Access control method, communication device, communication system, storage medium and product

WO2026148550A1PCT designated stage Publication Date: 2026-07-16BEIJING XIAOMI MOBILE SOFTWARE CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
BEIJING XIAOMI MOBILE SOFTWARE CO LTD
Filing Date
2025-01-09
Publication Date
2026-07-16

AI Technical Summary

Technical Problem

Existing technologies make it difficult to flexibly control the access of IoT devices, resulting in a lack of flexibility and diversity in the access process.

Method used

The system receives and processes first information through IoT devices to determine whether to access the first communication device. The information includes access control parameters and related information, and supports multiple information acquisition channels and priority processing to ensure the flexibility and diversity of access control.

Benefits of technology

It enables flexible access control for IoT devices, improves the standardization and diversity of the access process, and adapts to IoT devices of different types and locations.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025071622_16072026_PF_FP_ABST
    Figure CN2025071622_16072026_PF_FP_ABST
Patent Text Reader

Abstract

Provided in the present disclosure are an access control method, a communication device, a communication system, a storage medium and a product. In the present disclosure, first information is received by an IoT device, the first information comprises information for controlling the IoT device to access a first communication device, and the IoT device can determine, on the basis of the first information, whether to access the first communication device, thus more flexibly implementing access control over the IoT device by means of the first information.
Need to check novelty before this filing date? Find Prior Art

Description

Access control methods, communication equipment, communication systems, storage media and products Technical Field

[0001] This disclosure relates to the field of communication technology, and in particular to an access control method, communication equipment, communication system, storage medium, and product. Background Technology

[0002] The development of 6th Generation Mobile Communication Technology (6G) will bring unprecedented opportunities to the Internet of Things (IoT) technology, promote innovation and application of IoT technology in multiple fields, fully unleash the potential of IoT, and ultimately realize a smarter, more efficient and interconnected future. Summary of the Invention

[0003] To enable more flexible access control for IoT devices, embodiments of this disclosure propose an access control method, communication device, communication system, storage medium, and product.

[0004] According to a first aspect of the present disclosure, an access control method is proposed, executed by an Internet of Things (IoT) device, the method comprising: receiving first information, the first information including information for controlling the IoT device to access a first communication device; and determining, based on the first information, whether to access the first communication device.

[0005] According to a second aspect of the present disclosure, an access control method is provided, executed by a first communication device, the method comprising: sending first information to an IoT device, the first information including information for controlling the IoT device to access the first communication device, the first information being used by the IoT device to determine whether to access the first communication device.

[0006] According to a third aspect of the present disclosure, a communication device is provided for performing the access control method as described in the first or second aspect above.

[0007] According to a fourth aspect of the present disclosure, a communication system is provided, including an IoT device and a first communication device, wherein the IoT device is configured to implement the access control method as described in the first aspect above, and the first communication device is configured to implement the access control method as described in the second aspect above.

[0008] According to a fifth aspect of the present disclosure, a storage medium is provided that stores instructions that, when executed on a communication device, cause the communication device to perform the access control method as described in the first or second aspect above.

[0009] According to a sixth aspect of the present disclosure, a program product is provided, including at least one of a program and instructions, wherein when the program and instructions are executed by a communication device, they implement the access control method as described in the first or second aspect above.

[0010] This disclosure provides first information, which includes information for controlling an IoT device to access a first communication device. By sending the first information to the IoT device from the first communication device, the IoT device can receive the first information and determine whether to access the first communication device based on the first information, so as to achieve more flexible access control for the IoT device through the first information. Attached Figure Description

[0011] To more clearly illustrate the technical solutions in the embodiments of this disclosure, the accompanying drawings required for the description of the embodiments are introduced below. The following drawings are only some embodiments of this disclosure and do not impose specific limitations on the protection scope of this disclosure.

[0012] Figure 1 is a schematic diagram of the architecture of a communication system according to an embodiment of the present disclosure.

[0013] Figure 2 is an interactive schematic diagram of an access control method according to an embodiment of the present disclosure.

[0014] Figure 3A is a flowchart illustrating an access control method according to an embodiment of the present disclosure.

[0015] Figure 3B is a schematic flowchart illustrating an access control method according to an embodiment of the present disclosure.

[0016] Figure 4A is a schematic flowchart illustrating an access control method according to an embodiment of the present disclosure.

[0017] Figure 4B is a schematic flowchart illustrating an access control method according to an embodiment of the present disclosure.

[0018] Figure 5A is a schematic diagram of the structure of an IoT device proposed in an embodiment of this disclosure.

[0019] Figure 5B is a schematic diagram of the structure of the first communication device proposed in an embodiment of this disclosure.

[0020] Figure 6A is a schematic diagram of the structure of the communication device 6100 proposed in an embodiment of this disclosure.

[0021] Figure 6B is a schematic diagram of the structure of the chip 6200 proposed in the embodiment of this disclosure. Detailed Implementation

[0022] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numerals in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this disclosure. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this disclosure as detailed in the appended claims.

[0023] The terminology used in this disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The singular forms “a,” “the,” and “the” as used in this disclosure and the appended claims are also intended to include the plural forms unless the context clearly indicates otherwise. It should also be understood that the term “and / or” as used herein refers to and includes any or all possible combinations of at least one associated listed item.

[0024] It should be understood that although the terms first, second, third, etc., may be used in this disclosure to describe various messages, these messages should not be limited to these terms. These terms are used only to distinguish messages of the same type from one another. For example, without departing from the scope of this disclosure, a first message may also be referred to as a second message, and similarly, a second message may also be referred to as a first message. Depending on the context, the word "if" as used herein may be interpreted as "when," "when," or "in response to determination."

[0025] This disclosure presents an access control method, a communication device, a communication system, a storage medium, and a product.

[0026] In a first aspect, embodiments of this disclosure propose an access control method executed by an Internet of Things (IoT) device. The method includes: receiving first information, the first information including information for controlling the IoT device to access a first communication device; and determining, based on the first information, whether to access the first communication device.

[0027] In the above embodiments, by receiving first information from the IoT device, the first information including information for controlling the IoT device to access the first communication device, the IoT device can determine whether to access the first communication device based on the first information, so as to achieve access control for the IoT device more flexibly through the first information.

[0028] In conjunction with some embodiments of the first aspect, in some embodiments, the first information includes at least one of the following: first access information, which indicates relevant information for IoT devices to access the network; and access control parameters.

[0029] In the above embodiments, multiple optional information contents are provided for the first information, so that the information contents included in the first information can be configured as needed, thereby improving the flexibility of the first information configuration process and enhancing the diversity of the first information.

[0030] In conjunction with some embodiments of the first aspect, in some embodiments, the first access information is associated with access control parameters; determining whether to access the first communication device based on the first information includes: determining second access information; and determining whether to access the first communication device based on access control parameters associated with the first access information that match the second access information.

[0031] In the above embodiments, an optional implementation method is provided for determining whether to access the first communication device based on the first information. That is, the first access information is configured to be associated with access control parameters, so that after the corresponding first access information is matched based on the actual second access information of the IoT device, the determination of whether to access the first communication device can be realized according to the access control parameters associated with the matched first access information, thus ensuring the smooth progress of the access control process for the IoT device.

[0032] In conjunction with some embodiments of the first aspect, in some embodiments, determining the second access information includes: determining relevant information for the IoT device to access the network; and determining the second access information based on the relevant information for the IoT device to access the network.

[0033] In the above embodiments, an optional implementation method is provided for the IoT device to determine the second access information, that is, the IoT device determines the relevant information for its access, and then determines the second access information based on the determined information, so as to ensure the smooth progress of the determination process of the second access information, thereby ensuring that the determined second access information can be matched with the first access information.

[0034] In conjunction with some embodiments of the first aspect, in some embodiments, determining the second access information based on the relevant information for access by the IoT device includes any one of the following: determining the relevant information for access by the IoT device as the second access information; determining the access information that matches the relevant information for access by the IoT device as the second access information based on second information used to indicate the mapping relationship between the relevant information for access by the IoT device and the access information.

[0035] In the above embodiments, multiple optional implementation methods are provided for determining the second access information based on the relevant information of IoT device access. That is, the relevant information of IoT device access is directly determined as the second access information, or the second access information is determined according to the mapping relationship between the relevant information of IoT device access indicated by the second information and the access information, so as to improve the flexibility and diversity of the second access information determination method.

[0036] In conjunction with some embodiments of the first aspect, in some embodiments, the second information is agreed upon by the protocol, or the second information is indicated by the second communication device to the IoT device.

[0037] In the above embodiments, multiple optional implementation methods are provided for IoT devices to acquire the second information, so that IoT devices can acquire the second information through multiple channels, thereby improving the flexibility and diversity of the second information acquisition process.

[0038] In conjunction with some embodiments of the first aspect, in some embodiments, the method further includes: having multiple second pieces of information, determining second information for determining the second access information from the multiple pieces of second information according to priority information; wherein the priority information is agreed upon by a protocol, or the priority information is configured by a third communication device for the IoT device.

[0039] In the above embodiments, an optional implementation method is provided for selecting the second information used to determine the second access information from multiple pieces of second information when there are multiple pieces of second information. That is, the IoT device selects the second information according to priority information, ensuring the smooth progress of the determination process of the second access information. In addition, multiple optional implementation methods are provided for the IoT device to obtain priority information, so that the IoT device can obtain priority information through multiple channels, improving the flexibility and diversity of the priority information acquisition process.

[0040] In conjunction with some embodiments of the first aspect, in some embodiments, the second access information is determined by the access layer (AS), and / or the second access information is determined by the non-access layer (NAS).

[0041] In the above embodiments, two optional implementation methods are provided: determining the second access information by AS and / or NAS, so as to improve the flexibility and diversity of the process of determining the second access information.

[0042] In conjunction with some embodiments of the first aspect, in some embodiments, the relevant information for IoT device access includes at least one of the following: the device type of the IoT device; the identification information of the IoT device; the service type of the IoT service; the identification information of the IoT service; the identification information of the first communication device; and the location information of the IoT device.

[0043] In the above embodiments, multiple optional information types are provided for the information related to IoT device access, so as to enhance the flexibility and diversity of the information content indicated by the access information, thereby improving the flexibility and diversity of the access information.

[0044] In conjunction with some embodiments of the first aspect, in some embodiments, the location information includes at least one of the following: geographic location information; beam information; beam group information.

[0045] In the above embodiments, a variety of optional location information is provided so that multiple types of location information can be used as the location information included in the relevant information for IoT device access, thereby improving the flexibility and diversity of location information.

[0046] In conjunction with some embodiments of the first aspect, in some embodiments, the beam information or beam group information includes at least a Synchronization Signal Block (SSB) index; determining the second access information includes: performing SSB selection; determining whether to access the first communication device based on access control parameters associated with the first access information that matches the second access information includes: determining whether to access the first communication device based on access control parameters in the first access information that match the SSB index of the selected SSB.

[0047] In the above embodiments, an optional implementation method is provided in which, when the beam information or beam group information is an SSB index, the determination of whether to access the first communication device is realized based on the SSB index, which is the location information, so as to ensure that access control of IoT devices can be realized when the location information is an SSB index.

[0048] In conjunction with some embodiments of the first aspect, in some embodiments, the access control parameters include at least one of the following: first indication information, which indicates whether the IoT device is allowed to access; and access conditions, which indicate the conditions under which the IoT device is allowed to access.

[0049] In the above embodiments, a variety of optional access control parameters are provided so that the first information can be used to indicate the various access control parameters, thereby improving the flexibility and diversity of the access control parameters included in the first information.

[0050] In conjunction with some embodiments of the first aspect, in some embodiments, the method further includes any one of the following: ignoring whether the second indication information indicates that a regular terminal is allowed to access, determining whether the IoT device is allowed to access based on the first indication information; the second indication information indicates that a regular terminal is allowed to access, determining whether the IoT device is allowed to access based on the first indication information; the second indication information indicates that a regular terminal is not allowed to access, determining whether the IoT device is allowed to access based on the first indication information.

[0051] In the above embodiments, an implementation mechanism is provided for an IoT device to determine whether it is allowed to access based on the first indication information, so that the IoT device can be determined to be allowed to access based on the first indication information under the corresponding circumstances, thereby improving the standardization of the access control process.

[0052] In conjunction with some embodiments of the first aspect, in some embodiments, the second indication information indicates that a regular terminal is allowed to access, and the method determines whether the IoT device is allowed to access based on the first indication information. The method further includes: if the second indication information indicates that a regular terminal is not allowed to access, determining that the IoT device is not allowed to access; if the second indication information indicates that a regular terminal is not allowed to access, and the method determines whether the IoT device is allowed to access based on the first indication information, the method further includes: if the second indication information indicates that a regular terminal is allowed to access, determining that the IoT device is allowed to access.

[0053] In the above embodiments, an optional implementation method is provided to determine whether an IoT device is allowed to access when the second indication information indicates that a normal terminal is allowed to access, and to determine whether an IoT device is allowed to access when the second indication information indicates that a normal terminal is not allowed to access, thereby ensuring the integrity and standardization of the access control process.

[0054] In conjunction with some embodiments of the first aspect, in some embodiments, the first information is determined based on capabilities related to access control of the first communication device, and / or, the first information is determined based on capabilities related to access control of the fourth communication device.

[0055] In the above embodiments, multiple information types are provided for determining the first information, that is, the first information is determined based on the capabilities related to the access control of the first communication device and / or the capabilities related to the access control of the fourth communication device, thereby improving the flexibility and diversity of the first information determination process.

[0056] In conjunction with some embodiments of the first aspect, in some embodiments, the first information is determined and sent to the IoT device by a first communication device, or the first information is determined and sent to the IoT device by a fourth communication device.

[0057] In the above embodiments, multiple optional sources of the first information are provided, namely, the first information is determined by the first communication device and sent to the IoT device, or the first information is determined by the fourth communication device and sent to the IoT device, so as to improve the flexibility and diversity of the first information acquisition process.

[0058] In conjunction with some embodiments of the first aspect, in some embodiments, the first information is determined by a first communication device, the first information is determined by the first communication device based on capabilities related to access control of the first communication device, and / or, the first information is determined by the first communication device based on first capability information received from the fourth communication device, the first capability information indicating capabilities related to access control of the fourth communication device; the first information is determined by the fourth communication device, the first information is determined by the fourth communication device based on capabilities related to access control of the fourth communication device, and / or, the first information is determined by the fourth communication device based on second capabilities received from the first communication device, the second capability information indicating capabilities related to access control of the first communication device.

[0059] In the above embodiments, an optional implementation method is provided for the first communication device and the fourth communication device to determine the first information, so as to ensure that the first communication device and the fourth communication device can determine the first information, thereby ensuring the smooth progress of the subsequent access control process.

[0060] In conjunction with some embodiments of the first aspect, in some embodiments, the first communication device is an access network device, the fourth communication device is a core network device, or the fourth communication device is a device for forwarding data and / or signaling between the IoT device and the access network device; the first communication device is a device for forwarding data and / or signaling between the IoT device and the access network device, and the fourth communication device is an access network device or a core network device.

[0061] In the above embodiments, multiple optional device types for the first and fourth communication devices are provided, so that the determination and transmission of the first information to the IoT device can be achieved by various types of first or fourth communication devices, thereby improving the flexibility and diversity of the access control process. Furthermore, the types of fourth communication devices corresponding to different types of first communication devices are increased to standardize the access control process.

[0062] In conjunction with some embodiments of the first aspect, in some embodiments, receiving the first information includes: receiving a first system information block (SIB), wherein the first SIB is an SIB used to instruct an IoT device to access the network, and the first SIB includes the first information.

[0063] In the above embodiments, by defining a first SIB for instructing IoT devices to access the network, the first information can be carried through the first SIB, and the first information can be sent by sending the first SIB.

[0064] In conjunction with some embodiments of the first aspect, in some embodiments, different types of IoT devices correspond to different first SIBs, and the method further includes: obtaining the first information from the first SIB corresponding to the type of the IoT device.

[0065] In the above embodiments, by configuring different first SIBs for different types of IoT devices, the IoT devices can obtain first information from the first SIB corresponding to their own device type, thus ensuring the standardization of the first information acquisition process.

[0066] In conjunction with some embodiments of the first aspect, in some embodiments, the first SIB further includes multiple subfields, the multiple subfields including at least one of the following: a first subfield, the first subfield being used to indicate the type identifier of different types of IoT devices; a second subfield, the second subfield being used to indicate the service priority of different IoT services; and a third subfield, the third subfield being used to indicate the location area to which the first information applies.

[0067] In the above embodiments, the first SIB is provided with a variety of optional subfields to indicate different information through different subfields, thereby improving the flexibility and diversity of the information carried by the first SIB.

[0068] In conjunction with some embodiments of the first aspect, in some embodiments, determining whether to access the first communication device based on the first information includes: the device type of the IoT device matches the device type corresponding to the type identifier indicated by the first sub-field; the service priority of the IoT service corresponding to the IoT device in the second sub-field satisfies the first priority; and the location information of the IoT device satisfies the location area indicated by the third sub-field. Based on the first information, determining whether to access the first communication device.

[0069] In the above embodiments, the system determines whether to access the first communication device based on the first information, depending on the information indicated by the various optional subfields included in the first SIB, thereby ensuring the standardization of the access control process.

[0070] In some embodiments, in conjunction with the first aspect, the method further includes: receiving fourth information sent by the first communication device, the fourth information being used to indicate whether the first communication device provides the first information.

[0071] In the above embodiments, by having the first communication device interact with the IoT device to exchange fourth information, the fourth information can be used to indicate whether the first communication device provides the first information, so that the IoT device can perform subsequent access control procedures according to the indication of the fourth information, thereby improving the standardization of the access control process.

[0072] Secondly, this disclosure provides an access control method executed by a first communication device. The method includes sending first information to an IoT device, the first information including information for controlling the IoT device to access the first communication device, the first information being used by the IoT device to determine whether to access the first communication device.

[0073] In the above embodiments, by sending first information from the first communication device to the IoT device, the first information includes information for controlling the IoT device to access the first communication device, so that the IoT device can determine whether to access the first communication device based on the first information, so as to achieve access control for the IoT device more flexibly through the first information.

[0074] In conjunction with some embodiments of the second aspect, in some embodiments, the first information includes at least one of the following: first access information, which indicates relevant information for IoT devices to access the network; and access control parameters.

[0075] In conjunction with some embodiments of the second aspect, in some embodiments, the first access information is associated with access control parameters; the first information is used by the IoT device to determine whether to access the first communication device, including: the first information is used by the IoT device to determine first access information matching the second access information based on the second access information, so as to determine whether to access the first communication device based on the access control parameters associated with the first access information matching the second access information.

[0076] In conjunction with some embodiments of the second aspect, in some embodiments, the second access information is determined by the IoT device based on relevant information for access, wherein the relevant information for access is determined by the IoT device.

[0077] In conjunction with some embodiments of the second aspect, in some embodiments, the second access information is determined by the IoT device based on relevant information for access, including any one of the following: the second access information is relevant information for access; the second access information is access information that matches the relevant information for access determined according to the second information, wherein the second information is used to indicate the mapping relationship between the relevant information for access and the access information.

[0078] In conjunction with some embodiments of the second aspect, in some embodiments, the method further includes: sending the second information to the IoT device.

[0079] In the above embodiments, by sending second information from the first communication device to the IoT device, the IoT device can obtain the second information, thereby determining the second access information under the instruction of the second information, thus ensuring the smooth progress of the subsequent access control process.

[0080] In conjunction with some embodiments of the second aspect, in some embodiments, the method further includes: sending priority information to the IoT device, the priority information being used by the IoT device to determine second information for determining the second access information from among multiple pieces of second information when there are multiple pieces of second information.

[0081] In the above embodiments, by sending priority information from the first communication device to the IoT device, the IoT device can select the second information for determining the second access information based on the priority information, thereby ensuring the smooth progress of the subsequent access control process.

[0082] In conjunction with some embodiments of the second aspect, in some embodiments, the second access information is determined by the AS, and / or the second access information is determined by the NAS.

[0083] In conjunction with some embodiments of the second aspect, in some embodiments, the relevant information for IoT device access includes at least one of the following: the device type of the IoT device; the identification information of the IoT device; the service type of the IoT service; the identification information of the IoT service; the identification information of the first communication device; and the location information of the IoT device.

[0084] In conjunction with some embodiments of the second aspect, in some embodiments, the location information includes at least one of the following: geographic location information; beam information; wave array information.

[0085] In conjunction with some embodiments of the second aspect, in some embodiments, the access control parameters include at least one of the following: first indication information, which indicates whether the IoT device is allowed to access; and access conditions, which indicate the conditions under which the IoT device is allowed to access.

[0086] In conjunction with some embodiments of the second aspect, in some embodiments, the first indication information is used by the IoT device to determine whether the IoT device is allowed to access in any of the following situations: ignoring whether the second indication information indicates that a normal terminal is allowed to access; the second indication information indicates that a normal terminal is allowed to access; the second indication information indicates that a normal terminal is not allowed to access.

[0087] In conjunction with some embodiments of the second aspect, in some embodiments, the first indication information is used by the IoT device to determine whether the IoT device is allowed to access when the second indication information indicates that a regular terminal is allowed to access; if the second indication information indicates that a regular terminal is not allowed to access, the IoT device is not allowed to access.

[0088] In conjunction with some embodiments of the second aspect, in some embodiments, the method further includes at least one of the following: determining the first information based on capabilities related to access control of the first communication device; determining the first information based on first capability information received from a fourth communication device, the first capability information being used to indicate capabilities related to access control of the fourth communication device.

[0089] In the above embodiments, multiple optional implementations of the first communication device determining the first information are provided, so that the first communication device can determine the first information in multiple ways, thereby improving the flexibility and diversity of the first information determination process.

[0090] In conjunction with some embodiments of the second aspect, in some embodiments, the first communication device is an access network device, the fourth communication device is a core network device, or the fourth communication device is a device for forwarding data and / or signaling between the IoT device and the access network device; the first communication device is a device for forwarding data and / or signaling between the IoT device and the access network device, and the fourth communication device is an access network device or a core network device.

[0091] In conjunction with some embodiments of the second aspect, in some embodiments, sending the first information to the IoT device includes: sending a first SIB to the IoT device, wherein the first SIB is an SIB used to instruct the IoT device to access the network, and the first SIB includes the first information.

[0092] In conjunction with some embodiments of the second aspect, in some embodiments, the first SIBs corresponding to different types of IoT devices are different, and sending the first SIB to the IoT device includes: sending the first SIB corresponding to the type of the IoT device to the IoT device.

[0093] In the above embodiments, by configuring different first SIBs for different types of IoT devices, the first communication device can send the corresponding first SIB according to the type of IoT device, thereby ensuring that the IoT device can obtain the first information from the first SIB corresponding to its own device type, and ensuring the standardization of the first information acquisition process.

[0094] In conjunction with some embodiments of the second aspect, in some embodiments, the first SIB further includes multiple subfields, the multiple subfields including at least one of the following: a first subfield, the first subfield being used to indicate the type identifier of different types of IoT devices; a second subfield, the second subfield being used to indicate the service priority of different IoT services; and a third subfield, the third subfield being used to indicate the location area to which the first information applies.

[0095] In conjunction with some embodiments of the second aspect, in some embodiments, the first information is used for the IoT device to determine whether to access the first communication device under the following conditions: the device type of the IoT device matches the device type corresponding to the type identifier indicated by the first sub-field; the service priority of the IoT service corresponding to the IoT device in the second sub-field satisfies the first priority; and the location information of the IoT device satisfies the location area indicated by the third sub-field.

[0096] In some embodiments, in conjunction with the second aspect, the method further includes: sending fourth information to the IoT device, the fourth information being used to indicate whether the first communication device provides the first information.

[0097] Thirdly, this disclosure provides an IoT device, including: a transceiver module configured to receive first information, the first information including information for controlling the IoT device to access a first communication device; and a processing module configured to determine whether to access the first communication device based on the first information.

[0098] Fourthly, this disclosure provides a first communication device, including: a transceiver module configured to send first information to an IoT device, the first information including information for controlling the IoT device to access the first communication device, the first information being used by the IoT device to determine whether to access the first communication device.

[0099] Fifthly, embodiments of this disclosure provide an IoT device, comprising: one or more processors; wherein the IoT device is configured to perform the access control method as described in the first aspect above.

[0100] In a sixth aspect, embodiments of this disclosure provide a first communication device, comprising: one or more processors; wherein the first communication device is configured to perform the access control method as described in the second aspect above.

[0101] In a seventh aspect, embodiments of this disclosure provide a communication device for performing the access control method as described in the first or second aspect above.

[0102] Eighthly, embodiments of this disclosure provide a communication system including an IoT device and a first communication device, wherein the IoT device is configured to implement the access control method as described in the first aspect above, and the first communication device is configured to implement the access control method as described in the second aspect above.

[0103] In a ninth aspect, embodiments of this disclosure provide a storage medium storing instructions that, when executed on a communication device, cause the communication device to perform the access control method as described in the first or second aspect above.

[0104] In a tenth aspect, embodiments of this disclosure provide a program product including at least one of a program and instructions, wherein when the program and instructions are executed by a communication device, they implement the access control method as described in the first or second aspect above.

[0105] In one aspect, embodiments of this disclosure provide a computer program that, when run on a computer, causes the computer to perform the access control method as described in the first or second aspect above.

[0106] In a twelfth aspect, embodiments of this disclosure provide a chip or chip system. The chip or chip system includes processing circuitry configured to perform the access control method described in the first or second aspect above.

[0107] It is understood that the aforementioned IoT devices, first communication devices, communication devices, communication systems, storage media, program products, computer programs, chips, or systems are all used to execute the methods proposed in the embodiments of this disclosure. Therefore, the beneficial effects that can be achieved can be referred to the beneficial effects in the corresponding methods, and will not be repeated here.

[0108] This disclosure provides an access control method, a communication device, a communication system, a storage medium, and a product. In some embodiments, the terms "access control method" and "information processing method," "communication method," etc., can be used interchangeably; the terms "communication system," "information processing system," etc., can also be used interchangeably.

[0109] This disclosure is not exhaustive, but merely illustrative of some embodiments, and is not intended to limit the scope of protection of this disclosure. Unless otherwise specified, each step in a particular embodiment can be implemented as an independent embodiment, and the steps can be arbitrarily combined. For example, a solution after removing some steps in a particular embodiment can also be implemented as an independent embodiment, and the order of the steps in a particular embodiment can be arbitrarily interchanged. Furthermore, the optional implementation methods in a particular embodiment can be arbitrarily combined; moreover, the embodiments can be arbitrarily combined, for example, some or all steps of different embodiments can be arbitrarily combined, and a particular embodiment can be arbitrarily combined with the optional implementation methods of other embodiments.

[0110] In each of the disclosed embodiments, unless otherwise specified or in case of logical conflict, the terminology and / or descriptions of the embodiments are consistent and can be referenced by each other. Technical features in different embodiments can be combined to form new embodiments based on their inherent logical relationships.

[0111] The terminology used in the embodiments of this disclosure is for the purpose of describing particular embodiments only and is not intended to limit the scope of this disclosure.

[0112] In this embodiment of the disclosure, unless otherwise stated, elements expressed in the singular form, such as "a," "an," "the," "the," "the," "the," "the," "the," "this," etc., can mean "one and only one," or "one or more," "at least one," etc. For example, when using articles such as "a," "an," "the," etc. in translation, the noun following the article can be understood as either a singular expression or a plural expression.

[0113] In the embodiments disclosed herein, "multiple" refers to two or more.

[0114] In some embodiments, the terms “at least one of”, “one or more”, “a plurality of”, “multiple”, etc., may be used interchangeably.

[0115] In some embodiments, the notation "at least one of A and B", "A and / or B", "A in one case, B in another", "in response to one case A, in response to another case B", etc., may include the following technical solutions depending on the situation: in some embodiments, A (execute A regardless of B); in some embodiments, B (execute B regardless of A); in some embodiments, execution is selected from A and B (A and B are selectively executed); in some embodiments, A and B (both A and B are executed). The same applies when there are more branches such as A, B, C, etc.

[0116] In some embodiments, the notation "A or B" may include the following technical solutions, depending on the situation: in some embodiments, A (execution of A regardless of B); in some embodiments, B (execution of B regardless of A); in some embodiments, execution is selected from A and B (A and B are selectively executed). The same applies when there are more branches such as A, B, C, etc.

[0117] The prefixes "first," "second," etc., used in the embodiments of this disclosure are merely for distinguishing different descriptive objects and do not impose restrictions on the position, order, priority, quantity, or content of the descriptive objects. The description of the descriptive objects is found in the claims or the context of the embodiments, and the use of prefixes should not constitute unnecessary restrictions. For example, if the descriptive object is a "field," the ordinal numbers preceding "field" in "first field" and "second field" do not restrict the position or order of the "fields." "First" and "second" do not restrict whether the "fields" they modify are in the same message, nor do they restrict the order of "first field" and "second field." Similarly, if the descriptive object is a "level," the ordinal numbers preceding "level" in "first level" and "second level" do not restrict the priority between "levels." Furthermore, the number of descriptive objects is not limited by ordinal numbers and can be one or more. For example, in "first device," the number of "devices" can be one or more. Furthermore, the objects modified by different prefixes can be the same or different. For example, if the object being described is "device", then "first device" and "second device" can be the same device or different devices, and their types can be the same or different. Similarly, if the object being described is "information", then "first information" and "second information" can be the same information or different information, and their content can be the same or different.

[0118] In some embodiments, “including A,” “containing A,” “for indicating A,” and “carrying A” can be interpreted as directly carrying A or indirectly indicating A.

[0119] In some embodiments, the terms “in response to…”, “in response to determining…”, “in the case of…”, “when…”, “if…”, “if…”, etc., can be used interchangeably.

[0120] In some embodiments, the terms “greater than,” “greater than or equal to,” “not less than,” “more than,” “more than or equal to,” “not less than,” “higher than,” “higher than or equal to,” “not lower than,” and “above” can be used interchangeably, as can the terms “less than,” “less than or equal to,” “not greater than,” “less than,” “less than or equal to,” “not more than,” “lower than,” “lower than or equal to,” “not higher than,” and “below”.

[0121] In some embodiments, the apparatus and device may be interpreted as physical or virtual, and their names are not limited to the names recorded in the embodiments. In some cases, they may also be understood as "equipment", "device", "circuit", "network element", "node", "function", "unit", "section", "system", "network", "chip", "chip system", "entity", "body", etc.

[0122] In some embodiments, "network" can be interpreted as devices included in the network, such as access network devices, core network devices, etc.

[0123] In some embodiments, "access network device (AN device)" may also be referred to as "radio access network device (RAN device)," "base station (BS)," "radio base station," or "fixed station." In some embodiments, it may also be understood as "node," "access point," "transmission point (TP)," "reception point (RP)," "transmission / reception point (TRP)," "panel," "antenna panel," "antenna array," "cell," "macro cell," "small cell," "femto cell," "pico cell," "sector," "cell group," "serving cell," "carrier," "component carrier," or "bandwidth part (BWP)."

[0124] In some embodiments, "terminal" or "terminal device" may be referred to as "user equipment (UE)," "user terminal," "mobile station (MS)," "mobile terminal (MT)," "subscriber station," "mobile unit," "subscriber unit," "wireless unit," "remote unit," "mobile device," "wireless device," "wireless communication device," "remote device," "mobile subscriber station," "access terminal," "mobile terminal," "wireless terminal," "remote terminal," "handset," "user agent," "mobile client," "client," etc.

[0125] In some embodiments, the acquisition of data, information, etc., may comply with the laws and regulations of the country where the location is situated.

[0126] In some embodiments, data, information, etc., may be obtained with the user's consent.

[0127] Furthermore, each element, each row, or each column in the table of this disclosure can be implemented as an independent embodiment, and any combination of any element, any row, or any column can also be implemented as an independent embodiment.

[0128] Figure 1 is a schematic diagram of the architecture of a communication system according to an embodiment of the present disclosure. As shown in Figure 1, the communication system 100 includes an IoT device 101 and a first communication device 102.

[0129] In some embodiments, IoT devices 101 include, for example, RedCap devices, smart speakers, smart door locks, smart thermostats, smart sockets and other smart home devices; smart watches, smart bracelets, sleep monitoring devices and other smart health monitoring devices; smart irrigation systems, temperature and humidity sensors, smart agricultural machinery and other smart agricultural equipment; smart sensors, smart meters, industrial robots and other industrial IoT devices; cars with communication functions, smart cars, wireless terminal devices in self-driving vehicles, vehicle-mounted sensors, vehicle-to-everything (V2X) devices and other smart transportation equipment; meteorological sensors, noise sensors, water quality sensors, air quality monitors and other environmental monitoring equipment; mobile phones, wearable devices, virtual reality (VR) terminal devices, augmented reality (AR) terminal devices, wireless terminal devices in remote medical surgery, wireless terminal devices in smart grids, wireless terminal devices in transportation safety, wireless terminal devices in smart cities, and smart homes. At least one, but not limited to, wireless terminal devices in the home.

[0130] In some embodiments, the first communication device 102 includes an access network device or a relay device. The relay device is a device used for forwarding data and / or signaling between the IoT device and the access network device.

[0131] In some embodiments, the access network device is, for example, a node or device that connects IoT devices to a wireless network. The access network device may include, but is not limited to, at least one of the following in a 5G communication system: evolved Node B (eNB), next-generation eNB (ng-eNB), next-generation Node B (gNB), node B (NB), home node B (HNB), home evolved node B (HeNB), wireless backhaul device, radio network controller (RNC), base station controller (BSC), base transceiver station (BTS), base band unit (BBU), mobile switching center, base station in a 6G communication system, open RAN, cloud RAN, base station in other communication systems, and access node in a Wi-Fi system.

[0132] In some embodiments, the technical solutions of this disclosure can be applied to the Open RAN architecture. In this case, the interfaces between or within access network devices involved in the embodiments of this disclosure can be transformed into internal interfaces of Open RAN. The processes and information interactions between these internal interfaces can be implemented by software or programs.

[0133] In some embodiments, the access network device may be composed of a central unit (CU) and a distributed unit (DU). The CU may also be called a control unit. The CU-DU structure can separate the protocol layer of the access network device. Some of the protocol layer functions are centrally controlled by the CU, while the remaining part or all of the protocol layer functions are distributed in the DU and centrally controlled by the CU. However, this is not the only possibility.

[0134] In some embodiments, relay devices include, but are not limited to, repeaters, integrated access and backhaul nodes (IAB nodes), routers, terminals, etc.

[0135] In some embodiments, the terminal may also be referred to as user equipment (UE), which includes, for example, at least one of the following: mobile phone, wearable device, car with communication function, smart car, tablet computer, computer with wireless transceiver function, virtual reality (VR) terminal device, augmented reality (AR) terminal device, wireless terminal device in industrial control, wireless terminal device in self-driving, wireless terminal device in remote medical surgery, wireless terminal device in smart grid, wireless terminal device in transportation safety, wireless terminal device in smart city, and wireless terminal device in smart home, but is not limited thereto.

[0136] In some embodiments, the communication system 100 may further include a fourth communication device.

[0137] In some embodiments, the first communication device is an access network device, the fourth communication device is a core network device, or the fourth communication device is a relay device.

[0138] In some embodiments, the first communication device is a relay device, and the fourth communication device is an access network device or a core network device.

[0139] In some embodiments, the core network equipment can be a single device comprising multiple network elements, or it can be multiple devices or a group of devices, each comprising all or part of the multiple network elements. Network elements can be virtual or physical. The core network includes, for example, at least one of the following: Evolved Packet Core (EPC), 5G Core Network (5GCN), 6G Core Network (6GCN), and Next Generation Core (NGC).

[0140] In some embodiments, the core network equipment may include a first network element, such as an Access and Mobility Management Function (AMF).

[0141] In some embodiments, the first network element is used for user access management and mobility management, but is not limited thereto.

[0142] In some embodiments, the core network device may include a second network element, such as a Session Management Function (SMF).

[0143] In some embodiments, the second network element is used for session management of the control plane and user plane, but is not limited thereto.

[0144] In some embodiments, the core network device may include a third network element, such as a User Plane Function (UPF).

[0145] In some embodiments, the third network element is used for user plane data forwarding, traffic statistics, Quality of Service (QoS) management, etc., but is not limited to these.

[0146] In some embodiments, the core network device may include a fourth network element, such as a Policy Control Function (PCF).

[0147] In some embodiments, the fourth network element is used to implement user control policy management, including but not limited to QoS control, service access control, etc.

[0148] In some embodiments, the core network equipment may include a fifth network element, such as a unified data management function (UDM).

[0149] In some embodiments, the fifth network element is used to implement user subscription data management, roaming control, etc., but is not limited to these.

[0150] In some embodiments, the core network device may include a sixth network element, such as an Authentication Server Function (AUSF).

[0151] In some embodiments, the sixth network element is used to implement user authentication, but is not limited thereto.

[0152] In some embodiments, each of the above network elements can be independent of the core network equipment.

[0153] In some embodiments, each of the above network elements may be part of the core network equipment.

[0154] It is understood that the communication system described in this disclosure is for the purpose of more clearly illustrating the technical solutions of this disclosure, and does not constitute a limitation on the technical solutions proposed in this disclosure. As those skilled in the art will know, with the evolution of system architecture and the emergence of new business scenarios, the technical solutions proposed in this disclosure are also applicable to similar technical problems.

[0155] The following embodiments of this disclosure can be applied to the communication system 100 shown in FIG1, or to some of the main bodies, but are not limited thereto. The main bodies shown in FIG1 are illustrative. The communication system may include all or some of the main bodies in FIG1, or may include other main bodies outside of FIG1. ​​The number and form of each main body are arbitrary. Each main body may be physical or virtual. The connection relationship between the main bodies is illustrative. The main bodies may not be connected or may be connected. The connection can be in any way, it can be a direct connection or an indirect connection, it can be a wired connection or a wireless connection.

[0156] The embodiments disclosed herein can be applied to Long Term Evolution (LTE), LTE-Advanced (LTE-A), LTE-Beyond (LTE-B), SUPER 3G, IMT-Advanced, 4th generation mobile communication system (4G), 5th generation mobile communication system (5G), 6th generation mobile communication system (6G), 5G New Radio (NR), Future Radio Access (FRA), New-Radio Access Technology (RAT), New Radio (NR), New Radio Access (NX), Future Generation Radio Access (FX), Global System for Mobile Communications (GSM), CDMA2000, Ultra Mobile Broadband (UMB), IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), and IEEE 802.20, Ultra-Wideband (UWB), Bluetooth (a registered trademark), Public Land Mobile Network (PLMN) networks, Device-to-Device (D2D) systems, Machine-to-Machine (M2M) systems, Internet of Things (IoT) systems, Vehicle-to-Everything (V2X) systems, systems utilizing other communication methods, and next-generation systems built upon them, etc. Furthermore, multiple systems can be combined (e.g., a combination of LTE or LTE-A with 5G).

[0157] In some embodiments, the Internet of Things (IoT), as an intelligent service system, connects objects, people, systems, and information resources through sensing devices according to agreed protocols, enabling the processing and response to information in the physical and virtual worlds. With social and economic development, the demand for IoT in various sectors of life, production, and society is gradually increasing, and IoT has become widely used to serve national welfare and people's livelihoods.

[0158] Among related technologies, mobile communication technology continues to evolve. Cellular networks provided by mobile operators offer broad coverage and high-quality service, becoming a crucial driver of socio-economic digitalization and informatization, and laying a solid connectivity foundation for the Internet of Things (IoT). The high data rates, low latency, high reliability, and widespread availability offered by 4G greatly support IoT applications such as wearable devices, video surveillance, and automated guided vehicles (AGVs). Mobile IoT technologies, represented by Category 1 (Cat1) and Category 4 (Cat4), provide low-cost connectivity for terminals, reducing the implementation cost of IoT and supporting scenarios such as smart metering, shared bicycles, and environmental monitoring. With the arrival of the 5G era, the IoT is also ushering in tremendous development opportunities. 5G primarily targets three major scenarios: massive machine-type communication (mMTC), ultra-reliable low-latency communication (uRLLC), and enhanced mobile broadband (eMBB). Building upon the continuous improvement of narrowband IoT coverage, 5G IoT further evolves the connectivity capabilities of reduced-capability (RedCap) devices, emphasizing support for massive connectivity, high reliability, and low latency. As a result, IoT achieves greater connectivity, wider coverage, and a better user experience. Its applications in home, industry, energy, transportation, and urban management are beginning to show results. These applications facilitate people's lives, improve quality of life, reduce production costs, and enhance the intelligence and automation of management, bringing the interconnection of everything into all aspects of production, life, and society.

[0159] As production and daily life continue to move towards digitalization and intelligence, more and more things are becoming connected to the internet, leading to a wider range of application scenarios. This also brings many challenges to the current Internet of Things (IoT). In terms of network throughput, with the increasing number of connected devices and the widespread adoption of high-bandwidth services, the total network data throughput will experience explosive growth. It is predicted that future network throughput will reach 5000 exabytes (EB) per month, and the number of IoT terminals will reach 500 billion, posing a challenge to the existing network capacity. Regarding transmission speed, with the increasing use of IoT applications such as holographic imaging that require real-time transmission of large amounts of data, the current IoT speed needs to be further improved. For example, real-time, high-resolution three-dimensional (3D) images may even require a transmission rate of 1 terabit per second (Tb / s). In terms of communication latency, 5G has already reduced latency to the millisecond level. In extreme scenarios such as remote surgery and remote industrial control, transmission latency of hundreds of microseconds may be required, and in some scenarios, it may need to be below 50 microseconds. In terms of network coverage, future 6G IoT is expected to provide connectivity for high altitudes, the open sea, and deep underground, overcoming the signal distortion caused by the Doppler effect. Regarding power consumption, many IoT devices are distributed across vast geographical areas and require long operating times, posing challenges to battery life and charging infrastructure. Future IoT development needs to focus on energy efficiency and sustainability. In terms of information security, IoT data is vulnerable to cyberattacks, leading to serious consequences such as data breaches and unauthorized access, making information security increasingly important. Regarding capability integration, many existing IoT capabilities are independent, making deep integration between different capabilities difficult. For example, many IoT terminals only possess basic sensing capabilities, lacking network transmission or computing capabilities, thus limiting their application in a wider range of scenarios.

[0160] 6G IoT is an Internet of Things (IoT) based on 6G networks as its communication infrastructure. 6G provides IoT with ultra-high-speed, low-latency, high-connectivity, energy-efficient, intelligent, and secure data transmission. Deeply empowered by 6G technology, end-to-end IoT systems can achieve greater intelligence and autonomy, enabling real-time and accurate environmental sensing, intelligent decision-making, and personalized services. 6G IoT will integrate next-generation mobile communication and IoT technologies, and is expected to become the next stage of IoT development.

[0161] In some embodiments, 5G networks manage and optimize network resources, ensure high-priority service access, and provide flexible network access control through a unified access control (UAC) mechanism. Relevant access control prohibition information is broadcast via broadcast messages to reduce the impact of congestion on the network. This applies to all terminals in the Radio Resource Control (RRC) idle, inactive, and connected states.

[0162] In some embodiments, within a 5G network, the network side can manage these attempts by broadcasting cell-level access control information related to the access category (AC) and access identity (AI). Terminals can determine whether their access is permitted based on this broadcast information and the access category and access identity they select when attempting to access the network.

[0163] Optionally, if the request is triggered by the NAS, the NAS can determine the access category and access identifier.

[0164] Optionally, if the request is triggered by the AS, the access category can be determined by the RRC and the access identifier by the NAS.

[0165] Through the aforementioned mechanisms in 5G networks, it is possible to ensure that the network can effectively manage and control terminal access, optimize network resources, and ensure access to high-priority services.

[0166] However, the number of 6G IoT devices will be enormous in the future, and their geographical distribution may be uneven. Even within a single cell, some areas may have a large number of 6G IoT devices, while others may have fewer. If the access control mechanism from the 5G network is used, it may not be able to flexibly and accurately control the access of 6G IoT devices.

[0167] Figure 2 is an interactive schematic diagram of an access control method according to an embodiment of the present disclosure. As shown in Figure 2, the embodiments of the present disclosure relate to an access control method, which includes:

[0168] Step S2101: The first communication device sends the fourth information to the IoT device.

[0169] In some embodiments, the IoT device receives fourth information sent by the first communication device, but is not limited thereto. The IoT device may also receive fourth information sent by other entities, in which case step S2101 may be omitted.

[0170] In some embodiments, the IoT device obtains the fourth information specified by the protocol, in which case step S2101 can be omitted.

[0171] In some embodiments, the IoT device obtains fourth information from the upper layer(s), in which case step S2101 can be omitted.

[0172] In some embodiments, the IoT device processes the information to obtain the fourth information, in which case step S2101 can be omitted.

[0173] In some embodiments, the IoT device autonomously implements the function indicated by the fourth information, or the above function is a default or default value, in which case step S2101 can be omitted.

[0174] In some embodiments, the fourth information is used to indicate whether the first communication device provides the first information, wherein the description of the first information will be detailed below and will not be repeated here.

[0175] In some embodiments, the first information may be carried by a first SIB, which may be an SIB used to instruct IoT devices to access the network. That is, the first SIB may be a newly defined specific SIB used to instruct IoT devices to access the network.

[0176] It should be noted that the above embodiment is illustrated by using a newly defined first SIB to carry the first information. In more possible implementations, the first SIB can also use an existing SIB to reuse the existing SIB and improve the utilization rate of the existing SIB.

[0177] The details of the first SIB will be described in the following text and will not be repeated here.

[0178] In some embodiments, the fourth information may be carried in a Master Information Block (MIB), but is not limited thereto. That is, the first communication device may send an MIB to the IoT device, the MIB including the fourth information; the IoT device may receive the MIB sent by the first communication device to receive the fourth information.

[0179] In some embodiments, the MIB may include multiple bits, each bit corresponding to a SIB, so that the value of each bit indicates the SIB to be transmitted subsequently. Optionally, for an SIB whose corresponding bit value is a first value, it indicates that the first communication device will transmit the SIB in subsequent communication, or that the first communication device is capable of transmitting the SIB in subsequent communication; for an SIB whose corresponding bit value is a second value, it indicates that the first communication device will not transmit the SIB in subsequent communication, or that the first communication device does not have the capability to transmit the SIB in subsequent communication.

[0180] In some embodiments, if the bit corresponding to the first SIB in the MIB is a first value, it indicates that the first communication device will subsequently provide first information through the first SIB, or that the first communication device can provide first information through the first SIB in subsequent communication processes.

[0181] It should be noted that, for a SIB with the corresponding bit value being the first value, although it indicates that the first communication device can send the SIB in subsequent communication, whether or not it is sent may depend on the implementation of the first communication device, and this disclosure does not limit this.

[0182] The first value can be 1, and the second value can be 0, but is not limited to these.

[0183] In some embodiments, if the first communication device does not support or provide the first information, it is considered that the first communication device does not allow IoT devices to access the network.

[0184] Optionally, if the first communication device does not support the first information, the bit corresponding to the first SIB carrying the first information in the MIB may be set to a second value. Alternatively, if the first communication device does not provide the first information, the bit corresponding to the first SIB carrying the first information in the MIB may be set to a first value, but the first communication device will not send the first SIB during subsequent communication.

[0185] In more possible implementations, the first communication device may not support or provide the first information, or it may be considered that the first communication device allows IoT devices to access the device. Alternatively, the first communication device may not limit whether IoT devices are allowed to access the device, in which case the IoT device may determine whether to access the first communication device based on its own implementation.

[0186] In some embodiments, the name of the fourth information is not limited, and it may be, for example, "instruction information".

[0187] In some embodiments, the names of information, etc., are not limited to the names described in the embodiments. Terms such as "information", "message", "signal", "signaling", "report", "configuration", "indication", "instruction", "command", "channel", "parameter", "domain", "field", "symbol", "symbol", "codebook", "codeword", "codepoint", "bit", "data", "program", and "chip" can be used interchangeably.

[0188] In step S2102, the first communication device determines the first information.

[0189] In some embodiments, the first communication device may determine the first information based on its access control capabilities, and / or ...

[0190] In some embodiments, when the first communication device determines the first information based on its access control capabilities, the first communication device can directly determine the first information based on its own access control capabilities.

[0191] In some embodiments, if the first communication device determines the first information based on the capabilities related to the access control of the fourth communication device, the fourth communication device may send the first capability information to the first communication device. The first capability information is used to indicate the capabilities related to the access control of the fourth communication device. The first communication device may receive the first capability information sent by the fourth communication device and thereby determine the first information based on the received first capability information.

[0192] In some embodiments, if the first communication device determines the first information based on the access control capabilities of the first communication device and the access control capabilities of the fourth communication device, the fourth communication device may send the first capability information to the first communication device. The first capability information is used to indicate the access control capabilities of the fourth communication device. The first communication device may receive the first capability information sent by the fourth communication device, thereby determining the first information based on its own access control capabilities and the received first capability information.

[0193] In some embodiments, the first communication device is an access network device (such as a base station), the fourth communication device can be a core network device, or the fourth communication device is a device for forwarding data and / or signaling between the IoT device and the access network device.

[0194] In some embodiments, the device used for forwarding data and / or signaling between the IoT device and the access network device may also be referred to as a relay device or relay node. For ease of description, the term "relay device" will be used below to refer to the device used for forwarding data and / or signaling between the IoT device and the access network device. That is, the first information can be determined by the access network device based on the first capability information of the core network device and / or the first capability information of the relay device.

[0195] In some embodiments, the first communication device is a device for forwarding data and / or signaling between the IoT device and the access network device, and the fourth communication device is an access network device or a core network device.

[0196] That is, the first information can be determined by the relay device based on the first capability information of the access network device and / or the first capability information of the core network device.

[0197] In some embodiments, the name of the first communication device is not limited, and may be, for example, "first access device", "first node", "first access node", "first access device node", etc.

[0198] In some embodiments, the name of the fourth communication device is not limited, and it may be, for example, "fourth access device", "fourth node", "fourth access node", "fourth access device node", etc.

[0199] In some embodiments, the first information includes information for controlling the IoT device to access the first communication device.

[0200] In some embodiments, the name of the first information is not limited, and it may be, for example, "first access control information".

[0201] In some embodiments, the first information includes first access information and / or access control parameters.

[0202] The first access information indicates the relevant information for IoT devices to access the network.

[0203] In some embodiments, the relevant information for IoT device access may include at least one of the following: IoT device type, IoT device identification information, IoT service type, IoT service identification information, first communication device identification information, and IoT device location information, but is not limited thereto.

[0204] In some embodiments, the location information may be at least one of geographic location information, beam information, and beam group information, but is not limited thereto.

[0205] Optionally, beam information or beam group information can be an SSB index, but is not limited to this.

[0206] In some embodiments, the terms “beam”, “beam width”, “beam angular degree”, “precoding”, “precoder”, “weight”, “precoding weight”, “quasi-co-location (QCL)”, “transmission configuration indication (TCI) status”, “spatial relation”, “spatial domain filter”, “transmission power”, “phase rotation”, “antenna port”, “antenna port group”, “layer”, “the number of layers”, “rank”, “resource”, “resource set”, “resource group”, “antenna”, “antenna element”, and “panel” can be used interchangeably.

[0207] In some embodiments, the terms "synchronization signal block (SSB)," "synchronization signal (SS)," "reference signal (RS)," "pilot," and "pilot signal" can be used interchangeably.

[0208] In some embodiments, the first access information may be directly indicated, that is, the first information directly includes at least one of the following: the device type of the IoT device, the identification information of the IoT device, the service type of the IoT service, the identification information of the IoT service, the identification information of the first communication device, and the location information of the IoT device, so as to explicitly indicate the first access information through the first information.

[0209] Alternatively, the first access information can be implicitly indicated. For example, the first access information can be implicitly indicated through access category (AC) and / or access identity (AI). Optionally, different access categories or access identities can correspond to different first access information. For example, the first access information can be implicitly indicated through access category; access category 1 can correspond to one set of first access information, access category 2 can correspond to another set of first access information, and so on. Another example is that the first access information can be implicitly indicated through access identity; access identity 1 can correspond to one set of first access information, access identity 2 can correspond to another set of first access information, and so on. The first access information can include at least one of the following: IoT device type, IoT device identification information, IoT service type, IoT service identification information, first communication device identification information, and IoT device location information.

[0210] In some embodiments, access control parameters may include first indication information and / or access conditions.

[0211] In some embodiments, the first indication information can be used to indicate whether an IoT device is allowed to access, so as to implement the indication of cell access prohibition (cellbar) through the first indication information.

[0212] In some embodiments, the terms "cell", "component carrier (CC)", "frequency carrier", and "carrier frequency" can be used interchangeably.

[0213] In some embodiments, the name of the first indication information is not limited, and it may be, for example, "access denied indication" or "access permitted indication".

[0214] In some embodiments, in order to distinguish between IoT devices and ordinary terminals, a first indication information specific to IoT devices may be introduced to differentiate it from a second indication information used to indicate whether an ordinary terminal is allowed to access the network.

[0215] In some embodiments, both the first indication information and the second indication information can be carried through the MIB, but this is not the only possibility.

[0216] Optionally, in order to ensure compatibility between the first indication information and the second indication information, the first indication information can be configured with the following usage mechanism so that the IoT device can determine whether it is allowed to access based on the following mechanism.

[0217] In some embodiments, the IoT device may ignore whether the second indication information indicates that a regular terminal is allowed to access, and instead directly determine whether the IoT device is allowed to access based on the first indication information. That is, regardless of whether the second indication information indicates that a regular terminal is allowed to access or indicates that a regular terminal is not allowed to access, the IoT device can determine whether it is allowed to access based on the first indication information.

[0218] In some embodiments, the first indication information can take effect when the second indication information indicates that a regular terminal is allowed to access. That is, the second indication information indicates that a regular terminal is allowed to access, and the IoT device can determine whether it is allowed to access based on the first indication information. Specifically, the IoT device can only determine whether it is allowed to access based on the first indication information when the second indication information indicates that a regular terminal is allowed to access; if the second indication information indicates that a regular terminal is not allowed to access, then the IoT device is considered not allowed to access. In this case, the IoT device does not need to determine whether it is allowed to access based on the first indication information, but directly assumes that it is not allowed to access.

[0219] In some embodiments, the first indication information can take effect even when the second indication information indicates that a regular terminal is not allowed to access. That is, if the second indication information indicates that a regular terminal is not allowed to access, the IoT device can determine whether it is allowed to access based on the first indication information. Specifically, the IoT device can only determine whether it is allowed to access based on the first indication information when the second indication information indicates that a regular terminal is not allowed to access; if the second indication information indicates that a regular terminal is allowed to access, then the IoT device is considered allowed to access. In this case, the IoT device does not need to determine whether it is allowed to access based on the first indication information, but directly assumes that it is allowed to access.

[0220] In some embodiments, access conditions are used to indicate the conditions under which IoT devices are allowed to access the network. In other words, access conditions indicate parameters that allow access under specific conditions. For example, access conditions may be that a generated random number is greater than a first threshold, or that the signal quality is higher than a second threshold, etc., but are not limited thereto. The first and second thresholds can be any values, and this disclosure does not limit their values.

[0221] Step S2103: The first communication device sends the first information to the IoT device.

[0222] In some embodiments, the IoT device receives first information sent by the first communication device, but is not limited thereto. The IoT device may also receive first information sent by other entities, in which case step S2103 may be omitted.

[0223] In some embodiments, the IoT device obtains the first information specified by the protocol, in which case step S2103 can be omitted.

[0224] In some embodiments, the IoT device obtains first information from the upper layer(s), in which case step S2103 can be omitted.

[0225] In some embodiments, the IoT device processes the information to obtain the first information, in which case step S2103 can be omitted.

[0226] In some embodiments, the IoT device autonomously implements the function indicated by the first information, or the above function is a default or default value, in which case step S2103 can be omitted.

[0227] In some embodiments, a first SIB can be used as the carrier of the first information. That is, a first communication device can send a first SIB to an IoT device, the first SIB including the first information, and the IoT device can receive the first SIB sent by the first communication device to receive the first information.

[0228] In some embodiments, the first SIB can be an SIB used to instruct an IoT device to access the network. That is, the first SIB can be a newly defined new SIBx specifically used to instruct an IoT device to access the network. However, it is not limited to this. The first SIB can also be an existing SIB, such as SIB1. Alternatively, the first information can be sent through other broadcast messages.

[0229] In some embodiments, the name of the first SIB is not limited, and it may be, for example, “SIB-Iot”.

[0230] In some embodiments, different types of IoT devices may have different SIB receiving capabilities. Therefore, the first SIB corresponding to different types of IoT devices can be configured to place the first information for different types of IoT devices in different SIBx.

[0231] Optionally, for IoT devices with strong SIB reception capabilities, the existing SIB mechanism can be used. For example, the first information for IoT devices with strong SIB reception capabilities can be placed in existing SIBs, such as SIB1 and SIB2, so as to indicate the first information when indicating basic cell access related information and radio resource configuration to IoT devices.

[0232] Optionally, for IoT devices with weak SIB reception capabilities or specific types of IoT devices, specific SIBx (such as SIB10, SIB11, etc.) can be added to indicate the first information. These newly added specific SIBx can contain specific parameters and configurations suitable for that type of IoT device, such as specific first indication information for that type of IoT device, optimized resource allocation information for that type of IoT device, specific communication mode or protocol parameters, etc., but are not limited to these.

[0233] In some embodiments, corresponding identifiers or classification methods can be defined for different types of IoT devices, so that the first communication device can identify the device type of the IoT device and determine to send the corresponding specific SIBx. For example, when broadcasting system information, the access network device can carry first information in the corresponding SIBx according to the device identifier of the IoT device. Then, when the IoT device receives the system information broadcast by the access network device, it can focus on the specific SIBx according to its own device type to obtain the corresponding first information.

[0234] For example, for a specific type of low-power IoT device, a newly defined SIB10 can be used as its corresponding specific SIBx. SIB10 may contain the time period or specific time mode that the specific type of low-power IoT device is allowed to access, the reduced data transmission rate or specific modulation and coding scheme, optimized power-saving mode related parameters, etc., but is not limited to these.

[0235] By configuring different first SIBs for different types of IoT devices, access control can be more flexibly implemented for different types of IoT devices, meeting their diverse needs, while improving the overall efficiency and resource utilization of the system.

[0236] In some embodiments, the defined first SIB may further include multiple subfields; that is, in addition to the first information, the newly defined first SIB may be further subdivided into multiple subfields. Optionally, the first SIB may include at least one of a first subfield, a second subfield, and a third subfield, but is not limited thereto.

[0237] In some embodiments, the first subfield can be used to indicate the type identifier of different types of IoT devices.

[0238] Optionally, the type codes of various IoT devices can be listed through the first subfield, such as the type codes of smart home devices, the type codes of industrial sensor devices, etc., so as to accurately distinguish and control different types of IoT devices.

[0239] In some embodiments, the name of the first subfield is not limited, and it may be, for example, "Device Type Matching Field".

[0240] In some embodiments, the second subfield is used to indicate the business priority of different IoT services.

[0241] Optionally, IoT devices can be prioritized based on the importance and real-time requirements of IoT services. For example, remote medical monitoring devices can be prioritized at the highest priority, while ordinary environmental monitoring data collection services can be prioritized at a relatively low priority. This allows for the reasonable allocation of network resources and determination of access order based on service priority during the access control process.

[0242] In some embodiments, the name of the second subfield is not limited, and it may be, for example, "business priority field".

[0243] In some embodiments, the third subfield may be used to indicate the location area to which the first information applies.

[0244] Optionally, by integrating with a Geographic Information System (GIS), the network coverage area can be divided into different sub-regions, and a unique identifier can be assigned to each sub-region. For some IoT applications with specific location requirements, such as vehicle monitoring equipment on specific road sections in intelligent transportation, only IoT devices located within the corresponding location-sensitive area can access the network according to the instructions in the first SIB, thereby further enhancing the flexibility and accuracy of access control.

[0245] In some embodiments, the name of the third subfield is not limited, and it may be, for example, "location-sensitive area indication field".

[0246] In some embodiments, an IoT device may search for and receive a first SIB broadcast by a base station when it is powered on or enters a new network coverage area, in order to receive the first information.

[0247] In some embodiments, after receiving the first SIB, the IoT device can parse the first SIB according to a predetermined protocol format using the parsing module built into the IoT device.

[0248] Optionally, when parsing the first subfield, the IoT device can compare its own device type identifier with the code in the first subfield. If the match is successful, it can continue to parse subsequent fields; if the match is not successful, it can pause the access attempt and execute the subsequent communication process according to the preset rules, such as sending a type mismatch report to the base station or waiting for a period of time to try parsing again, etc., but not limited to this.

[0249] Optionally, when parsing the second subfield, the IoT device can determine the corresponding priority based on the type of service it carries and make a comprehensive judgment with the priority information in the second subfield. If the service priority of the IoT device is higher than the first threshold set by the current network, the IoT device can mark a high-priority flag in subsequent access requests so that the network side can give it priority in resource allocation and access scheduling.

[0250] Optionally, when the third subfield is parsed, the IoT device can obtain its own location information through its built-in positioning module (such as Global Positioning System (GPS) or base station positioning) and compare it with the area identifier in the third subfield. For IoT devices whose location information meets the requirements, they can further perform access-related operations, such as sending an access request and carrying relevant location verification information, etc., but are not limited to this.

[0251] In some embodiments, after determining the first information, the first communication device can directly send the determined first information to the IoT device, and the IoT device can receive the first information sent by the first communication device. However, this is not limited to this; after determining the first information, the first communication device can also send the determined first information to a fourth communication device, which will then forward the first information to the IoT device, allowing the IoT device to receive the first information forwarded by the fourth communication device. For example, if the first communication device is an access network device and the fourth communication device is a relay device, the access network device can directly send the determined first information to the IoT device after determining the first information, but this is not limited to this; it can also send the determined first information to a relay device, which will then forward the first information to the IoT device.

[0252] It should be noted that the above steps S2102 to S2103 are illustrated using the example of the first communication device determining and sending the first information. In more possible implementations, the first information may also be determined and sent to the IoT device by the fourth communication device.

[0253] In some embodiments, the fourth communication device may determine the first information based on its access control capabilities, and / or the fourth communication device may determine the first information based on its access control capabilities.

[0254] In some embodiments, when the fourth communication device determines the first information based on its access control capabilities, the fourth communication device can directly determine the first information based on its own access control capabilities.

[0255] In some embodiments, if the fourth communication device determines the first information based on the capabilities related to the access control of the first communication device, the first communication device may send second capability information to the fourth communication device. The second capability information is used to indicate the capabilities related to the access control of the first communication device. The fourth communication device may receive the second capability information sent by the first communication device and thereby determine the first information based on the received second capability information.

[0256] In some embodiments, if the fourth communication device determines the first information based on the access control capabilities of the fourth communication device and the access control capabilities of the first communication device, the first communication device may send second capability information to the fourth communication device. The second capability information is used to indicate the access control capabilities of the first communication device. The fourth communication device may receive the second capability information sent by the first communication device, thereby determining the first information based on its own access control capabilities and the received second capability information.

[0257] In some embodiments, after determining the first information, the fourth communication device can directly send the determined first information to the IoT device, and the IoT device can receive the first information sent by the fourth communication device. However, it is not limited to this. After determining the first information, the fourth communication device can also send the determined first information to the first communication device, and the first communication device can forward the first information to the IoT device, and the IoT device can receive the first information forwarded by the first communication device.

[0258] For example, the fourth communication device is an access network device, and the first communication device is a relay device. After determining the first information, the access network device can directly send the determined first information to the IoT device, but it is not limited to this. It can also send the determined first information to the relay device, which will then forward the first information to the IoT device.

[0259] It should be noted that, in the case where the first information is determined and sent by the fourth communication device, the first SIB can still be used as the carrier of the first information. For relevant information, please refer to the previous text, which will not be repeated here.

[0260] In step S2104, the IoT device determines the second access information.

[0261] In some embodiments, an IoT device may determine relevant information about its access, and then determine second access information based on that relevant information.

[0262] Optionally, the IoT device can determine its own implementation and the relevant information it uses when accessing the network, so as to determine the second access information based on the determined information.

[0263] In some embodiments, the relevant information for the IoT device to access the network may include at least one of the following: IoT device type, IoT device identification information, IoT service type, IoT service identification information, first communication device identification information, and IoT device location information, but is not limited thereto.

[0264] Taking the location information of the IoT device as an example, the location information can be beam information or beam group information, and the beam information or beam group information can be an SSB index. Therefore, the first communication device can perform SSB selection to determine the second access information based on the SSB index of the selected SSB. Optionally, when performing SSB selection, the first communication device can select the SSB with the strongest signal quality, but is not limited to this.

[0265] In some embodiments, the IoT device determines its access-related information as the second access information; alternatively, the IoT device can determine the access information matching the IoT device's access-related information as the second access information based on second information indicating the mapping relationship between the IoT device's access-related information and the access information. That is, the IoT device can directly use its access-related information as the second access information, or the IoT device can determine the second access information based on the mapping relationship indicated by the second information.

[0266] In some embodiments, the name of the second information is not limited, and it may be, for example, "first rule" or the like.

[0267] In some embodiments, the second information may be agreed upon by a protocol, or the second information may be indicated by a second communication device to an IoT device.

[0268] In some embodiments, the second information is agreed upon by the protocol, and the IoT device can obtain the agreed-upon second information to determine the second access information based on the second information.

[0269] In some embodiments, if the second information is indicated by the second communication device to the IoT device, then the second communication device can send the second information to the IoT device, and the IoT device can receive the second information sent by the second communication device to determine the second access information based on the second information.

[0270] In some embodiments, the second communication device may be an access network device, a core network device, a relay device, etc., but is not limited thereto.

[0271] Optionally, the second communication device may be the same as or different from the first communication device, and the second communication device may be the same as or different from the fourth communication device.

[0272] In some embodiments, the name of the second communication device is not limited, and may be, for example, "second access device", "second node", "second access node", "second access device node", etc.

[0273] In some embodiments, the second information can be provided to the IoT device via NAS messages. For example, when a connection is established, the higher-level layer of the IoT device can map the information related to this access of the IoT device to AC and / or AI based on the protocol agreement or the second information provided by the NAS message, and provide it to the AS layer of the IoT device.

[0274] In some embodiments, there may be multiple second pieces of information. The IoT device can determine the second information used to determine the second access information from among the multiple pieces of second information based on priority information.

[0275] In some embodiments, the priority information may be agreed upon by a protocol, or the priority information may be configured by a third communication device for the IoT device.

[0276] In some embodiments, the priority information is agreed upon by the protocol, and the IoT device can obtain the priority information agreed upon by the protocol to select the second information based on the priority information.

[0277] In some embodiments, if the priority information is indicated to the IoT device by the third communication device, then the third communication device can send the priority information to the IoT device, and the IoT device can receive the priority information sent by the third communication device to select the second information based on the priority information.

[0278] In some embodiments, the third communication device may be an access network device, a core network device, a relay device, etc., but is not limited thereto.

[0279] Optionally, the third communication device may be the same as or different from the first communication device, the third communication device may be the same as or different from the fourth communication device, and the third communication device may be the same as or different from the second communication device.

[0280] In some embodiments, the name of the third communication device is not limited, and may be, for example, "third access device", "third node", "third access node", "third access device node", etc.

[0281] It should be noted that the aforementioned second information selection process based on priority information can ensure the consistency and predictability of access decisions, while also allowing network operators to adjust priorities according to actual conditions to optimize network performance.

[0282] In some embodiments, the second access information may be determined by the AS, and / or the second access information may be determined by the NAS, which is not limited in this disclosure.

[0283] In step S2105, the IoT device determines whether to access the first communication device based on the access control parameters associated with the first access information that match the second access information in the first information.

[0284] In some embodiments, if the device type of the IoT device matches the device type corresponding to the type identifier indicated by the first subfield, the service priority of the IoT service corresponding to the IoT device in the second subfield satisfies the first priority, and the location information of the IoT device satisfies the location area indicated by the third subfield, the IoT device can determine whether to access the first communication device based on the access control parameters associated with the first access information that matches the second access information in the first information.

[0285] In some embodiments, the first access information is associated with access control parameters. The IoT device can match the second access information with the first access information included in the first information to determine the first access information in the first information that matches the second access information, and then determine whether to access the first communication device based on the access control parameters associated with the matched first access information.

[0286] Taking the location information of the IoT device included in the second access information as an example, the location information can be beam information or beam group information. Further, the beam information or beam group information can be the SSB index of the SSB selected by the IoT device. Then, the IoT device can determine whether to access the first communication device based on the access control parameters in the first access information that match the SSB index of the selected SSB. That is, the IoT device can match the SSB index of the selected SSB with the SSB indices included in the first access information, and thus determine whether to access the first communication device based on the access control parameters associated with the SSB index matched in the first access information.

[0287] In some embodiments, when determining whether to access the first communication device based on access control parameters, the IoT device may use the first indication information usage mechanism described in step S2102 to determine whether it is allowed to access the first communication device.

[0288] Optionally, if an IoT device is not allowed to access the first communication device, the IoT device may wait for a period of time and then try to reconnect to the first communication device, or the IoT device may search for other devices that can be accessed, etc., but not limited to these.

[0289] Optionally, if the IoT device is allowed to access the first communication device, the IoT device can determine whether it meets the access conditions based on the access control parameters, such as whether the generated random number is greater than a first threshold, or whether its signal quality is higher than a second threshold, etc., so as to send an access request message to the first communication device if the access conditions are met, thereby requesting access to the first communication device through the access request message. Optionally, if the access conditions are not met, the IoT device can wait for a period of time and try to re-determine whether the access conditions are met, or the IoT device can search for other available access devices, etc., but not limited to these.

[0290] In some embodiments, before accessing the network, the IoT device may assess its own capabilities, such as assessing some of its key capabilities, including but not limited to computing power, storage capacity, battery power and communication module performance, and encapsulate this capability information in an access request message and send it to the first communication device (such as a base station).

[0291] Optionally, IoT devices can periodically run internal capability testing programs to quantitatively evaluate indicators such as processor speed, available memory space, remaining battery power, and signal strength and data transmission rate of communication modules, but are not limited to these.

[0292] In some embodiments, after receiving capability information sent by an IoT device, the first communication device (such as a base station) can dynamically adjust its access control decision for the IoT device based on the current network load and resource allocation strategy. Optionally, if the network is busy and the IoT device's capabilities are relatively weak, the first communication device can delay processing the IoT device's access request message; alternatively, the first communication device can guide the IoT device into a low-power, low-bandwidth access mode to ensure the overall performance and stability of the network. Optionally, if the IoT device has strong capabilities and sufficient network resources, the first communication device can allocate higher bandwidth and shorter access latency to the IoT device to meet its demand for high-quality network services.

[0293] In some embodiments, the network side can also establish a real-time network status monitoring system to continuously monitor key indicators such as network throughput, transmission latency, and signal interference. When network throughput approaches saturation or transmission latency is too high, the first communication device (such as a base station) can automatically adjust the access control policy to tighten access restrictions on IoT devices. For example, it can increase the minimum capability requirements for accessing IoT devices, or reduce the number of IoT devices allowed to access simultaneously, etc., but is not limited to these.

[0294] In some embodiments, the first communication device can also implement differentiated access control for IoT devices in different locations based on the differences in network conditions in different areas. For example, for areas with good network signal coverage and less interference, the access conditions for IoT devices in that area can be appropriately relaxed; while for areas with weak signals or severe interference, the access screening and control of IoT devices in that area can be appropriately strengthened to ensure that access devices can obtain reliable network services and avoid network performance degradation due to a large number of low-quality connections.

[0295] In some embodiments, a multi-level authentication mechanism may be introduced when an IoT device accesses a first communication device.

[0296] Optionally, basic device identity verification can be performed first on the IoT device. For example, the unique identifier built into the IoT device (such as the device serial number, International Mobile Equipment Identity (IMEI), or IoT device equivalent code) can be compared with a list of legitimate devices stored in the first communication device. After the IoT device's identity verification is successful, the IoT device can proceed to the next authentication step.

[0297] Optionally, a digital certificate-based authentication method can be used to further verify the identity of the IoT device. Optionally, during the production process, a digital certificate issued by an authoritative certification authority can be pre-embedded in the IoT device. The digital certificate may contain the IoT device's public key and related identity information. When the IoT device requests access to the first communication device, the IoT device can send the digital certificate to the first communication device. The first communication device can verify the validity and integrity of the digital certificate to confirm the legitimacy of the IoT device. Optionally, the first communication device can also use the IoT device's public key to encrypt subsequent communication data to ensure the security of data transmission.

[0298] In some embodiments, for high-security IoT services, such as those performed by IoT devices for financial transactions or critical infrastructure monitoring devices, additional authentication mechanisms such as biometric identification or dynamic password authentication can be added to these IoT devices. For example, the fingerprint recognition module built into the IoT device can be used to obtain the user's fingerprint, or a dynamic password input by the user can be received. The identity of the IoT device can then be further verified based on the obtained fingerprint or the received dynamic password to further enhance the security of IoT device access and prevent impersonation and intrusion by unauthorized IoT devices.

[0299] In some embodiments, during the access process, the data transmitted between the IoT device and the first communication device can also be encrypted. For example, a first encryption algorithm can be used to encrypt the business data transmitted between the IoT device and the first communication device to ensure the confidentiality and security of the data. Optionally, the first encryption algorithm can be an Advanced Encryption Standard (AES) algorithm or an Elliptic Curve Cryptography (ECC) algorithm, but is not limited to these. Optionally, for different types of IoT devices and business data, encryption keys of different lengths and strengths can be assigned according to their security requirements.

[0300] In some embodiments, a robust key management system can be established to handle key generation, distribution, updating, and revocation. For example, a key management server can be deployed in the core network. The base station and the key management server in the core network can work together to generate a unique symmetric or asymmetric key pair for each legitimately accessed IoT device, and distribute the keys to each IoT device through a secure channel (such as using a certified key exchange protocol). Optionally, the keys can be updated periodically to prevent data security risks due to key leakage. Furthermore, in the event that an IoT device loses its key or its key is misused, the corresponding key can be revoked promptly to ensure network security.

[0301] The above-mentioned access control method design can better meet the diverse access needs of IoT devices and improve network security, stability, and resource utilization efficiency.

[0302] In some embodiments, “get,” “obtain,” “receive,” “transmit,” “bidirectional transmission,” and “send and / or receive” can be used interchangeably and can be interpreted as receiving from other entities, obtaining from protocols, obtaining from higher layers, obtaining through self-processing, or autonomous implementation, among other meanings.

[0303] In some embodiments, terms such as “send,” “transmit,” “report,” “distribute,” “transmit,” “bidirectional transmission,” “send and / or receive” can be used interchangeably.

[0304] In some embodiments, terms such as "certain," "preset," "default," "set," "indicated," "a certain," "any," and "first" can be used interchangeably. "Certain A," "preset A," "default A," "set A," "indicated A," "a certain A," "any A," and "first A" can be interpreted as A pre-defined in a protocol or the like, or as A obtained through setting, configuration, or instruction, or as specific A, a certain A, any A, or first A, but are not limited thereto.

[0305] In some embodiments, the determination or judgment can be made by a value represented by 1 bit (0 or 1), or by a true or false value (boolean), or by a comparison of numerical values ​​(e.g., a comparison with a predetermined value), but is not limited thereto.

[0306] In some embodiments, "not expecting to receive" can be interpreted as not receiving on time domain resources and / or frequency domain resources, or as not performing subsequent processing on the data after receiving it; "not expecting to send" can be interpreted as not sending, or as sending but not expecting the receiver to respond to the sent content.

[0307] The access control method involved in the embodiments of this disclosure may include at least one of steps S2101 to S2105. For example, step S2103 can be implemented as an independent embodiment, step S2105 can be implemented as an independent embodiment, step S2102+S2103 can be implemented as an independent embodiment, step S2104+S2105 can be implemented as an independent embodiment, step S2101+S2102+S2103 can be implemented as an independent embodiment, step S2102+S2103+S2105 can be implemented as an independent embodiment, step S2101+S2104+S2105 can be implemented as an independent embodiment, step S2103+S2104+S2105 can be implemented as an independent embodiment, step S2101+S2102+S2103+S2105 can be implemented as an independent embodiment, and step S2102+S2103+S2104+S2105 can be implemented as an independent embodiment, but not limited thereto.

[0308] In some embodiments, steps S2101 and S2102 may be performed in an alternate order or simultaneously, and steps S2103 and S2104 may be performed in an alternate order or simultaneously.

[0309] In some embodiments, steps S2101, S2102, S2104, and S2105 are optional, and one or more of these steps may be omitted or substituted in different embodiments.

[0310] In some embodiments, steps S2101, S2102, S2103, and S2104 are optional, and one or more of these steps may be omitted or substituted in different embodiments.

[0311] In some embodiments, other optional implementations described before or after the specification corresponding to FIG2 may be referred to.

[0312] According to the solution provided in the embodiments of this disclosure, an IoT device can receive first information and determine whether to access the first communication device based on the first information.

[0313] In some embodiments, the first information includes first access information and / or access control parameters, wherein the first access information is associated with the access control parameters and is used by the IoT device to determine the matching access control parameters.

[0314] In some embodiments, determining whether to access the first communication device based on the first information may include: the IoT device determining the second access information, matching the second access information with the first access information in the first information, and determining whether to access the first communication device based on the access control parameters corresponding to the matched first access information.

[0315] In some embodiments, the first access information is used to indicate information related to the access attempt, which includes at least one of the following: the type and / or identifier of the IoT device, the type and / or identifier of the IoT service, the identification information of the first communication device, and the location information of the IoT device.

[0316] In some embodiments, the location information may be geographic location information or beam / beam group information.

[0317] For example, beam / beam group information can be an SSB index, that is, the first access information in the first information indicates the SSB index. Then, the IoT device can perform SSB selection, such as selecting the strongest SSB, and match the corresponding SSB index with the SSB index in the first access information. Based on the access control parameters corresponding to the matched SSB index, it determines whether to access the first communication device.

[0318] In some embodiments, the first access information may be a direct indication or an implicit indication, such as through access category and / or access identity.

[0319] In some embodiments, determining the second access information includes at least one of the following:

[0320] Determine the information related to the access attempt, and identify the information related to the access attempt as the second access information;

[0321] The information related to the access attempt is determined, and the matching access information is determined as the second access information based on the second information. The second information is used to indicate the mapping relationship between the information related to the access attempt and the access information.

[0322] In some embodiments, the second information may be a protocol agreement or an instruction from a second communication device to an IoT device.

[0323] Optionally, the mapping relationship can be provided to the IoT device through NAS messages. When a connection is established, the higher-level layer of the IoT device can map the information related to this access attempt to the AC and / or AI based on the protocol agreement or the mapping relationship provided by the NAS message, and provide it to the AS layer of the IoT device.

[0324] In some embodiments, the determination of the second access information may be made by the NAS and / or AS.

[0325] In some embodiments, if multiple matching second information exist, the IoT device can determine one of the second information according to the protocol agreement or the priority of the network device configuration, and determine the second access information based on the determined second information, so as to determine whether to access the first communication device according to the access control parameters corresponding to the first access information that matches the second access information.

[0326] It should be noted that this selection process ensures consistency and predictability in access decisions, while also allowing network operators to adjust priorities based on actual circumstances to optimize network performance.

[0327] In some embodiments, the access control parameters include at least one of the following:

[0328] The first indication information is used to indicate whether the IoT device is allowed to access;

[0329] Access conditions indicate the parameters that allow access under specific conditions, such as generating random numbers greater than a threshold or measuring quality higher than a certain threshold.

[0330] Optionally, to differentiate between ordinary terminals and IoT devices, first indication information specific to IoT devices is introduced. To ensure compatibility with the second indication information (i.e., cellbar indication) in the existing MIB, the IoT device can perform the following operations:

[0331] Case 1: Ignore the second indication information in the MIB and determine whether access is allowed based solely on the first indication information specific to the IoT device;

[0332] Case 2: Access is only permitted if the second indication information in the MIB indicates that access is allowed. Access is then determined based on the first indication information specific to the IoT device. If the second indication information in the MIB indicates that access is not permitted, access is considered prohibited, and there is no need to confirm whether the first indication information specific to the IoT device indicates that access is allowed.

[0333] Case 3: If the second indication information in the MIB indicates that access is permitted, then access is considered permitted. If the second indication information in the MIB indicates that access is not permitted, access is determined based on the first indication information specific to the IoT device. (IoT-only cell)

[0334] The second indication information is used to indicate whether a regular terminal is allowed to access the network.

[0335] In some embodiments, the first information may be determined by the first communication device and sent to the IoT device, or the first information may be determined by the fourth communication device and sent to the IoT device.

[0336] In some embodiments, the first information may be determined based on the access control capabilities of the first communication device and / or the access control capabilities of the fourth communication device.

[0337] In some embodiments, the first communication device may determine the first information based on its own access control capabilities and / or the first capability information of the fourth communication device, wherein the first capability information is used to indicate the access control capabilities of the fourth communication device.

[0338] In some embodiments, the fourth communication device may determine the first information based on its own access control capabilities and / or the second capability information of the first communication device, wherein the second capability information is used to indicate the access control capabilities of the first communication device.

[0339] In some embodiments, the first communication device may be a base station cell or a relay node (such as a UE, relay, etc.).

[0340] In some embodiments, if the first communication device is a base station cell, the fourth communication device may be a core network node and / or a relay node; if the first communication device is a relay node, the fourth communication device may be a base station and / or a core network node.

[0341] Optionally, the first information can be directly sent to the IoT device by the base station via a broadcast system message, or it can be determined by the base station and forwarded to the IoT device through a relay node, etc. The base station can determine the first information based on the core network capability information and / or the relay node capability information.

[0342] Optionally, the relay node can determine and send the first information to the IoT device based on its own capability strategy and the capability information sent by the base station and / or core network node.

[0343] It should be noted that the flexibility in determining and sending the first piece of information allows the network to optimize the information transmission path based on different network topologies and device distributions, thereby improving access efficiency.

[0344] In some embodiments, the first information can be sent to the IoT device via SIB1, new SIBx, or other broadcast messages.

[0345] In some embodiments, the first communication device may send fourth information (e.g., MIB) to the IoT device, the fourth information indicating whether a broadcast message containing the first information is provided. Optionally, if the first communication device does not support or provide a broadcast message containing the first information, access to the first communication device is considered not allowed. Optionally, if the first communication device does not support or provide a broadcast message containing the first information, access to the first communication device may also be considered allowed; in this case, the IoT device can determine whether to access based on its own implementation.

[0346] Figure 3A is a flowchart illustrating an access control method according to an embodiment of the present disclosure. As shown in Figure 3A, this embodiment of the present disclosure relates to an access control method executed by an IoT device, the method comprising:

[0347] Step S3101: Obtain the fourth information.

[0348] The optional implementation of step S3101 can be found in the optional implementation of step S2101 in Figure 2 and other related parts in the embodiments involved in Figure 2, which will not be repeated here.

[0349] In some embodiments, the IoT device receives fourth information sent by the first communication device, but is not limited thereto; it may also receive fourth information sent by other entities.

[0350] In some embodiments, the IoT device acquires fourth information as defined by the protocol.

[0351] In some embodiments, IoT devices obtain fourth information from upper layer(s).

[0352] In some embodiments, the IoT device processes the information to obtain a fourth piece of information.

[0353] In some embodiments, step S3101 is omitted, and the IoT device autonomously implements the function indicated by the fourth information, or the above function is defaulted or set to default.

[0354] In some embodiments, the fourth information is used to indicate whether the first communication device provides the first information.

[0355] Step S3102: Obtain the first information.

[0356] The optional implementations of step S3102 can be found in the optional implementations of steps S2102 and S2103 in Figure 2, as well as other related parts in the embodiments involved in Figure 2, which will not be repeated here.

[0357] In some embodiments, the IoT device receives first information sent by a first communication device, or the IoT device receives first information sent by a fourth communication device, but is not limited thereto, and may also receive first information sent by other entities.

[0358] In some embodiments, the IoT device acquires first information as defined by the protocol.

[0359] In some embodiments, the IoT device obtains first information from the upper layer(s).

[0360] In some embodiments, the IoT device processes information to obtain the first information.

[0361] In some embodiments, step S3102 is omitted, and the IoT device autonomously implements the function indicated by the first information, or the above function is default or default.

[0362] In some embodiments, the first information includes information for controlling the IoT device to access the first communication device.

[0363] In some embodiments, the first information includes first access information and / or access control parameters.

[0364] In some embodiments, the first access information indicates relevant information for the IoT device to access the network. The relevant information for the IoT device to access the network includes at least one of the following: IoT device type, IoT device identification information, IoT service type, IoT service identification information, first communication device identification information, and IoT device location information.

[0365] In some embodiments, access control parameters include first indication information and / or access conditions.

[0366] In some embodiments, the first indication information is used to indicate whether the IoT device is allowed to access.

[0367] In some embodiments, access conditions are used to indicate the conditions under which IoT devices are allowed to access the network.

[0368] Step S3103: Determine the second access information.

[0369] The optional implementation of step S3103 can be found in the optional implementation of step S2104 in Figure 2, as well as other related parts in the embodiments involved in Figure 2, which will not be repeated here.

[0370] Step S3104: Based on the access control parameters associated with the first access information that match the second access information in the first information, determine whether to access the first communication device.

[0371] The optional implementation of step S3104 can be found in the optional implementation of step S2105 in Figure 2, as well as other related parts in the embodiments involved in Figure 2, which will not be repeated here.

[0372] The access control method involved in the embodiments of this disclosure may include at least one of steps S3101 to S3104. For example, step S3102 can be implemented as an independent embodiment, step S3104 can be implemented as an independent embodiment, step S3101+S3102 can be implemented as an independent embodiment, step S3102+S3103 can be implemented as an independent embodiment, step S3102+S3104 can be implemented as an independent embodiment, step S3101+S3104 can be implemented as an independent embodiment, step S3103+S3104 can be implemented as an independent embodiment, step S3101+S3102+S3103 can be implemented as an independent embodiment, step S3101+S3102+S3104 can be implemented as an independent embodiment, step S3101+S3103+S3104 can be implemented as an independent embodiment, but not limited thereto.

[0373] In some embodiments, steps S3102 and S3103 may be performed in an alternate order or simultaneously.

[0374] In some embodiments, steps S3101, S3103, and S3104 are optional, and one or more of these steps may be omitted or substituted in different embodiments.

[0375] In some embodiments, steps S3101, S3102, and S3103 are optional, and one or more of these steps may be omitted or substituted in different embodiments.

[0376] Figure 3B is a flowchart illustrating an access control method according to an embodiment of the present disclosure. As shown in Figure 3B, the embodiment of the present disclosure relates to an access control method executed by a first communication device, the method comprising:

[0377] Step S3201: Send the fourth message.

[0378] The optional implementation of step S3201 can be found in the optional implementation of step S2101 in Figure 2 and other related parts in the embodiments involved in Figure 2, which will not be repeated here.

[0379] In some embodiments, the first communication device sends a fourth message to the IoT device, but is not limited thereto; it may also send the fourth message to other entities.

[0380] In some embodiments, the fourth information is used to indicate whether the first communication device provides the first information.

[0381] Step S3202: Determine the first information.

[0382] The optional implementation of step S3202 can be found in the optional implementation of step S2102 in Figure 2 and other related parts in the embodiments involved in Figure 2, which will not be repeated here.

[0383] In some embodiments, the first information includes information for controlling the IoT device to access the first communication device.

[0384] In some embodiments, the first information includes first access information and / or access control parameters.

[0385] In some embodiments, the first access information indicates relevant information for the IoT device to access the network. The relevant information for the IoT device to access the network includes at least one of the following: IoT device type, IoT device identification information, IoT service type, IoT service identification information, first communication device identification information, and IoT device location information.

[0386] In some embodiments, access control parameters include first indication information and / or access conditions.

[0387] In some embodiments, the first indication information is used to indicate whether the IoT device is allowed to access.

[0388] In some embodiments, access conditions are used to indicate the conditions under which IoT devices are allowed to access the network.

[0389] Step S3203: Send the first message.

[0390] The optional implementations of step S3203 can be found in the optional implementations of steps S2103, S2104, and S2105 in Figure 2, as well as other related parts in the embodiments involved in Figure 2, which will not be repeated here.

[0391] In some embodiments, the first communication device sends first information to the IoT device, but is not limited thereto; it may also send first information to other entities.

[0392] In some embodiments, the first information is used by the IoT device to determine whether to access the first communication device.

[0393] The access control method involved in the embodiments of this disclosure may include at least one of steps S3201 to S3203. For example, step S3202 may be implemented as an independent embodiment, step S3203 may be implemented as an independent embodiment, steps S3201+S3202 may be implemented as an independent embodiment, steps S3201+S3203 may be implemented as an independent embodiment, and steps S3202+S3203 may be implemented as an independent embodiment, but it is not limited thereto.

[0394] In some embodiments, steps S3201 and S3202 may be performed in an interchangeable order or simultaneously.

[0395] In some embodiments, steps S3201 and S3203 are optional, and one or more of these steps may be omitted or substituted in different embodiments.

[0396] In some embodiments, steps S3201 and S3202 are optional, and one or more of these steps may be omitted or substituted in different embodiments.

[0397] In this embodiment of the disclosure, step S3201 can be combined with step S3101 of FIG3A, and step S3203 can be combined with step S3102 of FIG3A.

[0398] Figure 4A is a flowchart illustrating an access control method according to an embodiment of the present disclosure. As shown in Figure 4A, this embodiment of the present disclosure relates to an access control method executed by an IoT device, the method comprising:

[0399] Step S4101: Obtain the first information.

[0400] In an optional embodiment, step S4101 includes lower-level solution steps S3101 and S3102. Optional implementations of step S4101 can be found in steps S2101, S2102, and S2103 in Figure 2, optional implementations of steps S3101 and S3102 in Figure 3A, and other related parts in the embodiments involved in Figures 2 and 3A, which will not be repeated here.

[0401] In some embodiments, the IoT device receives first information sent by a first communication device, or the IoT device receives first information sent by a fourth communication device, but is not limited thereto, and may also receive first information sent by other entities.

[0402] In some embodiments, the IoT device acquires first information as defined by the protocol.

[0403] In some embodiments, the IoT device obtains first information from the upper layer(s).

[0404] In some embodiments, the IoT device processes information to obtain the first information.

[0405] In some embodiments, step S4101 is omitted, and the IoT device autonomously implements the function indicated by the first information, or the above function is default or default.

[0406] In some embodiments, the first information includes information for controlling the IoT device to access the first communication device.

[0407] In some embodiments, the first information includes at least one of the following: first access information, which indicates relevant information for the IoT device to access the network; and access control parameters.

[0408] In some embodiments, the relevant information for IoT devices to access the network includes at least one of the following: the device type of the IoT device; the identification information of the IoT device; the service type of the IoT service; the identification information of the IoT service; the identification information of the first communication device; and the location information of the IoT device.

[0409] In some embodiments, the location information includes at least one of the following: geographic location information; beam information; beam group information.

[0410] In some embodiments, beam information or beam group information includes at least the synchronization signal block (SSB) index.

[0411] In some embodiments, the access control parameters include at least one of the following: first indication information, which indicates whether the IoT device is allowed to access; and access conditions, which indicate the conditions under which the IoT device is allowed to access.

[0412] In some embodiments, the first information is determined based on capabilities related to access control of the first communication device, and / or the first information is determined based on capabilities related to access control of the fourth communication device.

[0413] In some embodiments, the first information is determined by a first communication device and sent to the IoT device, or the first information is determined by a fourth communication device and sent to the IoT device.

[0414] In some embodiments, the first information is determined by the first communication device, the first information is determined by the first communication device based on capabilities related to access control of the first communication device, and / or, the first information is determined by the first communication device based on first capability information received from the fourth communication device, the first capability information being used to indicate capabilities related to access control of the fourth communication device.

[0415] In some embodiments, the first information is determined by the fourth communication device based on capabilities related to access control of the fourth communication device, and / or the first information is determined by the fourth communication device based on second capabilities received from the first communication device, the second capability information being used to indicate capabilities related to access control of the first communication device.

[0416] In some embodiments, the first communication device is an access network device, the fourth communication device is a core network device, or the fourth communication device is a device for forwarding data and / or signaling between the IoT device and the access network device.

[0417] In some embodiments, the first communication device is a device for forwarding data and / or signaling between the IoT device and the access network device, and the fourth communication device is an access network device or a core network device.

[0418] In some embodiments, the IoT device may receive a first SIB, which is an SIB used to instruct the IoT device to access the network, and the first SIB includes first information.

[0419] In some embodiments, different types of IoT devices correspond to different first SIBs, and the IoT device can obtain first information from the first SIB corresponding to its device type.

[0420] In some embodiments, the first SIB further includes multiple subfields, which include at least one of the following: a first subfield, which is used to indicate the type identifier of different types of IoT devices; a second subfield, which is used to indicate the service priority of different IoT services; and a third subfield, which is used to indicate the location area to which the first information applies.

[0421] In some embodiments, the IoT device may receive fourth information sent by the first communication device, the fourth information being used to indicate whether the first communication device provides the first information.

[0422] Step S4102: Based on the first information, determine whether to access the first communication device.

[0423] In an optional embodiment, step S4102 includes lower-level solution steps S3103 and S3104. Optional implementations of step S4102 can be found in steps S2104 and S2105 in Figure 2, optional implementations of steps S3103 and S3104 in Figure 3A, and other related parts in the embodiments involved in Figures 2 and 3A, which will not be repeated here.

[0424] In some embodiments, the device type of the IoT device matches the device type corresponding to the type identifier indicated by the first subfield, the service priority of the IoT service corresponding to the IoT device in the second subfield satisfies the first priority, and the location information of the IoT device satisfies the location area indicated by the third subfield. Based on the first information, it is determined whether to access the first communication device.

[0425] In some embodiments, the first access information is associated with access control parameters, and the IoT device can determine the second access information to determine whether to access the first communication device based on the access control parameters associated with the first access information that match the second access information.

[0426] In some embodiments, an IoT device may determine relevant information about its access to the internet, and based on this access information, determine second access information.

[0427] In some embodiments, the IoT device may determine the relevant information for the IoT device to access the network as the second access information; or, the IoT device may determine the access information that matches the relevant information for the IoT device to access the network as the second access information based on the second information used to indicate the mapping relationship between the relevant information for the IoT device to access the network and the access information.

[0428] In some embodiments, the second information is agreed upon by a protocol, or the second information is indicated by the second communication device to the IoT device.

[0429] In some embodiments, there are multiple second pieces of information. The IoT device can determine the second information used to determine the second access information from the multiple pieces of second information based on priority information. The priority information is agreed upon by the protocol, or the priority information is configured by the third communication device for the IoT device.

[0430] In some embodiments, the second access information is determined by the AS, and / or the second access information is determined by the NAS.

[0431] Taking the second access information as an SSB index as an example, the IoT device can perform SSB selection to determine whether to access the first communication device based on the access control parameters that match the SSB index of the selected SSB in the first access information.

[0432] In some embodiments, determining whether to access the first communication device based on access control parameters can first be based on the first indication information included in the access control parameters, and if it is determined that access to the first communication device is possible, then it can be determined whether access is possible based on the access conditions.

[0433] In some embodiments, the IoT device may ignore whether the second indication information indicates that a regular terminal is allowed to access, and determine whether the IoT device is allowed to access based on the first indication information; or, if the second indication information indicates that a regular terminal is allowed to access, the IoT device may determine whether the IoT device is allowed to access based on the first indication information; or, if the second indication information indicates that a regular terminal is not allowed to access, the IoT device may determine whether the IoT device is allowed to access based on the first indication information.

[0434] In some embodiments, the second indication information indicates that a regular terminal is allowed to access. When determining whether an IoT device is allowed to access based on the first indication information, if the second indication information indicates that a regular terminal is not allowed to access, it is determined that the IoT device is not allowed to access.

[0435] In some embodiments, the second indication information indicates that ordinary terminals are not allowed to access. When determining whether an IoT device is allowed to access based on the first indication information, if the second indication information indicates that ordinary terminals are allowed to access, it is determined that the IoT device is allowed to access.

[0436] The access control method involved in the embodiments of this disclosure may include at least one of steps S4101 to S4102. For example, step S4101 may be implemented as a standalone embodiment, step S4102 may be implemented as a standalone embodiment, and step S4101+S4102 may be implemented as a standalone embodiment, but is not limited thereto.

[0437] In some embodiments, step S4101 is optional and may be omitted or replaced in different embodiments.

[0438] In some embodiments, step S4102 is optional and may be omitted or replaced in different embodiments.

[0439] Figure 4B is a flowchart illustrating an access control method according to an embodiment of the present disclosure. As shown in Figure 4B, this embodiment of the present disclosure relates to an access control method executed by a first communication device, the method comprising:

[0440] Step S4201: Send the first message.

[0441] In an optional embodiment, step S4201 includes lower-level solution steps S3201, S3202, and S3203. Optional implementations of step S4201 can be found in steps S2101, S2102, S2103, S2104, and S2105 in Figure 2, steps S3201, S3202, and S3203 in Figure 3B, and other related parts in the embodiments involved in Figures 2 and 3B, which will not be repeated here.

[0442] In some embodiments, the first communication device sends first information to the IoT device, but is not limited thereto; it may also send first information to other entities.

[0443] In some embodiments, the first information includes information for controlling the IoT device to access the first communication device.

[0444] In some embodiments, the first information includes at least one of the following: first access information, which indicates relevant information for the IoT device to access the network; and access control parameters.

[0445] In some embodiments, the first information is used by the IoT device to determine whether to access the first communication device.

[0446] In some embodiments, the first access information is associated with access control parameters; the first information is used by the IoT device to determine the first access information that matches the second access information based on the second access information, so as to determine whether to access the first communication device based on the access control parameters associated with the first access information that matches the second access information.

[0447] In some embodiments, the second access information is determined by the IoT device based on relevant access information, wherein the relevant access information is determined by the IoT device.

[0448] In some embodiments, the second access information is determined by the IoT device based on relevant information for access, including any one of the following: the second access information is relevant information for access; the second access information is access information that matches the relevant information for access by the IoT device determined according to the second information, and the second information is used to indicate the mapping relationship between the relevant information for access by the IoT device and the access information.

[0449] In some embodiments, the first communication device may send second information to the IoT device.

[0450] In some embodiments, the first communication device may also send priority information to the IoT device. The priority information is used by the IoT device to determine the second information for determining the second access information from among the multiple second information when there are multiple second information.

[0451] In some embodiments, the second access information is determined by the AS, and / or the second access information is determined by the NAS.

[0452] In some embodiments, the relevant information for IoT devices to access the network includes at least one of the following: the device type of the IoT device; the identification information of the IoT device; the service type of the IoT service; the identification information of the IoT service; the identification information of the first communication device; and the location information of the IoT device.

[0453] In some embodiments, the location information includes at least one of the following: geographic location information; beam information; wave array information.

[0454] In some embodiments, the access control parameters include at least one of the following: first indication information, which indicates whether the IoT device is allowed to access; and access conditions, which indicate the conditions under which the IoT device is allowed to access.

[0455] In some embodiments, the first indication information is used by the IoT device to determine whether the IoT device is allowed to access in any of the following situations: ignoring whether the second indication information indicates that a normal terminal is allowed to access; the second indication information indicates that a normal terminal is allowed to access; or the second indication information indicates that a normal terminal is not allowed to access.

[0456] In some embodiments, the first indication information is used by the IoT device to determine whether the IoT device is allowed to access if the second indication information indicates that the ordinary terminal is allowed to access. If the second indication information indicates that the ordinary terminal is not allowed to access, the IoT device is not allowed to access.

[0457] In some embodiments, the first indication information is used by the IoT device to determine whether the IoT device is allowed to access if the second indication information indicates that the ordinary terminal is not allowed to access. If the second indication information indicates that the ordinary terminal is allowed to access, the IoT device is allowed to access.

[0458] In some embodiments, the first communication device may determine first information based on capabilities related to access control of the first communication device; and / or, the first communication device may determine first information based on first capability information received from the fourth communication device, the first capability information indicating capabilities related to access control of the fourth communication device.

[0459] In some embodiments, the first communication device is an access network device, the fourth communication device is a core network device, or the fourth communication device is a device for forwarding data and / or signaling between the IoT device and the access network device.

[0460] In some embodiments, the first communication device is a device for forwarding data and / or signaling between the IoT device and the access network device, and the fourth communication device is an access network device or a core network device.

[0461] In some embodiments, the first communication device may send a first SIB to the IoT device. The first SIB is an SIB used to instruct the IoT device to access the device, and the first SIB includes first information.

[0462] In some embodiments, different types of IoT devices correspond to different first SIBs, and the first communication device can send a first SIB corresponding to the type of IoT device to the IoT device.

[0463] In some embodiments, the first SIB further includes multiple subfields, which include at least one of the following: a first subfield, which is used to indicate the type identifier of different types of IoT devices; a second subfield, which is used to indicate the service priority of different IoT services; and a third subfield, which is used to indicate the location area to which the first information applies.

[0464] In some embodiments, the first information is used for the IoT device to determine whether to access the first communication device under the following conditions: the device type of the IoT device matches the device type corresponding to the type identifier indicated by the first subfield; the service priority of the IoT service corresponding to the IoT device in the second subfield meets the first priority; and the location information of the IoT device meets the location area indicated by the third subfield.

[0465] In some embodiments, the first communication device may also send a fourth message to the IoT device, the fourth message being used to indicate whether the first communication device provides the fourth message.

[0466] The communication method involved in the embodiments of this disclosure may include at least step S4201, and step S4201 may be implemented as a standalone embodiment, but is not limited thereto.

[0467] In this embodiment of the disclosure, step S4201 can be combined with step S4101 of FIG4A.

[0468] In the embodiments disclosed herein, some or all of the steps and their optional implementations may be arbitrarily combined with some or all of the steps in other embodiments, or may be arbitrarily combined with the optional implementations in other embodiments.

[0469] This disclosure also provides embodiments of an apparatus for implementing any of the above methods. For example, an apparatus is provided that includes units or modules for implementing the steps performed by the IoT device in any of the above methods. Alternatively, another apparatus is provided that includes units or modules for implementing the steps performed by a first communication device (e.g., an access network device, a device for forwarding data and / or signaling between the IoT device and the access network device, etc.) in any of the above methods.

[0470] It should be understood that the division of units or modules in the above device is only a logical functional division. In actual implementation, they can be fully or partially integrated into a single physical entity, or they can be physically separated. Furthermore, the units or modules in the device can be implemented by a processor calling software: for example, the device includes a processor connected to a memory containing instructions. The processor calls the instructions stored in the memory to implement any of the above methods or to implement the functions of the units or modules in the above device. The processor can be, for example, a general-purpose processor, such as a Central Processing Unit (CPU) or a microprocessor, and the memory can be internal or external to the device. Alternatively, the units or modules in the device can be implemented in the form of hardware circuits. The functionality of some or all of the units or modules can be achieved through the design of these hardware circuits, which can be understood as one or more processors. For example, in one implementation, the hardware circuit is an application-specific integrated circuit (ASIC). The functionality of some or all of the units or modules is achieved through the design of the logical relationships between the components within the circuit. In another implementation, the hardware circuit can be implemented using a programmable logic device (PLD). Taking a field-programmable gate array (FPGA) as an example, it can include a large number of logic gates. The connection relationships between the logic gates are configured through configuration files, thereby achieving the functionality of some or all of the units or modules. All units or modules of the above device can be implemented entirely through processor-called software, entirely through hardware circuits, or partially through processor-called software with the remaining parts implemented through hardware circuits.

[0471] In this embodiment, the processor is a circuit with signal processing capabilities. In one implementation, the processor can be a circuit with instruction read and execute capabilities, such as a Central Processing Unit (CPU), a microprocessor, a graphics processing unit (GPU) (which can be understood as a microprocessor), or a digital signal processor (DSP). In another implementation, the processor can implement certain functions through the logical relationships of hardware circuits. The logical relationships of the aforementioned hardware circuits are fixed or reconfigurable. For example, the processor is a hardware circuit implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD), such as an FPGA. In a reconfigurable hardware circuit, the process of the processor loading a configuration document and configuring the hardware circuit can be understood as the process of the processor loading instructions to implement the functions of some or all of the above units or modules. Furthermore, it can also be a hardware circuit designed for artificial intelligence, which can be understood as an ASIC, such as a Neural Network Processing Unit (NPU), a Tensor Processing Unit (TPU), or a Deep Learning Processing Unit (DPU).

[0472] Figure 5A is a schematic diagram of the structure of an IoT device according to an embodiment of this disclosure. As shown in Figure 5A, the IoT device 5100 may include at least one of a transceiver module 5101, a processing module 5102, etc. In some embodiments, the transceiver module 5101 is configured to receive first information, the first information including information for controlling the IoT device to access a first communication device; the processing module 5102 is configured to determine whether to access the first communication device based on the first information. Optionally, the transceiver module 5101 is used to perform at least one of the communication steps (e.g., steps S2101, S2103, but not limited thereto) performed by the IoT device in any of the above methods, which will not be described in detail here. Optionally, the processing module 5101 is used to perform at least one of the other steps (e.g., steps S2104, S2105, but not limited thereto) performed by the IoT device in any of the above methods, which will not be described in detail here.

[0473] Figure 5B is a schematic diagram of the structure of the first communication device proposed in an embodiment of this disclosure. As shown in Figure 5B, the first communication device 5200 may include at least a transceiver module 5201. In some embodiments, the transceiver module 5201 is configured to send first information to an IoT device, the first information including information for controlling the IoT device to access the first communication device, the first information being used by the IoT device to determine whether to access the first communication device. Optionally, the transceiver module 5201 is used to perform at least one of the communication steps (e.g., steps S2101, S2103, but not limited thereto) performed by the first communication device in any of the above methods, which will not be elaborated here. In some embodiments, the first communication device 5200 may further include a processing module. Optionally, the processing module is used to perform at least one of the other steps (e.g., step S2102, but not limited thereto) performed by the first communication device in any of the above methods, which will not be elaborated here.

[0474] In some embodiments, the transceiver module may include a transmitting module and / or a receiving module, which may be separate or integrated. Optionally, the transceiver module may be interchangeable with a transceiver.

[0475] In some embodiments, the processing module may be a single module or may include multiple sub-modules. Optionally, the multiple sub-modules may each perform all or part of the steps required by the processing module. Optionally, the processing module may be interchangeable with a processor.

[0476] Figure 6A is a schematic diagram of the structure of the communication device 6100 proposed in an embodiment of this disclosure. The communication device 6100 can be a first communication device (e.g., an access network device, a device for forwarding data and / or signaling between an IoT device and an access network device, etc.), an IoT device, a chip, chip system, or processor that supports the first communication device in implementing any of the above methods, or a chip, chip system, or processor that supports the IoT device in implementing any of the above methods. The communication device 6100 can be used to implement the methods described in the above method embodiments; for details, please refer to the descriptions in the above method embodiments.

[0477] As shown in Figure 6A, the communication device 6100 includes one or more processors 6101. The processor 6101 can be a general-purpose processor or a dedicated processor, such as a baseband processor or a central processing unit (CPU). The baseband processor can be used to process communication protocols and communication data, while the CPU can be used to control communication devices (e.g., base stations, baseband chips, terminal devices, terminal device chips, DUs or CUs, etc.), execute programs, and process program data. The communication device 6100 is used to execute any of the above methods.

[0478] In some embodiments, the communication device 6100 further includes one or more memories 6102 for storing instructions. Optionally, all or part of the memories 6102 may also be located outside the communication device 6100.

[0479] In some embodiments, the communication device 6100 further includes one or more transceivers 6103. When the communication device 6100 includes one or more transceivers 6103, the transceivers 6103 perform at least one of the communication steps such as sending and / or receiving in the above method (e.g., steps S2101, S2103, but not limited thereto), and the processor 6101 performs at least one of other steps (e.g., steps S2102, S2104, S2105, but not limited thereto).

[0480] In some embodiments, a transceiver may include a receiver and / or a transmitter, which may be separate or integrated. Optionally, the terms transceiver, transceiver unit, transceiver, transceiver circuit, etc., may be used interchangeably; the terms transmitter, transmitting unit, transmitter, transmitting circuit, etc., may be used interchangeably; and the terms receiver, receiving unit, receiver, receiving circuit, etc., may be used interchangeably.

[0481] In some embodiments, the communication device 6100 may include one or more interface circuits 6104. Optionally, the interface circuit 6104 is connected to the memory 6102, and the interface circuit 6104 can be used to receive signals from the memory 6102 or other devices, and can be used to send signals to the memory 6102 or other devices. For example, the interface circuit 6104 can read instructions stored in the memory 6102 and send the instructions to the processor 6101.

[0482] The communication device 6100 described in the above embodiments may be a first communication device or an IoT device, but the scope of the communication device 6100 described in this disclosure is not limited thereto, and the structure of the communication device 6100 may not be limited by FIG. 6A. The communication device may be a standalone device or a part of a larger device. For example, the communication device may be: (1) a standalone integrated circuit IC, or chip, or chip system or subsystem; (2) a collection of one or more ICs, optionally, the IC collection may also include storage components for storing data and programs; (3) an ASIC, such as a modem; (4) a module that can be embedded in other devices; (5) a receiver, terminal device, smart terminal device, cellular phone, wireless device, handheld device, mobile unit, vehicle device, network device, cloud device, artificial intelligence device, etc.; (6) others, etc.

[0483] Figure 6B is a schematic diagram of the structure of chip 6200 according to an embodiment of this disclosure. For cases where the communication device 6100 can be a chip or a chip system, please refer to the schematic diagram of chip 6200 shown in Figure 6B, but it is not limited thereto.

[0484] Chip 6200 includes one or more processors 6201, which are used to perform any of the above methods.

[0485] In some embodiments, chip 6200 further includes one or more interface circuits 6202. Optionally, the interface circuit 6202 is connected to memory 6203, and the interface circuit 6202 can be used to receive signals from memory 6203 or other devices, and the interface circuit 6202 can be used to send signals to memory 6203 or other devices. For example, the interface circuit 6202 can read instructions stored in memory 6203 and send the instructions to processor 6201.

[0486] In some embodiments, the interface circuit 6202 performs at least one of the communication steps such as sending and / or receiving in the above method (e.g., steps S2101, S2103, but not limited thereto), and the processor 6201 performs at least one of other steps (e.g., steps S2102, S2104, S2105, but not limited thereto).

[0487] In some embodiments, the terms interface circuit, interface, transceiver pin, transceiver, etc., can be used interchangeably.

[0488] In some embodiments, chip 6200 further includes one or more memories 6203 for storing instructions. Optionally, all or part of the memories 6203 may be located outside of chip 6200.

[0489] This disclosure also proposes a storage medium storing instructions that, when executed on the communication device 6100, cause the communication device 6100 to perform any of the above methods. Optionally, the storage medium is an electronic storage medium. Optionally, the storage medium is a computer-readable storage medium, but not limited thereto; it may also be a storage medium readable by other devices. Optionally, the storage medium may be a non-transitory storage medium, but not limited thereto; it may also be a temporary storage medium.

[0490] This disclosure also provides a program product that, when executed by the communication device 6100, causes the communication device 6100 to perform any of the above methods. Optionally, the program product is a computer program product.

[0491] This disclosure also proposes a computer program that, when run on a computer, causes the computer to perform any of the above methods.

[0492] Other embodiments of this disclosure will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of this disclosure that follow the general principles of this disclosure and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this disclosure are indicated by the following claims.

[0493] It should be understood that this disclosure is not limited to the precise structures described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of this disclosure is limited only by the appended claims.

Claims

1. An access control method, executed by an Internet of Things (IoT) device, characterized in that, The method includes: Receive first information, the first information including information for controlling IoT devices to access the first communication device; Based on the first information, determine whether to connect to the first communication device.

2. The method according to claim 1, characterized in that, The first information includes at least one of the following: First access information, which indicates relevant information for IoT devices to access the network; Access control parameters.

3. The method according to claim 2, characterized in that, The first access information is associated with access control parameters; The step of determining whether to access the first communication device based on the first information includes: Determine the second access information; Based on the access control parameters associated with the first access information that matches the second access information, it is determined whether to access the first communication device.

4. The method according to claim 3, characterized in that, The determination of the second access information includes: Determine the relevant information for the IoT device to access the network; Based on the relevant information of the IoT device access, the second access information is determined.

5. The method according to claim 4, characterized in that, The information related to access based on the IoT device, used to determine the second access information, includes any one of the following: The relevant information for accessing the IoT device is determined as the second access information; Based on the second information, which maps the relevant information used to instruct the IoT device to access the network to the access information, the access information that matches the relevant information for the IoT device to access the network is determined as the second access information.

6. The method according to claim 5, characterized in that, The second information is either agreed upon in the protocol, or it is indicated by the second communication device to the IoT device.

7. The method according to claim 5 or 6, characterized in that, The method further includes: There are multiple pieces of second information. Based on priority information, the second information used to determine the second access information is determined from among the multiple pieces of second information. The priority information is either agreed upon by the protocol or configured by the third communication device for the IoT device.

8. The method according to any one of claims 3 to 7, characterized in that, The second access information is determined by the access layer AS, and / or the second access information is determined by the non-access layer NAS.

9. The method according to any one of claims 3 to 8, characterized in that, The relevant information for IoT devices to access the network includes at least one of the following: IoT device types; Identification information of IoT devices; Business types of IoT services; Identification information for IoT services; Identification information of the first communication device; Location information of IoT devices.

10. The method according to claim 9, characterized in that, Location information includes at least one of the following: Geographic location information; Beam information; Beamgroup information.

11. The method according to claim 10, characterized in that, Beam information or beam group information includes at least the synchronization signal block (SSB) index; The determination of the second access information includes: Perform SSB selection; Determining whether to access the first communication device based on access control parameters associated with the first access information that matches the second access information includes: Based on the access control parameters in the first access information that match the SSB index of the selected SSB, determine whether to access the first communication device.

12. The method according to any one of claims 2 to 11, characterized in that, The access control parameters include at least one of the following: First indication information, the first indication information is used to indicate whether the IoT device is allowed to access; Access conditions, which indicate the conditions under which IoT devices are allowed to access the network.

13. The method according to claim 12, characterized in that, The method further includes any one of the following: Ignore whether the second indication information indicates that a regular terminal is allowed to access, and determine whether the IoT device is allowed to access based on the first indication information; The second indication information indicates that ordinary terminals are allowed to access, and the first indication information determines whether the IoT device is allowed to access. The second indication information indicates that ordinary terminals are not allowed to access, and the IoT device is determined to be allowed to access based on the first indication information.

14. The method according to claim 13, characterized in that, The second indication information indicates that a regular terminal is allowed to access the network. The method further includes determining whether the IoT device is allowed to access the network based on the first indication information: If the second indication information indicates that a regular terminal is not allowed to access, then it is determined that the IoT device is not allowed to access. The second indication information indicates that ordinary terminals are not allowed to access the network. The method further includes determining whether the IoT device is allowed to access the network based on the first indication information: If the second indication information indicates that a regular terminal is allowed to access, then the IoT device is determined to be allowed to access.

15. The method according to any one of claims 1 to 14, characterized in that, The first information is determined based on the capabilities related to access control of the first communication device, and / or the first information is determined based on the capabilities related to access control of the fourth communication device.

16. The method according to any one of claims 1 to 15, characterized in that, The first information is determined and sent to the IoT device by the first communication device, or the first information is determined and sent to the IoT device by the fourth communication device.

17. The method according to claim 15 or 16, characterized in that, The first information is determined by the first communication device, the first information is determined by the first communication device based on the capabilities related to the access control of the first communication device, and / or, the first information is determined by the first communication device based on first capability information received from the fourth communication device, the first capability information being used to indicate the capabilities related to the access control of the fourth communication device; The first information is determined by the fourth communication device based on capabilities related to the access control of the fourth communication device, and / or the first information is determined by the fourth communication device based on second capabilities received from the first communication device, the second capability information being used to indicate capabilities related to the access control of the first communication device.

18. The method according to any one of claims 15 to 17, characterized in that, The first communication device is an access network device, and the fourth communication device is a core network device, or the fourth communication device is a device for forwarding data and / or signaling between the IoT device and the access network device; The first communication device is a device for forwarding data and / or signaling between IoT devices and access network devices, and the fourth communication device is an access network device or a core network device.

19. The method according to any one of claims 1 to 18, characterized in that, The receiving of the first information includes: Receive a first system information block (SIB), the first SIB being an SIB used to instruct IoT devices to access the network, and the first SIB including the first information.

20. The method according to claim 19, characterized in that, Different types of IoT devices correspond to different first SIBs, and the method further includes: The first information is obtained from the first SIB corresponding to the type of the IoT device.

21. The method according to claim 19 or 20, characterized in that, The first SIB also includes multiple subfields, which include at least one of the following: The first subfield is used to indicate the type identifier of different types of IoT devices; The second subfield is used to indicate the business priority of different IoT services; The third subfield is used to indicate the location area to which the first information applies.

22. The method according to claim 21, characterized in that, The step of determining whether to access the first communication device based on the first information includes: The device type of the IoT device matches the device type corresponding to the type identifier indicated by the first sub-field, the service priority of the IoT service corresponding to the IoT device in the second sub-field satisfies the first priority, and the location information of the IoT device satisfies the location area indicated by the third sub-field. Based on the first information, it is determined whether to access the first communication device.

23. The method according to any one of claims 1 to 22, characterized in that, The method further includes: The system receives a fourth message sent by the first communication device, the fourth message being used to indicate whether the first communication device provides the first message.

24. An access control method, executed by a first communication device, characterized in that, The method includes: Send first information to an IoT device, the first information including information for controlling the IoT device to access a first communication device, the first information being used by the IoT device to determine whether to access the first communication device.

25. The method according to claim 24, characterized in that, The first information includes at least one of the following: First access information, which indicates relevant information for IoT devices to access the network; Access control parameters.

26. The method according to claim 25, characterized in that, The first access information is associated with access control parameters; The first information is used by the IoT device to determine whether to access the first communication device, including: The first information is used by the IoT device to determine first access information that matches the second access information based on the second access information, so as to determine whether to access the first communication device based on the access control parameters associated with the first access information that matches the second access information.

27. The method according to claim 26, characterized in that, The second access information is determined by the IoT device based on relevant access information, wherein the relevant access information is determined by the IoT device.

28. The method according to claim 27, characterized in that, The second access information is determined by the IoT device based on relevant access information, including any one of the following: The second access information is related to access procedures; The second access information is access information that matches the relevant information for accessing the IoT device, as determined by the second information. The second information is used to indicate the mapping relationship between the relevant information for accessing the IoT device and the access information.

29. The method according to claim 28, characterized in that, The method further includes: The second information is sent to the IoT device.

30. The method according to claim 28 or 29, characterized in that, The method further includes: Priority information is sent to the IoT device, and the priority information is used by the IoT device to determine the second information for determining the second access information from multiple second information when there are multiple second information.

31. The method according to any one of claims 26 to 30, characterized in that, The second access information is determined by the AS, and / or the second access information is determined by the NAS.

32. The method according to any one of claims 25 to 31, characterized in that, The relevant information for IoT devices to access the network includes at least one of the following: IoT device types; Identification information of IoT devices; Business types of IoT services; Identification information for IoT services; Identification information of the first communication device; Location information of IoT devices.

33. The method according to claim 32, characterized in that, Location information includes at least one of the following: Geographic location information; Beam information; Wave array information.

34. The method according to any one of claims 25 to 33, characterized in that, The access control parameters include at least one of the following: First indication information, the first indication information is used to indicate whether the IoT device is allowed to access; Access conditions, which indicate the conditions under which IoT devices are allowed to access the network.

35. The method according to claim 34, characterized in that, The first indication information is used by the IoT device to determine whether the IoT device is allowed to access in any of the following situations: Ignore whether the second indication information indicates that a regular terminal is allowed to access; The second instruction message indicates that ordinary terminals are allowed to access; The second instruction indicates that ordinary terminals are not allowed to access.

36. The method according to claim 35, characterized in that, The first indication information is used by the IoT device to determine whether the IoT device is allowed to access if the second indication information indicates that the ordinary terminal is allowed to access. If the second indication information indicates that the ordinary terminal is not allowed to access, the IoT device is not allowed to access. The first indication information is used by the IoT device to determine whether the IoT device is allowed to access when the second indication information indicates that the ordinary terminal is not allowed to access. If the second indication information indicates that the ordinary terminal is allowed to access, the IoT device is allowed to access.

37. The method according to any one of claims 18 to 30, characterized in that, The method further includes at least one of the following: The first information is determined based on the access control capabilities related to the first communication device. Based on the first capability information received from the fourth communication device, the first capability information is determined, wherein the first capability information is used to indicate capabilities related to access control of the fourth communication device.

38. The method according to claim 37, characterized in that, The first communication device is an access network device, and the fourth communication device is a core network device, or the fourth communication device is a device for forwarding data and / or signaling between the IoT device and the access network device; The first communication device is a device for forwarding data and / or signaling between IoT devices and access network devices, and the fourth communication device is an access network device or a core network device.

39. The method according to any one of claims 24 to 38, characterized in that, Sending the first information to the IoT device includes: Send a first SIB to the IoT device. The first SIB is an SIB used to instruct the IoT device to access the network. The first SIB includes the first information.

40. The method according to claim 39, characterized in that, Different types of IoT devices correspond to different first SIBs. Sending the first SIB to the IoT device includes: Send a first SIB corresponding to the type of the IoT device to the IoT device.

41. The method according to claim 39 or 40, characterized in that, The first SIB also includes multiple subfields, which include at least one of the following: The first subfield is used to indicate the type identifier of different types of IoT devices; The second subfield is used to indicate the business priority of different IoT services; The third subfield is used to indicate the location area to which the first information applies.

42. The method according to claim 41, characterized in that, The first information is used by the IoT device to determine whether to access the first communication device under the following circumstances: The device type of the IoT device matches the device type corresponding to the type identifier indicated by the first sub-field, the IoT service corresponding to the IoT device has a service priority in the second sub-field that satisfies the first priority, and the location information of the IoT device satisfies the location area indicated by the third sub-field.

43. The method according to any one of claims 24 to 42, characterized in that, The method further includes: Send a fourth message to the IoT device, the fourth message being used to indicate whether the first communication device provides the first message.

44. A communication device, characterized in that, The communication device is used to execute the access control method according to any one of claims 1-23 and 24-43.

45. A communication system, characterized in that, The device includes an IoT device and a first communication device, wherein the IoT device is configured to implement the access control method according to any one of claims 1-23, and the first communication device is configured to implement the access control method according to any one of claims 24-43.

46. ​​A storage medium storing instructions, characterized in that, When the instruction is executed on the communication device, the communication device performs the access control method as described in any one of claims 1-23 and 24-43.

47. A program product comprising at least one of a program and instructions, characterized in that, When at least one of the programs or instructions is executed by the communication device, the access control method according to any one of claims 1-23 and 24-43 is implemented.