User plane function information reporting method, access network equipment and core network equipment
A technology for core network equipment and access network equipment, applied in the field of communications, can solve problems such as data leakage, and achieve the effect of avoiding data leakage
Pending Publication Date: 2022-02-18
BAICELLS TECH CO LTD
0 Cites 0 Cited by
AI-Extracted Technical Summary
Problems solved by technology
[0003] The purpose of this application is to provide a method for reporting user plane function information, access network equipment, and core network equ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreMethod used
[0032] In the method for reporting user plane function information in the embodiment of the present application, the access network device sends a first message to the core network device, wherein the first message carries the information of the target user plane function UPF and the information of at least one first terminal Identification; the first message is used to instruct the core network equipment to establish a protocol data unit PDU session with the target UPF for at least one first terminal. The core network equipment can accurately select the target UPF according to the first message, and establish a PDU session for the first terminal and the target UPF, further enhancing the ability to avoid data leakage.
[0098] In the method for reporting user plane function information in the embodiment of the present application, on the one hand, the core network device can accurately selec...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreAbstract
The invention discloses a user plane function information reporting method, which is applied to access network equipment, and relates to the technical field of communication, the method comprises the following step of sending a first message to core network equipment, wherein he first message carries information of a target user plane function (UPF) and an identifier of at least one first terminal, and the first message is used for indicating the core network equipment to establish a protocol data unit PDU session with a target UPF for the at least one first terminal. According to the scheme provided by the invention, the core network equipment can accurately select the specified UPF, and the capability of avoiding data leakage is enhanced.
Application Domain
Technology Topic
Image
Examples
- Experimental program(1)
Example Embodiment
[0025] Next, the technical solutions in the present application embodiment will be described in the following examples, and the embodiments described herein are described herein, not all of the embodiments of the present disclosure. Based on the embodiments in the present application, all other embodiments obtained without creative labor are not made in the pre-creative labor premises.
[0026] The term "first", "second", "second", or the like in the specification of the present application and the like are used to distinguish a similar object, and is not intended to describe a particular order or ahead order. It is to be understood that the data such as use can be interchanged in appropriate, so that the embodiments of the present application can be implemented in the order other than those illustrated or described herein. In addition, the specification and the claim "and / or" represent at least one of the connected objects, characters "/", generally indicating that the front and rear association object is a "or" relationship.
[0027] Next, the method of providing the user surface function information provided by the present application embodiment will be described in detail by the specific embodiment and its application scenario.
[0028] like figure 1 As shown, one of the steps of reporting the method of the user's surface function information of the present application embodiment, which is applied to the access network device, including:
[0029] Step 101: Send the first message to the core network device, wherein the first message carries the information of the target user surface function UPF and the identifier of at least one first terminal; the first message is used to indicate the core network device The at least one first terminal establishes a protocol data unit (PDU) session with the target UPF.
[0030] Here, the first terminal may be a user equipment, and the identifier of the first terminal may be the ID of the first terminal; the access network device can be a base station, such as a 5G base station, a GNB (Generation Nodeb), the target UPF can be pre-configured locally That is, the information of the UPF associated with it is stored in advance in the access network device, wherein the UPF associated therewith may be an UPF capable of establishing a PDU session that can allow access to the first terminal of the access network device; target UPF For one or more entities.
[0031] Where the UPF information can be determined for the access network device according to the pre-configured rule, such as the corresponding relationship between the terminal and the UPF, or the UPF corresponding to the access network device, ie the terminal connected to the access network device. All PDU sessions can be established with the UPF corresponding to the access network device.
[0032] The user surface function information of the present application is reported to the method, and the first message is transmitted to the core network device, wherein the first message carries the information of the target user plane function UPF and the identity of at least one first terminal; The first message is used to indicate that the core network device establishes a protocol data unit PDU session with the target UPF for at least one first terminal. The core network device can select the target UPF based on the first message, and establish a PDU session for the first terminal and the target UPF, further enhance the ability to avoid data leakage.
[0033] Further, as an alternative embodiment, step 101, the method further includes:
[0034] The session establishment request message transmitted by the first terminal is received, which includes the identifier of the first terminal.
[0035] In this embodiment, the access network device sends a first message to the core network device based on the session establishment request message to which the session establishment request message transmitted by the first terminal is received. Among them, the first terminal can transmit the session establishment request message to the access network device in either in any case where the network, registration, and establishment of a business request is included. Of course, the first terminal can also send the session establishment request message with any of the UPF to establish session requirements other than the above case.
[0036] Specifically, step 101, send a first message to the core network device, including:
[0037] The first message is transmitted to the core network device based on the session establishment request message.
[0038] That is, if the access network device receives the session establishment request message transmitted by the first terminal, the access network device sends the first message to the core network device based on the session request message. That is, the access network device transmits the first message to the core network device in the case where the first terminal has a PDU session session with the UPF, to achieve the establishment of the PDU session between the first terminal and the target UPF.
[0039] As a specific embodiment, the step of transmitting the first message to the core network device is specifically included in accordance with the session establishment message.
[0040] In the case where the first terminal satisfies the preset rule, the first message is transmitted to the core network device.
[0041] In the present embodiment, when the access network device receives the session establishment request message transmitted by the first terminal, the access network device first determines whether the first terminal satisfies the preset rule, only at the first terminal. When the preset rule is met, the access network device transmits the first message to the core network device for the first terminal. That is, the access network device only establishes the PDU session with the UPF of the specified first terminal.
[0042]Of course, as another alternative embodiment, the access network device can also transmit the first message directly to the core network device according to a pre-configured rule. That is, when the access network device does not receive the session establishment request message transmitted by the first terminal, the access network device can send the first message to the core network device according to the pre-configured rule; wherein pre-configured The rule can send the first message to regularly, such as the access network device to establish a PDU session with the first terminal connected to it.
[0043] As an alternative embodiment, step 101 transmits a first message to the core network device, including:
[0044] The session management container of the N2 interface is constructed, and the session management container of the N2 interface includes information of the identity of the first terminal and the target UPF;
[0045] The session management container of the N2 interface is packaged in the first message and the first message is transmitted to the core network device.
[0046] In this embodiment, the session management container (SM Container) is used to carry information that carries the access network device and the core network device to interact with the N2 interface. Specifically, the first terminal may be a first terminal having a PDU session request with the target UPF. In this case, the session establishment request message may carry an identifier of the first terminal; the first terminal can also be In this case, in this case, the access network device can determine the identity of the first terminal directly according to the stored information.
[0047] Here, it should be noted that the first message can be a new generationApplication Protocol, NGAP message. The core network device can determine if the session management container containing the N2 interface in the first message is determined whether the session management container of the N2 interface is required to be resolved by the control surface network function (Access and Mobility ManagementFunction, AMF).
[0048] Specifically, the information of the target UPF includes: the address of the target UPF and / or the identity of the target UPF.
[0049] It should be noted that the address of the target UPF can be the IP address of the target UPF; the identity of the target UPF can include the following: Target UPF ID, ProGram Management Network, PMN and target UPF operators, But is not limited to the above.
[0050] As another alternative embodiment, step 101 transmits the first message to the core network device, including:
[0051] When it is determined that the first terminal currently does not establish a PDU session, or, when it is determined that the UPF corresponding to the PDU session of the first terminal does not include the target UPF, the core network device is transmitted to the core network device. The first message is described.
[0052] That is, when the access network device sends the first message to the core network device, it is necessary to first determine if a PDU session has been established between the first terminal and the target UPF. If it is established, it is not necessary to re-establish the PDU session. Therefore, the access network device does not need to send the first message to the core network device; if it is not established, the access network device needs to send the first message to the core network device to indicate that the core network device is the first terminal and the Target UPF creates a PDU session.
[0053] The user's surface function information of the present application is reported, and the access network device determines that the current needs to establish and target at least one first terminal according to the preset rules. When the PDU session between UPF, if the access network device is determined that the first terminal and the target UPF are not established, the first message is sent to the core network device, wherein the first message carries the target user. The information of the surface function UPF and the identifier of at least one first terminal; or the session management container in the first message has the identity and target UPF of the at least one first terminal, the first message A protocol data unit PDU session for indicating the at least one first terminal is the at least one first terminal. On the one hand, the core network device can select the target UPF based on the first message, and establish a PDU session for the first terminal and the target UPF, avoid data leakage; on the other hand, the present application does not need to be End of the end of any limited or change, facilitating centralized management, tamper-proof, etc.
[0054] like figure 2 In the meant, the step of reporting the method of the user's surface function information of the present application, which is applied to the core network device, including:
[0055] Step 201: Receive the first message reported by the access network device; the first message carries the identity of at least one first terminal and the information of the target user plane function surface UPF;
[0056] Optionally, the first message can be a session management container including an N2 interface, and may also be an NGAP message. Of course, it is also possible to interact between the access network device and the core network device.
[0057] Step 202: According to the first message, the protocol data unit PDU session with the target UPF is established for the first terminal.
[0058] Wherein the core network device can obtain the identification of the first terminal and the information of the identity and the target UPF of the first terminal, determine the specified target UPF according to the information of the target UPF, thereby implementing the first terminal and the target UPF Establish a PDU session.
[0059] Here, it is to be noted that the first message can be received by the AMF of the core network device, and the first message is forwarded to the SMF by the AMF, thereby implementing the SMF according to the identity of the first terminal and the information of the target UPF. PDU session. Among them, "forwarding" can be understood as a direct forwarding of any processing, and can also forward the first message to parse and encapsulate.
[0060] The user surface function information of the present application is reported to the method, and the core network device enables accurate selection of the target UPF based on the received first message, and establishes the PDU session for the first terminal and the target UPF to avoid data. vent.
[0061] Specifically, the first message includes a session management container of the N2 interface, the session management container of the N2 interface, includes information of the identity of the first terminal and the target UPF.
[0062] In this embodiment, the first news is reported to the core network device by setting the session management container of the N2 interface in the first message. The AMF of the device is not processed by the session management container of the N2 interface. Transparently transmits the session management container of the N2 interface to SMF, and is processed by SMF's session management container for the N2 interface, so it does not require important control units Change the changes to increase safety.
[0063] That is, in the case where the session management container of the N2 interface is included in the first message, the AMF only receives the first message and forwards the first message directly to the SMF.
[0064] Further, as an alternative embodiment, step 201, after receiving the first message reported by the access network device, the method further includes, based on the first message, constructing a session management container of the N1 or N2 interface, the The session management container of the N1 or N2 interface includes information of the identity of the first terminal and the target UPF.
[0065] It should be noted that this embodiment is implemented in the case where the session management container that does not contain the N2 interface in the first message sent by the access network device, that is, if the first message is directly carried The identification of the first terminal and the information of the target UPF, the core network device, specifically, the AMF in the core network device, and needs to encap directly of the identity of the first terminal and the information of the target UPF in the session management container of the N1 or N2 interface. In, thereby realizing the SMF in the core network device obtains the identity of the first terminal and the information of the target UPF, and the PDU session is established between the two, and avoiding the SMF determination. UPF is not the case where the specified UPF causes data leakage.
[0066] As an alternative embodiment, step S202, the method further includes at least one of the following:
[0067] Verify the legality of the target UPF;
[0068] Verify that the first terminal allows connection to establish a connection with the target UPF.
[0069] In this embodiment, before the first terminal establishes the PDU session of the target UPF, verify whether the target UPF is legitimate, and / or verifies whether the first terminal allows the connection to the target UPF, to a certain extent Improve the security of the PDU session between the established first terminal and the target UPF. Among them, the target UPF registration process can be triggered after the first terminal allows the connection to the target UPF.
[0070] It should be noted that in the case where the session management container of the N2 interface is not included in the first message, the legality of the target UPF can be verified by the AMF of the core network device, and / or whether the first terminal is allowed to The target UPF is established; in the case of a session management container including the N2 interface in the first message, the legality of the target UPF can be verified by the SMF of the core network device, and / or the first terminal is Allows connection to the target UPF.
[0071] As a specific embodiment, the legitimacy of the target UPF is verified, including:
[0072] Send the first verification request message to the network storage function (NRF), the first verification request message carries the information of the target UPF; the first verification request message is used to request NRF to verify the legality of the target UPF. ;
[0073] The first verification response message transmitted by the NRF is received; the first verification response message is used to indicate the target UPF legality.
[0074] That is, in the present embodiment, the core network device implements authentication indicating the legitimacy of the target UPF by transmitting the target UPF to the NRF, and the core network device only needs to obtain the target UPF from the NRF. The legal first verification response message can, where NRF can be verified using the legality of the target UPF, and this application is not limited.
[0075] It should be noted that if the NRF verifies that the target UPF is not legal, the NRF may not send verification response information to the core network device, and the core network device does not receive within the preset time of the information that is sent to the NRF. If the response information is verified, it is considered that the target UPF is not legal; or the NRF sends the verification response information indicating that the target UPF is not legal to the core network device.
[0076] As another embodiment, it is verified whether the first terminal allows the connection to the target UPF, including:
[0077] Depending on the signing information of the first terminal, verify that the first terminal allows the connection to the target UPF.
[0078] The signing information includes the ID of the first terminal, the International Mobile User Identification Code (IMSI), can be connected to the first terminal, and the like.
[0079] Further, as an alternative embodiment, the method also includes:
[0080] Gets the signing information of the first terminal stored locally stored in the core network;
[0081] or,
[0082] Gets the signatory information of the first terminal sent by the home subscription user protocol (UNIFIED DATA Management, UDM) or Policy Control function (PCF).
[0083] That is, the core network device can obtain the signing information of the first terminal in two ways, of course, the method of obtaining the signing information of the first terminal is not limited to the above two ways, any of the first The way the terminal signing information should be within the scope of the present application.
[0084] In the case where the core network device stores the signing information of the first terminal, the core network device determines whether the first terminal can be connected to the target UPF according to the signing information, of course, if there is no associated in the signatory information The information can also be determined, or the first terminal is allowed and This target UPF establishes a connection.
[0085] Further, when the core network device does not store the signing information of the first terminal, the core network device can obtain the signing information of the first terminal transmitted by the UDM, PCF, or NRF, specifically, can be the core network device After the UDM, PCF or NRF sends a request to obtain the signing information of the first terminal, acquire the signing information of the first terminal transmitted by the UDM, PCF, or NRF. Wherein, the request can include the identifier of the first terminal.
[0086] As another embodiment, the first terminal is verified whether the connection is established with the target UPF, including:
[0087] Send a second verification request message to the home subscription user protocol UDM, policy control function PCF, or network storage function NRF, the second verification request message carries the identity of the target UPF and the identity of the first terminal; the second verification request message is used The request UDM, PCF, or NRF verifies whether the first terminal allows the connection to the target UPF;
[0088] The second verification response message transmitted by the UDM, the PCF or the NRF is received, the second verification response message for indicating that it is allowed to establish a connection with the target UPF.
[0089] That is, in the present embodiment, the core network device implements the NRF, PCF or UDM to establish a connection to the target UPF by transmitting the second verification request information to NRF, PCF or UDM. Verification, and the core network device only needs to obtain the first terminal to allow the first terminal to allow the first terminal to establish a connection with the target UPF, where NRF, PCF, or UDM can be used in any way. Whether the end is allowed to establish a connection to the target UPF to verify, the present application is not limited.
[0090] It should be noted that if the NRF, UDM, or PCF verifies that the first terminal does not allow connection to the target UPF, the NRF may not send verification response information to the core network device, and the core network device is in the NRF, PCF or UDM The verification response information is not received within the preset time of the preset time of the information that transmits the target UPF, it is considered that the first terminal does not allow connection to the target UPF; or NRF, PCF or UDM sends the core network device to indicate the first A terminal does not allow verification response information to establish a connection with the target UPF.
[0091] Wherein, the information of the target UPF includes: the address of the target UPF and / or the identity of the target UPF.
[0092] It should be noted that the address of the target UPF can be the IP address of the target UPF; the identity of the target UPF can include the following: Target UPF ID, ProGram Management Network, PMN and target UPF operators, But is not limited to the above.
[0093] In addition, in the above specific embodiment, as an optional specific example, it can be performed in the following order: First, the information of the target UPF is transmitted to the NRF to indicate the legality of the target UPF. Verification. The result of the verification legal results are fed back to the core network device; second, it is determined whether the SMF is actually stored with the signing information of the first terminal. If there is, it is determined according to the signing information whether the first terminal can be connected to the target UPF. If not, the signing information of the first terminal is obtained to the UDM, PCF or NRF, and determine whether the first terminal can be connected to the target UPF according to the signing information of the first terminal acquired; or, if not, Then transmit the information of the target UPF and the identifier of the first terminal to the UDM, PCF or NRF to indicate whether the UDM, PCF or NRF determines whether the first terminal can be connected to the target UPF, and receive feedback from UDM, PCF or NRF. information.
[0094] As an alternative embodiment, step 202, according to the first message, the first terminal establishes the protocol data unit PDU session with the target UPF, including:
[0095] When it is determined that the first terminal currently does not establish a PDU session, or, when it is determined that the UPF corresponding to the PDU session of the first terminal does not include the target UPF, the core network device is transmitted to the core network device. The first message is described.
[0096] That is, when the core network device establishes the protocol data unit PDU session with the target UPF, it is necessary to first determine whether the first terminal has established a PDU session. If a PDU session is established, it is necessary to further confirm The currently established PDU session corresponding to whether the UPF includes the target UPF, only if the first terminal is currently not currently established, or the currently established PDU session corresponding to the first terminal does not include the target UPF, the core The network device will establish a PDU session for the first terminal and the target UPF.
[0097] Specifically, the process specifically established for the first terminal with the target UPF, the process can be established for: SMF to initiate an association to the target UPF, SMF initiates the establishment of the N4 session of the first terminal to the target UPF, and PDU The establishment of the session.
[0098] The user's surface function information of the present application is reported, in one aspect, the core network device can accurately select the specified UPF (target UPF), implement the first terminal and the target UPF based on the first message reported by the access network device. Establishment of PDU sessions, avoid data leakage; on the other hand, by verifying the legality of the target UPF, and / or the first terminal allows the connection to the target UPF, further improve data security; again, In the case where the session management container of the N2 interface is transmitted by the access network device, the same name transmits this container to SMF using the AMF to the session management container of the N2 interface. The same name transmits this container to SMF, and pays to the SMF The session management container is parsed so that it does not need to be changed to an important control unit, adding security.
[0099] Below, combined image 3 and Figure 4 The method of submitting the user's surface function information of the present application will be described in two specific embodiments:
[0100] The GNB in the drawings may represent an access network device according to the embodiment of the present application.
[0101] Such as image 3 As shown, one of the flowcharts of the method of the user surface function information according to the embodiment of the present application, and the specific implementation process of this method is:
[0102] S301: The access network device constructs a session management container for the N2 interface, and puts the information (address, / or identity) of the target UPF and the identity of the first terminal into the session management container of the N2 interface. Optionally, the first message can also be carried in indicating that the SMF is associated with the target UPF to create a N4 session, which creates a PDU session for the first terminal with the target UPF.
[0103] S302: The first message carries the identity of the first terminal, and the address and / or identifier of the target UPF, placing this address and / or identifier in the session management container of the N2 interface; ie generates the first message; and will The first message is sent to the core network device, which is specifically sent to the AMF of the core network device.
[0104] S303: AMF forwards the session management container of the N2 interface in the first message to the SMF, where the address and / or identifier of the target UPF is included.
[0105] S304: SMF parses the session management container of the N2 interface to obtain the identity of the first terminal, and the address and / or identifier of the target UPF;
[0106] S305: SMF sends this UPF information to the NRF, verify that the UPF is legal, whether it can be connected (trigger UPF registration process);
[0107] S306: SMF Gets the signing information of this first terminal (UE) to the UDM / PCF / NRF, determined whether the UE can be connected to this UPF; or
[0108] Send this UPF and UE information to UDM / PCF / NRF, let it determine if this UE can be connected to this UPF; or
[0109] If the SMF has the signing information of this UE locally, it is determined whether the UE can be connected to this UPF based on the signing information. If there is no relevant determinable information in the signing information, the legality of the UPF is verified, or the list of signions such as a list of UE restricted access is verified.
[0110] S306: In the case where the UPF legal, and / or the first terminal allows the connection to the target UPF, the SMF is initiated to the target UPF creation, the establishment of the N4 session, and the PDU session of this UE.
[0111] Such as Figure 4 As shown, the second diagram of the method of the user's surface function information is reported to the method of the method of the present application, and the specific implementation process of this method is:
[0112] S401: The GNB sends the first message to the AMF of the core network device, where the first message carrying the identifier of the first terminal, and the address and / or identifier of the target UPF, and can also carry the instruction information; Yes, the identification of the first terminal, and the address and / or identification of the target UPF are not placed in the session management container of the N2 interface.
[0113] S402: After the AMF receives the first message, it is determined that the legality of the target UPF, and / or whether the first terminal allows the connection to this target UPF; the specific judgment process includes:
[0114]S402A: The SMF sends this UPF information to the NRF, verify that the UPF is legal, whether it can be connected (trigger UPF registration process);
[0115] S402B: SMF acquires the signing information of this first terminal (UE) to the UDM / PCF / NRF, determined whether the UE can be connected to this UPF; or
[0116] Send this UPF and UE information to UDM / PCF / NRF, let it determine if this UE can be connected to this UPF; or
[0117] If the SMF has the signing information of this UE locally, it is determined whether the UE can be connected to this UPF based on the signing information. If there is no relevant determinable information in the signing information, the legality of the UPF is verified, or the list of signions such as a list of UE restricted access is verified.
[0118] S403: AMF judgment is legally, the session management container of the N1 or N2 interface is constructed, including the address and / or identifier of the target UPF, and the identity and instruction information of the first terminal;
[0119] S404: SMF parses the session management container of the N1 or N2 interface to obtain the address and / or identifier of the target UPF, and the identification and instruction information of the first terminal;
[0120] S405: SMF initiates the establishment of the Target UPF, the establishment of the N4 session and the PDU session with this UE.
[0121] like Figure 5 As shown, the structure of the access network apparatus of the present application embodiment includes:
[0122] The transmitting module 501 is configured to transmit a first message to the core network device, wherein the first message carries the information of the target user surface function UPF and the identity of at least one first terminal; the first message is used to indicate the core The network device establishes the at least one first terminal with the protocol data unit PDU session of the target UPF.
[0123] The present application example transmits a first message to the core network device, wherein the first message carries the information of the target user surface function UPF and the identity of at least one first terminal; the first message is used to indicate The core network device establishes the at least one first terminal with the protocol data unit PDU session of the target UPF. The core network device can select the target UPF based on the first message, and establish a PDU session for the first terminal and the target UPF, further enhance the ability to avoid data leakage.
[0124] Optionally, the access network device also includes:
[0125] The receiving module is configured to receive a session establishment request message transmitted by the first terminal, the session establishment request message including the identifier of the first terminal;
[0126] The transmitting module 501 is configured to transmit the first message to the core network device based on the session establishment request message.
[0127] Optionally, the transmitting module 501 is further configured to transmit the first message to the core network device in the case where the first terminal satisfies the preset rule.
[0128] Optionally, the transmitting module 501 includes:
[0129] Construct a child module, a session management container for building an N2 interface, the session management container of the N2 interface, contains information of the identity of the first terminal and the target UPF;
[0130] The encapsulating sub-module is packaged in the first message, and transmits the first message to the core network device.
[0131] Optionally, the information of the target UPF includes: the address of the target UPF and / or the identity of the target UPF.
[0132] Optionally, the transmitting module 501 is configured to: when determining that the first terminal is currently not currently establishing a PDU session, or, the UPF corresponding to the currently established PDU session of the first terminal does not include the target. In the case of UPF, the first message is transmitted to the core network device.
[0133] like Image 6 As shown, the structure of the access network apparatus of the present application embodiment includes:
[0134] The receiving module 601 is configured to receive the first message reported by the access network device; the first message carries the identity of at least one first terminal and the information of the target user plane function UPF;
[0135] The module 602 is established for establishing a protocol data unit PDU session with the target UPF based on the first terminal.
[0136] Optionally, the first message contains a session management container of the N2 interface, the session management container of the N2 interface, includes information of the identity of the first terminal and the target UPF.
[0137] Optionally, the core network device also includes:
[0138] The module is used to construct a session management container of the N1 or N2 interface, the session management container of the N1 or N2 interface, in accordance with the first message, and the information of the identity and the target UPF of the first terminal.
[0139] Optionally, the core network device also includes:
[0140] The first verification module is used to verify the legality of the target UPF;
[0141] The second verification module is configured to verify that the first terminal allows connection to the target UPF.
[0142] Optionally, the first verification module includes:
[0143] The first transmitting sub-module is configured to transmit a first verification request message to the network storage function NRF, the first verification request message carries the information of the target UPF; the first verification request message is used to request NRF to verify the target UPF legality;
[0144] The first receiving sub-module is configured to receive the first verification response message transmitted by the NRF; the first verification response message is used to indicate the target UPF legality.
[0145] Optionally, the second verification module includes:
[0146] The first verification sub-module is used to verify whether the first terminal allows the connection to establish a connection with the target UPF based on the signing information of the first terminal.
[0147] Optionally, the second verification module also includes:
[0148] The child module is acquired to obtain the signing information of the first terminal stored locally stored locally; or acquire the signing information of the first terminal transmitted by the home sign user protocol UDM or policy control the air energy PCF.
[0149] Optionally, the second verification module includes:
[0150] The second transmission sub-module is used to transmit a second verification request message to the home subscription user protocol UDM, policy control function PCF, or network storage function NRF, the second verification request message carries the identity of the target UPF and the identifier of the first terminal; The second verification request message is used to request UDM, PCF, or NRF to verify that the first terminal allows connection to the target UPF;
[0151] The second receiving sub-module is configured to receive the UDM, the PCF, or the NRF transmitted second verification response message, the second verification response message for indicating that it is allowed to establish a connection with the target UPF.
[0152] Optionally, the information of the target UPF includes: the address of the target UPF and / or the identity of the target UPF.
[0153] Optionally, the establishment module 602 is for: if it is determined that the first terminal currently does not establish a PDU session, or, the UPF corresponding to the currently established PDU session corresponding to the first terminal does not include the target. In the case of UPF, the first message is transmitted to the core network device.
[0154] It should be noted that the core network device of the present application can realize the steps in the method of user surface function information applied to the core network device, and can achieve the same technical effect, in order to avoid repetition, here is not repeated .
[0155] The present application embodiment also provides an access network device, including: transceivers, memory, processor, computer program stored on said memory and can run on said processor; said transceiver Under the control of the processor, each step is performed on the method of the user surface function information applied to the access network device as described above, and the same technical effect can be achieved, in order to avoid repetition, will not be described here.
[0156] The present application embodiment also provides a core network device, including: transceivers, memory, processor, computer program stored on said memory and can run on said processor; said transceiver at said processor Under the control, the step of reporting the method embodiment of the user surface function information applied to the core network device is performed, and the same technical effect can be achieved, and the repetition can be avoided, and details are not described herein again.
[0157] The present application embodiment provides a readable storage medium that stores a program on the readable storage medium, the program being implemented by the processor to implement the user's surface function information of the access network device as described above. The various steps of the embodiment, and / or, the steps of the embodiment of the user's surface function information of the core network device are applied to the method of the method, in order to avoid repetition, will not be described here. Among them, this read-only memory medium such as read-onlymemory, referred to as ROM Access Memory, a referred to as RAM, a disk, or an optical disk.
[0158] Alternatively, the present application also provides an access network device, including:
[0159] The processor is used to transmit a first message to the core network device, wherein the first message carries the information of the target user surface function UPF and the identifier of at least one first terminal; the first message is used to indicate the core network. The device establishes the at least one first terminal with the protocol data unit PDU session of the target UPF.
[0160] The processor can also be configured and implemented in the above-described access network device embodiment, and the same technical effects can be achieved with the above embodiments.
[0161] In addition, it is to be explained that in the various embodiments of the present application, UPF, AMF, SMF, NRF, PCF, UDM, and the like may be one or more entities.
[0162]Finally, it will also be noted that in this article, a relationship term such as the first and second, etc. is only used to separate an entity or operation with another entity or an operational area, and not necessarily or imply these entities. Or there is any such active relationship or order between operations. Moreover, the term "comprising", "comprising" or any other variable is intended to cover non-exclusive contained comprising a series of elements, methods, items, or terminal devices not only include those elements, but also include no clear columns Other elements, or elements that are also inherent to this process, method, item or equipment. In the absence of more restrictions, the elements defined by the statement "include a ...", and there is no additional same elements in the process, method, item, or apparatus including the element.
[0163] The above is the preferred embodiment of the present application, and it should be noted that some improvements and moisters can be made without departing from the present invention, without departing from the principles of the present invention, these improvements and moisters can be made. It should also be considered as a scope of protection of the present application.
[0164] A1. A user plane function information is reported to the access network device, characterized in that the method comprises:
[0165] The first message is transmitted to the core network device, wherein the first message carries the information of the target user surface function UPF and the identifier of at least one first terminal; the first message is used to indicate the core network device to the at least A first terminal establishes a protocol data unit PDU session with the target UPF.
[0166] A2. The method of claim A1, wherein the method further comprises:
[0167] Receive the session establishment request message transmitted by the first terminal, the session establishment request message including the identifier of the first terminal;
[0168] Send a first message to the core network device, including:
[0169] The first message is transmitted to the core network device based on the session establishment request message.
[0170] A3. The method of claim A2, characterized in that the first message is sent to the core network device, including:
[0171] In the case where the first terminal satisfies the preset rule, the first message is transmitted to the core network device.
[0172] A4. The method of claim A1, characterized in that the first message is sent to the core network device, including:
[0173] The session management container of the N2 interface is constructed, and the session management container of the N2 interface includes information of the identity of the first terminal and the target UPF;
[0174] The session management container of the N2 interface is packaged in the first message and the first message is transmitted to the core network device.
[0175] A5. The method of any of claims A1 to A4, characterized in that the information of the target UPF includes: the address of the target UPF and / or the identity of the target UPF.
[0176] A6. The method of claim A1, characterized in that the first message is transmitted to the core network device, including:
[0177] When it is determined that the first terminal currently does not establish a PDU session, or, when it is determined that the UPF corresponding to the PDU session of the first terminal does not include the target UPF, the core network device is transmitted to the core network device. The first message is described.
[0178] B7. A user-face function information is reported to the core network device, which is characterized in that the method includes:
[0179] Receive the first message reported by the access network device; the first message carries the identity of at least one first terminal and the information of the target user plane function UPF;
[0180] According to the first message, the protocol data unit PDU session with the target UPF is established for the first terminal.
[0181] B8. The method of claim 21 wherein the first message comprises a session management container of an N2 interface, the session management container of the N2 interface comprising the identification and target UPF of the first terminal.
[0182] B9. The method of claim 21, wherein the method further comprises: based on the first message, constructing a session management container of the N1 or N2 interface, The session management container of the N1 or N2 interface includes information of the identity and target UPF of the first terminal.
[0183] The method according to any one of claims B7 to B9, characterized in that the method further comprises at least one of the following to establish a PDU session of the first terminal to establish a PDU session of the target UPF. :
[0184] Verify the legality of the target UPF;
[0185] Verify that the first terminal allows connection to establish a connection with the target UPF.
[0186] B11. The method of claim B10, characterized in that the legality of the target UPF, including:
[0187] Send the first authentication request message to the network storage function, the first verification request message carries the information of the target UPF; the first verification request message is used to request NRF to verify the legality of the target UPF;
[0188] The first verification response message transmitted by the NRF is received; the first verification response message is used to indicate the target UPF legal.
[0189] B12. The method of claims B10, characterized in that the first terminal is verified whether the first terminal allows connection to the target UPF, including:
[0190] Depending on the signing information of the first terminal, verify that the first terminal allows the connection to the target UPF.
[0191] B13. The method of claim 21, wherein the method further comprises:
[0192] Gets the signing information of the first terminal stored locally stored in the core network;
[0193] or,
[0194] Gets the signatory information of the first terminal transmitted by the home subscription user protocol UDM or the policy control function PCF.
[0195] B14. The method of claim B10, characterized in that the first terminal allows whether the first terminal allows to establish a connection with the target UPF, including:
[0196] Send a second verification request message to the home subscription user protocol UDM, policy control function PCF, or network storage function NRF, the second verification request message carries the identity of the target UPF and the identity of the first terminal; the second verification request message is used The request UDM, PCF, or NRF verifies whether the first terminal allows the connection to the target UPF;
[0197] The second verification response message transmitted by the UDM, the PCF or the NRF is received, the second verification response message for indicating that it is allowed to establish a connection with the target UPF.
[0198] B15. The method of any of claims B7 to B9, characterized in that the information of the target UPF includes: the address of the target UPF and / or the identity of the target UPF.
[0199] B16. The method of claim 21, characterized in that the first terminal is established to establish a protocol data unit PDU session with the target UPF, including:
[0200] When it is determined that the first terminal currently does not establish a PDU session, or, when it is determined that the UPF corresponding to the PDU session of the first terminal does not include the target UPF, the core network device is transmitted to the core network device. The first message is described.
[0201] C17. An access network device, including:
[0202] The transmitting module is configured to send a first message to the core network device, wherein the first message carries the information of the target user plane function UPF and the identifier of at least one first terminal; the first message is used to indicate the core network. The device establishes the at least one first terminal with the protocol data unit PDU session of the target UPF.
[0203] C18. The access network device according to claims C17, wherein the access network device further comprises:
[0204] The receiving module is configured to receive a session establishment request message transmitted by the first terminal, the session establishment request message including the identifier of the first terminal;
[0205] The transmitting module is used to transmit the first message to the core network device based on the session establishment request message.
[0206] C19. The access network device according to claims C18, characterized in that the transmitting module is further configured to transmit the core network device when the first terminal satisfies the preset rule. One news.
[0207] C20. The access network device according to claims C17, wherein the transmitting module comprises:
[0208] Construct a child module, a session management container for building an N2 interface, the session management container of the N2 interface, contains information of the identity of the first terminal and the target UPF;
[0209] The encapsulating sub-module is packaged in the first message, and transmits the first message to the core network device.
[0210] The access network device according to any one of claims C17 to C20, characterized in that the information of the target UPF includes: the address of the target UPF and / or the identity of the target UPF.
[0211] The access network device according to claims C17, wherein the transmitting module is for: if it is determined that the first terminal is currently not currently establishing a PDU session, or in determining the first terminal. When the currently established PDU session, the UPF does not include the target UPF, the first message is transmitted to the core network device.
[0212] D23. A core network device, including:
[0213] The receiving module is configured to receive the first message reported by the access network device; the first message carrying the identity of at least one first terminal and the information of the target user plane function UPF;
[0214] The module is established for establishing a protocol data unit PDU session with the target UPF based on the first terminal.
[0215]The core network apparatus according to claim D23, wherein the first message comprises a session management container of an N2 interface, the session management container of the N2 interface contains the identification and target UPF of the first terminal. information.
[0216] D25. The core network device according to claim D23, characterized in that the core network device further includes:
[0217] The module is used to construct a session management container of the N1 or N2 interface, the session management container of the N1 or N2 interface, in accordance with the first message, and the information of the identity and the target UPF of the first terminal.
[0218] The core network device according to any one of claims D23 to D25, characterized in that the core network device further includes:
[0219] The first verification module is used to verify the legality of the target UPF;
[0220] The second verification module is configured to verify that the first terminal allows connection to the target UPF.
[0221] D27. The core network device of claim D26, wherein the first verification module comprises:
[0222] The first transmitting sub-module is configured to transmit a first verification request message to the network storage function NRF, the first verification request message carries the information of the target UPF; the first verification request message is used to request NRF to verify the target UPF legality;
[0223] The first receiving sub-module is configured to receive the first verification response message transmitted by the NRF; the first verification response message is used to indicate the target UPF legal.
[0224] D28. The core network device according to claim D26, wherein the second verification module comprises:
[0225] The first verification sub-module is used to verify whether the first terminal allows the connection to establish a connection with the target UPF based on the signing information of the first terminal.
[0226] D29. The core network device according to claim D28, wherein the second verification module further includes:
[0227] The child module is acquired to obtain the signing information of the first terminal stored locally stored locally; or acquire the signing information of the first terminal transmitted by the home sign user protocol UDM or policy control the air energy PCF.
[0228] D30. The core network device according to claim D26, characterized in that the second verification module comprises:
[0229] The second transmission sub-module is used to transmit a second verification request message to the home subscription user protocol UDM, policy control function PCF, or network storage function NRF, the second verification request message carries the identity of the target UPF and the identifier of the first terminal; The second verification request message is used to request UDM, PCF, or NRF to verify that the first terminal allows connection to the target UPF;
[0230] The second receiving sub-module is configured to receive the UDM, the PCF, or the NRF transmitted second verification response message, the second verification response message for indicating that it is allowed to establish a connection with the target UPF.
[0231] The core network device according to any one of claims D23 to D25, characterized in that the information of the target UPF includes: the address of the target UPF and / or the identity of the target UPF.
[0232] The core network apparatus according to claim D23, wherein the establishment module is for: if it is determined that the first terminal is currently not currently established, or in determining the first terminal. The UPF corresponding to the established PDU session does not include the target UPF, the first message is transmitted to the core network device.
[0233] E33. An access network device, comprising: a transceiver, a memory, a processor, and a computer program stored on the memory and can run on the processor; characterized in that the transceiver The step of performing the method of reporting the user surface function information as claimed in any one of claims A1 to A6 is performed under the control of the processor.
[0234] F34. A core network device, comprising: a transceiver, a memory, a processor, and a computer program stored on the memory and can run on the processor; characterized in that the transceiver is The step of performing the method of reporting the user's surface function information according to any one of claims B7 to B16 is performed under the control of the processor.
[0235] G35. A readable storage medium, characterized in that the program is stored on the readable storage medium that implements the user's surface function information according to any one of claims A1 to A6 when executed by the processor. The step of the reporting method, and / or, the step of reporting the method of the user's surface function information according to any one of claims B7 to B16.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more PUM


Description & Claims & Application Information
We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Similar technology patents
Keyboard with one-key screen locking function
InactiveCN108459724APrevent Data LeakageInput/output for user-computer interactionInternal/peripheral component protectionEmbedded systemControl switch
Owner:XIANGYANG NO 42 MIDDLE SCHOOL
Remote access method, computing device and readable storage medium
PendingCN114756317AAvoid visitingPrevent Data LeakageDigital data protectionExecution for user interfacesComputer securityEngineering
Owner:UNIONTECH SOFTWARE TECH CO LTD
Decentralization-based mobile hard disk encryption and decryption method and system
ActiveCN106980580APrevent Data LeakageUnauthorized memory use protectionDigital data authenticationDisk encryptionDisk loading
Owner:宁夏凯速德科技有限公司
Data transmission method and system, data sending device and data receiving device
InactiveCN109547172APrevent data leakageIntegrity guaranteedError prevention/detection by using return channelData switching networksData transmissionData information
Owner:DONGGUAN JIANDA INFORMATION TECH CO LTD
UEFI (Unified Extensible Firmware Interface)-based backup and one-key startup item guiding method
PendingCN114168207APrevent Data LeakageEasy to operateBootstrappingProgram loading/initiatingKey recoveryUnified Extensible Firmware Interface
Owner:成都傲梅科技有限公司
Classification and recommendation of technical efficacy words
- Prevent Data Leakage
Method and apparatus for dynamically regulating visual angle of screen
ActiveCN101488326APrevent Data LeakageImprove convenienceCathode-ray tube indicatorsInstrumental componentsVisual rangeScreen viewing
Owner:HTC CORP
General database transparent encryption system
ActiveCN106934298APrevent Data LeakageImprove versatilityEncryption apparatus with shift registers/memoriesDigital data protectionDatabase encryptionUser-defined function
Owner:戴林
Secure storage device
ActiveCN104239820AAchieve securityPrevent Data LeakageInternal/peripheral component protectionLocal machineComputer hardware
Owner:POTEVIO INFORMATION TECH
Protection method and device for executable programs
ActiveCN103488919APrevent memory dumpsPrevent Data LeakageProgram/content distribution protectionData informationExecutable
Owner:BEIJING SENSESHIELD TECH
Data protection method and data protection device of movable storage equipment and movable storage equipment
InactiveCN101634972APrevent Data LeakageEnsure safetyUnauthorized memory use protectionStorage cellEngineering
Owner:HUAWEI DIGITAL TECH (CHENGDU) CO LTD