后,想要撤销用户同意,即撤销授权企业对个人信息的继续处理,企业不应再对个人信息进行处理。
然而,有些请求数据的网络设备不支持撤销用户同意,从而导致用户的撤销权可能无法行使,因此存在法律风险。鉴于此,希望提供一种技术,可以满足用户在网络中行使撤回权的需求。
发明内容
本申请提供了一种数据调用的方法和装置,以便满足用户在网络中行使数据使用的撤回权的需求。
第一方面,提供了一种数据调用的方法,其特征在于,包括:授权验证网元接收来自服务消费网元的数据调用请求消息,该数据调用请求消息包括数据所有者的标识,该数据调用请求消息用于请求调用该数据所有者的数据;该授权验证网元判断该服务消费网元是否具备支持停止处理数据的能力,其中,该能力用于表征该服务消费网元支持停止处理从该授权验证网元获取的数据;在该服务消费网元不具备该能力的情况下,该授权验证网元拒绝该数据调用请求消息。
其中,支持停止处理从授权验证网元获取的数据,可以表示服务消费网元支持在授权验证网元的指示下,停止处理从授权验证网元获取数据,或者说,服务消费网元可以识别授权验证网元发送的通知处理数据的指示信息,并支持根据该指示信息从授权验证网元获取数据。
通过以上方案,授权验证网元根据服务消费网元是否具备支持停止处理数据的能力,从而判断是否可以执行服务消费网元的数据调用请求。如果服务消费网元不具备支持停止处理数据的能力,则授权验证网元拒绝执行服务消费网元的数据调用请求。在该方案的基础上,当终端设备同意了服务消费网元的数据调用后,可以随时行使撤回权,即终端设备可以随时取消同意服务消费网元对数据的调用,可以避免相关法规的风险。
结合第一方面,在第一方面的某些实现方式中,该授权验证网元判断该服务消费网元 是否具备支持停止处理数据的能力,包括:该授权验证网元接收来自该服务消费网元的能力指示信息;响应于该数据调用请求消息,该授权验证网元根据该能力指示信息,确定该服务消费网元是否具备支持停止处理数据的能力。
基于以上方案,授权验证网元根据服务消费网元的能力指示信息确定消费网元是否支持停止处理该数据,从而可以根据服务消费网元是否具备支持停止处理数据的能力,进一步判断是否可以执行服务消费网元的数据调用请求。
结合第一方面,在第一方面的某些实现方式中,该授权验证网元判断该服务消费网元是否具备支持停止处理数据的能力,包括:在该授权验证网元没有接收到来自该服务消费网元的能力指示信息的情况下,或者在该授权验证网元的上下文没有保存该服务消费网元的能力指示信息的情况下,该授权验证网元确定该服务消费者不具备支持停止处理数据的能力,该能力指示信息用于指示该服务消费网元是否具备该能力。
一种实现方式,如果服务消费网元具备支持停止处理数据的能力,则服务消费网元在发送数据调用请求消息之前,上报能力指示信息,该能力指示信息用于指示该服务消费网元具备支持停止处理数据的能力。授权验证网元可以根据该能力指示信息确定服务消费网元支持停止处理该数据;如果授权验证网元没有接收到该能力指示信息,则授权验证网元确定该服务消费网元不支持停止处理该数据。
另一种实现方式,该授权验证网元向该服务消费网元发送能力信息查询请求消息,该能力信息查询请求消息用于请求查询该服务消费网元是否支持停止处理该数据。如果服务消费网元支持停止处理数据,则服务消费网元向该授权验证网元上报能力指示信息,该能力知识性信息用于指示该服务消费网元支持停止处理个人数据。授权验证网元可以根据该能力指示信息确定该服务消费者支持停止处理该数据;如果授权验证网元在发送了该能力信息查询请求消息之后,没有在设定的时间内接收到该服务消费网元上报的能力指示信息,则授权验证网元确定该服务消费网元不支持停止处理该数据。
基于以上方案,授权验证网元可以灵活判断该服务消费网元是否支持停止处理该终端设备的数据,从而可以根据判断结果判断是否可以执行服务消费网元的数据调用请求。
结合第一方面,在第一方面的某些实现方式中,该方法还包括:该授权验证网元向该服务消费网元发送能力信息查询请求消息,该能力信息查询请求消息用于请求查询该服务消费网元是否具备该能力。
基于以上方案,授权验证网元可以通过能力信息查询请求消息,确定服务消费网元是否具备停止数据处理的能力,从而可以根据服务消费网元是否具备该能力判断是否处理服务消费网元的数据请求。
结合第一方面,在第一方面的某些实现方式中,该授权验证网元拒绝该服务消费网元的该数据调用请求消息,包括:该授权验证网元向该服务消费网元发送数据调用响应消息,该数据调用响应消息用于拒绝该数据调用请求消息,该数据调用响应消息包括原因值,该原因值用于指示拒绝该数据调用请求消息的原因。作为一种示例,该原因值用于指示拒绝的原因为该服务消费网元不支持该能力。
基于以上方案,当服务消费网元不具备支持停止处理数据的能力,则授权验证网元向服务消费网元发送用于拒绝数据调用的响应消息,并通过原因值向服务消费网元指示拒绝的原因。这样可以使得服务消费网元确定被拒绝的原因,从而不再发起数据调用,节省资 源。
结合第一方面,在第一方面的某些实现方式中,该方法还包括:该授权验证网元确定该数据所有者允许该服务消费网元使用该数据所有者的数据。
基于以上方案,数据验证网元可以在确定了数据所有者允许服务消费网元使用该数据所有者的数据的情况下,再验证服务消费网元是否具备支持停止数据处理的能力。当数据所有者允许服务消费网元使用该数据所有者的数据,且服务消费网元支持停止数据处理的能力,则数据验证网元才执行服务消费网元的数据调用请求,从而保证服务消费网元的数据调用请求得到了用户同意,且用户可以行使撤回权。
结合第一方面,在第一方面的某些实现方式中,该授权验证网元确定该数据所有者允许该服务消费网元使用该数据所有者的数据,包括:该授权验证网元向存储网元发送意向验证请求消息,该意向验证请求消息包括该数据所有者的标识,该意向验证请求消息用于请求验证所述数据所有者是否允许该服务消费网元使用该数据所有者的数据;该授权验证网元从存储网元接收意向验证响应消息;该授权验证网元根据该意向验证响应消息确定该数据所有者允许该服务消费网元使用该数据所有者的数据。
基于以上方案,授权验证网元可以通过存储网元验证数据所有者是否允许服务消费网元使用该数据所有者的数据,以保证提供给服务消费网元的数据经过了数据所有者的同意,防止数据被滥用。
第二方面,提供了一种数据调用的方法,该方法包括:服务消费网元向授权验证网元发送数据调用请求消息,该数据调用请求消息包括数据所有者的标识,该数据调用请求消息用于请求调用该数据所有者的数据;所述服务消费网元接收来自所述授权验证网元的数据调用响应消息,所述数据调用响应消息用于拒绝所述数据调用请求消息,所述数据调用响应消息包括原因值,所述原因值用于指示拒绝所述数据调用请求消息的原因。
基于上述方案,服务消费网元可以根据授权验证网元发送的数据调用响应消息,获取授权验证网元拒绝的原因值。从而可以进一步根据原因值确定是否可以重新请求调用数据所有者的数据。
结合第二方面,在第二方面的某些实现方式中,该方法还包括:根据所述原因值,所述服务消费网元确定不再向所述授权验证网元请求获取数据。
基于上述方案,服务消费网元可以根据原因值确定是否再向授权验证网元请求获取数据。作为一种示例,当原因值指示拒绝的原因为服务消费网元不具备停止处理数据的能力,则服务消费网元确定不再向所述授权验证网元请求获取数据。
结合第二方面,在第二方面的某些实现方式中,该方法还包括:该服务消费网元接收来自该授权验证网元的能力信息查询请求消息,该能力信息查询请求消息用于请求查询该服务消费网元是否具备支持停止处理数据的能力;响应于该能力信息查询请求消息,该服务消费网元向该授权验证网元发送能力指示信息,该能力指示信息用于指示该服务消费网元是否具备该能力。
基于上述方案,服务消费网元可以根据授权验证网元的能力信息查询请求,上报能力指示信息,以指示该服务消费网元是否支持停止处理终端设备的数据,从而使得授权验证网元可以根据该服务消费网元是否支持停止处理该终端设备的数据,决定是否执行服务消费网元的数据调用请求。
第三方面,提供了一种数据调用的装置,包括:收发单元,用于接收来自服务消费网元的数据调用请求消息,该数据调用请求消息包括数据所有者的标识,该数据调用请求消息用于请求调用该数据所有者的数据;处理单元,用于判断该服务消费网元是否具备支持停止处理数据的能力,其中,该能力用于表征该服务消费网元支持停止处理从该授权验证网元获取的数据;该处理单元,还用于在该服务消费网元不具备该能力的情况下,拒绝该数据调用请求消息。
结合第三方面,在第三方面的某些实现方式中,该收发单元具体用于接收来自该服务消费网元的能力指示信息;响应于该数据调用请求消息,该处理单元具体用于根据该能力指示信息,确定该服务消费网元是否具备支持停止处理数据的能力。
结合第三方面,在第三方面的某些实现方式中,在该收发单元没有接收到来自该服务消费网元的能力指示信息的情况下,或者在该装置的上下文没有保存该服务消费网元的能力指示信息的情况下,该处理单元具体用于确定该服务消费者不具备支持停止处理数据的能力,该能力指示信息用于指示该服务消费网元是否具备该能力。
结合第三方面,在第三方面的某些实现方式中,该收发单元,还用于向该服务消费网元发送能力信息查询请求消息,该能力信息查询请求消息用于请求查询该服务消费网元是否具备该能力。
结合第三方面,在第三方面的某些实现方式中,该收发单元具体用于向该服务消费网元发送数据调用响应消息,该数据调用响应消息用于拒绝该数据调用请求消息,该数据调用响应消息包括原因值,该原因值用于指示拒绝该数据调用请求消息的原因。
结合第三方面,在第三方面的某些实现方式中,该装置还包括:该授权验证网元确定该数据所有者允许该服务消费网元使用该数据所有者的数据。
结合第三方面,在第三方面的某些实现方式中,该收发单元具体用于向存储网元发送意向验证请求消息,该意向验证请求消息包括该数据所有者的标识,该意向验证请求消息用于请求验证该数据所有者是否允许该服务消费网元使用该数据所有者的数据;该收发单元具体还用于从存储网元接收意向验证响应消息;该处理单元具体用于,根据该意向验证响应消息确定该数据所有者允许该服务消费网元使用该数据所有者的数据。
第四方面,提供了一种数据调用的装置,包括:收发单元,用于向授权验证网元发送数据调用请求消息,该数据调用请求消息包括数据所有者的标识,该数据调用请求消息用于请求调用该数据所有者的数据;该收发单元,还用于接收来自所述授权验证网元的数据调用响应消息,所述数据调用响应消息用于拒绝所述数据调用请求消息,所述数据调用响应消息包括原因值,所述原因值用于指示拒绝所述数据调用请求消息的原因。
结合第四方面,在第四方面的某些实现方式中,该装置还包括:处理单元,用于根据所述原因值,确定不再向所述授权验证网元请求获取数据。
结合第四方面,在第四方面的某些实现方式中,该收发单元,还用于接收来自该授权验证网元的能力信息查询请求消息,该能力信息查询请求消息用于请求查询该服务消费网元是否具备支持停止处理数据的能力;响应于该能力信息查询请求消息,该收发单元还用于向该授权验证网元发送能力指示信息,该能力指示信息用于指示该服务消费网元是否具备该能力。
第五方面,提供一种通信装置,该装置用于执行上述第一方面至第四方面提供的方法。 具体地,该装置可以包括用于执行第一方面至第四方面提供的方法的单元和/或模块,如处理单元和/或通信单元。
在一种实现方式中,该装置为网络设备,例如该装置为授权验证网元。当该装置为网络设备时,通信单元可以是收发器,或,输入/输出接口;处理单元可以是处理器。
在另一种实现方式中,该装置为用于网络设备中的芯片、芯片系统或电路。当该装置为用于通信设备中的芯片、芯片系统或电路时,通信单元可以是该芯片、芯片系统或电路上的输入/输出接口、接口电路、输出电路、输入电路、管脚或相关电路等;处理单元可以是处理器、处理电路或逻辑电路等。
一种可能情况,该装置为授权验证网元中的芯片、芯片系统或电路。在该情况下,该装置可以包括用于执行第一方面提供的方法的单元和/或模块,如处理单元和/或通信单元。
在另一种实现方式中,该装置为服务消费网元。当该装置为服务消费网元时,通信单元可以是收发器,或,输入/输出接口;处理单元可以是处理器。
一种可能情况,该装置为服务消费网元或服务消费网元中的芯片、芯片系统或电路。在该情况下,该装置可以包括用于执行第二方面提供的方法的单元和/或模块,如处理单元和/或通信单元。
可选地,上述收发器可以为收发电路。可选地,上述输入/输出接口可以为输入/输出电路。
第六方面,提供一种通信装置,该装置包括:存储器,用于存储程序;处理器,用于执行存储器存储的程序,当存储器存储的程序被执行时,处理器用于执行上述第一方面至第二方面提供的方法。
第七方面,本申请提供一种处理器,用于执行上述各方面提供的方法。在执行这些方法的过程中,上述方法中有关发送上述信息和获取/接收上述信息的过程,可以理解为由处理器输出上述信息的过程,以及处理器接收输入的上述信息的过程。在输出上述信息时,处理器将该上述信息输出给收发器,以便由收发器进行发射。该上述信息在由处理器输出之后,还可能需要进行其他的处理,然后才到达收发器。类似的,处理器接收输入的上述信息时,收发器获取/接收该上述信息,并将其输入处理器。更进一步的,在收发器收到该上述信息之后,该上述信息可能需要进行其他的处理,然后才输入处理器。
基于上述原理,举例来说,前述方法中提及的接收请求消息可以理解为处理器接收输入的信息。
对于处理器所涉及的发射、发送和获取/接收等操作,如果没有特殊说明,或者,如果未与其在相关描述中的实际作用或者内在逻辑相抵触,则均可以更加一般性的理解为处理器输出和接收、输入等操作,而不是直接由射频电路和天线所进行的发射、发送和接收操作。
在实现过程中,上述处理器可以是专门用于执行这些方法的处理器,也可以是执行存储器中的计算机指令来执行这些方法的处理器,例如通用处理器。上述存储器可以为非瞬时性(non-transitory)存储器,例如只读存储器(read only memory,ROM),其可以与处理器集成在同一块芯片上,也可以分别设置在不同的芯片上,本申请实施例对存储器的类型以及存储器与处理器的设置方式不做限定。
第八方面,提供一种计算机可读存储介质,该计算机可读介质存储用于设备执行的程 序代码,该程序代码包括用于执行上述第一方面至第二方面提供的方法。
第九方面,提供一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行上述第一方面至第二方面提供的方法。
第十方面,提供一种芯片,该芯片包括处理器与通信接口,该处理器通过该通信接口读取存储器上存储的指令,执行上述第一方面至第二方面提供的方法。
可选地,作为一种实现方式,该芯片还可以包括存储器,该存储器中存储有指令,该处理器用于执行该存储器上存储的指令,当该指令被执行时,该处理器用于执行上述第一方面至第二方面提供的方法。
图1是一种适用于本申请实施例的网络结构的示意图。
图2是一种数据调用的方法的示意性流程图。
图3是本申请实施例提供的一种数据调用的方法的示例性流程图。
图4是本申请实施例提供的另一种数据调用的方法的示例性流程图。
图5是本申请实施例提供的又一种数据调用的方法的示例性流程图。
图6是本申请实施例提供的数据调用的装置的示意性框图。
图7是本申请实施例提供的数据调用的装置的结构示意图。
为了使本申请的目的、技术方案和优点更加清楚,下面将结合附图,对本申请中的技术方案进行描述。方法实施例中的具体操作方法也可以应用于装置实施例或系统实施例中。其中,在本申请的描述中,除非另有说明,“多个”的含义是两个或两个以上。
在本申请的各个实施例中,如果没有特殊说明以及逻辑冲突,不同的实施例之间的术语和/或描述具有一致性、且可以相互引用,不同的实施例中的技术特征根据其内在的逻辑关系可以组合形成新的实施例。
可以理解的是,在本申请中涉及的各种数字编号仅为描述方便进行的区分,并不用来限制本申请的范围。上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定。
为了解决背景技术提及的问题,如图1的(a)所示,本申请提供了一种通信系统,该通信系统包括服务消费网元(10)和授权验证网元(20)。其中,该授权验证网元用于:接收来自服务消费网元的数据调用请求消息,该数据调用请求消息包括数据所有者的标识,该数据调用请求消息用于请求调用该数据所有者的数据;判断该服务消费网元是否具备支持停止处理该数据的能力;在该服务消费网元不具备支持停止处理该数据的能力的情况下,拒绝该服务消费网元的该数据调用请求消息。
应理解,图1的(a)中各网元之间的具体交互过程可以参照图3中的方法流程,具体实现方案见方法300中的详细说明。
本申请提供的技术方案可以应用于各种通信系统,例如:第五代(5th generation,5G)或新无线(new radio,NR)系统、长期演进(long term evolution,LTE)系统、LTE频分双工(frequency division duplex,FDD)系统、LTE时分双工(time division duplex,TDD) 系统等。本申请提供的技术方案还可以应用于未来的通信系统,如第六代移动通信系统。本申请提供的技术方案还可以应用于设备到设备(device to device,D2D)通信,车到万物(vehicle-to-everything,V2X)通信,机器到机器(machine to machine,M2M)通信,机器类型通信(machine type communication,MTC),以及物联网(internet of things,IoT)通信系统或者其他通信系统。
如图1的(b)所示,为基于服务化架构的第五代(5th generation,5G)网络架构示意图。
图1的(b)所示的5G网络架构中可包括三部分,分别是终端设备部分、数据网络(data network,DN)和运营商网络部分。下面对其中的部分网元的功能进行简单介绍说明。
其中,运营商网络可包括以下网元中的一个或多个:鉴权服务器功能(authentication server function,AUSF)网元、网络开放功能(network exposure function,NEF)网元、策略控制功能(policy control function,PCF)网元、统一数据管理(unified data management,UDM)网元、统一数据库(unified data repository,UDR)、网络存储功能(network repository function,NRF)网元、应用功能(application function,AF)网元、接入与移动性管理功能(access and mobility management function,AMF)网元、会话管理功能(session management function,SMF)网元、无线接入网(radioaccess network,RAN)以及用户面功能(user plane function,UPF)网元等。上述运营商网络中,除无线接入网部分之外的部分可以称为核心网络部分。
1、终端设备(terminal device):也可以成为用户设备(user equipment,UE),是一种具有无线收发功能的设备,可以部署在陆地上,包括室内或室外、手持或车载;也可以部署在水面上(如轮船等);还可以部署在空中(例如飞机、气球和卫星上等)。所述终端设备可以是手机(mobile phone)、平板电脑(pad)、带无线收发功能的电脑、虚拟现实(virtual reality,VR)终端、增强现实(augmented reality,AR)终端、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程医疗(remote medical)中的无线终端、智能电网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端等。这里的终端设备,指的是第三代合作伙伴计划(3rd generation partnership project,3GPP)终端。为便于说明,本申请后续以UE代指终端设备为例进行说明。
上述终端设备可通过运营商网络提供的接口(例如N1等)与运营商网络建立连接,使用运营商网络提供的数据和/或语音等服务。终端设备还可通过运营商网络访问DN,使用DN上部署的运营商业务,和/或第三方提供的业务。其中,上述第三方可为运营商网络和终端设备之外的服务方,可为终端设备提供他数据和/或语音等服务。其中,上述第三方的具体表现形式,具体可根据实际应用场景确定,在此不做限制。
2、无线接入网络(radio access network,RAN)网元:在下文中简称为RAN,对应接入网设备。
RAN是运营商网络的子网络,是运营商网络中业务节点与终端设备之间的实施系统。终端设备要接入运营商网络,首先是经过RAN,进而可通过RAN与运营商网络的业务节点连接。本申请中的RAN设备,是一种为终端设备提供无线通信功能的设备,RAN设备也称为接入网设备。本申请中的RAN设备包括但不限于:5G中的下一代基站(g nodeB, gNB)、演进型节点B(evolved node B,eNB)、无线网络控制器(radio network controller,RNC)、节点B(node B,NB)、基站控制器(base station controller,BSC)、基站收发台(base transceiver station,BTS)、家庭基站(例如,home evolved nodeB,或home node B,HNB)、基带单元(baseBand unit,BBU)、传输点(transmitting and receiving point,TRP)、发射点(transmitting point,TP)、移动交换中心等。3、用户面功能(user plane function,UPF):用于分组路由和转发以及用户面数据的服务质量(quality of service,QoS)处理等。
在5G通信系统中,该用户面网元可以是用户面功能(user plane function,UPF)网元。在未来通信系统中,用户面网元仍可以是UPF网元,或者,还可以有其它的名称,本申请不做限定。
4、多播/广播用户面功能(multicast/broadcast-user plane function,MB-UPF)
MB-UPF主要负责将多播广播流传送到RAN(或者UPF),可以进行多播广播流的包过滤、分发,实现多播广播服务的QoS增强以及计数/上报等。本申请中的MB-UPF和UPF不做严格区分,使用(MB-)UPF表示MB-UPF或者UPF。
5、数据网络(data network,DN):用于提供传输数据的网络。
在5G通信系统中,该数据网络网元可以是数据网络网元。在未来通信系统中,数据网络网元仍可以是DN网元,或者,还可以有其它的名称,本申请不做限定。
6、接入和移动管理网元
接入和移动管理网元主要用于移动性管理和接入管理等,可以用于实现MME功能中除会话管理之外的其它功能,例如,合法监听以及接入授权/鉴权等功能。
在5G通信系统中,该接入和移动管理网元可以是接入和移动管理功能(access and mobility management function,AMF)。在未来通信系统中,接入和移动管理设备仍可以是AMF,或者,还可以有其它的名称,本申请不做限定。
7、会话管理功能(session management function,SMF):主要用于会话管理、用户设备的网络互连协议(internet protocol,IP)地址分配和管理、选择可管理用户平面功能、策略控制和收费功能接口的终结点以及下行数据通知等。
在5G通信系统中,该会话管理网元可以是会话管理功能网元。在未来通信系统中,会话管理网元仍可以是SMF网元,或者,还可以有其它的名称,本申请不做限定。
8、多播/广播会话管理功能(multicast/broadcast-session management function,MB-SMF)
MB-SMF主要负责多播广播会话管理,控制多播广播传输,根据PCF提供或本地配置的多播广播服务是策略规则对MB-UPF和RAN进行相应的配置,以完成多播广播流的传输。本申请中的MB-SMF和SMF不做严格区分,使用(MB-)SMF表示MB-SMF或者SMF。
9、策略控制功能(policy control function,PCF):用于指导网络行为的统一策略框架,为控制面功能网元(例如AMF,SMF等)提供策略规则信息等。
在4G通信系统中,该策略控制网元可以是策略和计费规则功能(policy and charging rules function,PCRF)网元。在5G通信系统中,该策略控制网元可以是策略控制功能PCF网元。在未来通信系统中,策略控制网元仍可以是PCF网元,或者,还可以有其它的名称,本申请不做限定。
10、应用功能(application function,AF):用于进行应用影响的数据路由,无线接入网络开放功能网元,与策略框架交互进行策略控制等。
在5G通信系统中,该应用网元可以是应用功能网元。在未来通信系统中,应用网元仍可以是AF网元,或者,还可以有其它的名称,本申请不做限定。
11、统一数据管理(unified data management,UDM):用于处理UE标识,接入鉴权,注册以及移动性管理等。
在5G通信系统中,该数据管理网元可以是统一数据管理网元;在4G通信系统中,该数据管理网元可以是归属用户服务器(home subscriber server,HSS)网元在未来通信系统中,统一数据管理仍可以是UDM网元,或者,还可以有其它的名称,本申请不做限定。
12、统一数据存储(unified data repository,UDR):主要包括以下功能:签约数据、策略数据、应用数据等类型数据的存取功能。
13、认证服务器(authentication server function,AUSF):用于鉴权服务、产生密钥实现对用户设备的双向鉴权,支持统一的鉴权框架。
在5G通信系统中,该认证服务器可以是认证服务器功能网元。在未来通信系统中,认证服务器功能网元仍可以是AUSF网元,或者,还可以有其它的名称,本申请不做限定。
14、数据网络(data network,DN):DN是位于运营商网络之外的网络,运营商网络可以接入多个DN,DN上可部署多种业务,可为终端设备提供数据和/或语音等服务。例如,DN是某智能工厂的私有网络,智能工厂安装在车间的传感器可为终端设备,DN中部署了传感器的控制服务器,控制服务器可为传感器提供服务。传感器可与控制服务器通信,获取控制服务器的指令,根据指令将采集的传感器数据传送给控制服务器等。又例如,DN是某公司的内部办公网络,该公司员工的手机或者电脑可为终端设备,员工的手机或者电脑可以访问公司内部办公网络上的信息、数据资源等。
图1的(b)中Nausf、Nnef、Npcf、Nudm、Naf、Namf、Nsmf、N1、N2、N3、N4,以及N6为接口序列号。这些接口序列号的含义可参见3GPP标准协议中定义的含义,在此不做限制。
在图1的(b)所示的网络架构中,各网元之间可以通过图中所示的接口通信。如图所示,UE和AMF之间可以通过N1接口进行交互,交互消息例如可以称为N1消息(N1Message)。RAN和AMF之间可以通过N2接口进行交互,N2接口可以用于非接入层(non-access stratum,NAS)消息的发送等。RAN和UPF之间可以通过N3接口进行交互,N3接口可以用于传输用户面的数据等。SMF和UPF之间可以通过N4接口进行交互,N4接口可以用于传输例如N3连接的隧道标识信息,数据缓存指示信息,以及下行数据通知消息等信息。UPF和DN之间可以通过N6接口进行交互,N6接口可以于传输用户面的数据等。其他接口与各网元之间的关系如图1中所示,为了简洁,这里不一一详述。
应理解,上述应用于本申请实施例的网络架构仅是举例说明的从服务化架构的角度描述的网络架构,适用本申请实施例的网络架构并不局限于此,任何能够实现上述各个网元的功能的网络架构都适用于本申请实施例。
还应理解,图1中所示的AMF、SMF、UPF、网络切片选择功能网元(network slice selection function,NSSF)、NEF、AUSF、NRF、PCF、UDM可以理解为核心网中用于实现不同功能的网元,例如可以按需组合成网络切片。这些核心网网元可以各自独立的设 备,也可以集成于同一设备中实现不同的功能,本申请对于上述网元的具体形态不作限定。
还应理解,上述命名仅为便于区分不同的功能而定义,不应对本申请构成任何限定。本申请并不排除在5G网络以及未来其它的网络中采用其他命名的可能。例如,在6G网络中,上述各个网元中的部分或全部可以沿用5G中的术语,也可能采用其他名称等。图1中的各个网元之间的接口名称只是一个示例,具体实现中接口的名称可能为其他的名称,本申请对此不作具体限定。此外,上述各个网元之间的所传输的消息(或信令)的名称也仅仅是一个示例,对消息本身的功能不构成任何限定。
可以理解的是,上述网元或者功能既可以是硬件设备中的网络元件,也可以是在专用硬件上运行软件功能,或者是平台(例如,云平台)上实例化的虚拟化功能。为方便说明,本申请后续,以网络设备为接入和移动管理网元AMF,基站为无线接入网络RAN为例进行说明。
应理解,上述应用于本申请实施例的网络架构仅是一种举例说明,适用本申请实施例的网络架构并不局限于此,任何能够实现上述各个网元的功能的网络架构都适用于本申请实施例。
例如,在某些网络架构中,AMF、SMF网元、PCF网元、BSF网元以及UDM网元等网络功能网元实体都称为网络功能(network function,NF)网元;或者,在另一些网络架构中,AMF,SMF网元,PCF网元,BSF网元,UDM网元等网元的集合都可以称为控制面功能网元。
本申请实施例描述的网络架构以及业务场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着网络架构的演变和新业务场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。
本申请实施例的各个方面或特征可以实现成方法、装置或使用标准编程和/或工程技术的制品。本申请中使用的术语“制品”涵盖可从任何计算机可读器件、载体或介质访问的计算机程序。例如,计算机可读介质可以包括,但不限于:磁存储器件(例如,硬盘、软盘或磁带等),光盘(例如,压缩盘(compact disc,CD)、数字通用盘(digital versatile disc,DVD)等),智能卡和闪存器件(例如,可擦写可编程只读存储器(erasable programmable read-only memory,EPROM)、卡、棒或钥匙驱动器等)。另外,本文描述的各种存储介质可代表用于存储信息的一个或多个设备和/或其它机器可读介质。术语“机器可读介质”可包括但不限于,无线信道和能够存储、包含和/或承载指令和/或数据的各种其它介质。
下面,结合图2简单介绍一种数据处理的方法200。从图2中可以看出,方法200包括:
201,NF服务消费者向NWDAF发送数据调用请求消息。
示例性地,该NF服务消费者也可以称为NF consumer,该NF服务消费者例如可以是AF、PCF等请求分析数据的网元。NF服务消费者向NWDAF发送数据调用请求(Nnwdaf_AnalyticsSubscription_Subscribe Request)消息。该消息中包括用户设备的标识(例如用户设备的SUPI)以及分析标识(Analytics ID),该分析标识用于指示当前的分析,例如该分析标识用于标识用户设备的移动性分析(UE mobility Analytics),又例如,该分析标识用于标识用户设备的通信分析(UE communication Analytics)等。
202,NWDAF判断是否需要校验用户意向。
示例性地,NWDAF接收来自NF服务消费者的数据调用请求消息之后,根据本地策略判断本次数据调用是否需要校验用户意向,即判断是否需要检验用户是否同意本次数据调用。
例如,NWDAF根据本地策略判断本次调用是否涉及对用户个人数据的操作,如果涉及的话,则NWDAF确定需要对本次调用校验用户意向,如果不涉及的话,则NWDAF确定不需要对本次调用校验用户意向。
在本次数据调用需要校验用户意向的情况下,NWDAF可以通过UDM获取校验结果。示例性地:
203,NWDAF向UDM发送签约信息请求消息。
示例性地,NWDAF向UDM发送签约信息请求(Nudm_SDM_Get Request)消息,该签约信息请求消息用于请求获取用户设备的签约信息,该请求消息中包括该用户设备的标识(例如该用户设备的SUPI)。
204,UDM获取用户签约信息。
示例性地,UDM接收到来自NWDAF的签约信息请求消息,然后根据该签约信息请求消息中携带的用户设备的标识,获取该用户设备的签约信息。该签约信息包括操作指示和用户意向指示。
其中,该数据操作指示用于指示对数据的操作,该数据操作指示的具体形式可以是API名称,可选的,还可以加上API输入。用户意向指示用于指示用户是否同意数据操作指示对于数据的操作。例如,用户意向指示为1,则表示用户同意数据操作指示对于数据的操作;又例如,用户意向指示为0,则标识用户不同意数据操作指示对于数据的操作。
可选的,该签约信息中还可以包括数据处理者的标识。该数据处理者的标志可以是PLMN ID,AS ID等。
若签约信息中包括数据处理者的标识,则用户意向指示用于指示是否同意数据处理者对数据执行数据操作指示所对应的操作。
205,UDM向NWDAF发送签约信息响应消息。
示例性地,UDM获取到用户签约信息之后,向NWDAF发送签约信息响应(Nudm_SDM_Get Response)消息,该签约信息响应消息中包括用户意向指示和数据操作指示,可选的还包括数据处理者的标识。
206,NWDAF确定用户意向。
示例性地,NWDAF接收来自UDM的签约信息响应消息,然后根据该签约信息响应消息中携带的信息,判断用户是否同意数据操作指示对应的操作。例如,NWDAF从签约信息响应消息中携带的数据操作指示和用户意向指示,查找与步骤201的数据调用请求消息中携带的分析标识相对应的数据操作所对应的用户意向,若该用户意向为同意,则表示用户同意分析标识所对应的操作;若用户意向为不同意,则标识用户不同意分析标识所对应的操作。
207,NWDAF向UDM发送签约信息订阅请求消息。
示例性地,如果NWDAF确定用户意向为用户同意数据操作指示对应的操作,则NWDAF向UDM发送签约信息订阅请求(Nudm_SDM_Subscribe Request)消息,该签约 信息请求消息中包括用户设备的标识(例如用户设备的SUPI)。可选的,该签约信息请求消息中还包括用于设备的签约类型,该签约类型用于指示用户设备同意的签约类型。该签约信息请求消息用于请求订阅签约信息变更事件。当订阅成功之后,一旦用户设备的签约信息发生改变,UDM将通知NWDAF。
208,UDM向NWDAF发送签约信息订阅响应消息。
示例性地,UDM接收到来自NWDAF的签约信息订阅请求消息之后,向NWDAF发送签约信息订阅响应(Nudm_SDM_Subscribe Reponse)消息,该签约信息订阅响应消息用于指示订阅签约信息变更事件成功。
209,NWDAF向NF服务消费者发送数据调用响应消息。
示例性地,如果步骤206中,NWDAF确定用户意向为不同意数据操作指示对应的操作,则NWDAF可以跳过步骤207至步骤208,直接向NF服务消费者发送数据调用响应(Nnwdaf_AnalyticsSubscription_Subscribe Response)消息,该数据调用响应消息用于指示数据调用请求失败。
如果在步骤206中,NWDAF确定用户意向为同意数据操作指示对应的操作,则NWDAF向NF服务消费者发送数据调用响应(Nnwdaf_AnalyticsSubscription_Subscribe Response)消息,该数据调用响应消息用于指示数据调用请求成功。
210,NWDAF向NF服务提供者发送用户数据请求消息。
示例性地,如果NWDAF确定用户意向为同意数据操作指示对应的操作,则NWDAF可以向NF服务提供者(NF consumer)发送用户数据请求消息,该用户数据请求消息包括用户设备的标识(例如用户设备的SUPI),该用户数据请求消息用于请求获取该用户设备的用户数据。
211,NF服务提供者向NWDAF发送用户数据响应消息。
示例性地,NF服务提供者接收到来自NEWDAF的用户数据请求消息之后,向NWDAF发送用户数据响应(Nnf_EventExposure_Notify)消息,该用户数据响应消息中包括NWDAF请求的用户数据。一种实例,这里的NF服务提供者为AMF,这里的用户数据为用户设备的位置数据(如TAI等);又一示例,这里的NF服务提供者为SMF,这里的用户数据为用户设备的通信数据(例如通信间隔、通信速率等)。
212,NWDAF向NF服务消费者发送数据分析通知消息。
示例性地,NWDAF从来自NF服务提供者的用户数据响应消息中获取用户数据,并按照服务消费者请求的分析(步骤201中数据调用请求消息携带的分析标识所指示的分析),对该用户数据进行分析处理,获得分析结果。该分析结果例如可以包括用户设备的位置统计信息,或者用户设备的通信特征信息。
进一步的,NWDAF向NF服务消费者发送数据分析通知(Nnwdaf_AnalysisSubscription_Notify)消息,该数据分析通知消息中包括分析结果。
213,UDM更新用户签约信息。
示例性地,当步骤204中的用户签约信息中的用户意向指示为用户设备同意数据操作指示对应的操作,但此时用户希望行使撤回权,即用户设备不再同意数据操作指示对应的操作,此时会导致用户签约信息的变更。例如,用户设备不再同意对其移动性进行分析,则签约信息中的分析标识为用户设备移动性分析(UE mobility Analytics)对应的数据操作 对应的用户意向变更为“不同意”。对应的,UDM更新用户签约信息。
214,UDM向NWDAF发送签约信息变更通知消息。
示例性地,由于NWDAF订阅了签约信息变更事件,因此在UDM更新了用户签约信息之后,UDM向NWDAF发送签约信息变更通知消息,该签约信息变更通知消息中携带变更后的签约信息。
215,NWDAF向NF服务消费者发送数据调用通知消息。
示例性地,NWDAF接收到UDM发送的签约信息变更通知消息,且根据该签约信息变更通知消息中携带的签约信息确定用户设备不再同意数据操作指示对应的操作,则NWDAF向NF服务消费者发送数据调用通知(Nnwdaf_AnalyticsSubscription_Notify)消息,该数据调用通知消息包括终止指示(Termination Request),该终止指示用于指示NF服务消费者终止对用户数据进行处理。
216,NF服务消费者向NWDAF发送数据调用去订阅通知消息。
示例性地,NF服务消费者接收到来自NWDAF发送的数据调用通知消息之后,根据该数据调用通知消息中的终止指示终止对用户数据进行处理,并向NWDAF发送数据调用去订阅通知消息,用于去订阅步骤201的分析事件。
然而在上述方案中,如果NF服务消费者不支持停止数据处理,则用户便无法行使撤回权,同时可能存在法律风险。
图3示出了本申请实施例提供的数据调用的方法300的示例性流程图。该方法300包括:
301,服务消费网元向授权验证网元发送数据调用请求消息。
示例性地,该数据调用请求消息包括数据所有者的标识,该数据调用请求消息用于请求调用该数据所有者的数据,或者说,该数据调用请求消息用于请求对该数据所有者的数据进行处理。该数据所有者例如可以是终端设备,或者是其他存有数据的网元。
可选的,该数据调用请求消息中还可以包括操作指示,该操作指示用于指示该服务消费网元对该数据所有者的数据的具体操作,例如收集、读取、分析、共享等。
应理解,这里的服务消费网元可以是各种请求数据或请求服务的网元,该名称仅仅是一种示例,并不对该网元的功能或特性造成任何限定。例如,该服务消费网元还可以称为数据使用网元、数据请求网元、数据使用者等。具体地,在5G系统中,该服务消费网元可以是AF、PCF等请求分析数据的网元。
302,授权验证网元判断服务消费网元是否具备支持停止处理数据的能力。
示例性地,授权验证网元接收来自服务消费网元的数据调用请求消息之后,判断服务消费网元是否具备支持停止处理数据的能力。其中,具备支持停止处理数据的能力用于表征服务消费网元支持停止处理从授权验证网元获取的数据。
其中,支持停止处理从授权验证网元获取的数据,可以表示服务消费网元支持在授权验证网元的指示下,停止处理从授权验证网元获取数据,或者说,服务消费网元可以识别授权验证网元发送的通知处理数据的指示信息,并支持根据该指示信息从授权验证网元获取数据。
支持停止处理从授权验证网元获取的数据,可以用于表征服务消费网元支持停止通过授权验证网元调用数据,和/或该服务消费网元支持删除通过授权验证网元获取的数据。
下面对授权验证网元判断服务消费网元是否具备支持停止处理数据的能力的几种可能的实现方式作示例性说明。
一种实现方式,服务消费网元向授权验证网元上报自己的能力指示信息,该能力指示信息用于指示该服务消费网元是否具备支持停止处理该数据的能力,即该能力指示信息用于指示该服务消费网元支持停止处理数据,或者该指示信息用于指示该服务消费网元不支持停止处理数据。该能力指示信息可以承载于上述数据调用请求消息中,也可以承载于该数据调用请求消息之前的任意消息中。授权验证网元接收到服务消费网元的能力指示信息之后,可以将该能力指示信息保存到上下文中,该能力指示信息与该服务消费网元的标识相关联。授权验证网元可以根据该服务消费网元的能力指示信息确定该服务消费网元是否具备支持停止处理数据的能力。
另一种实现方式,当服务消费网元具备支持停止处理数据的能力时,服务消费网元向该授权验证网元上报具备支持停止处理数据的能力的指示信息,该指示信息可以承载于上述数据调用请求消息中,也可以承载于该数据调用请求消息之前的任意消息中。授权验证网元接收到该指示信息之后,可以将该指示信息保存到上下文。一种情况,授权验证网元接收来自服务消费网元的数据调用请求消息,如果该消息中携带了具备支持停止处理数据的能力的指示信息,或者授权验证网元从上下文中获取到了与该服务消费网元携带标识相关联的具备支持停止处理数据的能力的指示信息,则授权验证网元确定该服务消费网元支持停止处理该数据所有者的数据;另一种情况,授权验证网元接收来自服务消费网元的数据调用请求消息,如果该消息中没有携带具备支持停止处理数据的能力的指示信息,授权验证网元从上下文中也没有获取到与该服务消费网元的标识相关联的具备支持停止处理数据的能力的指示信息,则授权验证网元确定该服务消费网元不支持停止处理该数据所有者的数据。
又一种实现方式,授权验证网元接收到来自服务消费网元的数据调用请求消息之后,该授权验证网元向该服务消费网元发送能力信息查询请求消息,该能力信息查询请求消息用于请求查询该服务消费网元是否支持停止处理数据所有者的数据。一种情况,服务消费网元接收来自授权验证网元的能力信息查询请求消息,然后服务消费网元向该授权验证网元发送能力信息查询响应消息,该能力信息查询响应消息包括能力指示信息,该能力指示信息用于指示该服务消费网元是否支持停止处理数据所有者的数据。对应地,授权验证网元接收来自服务消费网元的能力查询响应消息,然后根据该响应消息中携带的能力指示信息确定该服务消费网元是否具备支持停止处理数据的能力。另一种情况,服务消费网元接收来自授权验证网元的能力信息查询请求消息,如果该服务消费网元具备支持停止处理数据的能力,则服务消费网元向该授权验证网元发送能力信息查询响应消息,该能力信息查询响应消息包括具备支持停止处理数据的能力的指示信息。对应地,授权验证网元接收来自服务消费网元的能力信息查询响应消息,然后根据该响应消息中携带的指示信息,确定该服务消费网元具备支持停止处理数据的能力;如果该服务消费网元不具备支持停止处理数据的能力,则服务消费网元可以不做回复。授权验证网元在向服务消费网元发送了能力信息查询请求消息之后,如果在设定的时间内没有接收到来自服务消费网元的响应消息,则授权验证网元确定该服务消费网元不具备支持停止处理数据的能力。
303,授权验证网元向服务消费网元发送数据调用响应消息。
示例性地,如果授权验证网元确定服务消费网元不具备支持停止处理数据的能力,则服务消费网元拒绝该服务消费网元的数据调用请求。例如,授权验证网元向服务消费网元发送数据调用响应消息,该数据调用响应消息用于拒绝该数据调用请求消息,该数据调用响应消息包括原因值,该原因值用于指示拒绝该数据调用请求消息的原因。作为一种示例,该原因值用于指示拒绝的原因为该服务消费网元不具备支持停止处理数据的能力。对应地,服务消费网元接收该数据调用响应消息,根据该响应消息中携带的原因值,服务消费网元确定不再向该授权验证网元请求获取该数据所有者的数据,或者,该服务消费网元确定不再向授权验证网元请求获取任意数据所有者的数据,或者,该服务消费网元确定不再向授权验证网元请求获取任意数据所有者的涉及用户隐私的数据。
示例性地,如果授权验证网元确定服务消费网元具备支持停止处理数据的能力,则进一步的,服务消费网元通过存储网元验证该数据所有者是否允许该服务消费网元使用该数据所有者的数据。例如,授权验证网元向存储网元发送意向验证请求消息,该意向验证请求消息包括该数据所有者的标识,该意向验证请求消息用于请求验证该数据所有者是否允许该服务消费网元使用该数据所有者的数据,或者说该意向验证请求消息用于请求验证该数据所有者是否允许该服务消费网元对该数据所有者的数据进行处理。对应地,存储网元接收来自服务消费网元的意向验证请求消息,根据该意向验证请求消息,该存储网元获取该数据所有者的签约信息,存储网元根据该签约信息判断数据所有者是否允许该服务消费网元使用该数据所有者的数据。然后存储网元向授权验证网元发送意向验证响应消息,该意向验证响应消息用于响应于意向验证请求消息,该意向验证响应消息用于指示该数据所有者是否允许该服务消费网元使用该数据所有者的数据。对应地,授权验证网元接收该意向验证响应消息,并根据该意向验证响应消息确定该数据所有者是否允许该服务消费网元使用该数据所有者的数据。
如果数据所有者不允许服务消费网元使用该数据所有者的数据,则授权验证网元向服务消费网元发送数据调用响应消息,该数据调用响应消息用于拒绝服务消费网元的数据调用请求,该数据调用响应消息携带原因值,该原因值用于指示拒绝的原因为数据所有者不允许服务消费网元使用该数据所有者的数据;如果数据所有者允许服务消费网元使用该数据所有者的数据,则授权验证网元向服务提供网元请求获取数据所有者的数据。
应理解,授权验证网元在接收到来自服务消费网元的数据调用请求消息之后,也可以先验证该数据所有者是否允许服务消费网元使用该数据所有者的数据。当数据所有者不允许服务消费网元使用该数据所有者的数据,则授权验证网元拒绝服务消费网元的数据调用请求,可以不再验证服务消费网元是否具备支持停止处理数据的能力;当数据所有者允许服务消费网元使用该数据所有者的数据,则授权验证网元再进一步判断服务消费网元是否具备支持停止处理数据的能力。
在另一种可能的实现方式中,授权验证网元在接收到来自服务消费网元的数据调用请求消息之后,验证在服务消费网元不具备支持停止处理数据的能力的情况下,数据所有者是否允许服务消费网元使用该数据所有者的数据。如果服务消费网元不具备支持停止处理数据的能力的情况下,数据所有者仍然允许服务消费网元使用该数据所有者的数据,则授权验证网元可以不必再验证服务消费网元是否具备支持停止处理数据的能力,直接执行后续流程。
通过以上方案,授权验证网元根据服务消费网元是否具备支持停止处理数据的能力,从而判断是否可以执行服务消费网元的数据调用请求。如果服务消费网元不具备支持停止处理数据的能力,则授权验证网元拒绝执行服务消费网元的数据调用请求。在该方案的基础上,数据所有者即使是在允许了服务消费网元使用该数据所有者的数据之后,也可以随时行使撤回权,即数据所有者可以随时取消允许服务消费网元对数据所有者的数据的调用,可以避免相关法规的风险。
图4示出了本申请实施例提供的数据调用的方法400的示例性流程图。该方法400包括:
401,服务消费网元向授权验证网元发送支持停止数据处理能力的指示信息#1。
示例性地,该指示信息#1用于指示服务消费网元具备支持停止处理用户数据的能力,该支持停止处理数据的能力,用于表征服务消费网元支持停止处理从授权验证网元获取的数据。具体地,该支持停止处理数据的能力可以表示服务消费网元支持在授权验证网元的指示下,停止处理该授权验证网元获取的数据。
该支持停止处理用户数据例如可以包括支持撤销对用户数据的调用,和/或删除已经获取的个人数据等。服务消费网元具备支持停止数据处理的能力,表示服务消费网元可以根据数据校验者的指示停止处理个人数据,具体实现方式可参见步骤420。这里的用户数据代表可识别的自然人的相关信息,或者说用户的个人数据信息。
应理解,服务消费网元应在请求调用用户数据之前,向授权验证网元发送该支持停止数据处理能力的指示信息#1。例如,服务消费网元可以在与授权验证网元建立连接的过程,向授权验证网元发送该支持停止数据处理能力的指示信息#1。又例如,当服务消费网元希望对用户数据进行处理(或者说当服务消费网元希望调用用户数据),且该服务消费网元具备支持停止数据处理的能力,则服务消费网元可以在请求调用用户数据之前,向授权验证网元发送支持停止数据处理能力的指示信息#1。
还应理解,当服务消费网元不具备支持停止数据处理的能力时,服务消费网元也可以向授权验证网元指示其不支持停止数据处理。例如,服务消费网元可以采用预留值来指示停止数据处理的能力,当预留值为0,表示服务消费网元不具备支持停止数据处理的能力,当预留值为1,表示服务消费网元具备支持停止数据处理的能力。
应理解,这里的服务消费网元可以是基于服务化接口进行通信的双方中,请求服务的一方,该服务消费网元也可以称为数据使用网元、数据使用者、请求端、数据请求网元等,该服务消费网元例如可以是AF、PCF等请求分析数据的网元。这里的授权验证网元也可以称为授权验证网元、授权校验网元等,该授权验证网元可以是NWDAF、NEF、DCCF等用于进行数据分析的网元。应理解,服务消费网元不同的数据分析需求可能对应不同的授权验证网元。
402,授权验证网元保存支持停止数据处理能力指示信息#1到上下文。
示例性地,授权验证网元接收来自服务消费网元的支持停止数据处理能力指示信息#1后,将该支持停止数据处理能力指示信息#1保存到上下文中。该支持停止数据处理能力指示信息#1与该服务消费网元的标识相关联。
403,可选的,授权验证网元向服务消费网元发送响应消息。
示例性地,该响应消息可以包括ACK,以指示授权验证网元成功接收支持停止数据 处理能力指示信息#1。可选的,该响应消息还可以包括支持停止数据处理能力指示信息#2,该支持停止数据处理能力指示信息#2用于指示授权验证网元具备支持停止处理个人数据的能力。授权验证网元具备支持停止处理个人数据的能力,表示授权验证网元可以通知服务消费网元停止处理个人数据,具体实现方式参见步骤419。
404,服务消费网元向授权验证网元发送数据调用请求消息。
示例性地,服务消费网元向授权验证网元发送数据调用请求消息,该数据调用请求消息用于请求对用户数据进行操作。该数据调用请求消息包括用户设备的标识#1,该用户设备的标识#1可以是用户设备的SUPI、GPSI等,此处不做限定。
可选的,该数据调用请求消息还可以包括数据调用标识,该数据调用标识可以指示对用户数据的具体操作,例如对用户数据进行收集、读取、分析、共享等。
该数据调用标识的具体形式可以是API名称,例如Nnef_Location、Nnef_UEIdentifier_Get、Nnwdaf_AnalyticsSubscription_Subscribe等。
一种示例,服务消费网元为某应用的应用服务器AS,授权验证网元为NEF,AS调用NEF开放的,请求UE标识的API(例如Nnef_UEIdentifier_Get,其输入user information可以设置为某个UE的IP地址),即此时数据调用标识为Nnef_UEIdentifier_Get,该操作代表AS请求获取输入的IP地址对应的用户的标识信息,则调用该API的数据调用请求消息指示AS对用户个人数据(即身份信息)采取读取的操作。
另一种示例,服务消费网元为PCF,授权验证网元为NWDAF,PCF调用NWDAF提供数据分析的API,并提供用户设备的位置,例如Nnwdaf_AnalyticsSubscription_Subscribe,其输入analytics ID设置为UE mobility analytics,Target of Analytics Reporting设置为某个UE的SUPI,其中,该analytics ID即上述数据调用标识,数据调用标识设置为UE mobility analytics,表示PCF请求NWDAF对用户设备的移动性数据进行分析。
应理解,步骤404和步骤401可以合并发送,即401中的支持停止数据处理能力指示信息#1可以承载于404的数据调用请求消息中,即服务消费网元可以在发送数据调用请求消息的同时,上报支持停止数据处理能力指示信息#1。
405,授权验证网元判断是否需要校验用户意向。
示例性地,授权验证网元接收来自服务消费网元的数据调用请求消息之后,根据本地策略判断本次数据调用是否需要校验用户意向(或者说校验用户同意结果),即判断是否需要校验用户是否允许服务消费网元使用该用户的数据。
例如,授权验证网元根据本地策略判断本次调用是否涉及对用户个人数据的操作,如果涉及的话,则授权验证网元确定需要针对本次调用校验用户意向;如果不涉及的话,则授权验证网元确定不需要针对本次调用校验用户意向。
如果需要针对本次数据调用校验用户,则授权检验者对本次数据调用校验用户意向,或者说授权验证网元判断用户是否同意对用户数据执行相应的操作,或者说授权验证网元验证用户是否允许服务消费网元使用该用户的数据。下面对两种可能的实现方式作示例性说明。
一种可能的实现方式(记为方案1)中,授权验证网元从存储网元获取用户签约信息,然后根据用户签约信息判断用户意向。例如:
406,授权验证网元向存储网元发送签约信息请求消息。
示例性地,该签约信息请求消息包括用户设备的标识#2,该签约信息请求消息用于请求获取用户设备的签约信息。应理解,该用户设备的标识#2可以是与用户设备的标识#1相同的标识,也可以是由用户设备的标识#1转化得到的标识,本申请不做限定。例如,该用户设备的标识#1为用户设备的GPSI,该用户设备的标识#2为SUPI,该SUPI是根据该GPSI转化得到的。
407,存储网元获取用户签约信息。
示例性地,存储网元接收到来自授权验证网元的签约信息请求消息,然后根据该签约信息请求消息中携带的用户设备的标识#2,获取该用户设备的签约信息,或者说获取与该用户设备的标识#2相对应的签约信息。该签约信息包括数据操作指示,以及和该数据操作指示所对应的用户意向指示。
该数据操作指示用于指示对数据的操作,该数据操作指示的具体形式可以是API名称,可选的,还可以加上API输入。用户意向指示也可以称为用户同意结果,用于指示用户是否同意数据操作指示对于数据的操作。例如,用户意向指示为1,则表示用户同意数据操作指示对于数据的操作;又例如,用户意向指示为0,则标识用户不同意数据操作指示对于数据的操作。
可选的,该签约信息中还可以包括数据处理者的标识。该数据处理者的标志可以是PLMN ID,AS ID等。若签约信息中包括数据处理者的标识,则用户意向指示用于指示是否同意数据处理者对数据执行数据操作指示所对应的操作。
408,存储网元向授权验证网元发送签约信息响应消息。
示例性地,该签约信息响应消息包括用户设备的签约信息,该签约信息包括数据操作指示,以及数据操作指示所对应的用户意向指示,可选的还包括数据处理者的标识。
对应的,授权验证网元接收来自存储网元的签约信息响应消息,根据该签约信息响应消息中携带的签约信息判断用户设备是否同意执行数据调用标识所指示的操作。
示例性地,授权验证网元从签约信息响应消息中获取用户设备的签约信息,根据该签约信息确定数据调用标识指示的操作所对应的用户意向。例如,授权检验者在数据操作指示对应的操作中找到与数据调用标识所对应的操作,然后获取该操作所对应的用户意向指示。可选的,如果签约信息中还包括数据处理者的标识,授权验证网元还可以根据数据调用标识所对应的操作获取对应的数据处理者的标识,验证该数据处理者的标识是否包括服务消费网元的标识。
另一种可能的实现方式(记为方案2)中,授权验证网元请求存储网元判断用户意向。例如:
409,授权验证网元向存储网元发送用户意向验证请求消息。
示例性地,该用户意向验证请求消息包括用户设备的标识#2,以及数据调用标识。可选的,该用户意向验证请求消息中还包括数据处理者的标识。该用户意向验证请求消息用于请求验证该数据调用标识指示的操作所对应的用户意向,或者说,该用户意向验证请求消息用于请求验证用户是否同意执行该数据调用标识所指示的操作。
应理解,该用户设备的标识#2可以是与用户设备的标识#1相同的标识,也可以是由用户设备的标识#1转化得到的标识,本申请不做限定。例如,该用户设备的标识#1为用户设备的GPSI,该用户设备的标识#2为SUPI,该SUPI是根据该GPSI转化得到的。应 理解,该数据调用标识是数据调用请求消息中携带的、指示服务消费网元请求对数据的具体操作的标识。
410,存储网元根据用户签约信息确定用户意向。
示例性地,存储网元接收来自授权验证网元的用户意向验证请求消息,并根据该用户意向验证请求消息中携带的用户设备的标识#2,获取该用户设备的签约信息。
进一步的,存储网元根据该用户设备的签约信息确定数据调用标识指示的操作所对应的用户意向,或者说授权存储网元根据该用户设备的签约信息确定用户设备是否同意执行该数据调用标识所指示的操作。例如,存储网元在数据操作指示对应的操作中找到与数据调用标识所对应的操作,然后确定该操作所对应的用户意向。可选的,如果签约信息中还包括数据处理者的标识,存储网元还可以根据数据调用标识所对应的操作获取对应的数据处理者的标识,验证该数据处理者的标识是否包括该服务消费网元的标识。
411,存储网元向授权验证网元发送用户意向验证响应消息。
示例性地,该用户意向验证响应消息包括用户意向指示信息,该用户意向指示信息用于指示用户设备是否同意对用户数据执行数据调用标识所对应的操作。
对应的,授权验证网元接收来自存储网元的用户意向验证请求消息,并根据该用户意向验证请求消息中携带的用户意向指示确定数据调用指示所对应的用户意向。
如果用户意向指示用户不同意对用户数据执行相应操作,则在413,授权验证网元向服务消费网元发送数据调用响应消息,该数据调用响应消息用于拒绝服务消费网元的数据调用请求消息。
412,授权验证网元判断服务消费网元是否支持停止数据处理。
示例性地,如果用户意向指示用户同意对用户数据执行相应操作,则授权验证网元进一步判断服务消费网元是否支持停止数据处理,或者说是否具备支持停止数据处理的能力。
例如,授权验证网元根据本地上下文判断服务消费网元是否具备支持停止数据处理的能力。具体的,
授权验证网元根据服务消费网元的标识在本地上下文查找与该服务消费网元的标识对应的支持停止数据处理能力指示信息#1。如果上下文中存在该指示信息#1,则授权验证网元确定该服务消费网元具备支持停止数据处理的能力。如果上下文中没有该能力信息#1,则授权验证网元确定服务消费网元不具备支持停止数据处理的能力,或者说服务消费网元不支持停止数据处理。
应理解,授权验证网元可以先确定用户意向,再确定服务消费网元是否具备停止数据处理的能力,也可以先确定服务消费网元是否具备数据处理的能力,再确定用户意向,本申请不做限定。
即,步骤412也可以在方案1或方案2之前执行。在这种实现方式中,如果授权验证网元根据405的判断结果确定本次数据调用需要校验用户意向,则授权验证网元先判断服务消费网元是否具备支持停止数据处理的能力,具体判断方式可以参见步骤412,不再赘述。此时,如果服务消费网元不具备支持停止数据处理的能力,则授权验证网元可以跳过步骤406至408,或步骤409至411,直接执行步骤413,即向服务消费网元发送数据调用响应消息,以拒绝服务消费网元的数据调用请求消息。
在一种可能的实现方式中,如果服务消费网元不具备支持停止数据处理的能力,则服 务消费网元可以在步骤404之前或者同时,上报不支持停止数据处理能力指示信息。对应的,授权验证网元在收到服务消费网元上报的不支持停止数据处理能力指示信息之后,将该不支持停止数据处理能力指示信息保存到上下文,并与该服务消费网元的标识相关联。在这种情况下,授权验证网元根据本地上下文判断服务消费网元是否具备支持停止数据处理能力,还可以包括:如果本地上下文存有与该服务消费网元的标识相关联的不支持停止数据处理能力指示信息,则授权验证网元确定该服务消费网元不具备支持停止数据处理的能力,或者说服务消费网元不支持停止数据处理,此时授权验证网元向服务消费网元发送数据调用响应消息,以拒绝服务消费网元的数据调用请求消息。
如果授权验证网元确定用户同意对用户数据执行数据调用标识所对应的操作,且服务消费网元支持停止数据处理,则授权验证网元根据数据调用请求消息向服务提供网元请求获取用户数据。示例性地:
414,授权验证网元向服务提供网元发送用户数据请求消息。
示例性地,该用户数据请求消息用于请求数据调用请求所需要的用户数据。
应理解,这里的服务提供网元可以是基于服务化接口进行通信的双方中,提供服务的一方,该服务消费网元也可以称为数据提供网元、数据提供者、服务提供者、生产者等。该服务提供网元例如可以是AMF、SMF等提供数据的网元。
415,服务提供网元向授权验证网元发送用户数据#1。
示例性地,服务提供网元接收来自授权验证网元的用户数据请求消息,然后根据该请求消息向授权验证网元发送用户数据#1。
416,授权验证网元向服务消费网元发送用户数据#2。
示例性地,授权验证网元接收来自服务提供网元的用户数据#1,然后根据数据调用标识所对应的操作对用户数据#1进行处理,得到用户数据#2。
例如,服务消费网元为应用服务器AS,授权验证网元为NEF,AS调用NEF开放的、用于请求用户设备标识的API(例如Nnef_UEIdentifier_Get,其输入user information设置为某个用户设备的IP地址),则在该示例中,用户数据#1和用户数据#2都可以是请求的IP地址对应的用户的标识信息。
又例如,服务消费网元为PCF,授权验证网元为NWDAF,PCF调用NWDAF提供的数据分析的API,并提供分析UE位置(例如Nnwdaf_AnalyticsSubscription_Subscribe,其输入analytics ID设置为UE mobility analytics,Target of Analytics Reporting设置为某个用户设备的SUPI),则在该示例中,用户数据#1为UE的位置信息,用户数据#2为根据UE的位置信息得出的分析结果。
417,UDM更新用户签约信息。
示例性地,如果用户想要将对用户数据的处理意向由同意修改为不同意,或者说用户想要取消同意对用户数据的处理,或者说用户不再同意服务消费网元使用该用户的数据,此时会导致用户签约信息的变更。例如,用户设备不再同意对其移动性进行分析,则签约信息中的分析标识为用户设备移动性分析(UE mobility Analytics)对应的数据操作对应的用户意向变更为“不同意”。对应的,UDM更新用户签约信息。
418,存储网元向授权验证网元发送签约信息变更通知消息。
示例性地,存储网元向授权验证网元发送签约信息变更通知消息,该签约信息变更通 知消息中携带变更后的签约信息。
419,授权验证网元向服务消费网元发送数据调用通知消息。
示例性地,授权验证网元接收到存储网元发送的签约信息变更通知消息,且根据该签约信息变更通知消息中携带的签约信息确定用户设备不再同意数据调用表示所对应的操作,则授权验证网元向服务消费网元发送数据调用通知(Nnwdaf_AnalyticsSubscription_Notify)消息,该数据调用通知消息包括终止指示(Termination Request),该终止指示用于指示服务消费网元终止对用户数据进行处理,或者说该终止指示用于指示服务消费网元终止调用用户数据。
420,服务消费网元停止处理个人数据。
示例性地,服务消费网元接收来自授权验证网元的数据调用通知消息,根据该数据调用通知消息确定用户不再同意对用户数据执行操作指示所对应的操作,则服务消费网元停止对用户数据进行处理,或者说服务消费网元通知对用户数据执行操作指示所对应的操作。具体例如,服务消费网元撤销对数据调用的订阅,并删除个人数据等。服务消费网元可以向授权验证网元再次发送取消数据调用消息,从而撤销之前对数据调用的订阅。取消数据调用消息可以包含Nnwdaf_AnalyticsSubscription_Unsubscribe等。服务消费网元删除之前获得的用户数据#2。
图5示出了一种数据调用的方法500的示例性流程图。该方法500包括:
501,服务消费网元向授权验证网元发送数据调用请求消息。
502,授权验证网元判断是否需要校验用户意向。
应理解,步骤501与步骤502与方法400中的步骤404和步骤405类似,不在赘述。
如果授权验证网元确定本次数据调用不需要校验用户意向,则授权验证网元跳过步骤503至510。在511,授权验证网元向服务消费网元发送数据调用响应消息,该数据调用响应消息用于拒绝服务消费网元的数据调用请求。
如果授权验证网元确定本次数据调用需要校验用户意向,则授权验证网元通过存储网元校验用户意向。具体校验方法与方法400中提供的校验方案类似,即步骤503至步骤508与方法400中的步骤407至步骤412类似,这里不再重复说明。
如果用户同意对个人数据执行服务消费网元所请求的操作,则授权验证网元验证服务消费网元是否支持停止数据处理,或者说授权验证网元验证服务消费网元是否具备停止数据处理的能力。示例性地:
509,授权验证网元向服务消费网元发送停止数据处理能力验证请求消息。
示例性地,该停止数据处理能力验证请求消息用于请求获取服务消费网元停止数据处理的能力,或者说,该停止数据处理能力验证请求消息用于查询该服务消费网元是否具备支持停止数据处理。
510,服务消费网元向授权验证网元发送停止数据处理能力验证响应消息。
示例性地,响应于来自授权验证网元的停止数据处理能力验证请求消息,服务消费网元向授权验证网元发送停止数据处理能力验证响应消息,该停止数据处理能力验证响应消息包括能力指示信息,该能力指示信息用于指示该服务消费网元是否支持停止数据处理。
对应的,授权验证网元接收来自服务消费网元的停止数据处理能力验证响应消息,根据该响应消息中携带的能力指示信息确定服务消费网元是否支持停止数据处理。
在另一种可能的实现方式中,如果服务消费网元支持停止数据处理,则服务消费网元在接收到来自授权验证网元的停止数据处理能力校验请求消息之后,通过停止数据处理能力验证响应消息向授权验证网元发送支持停止数据处理能力指示信息,该支持停止数据处理能力指示信息用于指示该服务消费网元支持停止数据处理;如果服务消费网元不支持停止数据处理,则服务消费网元在接收到来自授权验证网元的停止数据处理能力校验请求消息后,可以不回复该停止数据处理能力校验请求消息。授权验证网元在向服务消费网元发送了停止数据处理能力验证请求消息后,可以设置一个定时器,如果定时器计时结束,授权验证网元仍然没有接收到来自服务消费网元发送的停止数据处理能力验证响应消息,则授权验证网元确定服务消费网元不支持停止数据处理。
应理解,授权验证网元可以先确定用户意向,再确定服务消费网元是否具备停止数据处理的能力,也可以先确定服务消费网元是否具备数据处理的能力,再确定用户意向,本申请不做限定。
如果授权验证网元确定服务消费网元不具备支持停止数据处理的能力,则在511,授权验证网元向服务消费网元发送数据调用响应消息,该数据调用响应消息用于拒绝服务消费网元的数据调用请求消息。
如果授权验证网元确定服务消费网元具备支持停止数据处理的能力,且用户同意对用户数据执行数据调用标识对应的操作,则授权验证网元通过服务提供网元获取用户数据#1,并向服务消费网元发送处理之后的用户数据#2,具体过程如步骤512至步骤514所示。应理解,步骤512至步骤514与方法400中的步骤414至步骤416,为了简洁,不再重复说明。
如果用户更改了用户意向,则存储网元需要通知授权验证网元,然后授权验证网元指示服务消费网元停止处理个人数据,具体过程如步骤515至步骤518所示。应理解,步骤515至步骤518与方法400中的步骤417至步骤420类似,为了简洁,不再重复说明。
以上,结合图3至图5详细说明了本申请实施例提供的方法。以下,结合图6至图7详细说明本申请实施例提供的装置。应理解,装置实施例的描述与方法实施例的描述相互对应,因此,未详细描述的内容可以参见上文方法实施例,为了简洁,这里不再赘述。
图6是本申请实施例提供的授权验证的装置的示意性框图。该装置10包括收发单元11和处理单元12。收发单元11可以实现相应的通信功能,处理单元12用于进行数据处理。收发单元11还可以称为通信接口或通信单元。
可选地,该装置10还可以包括存储单元,该存储单元可以用于存储指令和/或数据,处理单元12可以读取存储单元中的指令和/或数据,以使得通信装置实现前述方法实施例。
该装置10可以用于执行上文方法实施例中授权验证网元所执行的动作,这时,该装置10可以为授权验证网元或者可配置于授权验证网元的部件,收发单元11用于执行上文方法实施例中授权验证网元侧的收发相关的操作,处理单元12用于执行上文方法实施例中授权验证网元的处理相关的操作。
作为一种设计,该装置10用于执行上文图3所示实施例中授权验证网元所执行的动作。
在一种实现方式中,收发单元,用于接收来自服务消费网元的数据调用请求消息,该数据调用请求消息包括数据所有者的标识,该数据调用请求消息用于请求调用该数据所有 者的数据;处理单元,用于判断该服务消费网元是否具备支持停止处理数据的能力,其中,该支持停止处理数据的能力用于表征该服务消费网元支持停止处理从该授权验证网元获取的数据;该处理单元,还用于在该服务消费网元不具备该能力的情况下,拒绝该数据调用请求消息。
作为一示例,该收发单元具体用于接收来自该服务消费网元的能力指示信息;
响应于该数据调用请求消息,该处理单元具体用于根据该能力指示信息,确定该服务消费网元是否具备支持停止处理数据的能力。
作为一示例,在该收发单元没有接收到来自该服务消费网元的能力指示信息的情况下,或者在该装置的上下文没有保存该服务消费网元的能力指示信息的情况下,该处理单元具体用于确定该服务消费者不具备支持停止处理数据的能力,该能力指示信息用于指示该服务消费网元是否具备该能力。
作为一示例,该收发单元,还用于向该服务消费网元发送能力信息查询请求消息,该能力信息查询请求消息用于请求查询该服务消费网元是否具备该能力。
作为一示例,该收发单元具体用于向该服务消费网元发送数据调用响应消息,该数据调用响应消息用于拒绝该数据调用请求消息,该数据调用响应消息包括原因值,该原因值用于指示拒绝的原因为该服务消费网元不支持该能力。
作为一示例,该授权验证网元确定该数据所有者允许该服务消费网元使用该数据所有者的数据。
作为一示例,该收发单元具体用于向存储网元发送意向验证请求消息,该意向验证请求消息包括该数据所有者的标识,该意向验证请求消息用于请求验证该数据所有者是否允许该服务消费网元使用该数据所有者的数据;该收发单元具体还用于,从存储网元接收意向验证响应消息;该处理单元具体用于根据该意向验证请求消息确定该数据所有者允许该服务消费网元使用该数据所有者的数据。
或者,该装置10可以用于执行上文方法实施例中服务消费网元所执行的动作,这时,该装置10可以为服务消费网元或者可配置于服务消费网元的部件,收发单元11用于执行上文方法实施例中服务消费网元侧的收发相关的操作,处理单元12用于执行上文方法实施例中服务消费网元侧的处理相关的操作。
在一种实现方式中,收发单元,用于向授权验证网元发送数据调用请求消息,所述数据调用请求消息包括数据所有者的标识,所述数据调用请求消息用于请求调用所述数据所有者的数据;所述收发单元,还用于接收来自所述授权验证网元的能力信息查询请求消息,所述能力信息查询请求消息用于请求查询所述服务消费网元是否具备支持停止处理数据的能力;响应于所述能力信息查询请求消息,所述收发单元还用于向所述授权验证网元发送能力指示信息,所述能力指示信息用于指示所述服务消费网元是否具备所述能力。
作为一示例,所述收发单元还用于接收来自所述授权验证网元的数据调用响应消息,所述数据调用响应消息用于拒绝所述数据调用请求消息,所述数据调用响应消息包括原因值,所述原因值用于指示拒绝的原因为所述服务消费网元不具备所述能力;所述装置还包括:处理单元,用于根据所述原因值,所述服务消费网元确定不再向所述授权验证网元请求获取数据。
该装置10可实现对应于根据本申请实施例的方法400至方法500中的授权验证网元 执行的步骤或者流程,该装置10可以包括用于执行图4中的方法400至图5中的方法500中的授权验证网元执行的方法的单元。并且,该装置10中的各单元和上述其他操作和/或功能分别为了实现方法400至方法500的相应流程。
其中,当该装置10用于执行图4中的方法400时,收发单元11可用于执行方法400中的步骤401、403、404、406、408、409、411、413、414、415、416、418、419中的任意步骤,处理单元12用于指示方法400中的402、405、412中的任意步骤。
当该装置10用于执行图13中的方法500时,收发单元11可用于执行方法500中的步骤501、503、505、506、508、509~514、516、517中的任意步骤,处理单元12可用于执行方法500中的步骤502。
应理解,各单元执行上述相应步骤的具体过程在上述方法实施例中已经详细说明,为了简洁,在此不再赘述。
该装置10可实现对应于根据本申请实施例的方法400至方法500中的服务消费网元执行的步骤或者流程,该装置10可以包括用于执行图4中的方法400至图5中的方法500中的服务消费网元执行的方法的单元。并且,该装置10中的各单元和上述其他操作和/或功能分别为了实现方法400至方法500的相应流程。
其中,当该装置10用于执行图10中的方法400时,收发单元11可用于执行方法400中的步骤401、403、404、413、416、419中的任意步骤,处理单元12用于执行方法400中的420。
当该装置10用于执行图11中的方法500时,收发单元11可用于执行方法500中的步骤501、509~511、514、517中的任意步骤,处理单元12可用于执行方法500中的步骤518。
应理解,各单元执行上述相应步骤的具体过程在上述方法实施例中已经详细说明,为了简洁,在此不再赘述。
如图7所示,本申请实施例还提供一种认证授权的设备20。该设备20包括处理器21,处理器21与存储器22耦合,存储器22用于存储计算机程序或指令和/或数据,处理器21用于执行存储器22存储的计算机程序或指令和/或数据,使得上文方法实施例中的方法被执行。
可选地,该设备20包括的处理器21为一个或多个。
可选地,如图6所示,该设备20还可以包括存储器22。
可选地,该设备20包括的存储器22可以为一个或多个。
可选地,该存储器22可以与该处理器21集成在一起,或者分离设置。
可选地,如图6所示,该设备20还可以包括收发器23,收发器23用于信号的接收和/或发送。例如,处理器21用于控制收发器23进行信号的接收和/或发送。
作为一种方案,该设备20用于实现上文方法实施例中由授权验证网元执行的操作。
例如,处理器21用于实现上文方法实施例中由授权验证网元执行的处理相关的操作,收发器23用于实现上文方法实施例中由授权验证网元执行的收发相关的操作。
作为另一种方案,该设备20用于实现上文方法实施例中由服务消费网元执行的操作。
例如,处理器21用于实现上文方法实施例中由服务消费网元执行的处理相关的操作,收发器23用于实现上文方法实施例中由服务消费网元执行的收发相关的操作。
应理解,各模块执行上述相应步骤的具体过程在上述方法实施例中已经详细说明,为了简洁,在此不再赘述。
本申请实施例还提供了一种处理装置,包括处理器和接口;该处理器用于执行上述任一方法实施例中的方法。
应理解,上述处理装置可以是一个或多个芯片。例如,该处理装置可以是现场可编程门阵列(field programmable gate array,FPGA),可以是专用集成芯片(application specific integrated circuit,ASIC),还可以是系统芯片(system on chip,SoC),还可以是中央处理器(central processor unit,CPU),还可以是网络处理器(network processor,NP),还可以是数字信号处理电路(digital signal processor,DSP),还可以是微控制器(micro controller unit,MCU),还可以是可编程控制器(programmable logic device,PLD)或其他集成芯片。
本申请实施例还提供一种计算机可读存储介质,其上存储有用于实现上述方法实施例中由第一网元(NF服务提供者)或第二网元(NF服务消费者)或第三网元(NRF)执行的方法的计算机指令。
例如,该计算机程序被计算机执行时,使得该计算机可以实现上述方法实施例中由第一网元(NF服务提供者)或第二网元(NF服务消费者)或第三网元(NRF)执行的方法。
本申请实施例还提供一种包含指令的计算机程序产品,该指令被计算机执行时使得该计算机实现上述方法实施例中由一网元(或NF服务提供者)执行的方法,或由第二网元(或NF服务消费者)执行的方法,或由第三网元(或NRF)执行的方法。
本申请实施例还提供一种通信系统,该通信系统包括上文实施例中的第一网元、第二网元和第三网元。
所属领域的技术人员可以清楚地了解到,为描述方便和简洁,上述提供的任一种通信装置中相关内容的解释及有益效果均可参考上文提供的对应的方法实施例,此处不再赘述。
本申请实施例并未对本申请实施例提供的方法的执行主体的具体结构进行特别限定,只要能够通过运行记录有本申请实施例提供的方法的代码的程序,以根据本申请实施例提供的方法进行通信即可。例如,本申请实施例提供的方法的执行主体可以是终端设备或网络设备,或者,是终端设备或网络设备中能够调用程序并执行程序的功能模块。
本申请的各个方面或特征可以实现成方法、装置或使用标准编程和/或工程技术的制品。本文中使用的术语“制品”可以涵盖可从任何计算机可读器件、载体或介质访问的计算机程序。
其中,计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。可用介质(或者说计算机可读介质)例如可以包括但不限于:磁性介质或磁存储器件(例如,软盘、硬盘(如移动硬盘)、磁带)、光介质(例如,光盘、压缩盘(compact disc,CD)、数字通用盘(digital versatile disc,DVD)等)、智能卡和闪存器件(例如,可擦写可编程只读存储器(erasable programmable read-only memory,EPROM)、卡、棒或钥匙驱动器等)、或者半导体介质(例如固态硬盘(solid state disk,SSD)等、U盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)等各种可以存储程序代码的介质。
本文描述的各种存储介质可代表用于存储信息的一个或多个设备和/或其它机器可读 介质。术语“机器可读介质”可以包括但不限于:无线信道和能够存储、包含和/或承载指令和/或数据的各种其它介质。
应理解,本申请实施例中提及的存储器可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,RAM)。例如,RAM可以用作外部高速缓存。作为示例而非限定,RAM可以包括如下多种形式:静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(dynamic RAM,DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。
需要说明的是,当处理器为通用处理器、DSP、ASIC、FPGA或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件时,存储器(存储模块)可以集成在处理器中。
还需要说明的是,本文描述的存储器旨在包括但不限于这些和任意其它适合类型的存储器。
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅是示意性的,例如,上述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。此外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
上述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元实现本申请提供的方案。
另外,在本申请各个实施例中的各功能单元可以集成在一个单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。
当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。该计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。例如,计算机可以是个人计算机,服务器,或者网络设备等。计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。关于计算机可读存储介质,可以参考上文描述。
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求和说明书的保护范围为准。
Claims (32)
- 一种数据调用的方法,其特征在于,包括:授权验证网元接收来自服务消费网元的数据调用请求消息,所述数据调用请求消息包括数据所有者的标识,所述数据调用请求消息用于请求调用所述数据所有者的数据;所述授权验证网元判断所述服务消费网元是否具备支持停止处理数据的能力,其中,所述能力用于表征所述服务消费网元支持停止处理从所述授权验证网元获取的数据;在所述服务消费网元不具备所述能力的情况下,所述授权验证网元拒绝所述数据调用请求消息。
- 根据权利要求1所述的方法,其特征在于,所述授权验证网元判断所述服务消费网元是否具备支持停止处理数据的能力,包括:所述授权验证网元接收来自所述服务消费网元的能力指示信息;响应于所述数据调用请求消息,所述授权验证网元根据所述能力指示信息,确定所述服务消费网元是否具备支持停止处理数据的能力。
- 根据权利要求1所述的方法,其特征在于,所述授权验证网元判断所述服务消费网元是否具备支持停止处理数据的能力,包括:在所述授权验证网元没有接收到来自所述服务消费网元的能力指示信息的情况下,或者在所述授权验证网元的上下文没有保存所述服务消费网元的能力指示信息的情况下,所述授权验证网元确定所述服务消费者不具备支持停止处理数据的能力,所述能力指示信息用于指示所述服务消费网元是否具备所述能力。
- 根据权利要求1至3中任一项所述的方法,其特征在于,所述方法还包括:所述授权验证网元向所述服务消费网元发送能力信息查询请求消息,所述能力信息查询请求消息用于请求查询所述服务消费网元是否具备所述能力。
- 根据权利要求1至4中任一项所述的方法,所述授权验证网元拒绝所述服务消费网元的所述数据调用请求消息,包括:所述授权验证网元向所述服务消费网元发送数据调用响应消息,所述数据调用响应消息用于拒绝所述数据调用请求消息,所述数据调用响应消息包括原因值,所述原因值用于指示拒绝所述数据调用请求消息的原因。
- 根据权利要求1至5中任一项所述的方法,其特征在于,所述方法还包括:所述授权验证网元确定所述数据所有者允许所述服务消费网元使用所述数据所有者的数据。
- 根据权利要求6所述的方法,其特征在于,所述授权验证网元确定所述数据所有者允许所述服务消费网元使用所述数据所有者的数据,包括:所述授权验证网元向存储网元发送意向验证请求消息,所述意向验证请求消息包括所述数据所有者的标识,所述意向验证请求消息用于请求验证所述数据所有者是否允许所述服务消费网元使用所述数据所有者的数据;所述授权验证网元从存储网元接收意向验证响应消息;所述授权验证网元根据所述意向验证响应消息确定所述数据所有者允许所述服务消 费网元使用所述数据所有者的数据。
- 一种数据调用的方法,其特征在于,包括:服务消费网元向授权验证网元发送数据调用请求消息,所述数据调用请求消息包括数据所有者的标识,所述数据调用请求消息用于请求调用所述数据所有者的数据;所述服务消费网元接收来自所述授权验证网元的数据调用响应消息,所述数据调用响应消息用于拒绝所述数据调用请求消息,所述数据调用响应消息包括原因值,所述原因值用于指示拒绝所述数据调用请求消息的原因。
- 根据权利要求8所述的方法,其特征在于,所述方法还包括:根据所述原因值,所述服务消费网元确定不再向所述授权验证网元请求获取数据。
- 根据权利要求8或9所述的方法,其特征在于,所述方法还包括:所述服务消费网元接收来自所述授权验证网元的能力信息查询请求消息,所述能力信息查询请求消息用于请求查询所述服务消费网元是否具备支持停止处理数据的能力;响应于所述能力信息查询请求消息,所述服务消费网元向所述授权验证网元发送能力指示信息,所述能力指示信息用于指示所述服务消费网元是否具备所述能力。
- 一种数据调用的方法,其特征在于,包括:服务消费网元向授权验证网元发送数据调用请求消息,所述数据调用请求消息包括数据所有者的标识,所述数据调用请求消息用于请求调用所述数据所有者的数据;所述授权验证网元接收来自服务消费网元的数据调用请求消息;所述授权验证网元判断所述服务消费网元是否具备支持停止处理数据的能力,其中,所述能力用于表征所述服务消费网元支持停止处理从所述授权验证网元获取的数据;在所述服务消费网元不具备所述能力的情况下,所述授权验证网元向服务消费网元发送数据调用响应消息,所述数据调用响应消息用于拒绝所述数据调用请求消息;所述服务消费网元接收来自所述授权验证网元的所述数据调用响应消息。
- 根据权利要求11所述的方法,其特征在于,所述授权验证网元判断所述服务消费网元是否具备支持停止处理数据的能力,包括:所述授权验证网元接收来自所述服务消费网元的能力指示信息;响应于所述数据调用请求消息,所述授权验证网元根据所述能力指示信息,确定所述服务消费网元是否具备支持停止处理数据的能力。
- 根据权利要求11所述的方法,其特征在于,所述授权验证网元判断所述服务消费网元是否具备支持停止处理数据的能力,包括:在所述授权验证网元没有接收到来自所述服务消费网元的能力指示信息的情况下,或者在所述授权验证网元的上下文没有保存所述服务消费网元的能力指示信息的情况下,所述授权验证网元确定所述服务消费者不具备支持停止处理数据的能力,所述能力指示信息用于指示所述服务消费网元是否具备所述能力。
- 根据权利要求11至13中任一项所述的方法,其特征在于,所述方法还包括:所述授权验证网元向所述服务消费网元发送能力信息查询请求消息,所述能力信息查询请求消息用于请求查询所述服务消费网元是否具备所述能力;所述服务消费网元接收来自所述授权验证网元的能力信息查询请求消息,所述能力信息查询请求消息用于请求查询所述服务消费网元是否具备支持停止处理数据的能力;响应于所述能力信息查询请求消息,所述服务消费网元向所述授权验证网元发送能力指示信息,所述能力指示信息用于指示所述服务消费网元是否具备所述能力。
- 根据权利要求11至14中任一项所述的方法,其特征在于,所述方法还包括:所述授权验证网元确定所述数据所有者允许所述服务消费网元使用所述数据所有者的数据。
- 根据权利要求15所述的方法,其特征在于,所述授权验证网元确定所述数据所有者允许所述服务消费网元使用所述数据所有者的数据,包括:所述授权验证网元向存储网元发送意向验证请求消息,所述意向验证请求消息包括所述数据所有者的标识,所述意向验证请求消息用于请求验证所述数据所有者是否允许所述服务消费网元使用所述数据所有者的数据;所述存储网元接收来自所述授权验证网元的所述意向验证请求消息;所述存储网元根据所述意向验证请求消息,获取所述数据所有者的签约信息;所述存储网元根据该签约信息判断所述数据所有者是否允许所述服务消费网元使用所述数据所有者的数据;所述存储网元向授权验证网元发送意向验证响应消息,所述意向验证响应消息用于响应于所述意向验证请求消息,所述意向验证响应消息用于指示所述数据所有者是否允许所述服务消费网元使用所述数据所有者的数据;所述授权验证网元从存储网元接收意向验证响应消息;所述授权验证网元根据所述意向验证响应消息确定所述数据所有者允许所述服务消费网元使用所述数据所有者的数据。
- 根据权利要求11至16中任一项所述的方法,其特征在于,所述数据调用响应消息包括原因值,所述原因值用于指示拒绝所述数据调用请求消息的原因。
- 根据权利要求17所述的方法,其特征在于,所述方法还包括:根据所述原因值,所述服务消费网元确定不再向所述授权验证网元请求获取数据。
- 一种数据调用的装置,其特征在于,包括:收发单元,用于接收来自服务消费网元的数据调用请求消息,所述数据调用请求消息包括数据所有者的标识,所述数据调用请求消息用于请求调用所述数据所有者的数据;处理单元,用于判断所述服务消费网元是否具备支持停止处理数据的能力,其中,所述能力用于表征所述服务消费网元支持停止处理从所述授权验证网元获取的数据;所述处理单元,还用于在所述服务消费网元不具备所述能力的情况下,拒绝所述数据调用请求消息。
- 根据权利要求19所述的装置,其特征在于,所述收发单元具体用于接收来自所述服务消费网元的能力指示信息;响应于所述数据调用请求消息,所述处理单元具体用于根据所述能力指示信息,确定所述服务消费网元是否具备支持停止处理数据的能力。
- 根据权利要求19所述的装置,其特征在于,在所述收发单元没有接收到来自所述服务消费网元的能力指示信息的情况下,或者在所述装置的上下文没有保存所述服务消费网元的能力指示信息的情况下,所述处理单元具体用于确定所述服务消费者不具备支持停止处理数据的能力,所述能力指示信息用于指示 所述服务消费网元是否具备所述能力。
- 根据权利要求19至21中任一项所述的装置,其特征在于,所述收发单元,还用于向所述服务消费网元发送能力信息查询请求消息,所述能力信息查询请求消息用于请求查询所述服务消费网元是否具备所述能力。
- 根据权利要求19至22中任一项所述的装置,其特征在于,所述收发单元具体用于向所述服务消费网元发送数据调用响应消息,所述数据调用响应消息用于拒绝所述数据调用请求消息,所述数据调用响应消息包括原因值,所述原因值用于指示拒绝所述数据调用请求消息的原因。
- 根据权利要求19至23中任一项所述的装置,其特征在于,所述装置还包括:所述授权验证网元确定所述数据所有者允许所述服务消费网元使用所述数据所有者的数据。
- 根据权利要求24所述的装置,其特征在于,所述收发单元具体用于向存储网元发送意向验证请求消息,所述意向验证请求消息包括所述数据所有者的标识,所述意向验证请求消息用于请求验证所述数据所有者是否允许所述服务消费网元使用所述数据所有者的数据;所述收发单元具体还用于,从存储网元接收意向验证响应消息;所述处理单元具体用于根据所述意向验证请求消息确定所述数据所有者允许所述服务消费网元使用所述数据所有者的数据。
- 一种数据调用的装置,其特征在于,包括:收发单元,用于向授权验证网元发送数据调用请求消息,所述数据调用请求消息包括数据所有者的标识,所述数据调用请求消息用于请求调用所述数据所有者的数据;所述收发单元,还用于接收来自所述授权验证网元的数据调用响应消息,所述数据调用响应消息用于拒绝所述数据调用请求消息,所述数据调用响应消息包括原因值,所述原因值用于指示拒绝所述数据调用请求消息的原因。
- 根据权利要求26所述的装置,其特征在于,所述装置还包括:处理单元,用于根据所述原因值,确定不再向所述授权验证网元请求获取数据。
- 根据权利要求26或27所述的装置,其特征在于,所述收发单元还用于:接收来自所述授权验证网元的能力信息查询请求消息,所述能力信息查询请求消息用于请求查询所述服务消费网元是否具备支持停止处理数据的能力;响应于所述能力信息查询请求消息,向所述授权验证网元发送能力指示信息,所述能力指示信息用于指示所述服务消费网元是否具备所述能力。
- 一种通信装置,其特征在于,该装置用于执行权利要求1至权利要求10中任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,当所述计算机程序在计算机上运行时,使得计算机执行如权利要求1至10中任一项所述的方法。
- 一种计算机程序产品,其特征在于,包括计算机程序指令,所述计算机程序指令在计算机上运行时,使得计算机执行如权利要求1至10中任一项所述的方法。
- 一种通信装置,其特征在于,包括至少一个处理器,所述至少一个处理器用于执 行存储在存储器中的计算机程序或指令,以执行如权利要求1至10中任一项所述的方法。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP22875014.7A EP4398515A1 (en) | 2021-09-30 | 2022-09-28 | Data call method and apparatus |
US18/621,939 US20240244087A1 (en) | 2021-09-30 | 2024-03-29 | Data invocation method and apparatus |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111166931.5A CN115913601A (zh) | 2021-09-30 | 2021-09-30 | 数据调用的方法和装置 |
CN202111166931.5 | 2021-09-30 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/621,939 Continuation US20240244087A1 (en) | 2021-09-30 | 2024-03-29 | Data invocation method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023051631A1 true WO2023051631A1 (zh) | 2023-04-06 |
Family
ID=85733981
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/122227 WO2023051631A1 (zh) | 2021-09-30 | 2022-09-28 | 数据调用的方法和装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240244087A1 (zh) |
EP (1) | EP4398515A1 (zh) |
CN (1) | CN115913601A (zh) |
WO (1) | WO2023051631A1 (zh) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100095011A1 (en) * | 2008-10-10 | 2010-04-15 | Futurewei Technologies, Inc. | System and Method for Remote Authentication Dial In User Service (RADIUS) Prefix Authorization Application |
CN111566991A (zh) * | 2017-12-01 | 2020-08-21 | 耐瑞唯信有限公司 | 内容消费设备中的能力撤销 |
-
2021
- 2021-09-30 CN CN202111166931.5A patent/CN115913601A/zh active Pending
-
2022
- 2022-09-28 WO PCT/CN2022/122227 patent/WO2023051631A1/zh active Application Filing
- 2022-09-28 EP EP22875014.7A patent/EP4398515A1/en active Pending
-
2024
- 2024-03-29 US US18/621,939 patent/US20240244087A1/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100095011A1 (en) * | 2008-10-10 | 2010-04-15 | Futurewei Technologies, Inc. | System and Method for Remote Authentication Dial In User Service (RADIUS) Prefix Authorization Application |
CN111566991A (zh) * | 2017-12-01 | 2020-08-21 | 耐瑞唯信有限公司 | 内容消费设备中的能力撤销 |
Also Published As
Publication number | Publication date |
---|---|
EP4398515A1 (en) | 2024-07-10 |
US20240244087A1 (en) | 2024-07-18 |
CN115913601A (zh) | 2023-04-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020073855A1 (zh) | 建立会话的方法和装置以及发送报文的方法和装置 | |
US20200296142A1 (en) | User Group Establishment Method and Apparatus | |
US11457334B2 (en) | Context management method and apparatus | |
KR20180134685A (ko) | 통신 시스템에서 PDU(Protocol Data Unit) 세션을 설립하는 방법 | |
WO2021017550A1 (zh) | 一种事件报告的发送方法、装置及系统 | |
WO2021136211A1 (zh) | 授权结果的确定方法及装置 | |
WO2021233362A1 (zh) | 认证授权的方法和装置 | |
WO2021068830A1 (zh) | 用于多播传输的方法和装置 | |
WO2023011630A1 (zh) | 授权验证的方法及装置 | |
US20230232196A1 (en) | Data communication method and communication apparatus | |
WO2019192271A1 (zh) | 接入控制信息的传输方法、装置及网络侧设备 | |
WO2022027528A1 (zh) | 应用程序接口调用方法及其装置、系统 | |
WO2023213177A1 (zh) | 一种通信方法及装置 | |
KR20230107742A (ko) | 네트워크 기능 등록 방법, 발견 방법, 장치, 장비 및 매체 | |
CN115379531A (zh) | 通信方法和通信装置 | |
WO2024051313A1 (zh) | 通信资源管理方法、装置、系统及存储介质 | |
WO2023041054A1 (zh) | 网络验证的方法和装置 | |
AU2020246484A1 (en) | Terminal management and control method, apparatus, and system | |
WO2023051631A1 (zh) | 数据调用的方法和装置 | |
WO2022237857A1 (zh) | 确定安全保护开启方式的方法、通信方法及通信装置 | |
US11924660B2 (en) | Method and apparatus for group management for group event monitoring | |
WO2023072271A1 (zh) | 管理安全上下文的方法和装置 | |
WO2023134630A1 (zh) | 配置策略的方法和装置 | |
WO2024221358A1 (zh) | 通信控制方法、装置及存储介质 | |
WO2023041056A1 (zh) | 网络验证的方法和装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22875014 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2022875014 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2022875014 Country of ref document: EP Effective date: 20240402 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |