Communication method and apparatus, storage medium, and electronic device

By using blockchain technology to synchronize data between terrestrial and satellite operators, the integrity and security of data transmission in the context of integrated roaming between terrestrial and satellite networks are resolved. This ensures efficient, secure transmission and accurate verification of user account data and optimizes the roaming service process.

WO2026144326A1PCT designated stage Publication Date: 2026-07-09CHINA SATELLITE NETWORK INNOVATION CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
CHINA SATELLITE NETWORK INNOVATION CO LTD
Filing Date
2025-09-26
Publication Date
2026-07-09

AI Technical Summary

Technical Problem

The lack of a data synchronization mechanism between terrestrial operators and satellite operators makes it difficult to guarantee the integrity and security of data transmission, especially in the scenario of roaming between different networks in a space-ground integrated system, where the efficiency and accuracy of user data synchronization are low.

Method used

A data synchronization mechanism is adopted between blockchain nodes and the ground operator's operation service platform. Blockchain technology is used to ensure the integrity and security of data, and the data is synchronized to the satellite core network for roaming capability verification, including the storage, verification and synchronization of account data.

Benefits of technology

It enables efficient and secure transmission and storage of roaming user account data, and the satellite core network can verify users' roaming capabilities in a timely manner. It optimizes the integrated space-ground roaming service process and improves the efficiency and accuracy of data communication.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025124528_09072026_PF_FP_ABST
    Figure CN2025124528_09072026_PF_FP_ABST
Patent Text Reader

Abstract

The present application discloses a communication method and apparatus, a storage medium, and an electronic device. The method comprises: acquiring account data of a user sent by a blockchain node, wherein the account data at least comprises an account identifier of the user and whether the user has subscribed to a satellite communication service, and the account data is configured to be determined by an operation service platform of a terrestrial operator and sent to the blockchain node for storage; and synchronizing the account data to a satellite core network, such that when the user initiates registration with the satellite core network by means of a terminal device, the satellite core network verifies the roaming capability of the user, so as to indicate whether the user is allowed to use the terminal device for data exchange. The present application solves the technical problem that it is difficult to ensure a communication control effect due to the lack of a data synchronization mechanism between a terrestrial operator and a satellite operator.
Need to check novelty before this filing date? Find Prior Art

Description

Communication methods and devices, storage media and electronic devices

[0001] Cross-reference to related applications

[0002] This application claims priority to Chinese Patent Application No. 202510007261.4, filed on January 2, 2025, entitled "Communication Method and Apparatus, Storage Medium and Electronic Device", the entire contents of which are incorporated herein by reference. Technical Field

[0003] This application relates to the field of computers, and more specifically, to a communication method and apparatus, a storage medium and an electronic device. Background Technology

[0004] In integrated terrestrial-satellite network roaming scenarios, terrestrial operators and satellite operators need to frequently synchronize user data, especially information about satellite service packages, to ensure roaming users can access the satellite network normally. However, there is currently no data synchronization mechanism between terrestrial and satellite operators, making it difficult to guarantee the integrity and security of data transmission. Because account data involves user privacy, terrestrial operators cannot directly share it. Therefore, related technologies suffer from low data synchronization efficiency and accuracy between terrestrial and satellite operators, and the security of data synchronization is difficult to guarantee.

[0005] There is currently no effective solution to the above problems. Summary of the Invention

[0006] This application provides a communication method and apparatus, a storage medium and an electronic device to at least solve the technical problem that there is no data synchronization mechanism between terrestrial operators and satellite operators, making it difficult to guarantee the effectiveness of communication control.

[0007] According to one aspect of the embodiments of this application, a communication method is provided, comprising: acquiring user account data sent by a blockchain node, wherein the account data includes at least the user's account identifier and whether the user has subscribed to a satellite communication service, and the account data is configured to be determined by a ground operator's operation service platform and sent to the blockchain node for storage; synchronizing the account data to the satellite core network, so that when the user initiates registration with the satellite core network through a terminal device, the satellite core network verifies the user's roaming capability to indicate whether the user is allowed to use the terminal device for data interaction.

[0008] According to one aspect of the embodiments of this application, another communication method is provided, comprising: acquiring the user's account data, wherein the account data includes at least the user's account identifier and whether the user allows satellite communication, and the account data is configured to be determined by a ground operator operation service platform and sent to a blockchain node for storage; the satellite operator operation service platform synchronizes the account data to the satellite core network, so that when the user allows satellite communication, a first blockchain node in the blockchain nodes receives the account data sent by the ground operator operation service platform and broadcasts the account data to a second blockchain node; the second blockchain node in the blockchain nodes receives the account data broadcast by the first blockchain node and sends the account data to the satellite operator operation service platform.

[0009] According to one aspect of the embodiments of this application, another communication method is provided, comprising: acquiring user account data and sending the account data to a blockchain node, wherein the account data includes at least the user's account identifier and whether the user allows satellite communication; if the user allows satellite communication, acquiring the user's account change data and sending the account change data to the blockchain node, wherein the blockchain node is configured to store the account data.

[0010] According to one aspect of the embodiments of this application, another communication method is provided, comprising: interacting with a terminal device used by the user when the user allows satellite communication; determining the user's roaming data based on the user's account data, and sending the roaming data to a satellite operator operation service platform, wherein the account data includes at least the user's account identifier and whether the user allows satellite communication; the satellite operator operation service platform is used to query the account data through a blockchain node and synchronize the account data to the satellite core network, and the blockchain node is configured to store the account data.

[0011] According to one aspect of the embodiments of this application, a communication system is provided, comprising: a terrestrial operator operation service platform configured to acquire user account data and send the account data to a blockchain node, wherein the account data includes at least the user's account identifier and whether the user has subscribed to satellite communication services; the blockchain node configured to store the account data and verify the user corresponding to the account data; a satellite operator operation service platform configured to query the account data through the blockchain node and synchronize the account data to a satellite core network; and the satellite core network configured to verify the user's roaming capability when the user initiates registration with the satellite core network through a terminal device, to indicate whether the user is allowed to use the terminal device for data interaction.

[0012] According to another aspect of the embodiments of this application, a communication device is also provided, comprising: an acquisition module configured to acquire user account data sent by a blockchain node, wherein the account data includes at least the user's account identifier and whether the user has subscribed to satellite communication services, and the account data is configured to be determined by a ground operator's operation service platform and sent to the blockchain node for storage; and a synchronization module configured to synchronize the account data to the satellite core network, so that when the user initiates registration with the satellite core network through a terminal device, the satellite core network verifies the user's roaming capability to indicate whether the user is allowed to use the terminal device for data interaction.

[0013] Optionally, the device is further configured to: acquire the user's account change data and send the account change data to the blockchain node, wherein the account change data is determined by the ground operator's operation service platform; update the account data stored in the blockchain node based on the account change data; query the account data and synchronize the updated account data to the satellite core network.

[0014] Optionally, the device is configured to acquire user account data sent by a blockchain node in the following manner: receiving the account data sent by the ground operator's operation service platform through a first blockchain node, wherein the account data is configured to be broadcast through the first blockchain node; and receiving the account data sent by a second blockchain node, wherein the account data is configured to be received from the first blockchain node through the second blockchain node.

[0015] Optionally, the device is further configured to: determine whether the first blockchain node and the second blockchain node have reached a consensus on the account data, and if a consensus is reached, write the account data into the blockchain ledger corresponding to the blockchain node; and report the on-chain status of the account data to the ground operator operation service platform, wherein the on-chain status is configured to indicate whether the account data has been stored on the blockchain node.

[0016] Optionally, the device is configured to perform at least one of the following operations: in response to a change in the account data, obtain the changed account data actively pushed by the second blockchain node and send the push result to the second blockchain node; actively pull the account data from the second blockchain node.

[0017] Optionally, the device is further configured to: in response to a change in the account data, send the changed account data to the satellite core network; and obtain the result data of the user determined by the satellite core network based on the account data.

[0018] Optionally, the apparatus is further configured to: use an access and mobility management function entity to obtain a registration request message sent by the terminal device; perform an authentication process based on the registration request message; after the authentication process is completed, send a user roaming data acquisition request message to a data management entity through the access and mobility management function entity, wherein the user roaming data acquisition request message includes the account identifier; use the data management entity to determine the user's satellite access capability identifier based on the user roaming data acquisition request message, and send the satellite access capability identifier to the access and mobility management function entity through the data management entity to indicate whether the terminal device has the conditions to access the satellite network.

[0019] Optionally, the device is further configured to: use the data management entity to determine the account identifier from the user roaming data acquisition request message; use the data management entity to encrypt the account identifier; use the data management entity to verify the encrypted account identifier with the account data synchronized by the satellite operator's operation service platform to determine the satellite access capability identifier; and use the data management entity to send the satellite access capability identifier to the access and mobility management function entity.

[0020] Optionally, the device is further configured to perform at least one of the following operations: querying the blockchain node for the user's retrospective data results according to a data query request, wherein the data query request includes the account identifier and the query time period; and controlling the ground operator operation service platform to query the blockchain node for the user's retrospective data results according to the data query request.

[0021] According to another aspect of the embodiments of this application, a computer-readable storage medium is also provided, wherein a computer program is stored in the computer-readable storage medium, and the computer program is configured to execute the above-described communication system when it is run.

[0022] According to another aspect of the embodiments of this application, a computer program product or computer program is provided, which includes computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the communication system described above.

[0023] According to another aspect of the embodiments of this application, an electronic device is also provided, including a memory and a processor, wherein the memory stores a computer program and the processor is configured to execute the communication system described above through the computer program.

[0024] In this embodiment, a data synchronization mechanism between blockchain nodes and the ground operator's operation service platform is employed to achieve efficient and secure transmission and storage of roaming user account data. Furthermore, by synchronizing account data to the satellite core network, the satellite core network can promptly verify the user's roaming capabilities when the user initiates registration through a terminal device, accurately determining whether the user is qualified to use satellite communication services for data interaction. This achieves the technical effect of optimizing the integrated space-ground roaming service process and enabling efficient and accurate data communication, thereby effectively solving the technical problem that there is currently no data synchronization mechanism between ground operators and satellite operators, making it difficult to guarantee the effectiveness of communication control. Attached Figure Description

[0025] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings:

[0026] Figure 1 is a schematic diagram of an application environment of an optional communication system according to an embodiment of this application;

[0027] Figure 2 is a flowchart of an optional communication system according to an embodiment of this application;

[0028] Figure 3 is a schematic diagram of an optional inter-network roaming mode of a communication system according to an embodiment of this application;

[0029] Figure 4 is a schematic diagram of the architecture of an optional communication system according to an embodiment of this application;

[0030] Figure 5 is a schematic diagram of the synchronization data flow of an optional communication system according to an embodiment of this application;

[0031] Figure 6 is a schematic diagram of the synchronization data flow of another optional communication system according to an embodiment of this application;

[0032] Figure 7 is a schematic diagram of an optional communication system for managing roaming users across different networks according to an embodiment of this application;

[0033] Figure 8 is a schematic diagram of the registration process of an optional communication system according to an embodiment of this application;

[0034] Figure 9 is a schematic diagram of a data verification process for an optional communication system according to an embodiment of this application;

[0035] Figure 10 is a schematic diagram of the message flow of another optional communication system according to an embodiment of this application;

[0036] Figure 11 is a schematic diagram of an optional communication device according to an embodiment of this application;

[0037] Figure 12 is a schematic diagram of the structure of an optional communication product according to an embodiment of this application;

[0038] Figure 13 is a schematic diagram of the structure of an optional electronic device according to an embodiment of this application. Detailed Implementation

[0039] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort should fall within the scope of protection of the present application.

[0040] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0041] First, some nouns or terms that appear in the description of the embodiments of this application shall be interpreted as follows:

[0042] AMF: Access and Mobility Management Function, responsible for access and mobility management, and used to handle control signaling related to UE (User Equipment) access.

[0043] SMF: Session Management Function, responsible for session management, including the establishment, modification and release of PDU (Protocol Data Unit) sessions, and collaboration with UPF to ensure data transmission policies and QoS (Quality of Service) implementation.

[0044] UPF: User Plane Function, which performs user plane functions such as packet forwarding and policy enforcement.

[0045] UDM: Unified Data Management, is a functional entity responsible for managing user data and managing user contract data.

[0046] AUSF: Authentication Server Function, responsible for user authentication and authentication data processing.

[0047] The aforementioned network elements communicate through standard service interfaces (such as N2, N4, N11, etc.) to collaboratively complete network operations.

[0048] The present application will be described below with reference to embodiments:

[0049] According to one aspect of the embodiments of this application, a communication system is provided. Optionally, in this embodiment, the communication system can be applied to a hardware environment consisting of a server 101 and a terminal device 103 as shown in FIG1. ​​As shown in FIG1, the server 101 is connected to the terminal device 103 via a network and can be configured to provide services to the terminal device or an application 107 installed on the terminal device. The application can be a video application, an instant messaging application, a browser application, an educational application, a game application, etc. Database 105 can be set up on the server or independently of the server to provide data storage services for server 101, such as a game data storage server. The network mentioned above can include, but is not limited to, wired networks and wireless networks. The wired network includes local area networks, metropolitan area networks, and wide area networks. The wireless network includes Bluetooth, WIFI, and other networks that enable wireless communication. Terminal device 103 can be a terminal configured with an application, and can include, but is not limited to, at least one of the following: mobile phones (such as Android phones, iOS phones, etc.), laptops, tablets, handheld computers, MID (Mobile Internet Devices), PADs, desktop computers, smart TVs, smart voice interaction devices, smart home appliances, vehicle terminals, aircraft, virtual reality (VR) terminals, augmented reality (AR) terminals, mixed reality (MR) terminals, and other computer devices. The server mentioned above can be a single server, a server cluster composed of multiple servers, or a cloud server.

[0050] As shown in Figure 1, the above-mentioned communication system can be implemented by an electronic device, which can be a terminal device or a server. The communication system can be implemented by the terminal device or the server separately, or by the terminal device and the server together.

[0051] The above is merely an example, and this embodiment does not impose any specific limitations.

[0052] Optionally, as an alternative implementation method, as shown in Figure 2, the above communication method may be executed, including but not limited to using a satellite operator's operation service platform as the implementing entity. Specifically, the satellite operator's operation service platform refers to a system platform responsible for processing satellite communication services, managing roaming user data, and coordinating settlement matters with ground operators. This includes, but is not limited to, receiving roaming user account data synchronized by ground operators via blockchain, parsing and verifying account data, and synchronizing data to the satellite core network through a service activation interface. The above communication method includes:

[0053] S202, Obtain user account data sent by blockchain node, wherein the account data includes at least the user's account identifier and whether the user has signed up for satellite communication service, and the account data is set to be determined by the ground operator's operation service platform and sent to the blockchain node for storage;

[0054] Optionally, in this embodiment, the aforementioned terrestrial operator operation service platform refers to the service platform within the terrestrial operator operation system responsible for collecting, managing, and updating user information, including but not limited to key business functions such as user subscription data updates, package management, billing, and settlement. The aforementioned user refers to a user account registered in the terrestrial operator network that may use satellite roaming services. These accounts have unique identifiers in the system, such as SUPI (Subscriber Permanent Identifier) ​​or IMSI (International Mobile Subscriber Identity), used to uniquely identify users within the network. The aforementioned account data refers to key information related to the user, including at least the user's privacy-encrypted identifier (such as PPIMSI, Privacy-Protected IMSI) and service status information regarding whether satellite communication is permitted.

[0055] For example, when a terrestrial operator's service platform detects a user's activation or cancellation of a satellite package, or a change in service status, it proactively obtains the user's latest account data. This account data includes not only the user's privacy-encrypted identifier, such as the IMSI (PPIMSI) processed using a privacy encryption algorithm, but also service status information indicating whether the account is permitted to conduct satellite communications. Next, the terrestrial operator's service platform sends this critical account data to a blockchain node. Utilizing the blockchain's distributed ledger and consensus mechanism, the integrity and immutability of the data are ensured during synchronization to the satellite operator's service platform. Simultaneously, privacy encryption algorithms protect sensitive user information, ultimately optimizing communication between the satellite and terrestrial operators regarding package revenue sharing.

[0056] Optionally, in this embodiment of the application, the aforementioned blockchain node refers to a distributed database node participating in the blockchain network, which is responsible for storing and verifying account data sent from the ground operator's operation service platform, including but not limited to the user's privacy encryption identifier (such as PPIMSI) and service status information on whether the account is allowed to conduct satellite communication. The blockchain node ensures the accuracy and immutability of the data through a consensus mechanism, forming a continuous and transparent chain of user data records on the blockchain.

[0057] For example, the main function of the aforementioned blockchain node in this embodiment is to serve as a carrier for storing and verifying roaming user account data. When the ground operator's service platform sends the user's account data to the blockchain network, the blockchain node ensures the integrity and authenticity of the data by executing a series of preset verification rules and encryption algorithms. Once the data is verified and accepted, it will be permanently stored on the blockchain, forming an irreversible and traceable record. Each blockchain node maintains a copy of this record, and the consensus mechanism ensures data consistency across all nodes, thereby providing a secure and reliable data storage platform. This platform supports the satellite operator's service platform in querying and synchronizing the latest status of roaming users, and supports data retrieval mechanisms based on event listening or specific frequencies, ensuring real-time data updates and efficient information synchronization between networks.

[0058] For example, the aforementioned satellite operator's service platform queries roaming user account data pushed by the terrestrial operator through blockchain nodes, parses and verifies the data to ensure its accuracy and timeliness. Subsequently, the service platform uses the service activation interface to synchronize the verified account data to the satellite core network, enabling the core network to determine whether to allow the user to access the satellite network and conduct data communication based on the user's latest status (such as satellite access capability identifier).

[0059] S204 synchronizes account data to the satellite core network so that when a user initiates registration with the satellite core network through a terminal device, the satellite core network verifies the user's roaming capability and indicates whether the user is allowed to use the terminal device for data interaction.

[0060] Optionally, in the embodiments of this application, the aforementioned satellite core network refers to the core processing unit of the satellite network in the integrated space-ground network architecture, which is responsible for managing user access control and data communication, including but not limited to authentication based on user data, security control, and data interaction functions with terminal devices.

[0061] For example, when a roaming user roams to a satellite operator's network, they initiate a registration request to the satellite network's AMF. Then, the aforementioned satellite core network completes the authentication and authorization process between the user and their home network, and obtains the user's SUPI (IMSI) information. The satellite core network then sends a user roaming data retrieval request (carrying the user's SUPI information) to the satellite core network's UDM / HSS (Home Subscriber Server). The satellite core network's UDM / HSS processes the SUPI information, encrypts it for privacy, and verifies it against synchronized roaming user data. It then sends a user roaming data retrieval response message to the satellite network's AMF. The satellite network's AMF then judges the user roaming data retrieval response message, thus achieving the purpose of verifying the user's roaming capability.

[0062] Specifically, the aforementioned user roaming data acquisition response message carries a satellite access capability identifier (satAccessEnabled). The satellite network AMF obtains the satellite access capability identifier by parsing the user roaming data acquisition response message and determines whether the user has satellite access capability based on the field value of the satellite access capability identifier.

[0063] In an exemplary embodiment, Figure 3 is a schematic diagram of an optional communication system roaming mode according to an embodiment of the present application. The communication system proposed in this application can be applied to the integrated space-ground network scenario. In the roaming mode, the communication service between the ground operator user and the satellite base station is carried out through the satellite (visited) network to the ground operator (home) network. The network architecture in the roaming mode is shown in Figure 3.

[0064] Furthermore, Figure 4 is a schematic diagram of an optional communication system architecture according to an embodiment of this application. The communication optimization architecture for package revenue sharing in the scenario of integrated terrestrial-satellite roaming is shown in Figure 4, wherein: the blockchain is used to provide the ability for terrestrial operators and satellite operators to synchronize key necessary information for roaming users' satellite service activation through a trusted blockchain channel, as well as the ability to backtrack and verify on the chain when data between terrestrial operators and satellite operators is inconsistent; the operation service platform is used to optimize and provide terrestrial operators with the ability to receive, store, generate package revenue sharing settlement statements, and reconcile data of roaming users on different networks, and supports the function of pushing synchronized key data to the satellite core network through the service activation interface; the satellite core network is used to provide terrestrial operators with the ability to manage roaming users and control the access of roaming users.

[0065] In an exemplary embodiment, FIG5 is a schematic diagram of the synchronization data flow of an optional communication system according to an embodiment of the present application. As shown in FIG5, the sender-initiated synchronization data flow based on event listening using the above communication system includes, but is not limited to:

[0066] S1 contains data on terrestrial operators' users activating / canceling satellite packages, suspending / resuming service, etc.

[0067] S2, the ground operator's operation platform will synchronize roaming user data to the ground operator's blockchain node;

[0068] S3, roaming user data is synchronized from the consensus of the terrestrial operator's blockchain node to the satellite operator's blockchain node via a blockchain network;

[0069] S4, the terrestrial operator's blockchain node and the satellite operator's blockchain node successfully reached a consensus, and the data blocks were written into their respective blockchain ledgers;

[0070] S5, the blockchain nodes of the ground operators report the on-chain results to the ground operator operation service platform;

[0071] S6, the satellite operator's blockchain node listens to the roaming user's business operation events and actively pushes data to the operation service platform through the interface provided by the satellite operator's operation service platform;

[0072] S7, the satellite operator's operation service platform provides feedback and pushes the synchronization results.

[0073] In an exemplary embodiment, FIG6 is a schematic diagram of the synchronization data flow of another optional communication system according to an embodiment of the present application. As shown in FIG6, the process of implementing the receiver actively pulling data based on a specific frequency using the above communication system includes, but is not limited to:

[0074] S1 contains data on terrestrial operators' users' activation and cancellation of satellite packages, as well as data on service suspension and resumption.

[0075] S2, the ground operator's operation platform will synchronize roaming user data to the ground operator's blockchain node;

[0076] S3, roaming user data is synchronized from the consensus of the terrestrial operator's blockchain node to the satellite operator's blockchain node via a blockchain network;

[0077] S4, the terrestrial operator's blockchain node and the satellite operator's blockchain node successfully reached a consensus, and the data blocks were written into their respective blockchain ledgers;

[0078] S5, the blockchain nodes of the ground operators report the on-chain results to the ground operator operation service platform;

[0079] S6, the satellite operator's operation service platform sets the frequency according to the characteristics of business data and requests data from the satellite operator's blockchain node according to the frequency;

[0080] S7, the satellite operator's blockchain node feeds back the roaming user data results to the satellite operator's operation service platform.

[0081] Through the embodiments of this application, a data synchronization mechanism between blockchain nodes and the ground operator's operation service platform is adopted to achieve efficient and secure transmission and storage of roaming user account data. Furthermore, by synchronizing the account data to the satellite core network, the satellite core network can promptly verify the user's roaming capability when the user initiates registration through the terminal device, accurately determine whether the user is qualified to use satellite communication services for data interaction, and achieve the technical effect of optimizing the integrated space-ground roaming service process and efficiently and accurately conducting data communication. This effectively solves the technical problem that there is no data synchronization mechanism between ground operators and satellite operators, making it difficult to guarantee the effectiveness of communication control.

[0082] As an optional approach, the above method further includes: obtaining the user's account change data and sending the account change data to the blockchain node, wherein the account change data is determined by the ground operator's operation service platform; updating the account data stored in the blockchain node based on the account change data; querying the account data and synchronizing the updated account data to the satellite core network.

[0083] For example, when a user's communication service status changes, such as when the user activates or cancels satellite roaming service, the terrestrial operator's operation service platform will obtain the account change data and proactively send the encrypted account change data to the blockchain node. After receiving the account change data sent by the terrestrial operator's operation service platform, the blockchain node will update the account information stored in its ledger based on the decrypted account change data, ensuring real-time synchronization and consistency of the data.

[0084] Furthermore, when user roaming capability verification is required, both terrestrial operators and satellite operators' operation service platforms can obtain the user's current satellite communication service status by querying the latest account data on the blockchain node. Then, the updated account data is synchronized to the satellite core network to ensure that when a user initiates registration, the satellite core network can verify roaming capability based on the latest user account status, determine whether the user is qualified to use satellite communication services, and make corresponding access control decisions, such as allowing or denying the registration request.

[0085] Through the embodiments of this application, blockchain technology combined with privacy encryption algorithms is used. Through the linkage mechanism between blockchain technology and the ground operator's operation service platform, the real-time capture, secure transmission and dynamic updating of roaming user account change data are realized, achieving the technical effect of real-time synchronization of roaming user data. This improves the settlement efficiency of package revenue sharing in the integrated terrestrial and ground network roaming scenario, while protecting user privacy information during the communication process and enhancing communication security.

[0086] As an optional solution, the above-mentioned acquisition of user account data sent by blockchain nodes includes: receiving the account data sent by the ground operator's operation service platform through the first blockchain node, wherein the account data is configured to be broadcast through the first blockchain node; and receiving the account data sent by the second blockchain node, wherein the account data is configured to be received from the first blockchain node through the second blockchain node.

[0087] Optionally, in the embodiments of this application, the first blockchain node and the second blockchain node refer to the nodes in the blockchain network that are responsible for data storage and verification, including but not limited to performing operations such as data synchronization, consensus reaching, data uploading to the chain, and status feedback.

[0088] For example, the first blockchain node in the blockchain network receives account data from the terrestrial operator's operation service platform. This account data includes at least a privacy-encrypted account identifier (such as PPIMSI) and a service status that allows satellite communication. In this case, the satellite operator's operation service platform can directly obtain the account data sent by the first blockchain node. This application does not limit this.

[0089] For example, after the first blockchain node receives account data from the terrestrial operator's operation service platform, it can also broadcast the received account data to the second blockchain node in the network and execute a consensus mechanism to verify and confirm the validity of the data. After receiving the broadcast account data, the second blockchain node also executes the consensus process. Once the data is verified, it will send the account data to the satellite operator's operation service platform.

[0090] Through the embodiments of this application, the aforementioned ground operator operation service platform can first encrypt the account data and broadcast it to the entire network through the first blockchain node. Then, the second blockchain node receives the account data broadcast by the first blockchain node and then sends the account data to the satellite operator operation service platform. This achieves efficient and secure transmission and updating of roaming user account data, avoids the single point of failure in traditional centralized data transmission, and effectively enhances the robustness of data transmission during communication. This achieves the goals of optimizing the package-based communication process in the integrated terrestrial-space roaming scenario, enhancing the security and reliability of data transmission, and simplifying the acquisition and processing of roaming user data by satellite operators.

[0091] As an optional approach, the method further includes: determining whether the first blockchain node and the second blockchain node have reached a consensus on the account data, and if a consensus is reached, writing the account data into the blockchain ledger corresponding to the blockchain node; and reporting the on-chain status of the account data to the ground operator's operation service platform, wherein the on-chain status is used to indicate whether the account data has been successfully stored on the blockchain node.

[0092] Optionally, in this embodiment of the application, the above-mentioned on-chain status refers to the indicator of whether the data has been successfully written into the blockchain ledger, including but not limited to status feedback information such as "write successful", "write failed", and "processing".

[0093] For example, when the first blockchain node receives account data from the ground operator's operation service platform, the first blockchain node will initiate a consensus process to jointly verify the integrity and consistency of the data with the second blockchain node. Once a consensus is reached, it means that the validity of the account data is confirmed. The first blockchain node will write the data into its corresponding blockchain ledger. At the same time, the first blockchain node will report the on-chain status of the data to the ground operator's operation service platform to confirm whether the ground operator has successfully stored the updated account data on the blockchain.

[0094] In an exemplary embodiment, taking the application scenario of a user changing their satellite package as an example, the ground operator's operation service platform detects that the user has changed their satellite communication package and then sends the updated account data to the first blockchain node. After receiving the data, the first blockchain node and the second blockchain node begin to execute a consensus mechanism to compare the data and verify its authenticity. After consensus is reached, the first blockchain node writes the account data into the blockchain ledger and sends a status feedback of successful on-chain to the ground operator's operation service platform, indicating that the account data has been securely stored in the blockchain, and the ground operator can consider the data transmission and update process to be secure and error-free.

[0095] Through the embodiments of this application, the distributed consensus operation of blockchain is adopted to achieve the technical effect of real-time synchronization and storage verification of roaming user account data. Specifically, when the first blockchain node broadcasts the account data, the consensus process of the blockchain node will be automatically initiated to ensure that the second blockchain node can verify and confirm the accuracy and integrity of the data. Only when the two nodes reach a consensus and confirm that the data is correct will the account data be written into their respective blockchain ledgers, thereby forming an immutable record. This achieves the purpose of improving data transmission security, ensuring data consistency, and timely feedback on the on-chain status, thereby optimizing the data synchronization process in the integrated roaming scenario of space-air-ground networks.

[0096] As an optional solution, the above method further includes at least one of the following: in response to a change in the account data, obtaining the changed account data actively pushed by the second blockchain node and sending the push result to the second blockchain node; actively pulling the account data from the second blockchain node.

[0097] Optionally, in this embodiment of the application, the change in the aforementioned account data refers to the update of key information such as user service status, package information, or account permissions.

[0098] For example, when the second blockchain node detects changes in roaming user account data, it proactively pushes the changed account data to the satellite operator's operation service platform and receives the push result returned by the platform to confirm whether the data was successfully received. Furthermore, the satellite operator's operation service platform also has the ability to proactively retrieve account data from the second blockchain node to ensure it has the latest user information to support real-time decision-making and optimized management.

[0099] It should be noted that the changes in account data in this application embodiment are not limited to package adjustments, user account suspension / reactivation status, or addition / reduction of communication permissions. The satellite operator's operation service platform obtains the account data in ways including but not limited to actively requesting to retrieve it from the second blockchain node, or passively receiving account data sent by the second blockchain node.

[0100] Through the embodiments of this application, the event listening and proactive data push of blockchain nodes are used to realize real-time notification of changes in roaming user account data and proactive data retrieval. This achieves the technical effect of timely updating user status, enabling the satellite operator's operation service platform to respond instantly to changes in account data, improving data synchronization efficiency, ensuring the timeliness and accuracy of communication services and settlement processes, and thus achieving the goal of enhancing the flexibility and reliability of data synchronization in the integrated space-ground roaming scenario.

[0101] As an optional approach, the method further includes: in response to a change in the account data, sending the changed account data to the satellite core network; and obtaining the result data of the user determined by the satellite core network based on the account data.

[0102] For example, when the aforementioned satellite operator's service platform detects changes in roaming user account data, it sends the changed account data to the satellite core network. Based on this data, the core network determines the roaming communication usage permissions and service package status, generating corresponding result data. Subsequently, the satellite operator's service platform can receive the result data sent by the satellite core network and further update the account data to the blockchain.

[0103] Through the embodiments of this application, the satellite operator's operation service platform can respond promptly to changes in roaming users' account data. Furthermore, based on the data interaction process between the satellite operator's operation service platform and the satellite core network, it ensures the accuracy and consistency of account data. It obtains information on account data changes caused by user adjustments to their plans or services in a timely manner, instructing the satellite core network to immediately update the corresponding user's result data. In other words, after changes to roaming user account data, the satellite operator's operation service platform can quickly notify the satellite core network to update its locally stored user status information, avoiding unnecessary registration attempts and resource waste. This effectively improves the accuracy and timeliness of data synchronization in integrated space-ground roaming scenarios, preventing unnecessary roaming rejections or service provision due to information delays, thereby enhancing user experience and the overall efficiency of the communication network.

[0104] As an optional approach, the method further includes: using an access and mobility management function entity to obtain a registration request message sent by the terminal device; performing an authentication process based on the registration request message; after the authentication process is completed, sending a user roaming data acquisition request message to a data management entity through the access and mobility management function entity, wherein the user roaming data acquisition request message includes the account identifier; using the data management entity to determine the user's satellite access capability identifier based on the user roaming data acquisition request message, and sending the satellite access capability identifier to the access and mobility management function entity through the data management entity to indicate whether the terminal device has the conditions to access the satellite network.

[0105] Optionally, in this embodiment, the aforementioned access and mobility management function entity refers to the AMF in the satellite network, which is responsible for handling the access requests and mobility management of terminal devices, including but not limited to receiving registration requests, forwarding messages, and performing access control; the aforementioned data management entity refers to the UDM / HSS, which serves as the management center for user data, including but not limited to storing user subscription data, processing user authentication, and maintaining user service status; the aforementioned account identifier refers to the identity information used by the terminal device to identify itself, such as SUPI (including IMSI), while the satellite access capability identifier is a sign indicating whether the terminal device has the permission to communicate through the satellite network, and the aforementioned user roaming data acquisition request message is used to request the UDM / HSS to verify whether the user has satellite access capability.

[0106] For example, the satellite operator's operation service platform can instruct the aforementioned Access and Mobility Management Function (AMF) entity to verify the user's identity. Specifically, the AMF first obtains the registration request from the terminal device, and then initiates an authentication process based on the registration request to verify the user's identity and confirm its legitimacy. Once the authentication process is completed, the AMF entity will construct and send a user roaming data acquisition request message to the Data Management Entity (UDM / HSS). This user roaming data acquisition request message may include, but is not limited to, the aforementioned account identifier, so that the UDM / HSS can check whether the user has satellite access capabilities and key information such as the status of their service package.

[0107] Furthermore, the satellite operator's operation service platform can also instruct the data management entity (UDM / HSS) to parse the account identifier, such as the SUPI (IMSI) message, in the user roaming data acquisition request message sent by the access and mobility management function entity (AMF) after receiving the aforementioned user roaming data acquisition request message. The data management entity then uses the account identifier to determine whether the user has a satellite access capability identifier (satAccessEnabled), where the account identifier can be an encrypted account identifier. Next, the data management entity sends the satellite access capability identifier to the AMF. If the identifier is true, it means that the user has the right to communicate through the satellite network; otherwise, it means that the user does not have the right to use satellite services.

[0108] It should be noted that the user's status and satellite access capability identifier may change due to various factors, such as changes in the service plan, account activation / deactivation, network failure recovery, etc. The embodiments of this application cover a variety of changes, but do not limit the specific reasons for the changes.

[0109] Through the embodiments of this application, the message interaction between the access and mobility management functional entity and the data management entity enables the satellite operator's operation service platform to dynamically adjust service strategies based on accurate user status data, and precisely control the user's roaming access to the satellite network. This achieves the technical effect of real-time verification and control of the roaming user's satellite access capability, and achieves the purpose of optimizing the communication process, improving access efficiency, and ensuring communication control in the integrated space-ground roaming scenario.

[0110] As an optional approach, the method further includes: using the data management entity to determine the account identifier from the user roaming data acquisition request message; using the data management entity to encrypt the account identifier; using the data management entity to verify the encrypted account identifier with the account data synchronized by the satellite operator's operation service platform to determine the satellite access capability identifier; and using the data management entity to send the satellite access capability identifier to the access and mobility management function entity.

[0111] For example, after receiving a user's roaming data acquisition request message, the data management entity (UDM / HSS) can be instructed by the satellite operator's operation service platform to encrypt the account identifier. Specifically, the data management entity first determines the account identifier from the user's roaming data acquisition request message, then encrypts the account identifier using a predefined encryption algorithm to protect user privacy; furthermore, the data management entity compares the account data synchronized with the satellite operator's operation service platform to verify whether the terminal has satellite access capability, determines the satellite access capability identifier based on the verification result, and finally sends this identifier back to the Access and Mobility Management Function (AMF).

[0112] In an exemplary embodiment, taking a user attempting to roam from a terrestrial network to a satellite network for communication as an example, the Data Management Entity (UDM / HSS) extracts the SUPI identifier from the user's roaming data acquisition request message and then encrypts the SUPI using a privacy encryption algorithm to protect sensitive user information. Next, the satellite operator's service platform sends the encrypted roaming user data to the Data Management Entity, enabling the Data Management Entity to verify the encrypted SUPI against the encrypted roaming user data to confirm whether the user has activated satellite access service. If the verification result is "allowed," the Data Management Entity sends the satellite access capability identifier to the Access and Mobility Management Function (AMF), which then allows the user to access the satellite network; otherwise, it denies access.

[0113] It should be noted that the choice of the above encryption algorithm can be diverse. Although privacy encryption algorithms are mentioned in the embodiments of this application, they are not limited to this one.

[0114] Through the embodiments of this application, a data management entity (UDM / HSS) is used to encrypt and verify the roaming user account identifier, enabling the satellite operator's operation service platform to accurately obtain the user's satellite access capability identifier while protecting user privacy. This achieves the technical effects of precise control over the roaming user's satellite access capability and data privacy protection, and achieves the purpose of protecting user privacy and security and ensuring access control for roaming users in the integrated space-ground roaming scenario.

[0115] As an optional approach, the above method also includes at least one of the following: querying the blockchain node for the user's retrospective data results based on the data query request, wherein the data query request includes an account identifier and a query time period; controlling the ground operator's operation service platform to query the blockchain node for the user's retrospective data results based on the data query request.

[0116] For example, after receiving a data query request, the satellite operator's operation service platform will send the account identifier and query time period information contained in the request to the corresponding blockchain node. The blockchain node will then trace back the relevant data records within the query time period on the blockchain ledger based on the account identifier, and return the retrieved data results to the satellite operator's operation service platform.

[0117] For example, the ground operator's operation service platform can also send the account identifier and query time period information contained in the data query request to the corresponding blockchain node to obtain the retrospective data result, and then send the retrospective data result to the satellite operator's operation service platform.

[0118] It should be noted that the format and content of data query requests may vary depending on application requirements, system design, or data storage methods. For example, in addition to PPIMSI and the query time period, query requests may also include other parameters for filtering or refining query results, which are not limited in this application.

[0119] Through the embodiments of this application, the method of terrestrial operator operation service platform and satellite operator operation service platform initiating data query requests to blockchain nodes enables the satellite operator or terrestrial operator operation service platform to trace and query the historical roaming data results of users based on specific account identifiers and query time periods. This achieves the technical effect of accurately tracing and verifying the service history records of roaming users, and achieves the purpose of optimizing the settlement process and resolving data reconciliation conflicts in the integrated terrestrial-satellite network roaming scenario.

[0120] Optionally, as an alternative implementation, the communication method includes: obtaining the user's account data through the blockchain node, wherein the account data includes at least the user's account identifier and whether the user is permitted to conduct satellite communication, and the account data is configured to be determined by the ground operator's operation service platform and sent to the blockchain node for storage; synchronizing the account data to the satellite core network, so that when the user initiates registration with the satellite core network through a terminal device, the satellite core network verifies the user's roaming capability to indicate whether the user is permitted to use the terminal device for data interaction.

[0121] Optionally, as an alternative implementation, another communication method includes: acquiring the user's account data, wherein the account data includes at least the user's account identifier and whether the user allows satellite communication, and the account data is configured to be determined by the ground operator's operation service platform and sent to the blockchain node for storage; the satellite operator's operation service platform synchronizes the account data to the satellite core network, so that when the user allows satellite communication, the first blockchain node in the blockchain node receives the account data sent by the ground operator's operation service platform and broadcasts the account data to the second blockchain node; the second blockchain node in the blockchain node receives the account data broadcast by the first blockchain node and sends the account data to the satellite operator's operation service platform.

[0122] Optionally, as an alternative implementation, the other communication method described above includes: acquiring user account data and sending the account data to a blockchain node, wherein the account data includes at least the user's account identifier and whether the user allows satellite communication; if the user allows satellite communication, acquiring the user's account change data and sending the account change data to a blockchain node, wherein the blockchain node is used to store the account data.

[0123] Optionally, as an alternative implementation, the aforementioned communication method includes: interacting with the terminal device used by the user when the user permits satellite communication; determining the user's roaming data based on the user's account data, and sending the roaming data to the satellite operator's operation service platform, wherein the account data includes at least the user's account identifier and whether the user permits satellite communication; the satellite operator's operation service platform is used to query the account data through a blockchain node and synchronize the account data to the satellite core network; and the blockchain node is used to store the account data.

[0124] Optionally, in this embodiment, the aforementioned communication system refers to an integrated space-ground roaming communication architecture, which may include, but is not limited to, blockchain nodes, terrestrial operator operation service platforms, and satellite core networks. The aforementioned blockchain node is the entity responsible for data storage and verification in the communication system, supporting data synchronization, query, and traceability functions. The aforementioned terrestrial operator operation service platform is the core platform for managing user account information, responsible for determining whether a user is allowed to conduct satellite communication, and sending the relevant account data to the blockchain node for storage. The aforementioned account data includes an account identifier and a flag indicating whether satellite communication is allowed, wherein the account identifier is used to uniquely identify the user, such as SUPI or PPIMSI (privacy-encrypted IMSI).

[0125] In an exemplary embodiment, taking a user's first attempt to roam to a satellite network for communication as an example, after the user activates a satellite communication package, the terrestrial operator's service platform generates account data containing PPIMSI and satellite communication permissions, and sends it to a blockchain node for storage. When the satellite operator's service platform or the satellite core network receives a data interaction request from the roaming user, it queries the user's account data from the blockchain node to confirm whether the user is permitted to conduct satellite communication. If permitted, the satellite core network interacts with the user's terminal device to provide communication services.

[0126] It should be noted that there may be various ways to synchronize and transmit account data, such as event-based proactive push or time-based periodic retrieval. The embodiments of this application use blockchain technology to synchronize account data, aiming to provide a secure, traceable and tamper-proof communication optimization solution, but are not limited to a specific synchronization or transmission mechanism, and do not limit the specific synchronization and transmission methods.

[0127] This application's embodiments employ a data synchronization mechanism between blockchain nodes and the ground operator's operation service platform to achieve secure transmission and storage of roaming user account information. Subsequent communication access control ensures that satellite operators can accurately verify whether users have activated satellite communication permissions and are eligible to enjoy revenue sharing from user communication packages before providing communication services. This fundamentally solves the information asymmetry problem between satellite operators and ground operators, ensuring both receive reasonable revenue distribution. This enhances the economic efficiency and fairness of communication services, achieving the technical effect of optimizing the roaming service process while ensuring the rational allocation of revenue resources between satellite and ground operators.

[0128] In one exemplary embodiment, the communication system proposed in this application can be applied to the field of communication. In the context of integrated space-ground roaming scenarios, it achieves communication optimization regarding the revenue sharing between satellite and ground operators. Currently, the following problems exist in related technologies:

[0129] (1) While many terrestrial operators have activated satellite roaming services, the actual number of users actually using satellite networks to provide services is small. Satellite operators lack technical safeguards for receiving revenue from satellite service subscriptions. Specifically, user subscription data is a core trade secret of operators, and due to user privacy concerns, terrestrial operators find it difficult to open their core system data interfaces for satellite operators to review and verify. Because the number of users actually using satellite network services is small, there is a significant discrepancy between subscription data and actual user data, potentially leading to information asymmetry. Currently, there are no effective technical means to protect the interests of satellite operators, such as revenue sharing from satellite service subscription fees.

[0130] (2) Even if terrestrial operators are willing to synchronize critical and necessary data with satellite operators, issues such as transmission, storage, or human factors may arise in the settlement of revenue sharing for service packages, making it difficult to determine the attribution of responsibility. Specifically, due to technical reasons such as network transmission and data storage, or subjective human factors such as intentional under-synchronization, discrepancies may exist in the revenue sharing accounts between terrestrial and satellite operators. Furthermore, activating or canceling satellite service packages is a voluntary action by terrestrial roaming users, and the reconciliation process may require timely review of historical records of dynamic activation or cancellation of packages for cross-verification. Currently, there is no mature mechanism or technology to ensure this.

[0131] (3) IMSI or SUPI information is the most critical and sensitive data among the essential data that terrestrial operators need to synchronize. There are concerns about the plaintext synchronization of IMSI or SUPI information by terrestrial operators. Specifically, for roaming users accessing the satellite network, the satellite network needs to know the IMSI identifier of the accessing user in order to query the user's subscription information and identify whether the user is a terrestrial operator user. The data synchronized by terrestrial operators to satellite operators involves user IMSI or SUPI information. This information is critical and sensitive data for operators. Based on national policies and corporate information protection considerations, terrestrial operators are very likely to disagree with directly synchronizing user IMSI or SUPI information to satellite operators.

[0132] Furthermore, regarding the aforementioned technical issues, this application's embodiments synchronize key necessary information for satellite service activation from terrestrial operators to satellite operators. This data includes at least SUPI (IMSI), satellite access service activation identifiers, and service suspension / reactivation flags. Simultaneously, an enhanced core network access control design based on synchronized data information is proposed: when a terrestrial user attempts to roam from the satellite network, the satellite core network, during the roaming user's registration process, first verifies whether the terrestrial operator has synchronized the user's subscription data. If the data is not synchronized, or the synchronized data shows that the user has not activated satellite package access service, the satellite network directly rejects the user's request. Secondly, through blockchain-based communication between terrestrial operators and satellite operators... The satellite operator data synchronization mechanism utilizes blockchain to synchronize data for users who have activated satellite service packages. Blockchain ensures a complete on-chain traceability process. In case of liability attribution or economic disputes, blockchain-based backtesting data serves as the consensus foundation for data alignment, correction, and revision, restoring user data consistency, re-establishing consensus between the parties, and resolving the dispute. Furthermore, a privacy encryption protection mechanism for core SUPI data is proposed. An efficient, secure, and autonomously controllable privacy encryption algorithm ensures user data security. This algorithm is collision-resistant, preimage-resistant, second preimage-resistant, and its security is verifiable. Its characteristics include irreversibility, reproducibility, difficulty in attack, and fixed length. Addressing the plaintext sensitivity of SUPI (IMSI) data, the privacy encryption algorithm eliminates operators' concerns about plaintext transmission of SUPI (IMSI).

[0133] For example, the blockchain-based roaming user data synchronization process adopts either a sender-initiated data synchronization mechanism based on event listening or a receiver-initiated data retrieval mechanism based on a specific frequency, to synchronize cross-network roaming user data from the terrestrial operator's operation service platform to the satellite operator's operation service platform via blockchain services. Specifically:

[0134] S1, the sender-initiated data synchronization process based on event monitoring: Ground operator users activate / cancel satellite packages, suspend / reactivate services, etc.; the ground operator's operation platform synchronizes roaming user data to the ground operator's blockchain node; roaming user data is synchronized from the ground operator's blockchain node to the satellite operator's blockchain node via consensus through the blockchain network; when consensus is successful between the ground operator's blockchain node and the satellite operator's blockchain node, the data is written into their respective blockchain ledgers; the ground operator's blockchain node reports the on-chain result to the ground operator's operation service platform; the satellite operator's blockchain node monitors roaming user service operation events and proactively pushes data to the operation service platform through the interface provided by the satellite operator's operation service platform; the satellite operator's operation service platform reports the push synchronization result.

[0135] S2, a receiver-initiated data retrieval process based on a specific frequency: Ground operator users activate or cancel satellite packages, and suspend or reactivate services; the ground operator's operating platform synchronizes roaming user data to the ground operator's blockchain node; the roaming user data is synchronized from the ground operator's blockchain node to the satellite operator's blockchain node via consensus through the blockchain network; upon successful consensus between the ground operator's blockchain node and the satellite operator's blockchain node, the data is written into their respective blockchain ledgers; the ground operator's blockchain node reports the on-chain result to the ground operator's operating service platform; the satellite operator's operating service platform sets the frequency according to the characteristics of the business data and requests data from the satellite operator's blockchain node according to the frequency; the satellite operator's blockchain node reports the roaming user data result to the satellite operator's operating service platform.

[0136] In an exemplary embodiment, Figure 7 is a schematic diagram of an optional inter-network roaming user management process of a communication system according to an embodiment of this application. After receiving the roaming user data synchronized by the ground operator, the satellite operator operation service platform promptly synchronizes it to the satellite core network through the service activation interface. The specific process is shown in Figure 7:

[0137] S1, the operation service platform sends the roaming user's operation (add, delete, modify, query) instructions to the satellite core network, and the satellite core network performs the corresponding operation based on the ground operator user information in the instruction. If the roaming user is in an inactive state, but the satellite access service activation status is "activated," the satellite access service activation status sent to the core network must be set to "not activated."

[0138] S2, the satellite core network returns the operation results to the operation service platform.

[0139] In another exemplary embodiment, Figure 8 is a schematic diagram of the registration process of an optional communication system according to an embodiment of this application. When a ground operator user roams to a satellite operator network and initiates registration, after completing the authentication and authorization process between the UE and the home network, a new process for obtaining the roaming user's subscription data is added. That is, the satellite core network will first confirm whether the user has activated satellite access service. If it does, the general registration process such as security and subscription information query can continue; otherwise, the user's access will be rejected. The overall logic flow is shown in Figure 8.

[0140] S1, roaming users of terrestrial operators initiate registration requests to the satellite network AMF;

[0141] S2, the satellite core network acts as a message forwarding node, completing the authentication and authorization process between the user and the operator's core network. The satellite core network AMF obtains the user's SUPI (including IMSI) information.

[0142] S3, the satellite core network AMF sends a user roaming data acquisition request (carrying SUPI information) to the satellite core network UDM / HSS. The satellite core network UDM / HSS processes the SUPI, encrypts it for privacy, and verifies the synchronized roaming user data. The satellite access capability identifier (satAccessEnabled) is carried in the user roaming data acquisition response to indicate whether the user has satellite access capability.

[0143] S4, the satellite network AMF judges the user's roaming data acquisition response message:

[0144] S4-a: If a user does not have satellite access capability, the satellite core network will directly refuse the roaming user's registration.

[0145] S4-b: If the user has satellite access capability, continue with the security process;

[0146] S5, UE, satellite core network and terrestrial operator core network will undergo the subsequent 3GPP (3rd Generation Partnership Project, an international standardization organization responsible for developing global mobile communication technical standards, including 3G, 4G and 5G) general registration process;

[0147] S6, the satellite core network sends a registration acceptance message to the user, and the roaming user successfully accesses the satellite network.

[0148] In another exemplary embodiment, Figure 9 is a schematic diagram of an optional communication system data verification process according to an embodiment of this application. In order to solve the problem of data inconsistency and other conflicts caused by the operation service platform performing on-chain verification with the trusted platform based on the scenario needs, this embodiment of the application implements a cross-network roaming user data verification process. The roaming user data verification process based on blockchain is shown in Figure 9: The ground operator's operation service platform or the satellite operator's operation service platform prepares the PPIMSI user identifier list to be verified, the query time period, and other information, and sends an on-chain backtracking request to the blockchain node with the PPIMSI; the blockchain node feeds back the user backtracking data results within the query time period.

[0149] For example, the relevant synchronization data for inter-operator package sharing is defined as follows: Account data should at least include SUPI, satellite access service activation identifier, and service suspension / reactivation flags, as specifically defined in Table 1:

[0150] Table 1. Data Synchronization Instructions

[0151] For example, the relevant synchronization data for inter-operator package sharing is defined as follows: An interface for roaming user management is set up between the satellite network operation service platform and the core network, and the following new message for roaming user management is added based on the SOAP protocol:

[0152] S1, roaming user account opening for ground operators<ADD_ROAMSUB> Command Description: Adds and stores user information synchronized from terrestrial operators, including privacy-protected IMSI, satellite access service activation identifier, etc. Parameter descriptions are shown in Table 2.

[0153] Table 2. Description of ADD_ROAMSUB parameters

[0154] S2, roaming users of ground operators cancel their accounts.<RVM_ROAMSUB> Command Description: Deletes existing roaming user data from ground operators. Parameter descriptions are shown in Table 3.

[0155] Table 3. RVM_ROAMSUB Parameter Description

[0156] S3, modification for roaming users of ground operators<MOD_ROAMSUB> Command Description: Modify the satellite access service activation identifier for roaming users of terrestrial operators. Parameter descriptions are shown in Table 4.

[0157] Table 4. MOD_ROAMSUB Parameter Description

[0158] S4, terrestrial operator roaming user query<LST_ROAMSUB> Command Description: Query roaming user information from terrestrial operators. The response message parameters are used to return the subscription status of the roaming user. Specific parameters include the satellite access service activation identifier. Parameter descriptions are shown in Table 5.

[0159] Table 5. Description of LST_ROAMSUB Request Message Parameters

[0160] In an exemplary embodiment, Figure 10 is a message flow diagram of another optional communication system according to an embodiment of this application. In the end-to-end admission control flow, a user roaming data acquisition flow is added after the authentication flow. This solution updates the 3GPP specification TS29.503 and adds a Get operation for user roaming data of the Nudm_SubscriberDataManagement service, which is used to retrieve the user's roaming subscription data. The NF service consumer (e.g., AMF) sends a request to the UDM to obtain the UE's roaming subscription data.

[0161] The request includes the UE's identity ( / {supi}) and the type of requested information ( / roam-data). Its message flow is shown in Figure 10:

[0162] S1, NF service consumers (e.g., AMF) send GET requests to resources representing terminal roaming subscription data.

[0163] S2-a: On success, the UDM responds with "200 OK", and the message body contains the roaming subscription data of the UE associated with the requested NF service consumer.

[0164] S2-b: If the terminal does not have valid subscription data, the HTTP status code "404 Not Found" should be returned, and additional error information should be included in the response body (in the "ProblemDetails" element).

[0165] For the data involved in the new user roaming subscription data process, this solution updates TS29.503 and adds the RoamingSubscriptionData resource to represent the user's roaming subscription data.

[0166] The resources are defined as follows:

[0167] Resource URI:{apiRoot} / nnum-sdm / <apiversion> / {supi} / roam-data;

[0168] The resource should support the resource URI variables defined in Table 5.3.3-1, as shown in Table 6:

[0169] Table 6. Resource URI variables for this resource

[0170] The resource standardization method is as follows:

[0171] This resource supports GET operations, and this method supports the URI query parameters shown in Table 7.

[0172] Table 7. URI query parameters supported by the GET method on this resource

[0173] This method should support the request data structure specified in Table 5.3.3-3 and the response data structure and response code specified in Table 5.3.3-4-3, as shown in Tables 8 and 9:

[0174] Table 8. Data structures supported by the GET request body on this resource.

[0175] Table 9. Data structures supported by the GET response body on this resource.

[0176] This application embodiment updates the 3GPP specification TS29.503 for the newly added RoamingSubscriptionData resource, defining the RoamingSubscriptionData data type to support the API of the Nudm_SubscriberDataManagement service. The definition of the RoamingSubscriptionData type is shown in Table 10:

[0177] Table 10. Definition of RoamingSubscriptionData type

[0178] Through the embodiments of this application, under the integrated space-ground network architecture, a new satellite network access control process for roaming users accessing the satellite network is added for terrestrial operators. First, a blockchain-based data synchronization mechanism for roaming users between the satellite network and terrestrial operators is introduced, and a privacy encryption algorithm is used to encrypt the transmission of key user SUPI information. Second, roaming user data is synchronized through the B / O service activation interface. Finally, in the roaming registration process, based on the package identifier of the newly added satellite access capability, it is compared whether the roaming access user is in the synchronized roaming user list and has activated the satellite access package service. Based on the comparison and verification results, the system accurately controls whether users are allowed to roam and access the satellite network, thus optimizing the settlement mechanism between satellite operators and terrestrial operators.

[0179] Specifically, when terrestrial operators' users activate, cancel, or suspend / reactivate satellite services, the terrestrial operator's operation service platform proactively synchronizes key necessary data with the satellite operator's operation service platform via blockchain. This data includes, but is not limited to, SUPI (IMSI), user satellite access capability identifiers indicating whether the user has activated satellite access services, and suspension / reactivation status. The satellite operator's operation service platform uses an event-based proactive data synchronization mechanism or a frequency-based proactive data retrieval mechanism to complete the data acquisition and synchronization loop. Blockchain ensures a complete on-chain traceability of the process, enabling data sharing, traceability, and reconciliation, resolving potential disputes. Furthermore, a privacy-based encryption mechanism for core SUPI data addresses terrestrial operators' concerns about transmitting sensitive SUPI data in plaintext. When a terrestrial user attempts to roam from the satellite network, the satellite core network verifies whether the user has synchronized during the roaming user's registration process. If the data is not synchronized, or the synchronized data shows that the user has not activated satellite service, the satellite network directly rejects the user's request. This process protects revenue sharing while optimizing the roaming user access process and signaling interaction efficiency, improving the utilization rate of satellite air interface resources.

[0180] It is understood that in the specific embodiments of this application, data such as user information are involved. When the above embodiments of this application are applied to specific products or technologies, user permission or consent is required, and the collection, use and processing of related data must comply with the relevant laws, regulations and standards of the relevant countries and regions.

[0181] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are preferred embodiments, and the actions and modules involved are not necessarily essential to this application.

[0182] According to another aspect of the embodiments of this application, a communication apparatus for implementing the above-described communication system is also provided. As shown in FIG11, the apparatus includes:

[0183] The acquisition module 1102 is configured to acquire user account data sent by the blockchain node. The account data includes at least the user's account identifier and whether the user has signed up for satellite communication services. The account data is configured to be determined by the ground operator's operation service platform and sent to the blockchain node for storage.

[0184] Synchronization module 1104 is configured to synchronize account data to the satellite core network so that when a user initiates registration with the satellite core network through a terminal device, the satellite core network verifies the user's roaming capability and indicates whether the user is allowed to use the terminal device for data interaction.

[0185] As an optional solution, the above-mentioned device is also configured to: acquire user account change data and send the account change data to the blockchain node, wherein the account change data is determined by the ground operator's operation service platform; update the account data stored in the blockchain node based on the account change data; query the account data and synchronize the updated account data to the satellite core network.

[0186] As an optional solution, the above-mentioned device is configured to obtain user account data sent by blockchain nodes in the following manner: receiving account data sent by the ground operator's operation service platform through the first blockchain node, wherein the account data is configured to be broadcast through the first blockchain node; and receiving account data sent by the second blockchain node, wherein the account data is configured to be received from the first blockchain node through the second blockchain node.

[0187] As an optional solution, the above device is further configured to: determine whether the first blockchain node and the second blockchain node have reached a consensus on the account data, and if a consensus is reached, write the account data into the blockchain ledger corresponding to the blockchain node; and report the on-chain status of the account data to the ground operator's operation service platform, wherein the on-chain status is set to indicate whether the account data has been stored on the blockchain node.

[0188] As an optional solution, the above device is configured to perform at least one of the following methods: in response to a change in account data, obtain the changed account data actively pushed by the second blockchain node and send the push result to the second blockchain node; actively pull account data from the second blockchain node.

[0189] As an optional solution, the above-mentioned device is also configured to: send the changed account data to the satellite core network in response to a change in account data; and obtain the result data of the user determined by the satellite core network based on the account data.

[0190] As an optional solution, the above-mentioned device is further configured to: use the Access and Mobility Management Function (AMM) entity to obtain the registration request message sent by the terminal device; perform an authentication process based on the registration request message; after the authentication process is completed, send a user roaming data acquisition request message to the data management entity through the AMM entity, wherein the user roaming data acquisition request message includes an account identifier; use the data management entity to determine the user's satellite access capability identifier based on the user roaming data acquisition request message, and send the satellite access capability identifier to the AMM entity through the data management entity to indicate whether the terminal device has the conditions to access the satellite network.

[0191] As an optional solution, the above-mentioned device is further configured to: use a data management entity to determine an account identifier from a user roaming data acquisition request message; use a data management entity to encrypt the account identifier; use a data management entity to verify the encrypted account identifier with account data synchronized with the satellite operator's operation service platform to determine a satellite access capability identifier; and use a data management entity to send the satellite access capability identifier to an access and mobility management function entity.

[0192] As an optional solution, the above-mentioned device is also configured to perform at least one of the following methods: querying the blockchain node for the user's retrospective data results according to a data query request, wherein the data query request includes the account identifier and the query time period; controlling the ground operator operation service platform to query the blockchain node for the user's retrospective data results according to the data query request.

[0193] In this application embodiment, the terms "module" or "unit" refer to a computer program or part of a computer program that has a predetermined function and works with other related parts to achieve a predetermined goal, and can be implemented wholly or partially using software, hardware (such as processing circuitry or memory), or a combination thereof. Similarly, a processor (or multiple processors or memory) can be used to implement one or more modules or units. Furthermore, each module or unit can be part of an overall module or unit that includes the functionality of that module or unit.

[0194] Regarding the apparatus in the above embodiments, the specific manner in which each module performs its operation has been described in detail in the embodiments related to the method, and will not be elaborated upon here.

[0195] According to one aspect of this application, a computer program product is provided, the computer program product comprising a computer program.

[0196] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0197] Figure 12 schematically illustrates a computer system architecture block diagram for implementing an electronic device according to an embodiment of the present application.

[0198] It should be noted that the computer system 1200 of the electronic device shown in Figure 12 is only an example and should not impose any limitations on the functionality and scope of use of the embodiments of this application.

[0199] As shown in Figure 12, the computer system 1200 includes a central processing unit (CPU) 1201, which can perform various appropriate actions and processes based on programs stored in read-only memory (ROM) 1202 or programs loaded from storage section 1208 into random access memory (RAM) 1203. The RAM 1203 also stores various programs and data required for system operation. The CPU 1201, ROM 1202, and RAM 1203 are interconnected via a bus 1204. An input / output interface 1205 (I / O interface) is also connected to the bus 1204.

[0200] The following components are connected to the input / output interface 1205: an input section 1206 including a keyboard, mouse, etc.; an output section 1207 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and speakers, etc.; a storage section 1208 including a hard disk, etc.; and a communication section 1209 including a network interface card such as a local area network card, modem, etc. The communication section 1209 performs communication processing via a network such as the Internet. A drive 1210 is also connected to the input / output interface 1205 as needed. A removable medium 1211, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., is installed on the drive 1210 as needed so that computer programs read from it can be installed into the storage section 1208 as needed.

[0201] Specifically, according to embodiments of this application, the processes described in the various method flowcharts can be implemented as computer software programs. For example, embodiments of this application include a computer program product comprising a computer program carried on a computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via communication section 1209, and / or installed from removable medium 1211. When the computer program is executed by central processing unit 1201, it performs various functions defined in the system of this application.

[0202] In such an embodiment, the computer program can be downloaded and installed from a network via the communication section 1209, and / or installed from the removable medium 1211. When the computer program is executed by the central processing unit 1201, it performs various functions provided in the embodiments of this application.

[0203] According to another aspect of the embodiments of this application, an electronic device configured to implement the above-described communication system is also provided. This electronic device may be a terminal device or a server as shown in FIG1. ​​This embodiment uses the electronic device as a terminal device as an example for explanation. As shown in FIG13, the electronic device includes a memory 1302 and a processor 1304. The memory 1302 stores a computer program, and the processor 1304 is configured to execute the steps of any of the above-described method embodiments through the computer program.

[0204] Optionally, in this embodiment, the aforementioned electronic device may be located in at least one of a plurality of network devices in a computer network.

[0205] Optionally, in this embodiment, the processor may be configured to execute the methods in the embodiments of this application via a computer program.

[0206] Optionally, those skilled in the art will understand that the structure shown in FIG13 is merely illustrative and does not limit the structure of the electronic device described above. For example, the electronic device may also include more or fewer components (such as network interfaces) than shown in FIG13, or have a different configuration than shown in FIG13.

[0207] The memory 1302 can be configured to store software programs and modules, such as the program instructions / modules corresponding to the communication system and device in this embodiment. The processor 1304 executes various functional applications and data processing by running the software programs and modules stored in the memory 1302, thereby realizing the aforementioned communication system. The memory 1302 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 1302 may further include memory remotely located relative to the processor 1304, and these remote memories can be connected to the terminal via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof. Specifically, the memory 1302 may be used, but is not limited to, for storing account data and other information. As an example, as shown in FIG13, the memory 1302 may include, but is not limited to, the acquisition module 1102 and the synchronization module 1104 in the aforementioned communication device. In addition, it may include, but is not limited to, other module units in the aforementioned communication device, which will not be described in detail in this example.

[0208] Optionally, the transmission device 1306 described above is used to receive or send data via a network. Specific examples of the network described above may include wired networks and wireless networks. In one example, the transmission device 1306 includes a Network Interface Controller (NIC), which can be connected to other network devices and a router via a network cable to communicate with the Internet or a local area network. In another example, the transmission device 1306 is a Radio Frequency (RF) module, used for wireless communication with the Internet.

[0209] In addition, the aforementioned electronic device also includes: a display 1308 for displaying the account data; and a connection bus 1310 for connecting the various module components in the aforementioned electronic device.

[0210] In other embodiments, the aforementioned terminal device or server can be a node in a distributed system, wherein the distributed system can be a blockchain system, which is a distributed system formed by connecting multiple nodes through network communication. The nodes can form a peer-to-peer network, and any form of computing device, such as a server, terminal, or other electronic device, can become a node in the blockchain system by joining this peer-to-peer network.

[0211] According to one aspect of this application, a computer-readable storage medium is provided, wherein a processor of an electronic device reads computer instructions from the computer-readable storage medium, and executes the computer instructions, causing the electronic device to perform the communication system provided in the various alternative implementations of the above-described communication aspects.

[0212] Optionally, in this embodiment, the computer-readable storage medium described above may be configured to store methods for performing the embodiments of this application.

[0213] Optionally, in this embodiment, those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be implemented by a program instructing the hardware related to the terminal device. The program can be stored in a computer-readable storage medium, which may include: flash drive, read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.

[0214] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0215] If the integrated units in the above embodiments are implemented as software functional units and sold or used as independent products, they can be stored in the aforementioned computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause one or more electronic devices to execute all or part of the steps of the methods described in the various embodiments of this application.

[0216] In the above embodiments of this application, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0217] In the several embodiments provided in this application, it should be understood that the disclosed application can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the displayed or discussed mutual couplings, direct couplings, or communication connections may be through some interfaces; indirect couplings or communication connections between units or modules may be electrical or other forms.

[0218] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0219] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0220] The above description is only a preferred embodiment of this application. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of this application, and these improvements and modifications should also be considered within the scope of protection of this application.< / apiversion>

Claims

1. A communication method, comprising: The user's account data sent by the blockchain node is obtained. The account data includes at least the user's account identifier and whether the user has signed up for satellite communication services. The account data is set to be determined by the ground operator's operation service platform and sent to the blockchain node for storage. The account data is synchronized to the satellite core network so that when a user initiates registration with the satellite core network through a terminal device, the satellite core network verifies the user's roaming capability and indicates whether the user is allowed to use the terminal device for data interaction.

2. The method according to claim 1, wherein, The method further includes: The system acquires the user's account change data and sends the account change data to the blockchain node, wherein the account change data is determined by the ground operator's operation service platform. The account data stored in the blockchain node is updated based on the account change data; The account data is queried and the updated account data is synchronized to the satellite core network.

3. The method according to any one of claims 1 to 2, wherein, The process of obtaining user account data sent by the blockchain node includes: Receive the account data sent by the ground operator's operation service platform through the first blockchain node, wherein the account data is configured to be broadcast through the first blockchain node; The account data is received from the first blockchain node via the second blockchain node.

4. The method according to claim 3, wherein, The method further includes: Determine whether the first blockchain node and the second blockchain node have reached a consensus on the account data, and if a consensus is reached, write the account data into the blockchain ledger corresponding to the blockchain node; The on-chain status of the account data is reported to the ground operator's operation service platform, wherein the on-chain status is set to indicate whether the account data has been successfully stored on the blockchain node.

5. The method according to claim 3, wherein, The method further includes at least one of the following: In response to a change in the account data, the system obtains the changed account data actively pushed by the second blockchain node and sends the push result to the second blockchain node. The account data is actively retrieved from the second blockchain node.

6. The method according to claim 3, wherein, The method further includes: In response to a change in the account data, the changed account data is sent to the satellite core network; Obtain the result data of the user determined by the satellite core network based on the account data.

7. The method according to any one of claims 1 to 6, wherein, The method further includes: The access and mobility management function entity obtains the registration request message sent by the terminal device, performs an authentication process based on the registration request message, and after the authentication process is completed, sends a user roaming data acquisition request message to the data management entity through the access and mobility management function entity, wherein the user roaming data acquisition request message includes the account identifier; The data management entity determines the user's satellite access capability identifier based on the user roaming data acquisition request message, and sends the satellite access capability identifier to the access and mobility management function entity through the data management entity to indicate whether the terminal device has the conditions to access the satellite network.

8. The method according to claim 7, wherein, The method further includes: The data management entity is used to determine the account identifier from the user roaming data acquisition request message; The account identifier is encrypted using the data management entity. The data management entity uses the encrypted account identifier and the account data synchronized with the satellite operator's operation service platform to verify the satellite access capability identifier. The data management entity sends the satellite access capability identifier to the access and mobility management function entity.

9. The method according to any one of claims 1 to 8, wherein, The method further includes at least one of the following: The system queries the blockchain node for the user's backtracking data results according to the data query request, wherein the data query request includes the account identifier and the query time period; The ground operator's operation service platform is controlled to query the blockchain node for the user's retrospective data results based on the data query request.

10. A communication device, comprising: The acquisition module is configured to acquire user account data through a blockchain node. The account data includes at least the user's account identifier and whether the user has subscribed to satellite communication services. The account data is configured to be determined by the ground operator's operation service platform and sent to the blockchain node for storage. The synchronization module is configured to synchronize the account data to the satellite core network, so that when the user initiates registration with the satellite core network through the terminal device, the satellite core network verifies the user's roaming capability and indicates whether the user is allowed to use the terminal device for data interaction.

11. A computer-readable storage medium comprising a stored computer program, wherein, The computer program can be executed by an electronic device to perform the method of any one of claims 1 to 9.

12. A computer program product comprising a computer program that, when executed by a processor, implements the steps of the method according to any one of claims 1 to 9.

13. An electronic device comprising a memory and a processor, the memory storing a computer program, the processor being configured to perform the method of any one of claims 1 to 9 via the computer program.