WO2024032245A1 - Communication method and communication apparatus - Google Patents

Abstract

The embodiments of the present application provide a communication method and a communication apparatus. The method comprises: in response to a first network element sending a first request message to a second network, a first SEPP sending a first message to the second network, wherein the first message comprises the first request message and hidden information, and the hidden information is topological information of a hidden first network element; a second SEPP receiving a second message sent by the second network, wherein the second message comprises a first reply message and the hidden information; and the second SEPP recovering the hidden information, so as to route the first reply message to the first network element. Case 1 involves the first SEPP and the second SEPP having the same preset algorithm; case 2 involves the first SEPP being the same as the second SEPP; and case 3 involves the second SEPP requesting another network device to recover the topological information. The three solutions can all correctly recover hidden topological information, such that a service failure caused by a first SEPP being different from a second SEPP can be avoided.

Description

Communication method and communication device

This application claims priority to the Chinese patent application filed with the China Patent Office on August 8, 2022, with the application number 202210943273.4 and the application title "Communication Method and Communication Device", the entire content of which is incorporated into this application by reference.

Technical field

The embodiments of the present application relate to the field of communication, and more specifically, to a communication method and a communication device.

Background technique

The service-oriented interface of the 5G core network carries a large amount of topology information. If this topology information is not processed, it may flow out of the control scope of the local network along with the roaming interface and interworking interface. Therefore, the topology information needs to be hidden when sending a message and restored when the message is received.

In this case, how to successfully recover the hidden topology information is an urgent problem that needs to be solved.

Contents of the invention

Embodiments of the present application provide a communication method and a communication device, which can correctly restore hidden topology information, thereby avoiding service failure caused by differences between the first SEPP and the second SEPP.

In a first aspect, a communication method is provided, which method includes: in response to a first network element sending a first request message to a second network, the first security and border proxy network element SEPP according to the first algorithm and the first encryption The key ID generates hidden information, which is the hidden topology information of the first network element; the first SEPP sends a first message to the second network, the first message includes the first request message and the hidden information, and the hidden information The information carries the first key ID; the second SEPP receives the second message sent by the second network in response to the first message, the second message includes the first reply message and the hidden information, the first SEPP and the third The two SEPPs belong to the first network, and the first SEPP and the second SEPP are preset with the first algorithm and the first key ID; the second SEPP restores the hidden information based on the first key ID, and then obtains the Topology information of the first network element, so as to route the first reply message to the first network element according to the topology information of the first network element.

Specifically, the second SEPP recovers the hidden information according to the first key ID based on the first algorithm.

Optionally, the first network element is any one of the access and mobility management function AMF, the session management function SMF, the unified data management UDM, the user plane function UPF, the authentication server function AUSF, and the short message service function SMSF.

Optionally, the first SEPP and the second SEPP are the same SEPP.

In the embodiment of this application, by presetting the same algorithm and key ID information on SEPPs in the same network, the functions of mutual hiding and recovery of topology information between different SEPPs on the same network can be realized, thereby realizing the functions of all SEPPs in the same network. When SEPP receives the topology hidden information that needs to be restored, it can correctly restore the hidden topology information, thereby further routing the corresponding message to the correct address based on the topology information, and avoiding service failures caused by different SEPPs.

In conjunction with the first aspect, in a possible implementation manner, the first SEPP generates hidden information, including: the first SEPP receives a first request message sent by the first network element and the topology information of the first network element; A SEPP encrypts the topology information of the first network element according to the first algorithm and the first key ID, and then generates the hidden information.

In the embodiment of this application, encryption is used to hide the topology information in the message. As long as the same algorithm and key ID are preset on the SEPPs in the same network, the topology information between different SEPPs on the same network can be mutually communicated. Hide and restore functionality.

In conjunction with the first aspect, in a possible implementation manner, the first SEPP sends a first message to the second network, including: the first SEPP generates a first fully qualified domain name FQDN, where the first FQDN includes the hidden information and the third A key ID; the first SEPP sends a first message to the second network, where the first message includes the first request message and the first FQDN.

Optionally, the first FQDN also includes domain information of the first network element.

In the embodiment of the present application, the hidden information carried by the message may exist in the FQDN, and the FQDN also includes the first network In this way, after the topology information is hidden, it can be packaged in the same FQDN with the corresponding key information and domain information, which can make it easier for SEPP to identify after receiving the hidden information, and also It is easier to obtain the key ID and other information needed to recover the hidden information, which can improve the recovery accuracy and efficiency of topology information.

In a second aspect, a communication method is provided, which method includes: in response to the first network element sending a first request message to the second network, the first security and border proxy network element SEPP sends the first request message to the second network. message, the first message includes the first request message and first indication information, the first indication information is used to indicate that the routing category corresponding to the first SEPP is strict routing; the first SEPP receives the response from the second network to The first message, the second message sent according to the first path, the second message includes the first reply message, the first path is generated by the second network according to the path of the first message, the first path includes a or multiple devices, each of the one or more devices corresponds to a routing category, and the routing category includes strict routing; the first SEPP sends the first reply message to the first network element.

Optionally, this route category also includes relaxed routes.

It should be understood that if the routing category corresponding to a device included in the message path is strict routing, then the message sent along the message path must pass through the device; if the routing category corresponding to a device included in the message path is loose routing , then the message sent according to the message path may or may not pass through the device.

Optionally, the first network element is any one of the access and mobility management function AMF, the session management function SMF, the unified data management UDM, the user plane function UPF, the authentication server function AUSF, and the short message service function SMSF.

In the embodiment of this application, the path of the request message is recorded, and the path of the reply message is generated based on the path, and the SEPP in the path is marked as strict routing, so that the reply message corresponding to the request message must go through the path marked as strict routing. SEPP, in this way, the message path can be controlled so that messages are sent and received through the same SEPP, thereby avoiding service failures caused by different SEPPs.

In conjunction with the second aspect, in a possible implementation, the first message further includes hidden information, the hidden information being the hidden topology information of the first network element, the second message further includes the hidden information, and the third A SEPP sends the first reply message to the first network element, including: the first SEPP restores the hidden information to the topology information of the first network element; the first SEPP sends the first reply message to the first network element according to the topology information of the first network element. The first network element sends the first reply message.

Optionally, the first SEPP generates the hidden information by encrypting the topology information of the first network element.

Optionally, the method further includes: the first SEPP receiving the first request message sent by the first network element and the topology information of the first network element.

In the embodiment of the present application, by controlling the message path, messages with destination addresses hidden by SEPP can be routed to itself, thereby avoiding the situation where messages are routed to other SEPPs and cannot be recovered, thereby making the hidden Topology information can be restored correctly, avoiding service failures caused by different SEPPs.

In a third aspect, a communication method is provided, which method includes: the second network element receives a first message sent by the first security and border proxy network element SEPP, where the first message includes a first request message and first indication information, The first indication information is used to indicate that the routing category corresponding to the first SEPP is strict routing; the second network element generates a first path according to the path of the first message, and the first path includes one or more devices. Or multiple devices each correspond to a routing category, and the routing category includes strict routing; in response to the first message, the second network element sends a second message to the first SEPP according to the first path, the second message includes the One reply message.

Wherein, more specifically, the second network element sends a second message to the first SEPP according to the routing category corresponding to the first path and the device on the first path, and the second message includes a first reply message.

Optionally, the second network element records the path of the first message.

Optionally, the second network element is any one of the access and mobility management function AMF, the session management function SMF, the unified data management UDM, the user plane function UPF, the authentication server function AUSF, and the short message service function SMSF.

Optionally, the second network element arranges the paths of the first message in reverse order to generate the first path.

In the embodiment of this application, the path of the request message is recorded, and the path of the reply message is generated based on the path, and the SEPP in the path is marked as strict routing, so that the reply message corresponding to the request message must go through the path marked as strict routing. SEPP, in this way, the message path can be controlled so that messages are sent and received through the same SEPP, thereby avoiding service failures caused by different SEPPs.

Combined with the third aspect, in a possible implementation manner, the first message further includes hidden information, and the hidden information is the hidden topology information of the first network element, and the second message further includes the hidden information.

In the embodiment of the present application, by controlling the message path, messages with destination addresses hidden by SEPP can be routed to itself, thereby avoiding the situation where messages are routed to other SEPPs and cannot be recovered, thereby making the hidden Topology information can be restored correctly, avoiding service failures caused by different SEPPs.

In a fourth aspect, a communication method is provided, which method includes: in response to the first network element sending a first request message to the second network, the first security and border proxy network element SEPP sends the first request message to the second network. message, the first message includes the first request message and the hidden information, the hidden information is the hidden topology information of the first network element; the second SEPP receives the second network in response to the first message. The second message includes the first reply message and the hidden information; the second SEPP sends a second request message to the third network element, the second request message is used to request to obtain the topology of the first network element information, the second request message includes the hidden information; the second SEPP receives the second reply message sent by the third network element in response to the second request message, the second reply message includes the topology information of the first network element , so as to route the request reply message to the first network element according to the topology information of the first network element.

Optionally, the first SEPP generates the hidden information by encrypting the topology information of the first network element.

Optionally, the method further includes: the first SEPP receiving the first request message sent by the first network element and the topology information of the first network element.

Optionally, the first network element is any one of AMF, SMF, UDM, UPF, AUSF, and SMSF.

In the embodiment of this application, the SEPP that receives the reply message requests other network elements to provide topology information recovery services. The other network elements query the pre-hiding topology information through the hidden topology information, and then send the queried pre-hiding topology information. To the SEPP that receives the reply message. In this way, topology information recovery services are provided to each other through SEPP to realize the conversion from the hidden topology information to the pre-hidden topology information, so that the hidden topology information can be correctly restored, thereby avoiding the SEPP and reception of hidden topology information. Service failure caused by different SEPPs used to hide topology information.

Combined with the fourth aspect, in a possible implementation manner, the third network element is the first SEPP.

In the embodiment of the present application, the function of SEPP is extended so that it can provide external services when receiving a recovery request message, query the topology information before hiding through the hidden topology information, and then query the topology information before hiding. Sent to the SEPP that issued the recovery request message. In this way, topology information recovery services are provided to each other through SEPP to realize the conversion from the hidden topology information to the pre-hidden topology information, so that the hidden topology information can be correctly restored, thereby avoiding the SEPP and reception of hidden topology information. Service failure caused by different SEPPs used to hide topology information.

Combined with the fourth aspect, in a possible implementation manner, the third network element is the access and mobility management function AMF, the session management function SMF, the unified data management UDM, the user plane function UPF, the authentication server function AUSF, the short-term network element Any one of the message service functions SMSF.

In the embodiment of this application, the hiding and recovery service of topology information is provided by adding a new NF. When receiving the recovery request message, the newly added NF can query the topology information before hiding through the hidden topology information, and then query the topology information. The topology information before hiding is sent to the SEPP that issued the recovery request message. In this way, the hidden topology information can be restored correctly, thereby avoiding service failure caused by the difference between the SEPP for sending the hidden topology information and the SEPP for receiving the hidden topology information.

In a fifth aspect, a communication device is provided, which device includes a module for executing the method in the above-mentioned first aspect or any possible implementation of the first aspect; or, includes a module for executing the above-mentioned second aspect or the second aspect. A module for performing a method in any possible implementation of the aspect; or, including a module for performing the above third aspect or a method in any possible implementation of the third aspect; or, including a module for performing the above fourth aspect or A module of a method in any possible implementation of the fourth aspect.

In a sixth aspect, a communication device is provided. The device includes a processor and an interface circuit. The interface circuit is configured to receive signals from other communication devices other than the communication device and transmit them to the processor or to transmit signals from other communication devices. The signal of the processor is sent to other communication devices other than the communication device, and the processor is used to implement any possible method in any one of the above first to fourth aspects through logic circuits or execution of code instructions. Methods in the implementation.

In a seventh aspect, a communication device is provided, including a processor. The processor is coupled to a memory and may be used to execute instructions in the memory to implement the method in any possible implementation manner of any one of the above-mentioned first to fourth aspects.

Optionally, the device further includes memory.

Optionally, the device further includes a communication interface, and the processor is coupled to the communication interface.

In an eighth aspect, a computer-readable storage medium is provided. Computer programs or instructions are stored in the computer-readable storage medium. When the computer program or instructions are executed, any one of the above-mentioned first to fourth aspects is implemented. A method in any possible implementation of an aspect.

In a ninth aspect, a computer program product containing instructions is provided. When the instructions are executed, the method in any possible implementation manner of any one of the above-mentioned first to fourth aspects is implemented.

In a tenth aspect, a communication chip is provided, in which instructions are stored, and when run on a computer device, the communication chip causes the communication chip to execute the method in any possible implementation manner in the above-mentioned first to fourth aspects.

In an eleventh aspect, a communication system is provided, the communication system including AMF, NG-RAN and SEPP. Optionally, the communication system may also include SMF. Optionally, the communication system may also include UDM.

Optionally, the communication system also includes other devices that communicate with the above network elements.

Description of drawings

Figure 1 is an application architecture diagram of a roaming docking scenario provided by an embodiment of the present application;

Figure 2 is a schematic diagram of two topological information hiding processes provided by embodiments of the present application;

Figure 3 is a schematic diagram of the two topology information recovery processes provided by the embodiment of the present application;

Figure 4 is a solution for implementing topology hiding provided by an embodiment of the present application;

Figure 5 is a schematic interaction diagram of a topological information hiding method provided by an embodiment of the present application;

Figure 6 is a schematic flow chart of yet another method of hiding topology information provided by an embodiment of the present application;

Figure 7 is a schematic flow chart of a method for restoring topology information provided by an embodiment of the present application;

Figure 8 is a schematic flow chart of yet another method of hiding topology information provided by an embodiment of the present application;

Figure 9 is a schematic diagram of a topology hidden communication method provided by an embodiment of the present application;

Figure 10 is a schematic interaction diagram of a strict routing communication method provided by an embodiment of the present application;

Figure 11 is an information interaction diagram of a method for sending and receiving messages between SEPPs in different networks provided by the embodiment of the present application;

Figure 12 is a schematic diagram of yet another topology hidden communication method provided by an embodiment of the present application;

Figure 13 is a schematic interaction diagram of yet another topology information hiding communication method provided by an embodiment of the present application;

Figure 14 is a schematic interaction diagram of yet another topology information hiding communication method provided by an embodiment of the present application;

Figure 15 is a schematic block diagram of a communication device provided by an embodiment of the present application;

FIG. 16 is another possible structural schematic diagram of the communication device involved in the above embodiment provided by the embodiment of the present application.

Detailed ways

The embodiments of the present application will be described in detail below with reference to the accompanying drawings.

The technical solution provided by this application can be applied to various communication systems, such as: new radio (NR) system, long term evolution (LTE) system, LTE frequency division duplex (FDD) system , LTE time division duplex (TDD) system, etc. This application can also be applied to device-to-device (D2D) communication, vehicle-toeverything (V2X) communication, machine-to-machine (M2M) communication, machine type communication, MTC), and Internet of things (IoT) communication systems or other communication systems.

In the communication system, the part operated by the operator can be called the public land mobile network (PLMN), or the operator network, etc. PLMN is a network established and operated by the government or its approved operators for the purpose of providing land mobile communication services to the public. It is mainly a public network where mobile network operators (MNOs) provide mobile broadband access services to users. . The PLMN described in the embodiments of this application may specifically be a network that meets the standard requirements of the 3rd generation partnership project (3GPP), referred to as a 3GPP network. 3GPP networks generally include but are not limited to fifth-generation mobile communication (5th-generation, 5G) networks, fourth-generation mobile communication networks, and other future communication systems, such as sixth-generation mobile communication networks.

For convenience of description, the embodiments of this application will take the PLMN or 5G network as an example for description.

The service based interface (SBI) of the 5G core network carries a large amount of topology information, including the IP address of the network function (NF), the fully qualified domain name (fully qualified domain name FQDN), the uniform resource identifier ( uniform resource identifier, URI), etc. If not processed, this information will flow out of the control scope of the network along with the roaming interface and interworking interface, which may cause harm that is difficult to control. For example: if the leaked information is used by criminals, the criminals may analyze the deployment of this network based on this information, thereby providing information for attacking this network; if the leaked information is obtained by competitors, Competitors can further identify the corresponding operator's business plan based on the network deployment situation of this network, such as how many AMFs have been deployed, and speculate on its target number of new 5G users in the next 3-5 years.

However, when two networks communicate with each other, the network does not need to know the detailed address of the other party's device. It only needs to route the messages that need to be sent to the security and edge protection proxy (SEPP) of the opposite network. . Therefore, 3GPP TS33.501 requires SEPP to have topology hiding capabilities, that is, to hide the topology information in the SBI message when sending it outside the network, and then restore the topology information when receiving the message from the outside to the local network, so that the topology information can be restored. The message is routed to the correct address.

Since the existing protocol only defines that SEPP needs to support the topology hiding function, it does not define an implementation solution for topology hiding. In actual applications, an operator may deploy multiple SEPPs, and these SEPPs may be purchased from different equipment vendors. Since the implementation of topology hiding is not defined in the standard, each equipment vendor may adopt different solutions. Topology hiding; at the same time, since hiding and restoring the same topology information are usually not completed in the same session, the subscription request and callback notification message belong to different HTTP transactions and may be processed by different SEPPs in the visited domain. Therefore, the topology information hidden by equipment vendor A's SEPP may not be restored on equipment vendor B's SEPP, causing service failure.

In view of this, embodiments of the present application provide a communication method and a communication device. This method can avoid service failure due to topology hiding in different SEPP networking situations.

The solution of the embodiment of the present application is applied to message interaction scenarios between networks, for example, it can be used in roaming docking scenarios between 5G networks.

In order to better understand the technical solutions provided by this application, the terms involved in the embodiments of this application will be described in detail below:

1.Network topology

Network topology refers to the physical layout of various devices interconnected using transmission media. Network topology can be expressed through a set of associated information, including the device's IP address, domain name, device type, name, correlation, number of sets, etc. This set of information used to express the network layout is called topology information.

In a roaming connection scenario, there are three common types of topology information in roaming connection messages:

1. The VIA header field of the forwarding path of the message records the address (FQDN/IP address) of the proxy through which the message passes, including router information and device interconnection information.

2. The FQDN of the server (5GC's cNF/pNF). The FQDN usually carries the location, type, name and other information of the device deployment.

3. The IP address of the server. Usually the IP address is the operator's internal private network IP address, which will expose the IP address planning rules within the network and provide attackers with a clear attack target or springboard.

2. Topology hiding

During roaming connection, the external device needs to route the message to SEPP, and SEPP forwards it to the network. As long as the external device can forward the message to the SEPP interface, there is no need to know the topology information in the network. Therefore, when sending messages from within the network to outside the network, SEPP can hide the topology information in the network and try to avoid the exposure of topology information without affecting roaming connection.

It should be understood that the network architecture involved in the embodiments of this application may be a fifth generation system (5th generation system, 5GS), and the network elements in 5GS may also be called 5G core network elements.

Figure 1 shows an application architecture diagram of the roaming docking scenario provided by the embodiment of the present application. The functions of each network element or device involved in the network architecture will be described below.

1. Terminal equipment, which can also be called user equipment (UE), mobile station (MS), mobile terminal (MT), etc., is a device that provides voice and/or data connectivity to users. sexual equipment. For example, the terminal device may include a handheld device, a vehicle-mounted device, etc. with a wireless connection function. Currently, the terminal device can be: mobile phone, tablet computer, notebook computer, handheld computer, mobile Internet device (mobile internet device, MID), wearable device, virtual reality (VR) device, augmented reality device Augmented reality (AR) equipment, wireless terminals in industrial control, wireless terminals in self-driving, wireless terminals in remote medical surgery, smart grid ), wireless terminals in transportation safety, wireless terminals in smart cities, or wireless terminals in smart homes, etc. The terminal device described in Figure 1 is shown as UE, which is only used as an example and does not limit the terminal device.

2. Access management network element: mainly used for mobility management and access management. In the 5G communication system, the access management network element can be the access and mobility management function (AMF), as shown in Figure 1, for example, which mainly performs mobility management, access authentication/authorization, etc. Function. In addition, it is also responsible for the terminal and policy control function (policy control function, PCF) transmits user policies between network elements. It can receive non-access stratum (NAS) signaling of terminal equipment (including mobility management (MM) signaling and session management (SM) signaling) and access network equipment. Relevant signaling (for example, base station granular N2 (next generation, NG) 2 interface) signaling that interacts with AMF) completes the user's registration process and forwarding of SM signaling and mobility management. Specifically, the AMF network element can receive a location service request related to the target UE from a 5G core network (5GC) location services (LCS) entity, or the AMF itself can also initiate some location services on behalf of a specific target UE. , and forwards the location service request to the location management network element. After obtaining the location information returned by the UE, the relevant location information is returned to the 5GC LCS entity. In future communications, such as 6G, the access management network element can still be an AMF network element, or have other names, which is not limited in this application.

3. Session management network element: Mainly used for session management, Internet protocol (IP) address allocation and management of user equipment, selection of endpoints for manageable user plane functions, policy control and charging function interfaces, and downlink data Notifications etc. For example, it can be a session management function (SMF) network element, which is responsible for the session management function and completes the establishment, release, update and other processes related to the PDU session.

4. Network storage network element: Provides storage and selection functions for network function entity information for other core network elements. In the 5G communication system, the network element can be a network function repository function (NRF), which mainly includes the following functions: service discovery function, maintaining NF of available network function (NF) instances texts and the services they support.

The above functional network elements can be either network elements in hardware devices, software functions running on dedicated hardware, or virtualization functions instantiated on a platform (for example, a cloud platform). The above functional network elements can be divided into one or more services. Furthermore, there may also be services that exist independently of network functions. In this application, instances of the above-mentioned functional network elements, or instances of services included in the above-mentioned functional network elements, or service instances that exist independently of network functions may be called service instances.

5. Unified data management network element: Responsible for the management of user identification, contract data, authentication data, and user service network element registration management. In the 5G communication system, the unified data management network element can be unified data management (UDM), which mainly includes the following functions: unified data management, support for authentication credentials processing in the 3GPP authentication and key agreement mechanism, user Identity processing, access authorization, registration and mobility management, subscription management and short message management, etc.

6. Security and edge proxy: This network element can be a security and edge protection proxy (SEPP) security edge protection proxy. It is an important part of the 5G roaming security architecture and is used for user roaming and communication with other operators. Communication interworking is responsible for message filtering and policy management on the control plane interfaces between operators, and mainly serves as the border gateway between the control planes of the operators' core networks. As a non-transparent proxy node, SEPP can provide application layer control plane security and realize secure communication between network function consumers and network function providers across operators.

SEPP's security features include message filtering, access control, topology hiding, and error detection and handling. The two SEPPs at the network boundary establish a connection through the N32 interface and implement protection policies to process each control plane message in cross-network signaling.

7. User plane function (UPF): UPF is a gateway provided by the operator and is the gateway for communication between the operator network and the data network DN.

UPF network functions include data packet routing and transmission, data packet detection, business usage reporting, quality of service (QoS) processing, legal interception, uplink data packet detection, downlink data packet storage and other user plane functions.

8. Policy control function (PCF): PCF is a control plane function provided by operators. It supports a unified policy framework to govern network behavior, provides policy rules, policy decision-related contract information, etc. to other control functions. .

9. Authentication server function (AUSF): AUSF is a control plane function provided by the operator, and is usually used for authentication between the terminal device 110 (subscriber) and the operator's network. After receiving the authentication request initiated by the contracted user, the AUSF network function can authenticate and/or authorize the contracted user through the authentication information and/or authorization information stored in the UDM network function, or generate the authentication and/or authorization of the contracted user through the UDM network function. or authorization information. The AUSF network function can feedback authentication information and/or authorization information to contract users.

10. (Radio access network, (R)AN): Access network equipment can also be called access equipment. (R)AN can manage wireless resources and provide access services for user equipment. Complete For the forwarding of user equipment data between the user equipment and the core network, (R)AN can also be understood as a base station in the network.

11. Network slice selection function network element: Responsible for selecting network slices for UE. In the 5G communication system, the application network element can be a network slice selection function (NSSF) network element. In other words, NSSF can be understood as network slicing selection Select the naming of functional network elements in the 5G architecture. Among them, the network slice selection function network element mainly includes the following functions: selecting a group of network slice instances for the UE, determining the allowed network slice selection assistance information (NSSAI), and determining the AMF set that can serve the UE.

It should be understood that a unified explanation is given here. If the above-mentioned network elements appear in the following architecture, the above-mentioned description of the functions included in each network element can be equally applicable. For the sake of simplicity, no further description will be made next time.

As can be seen from Figure 1, SEPP is used for the docking of two 5GC networks. The interface between SEPPs is defined as the N32 interface. All messages across PLMNs during roaming need to be forwarded through the N32 interface. SEPP needs to provide message access and security protection capabilities in roaming scenarios.

Among them, when SEPP forwards the request message to the N32 interface, it needs to hide the topology information in the message first; when SEPP receives the message from the N32 interface, if there is hidden topology information in it, it needs to restore it to the original Topological information.

It should be noted that the above figure belongs to the logical architecture and is only an illustrative illustration. Each operator only shows one SEPP. In the actual deployment process, each operator will have multiple SEPPs.

Of course, the system architecture involved in Figure 1 may also include other network elements, such as unified data repository (UDR) and other network elements or equipment, without specific limitations.

It should be understood that the interfaces or service-oriented interfaces between network elements shown in Figure 1 are only an example. In 5G networks and other future networks, the interfaces or service-oriented interfaces between network elements may not be as shown in the figure. interface, this application does not limit this.

It should be understood that the naming of each network element shown in Figure 1 is only a name, and the name does not limit the function of the network element itself. In 5G networks and other future networks, each of the above network elements may also have other names, which are not specifically limited in the embodiments of this application. For example, in a 6G network, some or all of the above-mentioned network elements may use the terminology used in 5G, or may be named by other names, etc., which will be described uniformly here and will not be described in detail below.

It should also be understood that the embodiments of the present application are not limited to the system architecture shown in Figure 1 . For example, a communication system to which the present application may be applied may include more or fewer network elements or devices. The equipment or network elements in Figure 1 can be hardware, functionally divided software, or a combination of the above two. The devices or network elements in Figure 1 can communicate with each other through other devices or network elements.

In order to more clearly understand the process of hiding and recovering topological information provided by the embodiments of this application. Below, combined with Figure 2 and Figure 3, the hiding and recovery process of topological information is introduced.

Figure 2 shows a schematic diagram of two topological information hiding processes provided by embodiments of the present application.

(a) in Figure 2 shows a schematic diagram of the topology information hiding process provided by the embodiment of the present application when two SEPPs directly use transport layer security (TLS) to connect (using the HTTPS protocol). Among them, TLS is used to provide confidentiality and data integrity between two communication applications. The protocol consists of two layers: TLS record protocol (TLS record) and TLS handshake protocol (TLS handshake). As shown in (a) in Figure 2, the process of topological information hiding can be as follows:

S201a: The client sends the original message to cSEPP in the local network through the Nx interface.

The original message includes a message part and a topology information part. The topology information refers to the information related to the NF that sent the message.

S202a: After receiving the original message, cSEPP obtains the operator information and topology hiding identifier of the local network, hides the topology information, and then generates a new message.

The new message includes the above message part and the hidden topology information part.

S203a: cSEPP sends the above new message to pSEPP on the opposite end network through the N32 interface, and pSEPP forwards the new message to the server.

Parallel to (a) in Figure 2, (b) in Figure 2 shows that the embodiment of the present application provides a docking method when two SEPPs use IPX device relay (using the N32 interconnection security protocol (protocol for N32 interconnect security, PRINS) mode), a schematic diagram of the topological information hiding process. As shown in (b) in Figure 2, the process of topological information hiding can be as follows:

S201b: The client sends the original message to cSEPP in the local network through the Nx interface.

The original message includes a message part and a topology information part. The topology information refers to the information related to the NF that sent the message.

S202b: After receiving the original message, cSEPP obtains the operator information and topology hiding identifier of the local network, hides the topology information, and then generates a new message.

The new message includes the above message part and the hidden topology information part.

S203b: cSEPP sends the above new message to pSEPP on the opposite end network through the N32 interface and Internet Packet Exchange Protocol (IPX), and pSEPP forwards the new message to the server.

Among them, IPX operators provide group addressing and routing functions to ensure reliable arrival, which is equivalent to the function of datagram; at the same time, IPX operators also provide roaming services, such as roaming optimization and welcome text messages.

Corresponding to the embodiment shown in Fig. 2, Fig. 3 shows a schematic diagram of two types of topology information recovery processes provided by embodiments of the present application.

(a) in Figure 3 shows a schematic diagram of the topology information recovery process provided by the embodiment of the present application when two SEPPs directly connect using TLS (using the HTTPS protocol). As shown in (a) in Figure 3, the specific process of topology information recovery can be:

S301a: The pSEPP on the server sends the original message to the cSEPP in the opposite network through the N32 interface.

The original message includes a message part and a hidden topology information part. The topology information refers to the information related to the NF that sends the message on the client side.

S302a: After receiving the original message, cSEPP obtains the operator information and topology hidden identifier of the local network, restores the topology information, and then generates a new message.

The new message includes the above message part and the topology information part.

S303a: cSEPP sends the above new message to the client in the local network through the Nx interface.

Parallel to (a) in Figure 3, (b) in Figure 3 shows the topology information recovery process provided by the embodiment of the present application when two SEPPs adopt the IPX device relay docking method (using PRINS mode). Schematic diagram. As shown in (b) in Figure 3, the specific process of topology information recovery can be:

S301b: The pSEPP on the server sends the original message to the cSEPP in the opposite network through the N32 interface and IPX.

The original message includes a message part and a hidden topology information part. The topology information refers to the information related to the NF that sends the message on the client side.

S302b: After receiving the original message, cSEPP obtains the operator information and topology hidden identifier of the local network, restores the topology information, and then generates a new message.

The new message includes the above message part and the topology information part.

S303b: cSEPP sends the above new message to the client in the local network through the Nx interface.

Illustratively, Figure 4 shows a solution for implementing topology hiding provided by the embodiment of the present application, which is applied to the user data change scenario on the AMF subscription UDM. As shown in Figure 4, the solution includes the following steps:

S401: The AMF in the visited domain sends a subscription request message to SEPP-a on the same side. The subscription request message carries CallbackURIA, where CallbackURIA refers to unhidden AMF-related topology information.

S402: SEPP-a of the visited domain hides CallbackURIA, sends a subscription request message to SEPP-1 on the opposite side, and further sends the subscription request message to UDM. At this time, the subscription request message carries CallbackURIA1, where CallbackURIA1 refers to the hidden CallbackURIA. AMF related topology information.

S403: When the user data on the UDM changes, the UDM sends a notification request message to the SEPP-b of the visited domain through SEPP-2 on the same side. The notification request message carries the above-mentioned CallbackURIA1.

S404: After receiving the notification request message carrying CallbackURIA1, SEPP-b restores CallbackURIA1 to CallbackURIA. To facilitate routing of notification request messages to AMF based on CallbackURIA.

However, in step S404, since the algorithms of SEPP-a and SEPP-b may be different, SEPP-b may be unable to restore CallbackURIA1 to CallbackURIA, resulting in service failure.

Exemplarily, FIG. 5 shows a schematic interaction diagram of a topological information hiding method 500 provided by the embodiment of the present application. The method 500 is applied to the scenario of sending and receiving messages across the first network element and the second network element of the network. As shown in Figure 5, the method 500 includes:

S501: The first network element sends a first request message to the first SEPP. The first request message is used to request to subscribe to target information from the second network element, or the first request message is used to request to obtain the target from the second network element. information.

It should be understood that the first network element described in all embodiments of this application refers to the network element that generates and sends the first request message, and is not an intermediate network element.

Wherein, optionally, while sending the first request message to the first SEPP, the first network element also sends the topology information of the first network element.

Optionally, the first network element may send the topology information of the first network element in a manner carried by the first request information, may be sent individually, may be sent in a package, or may be sent by This application does not limit the forwarding methods of other devices or network elements.

Optionally, the topology information of the first network element may be one or more of the IP address, FQDN, and URI of the first network element, or other topology information, which is not limited in this application.

S502: After receiving the first request message, the first SEPP obtains the topology information of the first network element and Topological information is hidden and hidden information is generated. The hidden information refers to the hidden topological information of the first network element.

Optionally, the first SEPP encrypts the topology information of the first network element according to the first algorithm and the first key ID, and then generates hidden information.

S503: The first SEPP sends a first message to the third SEPP located in the second network. The first message includes the first request message and hidden information.

Optionally, the above hidden information may be sent by being carried by the first request message, may be sent individually, may be packaged and sent, or may be forwarded by other devices or network elements. , this application does not limit this.

Optionally, the first message also includes a first key ID.

S504: The third SEPP forwards the above first message to the second network element.

S505: In response to the received first message, the second network element sends a second message to the third SEPP on the same side, where the second message includes the first reply message and hidden information. The first reply message is a message sent by the second network element in response to the first request message.

Optionally, the above-mentioned hidden information may be sent by being carried by the first reply message, may be sent individually, may be packaged and sent, or may be forwarded by other devices or network elements. , this application does not limit this.

Optionally, the second message also includes the first key ID.

Optionally, the second message carries a topology information recovery request message, which is used to request recovery of the hidden information it carries.

S506: The third SEPP forwards the above-mentioned second message to the second SEPP located in the first network.

S507: After receiving the second message, the second SEPP obtains the hidden information in the second message and restores the hidden information to the topology information of the first network element in the unhidden state.

Optionally, the second SEPP restores the hidden information to the topology information of the first network element in the unhidden state according to the first key ID.

It should be noted that in this solution, the preset algorithms of the first SEPP and the second SEPP are the same.

It should be noted that the SEPP in S503 and S507 can be the same SEPP or different SEPPs.

S508: The second SEPP sends the first reply message to the first network element according to the topology information of the first network element.

In the embodiment of this application, encryption can be used to hide the topology information in the message. As long as the same algorithm and key information are preset on SEPPs in the same network, topology information between different SEPPs on the same network can be realized. The mutual recovery function enables all SEPPs in the same network to correctly recover the hidden topology information when receiving a request message requiring topology recovery, thus avoiding service failures caused by different SEPPs.

In order to more clearly understand the process of step S502 (generating hidden information) in the embodiment shown in FIG. 5 , for example, FIG. 6 shows a schematic diagram of a SEPP method 600 for hiding topology information provided by the embodiment of the present application. Sexual flow chart. As shown in Figure 6, the method 600 includes:

S601: The first SEPP encrypts the topology information of the first network element according to the first algorithm and the first key ID.

It should be understood that all SEPPs in the first network where the first SEPP is located have preset the first algorithm and the first key ID.

S602: Convert the encrypted topology information into characters allowed by FQDN.

S603: Convert ciphertext, encryption material and domain information into an FQDN according to the specified format.

Among them, the ciphertext refers to the encrypted topology information (converted into characters allowed by FQDN) (ie: hidden information), the encryption material includes the first key ID, and the domain information refers to the domain information corresponding to the topology information.

In one example, the type of topology information is the FQDN of the first network element. The first SEPP takes out the topology information part in the FQDN, encrypts it according to the first algorithm and the first key ID, and then converts the encrypted topology information are the characters allowed by FQDN; finally, the ciphertext, encryption material, and domain information in the original FQDN are formatted into a new FQDN according to the specified format.

The FQDN before hiding is: topology information to be hidden + domain information;

The hidden FQDN is: CP+ciphertext+encrypted material+domain information.

Among them, CP is the prefix, indicating that the encrypted string follows.

In another example, the type of topology information is the IP address of the first network element. The first SEPP encrypts the IP address according to the first algorithm and the first key ID, and then converts the encrypted IP address into an IP address allowed by the FQDN. characters; finally, the ciphertext, encryption material, and domain information in the original FQDN are formatted into a new FQDN according to the specified format.

The FQDN before hiding is: the topology information to be hidden;

The hidden FQDN is: CP+ciphertext+encrypted material+domain information.

Among them, CP is the prefix, indicating that the encrypted string follows.

Corresponding to the embodiment shown in FIG. 6 , exemplarily, FIG. 7 shows a SEPP recovery hidden topology provided by the embodiment of the present application. A schematic flowchart of a method 700 for fluttering information. As shown in Figure 7, the method 700 includes:

S701: The second SEPP obtains the encryption material and ciphertext part from the FQDN that hides the topology information. The encryption material includes the first key ID, and the ciphertext is the hidden topological information (that is, hidden information).

S702: The second SEPP decrypts the ciphertext according to the first key ID and obtains unhidden topology information.

Optionally, when the topology information type is FQDN, the recovery process of the topology information may also include the following steps:

S703: The second SEPP splices the decrypted topology information and the domain information in the original FQDN to restore the original FQDN.

More specifically, taking the encryption algorithm AES_256_GCM as an example, FIG. 8 shows a schematic flow chart of a method 800 for hiding topology information provided by an embodiment of the present application. This method takes the topology information type as FQDN as an example, as shown in Figure 8. The method 800 includes:

S801: SEPP obtains the topology information to be hidden from the original FQDN.

Among them, the original FQDN consists of the topology information and domain information to be hidden. For example, the original FQDN is:

APP-XJCHJxjINRF001BHW01BHW012.chj.xj.node.5gc.mnc000.mcc460.3gppnetwork.org; the topology information to be hidden is:

APP-XJCHJxjINRF001BHW01BHW012.chj.xj.node.

S802: Using the first key as the encryption key, use the AES_256_GCM algorithm to encrypt the above topology information to be hidden, and obtain the corresponding binary ciphertext.

Among them, AES is a symmetric encryption algorithm, 256 represents the ciphertext block length, and GCM is the encryption mode.

S803: Base32 encode the above binary ciphertext to make it into visible characters (ciphertext).

Among them, BASE32 refers to an encoding technology that converts binary code streams into visual characters.

Since the encryption result is binary and does not meet the FQDN encoding requirements, it needs to be converted into visual characters, and FQDN is not case-sensitive, so BASE32 is used.

For example: after the above binary ciphertext is converted into a visible string, it is:

IFIFALKYJJBUQSTYNJEU4USGGAYDCQSIK4WTAMKCJBLTAMJSFZRWQ2ROPBVC43TPMRSS4.

S804: Based on the visible characters, add encryption material, CP prefix and domain information.

Among them, the encryption material includes the first key ID and VI value (in order for other SEPPs to query the local configuration and obtain the real key). The CP prefix indicates that it is followed by an encrypted string, and the domain information is the domain included in the original FQDN. information.

For example: the new FQDN obtained is:

CP.IFIFALKYJJBUQSTYNJEU4USGGAYDCQSIK4WTAMKCJBLTAMJSFZRWQ2ROPBVC43TPMRSS4.skid1.ivF1E33E079831DF424A00D264.5gc.mnc000.mcc460.3gppnetwork.org.

It should be noted that the encryption algorithm in the embodiment of this application can be any reversible secure encryption algorithm and is not limited to AES_GCM.

In the embodiment of this application, a universal encryption algorithm is provided to hide topology information, so that different SEPPs can mutually recover each other's hidden topology information as long as their preset encryption algorithms and key information are the same. The encryption process of this method uses well-known algorithms in the industry, which can prevent brute force cracking and quantum-level attacks. Because the encryption result (ciphertext) is different each time, it cannot be cracked through repeated attempts. It is safe and reliable; and, different encryption results (ciphertext) on the same network are different. SEPP can be used in all SEPPs and has strong versatility; and because the SKIDs in different network conditions are different, even if other networks use the same solution, they cannot be resolved. If the SKID is leaked, it can be modified uniformly within the network; in addition, this method can deploy a configuration , can cover all FQDNs, thereby avoiding misconfiguration or under-configuration, and facilitating operation and maintenance; using non-mapping algorithms (such as SEPP to locally maintain one-to-many mapping relationships) will not cause an increase in configuration due to future increases in NF or FQDN.

Parallel to the embodiment shown in Figure 5, Figure 9 exemplarily shows a schematic diagram of a method 900 for implementing topology hidden communication provided by an embodiment of the present application. The method 900 is applied to user data changes on AMF subscription UDM. Scenes. As shown in Figure 9, the solution includes the following steps:

S901: The AMF in the visited domain sends a subscription request message to SEPP-a on the same side. The subscription request message carries CallbackURIA, where CallbackURIA refers to unhidden AMF-related topology information.

S902: SEPP-a of the visited domain hides CallbackURIA, sends a subscription request message to SEPP-1 on the opposite side, and further sends the subscription request message to UDM. At this time, the subscription request message carries CallbackURIA1, where CallbackURIA1 refers to the hidden CallbackURIA. AMF related topology information.

S903: When the user data on the UDM changes, the UDM sends a notification to the SEPP-a of the visited domain through SEPP-1 on the same side. Request message, the notification request message carries the above-mentioned CallbackURIA1.

S904: After receiving the notification request message carrying CallbackURIA1, SEPP-a restores CallbackURIA1 to CallbackURIA. To facilitate routing of notification request messages to AMF based on CallbackURIA.

In the embodiment of this application, the SEPP path during the sending process of the subscription request message is the same as the SEPP path during the receiving process of the notification request message. In this way, the hiding and recovery of the topology information can be completed by the same SEPP, so that after hiding The topology information can be restored correctly, thereby avoiding service failures caused by different SEPPs for hiding topology information and restoring topology information.

In order to more clearly understand the implementation process of the embodiment shown in Figure 9, as an example, Figure 10 shows a schematic interaction diagram of a method 1000 for strictly routing communications provided by an embodiment of the present application. The method 1000 is applied to the scenario of sending and receiving messages across the first network element and the second network element of the network. As shown in Figure 10, the method 1000 includes:

S1001: The first network element sends a first request message to the first SEPP. The first request message is used to request to subscribe to target information from the second network element, or the first request message is used to request to obtain the target from the second network element. information.

Wherein, optionally, while sending the first request message to the first SEPP, the first network element also sends the topology information of the first network element.

Optionally, the first network element may send the topology information of the first network element in a manner carried by the first request information, may be sent individually, may be sent in a package, or may be sent by This application does not limit the forwarding methods of other devices or network elements.

Optionally, the topology information of the first network element may be one or more of the IP address, FQDN, and URI of the first network element, or other topology information, which is not limited in this application.

Optionally, after receiving the first request message, the first SEPP obtains the topology information of the first network element, hides the topology information of the first network element, and generates hidden information. The hidden information refers to the hidden topological information of the first network element.

S1002: The first SEPP sends a first message to the third SEPP located in the second network. The first message includes a first request message and first indication information. The first indication information is used to indicate the routing category corresponding to the first SEPP. For strict routing.

Optionally, the first message also includes the above hidden information.

Optionally, the above hidden information may be sent in a manner carried by the first request message, may be sent individually, may be sent in a package, or may be forwarded by other devices or network elements. method, this application does not limit this.

S1003: The third SEPP forwards the above first message to the second network element.

S1004: After receiving the first message, the second network element generates a first path, and the first path is generated based on the path of the first message.

Wherein, the first path includes one or more devices, each of the one or more devices corresponds to a routing category, and the routing category includes strict routing and may also include loose routing. Among them, the parameter mark of strict routing can be sr, which means that the message must pass through the device corresponding to the strict route; the loose route can be represented by no mark, which means that the message may or may not pass through the device corresponding to the loose route.

Optionally, the second network element records the path of the first message.

Optionally, the second network element arranges the paths of the first message in reverse order to generate the first path.

S1005: In response to the received first message, the second network element sends a second message to the third SEPP on the same side according to the first path, where the second message includes the first reply message. The first reply message is a message sent by the second network element in response to the first request message.

Optionally, the second message also includes the above hidden information.

Optionally, the above-mentioned hidden information may be sent in a manner carried by the first reply message, may be sent individually, may be sent in a package, or may be forwarded by other devices or network elements. method, this application does not limit this.

Optionally, the second message carries a topology information recovery request message, which is used to request recovery of the hidden information it carries.

S1006: The third SEPP forwards the above-mentioned second message to the first SEPP.

It should be understood that since the routing category corresponding to the first SEPP is strict routing, the second message will definitely pass through the first SEPP.

Optionally, after receiving the second message, the first SEPP acquires the hidden information in the second message and restores the hidden information to the topology information of the first network element in the unhidden state.

S1007: The first SEPP sends the first reply message to the first network element.

Optionally, the first SEPP sends the first reply message to the first network element according to the topology information of the first network element.

In the embodiment of this application, SEPP can control that messages with its hidden address as the destination address can be routed to itself, thereby avoiding the situation where messages are routed to other SEPPs and cannot be recovered, thereby enabling the hidden topology information to be correctly recovered. This avoids business failure due to different SEPPs.

In order to more clearly understand the message sending and receiving paths in the embodiments shown in Figures 9 and 10, for example, Figure 11 shows inter-SEPP implementation messages (involving topology hiding and recovery) in different networks provided by the embodiments of the present application. Information interaction diagram of the sending and receiving method 1100.

As shown in Figure 11, the first network includes cNF (the first network element), cSCP and cSEPP, and the second network includes pNF (as the first network element), pSCP and pSEPP. Among them, in order to facilitate distinction, the network elements in the first network have the prefix c, and the network elements in the second network have the prefix p. Moreover, in this example, the first request message is the initial request message, and the first reply message is the callback. Taking the request message as an example for illustration, the method 1100 includes:

S1101: The cNF sends an initial request message to the cSCP. The initial request message is used to request to obtain the target information from the pNF, or the initial request message is used to request to subscribe to the pN for the target information.

The initial request message carries cNF topology information.

For example, the topology information of cNF carried in the initial request message is represented in Figure 11 as: callbackURI:cNF.

S1102: cSCP forwards the initial request message as a proxy, and synchronously puts its own topology information (which can be the FQDN of cSCF) into the via header field, and indicates loose routing.

For example, the topology information of cSCP carried in the initial request message forwarded by cSCP is represented in Figure 11 as: Via:cSCP.

Specifically, when cSCP processes the initial request message as a proxy, it indicates whether it is strict routing (the indication mark can be sr) through the extended parameter in the added via: header field. If it is strict routing, it indicates the subsequent request message or the callback request message. Must go through the proxy.

It should be noted that in this example, the sr parameter is used to indicate strict routing, and no parameters are carried to indicate loose routing. However, it should be understood that this does not constitute any limitation on the solution of this application. Loose routing and strict routing can be determined according to the actual situation or needs. marking method.

S1103: After receiving the initial request message sent by cSCP, cSEPP hides the topology information of cNF, converts the callback address from cNF to cNFA, deletes the FQDN of cSCP in via, and puts its own FQND into via, indicating strict Route (indicator tag can be sr). Then, the initial request message is sent to pSEPP in the peer network.

Among them, the suffix letter A indicates that the information is hidden information.

For example, the information carried in the initial request message sent by cSEPP to pSEPP is represented in Figure 11 as: callbackURI: cNFA; Via: cSEPP; sr.

S1104: After receiving the initial request message sent by cSEPP, pSEPP puts its FQND into via, indicating strict routing. It further forwards the initial request message to pSCP.

For example, the information carried in the initial request message forwarded by pSEPP to pSCP is represented in Figure 11 as: callbackURI: cNFA; Via: cSEPP; sr; Via: pSEPP; sr.

S1105: After receiving the initial request message sent by pSEPP, pSCP puts its FQND into via, indicating loose routing. The initial request message is further forwarded to pNF.

Exemplarily, the information carried in the initial request message forwarded by pSCP to pNF is represented in Figure 11 as: callbackURI: cNFA; Via: cSEPP; sr; Via: pSEPP; sr; Via: pSCP.

S1106: After receiving the initial request message sent by pSCP, pNF on the server side records the callback address cNFA and via header field for subsequent sending of callback request messages (usually using the notify method); and generates a response message and sends the response message to pSEPP. .

The response message carries the Location header field, and pNF converts the via header field into the record-route header field and puts it into the response message.

Exemplarily, the information carried in the response message sent by pNF to pSEPP is represented in Figure 11 as: Location: pNF; Record-route: cSEPP; sr; Record-route: pSEPP; sr; Record-route: pSCP.

S1107: After pSEPP receives the response message sent by pNF, it deletes the pSCP information in the record-route header field, converts the address in the location header field from pNF to pNFA, and then further forwards the response message to cSEPP.

For example, the information carried in the response message forwarded by pSEPP to cSEPP is represented in Figure 11 as: Location: pNFA; Record-route: cSEPP; sr; Record-route: pSEPP; sr.

Among them, the suffix letter A indicates that the information is hidden information.

S1108: After receiving the response message forwarded by pSEPP, cSEPP puts the cSCP information into the record-route header field, and then further forwards the response message to cNF.

For example, the information carried in the response message forwarded by cSEPP to cNF is shown in Figure 11 as: Location: pNFA; Record-route: cSCP; Record-route: cSEPP; sr; Record-route: pSEPP; sr.

S1109: After receiving the response message forwarded by cSEPP, cNF records the address pNFA in the location header field as the target address of the subsequent request, and records the information in the record-route header field as the route of the subsequent request, and generates a subsequent request message to cSCP sends this subsequent request message.

Among them, cNF converts the location header field into a URI header field, and converts the record-route header field into a route header field and puts them into the subsequent request message. Thus, the recorded record-route is put into the route field of the subsequent request message as the route for the subsequent request message.

Exemplarily, the information carried in the subsequent request message sent by cNF to cSCP is represented in Figure 11 as: URI: pNFA; route: cSCP; route: cSEPP; sr; route: pSEPP; sr.

S1110: After receiving the subsequent request message sent by cNF, cSCP deletes its own address from the route according to the route instructions, and further forwards the subsequent request message to cSEPP.

For example, the information carried in the subsequent request message forwarded by cSCP to cSEPP is represented in Figure 11 as: URI: pNFA; route: cSEPP; sr; route: pSEPP; sr.

It should be understood that the intermediate proxy routes according to the route instructions. If the indication is strict routing, it cannot be skipped; the intermediate proxy deletes its own address from the route one by one when processing subsequent requests.

S1111: After receiving the subsequent request message forwarded by cSCP, cSEPP deletes its own address from the route according to the route instructions, and further forwards the subsequent request message to pSEPP.

Exemplarily, the information carried in the subsequent request message forwarded by cSEPP to pSEPP is represented in Figure 11 as: URI: pNFA; route: pSEPP; sr.

S1112: After receiving the subsequent request message, pSEPP restores the pNFA in the URI header field to pNF; deletes its own address from the route, and further forwards the subsequent request message to pNF through pSCP according to the restored pNF address.

Among them, restoring the pNFA in the URI header field to pNF means restoring the topology information of the hidden pNF so that subsequent request messages can be routed to the pNF according to the topology information of the pNF.

For example, the information carried in the subsequent request message forwarded by pSEPP to pNF is represented in Figure 11 as: URI:pNF.

S1113: After receiving the subsequent request message, pNF uses the callback address cNFA to initiate a callback request message. When initiating the callback request, the via header field recorded in step S1106 is placed in the route header field of the callback request message in reverse order, as This callback requests the routing of the message. pNF sends the callback request to pSCP.

For example, the information carried in the callback request message sent by pNF to pSCP is represented in Figure 11 as: URI: cNFA; route: Pscp; route: pSEPP; sr; route: cSEPP; sr.

S1114: After pSCP receives the callback request message sent by pNF, it deletes its own address from the route according to the route instructions, and further forwards the subsequent request message to pSEPP.

Exemplarily, the information carried in the subsequent request message forwarded by pSCP to pSEPP is represented in Figure 11 as: URI: cNFA; route: pSEPP; sr; route: cSEPP; sr.

It should be understood that the intermediate proxy routes according to the route instructions. If the indication is strict routing, it cannot be skipped; the intermediate proxy deletes its own address from the route one by one when processing subsequent requests.

S1115: After pSEPP receives the callback request message sent by pSCP, it deletes its own address from the route according to the route instructions, and further forwards the subsequent request message to cSEPP.

Exemplarily, the information carried in the subsequent request message forwarded by pSEPP to cSEPP is represented in Figure 11 as: URI: cNFA; route: cSEPP; sr.

S1116: After receiving the callback request message, cSEPP restores the cNFA in the URI header field to cNF; deletes its own address from the route, and further forwards the callback request message to cNF based on the restored cNF address.

Among them, restoring the cNFA in the URI header field to cNF means restoring the topology information of the hidden cNF so that subsequent request messages can be routed to the cNF based on the topology information of the cNF.

For example, the information carried in the callback request message forwarded by cSEPP to pSEPP is represented in Figure 11 as: URI:cNF.

Optionally, after receiving the subsequent request message, the pNF may send a response message to the cNF for the subsequent request message.

Similarly, after receiving the callback request message, cNF can send a response message to the callback request message to pNF.

It should be noted that the header field naming in the embodiment of this application is a reference naming, which does not constitute any limitation on the solution of this application, and can also be replaced with other naming.

It should also be noted that the routing scheme proposed in the embodiment of this application can also be used on other HTTP proxies such as SCP to achieve routing control, and is not limited to SEPP.

In the embodiment of this application, the HTTP extension header fields record-route and route are added, which are used to carry the route of subsequent request messages and the route of this message (callback request message) respectively. Moreover, via and record-route in this method The route header field supports carrying parameters to identify whether it is a strict route. In this way, SEPP can control that messages with its hidden address as the destination address can be routed to itself, thereby avoiding the situation where messages are routed to other SEPPs and cannot be recovered, thereby enabling the hidden topology information to be correctly recovered, avoiding the problem of SEPP Business failure caused by differences; and, by improving the routing mechanism of SBI interface messages, the proxy can control the sending path of the associated request messages. On the one hand, it solves the problem of topology hiding from different manufacturers, and it can also provide a mechanism for business processing of subsequent associated sessions.

Parallel to the embodiments shown in Figures 5 and 9, as an example, Figure 12 shows a schematic diagram of yet another method 1200 for implementing topology hidden communication provided by the embodiment of the present application. This method 1200 is applied to AMF subscription UDM. User data change scenarios. As shown in Figure 12, the solution includes the following steps:

S1201: The AMF in the visited domain sends a subscription request message to SEPP-a on the same side. The subscription request message carries CallbackURIA, where CallbackURIA refers to unhidden AMF-related topology information.

S1202: SEPP-a of the visited domain hides CallbackURIA, sends a subscription request message to SEPP-1 on the opposite side, and further sends the subscription request message to UDM. At this time, the subscription request message carries CallbackURIA1, where CallbackURIA1 refers to the hidden CallbackURIA. AMF related topology information.

S1203: When the user data on the UDM changes, the UDM sends a notification request message to the SEPP-b of the visited domain through SEPP-2 on the same side. The notification request message carries the above-mentioned CallbackURIA1.

S1204: After receiving the notification request message carrying CallbackURIA1, SEPP-b calls the service provided by SEPP-a to query the restored address information callbackURIA of callbackURIA1.

Specifically, after SEPP-b receives the notification request message carrying CallbackURIA1, it can send a second request message to SEPP-a. The second request message is used to request SEPP-a to restore CallbackURIA1 to CallbackURIA; and then responds to the received In the second request message, SEPP-a sends a second reply message to SEPP-b, and the second reply message is CallbackURIA.

S1205: SEPP-b replaces the target address in the notification request message with callbackURIA, so that the notification request message is routed to the AMF according to the CallbackURIA.

It should be noted that this embodiment takes SEPP-a hiding and SEPP-b recovery in the first network as an example. In the second network, SEPP-1 and SEPP-2 also need to provide each other with the above-mentioned similar query services.

In the embodiment of the present application, the function of SEPP is extended so that it can provide external services. The topology information before hiding can be queried through the hidden topology information, and the queried topology information before hiding can be sent to the requester who issued the request message. SEPP. In this way, topology information recovery services are provided to each other through SEPP to realize the conversion from the hidden topology information to the pre-hidden topology information, so that the hidden topology information can be correctly restored, thereby avoiding the SEPP and reception of hidden topology information. Service failure caused by different SEPPs used to hide topology information.

In order to more clearly understand the implementation process of the embodiment shown in Figure 12, for example, Figure 13 shows a schematic interaction diagram of yet another topology information hiding communication method 1300 provided by the embodiment of the present application. The method 1300 is applied to the scenario of sending and receiving messages across the first network element and the second network element of the network. As shown in Figure 13, the method 1300 includes:

S1301: The first network element sends a first request message to the first SEPP. The first request message is used to request to subscribe to target information from the second network element, or the first request message is used to request to obtain the target from the second network element. information.

Wherein, optionally, while sending the first request message to the first SEPP, the first network element also sends the topology information of the first network element.

Optionally, the first network element may send the topology information of the first network element in a manner carried by the first request information, may be sent individually, may be sent in a package, or may be sent by This application does not limit the forwarding methods of other devices or network elements.

Optionally, the topology information of the first network element may be one or more of the IP address, FQDN, and URI of the first network element, or other topology information, which is not limited in this application.

S1302: After receiving the first request message, the first SEPP obtains the topology information of the first network element, hides the topology information of the first network element, and generates hidden information. The hidden information refers to the hidden topological information of the first network element.

S1303: The first SEPP sends a first message to the third SEPP located in the second network. The first message includes the first request message and hidden information.

Optionally, the above hidden information may be sent by being carried by the first request message, may be sent individually, may be packaged and sent, or may be forwarded by other devices or network elements. , this application does not limit this.

S1304: The third SEPP forwards the above first message to the second network element.

S1305: In response to the received first message, the second network element sends a second message to the third SEPP on the same side, where the second message includes the first reply message and hidden information. The first reply message is a message sent by the second network element in response to the first request message.

Optionally, the above-mentioned hidden information may be sent by being carried by the first reply message, may be sent individually, may be packaged and sent, or may be forwarded by other devices or network elements. , this application does not limit this.

Optionally, the second message carries a topology information recovery request message, which is used to request recovery of the hidden information it carries.

S1306: The third SEPP forwards the above-mentioned second message to the second SEPP located in the first network.

S1307: After receiving the second message, the second SEPP sends a second request message to the first SEPP. The second request message is used to request to obtain the restored hidden message, and the second request message carries the hidden information.

S1308: In response to receiving the second request message, the first SEPP restores the hidden message to the unhidden topology information, and then sends the restored topology information of the first network element to the second SEPP.

S1309: The second SEPP sends the first reply message to the first network element according to the topology information of the first network element.

In the embodiment of the present application, the function of SEPP is extended so that it can provide external services. The topology information before hiding can be queried through the hidden topology information, and the queried topology information before hiding can be sent to the requester who issued the request message. SEPP. In this way, topology information recovery services are provided to each other through SEPP to realize the conversion from the hidden topology information to the pre-hidden topology information, so that the hidden topology information can be correctly restored, thereby avoiding the SEPP and reception of hidden topology information. Service failure caused by different SEPPs used to hide topology information.

Parallel to the embodiment shown in FIG. 13 , as an example, FIG. 14 shows a schematic interaction diagram of yet another method 1400 for topological information hiding communication provided by an embodiment of the present application. The method 1400 is applied to the scenario of sending and receiving messages across the first network element and the second network element of the network. As shown in Figure 14, the method 1400 includes:

S1401: The first network element sends a first request message to the first SEPP. The first request message is used to request to subscribe to target information from the second network element, or the first request message is used to request to obtain the target from the second network element. information.

Wherein, optionally, while sending the first request message to the first SEPP, the first network element also sends the topology information of the first network element.

Optionally, the first network element may send the topology information of the first network element in a manner carried by the first request information, may be sent individually, may be sent in a package, or may be sent by This application does not limit the forwarding methods of other devices or network elements.

Optionally, the topology information of the first network element may be one or more of the IP address, FQDN, and URI of the first network element, or other topology information, which is not limited in this application.

S1402: After receiving the first request message, the first SEPP obtains the topology information of the first network element, hides the topology information of the first network element, and generates hidden information. The hidden information refers to the hidden topological information of the first network element.

S1403: The first SEPP sends a first message to the third SEPP located in the second network. The first message includes the first request message and hidden information.

Optionally, the above hidden information may be sent by being carried by the first request message, may be sent individually, may be packaged and sent, or may be forwarded by other devices or network elements. , this application does not limit this.

S1404: The third SEPP forwards the above first message to the second network element.

S1405: In response to the received first message, the second network element sends a second message to the third SEPP on the same side, where the second message includes the first reply message and hidden information. The first reply message is a message sent by the second network element in response to the first request message.

Optionally, the above-mentioned hidden information may be sent by being carried by the first reply message, may be sent individually, may be packaged and sent, or may be forwarded by other devices or network elements. , this application does not limit this.

Optionally, the second message carries a topology information recovery request message, which is used to request recovery of the hidden information it carries.

S1406: The third SEPP forwards the above-mentioned second message to the second SEPP located in the first network.

S1407: After receiving the second message, the second SEPP sends a second request message to the third network element located on the same side. The second request message is used to request to obtain the restored hidden message. The second request message carries the hidden information. .

S1408: In response to receiving the second request message, the third network element restores the hidden message to the unhidden topology information, and then sends the restored topology information of the first network element to the second SEPP.

S1409: The second SEPP sends the first reply message to the first network element according to the topology information of the first network element.

In the embodiment of this application, topology information hiding and recovery services are provided by adding a new NF. The newly added NF can query the pre-hiding topology information through the hidden topology information, and then send the queried pre-hiding topology information to SEPP that issued the request message. In this way, the hidden topology information can be restored correctly, thereby avoiding service failure caused by the difference between the SEPP for sending the hidden topology information and the SEPP for receiving the hidden topology information.

Figure 15 is a schematic block diagram of a communication device 1500 provided by an embodiment of the present application. The device 1500 includes a receiving module 1501, which can be used to implement corresponding receiving functions. The receiving module 1501 may also be called a receiving unit.

The device 1500 also includes a processing module 1502, which can be used to implement corresponding processing functions, such as hiding the topology information of the first network element or restoring the topology information of the first network element.

The device 1500 also includes a sending module 1503, which can be used to implement corresponding sending functions. The sending module 1503 can also be called a sending unit.

Optionally, the device 1500 also includes a storage unit, which can be used to store instructions and/or data, and the processing unit 1502 can read the instructions and/or data in the storage unit, so that the device implements each of the foregoing method embodiments. the actions of related devices.

The device 1500 can be used to perform the actions performed by the network equipment (such as AMF, UDM or SEPP) in each of the above method embodiments. In this case, the device 1500 can be a component of the network equipment, and the receiving module 1501 is used to perform The processing module 1502 is used to perform operations related to the reception of the network device in the above method embodiment, and the sending module 1503 is used to perform the sending operation of the network device in the above method embodiment. related operations.

As a design, the device 1500 is used to perform actions performed by any network element or any device in each of the above method embodiments. In one embodiment, the communication device may be used to perform operations of the network equipment (for example, the first network element, the second network element, the third network element or the SEPP) in FIGS. 4 to 14 described above. For example:

The receiving module 1501 is configured to receive a first request message and send a first request message to the first SEPP. The first request message is used to request to subscribe to the target information from the second network element, or the first request message is used to request from the second network element. Obtain target information at the second network element.

Optionally, while sending the first request message to the first SEPP, the receiving module 1501 also sends the topology information of the first network element.

The processing module 1502 is configured to obtain the topology information of the first network element, hide the topology information of the first network element, and generate hidden information. The hidden information refers to the hidden topological information of the first network element.

The sending module 1503 is configured to send a first message to the third SEPP located in the second network, where the first message includes the first request message and hidden information.

Optionally, the above hidden information may be sent by being carried by the first request message, may be sent individually, may be packaged and sent, or may be forwarded by other devices or network elements. , this application does not limit this.

It should be understood that the specific process of each module performing the above corresponding steps has been described in detail in the above method embodiments, and will not be described again for the sake of brevity.

In addition, the receiving module 1501, the processing module 1502 and the sending module 1503 in the communication device can also implement other operations or functions of the network device in the above method, which will not be described again here.

In addition, the receiving module 1501, the processing module 1502 and the sending module 1503 in the communication device can also implement the operations or functions of other devices in the above method, which will not be described again here.

Figure 16 shows another possible structural diagram of the communication device involved in the above embodiment. The communication device includes a processor 1601. As shown in Figure 16, the communication device may also include at least one memory 1602 for storing program instructions and/or data. Memory 1602 and processor 1601 are coupled. The coupling in the embodiment of this application is an indirect coupling or communication connection between devices, units or modules, which may be in electrical, mechanical or other forms, and is used for information interaction between devices, units or modules. Processor 1601 may cooperate with memory 1602. Processor 1601 may execute program instructions stored in memory 1602. At least one of the at least one memory may be included in the processor.

The communication device may also include a transceiver 1603 for communicating with other devices over a transmission medium so that the device may Communicate with other devices. Optionally, the transceiver 1603 may be an interface, a bus, a circuit, or a device capable of implementing transceiver functions. Optionally, transceiver 1603 may include a receiver and a transmitter.

The specific connection medium between the above-mentioned processor 1601, memory 1602 and transceiver 1603 is not limited in the embodiment of the present application. In the embodiment of the present application, the processor 1601, the memory 1602 and the transceiver 1603 are connected through a bus 1604 in Figure 16. The bus is represented by a thick line in Figure 16. The connection methods between other components are only schematically explained. , is not limited. The bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one thick line is used in Figure 16, but it does not mean that there is only one bus or one type of bus.

For example, in one embodiment, processor 1601 is configured for other operations or functions of the network device. The transceiver 1603 is used to implement communication between the communication device and other network elements/devices (such as UE/gNB).

One or more of the above modules or units can be implemented in software, hardware, or a combination of both. When any of the above modules or units is implemented in software, the software exists in the form of computer program instructions and is stored in the memory. The processor can be used to execute the program instructions and implement the above method flow. The processor may include but is not limited to at least one of the following: a central processing unit (CPU), a microprocessor, a digital signal processor (DSP), a microcontroller unit (MCU), or artificial intelligence Various computing devices such as processors that run software. Each computing device may include one or more cores for executing software instructions to perform calculations or processing. The processor can be built into an SoC (system on a chip) or an application specific integrated circuit (ASIC), or it can be an independent semiconductor chip. In addition to the core used to execute software instructions for calculation or processing, the processor can further include necessary hardware accelerators, such as field programmable gate array (FPGA), PLD (programmable logic device) , or a logic circuit that implements dedicated logic operations.

When the above modules or units are implemented in hardware, the hardware can be a CPU, microprocessor, DSP, MCU, artificial intelligence processor, ASIC, SoC, FPGA, PLD, dedicated digital circuit, hardware accelerator or non-integrated discrete device Any one or any combination thereof, which can run necessary software or not rely on software to perform the above method process.

When the above modules or units are implemented using software, they may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with the embodiments of the present invention are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, e.g., the computer instructions may be transferred from a website, computer, server, or data center Transmission to another website, computer, server or data center by wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more available media integrated. The available media may be magnetic media (eg, floppy disk, hard disk, magnetic tape), optical media (eg, DVD), or semiconductor media (eg, solid state disk (SSD)), etc.

The above-mentioned specific embodiments further describe the purpose, technical solutions and beneficial effects of the present application in detail. It should be understood that the above-mentioned are only specific embodiments of the present application and are not intended to limit the scope of the present application. Any modifications, equivalent substitutions, improvements, etc. made on the basis of the technical solution of this application shall be included in the scope of protection of this application.

According to the method provided by the embodiment of the present application, the present application also provides a computer program product. The computer program product includes: computer program code. When the computer program code is run on a computer, it causes the computer to execute the first step in the foregoing method embodiment. One network element side method.

According to the method provided by the embodiment of the present application, the present application also provides a computer program product. The computer program product includes: computer program code. When the computer program code is run on a computer, it causes the computer to execute the first step in the foregoing method embodiment. Method on the second network element side.

According to the method provided by the embodiment of the present application, the present application also provides a computer program product. The computer program product includes: computer program code. When the computer program code is run on a computer, it causes the computer to execute the SEPP in the foregoing method embodiment. side method.

According to the method provided by the embodiment of the present application, the present application also provides a computer-readable medium. The computer-readable medium stores program code. When the program code is run on a computer, it causes the computer to execute the first step in the foregoing method embodiment. One network element side method.

According to the method provided by the embodiment of the present application, the present application also provides a computer-readable medium. The computer-readable medium stores program code. When the program code is run on a computer, it causes the computer to execute the first step in the foregoing method embodiment. Method on the second network element side.

According to the method provided by the embodiment of the present application, the present application also provides a computer-readable medium. The computer-readable medium stores program code. When the program code is run on a computer, it causes the computer to execute the SEPP in the foregoing method embodiment. side method.

An embodiment of the present application also provides a processing device, including a processor and an interface; the processor is configured to execute the communication method in any of the above method embodiments.

Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each specific application, but such implementations should not be considered beyond the scope of this application.

Those skilled in the art can clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be described again here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit.

If the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of this application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other media that can store program code. .

The above are only specific embodiments of the present application, but the protection scope of the present application is not limited thereto. Any person familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present application. should be covered by the protection scope of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (27)

1. A communication method, characterized in that the method includes:

   In response to the first network element sending a first request message to the second network, the first security and border proxy network element SEPP generates hidden information based on the first algorithm and the first key ID, and the hidden information is all hidden information. Describe the topology information of the first network element;

   The first SEPP sends a first message to the second network, the first message includes the first request message and the hidden information, the hidden information carries the first key ID;

   The second SEPP receives a second message sent by the second network in response to the first message. The second message includes a first reply message and the hidden information. The first SEPP and the second SEPP Belonging to the first network, the first SEPP and the second SEPP are preset with the first algorithm and the first key ID;

   The second SEPP recovers the hidden information according to the first key ID, and then obtains the topology information of the first network element, so as to route the first reply message according to the topology information of the first network element. to the first network element.
2. The method according to claim 1, characterized in that the first SEPP generates hidden information according to the first algorithm and the first key ID, including:

   The first SEPP receives the first request message sent by the first network element and the topology information of the first network element;

   The first SEPP generates the hidden information by encrypting the topology information of the first network element according to the first algorithm and the first key ID.
3. The method according to claim 1 or 2, characterized in that the first SEPP sends a first message to the second network, including:

   The first SEPP generates a first fully qualified domain name FQDN, where the first FQDN includes the hidden information and the first key ID;

   The first SEPP sends a first message to the second network, where the first message includes the first request message and the first FQDN.
4. The method of claim 3, wherein the first FQDN further includes domain information of the first network element.
5. The method according to any one of claims 1 to 4, characterized in that the first network element is an access and mobility management function AMF, a session management function SMF, a unified data management UDM, a user plane function UPF, Any one of the authentication server function AUSF and the short message service function SMSF.
6. The method according to any one of claims 1 to 5, characterized in that the first SEPP and the second SEPP are the same SEPP.
7. A communication method, characterized in that the method includes:

   In response to the first network element sending a first request message to the second network, the first security and border proxy network element SEPP sends a first message to the second network, the first message including the first request message and first indication information, the first indication information being used to indicate that the routing category corresponding to the first SEPP is strict routing;

   The first SEPP receives a second message sent by the second network according to a first path in response to the first message, the second message includes a first reply message, and the first path is the first path. The second network is generated according to the path of the first message, the first path includes one or more devices, each of the one or more devices corresponds to a routing category, and the routing category includes the strict routing;

   The first SEPP sends the first reply message to the first network element.
8. The method of claim 7, wherein the first message further includes hidden information, the hidden information being the hidden topology information of the first network element, and the second message further includes the Hidden information, the first SEPP sends the first reply message to the first network element, including:

   The first SEPP restores the hidden information to the topology information of the first network element;

   The first SEPP sends the first reply message to the first network element according to the topology information of the first network element.
9. The method of claim 8, further comprising:

   The first SEPP generates the hidden information by encrypting the topology information of the first network element.
10. The method according to claim 8 or 9, characterized in that, the method further includes:

    The first SEPP receives the first request message sent by the first network element and the topology information of the first network element.
11. The method according to any one of claims 7 to 10, characterized in that the routing category further includes loose routing.
12. The method according to any one of claims 7 to 11, characterized in that the first network element is an access and mobility management function AMF, a session management function SMF, a unified data management UDM, a user plane function UPF, Any one of the authentication server function AUSF and the short message service function SMSF.
13. A communication method, characterized in that the method includes:

    The second network element receives the first message sent by the first security and border proxy network element SEPP. The first message includes a first request message and first indication information. The first indication information is used to instruct the first SEPP. The corresponding routing category is strict routing;

    The second network element generates a first path according to the path of the first message. The first path includes one or more devices. Each of the one or more devices corresponds to a routing category. The routing category includes all Strict routing is described;

    In response to the first message, the second network element sends a second message to the first SEPP according to the first path, where the second message includes a first reply message.
14. The method of claim 13, wherein the first message further includes hidden information, the hidden information being the hidden topology information of the first network element, and the second message further includes the Hide information.
15. The method according to claim 13 or 14, characterized in that the method further includes:

    The second network element records the path of the first message.
16. The method according to any one of claims 13 to 15, characterized in that the second network element generates the first path according to the path of the first message, including:

    The second network element generates the first path by arranging the paths of the first message in reverse order.
17. The method according to any one of claims 13 to 16, characterized in that the second network element is an access and mobility management function AMF, a session management function SMF, a unified data management UDM, a user plane function UPF, Any one of the authentication server function AUSF and the short message service function SMSF.
18. A communication method, characterized in that the method includes:

    In response to the first network element sending a first request message to the second network, the first security and border proxy network element SEPP sends a first message to the second network, the first message including the first request message and the hidden information, where the hidden information is the hidden topology information of the first network element;

    The second SEPP receives a second message sent by the second network in response to the first message, where the second message includes a first reply message and the hidden information;

    The second SEPP sends a second request message to the third network element, the second request message is used to request to obtain the topology information of the first network element, and the second request message includes the hidden information;

    The second SEPP receives a second reply message sent by the third network element in response to the second request message, and the second reply message includes the topology information of the first network element so as to respond to the first network element according to the first network element. The request reply message is routed to the first network element based on the topology information of the network element.
19. The method of claim 18, further comprising:

    The first SEPP generates the hidden information by encrypting the topology information of the first network element.
20. The method according to claim 18 or 19, characterized in that the method further includes:

    The first SEPP receives the first request message sent by the first network element and the topology information of the first network element.
21. The method according to any one of claims 18 to 20, characterized in that the third network element is the first SEPP.
22. The method according to any one of claims 18 to 20, characterized in that the third network element is access and mobility management function AMF, session management function SMF, unified data management UDM, user plane function UPF, Any one of the authentication server function AUSF and the short message service function SMSF.
23. The method according to any one of claims 18 to 22, characterized in that the first network element is any one of AMF, SMF, UDM, UPF, AUSF, and SMSF.
24. A communication device, characterized by comprising a module for executing the method according to any one of claims 1 to 6, 7 to 12, 13 to 17 or 18 to 23.
25. A communication device, characterized in that it includes a processor and an interface circuit. The interface circuit is used to receive signals from other communication devices other than the communication device and transmit them to the processor or to transmit signals from the processor. The signal is sent to the communication device In addition to other communication devices, the processor is used to implement the method according to any one of claims 1 to 6, 7 to 12, 13 to 17 or 18 to 23 through logic circuits or execution of code instructions.
26. A computer-readable storage medium, characterized in that a program or instructions are stored in the storage medium. When the program or instructions are executed, the implementation of claims 1 to 6, 7 to 12, 13 to 17 or 18 is achieved. The method described in any one of to 23.
27. A communication system, characterized in that the communication system includes any one or more of a first communication device, a second communication device, a third communication device and a fourth communication device, wherein,

    The first communication device is used to implement the method according to any one of claims 1 to 6;

    The second communication device is used to implement the method according to any one of claims 7 to 12;

    The third communication device is used to implement the method according to any one of claims 13 to 17;

    The fourth communication device is used to implement the method according to any one of claims 18 to 23.