WO2023273953A1 - Multicast group access control method and apparatus, readable storage medium and gateway - Google Patents

Multicast group access control method and apparatus, readable storage medium and gateway Download PDF

Info

Publication number
WO2023273953A1
WO2023273953A1 PCT/CN2022/100085 CN2022100085W WO2023273953A1 WO 2023273953 A1 WO2023273953 A1 WO 2023273953A1 CN 2022100085 W CN2022100085 W CN 2022100085W WO 2023273953 A1 WO2023273953 A1 WO 2023273953A1
Authority
WO
WIPO (PCT)
Prior art keywords
host
multicast group
access
authority
gateway
Prior art date
Application number
PCT/CN2022/100085
Other languages
French (fr)
Chinese (zh)
Inventor
苗润泉
Original Assignee
展讯半导体(南京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 展讯半导体(南京)有限公司 filed Critical 展讯半导体(南京)有限公司
Publication of WO2023273953A1 publication Critical patent/WO2023273953A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/185Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Definitions

  • the invention relates to the field of communication technology, in particular to a multicast group access control method and device, a readable storage medium, and a gateway.
  • the access authority of the multicast service can be based on the subscription of the Residential Gateway (RG), that is, the RG has user-level access authority, and only the multicast service (such as a certain channel) subscribed by the RG can be accessed by the STB.
  • the STB on the rear side of the RG shares the same access rights as the RG.
  • the 5G system supports Internet Protocol TV or Interactive Personal TV (IPTV) ) class of multicast services have been standardized, and the relevant procedures of 5G-RG joining and leaving a multicast group and the details of user access authority control have been determined.
  • IPTV Internet Protocol TV or Interactive Personal TV
  • the technical problem solved by the present invention is to provide a multicast group access control method and device, a readable storage medium, and a gateway, which can meet user requirements for more fine-grained authority control on different hosts.
  • an embodiment of the present invention provides an access control method for a multicast group, including: receiving a join request from a host, where the join request includes identification information of the multicast group that the host requests to join; according to the The identification information of the multicast group searches for a host authority control list, wherein the host authority control list is used to indicate the access authority of each host to each multicast group; if the host authority control list indicates that the host has If the access right of the group is authorized, a multicast join request is sent to UPF.
  • the multicast group access control method further includes: receiving an externally input expected access right of each host to each multicast group, and formulating the desired access right according to the expected access right The above-mentioned host permission control list.
  • formulating the host authority control list according to the expected access authority includes: formulating a first version of the host authority control list according to the expected access authority; receiving externally input expected access authority of each host to each multicast group At or after, apply for the gateway access authority, which is used to indicate the access authority of the current gateway device to access each multicast group; for each multicast group, if there is one or more hosts whose expected access authority is higher than For gateway access rights, in the first version of the host rights control list, the gateway access rights are used to replace the expected access rights, so as to obtain the host rights control list.
  • formulating the host authority control list according to the desired access authority includes: applying for gateway access authority, the gateway access authority is used to indicate the access authority of the current gateway device to access each multicast group; using the gateway access authority As the second initial version of the host authority control list; for each multicast group, if there is one or more hosts whose expected access authority is lower than the gateway access authority, then in the second initial version of the host authority control list, the expected The access authority replaces the gateway access authority to obtain the host authority control.
  • the applying for the gateway access right includes: applying to the AF or UDR for the gateway access right.
  • the gateway access authority includes identification information of each multicast group; wherein, the identification information of the multicast group is selected from: multicast address information of the multicast group, and multicast group identification.
  • the access permission is selected from: authorized and fully allowed, authorized and allowed to preview, and unauthorized; wherein, the authorized and fully allowed is higher than the authorized and allowed to preview, and the The authorized and allowed preview is higher than the unauthorized.
  • the multicast group access control method further includes: if the host authority control list indicates that the host's access authority to the multicast group is not authorized, then terminating sending the join request.
  • the multicast group access control method further includes: sending a rejection response to the host.
  • the host authority control list includes identification information of each host and identification information of each multicast group, and satisfies one or more of the following: the identification information of the host is the host name and/or the IP address of the host ; The identification information of the multicast group is the multicast address information and/or the multicast group identifier of the multicast group.
  • an embodiment of the present invention provides an access control device for a multicast group, including: a receiving module, configured to receive a join request from a host, and the join request includes the identifier of the multicast group that the host requests to join information; a search module, configured to search for a host authority control list according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group; a sending module, used for when When the host permission control list indicates that the host has authorized access to the multicast group, it sends a multicast join request to the UPF.
  • an embodiment of the present invention provides a readable storage medium on which a computer program is stored, and when the computer program is run by a processor, the steps of the above multicast group access control method are executed.
  • an embodiment of the present invention provides a gateway, including a memory and a processor, the memory stores a computer program that can run on the processor, and when the processor runs the computer program, it executes Steps of the access control method for the above multicast group.
  • the gateway by setting the gateway to receive the joining request from the host, and then searching the host authority control list, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group, the gateway can be configured according to The host determines whether to send a multicast join request to the UPF for the access authority of the multicast group. Specifically, the gateway can set the access authority for each host separately by setting the host authority control list, so that in some application scenarios, It is possible to set the user's expected access authority lower than the gateway access authority to meet the user's needs for more fine-grained authority control on different hosts.
  • receiving the joining request from the host it also includes: receiving the expected access authority of each host to each multicast group input from the outside, and formulating the host authority control list according to the expected access authority, so that the user's Expect access rights to further meet user needs for more fine-grained permission control on different hosts.
  • the gateway access authority is used to replace the expected access authority to obtain the host authority control list, so that the configuration of the user can be checked and revised by applying for the gateway access authority, especially for those whose expected access authority is lower than the gateway access authority
  • the host which complies with the contracted access authority, can be directly replaced by the gateway access authority to meet it, and further meet the user's needs for more fine-grained authority control on different hosts.
  • formulating the host authority control list according to the expected access authority includes: applying for gateway access authority, the gateway access authority is used to indicate the access authority of the current gateway device to access each multicast group; using the gateway access authority as the first The second primary version of the host permission control list; for each multicast group, if there is one or more hosts whose expected access authority is lower than the gateway access authority, then in the second primary version of the host authority control list, adopt the expected access authority Replace the gateway access authority to obtain the host authority control, so that the user configuration can be checked and revised by applying for the gateway access authority, especially for hosts whose expected access authority is lower than the gateway access authority, the gateway access authority can be directly used Substitution is thus satisfied, and further satisfies user requirements for more fine-grained authority control on different hosts.
  • the gateway can be used to judge the host authority without sending it to the UPF Judgment is made only to effectively improve the functionality of the gateway.
  • FIG. 1 is a schematic diagram of an application scenario in which a host accesses a multicast service through a home gateway RG in the prior art;
  • FIG. 2 is a data flow diagram of a 5G-RG joining a multicast group transmission process in the prior art
  • FIG. 3 is a data flow diagram of a 5G-RG leaving a multicast group through a UPF query or actively sending an IGMP/MLD leave message in the prior art;
  • Fig. 4 is a flowchart of a multicast group access control method in an embodiment of the present invention.
  • Fig. 5 is a data flow diagram of another multicast group access control method in an embodiment of the present invention.
  • Fig. 6 is a schematic structural diagram of an access control device for a multicast group in an embodiment of the present invention.
  • FIG. 1 is a schematic diagram of an application scenario in which a host accesses a multicast service through a home gateway RG in the prior art.
  • each gateway 102 can be associated with a plurality of hosts (taking STB 101 as an example), for example, can be associated with STB 1, STB 2 and STB 3, and the gateway 102 can exchange information with the base station 103, and then Information exchange is performed between the base station 103 and the 5G core network 104 .
  • the STB 101 can only access children's channels in subscribed channels, and if a certain STB 101 is placed in a parent's bedroom, it can access all subscribed channels. channel etc.
  • the 5G system supports IPTV multicast services, and the relevant procedures for 5G-RG joining and leaving multicast groups and the details of user access authority control are determined.
  • FIG. 2 is a data flow diagram of a 5G-RG joining multicast group transmission process in the prior art.
  • 5G home gateway (5G-RG) 21, base station access network (Access Network, (R)AN) 22, access management function (Access Management Function, AMF) 23, user plane data ( User Plane Function, UPF) 24, session management function (Session Management Function, SMF) 25, billing policy function (Payment Capture Function, PCF) 26, user data management (User Data Management, UDM) 27, IPTV multicast group ( IPTV multicast server, IPTV MS) 28 and other modules realize the 5G-RG joining multicast group transmission process.
  • 5G-RG 21, base station access network (Access Network, (R)AN) 22, access management function (Access Management Function, AMF) 23, user plane data ( User Plane Function, UPF) 24, session management function (Session Management Function, SMF) 25, billing policy function (Payment Capture Function, PCF) 26, user data management (User Data Management, UDM) 27, IPTV multicast group ( IPTV multicast server, IPTV MS) 28 and other modules realize the 5G-RG joining multicast group transmission process.
  • 5G-RG 21 can send Internet Group Management Protocol (Internet Group Management Protocol, IGMP)/multicast listening discovery to the UPF of the core network through user plane data (UPF) 24
  • IGMP Internet Group Management Protocol
  • UPF user plane data
  • a protocol (Multicast Listener Discover, MLD) join message is used to apply for joining a certain multicast group.
  • UPF24 as a multicast router, judges whether to reject or accept the request according to the N4 interface rules formulated by SMF25. For accepted request, UPF24 interacts with IPTV multicast group (such as IPTV multicast server) 28 through N6 interface, obtains the multicast service from server, and duplicates into multiple copies at UPF24 place, sends to multiple requests broadcast service on 5G-RG21.
  • IPTV multicast group such as IPTV multicast server
  • FIG. 3 is a data flow diagram of a 5G-RG leaving a multicast group by querying UPF or actively sending an IGMP/MLD leave message in the prior art.
  • multiple modules such as 5G-RG 31, (R)AN 32, AMF 33, UPF 34, SMF 35, PCF 36, UDM 37, and IPTV multicast group 38 can be used to realize 5G-RG leaving the multicast group.
  • step 1.a and step 1.b can be used in combination to enable 5G-RG31 to leave the multicast group through UPF34 query, and step 1.c can also be used alone to enable 5G-RG31 to actively send IGMP/MLD leave messages to leave multicast group.
  • 5G-RG31 can leave the multicast group by querying UPF34 or actively sending IGMP/MLD leave messages.
  • UPF34 stops forwarding the data of the multicast group.
  • the gateway access authority is the host access authority and cannot be modified.
  • a multicast service such as IPTV
  • IPTV IPTV
  • the traditional non-3GPP devices behind the gateway are invisible to the network side, and it is impossible to implement finer-grained access authority control for each non-3GPP device.
  • Devices behind each gateway share the same access rights.
  • the user's expected access authority is lower than the gateway access authority, the user's needs cannot be met because special settings cannot be made according to each host.
  • the gateway by setting the gateway to receive the joining request from the host, and then searching the host authority control list, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group, the gateway can be configured according to The host determines whether to send a multicast join request to the UPF for the access authority of the multicast group. Specifically, the gateway can set the access authority for each host separately by setting the host authority control list, so that in some application scenarios, It is possible to set the user's expected access authority lower than the gateway access authority to meet the user's needs for more fine-grained authority control on different hosts.
  • FIG. 4 is a flow chart of a multicast group access control method in an embodiment of the present invention.
  • the access control method of the multicast group may include steps S41 to S43:
  • Step S41 receiving a join request from the host, where the join request includes identification information of the multicast group that the host requests to join;
  • Step S42 Searching for a host authority control list according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to each multicast group;
  • Step S43 If the host authority control list indicates that the access authority of the host to the multicast group is authorized, send a multicast join request to the UPF.
  • the method may be implemented in the form of a software program, and the software program runs in a processor integrated in a chip or a chip module.
  • step S41 a step in which the gateway receives a join request from the host may be set.
  • the access authority of the gateway is the access authority of the host, so the gateway does not need to pay extra attention to the access requirements of each host. Set access permissions for each host.
  • the access control method for the multicast group may further include: receiving an externally input expected access right of each host to each multicast group, and according to the expected access right Formulate the host authority control list.
  • the user can input desired access rights, for example, for the hosts in children's and teenagers' rooms, it can be set that only part of the rights can be supported. In a non-limiting embodiment, it can be set that only some TV programs can be watched, or the function of surfing the Internet can be restricted.
  • the desired access rights configured by the user may be directly used as a host permission control list.
  • the gateway can check and revise the configuration of the user by applying for the gateway access authority.
  • the step of formulating the host authority control list according to the expected access authority may include: formulating a first primary version of the host authority control list according to the expected access authority; When or after receiving the expected access rights of each host to access each multicast group from the outside, apply for gateway access rights, and the gateway access rights are used to represent the access rights of the current gateway device to access each multicast group; for each multicast broadcast group, if there is one or more hosts whose expected access authority is higher than the gateway access authority, then in the first version of the host authority control list, the gateway access authority is used to replace the expected access authority to obtain the host authority control list.
  • the gateway access authority when formulating the host authority control list, you can first determine the desired access authority, and then apply for the gateway access authority, and use the expected access authority as the first version of the host access authority list.
  • the gateway access authority only includes authorized multicast groups list, and different hosts have the same access rights, and then according to user needs, downgrade the access rights of the multicast groups corresponding to different hosts in the first version of the access rights list that need to restrict access.
  • formulating the host authority control list according to the expected access authority includes: applying for gateway access authority, and the gateway access authority is used to represent the current gateway device access The access authority of each multicast group; adopt the gateway access authority as the second primary host authority control list; for each multicast group, if there is one or more hosts whose expected access authority is lower than the gateway access authority, then in all In the second primary version of the host authority control list, the desired access authority is used to replace the gateway access authority, so as to obtain the host authority control.
  • the gateway access authority when formulating the host authority control list, you can first apply for the gateway access authority as the second primary host access authority list.
  • the gateway access authority only includes the authorized multicast group list, and different hosts have the same access authority. Then, according to user requirements, downgrade the access rights of the multicast groups corresponding to different hosts in the access rights list of the first version that need to be restricted from access.
  • the authorized administrator of the gateway can configure a control list for each host device within the gateway.
  • the access rights may be selected from: authorized and fully allowed, authorized and allowed to preview, and unauthorized; wherein, the authorized and fully allowed is higher than the authorized and allowed to preview, and the The authorized and allowed preview is higher than the unauthorized.
  • Table 1 is a host authority control list.
  • authorized and fully allowed can be able to watch the complete program of the channel
  • authorized and allowed to preview can be Only programs with a preset duration of the channel can be previewed. Unauthorized programs may not be viewed or previewed, for example, displayed as a black screen.
  • the step of applying for the gateway access right may include: applying to the AF or UDR for the gateway access right.
  • the application function (Application Function, AF) associated with the server can be sent to the network exposure function (Network Exposure Function, NEF) and a control list is established in the unified data repository (Unified Data Repository, UDR). Search the control list in UDR through AF, or directly apply to UDR, and you can know the access rights of the current gateway device to each multicast group.
  • the user-level multicast address information or multicast group identifier can be acquired by the RG from the AF or UDR, or configured by the authorized administrator and stored in the RG.
  • the gateway access authority may include identification information of each multicast group; wherein, the identification information of the multicast group is selected from: multicast address information of the multicast group, and multicast group identification.
  • the identification information of the multicast group is used to uniquely determine the multicast group
  • the multicast address information of the multicast group may be an IP address or other appropriate address information
  • the multicast group identification may be, for example, Identification information such as multicast group name and channel name.
  • the gateway access authority will be used instead of the expected access rights to obtain the host authority control list, which is equivalent to setting the user authority to only decrease but not increase.
  • the host authority control list can be modified in advance to be correct. Compared with directly setting the user's Configured as a list, after the user submits the request, the UPF checks and determines whether the user has access rights. The present invention can correct the list in advance, so that when the user submits the request, a more correct list is used to determine the user's access rights.
  • the gateway access authority is used to replace the expected access authority to obtain the host authority control list, so that the configuration of the user can be checked and revised by applying for the gateway access authority, especially for the expected access authority Hosts with lower access rights than the gateway, which meet the contracted access rights, can be directly replaced by gateway access rights to meet the needs of users who need more fine-grained rights control for different hosts.
  • the identification information of the multicast group included in the joining request can be used to uniquely determine the multicast group that the host requests to join, for example, it can be the multicast address information and/or multicast group information of the multicast group. broadcast group ID.
  • the multicast address information of the multicast group may be an IP address or other appropriate address information
  • the multicast group identifier may be identification information such as a multicast group name and a channel name, for example.
  • the host authority control list may be searched according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to each multicast group.
  • the host authority control list can be formulated according to the desired access authority, so the host authority control list can reflect the needs of users.
  • step S43 if the host authority control list indicates that the access authority of the host to the multicast group is authorized, a multicast join request is sent to the UPF.
  • the multicast join request sent to the UPF may directly forward the join request information received from the host, or may be processed request information.
  • the gateway makes the host authority control list, and the gateway searches the host authority control list and determines the access authority of the host to the multicast group. Compared with the gateway that does not make any discrimination and directly sends the join request to the UPF, Can reduce the discerning pressure of UPF.
  • the gateway by setting the gateway to receive the joining request from the host, and then searching the host authority control list, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group, the gateway can be configured according to The host determines whether to send a multicast join request to the UPF for the access authority of the multicast group. Specifically, the gateway can set the access authority for each host separately by setting the host authority control list, so that in some application scenarios, It is possible to set the user's expected access authority lower than the gateway access authority to meet the user's needs for more fine-grained authority control on different hosts.
  • FIG. 5 is a data flow diagram of another multicast group access control method in an embodiment of the present invention.
  • Said another multicast group access control method may include steps S51 to S54, and may also include steps S51 to S53 and S55. Each step is described below.
  • step S51 the gateway 52 formulates a host authority control list.
  • step S52 the gateway 52 receives a join request from the host 51 .
  • step S53 the gateway 52 searches the host authority control list.
  • gateway 52 sends a multicast join request to UPF53.
  • steps S51 to S54 please refer to the description of the steps in FIG. 4 for execution, and details will not be repeated here.
  • step S54 may be executed, that is, if the host authority control list indicates that the host 51 has access rights to the multicast group If the access right is authorized, a multicast join request is sent to UPF53; step S55 can also be executed.
  • the gateway 52 may stop sending the joining request.
  • the gateway 52 can be used to judge the authority of the host , without sending it to UPF53 for judgment, effectively improving the functionality of the gateway.
  • step S55 the gateway 52 sends a rejection response to the host 51.
  • the gateway 52 may send the host 51 an 51 sends a rejection response, so that the host 51 can be notified in time that the multicast group cannot be accessed, which is beneficial to improving user satisfaction compared with the host 51 trying to access and finding that it cannot access.
  • the host authority control list includes identification information of each host and identification information of each multicast group, and satisfies one or more of the following: the identification information of the host is the host name and/or the IP address of the host; The identification information of the multicast group is multicast address information and/or multicast group identifier of the multicast group.
  • the identification information of the host is used to uniquely determine the host, and the host name may be identification information such as a host name or a serial number of the host, for example.
  • the identification information of the multicast group is used to uniquely determine the multicast group
  • the multicast address information of the multicast group may be an IP address or other appropriate address information
  • the multicast group identification may be, for example, a multicast Identification information such as group name and channel name.
  • the gateway by setting the gateway to receive the joining request from the host, and then searching the host authority control list, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group, the gateway can be configured according to The host determines whether to send a multicast join request to the UPF for the access authority of the multicast group. Specifically, the gateway can set the access authority for each host separately by setting the host authority control list, so that in some application scenarios, It is possible to set the user's expected access authority lower than the gateway access authority to meet the user's needs for more fine-grained authority control on different hosts.
  • FIG. 6 is a schematic structural diagram of an access control device for a multicast group in an embodiment of the present invention.
  • the access control device of the multicast group may include:
  • a receiving module 61 configured to receive a join request from a host, where the join request includes identification information of the multicast group that the host requests to join;
  • a search module 62 configured to search for a host authority control list according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group;
  • a sending module 63 configured to send a multicast join request to the UPF when the host authority control list indicates that the host's access authority to the multicast group is authorized.
  • the above means may correspond to a chip with a data processing function in the user equipment; or correspond to a chip module including a chip with a data processing function in the user equipment, or correspond to the user equipment.
  • An embodiment of the present invention also provides a readable storage medium on which a computer program is stored, and the computer program executes the steps of the above method when the computer program is run by a processor.
  • the readable storage medium may be a computer-readable storage medium, for example, may include a non-volatile memory (non-volatile) or a non-transitory (non-transitory) memory, and may also include an optical disk, a mechanical hard disk, a solid-state hard disk, and the like.
  • the processor may be a central processing unit (Central Processing Unit, referred to as CPU), and the processor may also be other general-purpose processors, digital signal processors (digital signal processor, referred to as DSP) ), application specific integrated circuit (ASIC for short), off-the-shelf programmable gate array (field programmable gate array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.
  • the memory in the embodiments of the present application may be a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memories.
  • the non-volatile memory can be read-only memory (read-only memory, referred to as ROM), programmable read-only memory (programmable ROM, referred to as PROM), erasable programmable read-only memory (erasable PROM, referred to as EPROM) , Electrically Erasable Programmable Read-Only Memory (electrically EPROM, referred to as EEPROM) or flash memory.
  • the volatile memory can be random access memory (RAM), which acts as external cache memory.
  • RAM random access memory
  • static random access memory static random access memory
  • DRAM dynamic random access memory
  • DRAM synchronous Dynamic random access memory
  • SDRAM synchronous Dynamic random access memory
  • DDR SDRAM double data rate synchronous dynamic random access memory
  • ESDRAM enhanced synchronous dynamic random access memory
  • SLDRAM Synchronously connect dynamic random access memory
  • direct rambus RAM direct rambus RAM
  • An embodiment of the present invention also provides a gateway, including a memory and a processor, the memory stores a computer program that can run on the processor, and the processor executes the steps of the above method when running the computer program .
  • the gateway includes but is not limited to devices such as evolved home gateways or 5G home gateways.
  • each module/unit contained in the product may be a software module/unit, or a hardware module/unit, or may be partly a software module/unit and partly a hardware module/unit.
  • each module/unit contained therein may be realized by hardware such as a circuit, or at least some modules/units may be realized by a software program, and the software program Running on the integrated processor inside the chip, the remaining (if any) modules/units can be realized by means of hardware such as circuits; They are all realized by means of hardware such as circuits, and different modules/units can be located in the same component (such as chips, circuit modules, etc.) or different components of the chip module, or at least some modules/units can be realized by means of software programs, The software program runs on the processor integrated in the chip module, and the remaining (if any) modules/units can be realized by hardware such as circuits; /Units can be realized by means of hardware such as circuits

Abstract

A multicast group access control method and apparatus, a readable storage medium, a gateway, and a method, comprising: receiving a join request from a host, the join request comprising identification information of a multicast group requested to be joined by the host; searching, according to the identification information of the multicast group, a host permission control list, wherein the host permission control list is used for indicating that each host accesses the access permission of each multicast group; and if the host permission control list indicates that the host is authorized for the access permission of the multicast group, sending a multicast join request to a user plane function (UPF). According to the present invention, a user demand for performing finer permission control on different hosts can be satisfied.

Description

多播组的访问控制方法及装置、可读存储介质、网关Multicast group access control method and device, readable storage medium, gateway
本申请要求于2021年6月30日提交中国专利局、申请号为202110741950.X、发明名称为“多播组的访问控制方法及装置、可读存储介质、网关”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application submitted to the China Patent Office on June 30, 2021, with the application number 202110741950.X, and the title of the invention is "multicast group access control method and device, readable storage medium, and gateway" , the entire contents of which are incorporated in this application by reference.
技术领域technical field
本发明涉及通信技术领域,尤其涉及一种多播组的访问控制方法及装置、可读存储介质、网关。The invention relates to the field of communication technology, in particular to a multicast group access control method and device, a readable storage medium, and a gateway.
背景技术Background technique
根据目前第三代合作伙伴计划(3rd Generation Partnership Project,3GPP)在室内增强方面的研究进展,通信协议(如TR 22.858)中引入了一种新的应用场景,即部分传统的非3GPP设备通过家庭网关RG来访问多播服务,如数字视频变换盒(Set Top Box,STB,又称为机顶盒)。According to the current research progress of the 3rd Generation Partnership Project (3GPP) on indoor enhancement, a new application scenario has been introduced in the communication protocol (such as TR 22.858), that is, some traditional non-3GPP devices pass through the home Gateway RG to access multicast services, such as digital video conversion box (Set Top Box, STB, also known as set-top box).
其中,多播服务的访问权限可以基于家庭网关(Residential Gateway,RG)的订阅,即RG拥有用户级的访问权限,只有RG订阅的多播服务(如某频道),STB才能访问。在3GPP第16版(Release16,R16)的研究中,RG后侧的STB共享与RG相同的接入权限,具体地,对5G系统支持交互式网络电视(Internet Protocol TV or Inter active Personal TV,IPTV)类的多播服务进行了标准化,确定了5G-RG加入和离开多播组的相关流程及用户接入权限控制的细节。Among them, the access authority of the multicast service can be based on the subscription of the Residential Gateway (RG), that is, the RG has user-level access authority, and only the multicast service (such as a certain channel) subscribed by the RG can be accessed by the STB. In the research of 3GPP Release 16 (Release16, R16), the STB on the rear side of the RG shares the same access rights as the RG. Specifically, the 5G system supports Internet Protocol TV or Interactive Personal TV (IPTV) ) class of multicast services have been standardized, and the relevant procedures of 5G-RG joining and leaving a multicast group and the details of user access authority control have been determined.
然而,在第18版(Release18,R18)场景需求中,希望能对不 同的STB进行更加精细的权限控制,这部分在现有技术中尚属于空白。However, in the eighteenth version (Release18, R18) scenario requirements, it is hoped that different STBs can be controlled more finely, and this part is still blank in the prior art.
发明内容Contents of the invention
本发明解决的技术问题是提供一种多播组的访问控制方法及装置、可读存储介质、网关,可以满足对不同的主机进行更加精细的权限控制的用户需求。The technical problem solved by the present invention is to provide a multicast group access control method and device, a readable storage medium, and a gateway, which can meet user requirements for more fine-grained authority control on different hosts.
为解决上述技术问题,本发明实施例提供一种多播组的访问控制方法,包括:从主机接收加入请求,所述加入请求包含所述主机请求加入的多播组的标识信息;根据所述多播组的标识信息查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限;如果所述主机权限控制列表指示所述主机对于所述多播组的访问权限为已授权,则向UPF发送多播加入请求。In order to solve the above technical problems, an embodiment of the present invention provides an access control method for a multicast group, including: receiving a join request from a host, where the join request includes identification information of the multicast group that the host requests to join; according to the The identification information of the multicast group searches for a host authority control list, wherein the host authority control list is used to indicate the access authority of each host to each multicast group; if the host authority control list indicates that the host has If the access right of the group is authorized, a multicast join request is sent to UPF.
可选的,在从主机接收加入请求之前,所述的多播组的访问控制方法还包括:接收外部输入的各个主机访问各个多播组的期望访问权限,并根据所述期望访问权限制定所述主机权限控制列表。Optionally, before receiving the join request from the host, the multicast group access control method further includes: receiving an externally input expected access right of each host to each multicast group, and formulating the desired access right according to the expected access right The above-mentioned host permission control list.
可选的,根据所述期望访问权限制定所述主机权限控制列表包括:根据所述期望访问权限制定第一初版主机权限控制列表;在接收外部输入的各个主机访问各个多播组的期望访问权限之时或之后,申请网关访问权限,所述网关访问权限用于表示当前网关设备访问各个多播组的访问权限;针对每个多播组,如果存在一个或多个主机的期望访问权限高于网关访问权限,则在所述第一初版主机权限控制列表中,采用网关访问权限替代所述期望访问权限,以得到所述主机权限控制列表。Optionally, formulating the host authority control list according to the expected access authority includes: formulating a first version of the host authority control list according to the expected access authority; receiving externally input expected access authority of each host to each multicast group At or after, apply for the gateway access authority, which is used to indicate the access authority of the current gateway device to access each multicast group; for each multicast group, if there is one or more hosts whose expected access authority is higher than For gateway access rights, in the first version of the host rights control list, the gateway access rights are used to replace the expected access rights, so as to obtain the host rights control list.
可选的,根据所述期望访问权限制定所述主机权限控制列表包括:申请网关访问权限,所述网关访问权限用于表示当前网关设备访问各个多播组的访问权限;采用所述网关访问权限作为第二初版主机 权限控制列表;针对每个多播组,如果存在一个或多个主机的期望访问权限低于网关访问权限,则在所述第二初版主机权限控制列表中,采用所述期望访问权限替代所述网关访问权限,以得到所述主机权限控制。Optionally, formulating the host authority control list according to the desired access authority includes: applying for gateway access authority, the gateway access authority is used to indicate the access authority of the current gateway device to access each multicast group; using the gateway access authority As the second initial version of the host authority control list; for each multicast group, if there is one or more hosts whose expected access authority is lower than the gateway access authority, then in the second initial version of the host authority control list, the expected The access authority replaces the gateway access authority to obtain the host authority control.
可选的,所述申请网关访问权限包括:向AF或UDR申请获取所述网关访问权限。Optionally, the applying for the gateway access right includes: applying to the AF or UDR for the gateway access right.
可选的,所述网关访问权限包括各个多播组的标识信息;其中,所述多播组的标识信息选自:多播组的多播地址信息、多播组标识。Optionally, the gateway access authority includes identification information of each multicast group; wherein, the identification information of the multicast group is selected from: multicast address information of the multicast group, and multicast group identification.
可选的,所述访问权限选自:已授权且为完全允许、已授权且为允许预览、未授权;其中,所述已授权且为完全允许高于所述已授权且为允许预览,所述已授权且为允许预览高于所述未授权。Optionally, the access permission is selected from: authorized and fully allowed, authorized and allowed to preview, and unauthorized; wherein, the authorized and fully allowed is higher than the authorized and allowed to preview, and the The authorized and allowed preview is higher than the unauthorized.
可选的,所述的多播组的访问控制方法还包括:如果所述主机权限控制列表指示所述主机对于所述多播组的访问权限为未授权,则终止发送所述加入请求。Optionally, the multicast group access control method further includes: if the host authority control list indicates that the host's access authority to the multicast group is not authorized, then terminating sending the join request.
可选的,所述的多播组的访问控制方法还包括:向所述主机发送拒绝响应。Optionally, the multicast group access control method further includes: sending a rejection response to the host.
可选的,所述主机权限控制列表中包含各个主机的标识信息以及各个多播组的标识信息,且满足以下一项或多项:所述主机的标识信息为主机名和/或主机的IP地址;所述多播组的标识信息为多播组的多播地址信息和/或多播组标识。Optionally, the host authority control list includes identification information of each host and identification information of each multicast group, and satisfies one or more of the following: the identification information of the host is the host name and/or the IP address of the host ; The identification information of the multicast group is the multicast address information and/or the multicast group identifier of the multicast group.
为解决上述技术问题,本发明实施例提供一种多播组的访问控制装置,包括:接收模块,用于从主机接收加入请求,所述加入请求包含所述主机请求加入的多播组的标识信息;查找模块,用于根据所述多播组的标识信息查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限;发送模块,用于当所述主机权限控制列表指示所述主机对于所述多播组的访问权限为已授权时,向UPF发送多播加入请求。In order to solve the above technical problems, an embodiment of the present invention provides an access control device for a multicast group, including: a receiving module, configured to receive a join request from a host, and the join request includes the identifier of the multicast group that the host requests to join information; a search module, configured to search for a host authority control list according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group; a sending module, used for when When the host permission control list indicates that the host has authorized access to the multicast group, it sends a multicast join request to the UPF.
为解决上述技术问题,本发明实施例提供一种可读存储介质,其上存储有计算机程序,所述计算机程序被处理器运行时执行上述多播组的访问控制方法的步骤。In order to solve the above technical problem, an embodiment of the present invention provides a readable storage medium on which a computer program is stored, and when the computer program is run by a processor, the steps of the above multicast group access control method are executed.
为解决上述技术问题,本发明实施例提供一种网关,包括存储器和处理器,所述存储器上存储有能够在所述处理器上运行的计算机程序,所述处理器运行所述计算机程序时执行上述多播组的访问控制方法的步骤。In order to solve the above technical problems, an embodiment of the present invention provides a gateway, including a memory and a processor, the memory stores a computer program that can run on the processor, and when the processor runs the computer program, it executes Steps of the access control method for the above multicast group.
与现有技术相比,本发明实施例的技术方案具有以下有益效果:Compared with the prior art, the technical solutions of the embodiments of the present invention have the following beneficial effects:
在本发明实施例中,通过设置由网关从主机接收加入请求,然后查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限,可以使得网关根据主机对于所述多播组的访问权限,决定是否向UPF发送多播加入请求,具体而言,网关通过设置主机权限控制列表,可以单独为各个主机设定访问权限,从而在一些应用场景中,能够设置用户的期望访问权限低于网关访问权限,满足对不同的主机进行更加精细的权限控制的用户需求。In the embodiment of the present invention, by setting the gateway to receive the joining request from the host, and then searching the host authority control list, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group, the gateway can be configured according to The host determines whether to send a multicast join request to the UPF for the access authority of the multicast group. Specifically, the gateway can set the access authority for each host separately by setting the host authority control list, so that in some application scenarios, It is possible to set the user's expected access authority lower than the gateway access authority to meet the user's needs for more fine-grained authority control on different hosts.
进一步,在从主机接收加入请求之前,还包括:接收外部输入的各个主机访问各个多播组的期望访问权限,并根据所述期望访问权限制定所述主机权限控制列表,从而可以有效接收用户的期望访问权限,进一步满足对不同的主机进行更加精细的权限控制的用户需求。Further, before receiving the joining request from the host, it also includes: receiving the expected access authority of each host to each multicast group input from the outside, and formulating the host authority control list according to the expected access authority, so that the user's Expect access rights to further meet user needs for more fine-grained permission control on different hosts.
进一步,制定第一初版主机权限控制列表,申请网关访问权限,针对每个多播组,如果存在一个或多个主机的期望访问权限高于网关访问权限,则在所述第一初版主机权限控制列表中,采用网关访问权限替代所述期望访问权限,以得到所述主机权限控制列表,从而可以通过申请网关访问权限,对用户的配置进行核查修订,尤其对于期望访问权限低于网关访问权限的主机,符合签约访问权限,可以直接采用网关访问权限替代从而予以满足,进一步满足对不同的主机进行更加精细的权限控制的用户需求。Further, formulate the first version of the host authority control list, apply for the gateway access authority, and for each multicast group, if there is one or more hosts whose expected access authority is higher than the gateway access authority, then in the first version of the host authority control In the list, the gateway access authority is used to replace the expected access authority to obtain the host authority control list, so that the configuration of the user can be checked and revised by applying for the gateway access authority, especially for those whose expected access authority is lower than the gateway access authority The host, which complies with the contracted access authority, can be directly replaced by the gateway access authority to meet it, and further meet the user's needs for more fine-grained authority control on different hosts.
进一步,根据所述期望访问权限制定所述主机权限控制列表包括:申请网关访问权限,所述网关访问权限用于表示当前网关设备访问各个多播组的访问权限;采用所述网关访问权限作为第二初版主机权限控制列表;针对每个多播组,如果存在一个或多个主机的期望访问权限低于网关访问权限,则在所述第二初版主机权限控制列表中,采用所述期望访问权限替代所述网关访问权限,以得到所述主机权限控制,从而可以通过申请网关访问权限,对用户的配置进行核查修订,尤其对于期望访问权限低于网关访问权限的主机,可以直接采用网关访问权限替代从而予以满足,进一步满足对不同的主机进行更加精细的权限控制的用户需求。Further, formulating the host authority control list according to the expected access authority includes: applying for gateway access authority, the gateway access authority is used to indicate the access authority of the current gateway device to access each multicast group; using the gateway access authority as the first The second primary version of the host permission control list; for each multicast group, if there is one or more hosts whose expected access authority is lower than the gateway access authority, then in the second primary version of the host authority control list, adopt the expected access authority Replace the gateway access authority to obtain the host authority control, so that the user configuration can be checked and revised by applying for the gateway access authority, especially for hosts whose expected access authority is lower than the gateway access authority, the gateway access authority can be directly used Substitution is thus satisfied, and further satisfies user requirements for more fine-grained authority control on different hosts.
进一步,如果所述主机权限控制列表指示所述主机对于所述多播组的访问权限为未授权,则终止发送所述加入请求,从而可以采用网关对主机权限进行判断,而无需送至UPF后才进行判断,有效提高网关的功能性。Further, if the host authority control list indicates that the host's access authority to the multicast group is not authorized, then stop sending the join request, so that the gateway can be used to judge the host authority without sending it to the UPF Judgment is made only to effectively improve the functionality of the gateway.
附图说明Description of drawings
图1是现有技术中一种主机通过家庭网关RG来访问多播服务的应用场景示意图;FIG. 1 is a schematic diagram of an application scenario in which a host accesses a multicast service through a home gateway RG in the prior art;
图2是现有技术中一种5G-RG加入多播组传输过程的数据流图;FIG. 2 is a data flow diagram of a 5G-RG joining a multicast group transmission process in the prior art;
图3是现有技术中一种5G-RG通过UPF查询或者主动发送IGMP/MLD离开消息来离开多播组的数据流图;FIG. 3 is a data flow diagram of a 5G-RG leaving a multicast group through a UPF query or actively sending an IGMP/MLD leave message in the prior art;
图4是本发明实施例中一种多播组的访问控制方法的流程图;Fig. 4 is a flowchart of a multicast group access control method in an embodiment of the present invention;
图5是本发明实施例中另一种多播组的访问控制方法的数据流图;Fig. 5 is a data flow diagram of another multicast group access control method in an embodiment of the present invention;
图6是本发明实施例中一种多播组的访问控制装置的结构示意图。Fig. 6 is a schematic structural diagram of an access control device for a multicast group in an embodiment of the present invention.
具体实施方式detailed description
在现有技术中,在3GPP R16的研究中,RG后侧的STB共享与RG相同的接入权限,但在R18场景需求中,希望能对不同的STB进行更加精细的权限控制,然而在现有技术中尚属于空白。In the existing technology, in the research of 3GPP R16, the STB behind the RG shares the same access rights as the RG, but in the R18 scenario, it is hoped that different STBs can be controlled more finely. However, in the current There is still a blank in the technology.
参照图1,图1是现有技术中一种主机通过家庭网关RG来访问多播服务的应用场景示意图。Referring to FIG. 1 , FIG. 1 is a schematic diagram of an application scenario in which a host accesses a multicast service through a home gateway RG in the prior art.
如图1所示,每个网关102可以关联多个主机(以STB 101为例进行说明),例如可以关联STB 1、STB 2以及STB 3,所述网关102可以与基站103进行信息交互,然后由基站103与5G核心网104之间进行信息交互。As shown in Figure 1, each gateway 102 can be associated with a plurality of hosts (taking STB 101 as an example), for example, can be associated with STB 1, STB 2 and STB 3, and the gateway 102 can exchange information with the base station 103, and then Information exchange is performed between the base station 103 and the 5G core network 104 .
具体地,例如某个STB 101是放置在儿童卧室内的,希望该STB 101仅能访问订阅的频道中的少儿类频道,而某个STB 101是放置在家长卧室的,则可以访问所有订阅的频道等。Specifically, for example, if a certain STB 101 is placed in a children's bedroom, it is hoped that the STB 101 can only access children's channels in subscribed channels, and if a certain STB 101 is placed in a parent's bedroom, it can access all subscribed channels. channel etc.
进一步地,在R16中,对5G系统支持IPTV类的多播服务进行了标准化,确定了5G-RG加入和离开多播组的相关流程及用户接入权限控制的细节。Furthermore, in R16, the 5G system supports IPTV multicast services, and the relevant procedures for 5G-RG joining and leaving multicast groups and the details of user access authority control are determined.
参照图2,图2是现有技术中一种5G-RG加入多播组传输过程的数据流图。Referring to FIG. 2, FIG. 2 is a data flow diagram of a 5G-RG joining multicast group transmission process in the prior art.
在现有技术中,可以通过5G家庭网关(5G-RG)21、基站接入网(Access Network,(R)AN)22、接入管理功能(Access Management Function,AMF)23、用户面数据(User Plane Function,UPF)24、会话管理功能(Session Management Function,SMF)25、计费策略功能(Payment Capture Function,PCF)26、用户数据管理(User Data Management,UDM)27、IPTV多播组(IPTV multicast server,IPTV MS)28等多个模块实现5G-RG加入多播组传输过程。In the prior art, 5G home gateway (5G-RG) 21, base station access network (Access Network, (R)AN) 22, access management function (Access Management Function, AMF) 23, user plane data ( User Plane Function, UPF) 24, session management function (Session Management Function, SMF) 25, billing policy function (Payment Capture Function, PCF) 26, user data management (User Data Management, UDM) 27, IPTV multicast group ( IPTV multicast server, IPTV MS) 28 and other modules realize the 5G-RG joining multicast group transmission process.
在5G-RG加入多播组传输过程中,5G-RG 21可以通过用户面数 据(UPF)24,向核心网的UPF发送因特网组管理协议(Internet Group Management Protocol,IGMP)/组播侦听发现协议(Multicast Listener Discover,MLD)加入消息,用于申请加入某个多播组,UPF24作为多播路由器,依据SMF25制定的N4接口规则,来判断对该请求时拒绝还是接受。对于接受了的请求,UPF24通过N6接口与IPTV多播组(例如为IPTV多播服务器)28交互,获取来自服务器的多播业务,并在UPF24处复制成多份,发送到多个请求该多播业务的5G-RG21上。During the transmission process of 5G-RG joining the multicast group, 5G-RG 21 can send Internet Group Management Protocol (Internet Group Management Protocol, IGMP)/multicast listening discovery to the UPF of the core network through user plane data (UPF) 24 A protocol (Multicast Listener Discover, MLD) join message is used to apply for joining a certain multicast group. UPF24, as a multicast router, judges whether to reject or accept the request according to the N4 interface rules formulated by SMF25. For accepted request, UPF24 interacts with IPTV multicast group (such as IPTV multicast server) 28 through N6 interface, obtains the multicast service from server, and duplicates into multiple copies at UPF24 place, sends to multiple requests broadcast service on 5G-RG21.
有关图2的更多内容,可以参照通信协议中的内容,例如TR22.858等。For more information about Figure 2, you can refer to the content in the communication protocol, such as TR22.858, etc.
参照图3,图3是现有技术中一种5G-RG通过UPF查询或者主动发送IGMP/MLD离开消息来离开多播组的数据流图。Referring to FIG. 3 , FIG. 3 is a data flow diagram of a 5G-RG leaving a multicast group by querying UPF or actively sending an IGMP/MLD leave message in the prior art.
具体地,可以通过5G-RG 31、(R)AN 32、AMF 33、UPF 34、SMF 35、PCF 36、UDM 37、IPTV多播组38等多个模块实现5G-RG离开多播组。Specifically, multiple modules such as 5G-RG 31, (R)AN 32, AMF 33, UPF 34, SMF 35, PCF 36, UDM 37, and IPTV multicast group 38 can be used to realize 5G-RG leaving the multicast group.
其中,步骤1.a和步骤1.b可以组合使用,实现5G-RG31通过UPF34查询来离开多播组,还可以单独使用步骤1.c,实现5G-RG31主动发送IGMP/MLD离开消息来离开多播组。Among them, step 1.a and step 1.b can be used in combination to enable 5G-RG31 to leave the multicast group through UPF34 query, and step 1.c can also be used alone to enable 5G-RG31 to actively send IGMP/MLD leave messages to leave multicast group.
如图所示,5G-RG31可以通过UPF34查询或者主动发送IGMP/MLD离开消息来离开多播组,当某个多播组没有成员时,UPF34停止转发该多播组的数据。As shown in the figure, 5G-RG31 can leave the multicast group by querying UPF34 or actively sending IGMP/MLD leave messages. When a multicast group has no members, UPF34 stops forwarding the data of the multicast group.
有关图3的更多内容,可以参照通信协议中的内容,例如TR22.858等。For more details about Figure 3, you can refer to the content in the communication protocol, such as TR22.858 and so on.
本发明的发明人经过研究发现,在现有技术中,网关访问权限即为主机访问权限,不能修改。具体而言,当基于网关订阅多播服务(如IPTV)时,网关后面的传统非3GPP设备对于网络侧不可见,无法针对每个非3GPP设备实现更细粒度的接入权限控制,也即当前每个网 关后面的设备共享相同的接入权限。导致在一些应用场景中,例如当用户的期望访问权限低于网关访问权限时,由于不能依照各个主机进行特别设定,无法满足用户需求。The inventor of the present invention has found through research that, in the prior art, the gateway access authority is the host access authority and cannot be modified. Specifically, when subscribing to a multicast service (such as IPTV) based on a gateway, the traditional non-3GPP devices behind the gateway are invisible to the network side, and it is impossible to implement finer-grained access authority control for each non-3GPP device. Devices behind each gateway share the same access rights. As a result, in some application scenarios, for example, when the user's expected access authority is lower than the gateway access authority, the user's needs cannot be met because special settings cannot be made according to each host.
在本发明实施例中,通过设置由网关从主机接收加入请求,然后查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限,可以使得网关根据主机对于所述多播组的访问权限,决定是否向UPF发送多播加入请求,具体而言,网关通过设置主机权限控制列表,可以单独为各个主机设定访问权限,从而在一些应用场景中,能够设置用户的期望访问权限低于网关访问权限,满足对不同的主机进行更加精细的权限控制的用户需求。In the embodiment of the present invention, by setting the gateway to receive the joining request from the host, and then searching the host authority control list, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group, the gateway can be configured according to The host determines whether to send a multicast join request to the UPF for the access authority of the multicast group. Specifically, the gateway can set the access authority for each host separately by setting the host authority control list, so that in some application scenarios, It is possible to set the user's expected access authority lower than the gateway access authority to meet the user's needs for more fine-grained authority control on different hosts.
为使本发明的上述目的、特征和有益效果能够更为明显易懂,下面结合附图对本发明的具体实施例做详细的说明。In order to make the above objects, features and beneficial effects of the present invention more comprehensible, specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.
参照图4,图4是本发明实施例中一种多播组的访问控制方法的流程图。所述多播组的访问控制方法可以包括步骤S41至步骤S43:Referring to FIG. 4, FIG. 4 is a flow chart of a multicast group access control method in an embodiment of the present invention. The access control method of the multicast group may include steps S41 to S43:
步骤S41:从主机接收加入请求,所述加入请求包含所述主机请求加入的多播组的标识信息;Step S41: receiving a join request from the host, where the join request includes identification information of the multicast group that the host requests to join;
步骤S42:根据所述多播组的标识信息查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限;Step S42: Searching for a host authority control list according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to each multicast group;
步骤S43:如果所述主机权限控制列表指示所述主机对于所述多播组的访问权限为已授权,则向UPF发送多播加入请求。Step S43: If the host authority control list indicates that the access authority of the host to the multicast group is authorized, send a multicast join request to the UPF.
可以理解的是,在具体实施中,所述方法可以采用软件程序的方式实现,该软件程序运行于芯片或芯片模组内部集成的处理器中。It can be understood that, in a specific implementation, the method may be implemented in the form of a software program, and the software program runs in a processor integrated in a chip or a chip module.
在步骤S41的具体实施中,可以设置网关从主机接收加入请求的步骤。In the specific implementation of step S41, a step in which the gateway receives a join request from the host may be set.
相比于现有技术中,网关访问权限即为主机访问权限,因此网关 也无需额外关注各个主机的访问需求,在本发明实施例中,通过设置网关从主机接收加入请求,可以有机会实现单独为各个主机设定访问权限。Compared with the prior art, the access authority of the gateway is the access authority of the host, so the gateway does not need to pay extra attention to the access requirements of each host. Set access permissions for each host.
进一步地,在步骤S41的从主机接收加入请求之前,所述多播组的访问控制方法还可以包括:接收外部输入的各个主机访问各个多播组的期望访问权限,并根据所述期望访问权限制定所述主机权限控制列表。Further, before receiving the joining request from the host in step S41, the access control method for the multicast group may further include: receiving an externally input expected access right of each host to each multicast group, and according to the expected access right Formulate the host authority control list.
具体地,用户可以输入期望的访问权限,例如对于儿童、青少年的房间的主机,可以设置仅能够支持部分权限。在一个非限制性的实施例中,可以设置仅能观看部分电视节目,或者限制上网功能等。Specifically, the user can input desired access rights, for example, for the hosts in children's and teenagers' rooms, it can be set that only part of the rights can be supported. In a non-limiting embodiment, it can be set that only some TV programs can be watched, or the function of surfing the Internet can be restricted.
在本发明实施例的一种具体实施方式中,可以直接将用户配置的期望访问权限作为主机权限控制列表进行使用。In a specific implementation manner of the embodiment of the present invention, the desired access rights configured by the user may be directly used as a host permission control list.
可以理解的是,由于在后续步骤中,还有UPF或其他适当的模块依据N4接口规则,对加入请求进行判断,因此并不会由于网关直接将用户配置的期望访问权限作为主机权限控制列表而导致错误。It is understandable that in the subsequent steps, UPF or other appropriate modules will judge the join request according to the N4 interface rules, so the gateway will not directly use the expected access rights configured by the user as the host access control list. lead to errors.
在本发明实施例中,通过设置在从主机接收加入请求之前,接收外部输入的各个主机访问各个多播组的期望访问权限,并根据所述期望访问权限制定所述主机权限控制列表,从而可以有效接收用户的期望访问权限,进一步满足对不同的主机进行更加精细的权限控制的用户需求。In the embodiment of the present invention, by setting the expected access authority of each host receiving external input to access each multicast group before receiving the join request from the host, and formulating the host authority control list according to the expected access authority, it is possible Effectively receive the user's expected access rights, and further meet the user's needs for more fine-grained rights control on different hosts.
在本发明实施例的另一种具体实施方式中,网关可以通过申请网关访问权限,对用户的配置进行核查修订。In another specific implementation manner of the embodiment of the present invention, the gateway can check and revise the configuration of the user by applying for the gateway access authority.
更进一步地,在本发明实施例的一种具体实施方式中,根据所述期望访问权限制定所述主机权限控制列表的步骤可以包括:根据所述期望访问权限制定第一初版主机权限控制列表;在接收外部输入的各个主机访问各个多播组的期望访问权限之时或之后,申请网关访问权限,所述网关访问权限用于表示当前网关设备访问各个多播组的访问 权限;针对每个多播组,如果存在一个或多个主机的期望访问权限高于网关访问权限,则在所述第一初版主机权限控制列表中,采用网关访问权限替代所述期望访问权限,以得到所述主机权限控制列表。Furthermore, in a specific implementation manner of the embodiment of the present invention, the step of formulating the host authority control list according to the expected access authority may include: formulating a first primary version of the host authority control list according to the expected access authority; When or after receiving the expected access rights of each host to access each multicast group from the outside, apply for gateway access rights, and the gateway access rights are used to represent the access rights of the current gateway device to access each multicast group; for each multicast broadcast group, if there is one or more hosts whose expected access authority is higher than the gateway access authority, then in the first version of the host authority control list, the gateway access authority is used to replace the expected access authority to obtain the host authority control list.
具体地,在制定主机权限控制列表时,可以先确定期望访问权限,后申请网关访问权限,且以期望访问权限作为第一初版主机访问权限列表,该网关访问权限仅包括已授权的多播组列表,且不同主机拥有相同的访问权限相同,然后根据用户需求,对初版访问权限列表中不同的主机对应的需要限制访问的多播组的访问权限做降级处理。Specifically, when formulating the host authority control list, you can first determine the desired access authority, and then apply for the gateway access authority, and use the expected access authority as the first version of the host access authority list. The gateway access authority only includes authorized multicast groups list, and different hosts have the same access rights, and then according to user needs, downgrade the access rights of the multicast groups corresponding to different hosts in the first version of the access rights list that need to restrict access.
更进一步地,在本发明实施例的另一种具体实施方式中,根据所述期望访问权限制定所述主机权限控制列表包括:申请网关访问权限,所述网关访问权限用于表示当前网关设备访问各个多播组的访问权限;采用所述网关访问权限作为第二初版主机权限控制列表;针对每个多播组,如果存在一个或多个主机的期望访问权限低于网关访问权限,则在所述第二初版主机权限控制列表中,采用所述期望访问权限替代所述网关访问权限,以得到所述主机权限控制。Furthermore, in another specific implementation manner of the embodiment of the present invention, formulating the host authority control list according to the expected access authority includes: applying for gateway access authority, and the gateway access authority is used to represent the current gateway device access The access authority of each multicast group; adopt the gateway access authority as the second primary host authority control list; for each multicast group, if there is one or more hosts whose expected access authority is lower than the gateway access authority, then in all In the second primary version of the host authority control list, the desired access authority is used to replace the gateway access authority, so as to obtain the host authority control.
具体地,在制定主机权限控制列表时,可以先申请网关访问权限作为第二初版主机访问权限列表,该网关访问权限仅包括已授权的多播组列表,且不同主机拥有相同的访问权限相同,然后根据用户需求,对初版访问权限列表中不同的主机对应的需要限制访问的多播组的访问权限做降级处理。Specifically, when formulating the host authority control list, you can first apply for the gateway access authority as the second primary host access authority list. The gateway access authority only includes the authorized multicast group list, and different hosts have the same access authority. Then, according to user requirements, downgrade the access rights of the multicast groups corresponding to different hosts in the access rights list of the first version that need to be restricted from access.
具体地,针对不同的主机(如不同STB的主机名或IP地址等)和不同的多播服务(如IP多播地址信息或多播组标识),网关的授权管理员(如网关的所有者)可以在网关内配置针对每个主机设备的控制列表。Specifically, for different hosts (such as host names or IP addresses of different STBs, etc.) and different multicast services (such as IP multicast address information or multicast group identification), the authorized administrator of the gateway (such as the owner of the gateway) ) can configure a control list for each host device within the gateway.
进一步地,所述访问权限可以选自:已授权且为完全允许、已授权且为允许预览、未授权;其中,所述已授权且为完全允许高于所述已授权且为允许预览,所述已授权且为允许预览高于所述未授权。Further, the access rights may be selected from: authorized and fully allowed, authorized and allowed to preview, and unauthorized; wherein, the authorized and fully allowed is higher than the authorized and allowed to preview, and the The authorized and allowed preview is higher than the unauthorized.
参照表1,表1是一种主机权限控制列表。Referring to Table 1, Table 1 is a host authority control list.
表1Table 1
Figure PCTCN2022100085-appb-000001
Figure PCTCN2022100085-appb-000001
如表1所示,针对每个主机的访问权限做了详细的限制,访问权限分为已授权且为完全允许(Fully allowed)、已授权且为允许预览(Preview allowed)和未授权(Not allowed)三类。As shown in Table 1, detailed restrictions are made on the access rights of each host. The access rights are divided into authorized and fully allowed (Fully allowed), authorized and allowed preview (Preview allowed) and unauthorized (Not allowed ) three categories.
可以理解的是,上述权限之间具有高低之分,以IPTV多播组中的一个频道为例,已授权且为完全允许可以是能够观看该频道的完整节目,已授权且为允许预览可以是仅能够预览该频道的预设时长的节目,未授权可以是不能观看也不能预览,例如显示为黑屏。It can be understood that the above-mentioned rights have high and low points. Taking a channel in the IPTV multicast group as an example, authorized and fully allowed can be able to watch the complete program of the channel, authorized and allowed to preview can be Only programs with a preset duration of the channel can be previewed. Unauthorized programs may not be viewed or previewed, for example, displayed as a black screen.
进一步地,所述申请网关访问权限的步骤可以包括:向AF或UDR申请获取所述网关访问权限。Further, the step of applying for the gateway access right may include: applying to the AF or UDR for the gateway access right.
具体地,服务器关联的应用功能(Application Function,AF)可以发送给网络曝光功能(Network Exposure Function,NEF)并在统一数据存储库(Unified Data Repository,UDR)中建立控制列表。通过AF查找UDR中的控制列表,或者直接向UDR申请,可以获知当前网关设备访问各个多播组的访问权限。用户级的多播地址信息或多播组标识可以由RG向AF或UDR等申请获取或者由授权管理员自行配置并存储在RG内。Specifically, the application function (Application Function, AF) associated with the server can be sent to the network exposure function (Network Exposure Function, NEF) and a control list is established in the unified data repository (Unified Data Repository, UDR). Search the control list in UDR through AF, or directly apply to UDR, and you can know the access rights of the current gateway device to each multicast group. The user-level multicast address information or multicast group identifier can be acquired by the RG from the AF or UDR, or configured by the authorized administrator and stored in the RG.
进一步地,所述网关访问权限可以包括各个多播组的标识信息;其中,所述多播组的标识信息选自:多播组的多播地址信息、多播组标识。Further, the gateway access authority may include identification information of each multicast group; wherein, the identification information of the multicast group is selected from: multicast address information of the multicast group, and multicast group identification.
其中,所述多播组的标识信息用于唯一确定所述多播组,所述多播组的多播地址信息可以为IP地址或者其他适当的地址信息,所述多播组标识例如可以为多播组名称、频道名称等标识信息。Wherein, the identification information of the multicast group is used to uniquely determine the multicast group, the multicast address information of the multicast group may be an IP address or other appropriate address information, and the multicast group identification may be, for example, Identification information such as multicast group name and channel name.
在本发明实施例中,通过设置网关访问权限可以包括各个多播组的标识信息,可以实现对各个多播组(如各个频道)的访问权限进行详细的限制。In the embodiment of the present invention, by setting the access authority of the gateway to include the identification information of each multicast group, detailed restrictions on the access authority of each multicast group (such as each channel) can be implemented.
需要指出的是,针对每个多播组,如果存在一个或多个主机的期望访问权限高于网关访问权限,则在所述第一初版主机权限控制列表中,采用网关访问权限替代所述期望访问权限,以得到所述主机权限控制列表,相当于设置用户权限只降不升,对于用户未签约而期望过高的配置,可以预先修改主机权限控制列表至正确,相比于直接将用户的配置作为列表,导致在用户提交请求后,再通过UPF检查并确定用户是否具有访问权限,本发明可以提前订正列表,从而在用户提交请求时,用更加正确的列表确定用户的访问权限。It should be noted that, for each multicast group, if there is one or more hosts whose expected access authority is higher than the gateway access authority, then in the first version of the host authority control list, the gateway access authority will be used instead of the expected access rights to obtain the host authority control list, which is equivalent to setting the user authority to only decrease but not increase. For configurations where the user has not signed a contract and expects too much, the host authority control list can be modified in advance to be correct. Compared with directly setting the user's Configured as a list, after the user submits the request, the UPF checks and determines whether the user has access rights. The present invention can correct the list in advance, so that when the user submits the request, a more correct list is used to determine the user's access rights.
在本发明实施例中,通过制定第一初版主机权限控制列表,申请网关访问权限,针对每个多播组,如果存在一个或多个主机的期望访问权限高于网关访问权限,则在所述第一初版主机权限控制列表中,采用网关访问权限替代所述期望访问权限,以得到所述主机权限控制列表,从而可以通过申请网关访问权限,对用户的配置进行核查修订,尤其对于期望访问权限低于网关访问权限的主机,符合签约访问权限,可以直接采用网关访问权限替代从而予以满足,进一步满足对不同的主机进行更加精细的权限控制的用户需求。In the embodiment of the present invention, by formulating the first version of the host authority control list and applying for gateway access authority, for each multicast group, if there is one or more hosts whose expected access authority is higher than the gateway access authority, then in the In the first version of the host authority control list, the gateway access authority is used to replace the expected access authority to obtain the host authority control list, so that the configuration of the user can be checked and revised by applying for the gateway access authority, especially for the expected access authority Hosts with lower access rights than the gateway, which meet the contracted access rights, can be directly replaced by gateway access rights to meet the needs of users who need more fine-grained rights control for different hosts.
在步骤S41的具体实施中,所述加入请求包含的多播组的标识信息可以用于唯一确定主机请求加入的多播组,例如可以为所述多播组的多播地址信息和/或多播组标识。In the specific implementation of step S41, the identification information of the multicast group included in the joining request can be used to uniquely determine the multicast group that the host requests to join, for example, it can be the multicast address information and/or multicast group information of the multicast group. broadcast group ID.
如前所述,所述多播组的多播地址信息可以为IP地址或者其他适当的地址信息,所述多播组标识例如可以为多播组名称、频道名称等标识信息。As mentioned above, the multicast address information of the multicast group may be an IP address or other appropriate address information, and the multicast group identifier may be identification information such as a multicast group name and a channel name, for example.
在步骤S42的具体实施中,可以根据所述多播组的标识信息查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限。In the specific implementation of step S42, the host authority control list may be searched according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to each multicast group.
如前所述,在本发明实施例中,可以根据期望访问权限制定所述主机权限控制列表,因此主机权限控制列表可以体现用户的需求。As mentioned above, in the embodiment of the present invention, the host authority control list can be formulated according to the desired access authority, so the host authority control list can reflect the needs of users.
在步骤S43的具体实施中,如果所述主机权限控制列表指示所述主机对于所述多播组的访问权限为已授权,则向UPF发送多播加入请求。In the specific implementation of step S43, if the host authority control list indicates that the access authority of the host to the multicast group is authorized, a multicast join request is sent to the UPF.
需要指出的是,向UPF发送的所述多播加入请求可以直接转发从主机接收的加入请求的信息,还可以是进行处理后的处理后请求的信息。It should be pointed out that the multicast join request sent to the UPF may directly forward the join request information received from the host, or may be processed request information.
在本发明实施例中,由网关制作主机权限控制列表,并由网关查找主机权限控制列表并确定主机对多播组的访问权限,相比于网关不作任何辨别且直接将加入请求发送至UPF,可以减轻UPF的辨别压力。In the embodiment of the present invention, the gateway makes the host authority control list, and the gateway searches the host authority control list and determines the access authority of the host to the multicast group. Compared with the gateway that does not make any discrimination and directly sends the join request to the UPF, Can reduce the discerning pressure of UPF.
在本发明实施例中,通过设置由网关从主机接收加入请求,然后查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限,可以使得网关根据主机对于所述多播组的访问权限,决定是否向UPF发送多播加入请求,具体而言,网关通过设置主机权限控制列表,可以单独为各个主机设定访问权限,从而在一些应用场景中,能够设置用户的期望访问权限低于网关访问权限,满足对不同的主机进行更加精细的权限控制的用户需求。In the embodiment of the present invention, by setting the gateway to receive the joining request from the host, and then searching the host authority control list, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group, the gateway can be configured according to The host determines whether to send a multicast join request to the UPF for the access authority of the multicast group. Specifically, the gateway can set the access authority for each host separately by setting the host authority control list, so that in some application scenarios, It is possible to set the user's expected access authority lower than the gateway access authority to meet the user's needs for more fine-grained authority control on different hosts.
参照图5,图5是本发明实施例中另一种多播组的访问控制方法的数据流图。所述另一种多播组的访问控制方法可以包括步骤S51至 步骤S54,还可以包括步骤S51至步骤S53、步骤S55。以下对各个步骤进行说明。Referring to FIG. 5 , FIG. 5 is a data flow diagram of another multicast group access control method in an embodiment of the present invention. Said another multicast group access control method may include steps S51 to S54, and may also include steps S51 to S53 and S55. Each step is described below.
在步骤S51中,网关52制定主机权限控制列表。In step S51, the gateway 52 formulates a host authority control list.
在步骤S52中,网关52从主机51接收加入请求。In step S52 , the gateway 52 receives a join request from the host 51 .
在步骤S53中,网关52查找主机权限控制列表。In step S53, the gateway 52 searches the host authority control list.
在步骤S54中,网关52向UPF53发送多播加入请求。In step S54, gateway 52 sends a multicast join request to UPF53.
在具体实施中,有关步骤S51至步骤S54的更多详细内容请参照图4中的步骤的描述进行执行,此处不再赘述。In specific implementation, for more detailed content about steps S51 to S54, please refer to the description of the steps in FIG. 4 for execution, and details will not be repeated here.
需要指出的是,在步骤S53之后,根据所述主机51对于所述多播组的访问权限,可以执行步骤S54,即如果所述主机权限控制列表指示所述主机51对于所述多播组的访问权限为已授权,则向UPF53发送多播加入请求;还可以执行步骤S55。It should be pointed out that after step S53, according to the access authority of the host 51 to the multicast group, step S54 may be executed, that is, if the host authority control list indicates that the host 51 has access rights to the multicast group If the access right is authorized, a multicast join request is sent to UPF53; step S55 can also be executed.
进一步地,如果所述主机权限控制列表指示所述主机51对于所述多播组的访问权限为未授权,则网关52可以终止发送所述加入请求。Further, if the host authority control list indicates that the access authority of the host 51 to the multicast group is not authorized, the gateway 52 may stop sending the joining request.
在本发明实施例中,如果所述主机权限控制列表指示所述主机51对于所述多播组的访问权限为未授权,则终止发送所述加入请求,从而可以采用网关52对主机权限进行判断,而无需送至UPF53后才进行判断,有效提高网关的功能性。In the embodiment of the present invention, if the host authority control list indicates that the access authority of the host 51 to the multicast group is not authorized, then stop sending the join request, so that the gateway 52 can be used to judge the authority of the host , without sending it to UPF53 for judgment, effectively improving the functionality of the gateway.
在步骤S55中,网关52向主机51发送拒绝响应。In step S55, the gateway 52 sends a rejection response to the host 51.
在本发明实施例中,如果所述主机权限控制列表指示所述主机51对于所述多播组的访问权限为未授权,则在终止发送所述加入请求之时或之后,网关52可以向主机51发送拒绝响应,从而可以及时告知主机51不能访问该多播组,相比于由主机51自行尝试访问后发觉不能访问,有利于提高用户满意度。In the embodiment of the present invention, if the host authority control list indicates that the access authority of the host 51 to the multicast group is not authorized, the gateway 52 may send the host 51 an 51 sends a rejection response, so that the host 51 can be notified in time that the multicast group cannot be accessed, which is beneficial to improving user satisfaction compared with the host 51 trying to access and finding that it cannot access.
进一步地,所述主机权限控制列表中包含各个主机的标识信息以 及各个多播组的标识信息,且满足以下一项或多项:所述主机的标识信息为主机名和/或主机的IP地址;所述多播组的标识信息为多播组的多播地址信息和/或多播组标识。Further, the host authority control list includes identification information of each host and identification information of each multicast group, and satisfies one or more of the following: the identification information of the host is the host name and/or the IP address of the host; The identification information of the multicast group is multicast address information and/or multicast group identifier of the multicast group.
其中,所述主机的标识信息用于唯一确定所述主机,所述主机名例如可以为主机名称或主机序号等标识信息。Wherein, the identification information of the host is used to uniquely determine the host, and the host name may be identification information such as a host name or a serial number of the host, for example.
所述多播组的标识信息用于唯一确定所述多播组,所述多播组的多播地址信息可以为IP地址或者其他适当的地址信息,所述多播组标识例如可以为多播组名称、频道名称等标识信息。The identification information of the multicast group is used to uniquely determine the multicast group, the multicast address information of the multicast group may be an IP address or other appropriate address information, and the multicast group identification may be, for example, a multicast Identification information such as group name and channel name.
在本发明实施例中,通过设置由网关从主机接收加入请求,然后查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限,可以使得网关根据主机对于所述多播组的访问权限,决定是否向UPF发送多播加入请求,具体而言,网关通过设置主机权限控制列表,可以单独为各个主机设定访问权限,从而在一些应用场景中,能够设置用户的期望访问权限低于网关访问权限,满足对不同的主机进行更加精细的权限控制的用户需求。In the embodiment of the present invention, by setting the gateway to receive the joining request from the host, and then searching the host authority control list, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group, the gateway can be configured according to The host determines whether to send a multicast join request to the UPF for the access authority of the multicast group. Specifically, the gateway can set the access authority for each host separately by setting the host authority control list, so that in some application scenarios, It is possible to set the user's expected access authority lower than the gateway access authority to meet the user's needs for more fine-grained authority control on different hosts.
参照图6,图6是本发明实施例中一种多播组的访问控制装置的结构示意图。所述多播组的访问控制装置可以包括:Referring to FIG. 6, FIG. 6 is a schematic structural diagram of an access control device for a multicast group in an embodiment of the present invention. The access control device of the multicast group may include:
接收模块61,用于从主机接收加入请求,所述加入请求包含所述主机请求加入的多播组的标识信息;A receiving module 61, configured to receive a join request from a host, where the join request includes identification information of the multicast group that the host requests to join;
查找模块62,用于根据所述多播组的标识信息查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限;A search module 62, configured to search for a host authority control list according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to access each multicast group;
发送模块63,用于当所述主机权限控制列表指示所述主机对于所述多播组的访问权限为已授权时,向UPF发送多播加入请求。A sending module 63, configured to send a multicast join request to the UPF when the host authority control list indicates that the host's access authority to the multicast group is authorized.
在具体实施中,上述装置可以对应于用户设备中具有数据处理功能的芯片;或者对应于用户设备中包括具有数据处理功能芯片的芯片模组,或者对应于用户设备。In a specific implementation, the above means may correspond to a chip with a data processing function in the user equipment; or correspond to a chip module including a chip with a data processing function in the user equipment, or correspond to the user equipment.
关于该多播组的访问控制装置的原理、具体实现和有益效果请参照前文所述的关于多播组的访问控制方法的相关描述,此处不再赘述。For the principle, specific implementation and beneficial effects of the access control device for the multicast group, please refer to the relevant description about the access control method for the multicast group mentioned above, which will not be repeated here.
本发明实施例还提供了一种可读存储介质,其上存储有计算机程序,所述计算机程序被处理器运行时执行上述方法的步骤。所述可读存储介质可以是计算机可读存储介质,例如可以包括非挥发性存储器(non-volatile)或者非瞬态(non-transitory)存储器,还可以包括光盘、机械硬盘、固态硬盘等。An embodiment of the present invention also provides a readable storage medium on which a computer program is stored, and the computer program executes the steps of the above method when the computer program is run by a processor. The readable storage medium may be a computer-readable storage medium, for example, may include a non-volatile memory (non-volatile) or a non-transitory (non-transitory) memory, and may also include an optical disk, a mechanical hard disk, a solid-state hard disk, and the like.
具体地,在本发明实施例中,所述处理器可以为中央处理单元(central processing unit,简称CPU),该处理器还可以是其他通用处理器、数字信号处理器(digital signal processor,简称DSP)、专用集成电路(application specific integrated circuit,简称ASIC)、现成可编程门阵列(field programmable gate array,简称FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。Specifically, in the embodiment of the present invention, the processor may be a central processing unit (Central Processing Unit, referred to as CPU), and the processor may also be other general-purpose processors, digital signal processors (digital signal processor, referred to as DSP) ), application specific integrated circuit (ASIC for short), off-the-shelf programmable gate array (field programmable gate array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.
还应理解,本申请实施例中的存储器可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,简称ROM)、可编程只读存储器(programmable ROM,简称PROM)、可擦除可编程只读存储器(erasable PROM,简称EPROM)、电可擦除可编程只读存储器(electrically EPROM,简称EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,简称RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的随机存取存储器(random access memory,简称RAM)可用,例如静态随机存取存储器(static RAM,简称SRAM)、动态随机存取存储器(DRAM)、同步动态随机存取存储器(synchronous DRAM,简称SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,简称DDR SDRAM)、增强型同步动态随机存取存储器 (enhanced SDRAM,简称ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,简称SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,简称DR RAM)。It should also be understood that the memory in the embodiments of the present application may be a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memories. Among them, the non-volatile memory can be read-only memory (read-only memory, referred to as ROM), programmable read-only memory (programmable ROM, referred to as PROM), erasable programmable read-only memory (erasable PROM, referred to as EPROM) , Electrically Erasable Programmable Read-Only Memory (electrically EPROM, referred to as EEPROM) or flash memory. The volatile memory can be random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of random access memory (RAM) are available, such as static random access memory (static RAM (SRAM), dynamic random access memory (DRAM), synchronous Dynamic random access memory (synchronous DRAM, referred to as SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, referred to as DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, referred to as ESDRAM), Synchronously connect dynamic random access memory (synchlink DRAM, referred to as SLDRAM) and direct memory bus random access memory (direct rambus RAM, referred to as DR RAM).
本发明实施例还提供了一种网关,包括存储器和处理器,所述存储器上存储有能够在所述处理器上运行的计算机程序,所述处理器运行所述计算机程序时执行上述方法的步骤。An embodiment of the present invention also provides a gateway, including a memory and a processor, the memory stores a computer program that can run on the processor, and the processor executes the steps of the above method when running the computer program .
所述网关包括但不限于演进的家庭网关或5G家庭网关等设备。The gateway includes but is not limited to devices such as evolved home gateways or 5G home gateways.
关于上述实施例中描述的各个装置、产品包含的各个模块/单元,其可以是软件模块/单元,也可以是硬件模块/单元,或者也可以部分是软件模块/单元,部分是硬件模块/单元。例如,对于应用于或集成于芯片的各个装置、产品,其包含的各个模块/单元可以都采用电路等硬件的方式实现,或者,至少部分模块/单元可以采用软件程序的方式实现,该软件程序运行于芯片内部集成的处理器,剩余的(如果有)部分模块/单元可以采用电路等硬件方式实现;对于应用于或集成于芯片模组的各个装置、产品,其包含的各个模块/单元可以都采用电路等硬件的方式实现,不同的模块/单元可以位于芯片模组的同一组件(例如芯片、电路模块等)或者不同组件中,或者,至少部分模块/单元可以采用软件程序的方式实现,该软件程序运行于芯片模组内部集成的处理器,剩余的(如果有)部分模块/单元可以采用电路等硬件方式实现;对于应用于或集成于终端的各个装置、产品,其包含的各个模块/单元可以都采用电路等硬件的方式实现,不同的模块/单元可以位于终端内同一组件(例如,芯片、电路模块等)或者不同组件中,或者,至少部分模块/单元可以采用软件程序的方式实现,该软件程序运行于终端内部集成的处理器,剩余的(如果有)部分模块/单元可以采用电路等硬件方式实现。Regarding each device described in the above embodiments, each module/unit contained in the product may be a software module/unit, or a hardware module/unit, or may be partly a software module/unit and partly a hardware module/unit. . For example, for each device or product applied to or integrated into a chip, each module/unit contained therein may be realized by hardware such as a circuit, or at least some modules/units may be realized by a software program, and the software program Running on the integrated processor inside the chip, the remaining (if any) modules/units can be realized by means of hardware such as circuits; They are all realized by means of hardware such as circuits, and different modules/units can be located in the same component (such as chips, circuit modules, etc.) or different components of the chip module, or at least some modules/units can be realized by means of software programs, The software program runs on the processor integrated in the chip module, and the remaining (if any) modules/units can be realized by hardware such as circuits; /Units can be realized by means of hardware such as circuits, and different modules/units can be located in the same component (such as chips, circuit modules, etc.) or different components in the terminal, or at least some modules/units can be implemented in the form of software programs Realization, the software program runs on the processor integrated in the terminal, and the remaining (if any) modules/units can be implemented by means of hardware such as circuits.
虽然本发明披露如上,但本发明并非限定于此。任何本领域技术人员,在不脱离本发明的精神和范围内,均可作各种更动与修改,因此本发明的保护范围应当以权利要求所限定的范围为准。Although the present invention is disclosed above, the present invention is not limited thereto. Any person skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, so the protection scope of the present invention should be based on the scope defined in the claims.

Claims (13)

  1. 一种多播组的访问控制方法,其特征在于,包括:An access control method for a multicast group, comprising:
    从主机接收加入请求,所述加入请求包含所述主机请求加入的多播组的标识信息;receiving a join request from a host, where the join request includes identification information of a multicast group that the host requests to join;
    根据所述多播组的标识信息查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限;Searching for a host authority control list according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to each multicast group;
    如果所述主机权限控制列表指示所述主机对于所述多播组的访问权限为已授权,则向用户面功能UPF发送多播加入请求。If the host authority control list indicates that the access authority of the host to the multicast group is authorized, a multicast join request is sent to a user plane function UPF.
  2. 根据权利要求1所述的多播组的访问控制方法,其特征在于,在从主机接收加入请求之前,还包括:The access control method of a multicast group according to claim 1, further comprising: before receiving the join request from the host:
    接收外部输入的各个主机访问各个多播组的期望访问权限,并根据所述期望访问权限制定所述主机权限控制列表。Receiving the expected access rights of each host to each multicast group input from the outside, and formulating the host rights control list according to the expected access rights.
  3. 根据权利要求2所述的多播组的访问控制方法,其特征在于,根据所述期望访问权限制定所述主机权限控制列表包括:The access control method for a multicast group according to claim 2, wherein formulating the host authority control list according to the desired access authority comprises:
    根据所述期望访问权限制定第一初版主机权限控制列表;Developing a first version of the host authority control list according to the desired access authority;
    在接收外部输入的各个主机访问各个多播组的期望访问权限之时或之后,申请网关访问权限,所述网关访问权限用于表示当前网关设备访问各个多播组的访问权限;When or after receiving the expected access rights of each host to access each multicast group input from the outside, apply for gateway access rights, and the gateway access rights are used to represent the access rights of the current gateway device to access each multicast group;
    针对每个多播组,如果存在一个或多个主机的期望访问权限高于网关访问权限,则在所述第一初版主机权限控制列表中,采用网关访问权限替代所述期望访问权限,以得到所述主机权限控制列表。For each multicast group, if there is one or more hosts whose expected access authority is higher than the gateway access authority, in the first version of the host authority control list, the gateway access authority is used to replace the expected access authority, to obtain The host authority control list.
  4. 根据权利要求2所述的多播组的访问控制方法,其特征在于,根据所述期望访问权限制定所述主机权限控制列表包括:The access control method for a multicast group according to claim 2, wherein formulating the host authority control list according to the desired access authority comprises:
    申请网关访问权限,所述网关访问权限用于表示当前网关设备访问各个多播组的访问权限;Applying for gateway access authority, the gateway access authority is used to represent the access authority of the current gateway device to access each multicast group;
    采用所述网关访问权限作为第二初版主机权限控制列表;Using the gateway access authority as the second primary host authority control list;
    针对每个多播组,如果存在一个或多个主机的期望访问权限低于网关访问权限,则在所述第二初版主机权限控制列表中,采用所述期望访问权限替代所述网关访问权限,以得到所述主机权限控制列表。For each multicast group, if there is one or more hosts whose expected access authority is lower than the gateway access authority, then in the second primary host authority control list, use the expected access authority to replace the gateway access authority, to obtain the host authority control list.
  5. 根据权利要求3或4所述的多播组的访问控制方法,其特征在于,所述申请网关访问权限包括:The access control method of a multicast group according to claim 3 or 4, wherein said applying for gateway access authority comprises:
    向服务器关联的应用功能AF或统一数据存储库UDR申请获取所述网关访问权限。Apply to the application function AF associated with the server or the unified data repository UDR to obtain the access right to the gateway.
  6. 根据权利要求3或4所述的多播组的访问控制方法,其特征在于,所述网关访问权限包括各个多播组的标识信息;The access control method for a multicast group according to claim 3 or 4, wherein the gateway access authority includes identification information of each multicast group;
    其中,所述多播组的标识信息选自:多播组的多播地址信息、多播组标识。Wherein, the identification information of the multicast group is selected from: multicast address information of the multicast group, and multicast group identification.
  7. 根据权利要求1所述的多播组的访问控制方法,其特征在于,所述访问权限选自:The access control method of a multicast group according to claim 1, wherein said access authority is selected from:
    已授权且为完全允许、已授权且为允许预览、未授权;Authorized with Full Permission, Authorized with Preview Allowed, Unauthorized;
    其中,所述已授权且为完全允许高于所述已授权且为允许预览,所述已授权且为允许预览高于所述未授权。Wherein, the authorized and fully allowed is higher than the authorized and previewed, and the authorized and previewed is higher than the unauthorized.
  8. 根据权利要求1所述的多播组的访问控制方法,其特征在于,还包括:The access control method of a multicast group according to claim 1, further comprising:
    如果所述主机权限控制列表指示所述主机对于所述多播组的访问权限为未授权,则终止发送所述加入请求。If the host authority control list indicates that the access authority of the host to the multicast group is not authorized, then stop sending the join request.
  9. 根据权利要求8所述的多播组的访问控制方法,其特征在于,还包括:The access control method of a multicast group according to claim 8, further comprising:
    向所述主机发送拒绝响应。Send a reject response to the host.
  10. 根据权利要求1所述的多播组的访问控制方法,其特征在于,所 述主机权限控制列表中包含各个主机的标识信息以及各个多播组的标识信息,且满足以下一项或多项:The access control method of a multicast group according to claim 1, wherein the host authority control list includes identification information of each host and identification information of each multicast group, and satisfies one or more of the following:
    所述主机的标识信息为主机名和/或主机的IP地址;The identification information of the host is the host name and/or the IP address of the host;
    所述多播组的标识信息为多播组的多播地址信息和/或多播组标识。The identification information of the multicast group is multicast address information and/or multicast group identifier of the multicast group.
  11. 一种多播组的访问控制装置,其特征在于,包括:An access control device for a multicast group, characterized in that it includes:
    接收模块,用于从主机接收加入请求,所述加入请求包含所述主机请求加入的多播组的标识信息;A receiving module, configured to receive a join request from the host, where the join request includes identification information of the multicast group that the host requests to join;
    查找模块,用于根据所述多播组的标识信息查找主机权限控制列表,其中,所述主机权限控制列表用于表示各个主机访问各个多播组的访问权限;A search module, configured to search for a host authority control list according to the identification information of the multicast group, wherein the host authority control list is used to indicate the access authority of each host to each multicast group;
    发送模块,用于当所述主机权限控制列表指示所述主机对于所述多播组的访问权限为已授权时,向UPF发送多播加入请求。A sending module, configured to send a multicast join request to the UPF when the host authority control list indicates that the access authority of the host to the multicast group is authorized.
  12. 一种可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器运行时执行权利要求1至10任一项所述多播组的访问控制方法的步骤。A readable storage medium, on which a computer program is stored, wherein, when the computer program is run by a processor, the steps of the multicast group access control method described in any one of claims 1 to 10 are executed.
  13. 一种网关,包括存储器和处理器,所述存储器上存储有能够在所述处理器上运行的计算机程序,其特征在于,所述处理器运行所述计算机程序时执行权利要求1至10任一项所述多播组的访问控制方法的步骤。A gateway, comprising a memory and a processor, the memory stores a computer program capable of running on the processor, wherein the processor executes any one of claims 1 to 10 when running the computer program. The steps of the access control method for the multicast group described in the item.
PCT/CN2022/100085 2021-06-30 2022-06-21 Multicast group access control method and apparatus, readable storage medium and gateway WO2023273953A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110741950.X 2021-06-30
CN202110741950.XA CN115549935A (en) 2021-06-30 2021-06-30 Access control method and device for multicast group, readable storage medium and gateway

Publications (1)

Publication Number Publication Date
WO2023273953A1 true WO2023273953A1 (en) 2023-01-05

Family

ID=84691253

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/100085 WO2023273953A1 (en) 2021-06-30 2022-06-21 Multicast group access control method and apparatus, readable storage medium and gateway

Country Status (2)

Country Link
CN (1) CN115549935A (en)
WO (1) WO2023273953A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150425A (en) * 2007-11-15 2008-03-26 中国电信股份有限公司 Right control method for multicast service and its optical network unit and optical line terminal
US20180199116A1 (en) * 2015-06-30 2018-07-12 Thomson Licensing Method and apparatus for ip multicast grouping

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150425A (en) * 2007-11-15 2008-03-26 中国电信股份有限公司 Right control method for multicast service and its optical network unit and optical line terminal
US20180199116A1 (en) * 2015-06-30 2018-07-12 Thomson Licensing Method and apparatus for ip multicast grouping

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on the Wireless and Wireline Convergence for the 5G system architecture (Release 16)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 23.716, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. V0.6.0, 18 July 2018 (2018-07-18), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , pages 1 - 109, XP051475023 *

Also Published As

Publication number Publication date
CN115549935A (en) 2022-12-30

Similar Documents

Publication Publication Date Title
US20200128613A1 (en) Managing mbms membership at the service capability exposure function
CN103369372B (en) A kind of live telecast screen-cutting system and method
US20060117342A1 (en) Method for acquiring channel information and registering for reception of multicast based IP TV broadcasting in access network
US10650119B2 (en) Multimedia data processing method, apparatus, system, and storage medium
US20200169880A1 (en) Network service system and network service method
WO2017107550A1 (en) Network connection method and apparatus
WO2017177767A1 (en) Service access, and control method and apparatus therefor
US10291964B2 (en) Multimedia broadcast system
WO2020125074A1 (en) Message arrival rate determination method and device, data statistics server and storage medium
WO2020015750A1 (en) Data sharing method and apparatus, electronic device and storage medium
US20060218227A1 (en) Method and apparatus for enabling content provider authentication
CN203504698U (en) Television direct broadcast screen capture system
KR100656487B1 (en) Internet group membership protocol network device and signal process control method in digital broadcasting system thereof
WO2023273953A1 (en) Multicast group access control method and apparatus, readable storage medium and gateway
WO2023202214A1 (en) Communication method, apparatus and system, terminal, and server
WO2017206369A1 (en) Method, device and system for data transmission, physical residential gateway and access node
WO2016197783A2 (en) Method and apparatus for controlling message transmission
US10587569B2 (en) Streaming service providing method and device
WO2010031204A1 (en) A method and device for providing the controlling authority of monopolizing the service to the wireless access user
KR102362899B1 (en) Conference system and method for controlling bandwidth thereof
WO2018153123A1 (en) Outer multicast ip address allocation method and device
WO2021109785A1 (en) Multimedia walling method, client and monitoring platform
CN111405350B (en) Multimedia access processing method, set top box and gateway
CN110830752A (en) Video conference host
EP4369746A1 (en) Communication method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22831771

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE