WO2023160390A1

WO2023160390A1 - Communication method and apparatus

Info

Publication number: WO2023160390A1
Application number: PCT/CN2023/074957
Authority: WO
Inventors: 赵鹏涛; 李岩
Original assignee: 华为技术有限公司
Priority date: 2022-02-28
Filing date: 2023-02-08
Publication date: 2023-08-31
Also published as: CN116709337A

Abstract

Disclosed in the present application are a communication method and apparatus, capable of improving the security of a communication system. The communication method comprises: determining whether a first user plane function (UPF) entity is attacked; and under the condition that the first UPF entity is attacked, sending exception indication information to a first session management function (SMF) entity, wherein the first SMF entity is connected to the first UPF entity, and the exception indication information is used for indicating that the first UPF entity is attacked.

Description

Communication method and device

This application claims the priority of the Chinese patent application with the application number 202210190092.9 and the application name "Communication Method and Device" submitted to the China Patent Office on February 28, 2022, the entire contents of which are incorporated in this application by reference.

technical field

The present application relates to the communication field, and more specifically, to a communication method and device.

Background technique

Edge computing refers to an open platform that integrates network, computing, storage, and application core capabilities on the side close to the source of objects or data, and provides the nearest end services. With edge computing, a differentiated service network can be provided from the center to the edge.

In the edge computing scenario of the campus, the edge computing platform (or edge computing server) and the user plane functional network elements (such as user plane function (UPF) entities) in the mobile communication network are deployed in a distributed manner on Inside the park, the security management capability of the computer room inside the park is weak and may be compromised, which makes the communication system risky.

Contents of the invention

The present application provides a communication method and device, which can improve the security of the communication system.

In the first aspect, a communication method is provided, including: determining whether the first user plane function UPF entity is attacked; in the case that the first UPF entity is attacked, sending abnormal indication information to the first session management function SMF entity , the abnormality indication information is used to indicate that the first UPF entity is attacked, and the first SMF entity is connected to the first UPF entity.

In the case that the first UPF entity is attacked, the first SMF entity connected to the first UPF entity may indicate abnormal information to indicate that the first UPF entity is attacked, so that the first SMF entity may be related to the first UPF entity session reestablishment or user plane path adjustment to improve the security of the communication system.

With reference to the first aspect, in some possible implementations, the method further includes: acquiring connection information, where the connection information is used to indicate at least one UPF entity connected to each SMF entity in the at least one SMF entity, and the at least one The SMF entity includes the first SMF entity.

The connection information is obtained, so as to determine the first SMF entity connected to the first UPF entity according to the connection information, so that the determination of the first SMF entity is easier.

With reference to the first aspect, in some possible implementation manners, the determining whether the first user plane function UPF entity is attacked includes: determining whether the first interface of the first UPF entity is abnormal, where the first interface is abnormal In case the first UPF entity is attacked.

In the case that the interface of the first UPF entity is abnormal, it is determined that the first UPF entity is attacked, so that the first UPF entity It is easier to judge that the entity is attacked.

With reference to the first aspect, in some possible implementation manners, the connection information further includes an identifier of each interface in the at least one interface of the first UPF entity, and the at least one interface of the first UPF entity includes the an interface.

In the case that the first UPF entity is determined to be attacked according to the abnormality of the interface of the first UPF entity, the connection information includes the identifier of each interface in the first UPF entity, so that the first UPF to which the abnormal interface belongs can be determined according to the identifier of the abnormal interface entity.

With reference to the first aspect, in some possible implementation manners, the acquiring connection information includes: receiving connection indication information sent by the first SMF entity, where the connection indication information is used to indicate the connection status of the first SMF entity. at least one said UPF entity.

The connection information can be determined according to the connection indication information sent by each SMF entity. This makes it easier to obtain connection information.

With reference to the first aspect, in some possible implementations, the connection indication information includes the identifier of the second interface of the first SMF entity; the sending the abnormal indication information to the session management function SMF entity includes: according to the An identifier of the second interface, and sending the abnormal indication information.

The second interface of the first SMF entity may be an interface used by the first SMF entity to communicate with the device implementing the communication method of the first aspect. Therefore, the device implementing the communication method of the first aspect can address according to the identifier of the second interface of the first SMF entity, and send the abnormal indication information to the address of the addressing result, so that the abnormal indication information is sent to the first SMF entity .

With reference to the first aspect, in some possible implementation manners, the connection indication information further includes an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for the connection between the first UPF entity and the first UPF entity. An SMF entity connection, where the abnormality indication information includes the identifier of the fourth interface.

The abnormal indication information includes the identification of the fourth interface used by the first UPF entity to connect with the first SMF entity, so as to facilitate subsequent processing by the first SMF entity. For example, the first SMF entity may disconnect from the first UPF entity according to the identifier of the fourth interface in the abnormal indication information.

With reference to the first aspect, in some possible implementation manners, the connection information includes an identifier of a third interface of the first SMF entity, and the third interface is used for the first SMF entity and the first UPF Entity connection, the method further includes: when the first UPF entity is abnormal, sending first request information to the network storage function NRF entity, where the first request information includes the identifier of the third interface; receiving The NRF entity sends first response information, and the first response information includes the identifier of the second interface of the first SMF entity; sending the abnormal indication information to the first session management function SMF entity includes: according to the An identifier of the second interface, and sending the abnormal indication information.

When the first UPF entity is abnormal, after the first SMF entity is determined, according to the identifier of the third interface of the first SMF entity, the identifier of the second interface of the first SMF entity may be requested to the NRF entity. Afterwards, abnormal indication information is sent to the first SMF entity according to the identifier of the second interface.

With reference to the first aspect, in some possible implementation manners, the connection information is determined according to interaction information between the at least one UPF entity and the at least one SMF entity, where the first UPF entity and the at least one SMF entity The first interaction information between the first SMF entities includes an identifier of the third interface and an identifier of each interface in at least one interface of the first UPF entity.

When it is determined that the first interface of the first UPF entity is abnormal, the identifier of the third interface of the first SMF may be determined according to the connection information and the identifier of the first interface. Thus, the identification of the second interface of the first SMF may be requested from the NRF entity.

With reference to the first aspect, in some possible implementation manners, at least one interface of the first UPF entity includes a fourth interface, and the fourth interface is used to connect the first UPF entity to the first SMF entity, The abnormal indication information includes the identifier of the fourth interface.

The abnormal indication information includes the identification of the fourth interface used by the first UPF entity to connect with the first SMF entity, so as to facilitate subsequent processing by the first SMF entity.

With reference to the first aspect, in some possible implementations, the method further includes: when the first UPF entity is abnormal, sending second request information to the unified database UDR entity, where the second request information includes the An identifier of the first UPF entity; receiving second response information sent by the UDR entity, where the second response information includes the identifier of the first SMF entity.

By sending request information to the UDR entity of the unified database, the identifier of the first SMF entity connected to the first UPF entity to which the abnormal interface belongs is obtained, so as to send abnormality indication information to the first SMF entity without storing the connection relationship between the UPF entity and the SMF entity.

With reference to the first aspect, in some possible implementation manners, the determining whether the first user plane function UPF entity is attacked includes: determining whether the first interface of the first UPF entity is abnormal, where the first interface is abnormal In the case where the first UPF entity is attacked; the identifier of the first UPF entity includes an identifier of an abnormal first interface in the first UPF entity.

In the case that the interface of the first UPF entity is abnormal, it is determined that the first UPF entity is attacked, so that it is easier to judge that the first UPF entity is attacked.

In the case of determining that the first interface of the first UPF entity is abnormal, in the first request information sent to the UDR entity, the identifier of the first interface is used as the identifier of the first UPF entity, and there is no need to carry out the UPF entity to which the first interface belongs. Judging, the UDR entity can determine the first SMF entity connected to the first UPF entity according to the identifier of the first interface. Therefore, the manner of determining the first SMF entity is simplified.

With reference to the first aspect, in some possible implementation manners, the identifier of the first SMF entity includes an identifier of a second interface of the first SMF entity, and sending the exception indication information to the first session management function SMF entity, The method includes: sending the abnormal indication information according to the identifier of the second interface.

The UDR entity may determine the second interface of the first SMF entity connected to the first UPF entity according to the identifier of the first interface in the first UPF entity. The second interface of the first SMF entity may be an interface used by the first SMF entity to communicate with the device implementing the communication method of the first aspect. Therefore, the device implementing the communication method of the first aspect can address according to the identifier of the second interface of the first SMF entity, and send the abnormal indication information to the address of the addressing result, so that the abnormal indication information is sent to the first SMF entity .

With reference to the first aspect, in some possible implementation manners, the second response information further includes an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for the first UPF entity to communicate with the The first SMF entity is connected, and the abnormal indication information includes the identifier of the fourth interface.

In a second aspect, a communication device is provided, including: a processing module and a transceiver module; the processing module is used to determine Determine whether the first user plane function UPF entity is attacked; the transceiver module is configured to, in the case that the first UPF entity is attacked, send abnormal indication information to the first session management function SMF entity, and the abnormal indication information It is used to indicate that the first UPF entity is attacked, and the first SMF entity is connected to the first UPF entity.

With reference to the second aspect, in some possible implementation manners, the apparatus further includes an acquisition module, configured to acquire connection information, where the connection information is used to indicate the connection of each SMF entity in the at least one SMF entity. At least one UPF entity, the at least one SMF entity includes the first SMF entity.

With reference to the second aspect, in some possible implementation manners, the processing module is specifically configured to determine whether the first interface of the first UPF entity is abnormal, and if the first interface is abnormal, the first UPF Entity is attacked.

With reference to the second aspect, in some possible implementation manners, the connection information further includes an identifier of each interface in the at least one interface of the first UPF entity, and the at least one interface of the first UPF entity includes the an interface.

With reference to the second aspect, in some possible implementation manners, the obtaining module is specifically configured to receive connection indication information sent by the first SMF entity, where the connection indication information is used to indicate the connection information of the first SMF entity. at least one said UPF entity.

With reference to the second aspect, in some possible implementation manners, the connection indication information includes an identifier of a second interface of the first SMF entity; the transceiver module is specifically configured to, according to the identifier of the second interface, send The abnormal indication information.

With reference to the second aspect, in some possible implementation manners, the connection indication information further includes an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for the connection between the first UPF entity and the first UPF entity. An SMF entity connection, where the abnormality indication information includes the identifier of the fourth interface.

With reference to the second aspect, in some possible implementation manners, the connection information includes an identifier of a third interface of the first SMF entity, and the third interface is used for the first SMF entity and the first UPF For entity connection, the transceiver module is further configured to, when the first UPF entity is abnormal, send first request information to the network storage function NRF entity, where the first request information includes the identifier of the third interface The transceiver module is also used to receive the first response information sent by the NRF entity, and the first response information includes the identifier of the second interface of the first SMF entity; the transceiver module is specifically used to, according to the The identifier of the second interface is used to send the abnormal indication information.

With reference to the second aspect, in some possible implementation manners, the connection information is determined according to interaction information between the at least one UPF entity and the at least one SMF entity, where the first UPF entity and the The first interaction information between the first SMF entities includes an identifier of the third interface and an identifier of each interface in at least one interface of the first UPF entity.

With reference to the second aspect, in some possible implementation manners, the transceiver module is further configured to, when the first UPF entity is abnormal, send second request information to the unified database UDR entity, and the second request information Including the identifier of the first UPF entity; the transceiver module is further configured to receive second response information sent by the UDR entity, where the second response information includes the identifier of the first SMF entity.

With reference to the second aspect, in some possible implementation manners, the processing module is specifically configured to determine whether the first interface of the first UPF entity is abnormal, and if the first interface is abnormal, the first UPF The entity is attacked; the identifier of the first UPF entity includes an identifier of an abnormal first interface in the first UPF entity.

With reference to the second aspect, in some possible implementation manners, the identifier of the first SMF entity includes an identifier of a second interface of the first SMF entity, and the transceiver module is specifically configured to, according to the identifier of the second interface identify, send The abnormal indication information.

In a third aspect, a communication method is provided, which is applied to a session management function SMF entity, and the method includes: receiving abnormal indication information sent by a security policy control function SPCF entity, and the abnormal indication information is used to indicate that the first UPF entity is attacked ; Disconnect from the first UPF entity.

When the session management function SMF entity receives the abnormal indication information sent by the SPCF entity, it disconnects the connection with the first UPF entity, so as to provide the security of the communication system.

With reference to the third aspect, in some possible implementation manners, the method further includes: sending interface indication information to a network storage function NRF entity, where the interface indication information includes the identifier of the second interface of the SMF entity and the SMF The identifier of the third interface of the entity, the third interface is used for the connection between the SMF entity and the first UPF entity; the abnormal indication information is the first response information sent by the SPCF entity according to the NRF entity sent, the first response information includes the identifier of the third interface, the first response information is sent by the NRF entity according to the first request information, and the first request information includes the identifier of the second interface ID, the first request information is sent by the SPCF entity when it is determined that the first UPF entity is attacked.

The SMF entity registers the identifier of the second interface of the SMF entity and the identifier of the third interface of the SMF entity in the NRF entity by sending interface indication information to the NRF entity. Therefore, when it is determined that the first UPF entity is abnormal, the SPCF entity may request the NRF entity for the second interface of the SMF entity according to the identifier of the third interface of the first SMF entity after determining the SMF entity connected to the first UPF entity. The ID of the interface. Afterwards, the SPCF entity may send abnormal indication information to the SMF entity according to the identifier of the second interface.

With reference to the third aspect, in some possible implementations, the method further includes: sending first connection indication information to the SPCF entity, where the first connection indication information is used to indicate at least one UPF connected to the SMF entity entities, the at least one UPF entity includes the first UPF entity.

Therefore, the SPCF entity can determine the SMF entity connected to the attacked first UPF entity according to the first connection indication information.

With reference to the third aspect, in some possible implementation manners, the first connection indication information includes an identifier of a second interface of the first SMF entity, and the abnormal indication information is sent with the ID.

The second interface of the SMF entity may be an interface used by the SMF entity to communicate with the SPCF entity. Therefore, the SPCF entity can address according to the identifier of the second interface, and send the abnormality indication information to the address of the addressing result, so that the abnormality indication information is sent to the SMF entity.

With reference to the third aspect, in some possible implementations, the method further includes: sending second connection indication information to the unified database UDR entity, where the second connection indication information is used to indicate at least one UPF connected to the SMF entity entity, the at least one UPF entity includes the first UPF entity; the abnormal indication information is sent by the SPCF entity according to the second response information, and the second response information includes the identifier of the SMF entity, the The second response information is sent by the UDR entity according to the second request information, and the second request information includes the identifier of the first UPF entity; the second request information is that the SPCF entity determines that the first Sent when the UPF entity is attacked.

The SMF entity registers in the UDR entity at least one UPF entity connected to the SMF entity by sending the second connection indication information to the UDR entity. The second connection indication information may include the identifier of the SMF entity and the identifier of each UPF entity in the at least one UPF entity.

Therefore, the SPCF entity can send request information to the unified database UDR entity, acquire the identifier of the SMF entity connected to the first UPF entity to which the abnormal interface belongs, and send abnormal indication information to the SMF entity according to the identifier of the SMF entity.

With reference to the third aspect, in some possible implementation manners, the second connection indication information includes an identifier of the SMF entity, and the identifier of the SMF entity includes an identifier of a second interface of the SMF entity, and the abnormality indication The information is sent by the SPCF entity according to the identifier of the second interface.

The second connection indication information includes the identifier of the second interface of the SMF entity, so that the UDR entity can determine the second interface of the first SMF entity connected to the first UPF entity according to the identifier of the first interface in the first UPF entity . The second interface of the SMF entity may be the interface used by the first SMF entity to communicate with the device implementing the communication method of the first aspect. Therefore, the SPCF entity can perform addressing according to the identifier of the second interface of the SMF entity, and send the abnormal indication information to the address of the addressing result, so that the abnormal indication information is sent to the SMF entity.

With reference to the third aspect, in some possible implementation manners, the second connection indication information includes an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for the connection between the first UPF entity and the SMF entity connection, the second response information further includes the identifier of the fourth interface, and the abnormal indication information includes the identifier of the fourth interface.

The second connection indication information includes the identification of the fourth interface used by the first UPF entity to connect with the first SMF entity, so that the abnormal indication information may include the identification of the fourth interface, so that the first SMF entity can perform subsequent processing.

In a fourth aspect, a communication method is provided, including: receiving interface indication information sent by a first SMF entity, where the interface indication information includes an identifier of a second interface of the first SMF entity and a second interface identifier of the first SMF entity. The identification of three interfaces, the third interface is used for the connection between the first SMF entity and the first UPF entity; receiving the first request information sent by the SPCF entity, the first request information includes the second interface The first request information is sent by the SPCF entity when it is determined that the first UPF entity is attacked; the first response information is sent to the SPCF entity, and the first response information includes the An identifier of a third interface, where the identifier of the third interface is used for the first SMF entity to send abnormal indication information to the first SMF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

In a fifth aspect, a communication method is provided, including: receiving second connection indication information sent by a first SMF entity, where the second connection indication information is used to indicate at least one UPF entity connected to the first SMF entity, the At least one UPF entity includes the first UPF entity; receiving second request information sent by the SPCF entity, where the second request information is sent by the SPCF entity when it is determined that the first UPF entity is attacked, and the The second request information includes the identifier of the first UPF entity; the second response information is sent to the SPCF entity, the second response information includes the identifier of the first SMF entity, and the identifier of the first SMF entity It is used for the first SMF entity to send abnormal indication information to the first SMF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

With reference to the fifth aspect, in some possible implementation manners, the second connection indication information includes an identifier of the SMF entity, and the identifier of the SMF entity includes an identifier of a second interface of the SMF entity, and the abnormality indication The information is sent by the SPCF entity according to the identifier of the second interface.

With reference to the fifth aspect, in some possible implementation manners, the second connection indication information includes an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for the connection between the first UPF entity and the SMF entity connection, the second response information further includes the identifier of the fourth interface, and the abnormal indication information includes the identifier of the fourth interface.

In a sixth aspect, a communication device is provided, including an implementation for implementing any one of the fourth aspect to the sixth aspect The individual modules of the method in the method.

In a seventh aspect, there is provided a communication device, including a processor and a communication interface, the communication interface is used for the communication device to exchange information with other communication devices, and when the program instructions are executed in the at least one processor, so that The communication device executes the method in any one implementation manner of the first aspect, the fourth aspect to the sixth aspect.

In an eighth aspect, a computer-readable medium is provided, the computer-readable medium stores program code for execution by a device, and the program code includes an implementation for executing any one of the first aspect, the fourth aspect to the sixth aspect methods in methods.

In the ninth aspect, there is provided a computer program product containing instructions, and when the computer program product is run on a computer, it causes the computer to execute the method in any one of the implementation manners of the first aspect, the fourth aspect to the sixth aspect above .

In a tenth aspect, a chip is provided, the chip includes a processor and a data interface, the processor reads instructions stored on the memory through the data interface, and executes the above-mentioned first aspect, the fourth aspect to the sixth aspect A method in any implementation of .

Optionally, as an implementation manner, the chip may further include a memory, the memory stores instructions, the processor is configured to execute the instructions stored in the memory, and when the instructions are executed, the The processor is configured to execute the method in the first aspect or any one implementation manner of the fourth aspect to the sixth aspect.

The aforementioned chip may specifically be a field-programmable gate array (field-programmable gate array, FPGA) or an application-specific integrated circuit (application-specific integrated circuit, ASIC).

It should be understood that in this application, the method in the first aspect may specifically refer to the first aspect and the method in any of the various implementation manners in the first aspect.

The technical effects that can be achieved by any possible implementation of any one of the above-mentioned second to tenth aspects can be described with reference to the technical effects that can be achieved by any possible implementation of any of the above-mentioned first aspects, Duplication will not be discussed.

Description of drawings

FIG. 1 is a schematic diagram of a possible network architecture of an embodiment of the present application.

Fig. 2 is a schematic diagram of another possible network architecture of the embodiment of the present application.

Fig. 3 is a schematic flowchart of a communication method provided by an embodiment of the present application.

Fig. 4 is a schematic flowchart of another communication method provided by an embodiment of the present application.

FIG. 5 is a schematic flowchart of another communication method provided by an embodiment of the present application.

Fig. 6 is a schematic flowchart of another communication method provided by an embodiment of the present application.

FIG. 7 is a schematic flowchart of another communication method provided by an embodiment of the present application.

FIG. 8 is a schematic flowchart of another communication method provided by an embodiment of the present application.

FIG. 9 is a schematic flowchart of another communication method provided by an embodiment of the present application.

Fig. 10 is a schematic structural diagram of a communication device provided by an embodiment of the present application.

Fig. 11 is a schematic structural diagram of another communication device provided by an embodiment of the present application.

Detailed ways

The technical solution in this application will be described below with reference to the accompanying drawings.

The technical solution of the embodiment of the present application can be applied to various communication systems, such as: global system for mobile communications (global system for mobile communications, GSM) system, code division multiple access (code division multiple access, CDMA) system, wideband code division multiple access (wideband code division multiple access, WCDMA) system, general packet radio service (general packet radio service, GPRS), long term evolution (long term evolution, LTE) system, LTE frequency division duplex (frequency division duplex, FDD) system, LTE Time division duplex (time division duplex, TDD), universal mobile telecommunications system (universal mobile telecommunications system, UMTS), global interconnection microwave access (worldwide interoperability for microwave access, WiMAX) communication system, the future fifth generation (5th generation, 5G) system or new radio (new radio, NR), etc.

In order to facilitate understanding of the embodiment of the present application, the application scenario of the embodiment of the present application is firstly described in detail with reference to FIG. 1 and FIG. 2 .

FIG. 1 is a schematic diagram of a network architecture applicable to the communication method provided by the embodiment of the present application. The network architecture 100 shown in FIG. 1 may specifically include one or more of the following network elements:

1. User equipment (UE): can be called terminal equipment, terminal, access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, wireless communication equipment, User Agent or User Device. The UE can also be a cellular phone, a cordless phone, a session initiation protocol (session initiation protocol, SIP) phone, a wireless local loop (wireless local loop, WLL) station, a personal digital assistant (personal digital assistant, PDA), having a wireless communication function Handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, terminal devices in future 5G networks or terminals in future evolved public land mobile network (PLMN) Devices, etc., can also be end devices, logical entities, smart devices, such as mobile phones, smart terminals and other terminal devices, or communication devices such as servers, gateways, base stations, and controllers, or Internet of Things devices, such as sensors, electricity meters, water meters, etc. Internet of things (IoT) devices. The UE may also be a wired device, such as a computer, a notebook computer, and the like. The embodiment of the present application does not limit this.

2. Access network (AN): Provides network access functions for authorized users in a specific area, and can use transmission tunnels of different qualities according to user levels and business requirements. The access network may be an access network using different access technologies. There are currently two types of wireless access technologies: 3rd Generation Partnership Project (3GPP) access technologies (such as those used in 3G, 4G or 5G systems) and non-3G partnership Partnership project (non-3GPP) access technology. 3GPP access technology refers to the access technology that conforms to the 3GPP standard specifications. The access network using the 3GPP access technology is called a radio access network (Radio Access Network, RAN). Among them, the access network equipment in the 5G system is called Next generation Node Base station (gNB). A non-3GPP access technology refers to an access technology that does not comply with 3GPP standard specifications, for example, an air interface technology represented by an access point (access point, AP) in wifi.

An access network that implements access network functions based on wired communication technologies may be called a wired access network.

An access network that implements a network access function based on a wireless communication technology may be referred to as a radio access network (radio access network, RAN). The wireless access network can manage wireless resources, provide access services for terminals, and complete the forwarding of control signals and user data between terminals and the core network.

The wireless access network can be, for example, a base station (NodeB), an evolved base station (evolved NodeB, eNB or eNodeB), a base station (gNB) in a 5G mobile communication system, a base station in a future mobile communication system, or an AP in a WiFi system, etc. It can also be a wireless controller in a cloud radio access network (cloud radio access network, CRAN) scenario, or the access network device can be a relay station, an access point, a vehicle device, a wearable device, or a network in a future 5G network. network equipment or network equipment in the future evolved PLMN network. The embodiment of the present application does not limit the specific technology and specific equipment form adopted by the radio access network equipment.

3. Access and mobility management function (access and mobility management function, AMF) entity: mainly used for mobility management and access management, such as user location update, user registration network, user switching, etc.; can also be used to implement Functions other than session management in mobility management entity (mobility management entity, MME) functions, for example, functions such as lawful interception or access authorization (or authentication). In the embodiment of the present application, it can be used to implement functions of access and mobility management network elements.

4. Session management function (session management function, SMF) entity: mainly used for session management (such as session establishment, modification, release, etc.), UE's Internet Protocol (internet protocol, IP) address allocation and management, and selection of manageable user planes function, policy control, or endpoint of charging function interface and downlink data notification, etc. In the embodiment of the present application, it can be used to realize the function of the session management network element.

5. A user plane function (UPF) entity: namely, a data plane gateway. It can be used for packet routing and forwarding, or quality of service (QoS) processing of user plane data, etc. User data can be accessed to a data network (data network, DN) through this network element. In the embodiment of this application, it can be used to realize the function of the user plane gateway.

6. Data network (DN): A network used to provide data transmission. For example, an operator's service network, an Internet (Internet) network, a third-party service network, an Internet protocol address (internet protocol address, IP) multimedia service (IP Multi-media Service, IMS) network, and the like. A DN can be identified by a data network name (DNN) in a 5G network.

7. Authentication server function (authentication server function, AUSF) entity: mainly used for user authentication, that is, authorization for UE to access the 5G network, etc.

8. Network exposure function (network exposure function, NEF) entity: used to securely expose services and capabilities provided by 5G network functions to the outside.

9. Network function (network function (NF) repository function, NRF) entity: used to store the description information of the network function entity and the services it provides, and support service discovery, network element entity discovery and registration, etc.

10. Policy control function (policy control function, PCF) entity: a unified policy framework for guiding network behavior, providing policy rule information for control plane functional network elements (such as AMF, SMF network elements, etc.).

11. Unified data management (UDM) entity: used to handle user identification, access authentication, registration, or mobility management.

12. Application function (Application function, AF) entity: It is used for data routing affected by applications, accessing network elements with open functions, or interacting with policy frameworks for policy control, etc.

13. Unified data repository (UDR) entity: Provides storage capabilities for contract data, policy data, and capability opening-related data.

In this network architecture, Nausf is the service-based interface presented by AUSF, Namf is the service-based interface presented by AMF, Nsmf is the service-based interface presented by SMF, Nnef is the service-based interface presented by NEF, and Nnrf is the service-based interface presented by NRF Npcf is the service-based interface presented by PCF, Nudm is the service-based interface presented by UDM, and Nudr is the service-based interface presented by UDR. The N1 interface is the reference point between the terminal and the AMF entity; the N2 interface is the reference point between the AN and the AMF entity, and is used for sending non-access stratum (non-access stratum, NAS) messages, etc.; the N3 interface is (R)AN The reference point between the UPF entity and the UPF entity, used to transmit the data of the user plane N4 interface is the reference point between the SMF entity and the UPF entity, and is used to transmit information such as the tunnel identification information of the N3 connection, data cache indication information, and downlink data notification messages; N6 interface is between the UPF entity and the DN The reference point for transmitting user plane data, etc.

The name of the interface between network elements in FIG. 1 is just an example, and the name of the interface in a specific implementation may be another name, which is not specifically limited in this application. In addition, the name of the message (or signaling) transmitted between the above network elements is only an example, and does not constitute any limitation on the function of the message itself.

It should be understood that the above-mentioned network architecture applied to the embodiment of the present application is only an example of a network architecture described from the perspective of a traditional point-to-point architecture and a service-oriented architecture, and the network architecture applicable to the embodiment of the present application is not limited thereto. Any network architecture capable of implementing the functions of the foregoing network elements is applicable to this embodiment of the present application.

Fig. 2 is a schematic diagram of a network architecture applicable to the communication method provided by the embodiment of the present application.

The network architecture 200 is based on a point-to-point interface. The N13 interface is the reference point between the UDM entity and the AUSF entity, the N35 interface is the reference point between the UDM entity and the UDR entity, the N12 interface is the reference point between the AUSF and AMF entities, and the N8 interface is between the UDM entity and the AMF entity Reference point, the N10 interface is the reference point between the UDM entity and the SMF entity, the N36 interface is the reference point between the UDR entity and the PCF entity, the N5 interface is the reference point between the PCF entity and the AF entity, and the N15 interface is the PCF entity and the reference point between AMF entities.

The AMF network elements, SMF network elements, UPF network elements, UDR network elements, NEF network elements, AUSF network elements, NRF network elements, PCF network elements, and UDM network elements shown in Figure 1 and Figure 2 can all be understood as core Network elements used to implement different functions in the network, for example, can be combined into network slices on demand. These network elements of the core network may be independent devices, or may be integrated into the same device to implement different functions, which is not limited in this application. A device that performs the function of a network element of the core network may also be called a core network device or a network device.

The above-mentioned names are only used to distinguish different functions, and do not mean that these network elements are independent physical devices. This application does not limit the specific form of the above-mentioned network elements. For example, they can be integrated in the same physical device, or they can be separated are different physical devices. In addition, the above naming is only for the convenience of distinguishing different functions, and should not constitute any limitation to this application, and this application does not exclude the possibility of using other naming in 5G network and other networks in the future. For example, in a 6G network, some or all of the above network elements may use the terms in 5G, or may use other names. A unified description will be made here, and details will not be repeated below.

Edge computing provides a differentiated service network from the center to the edge. The migration of content, applications, and computing to the edge drives the development of edge computing. The centralized deployment of the core network cannot meet the needs of new services. The migration of the network to the edge along with the business flow is an industry trend. The combination of edge computing and intelligent parks enables rapid deployment and realizes a closed-loop local business. With a more optimized network, it saves transmission for park users and ensures user experience.

However, in the campus edge computing scenario, the edge computing platform (or edge computing server) and the user plane functional network elements (such as UPF) in the mobile communication network are deployed inside the campus, and the security management capabilities of the internal computer rooms in the campus are weak, and there are risk of breach. Attackers can attack the user plane and control plane of the mobile communication network by hijacking the UPF (for example, physically sneaking into the corresponding computer room), causing risks in the communication network.

In order to solve the above problem, an embodiment of the present application provides a communication method.

The method 300 may be executed by a security policy control function (security policy control function, SPCF) entity or other network elements. The method 300 includes S310 to S320.

At S310, it is determined whether the first UPF entity is attacked.

In S320, when the first UPF entity is attacked, send abnormal indication information to the first session management function SMF entity, the first SMF entity is connected to the first UPF entity, and the abnormal indication information is used to indicate that the first UPF entity is attacked.

Through the method 300, when the first UPF entity is attacked, the first SMF entity connected to the first UPF entity can be abnormally indicated to indicate that the first UPF entity is attacked, so that the first SMF entity can communicate with the first UPF entity. Sessions related to UPF entities perform session reestablishment or user plane path adjustment to improve the security of the communication system.

In some embodiments, before performing S310, connection information may be obtained, where the connection information is used to indicate at least one UPF entity connected to each SMF entity in the at least one SMF entity, and the at least one SMF entity includes the first SMF entity.

That is, before S320, if it is determined that the first UPF entity is attacked, the first SMF entity connected to the first UPF entity may be determined according to the connection information, so that abnormality indication information can be sent to the first SMF entity at S320.

Specifically, at S310, it may be determined whether the first interface of the first UPF entity is abnormal, and if the first interface is abnormal, the first UPF entity is attacked.

That is to say, by detecting the interfaces of the first UPF entity, if any interface of the interfaces of the first UPF entity is abnormal, it can be determined that the first UPF entity is attacked.

Optionally, the connection information may further include an identifier of each interface in the at least one interface of the first UPF entity, and the at least one interface of the first UPF entity includes the first interface.

It should be understood that the first interface may be any interface in the first UPF entity.

That is to say, before S310, an identifier of each interface in at least one interface of the first UPF entity may also be acquired. In the case that the first interface of the first UPF entity is abnormal, it may be determined that the first UPF entity is attacked according to the identifier of the first interface.

The connection information may be determined according to the connection indication information sent by each SMF entity, or the connection information may be determined according to the interaction information between each UPF entity and the connected SMF entity.

In the case of determining the connection information according to the connection indication information sent by each SMF entity, before S310, the connection indication information sent by the first SMF entity may be received, and the connection indication information sent by the first SMF entity is used to indicate that the first SMF entity is connected At least one UPF entity of the .

After receiving the connection indication information sent by each SMF entity, the connection information can be determined according to the connection indication information sent by at least one SMF entity.

The connection indication information sent by the first SMF entity also includes the identifier of the second interface of the first SMF entity. At S320, the abnormality indication information may be sent to the first SMF entity according to the identifier of the second interface.

That is to say, the second interface of the first SMF entity may be an interface used by the first SMF entity to communicate with the SPCF entity. Therefore, at S320, the abnormality indication information may be sent according to the identifier of the second interface of the first SMF entity.

The connection indication information sent by the first SMF entity may also include the identifier of the fourth interface of the first UPF entity. The fourth interface of the first UPF entity may be, for example, an N4 interface, which is used for connecting the first UPF entity to the first SMF entity. The abnormal indication information may include the identifier of the fourth interface of the first UPF entity.

The abnormal indication information includes the identification of the fourth interface used by the first UPF entity to connect with the first SMF entity, so as to facilitate subsequent processing by the first SMF entity. For example, the first SMF entity may, according to the fourth connection in the abnormal indication information The identifier of the port, and the connection with the first UPF entity is disconnected.

When the connection information is determined according to the interaction information between each UPF entity and the connected SMF entity, the connection information may include the identifier of the third interface of the first SMF entity, and the third interface of the first SMF entity is used for the first SMF An entity's connection to a first UPF entity.

In the case that the first UPF entity is abnormal, before S320, the first request information may be sent to the NRF entity. The first request information includes the identifier of the third interface.

Afterwards, the first response information sent by the NRF entity may be received. The first response information includes the identifier of the second interface of the first SMF entity.

At S320, abnormality indication information may be sent according to the identifier of the second interface.

The third interface used by the first SMF entity for connection with the first UPF entity may be the N4 interface of the first SMF entity. The second interface of the first SMF entity may be an interface used by the first SMF entity to connect with the SPCF entity, for example, may be a service interface of the first SMF entity.

That is to say, when the first UPF entity is abnormal, after the first SMF entity is determined, according to the N4 interface identifier of the first SMF entity, the NRF entity may be requested for the identifier of the second interface of the first SMF entity. Afterwards, abnormal indication information is sent to the first SMF entity according to the identifier of the second interface.

Optionally, the connection information may be determined according to interaction information between the at least one UPF entity and the at least one SMF entity. The first interaction information between the first UPF entity of the at least one UPF entity and the first SMF entity of the at least one SMF entity may include the identifier of the third interface, and may include at least one of the first UPF entity An ID for each of the interfaces.

Therefore, when it is determined that the first interface of the first UPF entity is abnormal, the identifier of the third interface of the first SMF may be determined according to the connection information and the identifier of the first interface. Thus, the identification of the second interface of the first SMF may be requested from the NRF entity.

Exemplarily, a security policy enhancement function (security policy enhancement function, SPEF) may acquire information received or sent by at least one UPF entity. The interaction information between the UPF entity and the SMF entity may include the identifier of each interface in the UPF entity, and the identifier of the interface used by the SMF entity to connect with the UPF entity. The SPEF entity may send the identifier of the interface used by the SMF entity to connect with the UPF entity and the identifiers of the interfaces of the UPF entity connected to the SMF entity to the SPCF according to the interaction information between the UPF entity and the SMF entity.

Specifically, the SPEF may acquire the first interaction information, and send the identifier of the third interface and the identifier of each interface in at least one interface of the first UPF entity to the SPCF entity.

Therefore, the SPCF entity can determine the connection information according to the information sent by the SPEF.

At least one interface of the first UPF entity includes a fourth interface, the fourth interface is used to connect the first UPF entity to the first SMF entity, and the abnormal indication information includes an identifier of the fourth interface.

The first interaction information between the first UPF entity and the first SMF entity may include an identifier of the third interface and an identifier of the fourth interface. Therefore, the abnormality indication information may include the identifier of the fourth interface.

The fourth interface of the first UPF entity is used to connect the first UPF entity to the first SMF entity, for example, may be an N4 interface of the first UPF entity. The identifier of the fourth interface in the abnormal indication information may be used to indicate the first UPF entity. The abnormal indication information includes the identification of the fourth interface used by the first UPF entity to connect with the first SMF entity, so as to facilitate subsequent processing by the first SMF entity. For example, the first SMF entity may disconnect from the first UPF entity according to the identifier of the fourth interface in the abnormal indication information. That is to say, the first SMF entity is disconnected from the identification indication of the fourth interface connection of the fourth interface, that is, the connection with the first UPF entity is disconnected.

In some other embodiments, when the first UPF entity is abnormal, the second request information may be sent to the UDR entity. The second request information includes the identifier of the first UPF entity.

Afterwards, the second response information sent by the UDR entity may be received. The second response information includes the identifier of the first SMF entity. The UDR entity may send the second request information after receiving the second response information. The second response information may be understood as response information of the second request information.

At S310, it may be determined whether the first interface of the first UPF entity is abnormal. The first interface of the first UPF entity is abnormal, which may be understood as the first UPF entity being attacked.

The identifier of the first UPF entity includes the identifier of the abnormal first interface in the first UPF entity.

That is to say, the second request information may include the identifier of the first interface in the first UPF entity. The UDR entity may determine the first SMF entity connected to the first UPF entity according to the identifier of the first interface.

The identifier of the first SMF entity may include the identifier of the second interface of the first SMF entity. At S320, abnormality indication information may be sent according to the identifier of the second interface of the first SMF entity.

The UDR entity may determine the second interface of the first SMF entity connected to the first UPF entity according to the identifier of the first interface in the first UPF entity. The second interface of the first SMF entity is used to connect the first SMF entity with the SPCF entity, for example, the second interface of the first SMF entity may be a service interface of the first SMF entity. The second response information sent by the UDR entity may include the identifier of the second interface of the first SMF entity. Therefore, at S320, sending the abnormality indication information according to the identifier of the second interface of the first SMF entity may cause the abnormality indication information to be sent to the first SMF entity.

The second response information may also include the identifier of the fourth interface of the first UPF entity. The fourth interface of the first UPF entity is used to connect the first UPF entity to the first SMF entity, and the abnormal indication information includes an identifier of the fourth interface of the first UPF entity.

The fourth interface of the first UPF entity is used to connect the first UPF entity to the first SMF entity, for example, may be an N4 interface of the first UPF entity. The identifier of the fourth interface in the abnormal indication information may be used to indicate the first UPF entity. The abnormal indication information includes the identifier of the fourth interface of the first UPF entity, which is convenient for the first SMF entity to perform subsequent processing. For example, the first SMF entity may disconnect from the first UPF entity according to the identifier of the fourth interface in the abnormal indication information. That is to say, the first SMF entity disconnects from the fourth interface indicated by the identifier of the fourth interface, that is, disconnects from the first UPF entity.

In the case that the abnormal first interface in the first UPF entity is not the fourth interface of the first UPF entity, the abnormality indication information may include the identifier of the fourth interface. In the case that the abnormal first interface in the first UPF entity is the fourth interface of the first UPF entity, the abnormality indication information may include or not include the identifier of the fourth interface.

Fig. 4 is a schematic flowchart of a communication method provided by an embodiment of the present application. The method 400 includes S401 to S413.

In S401, the first SMF entity sends network function registration information to the NRF entity.

For the network architecture 100, the network function registration information may include the network function (network function, NF) type (NF type) of the first SMF entity, the NF instance (instance) identification (identification, ID) of the first SMF entity, the first SMF The identifier of the service interface of the entity and the identifier of the N4 interface of the first SMF entity.

For the network architecture 200, the network function registration information may include a network function (network function, NF) type (NF type), an NF instance (instance) identification (identification, ID), an identification of the N4 interface of the SMF entity, and an SMF entity used to communicate with An identifier of an interface through which other network elements in the network architecture 200 communicate. SMF entity's The identifier of the N4 interface may be the same as or different from the identifiers of other interfaces.

The NF type of the first SMF entity is used to indicate the type of the network element that sends the network function registration information, that is, indicates that the type of the first SMF entity is SMF. The NF instance ID of the first SMF entity is used to indicate the first SMF entity. The service interface identifier of the first SMF entity may be a fully qualified domain name (fully qualified domain name, FQDN) or IP address of the service interface of the first SMF entity, which is used to indicate the service interface of the first SMF entity. The identifier of the N4 interface of the first SMF entity may be the FQDN or IP address of the N4 interface of the first SMF entity, and is used to indicate the N4 interface of the first SMF entity.

The method 400 is described by taking the network architecture 100 as an example.

At S402, the NRF entity sends registration response information to the first SMF entity.

The registration response information is used to indicate that the registration of the network function is successful.

At S403, the SPEF entity detects information related to establishing the N4 coupling between the first SMF entity and the first UPF entity.

The SPEF entity may acquire the interaction information of each UPF entity in at least one UPF entity interacting with the SMF entity. The at least one UPF entity includes a first UPF entity. The SMF entity that establishes N4 coupling with the first UPF entity is the first SMF entity. The first UPF entity may be any one of the at least one UPF entity.

During the process of establishing a connection between a UPF entity and an SMF entity (which can also be understood as establishing an N4 association (N4association)), the message exchanged between the UPF entity and the SMF entity contains the identification of the N4 interface of the SMF entity and the N4 interface of the UPF entity. logo.

Therefore, the SPEF entity may determine the correspondence information 1 according to the information exchanged between each UPF entity and the SMF entity in at least one UPF entity. In the correspondence information 1, the identifier of the N4 interface of each SMF entity corresponds to the identifier of the N4 interface of at least one UPF entity, and there is an N4 coupling between the UPF entity and the SMF entity, that is, the N4 interface of the UPF entity and the SMF entity Physical N4 interface connection.

In S404, the SPEF entity sends correspondence information 1 to the SPCF.

At S405, the SPEF entity detects information related to session establishment and session modification between the first SMF entity and the first UPF entity.

During the message transmission process between the UPF entity and the SMF entity related to session establishment, session modification, or session, the interaction information between the SMF entity and the UPF entity carries the N3 interface identifier and the N9 interface identifier of the UPF entity, which are used to identify Configure the N3 interface and N9 interface of the UPF entity.

The SPEF entity may determine the correspondence information 2 according to the information exchanged between each UPF entity and the SMF entity in at least one UPF entity. Correspondence information 2 is used to indicate the correspondence between the identifier of the N4 interface of each UPF entity and the identifier of the N3 interface and the identifier of the N9 interface of the UPF.

In S406, the SPEF entity sends correspondence information 2 to the SPCF.

In S407, the SPEF entity judges whether the interface of the first UPF entity is abnormal.

The SPEF entity may detect each interface of each UPF entity in at least one UPF entity, so as to determine whether there is an abnormal interface.

It should be understood that S407 may be performed multiple times. Exemplarily, S407 may be performed periodically.

If the interface of the first UPF entity is abnormal, S408 may be performed. The first UPF entity may be any one of the at least one UPF entity.

At S408, the SPEF entity sends the abnormal interface information to the SPCF entity.

The abnormal interface information includes the identifier of the abnormal interface in the first UPF entity.

According to the abnormal indication information, the SPCF entity may determine that the first UPF entity is untrustworthy, that is, the first UPF entity is attacked.

In the case where the identification of the abnormal interface in the abnormal interface information is the identification of the N4 interface of the first UPF entity, the SPCF entity can determine the identification of the N4 interface of the SMF entity corresponding to the identification of the abnormal interface in the UPF entity according to the correspondence information 1 .

In the case that the identifier of the abnormal interface in the abnormal interface information is the N3 interface or the N9 interface of the first UPF entity, the SPCF entity can determine the identifier of the N4 interface of the first UPF entity according to the correspondence information 2, and according to the correspondence information 1 Determine the identifier of the N4 interface of the first SMF entity connected to the N4 interface of the first UPF entity.

At S409, the SPCF entity sends interface query information to the NRF entity.

The interface query information may include the identifier of the N4 interface of the first SMF entity.

At S410, the NRF entity sends interface response information to the SPCF entity.

The interface response information includes the identifier of the service interface of the first SMF entity.

Each SMF entity may send network function registration information to the NRF entity after being powered on. According to the network function registration information sent by each SMF entity, the NRF entity can determine the corresponding relationship between the identifier of the N4 interface and the identifier of the service interface in the SMF entity.

At S411, the SPCF entity sends abnormal indication information according to the identifier of the service interface of the first SMF entity.

The SPCF entity may address the identifier of the service-oriented interface of the first SMF entity, and send abnormal indication information to the address indicated by the addressing result. Therefore, the abnormality indication information can be sent to the first SMF entity.

The abnormal indication information is used to indicate that the interface of the first UPF entity is abnormal.

The first SMF entity may process services related to the first UPF entity according to the abnormal indication information.

Exemplarily, the first SMF entity may perform S412 and S413.

At S412, the first SMF entity disconnects the N4 coupling with the N4 interface of the first UPF entity.

The abnormal indication information may also include the identifier of the N4 interface in the first UPF entity.

The first SMF entity may disconnect the connection indicated by the identifier of the abnormal indication information, thereby disconnecting the N4association with the first UPF entity.

In S413, the first SMF entity may perform session reestablishment or session user plane path adjustment under the condition that a session exists with the first UPF entity.

The first SMF entity may perform session re-establishment under the condition that the N4 coupling with the N4 interface of the first UPF entity is disconnected. Alternatively, when the first SMF entity disconnects the N4 coupling with the N4 interface of the first UPF entity, it may determine whether to perform session reestablishment according to the role of the first UPF entity in the session. It should be understood that the session may be a protocol data unit (protocol data unit, PDU) session.

When the first SMF entity determines that the first UPF entity is the relay UPF (intermediate UPF, I-UPF) of the session, it may perform user plane path adjustment of the session, thereby using other UPF entities other than the first UPF entity as I-UPF.

When the first SMF entity determines that the first UPF entity is the PDU session anchor point UPF (UPF of PDU session Anchor, PSA-UPF) of the session, it can perform session re-establishment, so that other UPFs other than the first UPF entity Entity as PSA-UPF.

In method 400, the NRF entity provides network function registration and query services, and the SPEF entity detects the corresponding The relationship information 1 and the corresponding relationship information 2 are reported to the SPCF entity, wherein the corresponding relationship information 1 is used to indicate the corresponding relationship between the UPF entity with N4 coupling and the N4 interface of the SMF entity, and the corresponding relationship information 2 is used to indicate the UPF entity The corresponding relationship between the N4 interface, the N3 interface, and the N9 interface in . When the SPEF entity detects that the interface of the first UPF entity is abnormal, the SPCF entity determines the identifier of the N4 interface of the first SMF entity that has N4 coupling with the first UPF entity according to the correspondence information 1 and the correspondence information 2, And use the identifier of the N4 interface of the first SMF entity to query the NRF entity to obtain the identifier of the service interface of the first SMF. Afterwards, the SPCF entity may send abnormal indication information according to the identifier of the service interface of the first SMF, so as to indicate to the first SMF entity that the first UPF entity is attacked. Therefore, the first SMF entity can perform corresponding processing to ensure communication security.

When the first SMF entity disconnects the N4 coupling with the N4 interface of the first UPF entity, the SPEF entity may detect disconnection-related interaction information between the first SMF entity and the first UPF entity. The SPEF entity may send connection disconnection indication information to the SPCF. The disconnection indication information is used to indicate that the identifier of the N4 interface of the first SMF entity does not have a corresponding relationship with the identifier of the N4 interface of the first UPF entity, that is, the N4 interface of the first SMF entity and the N4 interface of the first UPF entity have been disconnected. Open the connection. The connection disconnection indication information may include the identifier of the N4 interface of the first SMF entity and the identifier of the N4 interface of the first UPF entity. Therefore, the SPCF entity can update the correspondence information 1 .

Or, after the SPCF entity sends the abnormal indication information according to the identifier of the service interface of the first SMF entity, the SPCF entity may update the corresponding relationship information 1 . The identifier of the N4 interface of the first SMF entity in the updated correspondence information 1 does not have a corresponding relationship with the identifier of the N4 interface of the first UPF entity.

Alternatively, after the SPCF entity sends the abnormality indication information according to the identifier of the service interface of the first SMF entity, the SPCF entity may mark the correspondence information 1 to indicate that the abnormality indication information has been sent to the first SMF entity.

Fig. 5 is a schematic flowchart of a communication method provided by an embodiment of the present application. The method 500 includes S501 to S509.

At S501, the first SMF entity establishes an N4 coupling with the first UPF entity.

That is, the N4 interface of the first SMF entity establishes a connection with the N4 interface of the first UPF entity.

During the process of establishing the N4 coupling between the first SMF entity and the first UPF entity, the information of the interaction between the first SMF entity and the first UPF entity carries the identifier of the N4 interface of the first UPF entity.

In S502, the first SMF entity sends association information 1 to the SPCF entity.

The association information 1 includes the identifier of the service interface of the first SMF entity, the identifier of the N4 interface of the first SMF entity, and the identifier of the N4 interface of the first UPF entity.

In S503, the first SMF entity establishes or modifies a session with the first UPF entity.

In the process of session establishment or session modification between the first SMF entity and the first UPF entity, the information that the first UPF entity interacts with the first SMF entity carries the identifier of the N3 interface of the first UPF entity and/or the identifier of the N9 interface. The identifier is used to configure the N3 interface and/or the N9 interface of the first UPF entity.

In S504, the first SMF entity sends association information 2 to the SPCF entity.

The association information 2 includes the identifier of the N4 interface of the first UPF entity, and the identifier of the N3 interface and/or the identifier of the N9 interface of the first UPF entity.

It should be understood that the SPCF entity may receive association information 1 and association information 2 sent by at least one SMF entity. The at least one SMF entity includes a first SMF entity.

After that, S505 to S506 can be performed.

At S505, the SPEF entity may determine whether the interface of the first UPF entity is abnormal.

The SPEF entity can detect the interface of at least one UPF entity. Specifically, the SPEF entity may acquire information about communication between each interface in each UPF entity in at least one UPF entity and other network elements. And determine whether each interface is abnormal according to the information.

The information that any interface in each UPF entity communicates with other network elements may include the identifier of the interface.

The at least one UPF entity includes a first UPF entity.

S505 can be performed multiple times. Exemplarily, S505 may be performed periodically.

If the interface of the first UPF entity is abnormal, S506 may be performed.

At S506, the SPEF entity may send the abnormal interface information to the SPCF entity.

The SPCF entity may determine the service interface of the SMF associated with the abnormal interface in the first UPF entity according to the association information 1 .

In the case that the abnormal interface in the first UPF entity is the N4 interface of the first UPF entity, the SPCF entity may determine the identity of the service interface of the first SMF that has N4 coupling with the first UPF entity according to the association information 1.

When the abnormal interface in the first UPF entity is the N3 interface or N9 interface of the first UPF entity, the SPCF entity can determine the first SMF that has N4 coupling with the first UPF entity according to the association information 1 and association information 2 Identification of the N4 interface. Exemplarily, the SPCF entity can determine the identifier of the N4 interface of the first UPF entity according to the association information 2; the SPCF entity can determine the identity of the service interface of the first SMF that has N4 coupling with the first UPF entity according to the association information 1 logo.

After that, S507 to S509 can be performed.

At S507, the SPCF entity sends abnormal indication information according to the identifier of the service interface of the first SMF entity.

At S508, the first SMF entity disconnects the N4 coupling with the N4 interface of the first UPF entity.

In S509, the first SMF entity may perform session reestablishment or session user plane path adjustment under the condition that a session exists with the first UPF entity.

It should be understood that S507 to S509 may be similar to S411 to S413, and for details, refer to the description of S411 to S413 in FIG. 4 .

In method 500, the first SMF entity sends association information 1 and association information 2 to the SPCF entity, association information 1 is used to indicate the association relationship between the service interface of the first SMF entity and the N4 interface of the first UPF entity, and association information 2 is used for Indicates the association relationship between the N4 interface of the first UPF entity, the N3 interface and the N9 interface of the first UPF entity. According to the association information 1 and the association information 2, the SPCF entity determines that there is a service interface of the first SMF entity N4 coupled to the first UPF entity to which the abnormal interface reported by the SPEF entity belongs. The SPCF entity sends abnormal indication information according to the service interface, so as to notify the first SMF entity that the first UPF entity is attacked and cannot be trusted. Therefore, the first SMF entity can perform corresponding processing to ensure communication security. Exemplarily, the first SMF entity may release the N4 coupling with the first UPF entity according to the abnormal indication information, and may perform session reestablishment or user plane path adjustment according to session requirements.

Exemplarily, when the first SMF entity breaks the N4 coupling with the N4 interface of the first UPF entity, the SPEF entity may detect that the first SMF entity and the first UPF entity are related to the disconnection interactive information. The SPEF entity may send connection disconnection indication information to the SPCF. The disconnection indication information is used to indicate that the identifier of the N4 interface of the first SMF entity does not have a corresponding relationship with the identifier of the N4 interface of the first UPF entity, that is, the first SMF The N4 interface of the entity has been disconnected from the N4 interface of the first UPF entity. The connection disconnection indication information may include the identifier of the N4 interface of the first SMF entity and the identifier of the N4 interface of the first UPF entity. Therefore, the SPCF entity can update the correspondence information 1 .

Exemplarily, after the first SMF entity disconnects the N4 coupling with the N4 interface of the first UPF entity, the first SMF entity may send connection disconnection indication information to the SPCF entity. The disconnection indication information is used to indicate that the identifier of the N4 interface of the first SMF entity does not have a corresponding relationship with the identifier of the N4 interface of the first UPF entity, that is, the N4 interface of the first SMF entity and the N4 interface of the first UPF entity have been disconnected. Open the connection. Therefore, the SPCF entity can update the correspondence information 1 .

Exemplarily, after the SPCF entity sends the abnormal indication information according to the identifier of the service interface of the first SMF entity, the SPCF entity may update the corresponding relationship information 1 . The identifier of the N4 interface of the first SMF entity in the updated correspondence information 1 does not have a corresponding relationship with the identifier of the N4 interface of the first UPF entity.

Exemplarily, after the SPCF entity sends the abnormal indication information according to the identifier of the service interface of the first SMF entity, the SPCF entity may mark the correspondence information 1 to indicate that the abnormal indication information has been sent to the first SMF entity.

Fig. 6 is a schematic flowchart of a communication method provided by an embodiment of the present application. The method 600 includes S601 to S611.

At S601, the first SMF entity establishes an N4 coupling with the first UPF entity.

In S602, the first SMF entity sends association information 1 to the UDR entity.

At S603, the first SMF entity establishes or modifies a session with the first UPF entity.

During the session establishment or session modification process between the first SMF entity and the first UPF entity, the information that the first UPF entity interacts with the first SMF entity carries the identifier of the N3 interface of the first UPF entity and/or the identifier of the N9 interface. logo.

In S604, the first SMF entity sends association information 2 to the UDR entity.

After that, S605 to S606 can be performed.

At S605, the SPEF entity may determine whether the interface of the first UPF entity is abnormal.

The at least one UPF entity includes a first UPF entity.

S605 can be performed multiple times. Exemplarily, S605 may be performed periodically.

If the interface of the first UPF entity is abnormal, S606 may be performed.

At S606, the SPEF entity may send the abnormal interface information to the SPCF entity.

After that, S607 and S608 can be performed.

At S607, the SPCF entity sends network element query information to the UDR entity.

The network element query information includes the identifier of the abnormal interface in the first UPF entity.

The network element query information may also include a target entity type identifier, where the target entity type identifier is used to indicate that the type of the queried entity is SMF.

The UDR entity may determine the service interface of the SMF associated with the abnormal interface in the first UPF entity according to the association information 1 .

In the case that the abnormal interface in the first UPF entity is the N4 interface of the first UPF entity, the SPCF entity may determine the identifier of the service interface of the first SMF that has N4 coupling with the first UPF entity according to the association information 1.

At S608, the UDR entity sends the network element response information to the SPCF entity.

The network element response information includes the identifier of the service interface of the first SMF.

The network element response information may also include the identifier of the N4 interface of the first UPF entity.

Exemplarily, when the UDR entity determines that the abnormal interface is not the N4 interface of the first UPF entity, the network element response information sent by the UDR entity includes the identifier of the N4 interface of the first UPF entity; the UDR entity determines that the received network element query information In the case that the abnormal interface in the first UPF entity is the N4 interface of the first UPF entity, the network element response information sent by the UDR entity may or may not include the identifier of the N4 interface of the first UPF entity.

After that, S609 to S611 can be performed.

At S609, the SPCF entity sends abnormal indication information according to the identifier of the service interface of the first SMF entity.

At S610, the first SMF entity disconnects the N4 coupling with the N4 interface of the first UPF entity.

In S611, the first SMF entity may perform session re-establishment or user plane path adjustment of the session when there is a session with the first UPF entity.

It should be understood that S609 to S611 may be similar to S411 to S413, and for details, refer to the description of S411 to S413 in FIG. 4 .

In method 600, the first SMF entity registers association information 1 and association information 2 in the UDR entity. Association information 1 is used to indicate the association relationship between the service interface of the first SMF entity and the N4 interface of the first UPF entity, and association information 2 is used to indicate the N4 interface of the first UPF entity and the N3 interface and N9 interface of the first UPF entity relationship. The SPCF entity sends the identifier of the abnormal interface reported by the SPEF entity to the UDR entity. According to the association information 1 and the association information 2, the UDR entity sends to the SPCF entity the identifier of the service interface of the first SMF entity N4 coupled with the first UPF entity to which the abnormal interface belongs. The SPCF entity sends abnormal indication information according to the identifier of the service interface, so as to notify the first SMF entity that the first UPF entity is under attack and cannot be trusted. Therefore, the first SMF entity can perform corresponding processing to ensure communication security.

After the first SMF entity breaks the N4 coupling with the N4 interface of the first UPF entity, the first SMF entity The entity may send connection disconnection indication information to the UDR entity. The disconnection indication information may include the identifier of the N4 interface of the first SMF entity and the identifier of the N4 interface of the first UPF entity, and the disconnection indication information is used to instruct the first SMF entity to disconnect the N4 coupling with the first UPF entity. The UDR entity may delete the associated information 1 according to the connection disconnection indication information.

Alternatively, after the SPCF entity sends the abnormality indication information according to the identifier of the service interface of the first SMF entity, the SPCF entity may send the connection disconnection indication information to the UDR entity to instruct the UDR entity to delete the association information 1 .

Alternatively, after the SPCF entity sends the abnormality indication information according to the service-oriented interface identifier of the first SMF entity, the SPCF entity may send notification indication information to the UDR entity, and the notification indication information is used to indicate that the SPCF entity has sent the abnormality indication information to the first SMF entity Instructions.

Fig. 7 is a schematic flowchart of a communication method provided by the embodiment of the application. The method 700 includes S710 to S720. Method 700 may be performed by a first SMF entity.

At S710, receive abnormal indication information sent by the security policy control function SPCF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

At S710, the connection with the first UPF entity is disconnected.

When receiving the abnormal indication information sent by the SPCF entity, the first SMF entity disconnects the connection with the first UPF entity, so as to provide the security of the communication system.

That is, before S710, there is a connection between the first SMF entity and the first UPF entity. The connection between the first SMF entity and the first UPF entity may be an N4 association (N4association) between the first SMF entity and the first UPF entity.

In some embodiments, before S710, the first SMF entity may send interface indication information to the NRF entity. The interface indication information includes the identifier of the second interface of the first SMF entity and the identifier of the third interface of the first SMF entity. Wherein, the third interface is used for the connection between the first SMF entity and the first UPF entity.

The abnormal indication information is sent by the SPCF entity according to the first response information sent by the NRF entity, the first response information includes the identifier of the third interface, and the first response information is the NRF entity The first request information is sent according to the first request information, where the first request information includes the identifier of the second interface, and the first request information is sent by the SPCF entity when the first UPF entity is attacked.

That is to say, the SPCF entity may determine the third interface of the first SMF entity connected to the first UPF entity when the first UPF entity is attacked. Afterwards, the SPCF entity may send first request information to the NRF entity, where the first request information includes the identifier of the third interface. The SPCF entity may receive the first response information sent by the NRF entity, where the first response information includes the identifier of the second interface of the first SMF entity. Therefore, the SPCF entity may send the abnormal indication information according to the identifier of the second interface, so that the abnormal indication information is sent to the first SMF entity.

Specifically, reference may be made to the descriptions of FIG. 3 and FIG. 4 . The interface indication information may be carried in the network function registration information in FIG. 4 . The first request information may be the interface query information in FIG. 4 . The second response information may be the query response information in FIG. 4 .

In other embodiments, before S710, the first SMF entity may send first connection indication information to the SPCF entity, where the first connection indication information is used to indicate at least one UPF entity connected to the first SMF entity, and the at least one UPF entity A first UPF entity is included.

The SPCF entity may receive first connection indication information sent by at least one SMF entity. The at least one SMF entity includes a first SMF entity. Therefore, the SPCF entity may determine that the SMF entity connected to the first UPF entity is the first SMF entity.

The first connection indication information may include the identifier of the second interface of the first SMF entity, and the abnormality indication information is sent by the SPCF entity according to the identifier of the second interface.

Specifically, reference may be made to the descriptions of FIG. 3 and FIG. 5 . The first connection indication information may include association information 1 and association information 2 shown in FIG. 5 .

In some other embodiments, before S710, the first SMF entity may send second connection indication information to the UDR entity, where the second connection indication information is used to indicate at least one UPF entity connected to the first SMF entity, and the at least one UPF entity Including the first UPF entity.

The abnormal indication information is sent by the SPCF entity according to the second response information, the second response information includes the identifier of the first SMF entity, and the second response information is sent by the UDR entity according to the second request information , the second request information includes the identifier of the first UPF entity; the second request information is sent by the SPCF entity when it is determined that the first UPF entity is attacked.

That is to say, when the first UPF entity is attacked, the SPCF entity may send the second request information to the UDR entity, where the second request information includes the identifier of the first UPF entity. The SPCF entity may receive the second response information sent by the UDR entity, where the second response information includes the identifier of the first SMF entity. Therefore, the SPCF entity may send abnormality indication information to the first SMF entity.

Exemplarily, the second connection indication information may include the identifier of the first SMF entity, and the identifier of the first SMF entity includes the identifier of the second interface of the first SMF entity. The abnormal indication information may be sent by the SPCF entity according to the identifier of the second interface.

Exemplarily, the second connection indication information may include an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for connecting the first UPF entity to the first SMF entity. The second response information may further include an identifier of the fourth interface, and the abnormality indication information includes the identifier of the fourth interface.

Exemplarily, the identifier of the first UPF entity may include an identifier of the first interface in the first UPF entity. The first interface may be an abnormal interface in the first UPF entity. The second connection indication information may include an identifier of each interface of each UPF entity connected to the first SMF entity.

The SPCF entity may determine that the first UPF entity is attacked in a case where an abnormal interface exists in the first UPF entity.

Specifically, reference may be made to the descriptions of FIG. 3 and FIG. 6 . The second connection indication information may include association information 1 and association information 2 shown in FIG. 6 . The second request information may be the network element query information in FIG. 6 . The second response information may be the network element response information in FIG. 6 .

Fig. 8 is a schematic flowchart of a communication method provided by an embodiment of the present application. The method 800 includes S810 to S830. Method 800 may be performed by an NRF entity.

At S810, receive interface indication information sent by the first SMF entity, where the interface indication information includes an identifier of a second interface of the first SMF entity and an identifier of a third interface of the first SMF entity, the third interface The interface is used for the connection between the first SMF entity and the first UPF entity.

At S820, receive the first request information sent by the SPCF entity, the first request information includes the identifier of the second interface, and the first request information is that the SPCF entity determines that the first UPF entity is attacked sent under the circumstances.

At S830, send first response information to the SPCF entity, where the first response information includes the identifier of the third interface, and the identifier of the third interface is used for sending the first SMF entity to the first SMF The entity sends an exception indication information, where the abnormality indication information is used to indicate that the first UPF entity is attacked.

Through the method 800, a query function may be provided to the SPCF entity, and in the case of receiving the identification of the second interface of the first SMF entity sent by the SPCF entity, the identification of the third interface of the first SMF entity is sent to the SPCF entity, so that the SPCF When the entity determines that the first UPF entity is attacked, it sends abnormal indication information to the first SMF entity connected to the first UPF entity, thereby improving the security of the communication system.

Specifically, reference may be made to the descriptions of FIG. 3 and FIG. 5 .

FIG. 9 is a schematic flowchart of a communication method provided by an embodiment of the present application. The method 900 includes S910 to S930. Method 900 may be performed by a UDR entity.

At S910, receiving second connection indication information sent by the first SMF entity, the second connection indication information is used to indicate at least one UPF entity connected to the first SMF entity, and the at least one UPF entity includes the first UPF entity.

In S910, receiving the second request information sent by the SPCF entity, the second request information is sent by the SPCF entity when it is determined that the first UPF entity is attacked, and the second request information includes the first UPF entity The identifier of a UPF entity.

At S910, send second response information to the SPCF entity, where the second response information includes the identifier of the first SMF entity, and the identifier of the first SMF entity is used for sending the first SMF entity to the first SMF entity. An SMF entity sends abnormal indication information, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

Through the method 900, a query function can be provided to the SPCF entity, and in the case of receiving the identifier of the first UPF entity sent by the SPCF entity, the identifier of the first SMF entity connected to the first UPF entity is sent to the SPCF entity, so that the SPCF entity When it is determined that the first UPF entity is attacked, abnormality indication information can be sent to the first SMF entity, thereby improving the security of the communication system.

Exemplarily, the second connection indication information may include the identifier of the first SMF entity, the identifier of the first SMF entity may include the identifier of the second interface of the first SMF entity, and the abnormal indication information is the SPCF entity according to The identifier of the second interface is sent.

Exemplarily, the second connection indication information may include an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for connecting the first UPF entity to the SMF entity.

The second response information may also include an identifier of the fourth interface. The abnormal indication information may include the identifier of the fourth interface.

Exemplarily, the second connection indication information may include an identifier of at least one interface in each connected UPF entity. The second request information may include the identifier of the first interface in the first UPF entity. The identifier of at least one interface in the first UPF entity includes the identifier of the first interface. The first interface may be an abnormal interface in the first UPF entity.

Specifically, reference may be made to the descriptions of FIG. 3 and FIG. 5 .

The method embodiment of the embodiment of the present application is described above with reference to FIG. 1 to FIG. 9 , and the device embodiment of the embodiment of the present application is described below with reference to FIG. 10 to FIG. 11 . It should be understood that the descriptions of the method embodiments correspond to the descriptions of the device embodiments, therefore, for parts not described in detail, reference may be made to the foregoing method embodiments.

Fig. 10 is a schematic structural diagram of a data processing device provided by an embodiment of the present application.

The communication device 2000 includes a processing module 2010 and a transceiver module 2020 .

In some embodiments, the communication device 2000 may be used to realize the function of the SPCF entity mentioned above.

The processing module 2010 is configured to determine whether the first user plane function UPF entity is attacked.

The transceiver module 2020 is configured to, when the first UPF entity is attacked, send abnormal indication information to the first session management function SMF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked, so The first SMF entity is connected to the first UPF entity.

Optionally, the communication device 2000 further includes an acquisition module. The obtaining module is used to obtain connection information, the connection information is used to indicate at least one UPF entity connected to each SMF entity in at least one SMF entity, and the at least one SMF entity includes the first SMF entity.

Optionally, the processing module 2010 is specifically configured to determine whether the first interface of the first UPF entity is abnormal, and if the first interface is abnormal, the first UPF entity is attacked.

Optionally, the connection information further includes an identifier of each interface in the at least one interface of the first UPF entity, and the at least one interface of the first UPF entity includes the first interface.

Optionally, the obtaining module is configured to receive connection indication information sent by the first SMF entity, where the connection indication information is used to indicate at least one UPF entity to which the first SMF entity is connected.

Optionally, the connection indication information includes the identifier of the second interface of the first SMF entity.

The transceiver module 2020 is specifically configured to send the abnormal indication information according to the identifier of the second interface.

Optionally, the connection indication information further includes an identifier of a fourth interface of the first UPF entity, the fourth interface is used to connect the first UPF entity to the first SMF entity, and the abnormality indication The information includes an identifier of the fourth interface.

Optionally, the connection information includes an identifier of a third interface of the first SMF entity, and the third interface is used for the connection between the first SMF entity and the first UPF entity.

The transceiver module 2020 is further configured to, when the first UPF entity is abnormal, send first request information to the network storage function NRF entity, where the first request information includes the identifier of the third interface.

The transceiver module 2020 is also configured to receive first response information sent by the NRF entity, where the first response information includes the identifier of the second interface of the first SMF entity;

Optionally, the connection information is determined according to interaction information between the at least one UPF entity and the at least one SMF entity, where the first UPF entity and the first SMF entity The interaction information includes the identifier of the third interface and the identifier of each interface in the at least one interface of the first UPF entity.

Optionally, at least one interface of the first UPF entity includes a fourth interface, the fourth interface is used to connect the first UPF entity to the first SMF entity, and the abnormality indication information includes the fourth interface. Identification of four interfaces.

Optionally, the transceiving module 2020 is further configured to, when the first UPF entity is abnormal, send second request information to the unified database UDR entity, where the second request information includes the identifier of the first UPF entity.

The transceiver module 2020 is further configured to receive second response information sent by the UDR entity, where the second response information includes the identifier of the first SMF entity.

The identifier of the first UPF entity includes an identifier of an abnormal first interface in the first UPF entity.

Optionally, the identifier of the first SMF entity includes an identifier of a second interface of the first SMF entity.

Optionally, the second response information further includes an identifier of a fourth interface of the first UPF entity, and the fourth The interface is used to connect the first UPF entity to the first SMF entity.

The abnormal indication information includes the identifier of the fourth interface.

In some other embodiments, the communication device 2000 may be used to realize the function of the first SMF entity mentioned above.

The transceiver module 2020 is configured to receive abnormal indication information sent by the security policy control function entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

The processing module 2010 is configured to disconnect the connection with the first UPF entity.

Optionally, the transceiver module 2020 is further configured to send interface indication information to the NRF entity, where the interface indication information includes the identifier of the second interface of the device 2000 and the identifier of the third interface of the device 2000, the first Three interfaces are used to connect the device 2000 with the first UPF entity.

The abnormal indication information is sent by the security policy control function entity according to the first response information sent by the NRF entity, and the first response information includes the identifier of the third interface.

The first response information is sent by the NRF entity according to the first request information, the first request information includes the identifier of the second interface, and the first request information is the sent when the first UPF entity is attacked.

Optionally, the transceiver module 2020 is further configured to send first connection indication information to the security policy control function entity, where the first connection indication information is used to indicate at least one UPF entity connected to the apparatus 2000, the at least One UPF entity includes the first UPF entity.

Optionally, the first connection indication information includes the identifier of the second interface of the apparatus 2000, and the abnormality indication information is sent by the security policy control function entity according to the identifier of the second interface.

Optionally, the transceiver module 2020 is further configured to send second connection indication information to the UDR entity, where the second connection indication information is used to indicate at least one UPF entity connected to the device 2000, and the at least one UPF entity includes the first UPF entity. A UPF entity.

The abnormality indication information is sent by the security policy control function entity according to the second response information, and the second response information includes the identifier of the device 2000 .

The second response information is sent by the UDR entity according to the second request information, and the second request information includes the identifier of the first UPF entity.

The second request information is sent by the security policy control function entity when the first UPF entity is attacked.

Optionally, the second connection indication information includes an identifier of the device 2000, and the identifier of the device 2000 includes an identifier of a second interface of the device 2000, and the abnormality indication information is that the security policy control functional entity follows the second interface sent with the ID.

Optionally, the second connection indication information includes an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for connecting the first UPF entity to the apparatus 2000 .

The second response information further includes the identifier of the fourth interface, and the abnormality indication information includes the identifier of the fourth interface.

In some other embodiments, the communication device 2000 may be used to realize the function of the NRF entity mentioned above.

The transceiver module 2020 is further configured to receive interface indication information sent by the first SMF entity, where the interface indication information includes the identifier of the second interface of the first SMF entity and the identifier of the third interface of the first SMF entity, The third interface is used for the connection between the first SMF entity and the first UPF entity;

The transceiver module 2020 is further configured to receive first request information sent by the security policy control functional entity, where the first request information includes the identifier of the second interface, and the first request information is that the security policy control functional entity Sent when the first UPF entity is attacked;

The transceiver module 2020 is further configured to send first response information to the security policy control functional entity, where the first response information includes the identifier of the third interface, and the identifier of the third interface is used by the first SMF The entity sends abnormal indication information to the first SMF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

The processing module 2010 may be used to control the transceiver module 2020, so that the transceiver module 2020 realizes the above functions.

In some other embodiments, the communication device 2000 may be a UDR entity, or be configured to implement the functions of the UDR entity mentioned above.

The transceiver module 2020 is configured to receive second connection indication information sent by the first SMF entity, where the second connection indication information is used to indicate at least one UPF entity connected to the first SMF entity, and the at least one UPF entity includes the Describe the first UPF entity.

The transceiver module 2020 is further configured to receive second request information sent by the security policy control functional entity, where the second request information is sent by the security policy control functional entity when the first UPF entity is attacked, and the The second request information includes the identifier of the first UPF entity.

The transceiver module 2020 is further configured to send second response information to the security policy control function entity, where the second response information includes the identifier of the first SMF entity, and the identifier of the first SMF entity is used for the first SMF entity. An SMF entity sends abnormal indication information to the first SMF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

Optionally, the second connection indication information includes the identifier of the first SMF entity, the identifier of the first SMF entity includes the identifier of the second interface of the first SMF entity, and the abnormality indication information is the sent by the security policy control function entity according to the identifier of the second interface.

Optionally, the second connection indication information includes an identifier of a fourth interface of the first UPF entity, the fourth interface is used to connect the first UPF entity to the SMF entity, and the second response The information further includes an identifier of the fourth interface, and the abnormality indication information includes the identifier of the fourth interface.

Fig. 8 is a schematic structural diagram of a data processing device provided by an embodiment of the present application.

The communication device 3000 includes at least one processor 3010 and a communication interface 3020 .

The communication interface 3020 is used for the communication device 3000 to exchange information with other communication devices.

When the program instructions are executed in the at least one processor 3010, the at least one processor 3010 is used to execute the method described above.

In some embodiments, the communication device 3000 may be used to realize the function of the SPCF entity mentioned above.

The processor 3010 is configured to determine whether the first user plane function UPF entity is attacked.

The communication interface 3020 is configured to, when the first UPF entity is attacked, send abnormal indication information to the first session management function SMF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked, so The first SMF entity is connected to the first UPF entity.

Optionally, the communication interface 3020 is further configured to obtain connection information, the connection information is used to indicate at least one UPF entity connected to each SMF entity in at least one SMF entity, and the at least one SMF entity includes the first SMF entity.

Optionally, the processor 3010 is specifically configured to determine whether the first interface of the first UPF entity is abnormal, and if the first interface is abnormal, the first UPF entity is attacked.

Optionally, the communication interface 3020 is further configured to receive connection indication information sent by the first SMF entity, where the connection indication information is used to indicate at least one UPF entity to which the first SMF entity is connected.

The communication interface 3020 is further configured to send the abnormality indication information according to the identifier of the second interface.

The communication interface 3020 is further configured to, when the first UPF entity is abnormal, send first request information to the network storage function NRF entity, where the first request information includes the identifier of the third interface.

The communication interface 3020 is further configured to receive first response information sent by the NRF entity, where the first response information includes the identifier of the second interface of the first SMF entity.

Optionally, the communication interface 3020 is further configured to, when the first UPF entity is abnormal, send second request information to the unified database UDR entity, where the second request information includes the identifier of the first UPF entity.

The communication interface 3020 is further configured to receive second response information sent by the UDR entity, where the second response information includes the identifier of the first SMF entity.

Optionally, the second response information further includes an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for connecting the first UPF entity to the first SMF entity.

In some other embodiments, the communication device 3000 may be used to realize the function of the first SMF entity mentioned above.

The communication interface 3020 is configured to receive abnormal indication information sent by the security policy control function entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

The processor 3010 is configured to disconnect the connection with the first UPF entity.

Optionally, the communication interface 3020 is further configured to send interface indication information to the NRF entity, where the interface indication information includes an identifier of a second interface of the device 3000 and an identifier of a third interface of the device 3000, and the first Three interfaces are used to connect the device 3000 with the first UPF entity.

Optionally, the communication interface 3020 is further configured to send first connection indication information to the security policy control function entity, where the first connection indication information is used to indicate at least one UPF entity connected to the apparatus 3000, the at least One UPF entity includes the first UPF entity.

Optionally, the first connection indication information includes the identifier of the second interface of the apparatus 3000, and the abnormality indication information is sent by the security policy control function entity according to the identifier of the second interface.

Optionally, the communication interface 3020 is further configured to send second connection indication information to the UDR entity, where the second connection indication information is used to indicate at least one UPF entity connected to the device 3000, and the at least one UPF entity includes the first UPF entity. A UPF entity.

The abnormal indication information is sent by the security policy control function entity according to the second response information, and the second response information includes the identifier of the device 3000 .

Optionally, the second connection indication information includes an identifier of the device 3000, and the identifier of the device 3000 includes an identifier of a second interface of the device 3000, and the abnormality indication information is that the security policy control functional entity follows the second interface sent with the ID.

Optionally, the second connection indication information includes an identifier of a fourth interface of the first UPF entity, and the fourth interface is used for connecting the first UPF entity to the apparatus 3000 .

In some other embodiments, the communication device 3000 may be used to realize the function of the NRF entity mentioned above.

The communication interface 3020 is further configured to receive interface indication information sent by the first SMF entity, where the interface indication information includes the identifier of the second interface of the first SMF entity and the identifier of the third interface of the first SMF entity, The third interface is used for the connection between the first SMF entity and the first UPF entity;

The communication interface 3020 is further configured to receive first request information sent by the security policy control functional entity, where the first request information includes the identifier of the second interface, and the first request information is the Sent when the first UPF entity is attacked;

The communication interface 3020 is further configured to send first response information to the security policy control function entity, where the first response information includes the identifier of the third interface, and the identifier of the third interface is used by the first SMF The entity sends abnormal indication information to the first SMF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

The processor 3010 may be used to control the communication interface 3020, so that the communication interface 3020 realizes the above functions.

In some other embodiments, the communication device 3000 may be a UDR entity, or be configured to implement the functions of the UDR entity mentioned above.

The communication interface 3020 is configured to receive second connection indication information sent by the first SMF entity, where the second connection indication information is used to indicate at least one UPF entity connected to the first SMF entity, and the at least one UPF entity includes the Describe the first UPF entity.

The communication interface 3020 is further configured to receive second request information sent by the security policy control function entity, where the second request information is sent by the security policy control function entity when the first UPF entity is attacked, and the The second request information includes the identifier of the first UPF entity.

The communication interface 3020 is further configured to send second response information to the security policy control function entity, where the second response information includes the identifier of the first SMF entity, and the identifier of the first SMF entity is used for the first SMF entity. An SMF entity sends abnormal indication information to the first SMF entity, where the abnormal indication information is used to indicate that the first UPF entity is attacked.

In addition, all or part of the units in the above devices can be integrated together, or can be implemented independently. In one implementation, these units are integrated together and implemented in the form of a system-on-a-chip (SOC). The SOC may include at least one processor for implementing any of the above methods or realizing the functions of each unit of the device. The at least one processor may be of different types, such as including CPU and FPGA, CPU and artificial intelligence processor, CPU and graphics processing unit (graphics processing unit, GPU), etc.

An embodiment of the present application further provides a computer program storage medium, wherein the computer program storage medium has program instructions, and when the program instructions are executed, the foregoing method is executed.

An embodiment of the present application further provides a system-on-a-chip, wherein the system-on-a-chip includes at least one processor, and when program instructions are executed on the at least one processor, the foregoing method is executed.

An embodiment of the present application further provides a program product, where the computer program product includes program instructions, and when the program instructions are executed in a computer device, the foregoing data processing method is executed.

The embodiment of the present application also provides a communication system, including at least one SMF entity, at least one UPF entity, and the aforementioned communication device. At least one SMF entity includes the first SMF entity, and at least one UPF entity includes the first SMF entity.

The communication system may also include NRF entities or UDR entities.

It should be understood that the processor in the embodiment of the present application may be a central processing unit (central processing unit, CPU), and the processor may also be other general processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

It should also be understood that the memory in the embodiments of the present application may be a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memories. Among them, the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of random access memory (RAM) are available, such as static random access memory (static RAM, SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory Access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory Access memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).

The above-mentioned embodiments may be implemented in whole or in part by software, hardware, firmware or other arbitrary combinations. When implemented using software, the above-described embodiments may be implemented in whole or in part in the form of computer program products. The computer program product comprises one or more computer instructions or computer programs. When the computer instruction or computer program is loaded or executed on the computer, the processes or functions according to the embodiments of the present application will be generated in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server or data center by wired (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center that includes one or more sets of available media. The available media may be magnetic media (eg, floppy disk, hard disk, magnetic tape), optical media (eg, DVD), or semiconductor media. The semiconductor medium may be a solid state drive.

It should be understood that the term "and/or" in this article is only an association relationship describing associated objects, indicating that there may be three relationships, for example, A and/or B may mean: A exists alone, and A and B exist at the same time , there are three cases of B alone, where A and B can be singular or plural. In addition, the character "/" in this article generally indicates that the related objects are an "or" relationship, but it may also indicate an "and/or" relationship, which can be understood by referring to the context.

In this application, "at least one" means one or more, and "multiple" means two or more. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one item (piece) of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple .

Prefixes such as "first" and "second" are used in the embodiments of this application only to distinguish different description objects, and have no limiting effect on the position, order, priority, quantity or content of the described objects. For example, if the described object is "interface", the ordinal number before "interface" in "first interface" and "second interface" does not limit the position or order or priority between "interfaces"; If the object of description is "request information", the ordinal number before "request information" in "first request information" and "second request information" does not limit the position or order or priority of "request information".

It should be understood that, in various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not be used in the embodiments of the present application. The implementation process constitutes any limitation.

Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.

If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disc and other media that can store program codes. .

The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.

Claims

A communication method, characterized in that, comprising:

determining whether the first user plane functional entity is attacked;

When the first user plane functional entity is attacked, send abnormal indication information to the first session management functional entity, the first session management functional entity is connected to the first user plane functional entity, and the abnormal indication The information is used to indicate that the first user plane functional entity is attacked.
The method according to claim 1, further comprising:

Obtaining connection information, where the connection information is used to indicate at least one user plane functional entity connected to each session management functional entity in at least one session management functional entity, where the at least one session management functional entity includes the first session management functional entity .
The method according to claim 2, wherein the determining whether the first user plane functional entity is attacked comprises: determining whether the first interface of the first user plane functional entity is abnormal, and In an abnormal situation, the first user plane functional entity is attacked.
The method according to claim 3, wherein the connection information further includes an identifier of each interface in the at least one interface of the first user plane functional entity, and the at least one interface of the first user plane functional entity including the first interface.
The method according to any one of claims 2-4, wherein said acquiring connection information comprises:

receiving connection indication information sent by the first session management function entity, where the connection indication information is used to indicate at least one user plane function entity connected to the first session management function entity.
The method according to claim 5, wherein the connection indication information includes the identifier of the second interface of the first session management function entity;

The sending the abnormal indication information to the first session management function entity includes: sending the abnormal indication information according to the identifier of the second interface.
The method according to claim 5 or 6, wherein the connection instruction information further includes an identifier of a fourth interface of the first user plane functional entity, and the fourth interface is used for the first user plane The functional entity is connected to the first session management functional entity, and the abnormality indication information includes the identifier of the fourth interface.
The method according to any one of claims 2-4, wherein the connection information includes an identifier of a third interface of the first session management function entity, and the third interface is used for the first The connection between the session management functional entity and the first user plane functional entity, the method further includes:

When the first user plane functional entity is abnormal, send first request information to the network storage functional entity, where the first request information includes the identifier of the third interface;

receiving first response information sent by the network storage functional entity, where the first response information includes the identifier of the second interface of the first session management functional entity;

The sending the abnormal indication information to the first session management function entity includes: sending the abnormal indication information according to the identifier of the second interface.
The method according to claim 8, characterized in that,

The connection information is based on the at least one user plane functional entity and the at least one session management functional entity entities, wherein the first interaction information between the first user plane functional entity and the first session management functional entity includes the identifier of the third interface and the first user plane Identification of each of the at least one interface of the functional entity.
The method according to claim 9, characterized in that,

At least one interface of the first user plane functional entity includes a fourth interface, the fourth interface is used to connect the first user plane functional entity to the first session management functional entity, and the abnormality indication information includes An identifier of the fourth interface.
The method according to claim 1, further comprising:

When the first user plane functional entity is abnormal, send second request information to the unified database entity, where the second request information includes the identifier of the first user plane functional entity;

Receive second response information sent by the unified database entity, where the second response information includes the identifier of the first session management function entity.
The method according to claim 11, wherein the determining whether the first user plane functional entity is attacked comprises: determining whether the first interface of the first user plane functional entity is abnormal, and Under abnormal circumstances, the first user plane functional entity is attacked;

The identifier of the first user plane functional entity includes an identifier of an abnormal first interface in the first user plane functional entity.
The method according to claim 11 or 12, wherein the identifier of the first session management function entity comprises an identifier of a second interface of the first session management function entity,

The sending the abnormal indication information to the first session management function entity includes: sending the abnormal indication information according to the identifier of the second interface.
The method according to any one of claims 11-13, characterized in that,

The second response information further includes an identifier of a fourth interface of the first user plane functional entity, where the fourth interface is used to connect the first user plane functional entity to the first session management functional entity,

The abnormal indication information includes the identifier of the fourth interface.
A communication method, characterized in that it is applied to a session management function entity, the method comprising:

receiving abnormal indication information sent by the security policy control functional entity, where the abnormal indication information is used to indicate that the first user plane functional entity is attacked;

Disconnect from the first user plane functional entity.
The method according to claim 15, characterized in that,

The method further includes: sending interface indication information to a network storage function entity, where the interface indication information includes an identifier of a second interface of the session management function entity and an identifier of a third interface of the session management function entity, the The third interface is used for the connection between the session management functional entity and the first user plane functional entity;

The abnormal indication information is sent by the security policy control functional entity according to the first response information sent by the network storage functional entity, where the first response information includes the identifier of the third interface,

The first response information is sent by the network storage functional entity according to the first request information, the first request information includes the identifier of the second interface, and the first request information is the security policy control functional entity It is sent when the first user plane functional entity is attacked.
The method according to claim 15, characterized in that,

The method further includes: sending first connection indication information to the security policy control function entity, where the first connection indication information is used to indicate at least one user plane function entity connected to the session management function entity, and the at least one The user plane functional entity includes the first user plane functional entity.
The method according to claim 17, wherein the first connection indication information includes the identifier of the second interface of the session management functional entity, and the abnormal indication information is that the security policy control functional entity follows the The identity of the second interface is sent.
The method according to claim 15, characterized in that,

The method further includes: sending second connection indication information to the unified database entity, where the second connection indication information is used to indicate at least one user plane functional entity connected to the session management functional entity, and the at least one user plane functional entity including the first user plane functional entity;

The abnormal indication information is sent by the security policy control functional entity according to the second response information, and the second response information includes the identifier of the session management functional entity,

The second response information is sent by the unified database entity according to the second request information, and the second request information includes the identifier of the first user plane functional entity;

The second request information is sent by the security policy control functional entity when the first user plane functional entity is attacked.
The method according to claim 19, wherein the second connection indication information includes the identifier of the session management function entity, and the identifier of the session management function entity includes the second interface of the session management function entity ID, the abnormality indication information is sent by the security policy control function entity according to the ID of the second interface.
The method according to any one of claims 19 or 20, wherein the second connection indication information includes an identifier of a fourth interface of the first user plane functional entity, and the fourth interface is used for the The first user plane functional entity is connected to the session management functional entity,

The second response information further includes the identifier of the fourth interface, and the abnormality indication information includes the identifier of the fourth interface.
A communication method, characterized in that, comprising:

receiving interface indication information sent by the first session management function entity, where the interface indication information includes the identifier of the second interface of the first session management function entity and the identifier of the third interface of the first session management function entity, the The third interface is used for the connection between the first session management functional entity and the first user plane functional entity;

receiving first request information sent by a security policy control function entity, where the first request information includes the identifier of the second interface, and the first request information is a function of the security policy control function entity in the first user plane Sent when the entity is attacked;

Sending first response information to the security policy control functional entity, where the first response information includes the identifier of the third interface, and the identifier of the third interface is used by the first session management functional entity to send A session management functional entity sends abnormal indication information, where the abnormal indication information is used to indicate that the first user plane functional entity is attacked.
A communication method, characterized in that, comprising:

receiving second connection indication information sent by the first session management function entity, where the second connection indication information is used to indicate at least one user plane function entity connected to the first session management function entity, and the at least one user plane function entity including the first user plane functional entity;

receiving second request information sent by a security policy control functional entity, where the second request information is sent by the security policy control functional entity when the first user plane functional entity is attacked, and the second request information including the identifier of the first user plane functional entity;

Sending second response information to the security policy control functional entity, where the second response information includes the identifier of the first session management functional entity, and the identifier of the first session management functional entity is used for the first session management The functional entity sends abnormal indication information to the first session management functional entity, where the abnormal indication information is used to indicate that the first user plane functional entity is attacked.
The method according to claim 23, wherein the second connection indication information includes the identifier of the first session management function entity, and the identifier of the first session management function entity includes the first session management function entity An identifier of the second interface of the entity, where the abnormality indication information is sent by the security policy control function entity according to the identifier of the second interface.
The method according to claim 23 or 24, wherein the second connection indication information includes an identifier of a fourth interface of the first user plane functional entity, and the fourth interface is used for the first user A surface functional entity is connected to the session management functional entity,

The second response information further includes the identifier of the fourth interface, and the abnormality indication information includes the identifier of the fourth interface.
A communication device, characterized by comprising various modules for performing the method according to any one of claims 1-25.
A communication device, characterized in that it includes at least one processor and a communication interface, the communication interface is used for the communication device to exchange information with other communication devices, when the program instructions are executed in the at least one processor, The communication device is caused to execute the method according to any one of claims 1-25.
A computer program product, characterized by comprising program instructions, when the program instructions are executed, the method according to any one of claims 1 to 25 is executed.
A computer-readable storage medium, characterized in that the computer-readable medium stores program codes for device execution, and when the program instructions are executed, the method according to any one of claims 1 to 25 be executed.
A chip, characterized in that the chip includes at least one processor, and when the program instructions are executed by the at least one processor, the method according to any one of claims 1 to 25 is executed.