CN117041948A

CN117041948A - Communication configuration method, device, computer equipment and storage medium

Info

Publication number: CN117041948A
Application number: CN202310827333.0A
Authority: CN
Inventors: 黄海; 陈平辉
Original assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Current assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Priority date: 2023-07-06
Filing date: 2023-07-06
Publication date: 2023-11-10

Abstract

The application discloses a communication configuration method, a communication configuration device, computer equipment and a storage medium. The method can be applied to the technical field of terminal communication, and specifically comprises the following steps: the method comprises the steps of receiving a first registration request sent by a second network element in a roaming network where a roaming terminal is located, wherein the first registration request carries a first media plane configuration message, executing a registration process for the roaming terminal according to the first registration request, acquiring subscription information corresponding to the roaming terminal in a registration process, and carrying out configuration processing on an encryption item in the subscription information according to the first media plane configuration message. The roaming terminal can complete the configuration processing of the encryption item in the subscription information while the home network carries out IMS system registration based on the method of the application so as to realize the encryption and decryption of the multimedia data corresponding to the roaming terminal, greatly simplify the encryption and decryption flow of the multimedia data aiming at the roaming terminal on the basis of not changing the standard signaling negotiation architecture, and improve the configuration efficiency.

Description

Communication configuration method, device, computer equipment and storage medium

Technical Field

The present application relates to the field of terminal communication technologies, and in particular, to a communication configuration method, a device, a computer device, and a storage medium.

Background

The roaming service of the current 5G core network is provided by the home location of the roaming user, i.e. the data and voice of the roaming user are to be returned to the home network, and the service is provided by the home network. In the roaming scenario, a roaming terminal registered in a visited network (i.e. roaming network) in a visited place registers in a multimedia system IMS of a home network by a local routing method.

If the visited network at the visited place needs to configure encryption and decryption of multimedia data (mainly including data and voice) in an IMS system of the roaming terminal (for example, decrypt the multimedia data to realize legal monitoring), a relatively complicated negotiation process is needed, and the working efficiency is low.

Disclosure of Invention

Based on the foregoing, it is necessary to provide a communication configuration method, a device, a computer device and a storage medium, which greatly simplify the encryption and decryption configuration flow of multimedia data.

In a first aspect, the present application provides a communication configuration method, applied to a first network element of an IMS system of a home network of a roaming terminal, the method comprising:

receiving a first registration request sent by a second network element in a roaming network where a roaming terminal is located, wherein the first registration request carries a first media plane configuration message;

Executing a registration process for the roaming terminal according to the first registration request, and acquiring subscription information corresponding to the roaming terminal in the registration process;

and carrying out configuration processing on the encryption item in the subscription information according to the first media plane configuration message, wherein the configured encryption item is used for indicating whether to encrypt the multimedia data corresponding to the roaming terminal.

In one embodiment, the subscription information further includes a permission indication item, and the configuring the encrypted item in the subscription information according to the first media plane configuration message includes:

determining whether the configuration permission exists according to the permission indication item;

and executing the step of configuring the encrypted item in the subscription information according to the first media plane configuration message under the condition of having the configuration authority.

In one embodiment, determining whether there is a configuration right based on the right indication item includes:

determining that the subscription information has configuration rights under the condition that the rights indicator indicates that the encryption item in the subscription information can be configured by network elements of other networks;

in the case that the rights indication item indicates that the encrypted item in the subscription information is not configurable by network elements of other networks, it is determined that there is no configuration right.

In one embodiment, the subscription information further includes a latest configuration item, where the latest configuration item is used to indicate at least one of a target network element and a network to which the target network element belongs that configures the subscription information last time, and the method further includes:

And updating the latest configuration item according to at least one of the roaming network and the second network element.

In one embodiment, the subscription information further includes at least one of:

an encryption mode item for indicating an encryption mode of the roaming terminal;

a security protocol type item for indicating a transport protocol type.

In one embodiment, acquiring subscription information corresponding to the roaming terminal according to the first registration request includes:

and acquiring subscription information from a user database HSS according to the first registration request.

In one embodiment, according to a first registration request, acquiring subscription information from a subscriber database HSS includes:

under the condition that the monitoring clock is not set or the monitoring clock is overtime, executing the step of acquiring subscription information from the HSS according to the first registration request;

wherein the monitoring clock is started upon receiving a registration request for the roaming terminal sent by a network element of the non-home network or upon detecting a handover of a related network element of the roaming terminal.

In one embodiment, the method further comprises:

and under the condition that the monitoring clock is not overtime, prohibiting the acquisition of the subscription information from the HSS, and determining whether the multimedia data of the roaming terminal is encrypted or not based on the encryption item of the subscription information of the roaming terminal stored in the local database.

In one embodiment, the method further comprises:

after the roaming terminal enters the coverage area of the home network, receiving a second registration request sent by a third network element in the home zone, wherein the second registration request carries a second media plane configuration message;

and acquiring subscription information corresponding to the roaming terminal according to the second registration request, and carrying out configuration processing on an encryption item in the subscription information according to the second media plane configuration message, wherein the configured encryption item is used for indicating whether to encrypt multimedia data corresponding to the roaming terminal.

In one embodiment, a response message is returned to the second network element, wherein the response message carries a registration request result and a configuration processing result;

the registration request result is used for representing whether the roaming terminal is successfully registered or not; the configuration processing result is used for representing that the encryption item in the subscription information of the roaming terminal is successfully configured.

In a second aspect, the present application further provides a communication configuration apparatus, which is applied to a first network element of an IMS system of a home network of a roaming terminal, including:

the first receiving module is used for receiving a first registration request sent by a second network element in a roaming network where the roaming terminal is located, wherein the first registration request carries a first media plane configuration message;

The execution module is used for executing a registration process aiming at the roaming terminal according to the first registration request and acquiring subscription information corresponding to the roaming terminal in the registration process;

the first configuration module is used for carrying out configuration processing on the encryption item in the subscription information according to the first media plane configuration message, and the configured encryption item is used for indicating whether the multimedia data corresponding to the roaming terminal is encrypted or not.

In a third aspect, the present application also provides a computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:

In a fourth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In a fifth aspect, the application also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of:

The communication configuration method, the device, the computer equipment and the storage medium are applied to a first network element of an IMS system of a home network of a roaming terminal, the first registration request carries a first media plane configuration message by receiving a first registration request sent by a second network element of the roaming network where the roaming terminal is located, a registration process for the roaming terminal is executed according to the first registration request, subscription information corresponding to the roaming terminal is acquired in the registration process, encryption items in the subscription information are configured and processed according to the first media plane configuration message, and the configured encryption items are used for indicating whether multimedia data corresponding to the roaming terminal are encrypted or not. The roaming terminal can complete the configuration processing of the encryption item in the subscription information while the home network carries out IMS system registration based on the method of the application so as to realize the encryption and decryption of the multimedia data corresponding to the roaming terminal, greatly simplify the encryption and decryption flow of the multimedia data aiming at the roaming terminal on the basis of not changing the standard signaling negotiation architecture, and improve the configuration efficiency.

Drawings

Fig. 1 is an application environment diagram of a first communication configuration method provided in this embodiment;

Fig. 2 is a flow chart of a first communication configuration method provided in the present embodiment;

fig. 3 is an application environment diagram of a second communication configuration method provided in the present embodiment;

fig. 4 is a schematic flow chart of configuration processing for an encrypted item in subscription information according to the present embodiment;

fig. 5 is a schematic diagram of subscription information provided in the present embodiment;

fig. 6 is a flow chart of a second communication configuration method provided in the present embodiment;

fig. 7 is a flow chart of a third communication configuration method provided in the present embodiment;

fig. 8 is a flow chart of a fourth communication configuration method provided in the present embodiment;

fig. 9 is a flowchart of a first registration of a roaming terminal according to the present embodiment;

fig. 10 is a flowchart of a second registration of a roaming terminal according to the present embodiment;

fig. 11 is a block diagram of a first communication configuration apparatus according to the present embodiment;

fig. 12 is a block diagram of a second communication configuration apparatus according to the present embodiment;

fig. 13 is a block diagram of a third communication configuration apparatus according to the present embodiment;

fig. 14 is an internal structural diagram of the computer device provided in the present embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

The communication configuration method provided by the embodiment of the application can be applied to an application environment shown in figure 1. Communication service (i.e., multimedia data, mainly including data and voice) generated by a roaming terminal UE (User Equipment) in a roaming network (i.e., a visited network) 102 needs to be provided by a home network 104, the roaming network 102 configures encryption and decryption of multimedia data in an IMS (IP Multimedia Subsystem, IP multimedia system) system of the roaming terminal UE, a first network element in the home network 104 receives a first registration request sent by a second network element in the roaming network 102 where the roaming terminal UE is located, the first registration request carries a first media plane configuration message, performs a registration procedure for the roaming terminal UE according to the first registration request, acquires subscription information corresponding to the roaming terminal through a subscriber database in a registration process, and configures an encryption item in the subscription information according to the first media plane configuration message, where the configured encryption item is used to indicate whether to encrypt multimedia data corresponding to the roaming terminal. For example, after the first network element configures the encryption item in the subscription information according to the first media plane configuration message, the encryption item of the multimedia data corresponding to the roaming terminal UE is closed, and at this time, legal interception can be performed on the roaming terminal UE by the network element associated with the roaming terminal UE in the roaming network 102.

In the embodiment of the present application, a user terminal, a user equipment, a terminal device, or a terminal may be collectively referred to as UE. The UE described below in the embodiments of the present application may be replaced by a user terminal, a user equipment, a terminal device, or a terminal unless otherwise specified, which may, of course, be interchanged. The roaming terminal UE in this embodiment may adopt, but is not limited to, a terminal supporting VoLTE (Voice over Long-Term Evolution, a high-speed wireless communication standard for mobile phones and data terminals) and VoNR (Voice over NR, target Voice solution for 5G network).

The IMS system refers to an IP multimedia system, is a brand new multimedia service form, and can meet the requirements of more novel and diversified multimedia services of terminal clients. The IMS system is a core technology of the next generation network, and is also an important way for solving the problem of integration of mobile and fixed networks and introducing differentiated services such as triple integration of voice, data and video.

The roaming network and the home network are EPC core networks or 5GC core networks which belong to different public land mobile networks PLMNs and support roaming, the home network refers to the network to which the home location of the roaming terminal belongs, and the roaming network refers to the network where the roaming terminal is currently located. The EPC (Evolved Packet Core) core network refers to a core network of a 4G mobile communication network, and has the traditional capabilities of a mobile network such as user subscription data storage, mobility management and data exchange, and can provide a user with ultra-high-speed internet experience. The 5GC core network refers to a 5G core network, and the network elements of the 5G core network comprise UPF network elements, AUSF network elements, UDM network elements, AMF network elements, SMF network elements, PCF network elements, NSSF network elements, NRF network elements, NEF network elements and the like.

The first network element and the second network element refer to network elements with different functions, the network elements can be simply understood as elements in a network, devices in the network, and the network elements are minimum units which can be monitored and managed in network management.

In one embodiment, fig. 2 is a flowchart of a communication configuration method according to an embodiment of the present application, where the method is applied to a first network element of an IMS system of a home network of a roaming terminal, and the method is described by taking the application of the method to the first network element in fig. 1 as an example, and the method includes the following steps:

s201, receiving a first registration request sent by a second network element in a roaming network where the roaming terminal is located, wherein the first registration request carries a first media plane configuration message.

The first registration request refers to a registration request which is provided to a network element of the home network through a second network element under the condition that the roaming terminal is not registered in the home network; the first media plane configuration message is a message for configuring the IMS system media plane security of the roaming terminal, and is used for configuring encryption and decryption of multimedia data corresponding to the roaming terminal.

An alternative implementation manner of this embodiment is as follows: and receiving a first registration request sent by a second network element in a roaming network where the roaming terminal is located, determining an identification bit in the first registration request, and acquiring a first media plane configuration message carried by the first registration request based on the identification bit. The identification bits can be special characters or characteristic parameters, the first media surface configuration message and the flag bits are combined according to a preset rule, and then the flag bits can be analyzed through the preset rule to obtain the first media surface configuration message.

When the first network element is an S-CSCF network element in the home network and the second network element is a P-CSCF network element of the roaming network, as shown in fig. 3, another alternative implementation manner of this embodiment is as follows: the P-CSCF network element of the roaming network sends a first registration request to the I-CSCF network element of the home network, the I-CSCF network element of the home network forwards the first registration request to the S-CSCF network element of the home network after determining the S-CSCF network element, and the S-CSCF network element of the home network further receives the first registration request sent by the P-CSCF network element (namely, a second network element) in the roaming network where the roaming terminal is located, wherein the first registration request carries a first media plane configuration message, and the first media plane configuration message can be configured in a header field of the first registration request.

In this embodiment, the S-CSCF (Server CSCF) network element is in the core control position in the IMS system, and is responsible for registration authentication and session control of the terminal, performing a basic session routing function for the calling end and the called end IMS system users, and performing value added service routing triggering and service control interaction to the AS when the conditions are satisfied according to the triggering rules of the user subscription IMS system.

The I-CSCF (Interrogating CSCF) network element is located at the edge of the home network domain and has the main functions of: the querying subscriber database HSS selects the S-CSCF and forwards the SIP message to this S-CSCF.

The P-CSCF (Proxy-CSCF) network element is an ingress network element of an IMS system of a roaming network. Session messages originating from the terminal and terminating at the terminal are passed through the P-CSCF network element.

(R) AN: the main function of a (radio) access network (R) AN is to control the UE to access into the mobile communication network by radio.

The user plane function UPF is a gateway for the 3GPP Network to communicate with a DN (Data Network). Wherein, the 3GPP network refers to a network conforming to the 3GPP standard.

A Data Network (DN), also known as a packet Data Network (PDN, packet Data Network), is a Network located outside the 3GPP Network. The 3GPP network can access a plurality of DNs, and a plurality of services provided by an operator or a third party can be deployed on the DNs. For example, a DN is a private network of an intelligent plant, and a sensor installed in a plant of the intelligent plant plays the role of a UE, and the DN configures a control server of the sensor. The UE communicates with the control server, and after acquiring an instruction from the control server, the UE may transfer the acquired data to the control server according to the instruction. For another example, the DN is an internal office network of a company, and the terminals used by employees of the company may act as UEs that can access information and other resources within the company.

N1, N2, N3, N4, N6, N9 in the architecture of fig. 3 represent Reference points (Reference points) between related network entities/network functions, respectively.

S202, according to the first registration request, executing a registration process for the roaming terminal, and acquiring subscription information corresponding to the roaming terminal in the registration process.

The subscription information refers to user subscription data, and compared with subscription information required by the conventional roaming terminal during registration, the subscription information in the embodiment at least adds an encryption item for configuring encryption and decryption of multimedia data corresponding to the roaming terminal; the registration process refers to an authentication and authentication process for the roaming terminal for ensuring the security of the network.

Optionally, in this embodiment, according to the first registration request, a terminal identity of the roaming terminal is obtained, according to the terminal identity, authentication data is downloaded from a subscriber database HSS, a registration procedure for the roaming terminal is performed, after registration is successful, user subscription data is downloaded, and subscription information corresponding to the roaming terminal is obtained based on the user subscription data.

S203, the encryption item in the subscription information is configured according to the first media plane configuration message, and the configured encryption item is used for indicating whether to encrypt the multimedia data corresponding to the roaming terminal.

The encryption item refers to a matter configured in the subscription information and used for indicating whether to encrypt the multimedia data corresponding to the roaming terminal, and encryption and decryption configuration of the multimedia data can be realized by configuring the encryption item.

Optionally, in this embodiment, if the first media plane configuration message indicates that the encrypted item in the subscription data is to be closed (for example, the first media plane configuration message is to close the encrypted item on the media plane), then the encrypted item in the subscription information is to be closed, and at this time, the multimedia data corresponding to the roaming terminal is in an unencrypted state; if the first media plane configuration message representation is used for encrypting the encryption item in the subscription data, the encryption item in the subscription information is encrypted (for example, an encryption password is configured), and at the moment, the multimedia data corresponding to the roaming terminal is in an encrypted state.

In the communication configuration method, a first registration request sent by a second network element in a roaming network where a roaming terminal is located is received, the first registration request carries a first media plane configuration message, a registration process for the roaming terminal is executed according to the first registration request, subscription information corresponding to the roaming terminal is acquired in a registration process, an encryption item in the subscription information is configured according to the first media plane configuration message, and the configured encryption item is used for indicating whether to encrypt multimedia data corresponding to the roaming terminal. The roaming terminal can complete the configuration processing of the encryption item in the subscription information while the home network carries out IMS system registration based on the method of the application so as to realize the encryption and decryption of the multimedia data corresponding to the roaming terminal, greatly simplify the encryption and decryption flow of the multimedia data aiming at the roaming terminal on the basis of not changing the standard signaling negotiation architecture, and improve the configuration efficiency.

In one embodiment, the subscription information further includes a rights indicator, and on this basis, as shown in fig. 4, an optional implementation manner of performing configuration processing on the encrypted item in the subscription information according to the first media plane configuration message in step S203 includes:

s401, determining whether the configuration permission exists according to the permission indication item.

Wherein the rights indication item refers to an item for indicating whether or not there is a right to configure the encryption item. The rights indication item in this embodiment includes a network element configurable by other networks and a network element not configurable by other networks.

Optionally, in this embodiment, when the permission indication item indicates that the encrypted item in the subscription information may be configured by a network element of another network, it is determined that the subscription information has the configuration permission. That is, in the case where the permission indication item indicates that the encrypted item in the subscription information can be configured by the network element of the other network, the network element of the roaming network has the configuration permission, and the configuration processing can be performed on the encrypted item in the subscription information of the roaming terminal. For example, the right indication item corresponding to the roaming terminal indicates "YES" or "YES", and at this time, the meaning of the right indication item indicates that the encrypted item in the subscription information can be configured by the network element of other networks, that is, the network element of the roaming network has the configuration right, and the configuration processing can be performed on the encrypted item in the subscription information of the roaming terminal.

In the case that the rights indication item indicates that the encrypted item in the subscription information is not configurable by network elements of other networks, it is determined that there is no configuration right. That is, in the case where the permission indication item indicates that the encryption item in the subscription information is not configurable by the network elements of other networks, the network elements of the roaming network do not have configuration permission, and the encryption item in the subscription information of the roaming terminal cannot be configured. For example, the permission indication item corresponding to the roaming terminal indicates NO or NO, and at this time, the meaning of the permission indication item indicates that the encrypted item in the subscription information cannot be configured by the network element of other networks, that is, the network element of the roaming network does not have the configuration permission, and the configuration processing cannot be performed on the encrypted item in the subscription information of the roaming terminal.

S402, executing the step of configuring the encryption item in the subscription information according to the first media plane configuration message under the condition of having the configuration authority.

In the embodiment, the permission indication item is added in the subscription information, whether the subscription information has the configuration permission or not can be determined according to the permission indication item, and under the condition that the subscription information has the configuration permission, the step of configuring the encryption item in the subscription information according to the first media surface configuration message is executed, so that flexible management and control of the encryption item are realized, and the condition that the encryption item is malicious or tampered randomly is avoided.

In one embodiment, as shown in table 1, the subscription information further includes a latest configuration item, where the latest configuration item is used to indicate at least one of a target network element (i.e., a recently set network element domain name in fig. 1) and a network to which the target network element belongs (i.e., a recently set PLMN ID in table 1) that has been configured the subscription information last time. The target network element is a network element configured with an encryption item of subscription information recently.

TABLE 1

Optionally, in this embodiment, the update processing may be performed on the latest configuration item according to at least one of the roaming network and the second network element. An alternative embodiment is: and updating the latest configuration item according to the field of the latest configuration item which can be added in the first media plane configuration message in the first registration request by the roaming network, after the configuration of the encryption item is completed, updating the latest configuration item, if the latest configuration item is a target network element, updating the target network element into a second network element, and if the latest configuration item is a network to which the target network element belongs, updating the network to which the target network element belongs into the roaming network. Another alternative embodiment is: after the first network element completes the configuration of the encryption item, automatically updating the latest configuration item, if the latest configuration item is a target network element, updating the target network element into a second network element, and if the latest configuration item is a network to which the target network element belongs, updating the network to which the target network element belongs into a roaming network.

The embodiment can know the target network element and/or the network to which the target network element is belonged for configuring the subscription information in the last time according to the latest configuration item in the subscription information, and can update the latest configuration item based on the roaming network or the second network element.

In one embodiment, as shown in table 1, the subscription information further includes at least one of an encryption mode item and a security protocol type item. The encryption mode item is used for indicating the encryption mode of the roaming terminal. A security protocol type item for indicating a transport protocol type.

The encryption mode item in this embodiment at least includes several options such as end-to-end encryption (e.g. e2e in table 1), end-to-edge encryption (e.g. null in table 1), and closed encryption, and the encryption mode may be configured in the case where "YES" or "YES" is configurable by his network. The transport protocol refers to a media plane security protocol, and may be abbreviated by a name, such as SRTP and TLS in table 1.

The subscription information in this embodiment may include an encryption mode item and a security protocol type item, and the current encryption mode and transmission protocol of the roaming terminal may be clearly known based on the encryption mode item and the security protocol type item.

It should be noted that, in general subscription information further includes other subscription matters of the user, as shown in fig. 5, for example, including a lock setting, a registration setting, a roaming setting, etc., in order to facilitate classification management of subscription information, a terminal media plane encryption setting may be added to the subscription information, and a permission indication item, a latest configuration item, an encryption mode item, and a transmission protocol type item may be configured in a terminal media plane encryption setting option in a table form.

In one embodiment, to facilitate acquiring subscription information, acquiring subscription information corresponding to a roaming terminal according to a first registration request includes:

alternatively, in this embodiment, subscription information may be obtained from the subscriber database HSS according to the first registration request. Specifically, when the first network element (for example, S-CSCF network element) receives the first registration request under the condition that the monitoring clock is not set or the monitoring clock has timed out, subscription data corresponding to the identity of the roaming terminal is obtained from the user database according to the identity of the roaming terminal corresponding to the first registration request.

The monitoring clock is a clock set in the home network and used for monitoring the time difference between two adjacent registration requests of the roaming terminal, and the monitoring clock is started when receiving the registration request sent by a network element of a non-home network for the roaming terminal or detecting the switching of the network element of the roaming terminal. Wherein the gateway network element mainly refers to an AMF network element.

The AMF (Access and Mobility Management Function ) is a control plane function in the 3GPP network, mainly responsible for access control and mobility management of the UE to the operator network.

In this embodiment, subscription information of the roaming terminal may be quickly obtained from the subscriber database HSS according to the first registration request.

Based on the above embodiment, in order to save network resources of the home network, improve communication configuration efficiency, an optional implementation manner of acquiring subscription information is:

optionally, in the case that the monitoring clock is not timed out, the embodiment prohibits acquiring the subscription information from the HSS, and determines whether to encrypt the multimedia data of the roaming terminal based on the encryption item of the subscription information of the roaming terminal stored in the local database. Specifically, when the monitoring clock is not overtime, the first network element is selected to process the last registration request, and the first network element has acquired the subscription information of the roaming terminal from the HSS when processing the last registration request, and when processing the registration request, the subscription information of the roaming terminal is not required to be acquired again from the HSS, but only from the local database, and whether the multimedia data of the roaming terminal is encrypted is determined based on the encryption item of the subscription information of the roaming terminal stored in the local database.

The monitoring clock not overtime means that the time difference between two adjacent registration requests of the same roaming terminal monitored by the monitoring clock is smaller than a time difference threshold.

In this embodiment, a monitoring clock for monitoring a registration request of a roaming terminal is added, under the condition that the monitoring clock is not overtime, subscription information is forbidden to be acquired from the HSS, whether multimedia data of the roaming terminal is encrypted or not is determined based on an encryption item of the subscription information of the roaming terminal stored in a local database, network resources of a home network are saved, a 'ping-pong effect' caused by frequent updating of the roaming terminal at the edge positions of the home network and the roaming network is effectively avoided, and under the condition that the monitoring clock is not overtime, the subscription information is not required to be acquired from the HSS frequently, so that network resource waste is reduced.

In one embodiment, after the roaming terminal enters the coverage of the home network, in order to perform configuration processing on the encrypted item in the subscription information of the roaming terminal, as shown in fig. 6, an alternative implementation manner of the communication configuration method includes:

s601, after the roaming terminal enters the coverage area of the home network, receiving a second registration request sent by a third network element in the home location, wherein the second registration request carries a second media plane configuration message.

Wherein the third network element refers to a network element in the home network for sending the second registration request, typically a P-CSCF network element in the home network. The second registration request refers to a request instruction for IMS system registration sent to the home network after the roaming terminal returns to the home network, where the second registration request carries a second media plane configuration message.

An alternative implementation manner of this embodiment is as follows: after the roaming terminal enters the coverage area of the home network, receiving a second registration request sent by a third network element of the home location, determining an identification bit in the second registration request, and acquiring a second media plane configuration message carried by the roaming terminal from the first registration request based on the identification bit, wherein the identification bit can be a special character or a characteristic parameter, combining the second media plane configuration message with the zone bit according to a preset rule, and analyzing the zone bit through the preset rule to obtain the second media plane configuration message.

When the first network element is an S-CSCF network element in the home network, and the third network element is a P-CSCF network element of the home network, another alternative implementation manner of this embodiment is as follows: the P-CSCF network element of the home network sends a second registration request to the I-CSCF network element of the home network, and after determining the S-CSCF network element of the home network, the I-CSCF network element of the home network forwards the second registration request to the S-CSCF network element of the home network, and the S-CSCF network element of the home network further receives the second registration request sent by the P-CSCF network element (namely the second network element) in the roaming network where the roaming terminal is located. Wherein the second registration request carries a second media plane configuration message.

S602, acquiring subscription information corresponding to the roaming terminal according to the second registration request, and configuring an encryption item in the subscription information according to the second media plane configuration message, wherein the configured encryption item is used for indicating whether to encrypt multimedia data corresponding to the roaming terminal.

It should be noted that, according to the second registration request, the subscription information corresponding to the roaming terminal is obtained, and the encryption item in the subscription information is configured and processed according to the second media plane configuration message, and the configured encryption item is used for indicating whether to encrypt the multimedia data corresponding to the roaming terminal.

In this embodiment, after the roaming terminal enters the coverage area of the home network, a second registration request sent by a third network element in the home location is received, where the second registration request carries a second media plane configuration message, subscription information corresponding to the roaming terminal is obtained according to the second registration request, and an encryption item in the subscription information is configured according to the second media plane configuration message, so that encryption and decryption configuration of multimedia data corresponding to the roaming terminal after the roaming terminal enters the coverage area of the home network can be achieved.

In one embodiment, in order to feed back the registration request result and the configuration processing result to the roaming terminal and the second network element, as shown in fig. 7, an alternative implementation of a communication configuration method includes:

s701, a first registration request sent by a second network element in a roaming network where the roaming terminal is located is received, wherein the first registration request carries a media plane configuration message.

S702, according to the first registration request, executing a registration process for the roaming terminal, and acquiring subscription information corresponding to the roaming terminal in the registration process.

S703, the encryption item in the subscription information is configured according to the media plane configuration message, and the configured encryption item is used for indicating whether to encrypt the multimedia data corresponding to the roaming terminal.

S704, a response message is returned to the second network element, wherein the response message carries a registration request result and a configuration processing result.

Optionally, in this embodiment, if the second network element is a P-CSCF network element of the roaming network, the first network element is an S-CSCF network element of the home network. After finishing the registration of the roaming terminal and the configuration of the encryption item, the S-CSCF network element of the home network sends out a response message to the I-CSCF network element of the home network, and the I-CSCF network element of the home network forwards the response message to the P-CSCF network element of the roaming network. The response message carries a registration request result and a configuration processing result.

In one embodiment, as shown in fig. 8, an alternative implementation of a communication configuration method includes:

s801, a first registration request sent by a second network element in a roaming network where the roaming terminal is located is received, where the first registration request carries a first media plane configuration message.

S802, judging whether the monitoring clock is overtime according to the first registration request. If the time-out is over, S803 is executed; if not, S804 is performed.

S803, the subscription information is acquired from the subscriber database HSS.

The subscription information comprises a permission indication item, a latest configuration item, an encryption mode item and a security protocol type item. In case the rights indication item indicates that the encrypted item in the subscription information is configurable by a network element of the other network, it is determined to have the configuration rights. In the case that the rights indication item indicates that the encrypted item in the subscription information is not configurable by network elements of other networks, it is determined that there is no configuration right. The latest configuration item is used for indicating at least one of a target network element and a network to which the target network element belongs, which configures the subscription information last time. The encryption mode item is used to indicate the encryption mode of the roaming terminal. The security protocol type item is used to indicate the transport protocol type.

S804, the acquisition of the subscription information from the HSS is forbidden, and whether the multimedia data of the roaming terminal is encrypted or not is determined based on the encryption item of the subscription information of the roaming terminal stored in the local database.

S805, determining whether the configuration rights are available according to the rights indication item.

S806, under the condition of having the configuration authority, the encryption item in the subscription information is configured according to the first media plane configuration message, and the configured encryption item is used for indicating whether to encrypt the multimedia data corresponding to the roaming terminal.

S807, updating the latest configuration item according to at least one of the roaming network and the second network element.

S808, a response message is returned to the second network element, wherein the response message carries a registration request result and a configuration processing result. The registration request result is used for representing whether the roaming terminal is successfully registered or not; the configuration processing result is used for representing that the encryption item in the subscription information of the roaming terminal is successfully configured.

The embodiment is applied to a first network element of an IMS system of a home network of a roaming terminal, and the first registration request carries a first media plane configuration message by receiving a first registration request sent by a second network element of the roaming network where the roaming terminal is located, executes a registration process for the roaming terminal according to the first registration request, acquires subscription information corresponding to the roaming terminal in a registration process, configures an encryption item in the subscription information according to the first media plane configuration message, and the configured encryption item is used for indicating whether to encrypt multimedia data corresponding to the roaming terminal. The roaming terminal can complete the configuration processing of the encryption item in the subscription information while the home network carries out IMS system registration based on the method of the application so as to realize the encryption and decryption of the multimedia data corresponding to the roaming terminal, greatly simplify the encryption and decryption flow of the multimedia data aiming at the roaming terminal on the basis of not changing the standard signaling negotiation architecture, and improve the configuration efficiency. By encrypting and decrypting the multimedia data of the roaming terminal, the legal interception of the data and voice of the roaming terminal can be flexibly configured.

For a better understanding of the above embodiments, a detailed explanation is provided below in connection with a specific embodiment. In one embodiment, as shown in fig. 9 and 10, when the roaming terminal UE performs IMS system registration in the home network, it needs to go through two registration procedures, and the first registration procedure in fig. 9 is specifically as follows: the roaming terminal UE sends an initial registration request register to P-CSCF network elements of the roaming network, the P-CSCF network elements of the roaming network add a first media plane configuration message in a header field of the initial registration request to form a first registration request register, the first registration request is sent to I-CSCF network elements of a home network (the I-CSCF network elements of the home network receive the first registration request, a monitoring clock of the roaming terminal starts), the I-CSCF network elements of the home network select a proper first S-CSCF network element according to the capability of each S-CSCF network element received from an HSS, the first S-CSCF network elements send the first registration request to the selected first S-CSCF network elements, the first S-CSCF network elements acquire user authentication data and user subscription data from the HSS, authenticate the roaming terminal, and create 401Unauthorized response, the 401Unauthorized response is returned to the roaming terminal UE according to a first path, and the roaming terminal UE verifies 401Unauthorized response. Under the condition that verification is effective, a second registration process is initiated, as shown in fig. 10, the roaming terminal UE sends an initial registration request register to a P-CSCF network element of the roaming network, the P-CSCF network element of the roaming network adds a first media plane configuration message in a header field of the initial registration request to form a first registration request register, and sends the first registration request to an I-CSCF network element of the home network, the I-CSCF network element of the home network judges whether a monitoring clock is overtime, if not, the S-CSCF network element is not reselected, the first registration request is sent to the first S-CSCF network element, the first S-CSCF network element does not need to acquire user authentication data and user subscription data from the HSS again, the first S-CSCF network element can execute the registration process for the roaming terminal according to the first registration request and acquire subscription information (can be acquired from the user subscription data) corresponding to the roaming terminal in the registration process, and encrypts the corresponding configuration item in the first media plane configuration message (namely, after encrypting the configuration item is performed on the first media plane configuration item is encrypted and the subscription information is returned to the home network element 200), and the encryption message is completed after encrypting the subscription item is configured to the first media item (i.e. after encrypting the subscription item is completed). The response message carries a registration request result and a configuration processing result. The I-CSCF network element of the home network returns a response message to the P-CSCF network element of the roaming network, which extracts the configuration processing result (e.g., configuration success or configuration failure) in the 200OK message, and returns a 200OK message that does not include the configuration processing result to the roaming terminal UE.

It should be noted that, the first registration process belongs to the authentication process, and the registration and the configuration of the encryption item are not performed.

It should be further noted that, in the process of executing the second registration procedure, if the I-CSCF network element of the home network determines that the monitoring clock has timed out, a suitable second S-CSCF network element is selected according to the capability of each S-CSCF network element received from the HSS, and the first registration request is sent to the selected second S-CSCF network element, and the second S-CSCF network element acquires the user authentication data and the user subscription data from the HSS again, and executes the subsequent registration and encryption item configuration procedure.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides a communication configuration device for realizing the above related communication configuration method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of one or more communication configuration devices provided below may refer to the limitation of the communication configuration method hereinabove, and will not be repeated herein.

In one embodiment, a block diagram of the communication configuration apparatus in one embodiment is shown by fig. 11. As shown in fig. 11, there is provided a communication configuration apparatus 1 applied to a first network element of an IMS system of a home network of a roaming terminal, the apparatus including: a first receiving module 10, an executing module 20 and a first configuration module 30, wherein:

a first receiving module 10, configured to receive a first registration request sent by a second network element in a roaming network where a roaming terminal is located, where the first registration request carries a first media plane configuration message;

the execution module 20 is configured to execute a registration procedure for the roaming terminal according to the first registration request, and obtain subscription information corresponding to the roaming terminal in a registration process;

The first configuration module 30 is configured to perform configuration processing on an encryption item in the subscription information according to the first media plane configuration message, where the configured encryption item is used to indicate whether to encrypt multimedia data corresponding to the roaming terminal.

According to the communication configuration device, the first registration request is received and sent by the second network element in the roaming network where the roaming terminal is located, the first registration request carries the first media plane configuration message, the registration process for the roaming terminal is executed according to the first registration request, subscription information corresponding to the roaming terminal is acquired in the registration process, encryption items in the subscription information are configured and processed according to the first media plane configuration message, and the configured encryption items are used for indicating whether the multimedia data corresponding to the roaming terminal are encrypted or not. The roaming terminal can complete the configuration processing of the encryption item in the subscription information while the home network carries out IMS system registration based on the method of the application so as to realize the encryption and decryption of the multimedia data corresponding to the roaming terminal, greatly simplify the encryption and decryption flow of the multimedia data aiming at the roaming terminal on the basis of not changing the standard signaling negotiation architecture, and improve the configuration efficiency.

In one embodiment, the subscription information in the execution module 20 in fig. 11 further includes an authority execution item, and on this basis, as shown in fig. 12, the execution module 20 further includes:

and a right judging unit 201 for determining whether the configuration right exists according to the right indication item.

The execution unit 202 executes a step of performing configuration processing on the encrypted item in the subscription information according to the first media plane configuration message in the case of having the configuration authority.

In one embodiment, the right judging unit in fig. 12 is specifically configured to: determining that the subscription information has configuration rights under the condition that the rights indicator indicates that the encryption item in the subscription information can be configured by network elements of other networks; in the case that the rights indication item indicates that the encrypted item in the subscription information is not configurable by network elements of other networks, it is determined that there is no configuration right.

In one embodiment, the subscription information in the execution module 20 in fig. 11 further includes a latest configuration item, where the latest configuration item is used to indicate at least one of a target network element and a network to which the target network element is affiliated, where the latest configuration item is configured, and on this basis, the execution module 20 is further specifically configured to: and updating the latest configuration item according to at least one of the roaming network and the second network element.

In one embodiment, the subscription information in the execution module 20 in fig. 11 further includes at least one of the following: an encryption mode item for indicating an encryption mode of the roaming terminal; a security protocol type item for indicating a transport protocol type.

In one embodiment, the execution module 20 of fig. 11 further includes:

and the acquisition unit is used for acquiring the subscription information from the subscriber database HSS according to the first registration request.

In one embodiment, the obtaining unit is specifically configured to: and executing the step of acquiring subscription information from the HSS according to the first registration request under the condition that the monitoring clock is not set or the monitoring clock is overtime. Wherein the monitoring clock is started upon receiving a registration request for the roaming terminal sent by a network element of the non-home network or upon detecting a handover of a related network element of the roaming terminal.

In one embodiment, the obtaining unit is further specifically configured to: and under the condition that the monitoring clock is not overtime, prohibiting the acquisition of the subscription information from the HSS, and determining whether the multimedia data of the roaming terminal is encrypted or not based on the encryption item of the subscription information of the roaming terminal stored in the local database.

In one embodiment, as shown in fig. 11, a communication configuration apparatus further includes:

and the second receiving module is used for receiving a second registration request sent by a third network element in the home zone after the roaming terminal enters the coverage area of the home network, wherein the second registration request carries a second media plane configuration message.

And the second configuration module is used for receiving a second registration request sent by a third network element in the home zone after the roaming terminal enters the coverage area of the home network, wherein the second registration request carries a second media plane configuration message.

In one embodiment, on the basis of fig. 11, as shown in fig. 13, a communication configuration apparatus further includes:

and a return module 40, configured to return a response message to the second network element, where the response message carries the registration request result and the configuration processing result. The registration request result is used for representing whether the roaming terminal is successfully registered or not; the configuration processing result is used for representing that the encryption item in the subscription information of the roaming terminal is successfully configured.

The respective modules in the above-described communication configuration apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a platform side, and the internal structure of which may be as shown in fig. 14. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing communication configuration data. The network interface of the computer device is used for communicating with an external user side through a network connection. The computer program is executed by a processor to implement a communication configuration method.

It will be appreciated by those skilled in the art that the structure shown in fig. 14 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements are applied, and in particular, the computer device may include more or less components than those shown, or may combine some of the components, or have a different arrangement of components.

In one embodiment, a computer device is provided, comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:

In one embodiment, the processor when executing the computer program further performs the steps of: the subscription information further includes a permission indication item, and the configuration processing is performed on the encryption item in the subscription information according to the first media plane configuration message, including:

In one embodiment, the processor when executing the computer program further performs the steps of: determining whether the configuration rights exist according to the rights indication item comprises the following steps:

In one embodiment, the processor when executing the computer program further performs the steps of: the subscription information further includes a latest configuration item, where the latest configuration item is used to indicate at least one of a target network element and a network to which the target network element recently configures the subscription information belongs, and the method further includes:

In one embodiment, the processor when executing the computer program further performs the steps of: the subscription information further includes at least one of:

a security protocol type item for indicating a transport protocol type.

In one embodiment, the processor when executing the computer program further performs the steps of: according to the first registration request, acquiring subscription information corresponding to the roaming terminal, including:

In one embodiment, the processor when executing the computer program further performs the steps of: according to the first registration request, acquiring subscription information from a subscriber database HSS, including:

In one embodiment, the computer program when executed by the processor further performs the steps of:

In one embodiment, the processor when executing the computer program further performs the steps of: returning a response message to the second network element, wherein the response message carries a registration request result and a configuration processing result;

The principles and specific procedures of implementing the foregoing embodiments of the computer device provided in the foregoing embodiments may be referred to the description in the foregoing embodiments of the communication configuration method, which is not repeated herein.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:

In one embodiment, the computer program when executed by the processor further performs the steps of: the subscription information further includes a permission indication item, and the configuration processing is performed on the encryption item in the subscription information according to the first media plane configuration message, including:

In one embodiment, the computer program when executed by the processor further performs the steps of: determining whether the configuration rights exist according to the rights indication item comprises the following steps:

In one embodiment, the computer program when executed by the processor further performs the steps of: the subscription information further includes a latest configuration item, where the latest configuration item is used to indicate at least one of a target network element and a network to which the target network element recently configures the subscription information belongs, and the method further includes:

In one embodiment, the computer program when executed by the processor further performs the steps of: the subscription information further includes at least one of:

a security protocol type item for indicating a transport protocol type.

In one embodiment, the computer program when executed by the processor further performs the steps of: according to the first registration request, acquiring subscription information corresponding to the roaming terminal, including:

In one embodiment, the computer program when executed by the processor further performs the steps of: returning a response message to the second network element, wherein the response message carries a registration request result and a configuration processing result;

The principles and specific procedures of implementing the foregoing embodiments of the present invention in the foregoing embodiments of the target detection method may be referred to in the foregoing embodiments of the present invention, and are not described herein in detail.

In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:

a security protocol type item for indicating a transport protocol type.

In one embodiment, the computer program when executed by the processor further performs the steps of: according to the first registration request, acquiring subscription information from a subscriber database HSS, including:

The principles and specific procedures of implementing the foregoing embodiments of the present application in the foregoing embodiments of the target detection method may be referred to in the foregoing embodiments of the present application, and are not described herein in detail.

It should be noted that, the data related to the present application (including, but not limited to, data in the communication configuration process, etc.) are all data fully authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. A communication configuration method, characterized in that it is applied in a first network element of an IMS system of a home network of a roaming terminal, the method comprising:

receiving a first registration request sent by a second network element in a roaming network where the roaming terminal is located, wherein the first registration request carries a first media plane configuration message;

2. The method according to claim 1, wherein the subscription information further includes a rights indicator, and the configuring the encrypted item in the subscription information according to the first media plane configuration message includes:

determining whether the permission indication item has configuration permission or not according to the permission indication item;

3. The method of claim 2, wherein said determining whether there is a configuration right based on the right indication item comprises:

determining that the subscription information has configuration rights under the condition that the rights indication item indicates that the encryption item in the subscription information can be configured by network elements of other networks;

and determining that the subscription information has no configuration authority under the condition that the authority indication item indicates that the encryption item in the subscription information can not be configured by network elements of other networks.

4. The method of claim 1, wherein the subscription information further comprises a latest configuration item, the latest configuration item being used to indicate at least one of a target network element that has configured the subscription information last time and a network to which the target network element belongs, the method further comprising:

5. The method according to any one of claims 1 to 4, wherein the subscription information further comprises at least one of:

an encryption mode item, wherein the encryption mode item is used for indicating the encryption mode of the roaming terminal;

a security protocol type item, the security protocol type item being for indicating a transport protocol type.

6. The method according to any one of claims 1 to 4, wherein the obtaining subscription information corresponding to the roaming terminal according to the first registration request includes:

and acquiring the subscription information from a user database HSS according to the first registration request.

7. The method according to claim 6, wherein said retrieving the subscription information from a subscriber database HSS according to the first registration request comprises:

Executing the step of acquiring the subscription information from the HSS according to the first registration request if a monitoring clock is not set or the monitoring clock has timed out;

wherein the monitoring clock is started when a registration request sent by a network element of a non-home network for the roaming terminal is received or a handover of a network element of the roaming terminal is detected.

8. The method of claim 7, wherein the method further comprises:

and under the condition that the monitoring clock is not overtime, prohibiting the acquisition of the subscription information from the HSS, and determining whether the multimedia data of the roaming terminal is encrypted or not based on the encryption item of the subscription information of the roaming terminal stored in a local database.

9. The method according to any one of claims 1 to 4, further comprising:

10. The method according to claim 1, wherein the method further comprises: returning a response message to the second network element, wherein the response message carries a registration request result and a configuration processing result;

the registration request result is used for representing whether the roaming terminal is successfully registered or not; and the configuration processing result is used for representing that the encryption item in the subscription information of the roaming terminal is successfully configured.

11. A communication configuration apparatus, characterized in that it is applied to a first network element of an IMS system of a home network of a roaming terminal, and comprises:

a first receiving module, configured to receive a first registration request sent by a second network element in a roaming network where the roaming terminal is located, where the first registration request carries a first media plane configuration message;

the first configuration module is configured to perform configuration processing on the encryption item in the subscription information according to the first media plane configuration message, where the configured encryption item is used to indicate whether to encrypt the multimedia data corresponding to the roaming terminal.

12. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 10 when the computer program is executed.

13. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 10.

14. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 10.