[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113556746B - Access control method and communication device - Google Patents

Access control method and communication device Download PDF

Info

Publication number
CN113556746B
CN113556746B CN202110078153.8A CN202110078153A CN113556746B CN 113556746 B CN113556746 B CN 113556746B CN 202110078153 A CN202110078153 A CN 202110078153A CN 113556746 B CN113556746 B CN 113556746B
Authority
CN
China
Prior art keywords
npn
certificate
information
network
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110078153.8A
Other languages
Chinese (zh)
Other versions
CN113556746A (en
Inventor
柯小婉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vivo Mobile Communication Co Ltd
Original Assignee
Vivo Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vivo Mobile Communication Co Ltd filed Critical Vivo Mobile Communication Co Ltd
Priority to PCT/CN2021/086626 priority Critical patent/WO2021208857A1/en
Publication of CN113556746A publication Critical patent/CN113556746A/en
Application granted granted Critical
Publication of CN113556746B publication Critical patent/CN113556746B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The embodiment of the invention provides an access control method and communication equipment, wherein the access control method comprises the steps of sending first information, wherein the first information comprises at least one of information of a first NPN, index information of a second network, first indication information, second indication information, third indication information, fourth indication information, indication information for requesting certificate downloading, indication information for requesting a first access mode, type information of the first access mode and type information of a certificate downloading mode, and the information of the first NPN is used for requesting permission to access the first NPN, requesting permission to access the first NPN through a second certificate and requesting permission to access a NPN type network, the first indication information is used for requesting permission to access the first NPN, the second indication information is used for requesting a certificate of the permission of the first NPN, the third indication information is used for requesting permission to access the first NPN through the second certificate, and the fourth indication information is used for requesting permission to access the NPN through the second certificate.

Description

Access control method and communication equipment
Technical Field
The embodiment of the invention relates to the technical field of wireless communication, in particular to an access control method and communication equipment.
Background
Currently, an enterprise may deploy a Non-Public Network (NPN) through a communication Network technology, which is used for internal services such as the enterprise or dedicated for employees in the enterprise. A non-public network is distinguished from a public network service that an operator provides to public users. Because the deployment range of the NPNs is smaller, the service can be exclusive, so that the number of the NPNs which can be accessed by the terminal is large. In general, a terminal accessing a network needs to have credentials that can be authenticated through the network. Configuring certificates for all the NPN's accessible to the terminal can be a cumbersome task. In addition, the NPN may not be able to pre-configure the terminal with a global subscriber identity card (Universal Subscriber Identity Module, USIM) and hold the credentials for access to the network in the USIM as with the operator. Therefore, how to effectively implement certificate configuration and network access control for the terminal is a technical problem to be solved at present.
Disclosure of Invention
The embodiment of the invention provides an access control method and communication equipment, which are used for solving the problem of how to effectively realize certificate configuration and network access control of a terminal.
In order to solve the technical problems, the invention is realized as follows:
In a first aspect, an embodiment of the present invention provides an access control method, which is applied to a first communication device, including:
Transmitting first information;
the first information comprises at least one of information of a non-public network NPN of a first independent networking, index information of a second network, first indication information, second indication information, third indication information, fourth indication information, indication information for requesting certificate downloading, indication information for requesting a first access mode, type information of the first access mode and type information of a certificate downloading mode;
The information of the first NPN can be used for at least one of requesting access to the authority of the first NPN, requesting a certificate of the first NPN, requesting access to the first NPN through a second certificate and requesting access to an NPN type network;
the first indication information is used for requesting the authority to access the first NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network;
The second indication information is used for requesting a certificate of the first NPN, or requesting a certificate of the current access network, or requesting a certificate of the access NPN type network;
the third indication information is used for requesting the authority of accessing the first NPN through the second certificate or requesting the authority of accessing the first NPN through the certificate of the current access network;
the fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network;
the second certificate comprises a certificate already possessed by the first communication device;
the first access mode comprises an access mode for accessing a first network for downloading a certificate for accessing a second network, wherein the first network and the second network are the same network or different networks;
The type information of the first access mode indicates at least one of a first access mode of a control plane type and a first access mode of a user plane type;
the type information of the certificate downloading mode indicates at least one item of a control plane type certificate downloading mode and a user plane type certificate downloading mode.
In a second aspect, an embodiment of the present invention provides an access control method, applied to a second communication device, including:
acquiring first information;
Executing a first operation according to the first information;
wherein the performing a first operation includes at least one of:
Confirming a request of a terminal for accessing the authority of the first NPN;
confirming whether the terminal is allowed to acquire the authority of accessing the first NPN;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether permission of accessing the first NPN through the second certificate is allowed to be added for the terminal or not;
confirming whether permission of accessing the NPN type network through the second certificate is allowed to be added for the terminal or not;
Confirming that the terminal configures the certificate information of the second NPN, or confirming that the terminal increases the authority of accessing the third NPN through the second certificate, or confirming that the terminal increases the authority of accessing the NPN type network through the second certificate;
Determining a first server;
Determining a second server;
determining second information;
Initiating a certificate configuration request or a configuration update request of the terminal to the first server and/or the second server;
Transmitting second information to the first server and/or the second server;
The first server is one of a configuration server for configuring a certificate of a second NPN for the terminal, a configuration server for configuring the certificate for accessing the NPN for the terminal, and a server which the terminal needs to access in order to download the certificate for accessing the NPN, wherein the second server is a configuration server for configuring the second certificate for the terminal, and the second information comprises all or part of information in the first information.
In a third aspect, an embodiment of the present invention provides an access control method, which is applied to a third communication device, including:
acquiring first information or second information;
executing a second operation according to the first information or the second information;
Wherein the performing a second operation includes at least one of:
Confirming a request of a terminal for accessing the authority of the first NPN;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether permission of accessing the first NPN through the second certificate is allowed to be added for the terminal or not;
confirming whether permission of accessing the NPN type network through the second certificate is allowed to be added for the terminal or not;
Configuring certificate information of a second NPN for the terminal, or adding authority of accessing a third NPN through the second certificate to the terminal, or adding authority of accessing an NPN type network through the second certificate to the terminal;
Sending the certificate information of the second NPN or sending the update information of the second certificate;
Wherein the second certificate comprises a certificate already possessed by the terminal;
the second NPN is all NPNs in the first NPN or part of NPNs in the first NPN;
the third NPN is all NPNs in the first NPN or part of NPNs in the first NPN;
The second NPN is the same as or different from the third NPN.
In a fourth aspect, an embodiment of the present invention provides an access control method, which is applied to a fourth communication device, including:
acquiring third information, wherein the third information comprises at least one of certificate information of a second NPN and update information of the second certificate, and the second certificate comprises a certificate which the first communication equipment already has;
According to the third information, executing an operation of accessing a second NPN or a fourth network;
Wherein the fourth network is one of a network other than the second NPN, a network other than the second network;
the certificate information of the second NPN comprises at least one of a certificate of the second NPN, information of a network which is allowed to be accessed through the certificate of the second NPN and authority which is allowed to be accessed through the certificate of the second NPN to the NPN type network;
the certificate information of the current access network includes at least one of information of a network allowing access through a certificate of the current access network, indication information of an NPN which allows access through a certificate of the current access network to be requested, and indication information of a network allowing access through a certificate of the current access network to be of an NPN type;
The updated information of the second certificate includes at least one of information of a network permitted to be accessed through the second certificate, authority permitted to be accessed through the second certificate to the NPN type network, indication information of a requested NPN permitted to be accessed through the second certificate, and indication information permitted to be accessed through the second certificate to the NPN type network.
In a fifth aspect, an embodiment of the present invention provides a communication device, where the communication device is a first communication device, including:
the sending module is used for sending the first information;
the first information comprises at least one of information of a non-public network NPN of a first independent networking, index information of a second network, first indication information, second indication information, third indication information, fourth indication information, indication information for requesting certificate downloading, indication information for requesting a first access mode, type information of the first access mode and type information of a certificate downloading mode;
The information of the first NPN can be used for at least one of requesting access to the authority of the first NPN, requesting a certificate of the first NPN, requesting access to the first NPN through a second certificate and requesting access to an NPN type network;
the first indication information is used for requesting the authority to access the first NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network;
The second indication information is used for requesting a certificate of the first NPN, or requesting a certificate of the current access network, or requesting a certificate of the access NPN type network;
the third indication information is used for requesting the authority of accessing the first NPN through the second certificate or requesting the authority of accessing the first NPN through the certificate of the current access network;
the fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network;
the second certificate comprises a certificate already possessed by the first communication device;
the first access mode comprises an access mode for accessing a first network for downloading a certificate for accessing a second network, wherein the first network and the second network are the same network or different networks;
The type information of the first access mode indicates at least one of a first access mode of a control plane type and a first access mode of a user plane type;
the type information of the certificate downloading mode indicates at least one item of a control plane type certificate downloading mode and a user plane type certificate downloading mode.
In a sixth aspect, an embodiment of the present invention provides a communication device, where the communication device is a second communication device, including:
the first acquisition module is used for acquiring first information;
The first execution module is used for executing a first operation according to the first information;
wherein the performing a first operation includes at least one of:
Confirming a request of a terminal for accessing the authority of the first NPN;
confirming whether the terminal is allowed to acquire the authority of accessing the first NPN;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether permission of accessing the first NPN through the second certificate is allowed to be added for the terminal or not;
confirming whether permission of accessing the NPN type network through the second certificate is allowed to be added for the terminal or not;
Confirming that the terminal configures the certificate information of the second NPN, or confirming that the terminal increases the authority of accessing the third NPN through the second certificate, or confirming that the terminal increases the authority of accessing the NPN type network through the second certificate;
Determining a first server;
Determining a second server;
determining second information;
Initiating a certificate configuration request or a configuration update request of the terminal to the first server and/or the second server;
Transmitting second information to the first server and/or the second server;
The first server is one of a configuration server for configuring a certificate of a second NPN for the terminal, a configuration server for configuring the certificate for accessing the NPN for the terminal, and a server which the terminal needs to access in order to download the certificate for accessing the NPN, wherein the second server is a configuration server for configuring the second certificate for the terminal, and the second information comprises all or part of information in the first information.
In a seventh aspect, an embodiment of the present invention provides a communication device, where the communication device is a third communication device, including:
the second acquisition module is used for acquiring the first information or the second information;
the second execution module is used for executing a second operation according to the first information or the second information;
Wherein the performing a second operation includes at least one of:
Confirming a request of a terminal for accessing the authority of the first NPN;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether permission of accessing the first NPN through the second certificate is allowed to be added for the terminal or not;
confirming whether permission of accessing the NPN type network through the second certificate is allowed to be added for the terminal or not;
Configuring certificate information of a second NPN for the terminal, or adding authority of accessing a third NPN through the second certificate to the terminal, or adding authority of accessing an NPN type network through the second certificate to the terminal;
Sending the certificate information of the second NPN or sending the update information of the second certificate;
Wherein the second certificate comprises a certificate already possessed by the terminal;
the second NPN is all NPNs in the first NPN or part of NPNs in the first NPN;
the third NPN is all NPNs in the first NPN or part of NPNs in the first NPN;
The second NPN is the same as or different from the third NPN.
In an eighth aspect, an embodiment of the present invention provides a communication device, where the communication device is a fourth communication device, including:
The system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring first information, the second acquisition module is used for acquiring second information, the third information comprises at least one of certificate information of a first NPN and update information of the first certificate, and the first certificate comprises a certificate which the first communication equipment already has;
The third execution module is used for executing the operation of accessing the second NPN or the fourth network according to the third information;
Wherein the fourth network is one of a network other than the second NPN, a network other than the second network;
the certificate information of the second NPN comprises at least one of a certificate of the second NPN, information of a network which is allowed to be accessed through the certificate of the second NPN and authority which is allowed to be accessed through the certificate of the second NPN to the NPN type network;
the certificate information of the current access network includes at least one of information of a network allowing access through a certificate of the current access network, indication information of an NPN which allows access through a certificate of the current access network to be requested, and indication information of a network allowing access through a certificate of the current access network to be of an NPN type;
The updated information of the second certificate includes at least one of information of a network permitted to be accessed through the second certificate, authority permitted to be accessed through the second certificate to the NPN type network, indication information of a requested NPN permitted to be accessed through the second certificate, and indication information permitted to be accessed through the second certificate to the NPN type network.
In a ninth aspect, an embodiment of the present invention provides a communication device, including a processor, a memory, and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the access control method provided in the first aspect, or implementing the steps of the access control method provided in the second aspect, or implementing the steps of the access control method provided in the third aspect, or implementing the steps of the access control method provided in the fourth aspect, when executed by the processor.
In a tenth aspect, an embodiment of the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the access control method provided in the first aspect, or implements the steps of the access control method provided in the second aspect, or implements the steps of the access control method provided in the third aspect, or implements the steps of the access control method provided in the fourth aspect.
In the embodiment of the invention, when the permission of accessing the NPN is requested, the network can decide to allocate the corresponding NPN certificate or increase the access permission of the requested NPN network for the existing certificate of the terminal, and when the permission of accessing the NPN is requested, the network can allocate only one NPN certificate, but can access the NPN through the NPN certificate or the network can increase the access permission of the requested NPN network for the existing certificate of the terminal. Therefore, the certificate configuration and the network access control of the terminal can be effectively realized.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 is a flow chart of an access control method according to an embodiment of the invention;
fig. 2 is a flow chart of an access control method according to another embodiment of the present invention;
Fig. 3 is a flow chart of an access control method according to another embodiment of the present invention;
Fig. 4 is a flow chart of an access control method according to another embodiment of the present invention;
Fig. 5 is a schematic flow chart of an access control method according to an embodiment of the present invention;
Fig. 6 is a block diagram of a communication device according to the present invention;
FIG. 7 is a block diagram of another communication device provided by the present invention;
fig. 8 is a block diagram of another communication device provided by the present invention;
Fig. 9 is a block diagram of another communication device provided by the present invention;
fig. 10 is a block diagram of another communication device according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Furthermore, the use of "and/or" in the specification and claims means at least one of the connected objects, e.g., a and/or B, meaning that it includes a single a, a single B, and that there are three cases of a and B.
In embodiments of the invention, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the embodiment of the present invention, the obtaining may be alternatively understood as obtaining from configuration, receiving after request, obtaining through self-learning, deriving from unreceived information, or obtaining after processing according to received information, which may be specifically determined according to actual needs, and the embodiment of the present invention is not limited thereto.
Alternatively, the transmission may comprise broadcasting, broadcasting in a system message, returning in response to the request.
In one embodiment of the invention, the non-public network is an acronym for non-public network. The non-public network may be referred to as one of a non-public communication network. The non-public network may include at least one of a physical non-public network, a virtual non-public network, and a non-public network implemented on a public network. In one embodiment, the non-public network is an NPN of the non-independent networking PNI by supporting closed access groups (Closed Access Group, CAG) in the operator PLMN network. A CAG may consist of a group of terminals. In another embodiment, the non-public network is an independent networking NPN (abbreviated SNPN). SNPN may consist of a PLMN ID and NID.
In one embodiment of the invention, the non-public network service is an abbreviation for non-public network service. The non-public network service may also be referred to as one of a non-public network service, a non-public communication service, a non-public network service, or other naming. It should be noted that, in the embodiment of the present invention, the naming manner is not specifically limited. In one embodiment, the non-public network is a closed access group, and the non-public network service is a network service of the closed access group.
In one embodiment of the invention, the non-public network may comprise or be referred to as a private network. The private network may be referred to as one of a private communication network, a private network, a Local Area Network (LAN), a Private Virtual Network (PVN), an isolated communication network, a private communication network, or other naming. It should be noted that, in the embodiment of the present invention, the naming manner is not specifically limited.
In one embodiment of the invention, the non-public network service may comprise or be referred to as a private network service. The private network service may be referred to as one of a network service of a private network, a private communication service, a private network service, a Local Area Network (LAN) service, a Private Virtual Network (PVN) service, an isolated communication network service, a private network service, or other naming. It should be noted that, in the embodiment of the present invention, the naming manner is not specifically limited.
In one embodiment of the invention, the public network is simply referred to as a public network. Public networks may be referred to as one of public communication networks or other naming. It should be noted that, in the embodiment of the present invention, the naming manner is not specifically limited.
In one embodiment of the invention, the public network service is an abbreviation for public network service. Public network services may also be referred to as one of public network services, public communication services, public network services, or other naming. It should be noted that, in the embodiment of the present invention, the naming manner is not specifically limited.
In order to effectively support the terminal to access the multiple nps, one certificate for accessing the NPN can access the multiple nps. One way is direct access, such as access to NPN1 through a certificate of NPN1, and another way is indirect access, such as access to NPN1 through a certificate of NPN2 or PLMN.
In order to effectively realize the network access control of the terminal, the following problems are also solved:
Problem 1 when one UE wants to access NPN1, but has not been configured with a certificate for NPN1, the UE may request permission to access NPN1 from the network. When the UE already has the certificate of NPN2 or PLMN, the UE may request to add the right to access other networks such as NPN1 or by the network to decide whether to configure the UE with the certificate of NPN1 or to increase the right of the network that the UE already has the certificate to access. But this requires the network to provide authorization and/or update the subscription of the UE. Currently, the network does not know which NPN access rights the UE specifically wants to acquire or which networks the UE wants to add that have credentials to access.
Problem 2 when one UE wants to access NPN1 and NPN2, but has not been configured with the credentials of NPN1 and NPN2, the network does not know that the UE has other NPN (e.g., NPN 2) access authorization requests in addition to the access authorization request of NPN1 at present when the UE requests the authorization to access the network under NPN1 or the credentials of the current network. In addition, the certificate configuration servers corresponding to different NPNs may be different. The control plane method is that after receiving the request of UE, the network element in the network such as AMF directly or indirectly sends the request to the certificate configuration server to obtain the certificate configuration of the access network of the UE. If the UE wants to acquire a certificate of an NPN or access rights different from the NPN currently accessed, the network does not know how to select a configuration server of the certificate of the NPN for the UE.
One solution is that the UE provides a list of NPN networks to access when requesting a subscription of NPN. For the control plane method, the network (such as AMF) requests the NPN credentials from the configuration server on behalf of the UE. When the configuration servers of different NPN are different, the configuration server may also be selected according to the network list of NPN requested to be accessed by the UE. The certificate configured by the network for the UE contains an NPN list which can be accessed by the certificate. For the method of the user plane, the terminal can directly request the NPN certificate from the configuration service.
In an alternative embodiment of the invention, the NPN includes, but is not limited to, one of SNPN (independent networking NPN), PNI SNPN (public network integrated NPN Public network INTEGRATED NPN), and the network type of the second network may include, but is not limited to, one of PLMN, SNPN, NPN (such as SNPN, PNI NPN), etc.
In an alternative embodiment of the invention, the certificate may be referred to as a subscription certificate. The certificate of the network may be referred to as a subscription certificate of the network. The terminal configured with the certificate also has a subscription certificate in the network.
In an alternative embodiment of the present invention, the certificate of the network (such as the certificate of the first NPN, the certificate of the second network, the certificate of NPN) is the certificate of said network configured for the terminal. The certificate of the network enables authentication of the terminal through the network.
In an alternative embodiment of the invention, the certificate of the network may comprise at least one of subscription information, a long-term key(s), also called root key, of the terminal on the network, and a subscription identifier, such as SUPI. The subscription identifier is used to uniquely identify the subscription. The certificate of the network may be used for mutual authentication between the terminal and the network. After the terminal acquires the subscription identifier, the subscription identifier is adopted as or generated as the identifier of the terminal in the network when the terminal accesses the network. The subscription identifier includes an identity of the network and a terminal identity. The network comprises at least one of NPN, PLMN. The credentials of the first NPN, the credentials of the second network are in accordance with the definition of the credentials of the network herein. In an embodiment of the invention, the network includes, but is not limited to, one of a first NPN, a second network, and a NPN. Such as a certificate of the first NPN, a certificate of the second network, a certificate of the NPN.
In an alternative embodiment of the invention, the certificate of the third party is a certificate of a type other than the certificate of the network configured for the terminal. The third party may be a terminal manufacturer, an application, etc. Such as a certificate configured by the terminal manufacturer for the terminal, or a certificate of an Application (APP). The certificate of the third party may include, but is not limited to, at least one of subscription information of the terminal at the third party, a long-term key(s), also called root key, or a password, and the terminal further comprises the third party subscription identifier (such as IMSI, or PEI, or user name and/or key).
In an alternative embodiment of the invention, requesting access to the network (first NPN) comprises requesting a certificate enabling the terminal to authenticate through the network, which may be a certificate of the terminal on the network or a certificate outside the network (such as a certificate of a service provider, a certificate of another network outside the network, or a certificate of a third party).
In an alternative embodiment of the invention, the information of the network that is allowed to be accessed by the certificate of the first NPN comprises that the certificate of the first NPN enables authentication of the terminal by the network and/or enables the terminal to authenticate the network. The network is a network that allows access through credentials of a first NPN, including the first NPN.
In an alternative embodiment of the invention, the information of the network that is allowed to be accessed by the certificate of the second NPN comprises that the certificate of the second NPN enables authentication of the terminal by the network and/or enables the terminal to authenticate the network. The network is a network that allows access through credentials of a second NPN, including the second NPN.
In an alternative embodiment of the present invention, the information of the network that is allowed to be accessed by the certificate of the NPN includes that the certificate of the NPN enables authentication of the terminal by the network and/or enables authentication of the terminal by the network. The network is a network that allows access through credentials of the NPN, including the NPN.
In an alternative embodiment of the invention, the information of the network that is allowed to be accessed by means of the certificate of the second network comprises that said second certificate enables authentication of the terminal by means of said network and/or enables authentication of said network by the terminal. The network is a network that allows access through credentials of the second network, including the second network.
In an alternative embodiment of the present invention, the information of the NPN includes identification information of the NPN.
In an alternative embodiment of the invention, the information of the network comprises identification information of the network.
In an alternative embodiment of the invention the communication device may comprise at least one of a communication network element and a terminal.
In one embodiment of the invention, the communication network element may comprise at least one of a core network element and a radio access network element.
In the embodiment of the invention, the core network element (CN network element) can comprise at least one of core network equipment, a core network Node, a core network Function, a core network element, a Mobility management entity (Mobility MANAGEMENT ENTITY, MME), an access Mobility management Function (ACCESS MANAGEMENT Function, AMF), a session management Function (Session Management Function, SMF), a user plane Function (User Plane Function, UPF), a service gateway (SERVING GW, SGW), a PDN gateway (PDN GATE WAY ), a Policy control Function (Policy Control Function, PCF), a Policy and charging Rules Function unit (Policy AND CHARGING Rules Function, PCRF), a GPRS service Support Node (SERVING GPRS Support Node, SGSN), a gateway GPRS Support Node (GATEWAY GPRS Support Node, GGSN), a Unified data management (Unified DATA MANAGEMENT, UDM), a Unified data storage (Unified Data Repository, UDR), a home subscriber server (Home Subscriber Server, HSS) and an application Function (Application Function, AF).
In an embodiment of the present invention, the RAN network element may include, but is not limited to, at least one of a radio Access network device, a radio Access network Node, a radio Access network function, a radio Access network Unit, a 3GPP radio Access network, a Non-3GPP radio Access network, a Centralized Unit (CU), a Distributed Unit (DU), a base station, an evolved Node B (eNB), a 5G base station (gNB), a radio network controller (Radio Network Controller, RNC), a base station (NodeB), a Non-3GPP interoperability function (Non-3GPP Inter Working Function,N3IWF), an Access control (Access Controller, AC) Node, an Access Point (AP) device or a wireless local area network (Wireless Local Area Networks, WLAN) Node, an N3IWF.
In the embodiment of the invention, the terminal can comprise a relay supporting the terminal function and/or a terminal supporting the relay function. The terminal may also be referred to as a terminal device or a User Equipment (UE), and the terminal may be a terminal-side device such as a Mobile phone, a tablet Computer (Tablet Personal Computer), a Laptop (Laptop Computer), a Personal digital assistant (Personal DIGITAL ASSISTANT, PDA), a Mobile internet device (Mobile INTERNET DEVICE, MID), a wearable device (Wearable Device), or a vehicle-mounted device, which is not limited to a specific type of the terminal in the embodiment of the present invention.
In an alternative embodiment of the invention, the first access means comprises access means for accessing the first network for downloading credentials for accessing the second network. The first access mode of the control plane type includes an access mode of accessing the first network for downloading a certificate for accessing the second network, and the mode of downloading the certificate for accessing the second network is a certificate download mode of the control plane type. The first access mode of the user plane type comprises an access mode of accessing a first network for downloading a certificate for accessing a second network, wherein the mode of downloading the certificate for accessing the second network is a certificate downloading mode of the user plane type, and the first network and the second network are the same network or different networks.
In an alternative embodiment of the present invention, the "right to request access to the first NPN" includes a certificate to request the first NPN, which is used to access the first NPN.
In an alternative embodiment of the present invention, the type information of the first access mode includes type information of the first access mode supported and/or requested by the terminal.
In an alternative embodiment of the present invention, the type information of the certificate download mode includes type information of the certificate download mode including terminal support and/or request.
In an alternative embodiment of the present invention, the address information of the first server includes at least one of an IP address of the first server, a MAC address of the first server, and a port number of the first server.
In an alternative embodiment of the present invention, the certificate for accessing the NPN includes a certificate of the NPN.
The following describes the access control method according to the embodiment of the present invention in detail.
Referring to fig. 1, an embodiment of the present invention provides an access control method applied to a first communication device, where the first communication device includes, but is not limited to, a terminal, and the method includes:
and step 11, transmitting the first information.
The first information may include at least one of information of a first NPN, index information of a second network, first indication information, second indication information, third indication information, and fourth indication information.
The information of the first NPN may include an identification of one or more NPN.
The information of the first NPN can be used for at least one of requesting access to the first NPN, requesting a certificate of the first NPN, requesting access to the first NPN through the second certificate, requesting access to a NPN type network.
The first indication information is used for requesting the authority to access the first NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network.
The second indication information is used for requesting a certificate of the first NPN, or requesting a certificate of the current access network, or requesting a certificate of the access NPN type network.
The third indication information is used for requesting the authority of accessing the first NPN through the second certificate or requesting the authority of accessing the first NPN through the certificate of the current access network.
The fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network.
The second certificate may comprise a certificate already possessed by the first communication device;
the first access mode comprises an access mode for accessing a first network for downloading a certificate for accessing a second network, wherein the first network and the second network are the same network or different networks;
The type information of the first access mode indicates at least one of a first access mode of a control plane type and a first access mode of a user plane type;
The type information of the certificate downloading mode indicates at least one item of a control plane type certificate downloading mode and a user plane type certificate downloading mode. The certificate that the first communication device already has may comprise one of a certificate of the second network that the first communication device already has, a certificate of a third party that the first communication device already has, a certificate of a service provider that the first communication device already has. The third party's certificate is another type of certificate than the network's certificate, such as the terminal manufacturer's certificate, or the Application (APP) certificate. The service provider includes, but is not limited to, one of a second network (e.g., PLMN, or NPN (e.g., SNPN, or PNI NPN), etc.), a third party.
Alternatively, the index information of the second network may include identification information of the second network. The identification information of the second network may include a terminal identification of the terminal in the second network to be transmitted to the network.
In one embodiment, the requested first NPN may be one of all NPNs, one NPN, and a plurality of NPNs.
In one embodiment, the second network may be a different network than the first NPN. The second network may include, but is not limited to, an NPN other than the first NPN, a PLMN, and a PNI NPN.
In one embodiment, first information is sent to a target. The target end comprises a core network element (such as AMF). The core network element may be one of a core network element of the first NPN, a core network element of the second network, or a core network element of the third network.
In one embodiment, requesting access to the first NPN includes requesting a certificate that enables the first communication device to authenticate with the first NPN, which may be a certificate of the first NPN or a certificate of a third party outside the first NPN, such as a certificate of the second network. When there are multiple NPN's in the first NPN, the certificate may be a certificate of a portion of the first NPN's. For example, the first NPN includes NPN1 and NPN2. The first communication device may be configured with a certificate of NPN1, which enables authentication of the first communication device by NPN1 and NPN2.
Optionally, the current access network is a network that receives the first information. In one embodiment, the current access network may be one of a first NPN, a second network, or a third network. When the first NPN includes a plurality of NPN, the current access network may be one of the first NPN.
The first information includes a combination of items including, but not limited to, the following embodiments:
1) In one embodiment, the first information includes only information of the first NPN.
2) In another embodiment, the first information includes first indication information. It should be understood that, in the case where the first indication information is used to request the current authority of accessing the network, or is used to request the authority of accessing the NPN type network, the information of the first NPN may not be included.
3) In another embodiment, the first information includes second indication information. It is to be understood that, in the case where the second indication information is used to request a certificate of the current access network or to request a certificate of the access NPN type network, the information of the first NPN may not be included.
4) In another embodiment, the first information includes fourth indication information. It is to be understood that, in the case where the fourth instruction information is for requesting the right to access the NPN type network through the certificate of the current access network, the information of the first NPN may not be included.
5) In another embodiment, the first information includes information of a first NPN and first indication information. It will be appreciated that, in the case where the first indication information is used to request permission to access the first NPN, the information of the first NPN needs to be provided.
6) In another embodiment, the first information includes information of the first NPN and second indication information. It will be appreciated that in the case where the second instruction information is used to request the certificate of the first NPN, the information of the first NPN needs to be provided.
7) In another embodiment, the first information includes information of the first NPN and third indication information. It will be appreciated that the third indication information is used to request the right to access the first NPN through the second certificate, or in the case where the right to access the first NPN through the certificate of the current access network is requested, the information of the first NPN needs to be provided.
8) In another embodiment, the first information includes third indication information and index information of the second network. It will be appreciated that the third indication information may be used to request access to the first NPN via the second certificate, and that index information of the second network may need to be provided if the currently accessed network is not the second network.
9) In another embodiment, the first information includes fourth indication information and index information of the second network. It will be appreciated that the fourth indication information may be used to request access to the NPN type network via the second certificate, and that index information of the second network may need to be provided if the currently accessed network is not the second network.
10 In another embodiment, the first information includes information of the first NPN, third indication information, and index information of the second network. It will be appreciated that the third indication information may be used to request access to the first NPN through the second certificate, and if the currently accessed network is the third network, it is necessary to provide the index information of the second network and the information of the first NPN.
Alternatively, the information of the first NPN may include identification information of the first NPN. When the NPN is SNPN, the identification information of the first NPN may be composed of a PLMN ID and a NID. When the NPN is a PNI NPN, the identification information of the first PNI NPN may be constituted by a PLMN ID.
1) In one embodiment, the terminal may determine, by the network, whether to configure the certificate of the first NPN to the terminal by requesting access to the first NPN, or increase access to the first NPN through the second certificate based on the second certificate already possessed by the terminal.
2) In another embodiment, the terminal may request a certificate of the first NPN to request to obtain rights to access the first NPN.
3) In another embodiment, the terminal may request access to the first NPN through the second certificate to request access to the first NPN.
4) In another embodiment, the terminal may send first information, such as identification information of the first NPN, when accessing the second network. At this time, the first information may not include information of the second network.
5) In another embodiment, the terminal may send first information, for example, first indication information, for requesting permission to access the first NPN, or the first information, for example, second indication information, for requesting a certificate of the first NPN, or the first information, for example, third indication information, for requesting access to the first NPN through the second certificate, when accessing the first NPN.
6) In another embodiment, the terminal may send, when accessing to the NPN type network, first information, for example, fourth indication information, for requesting permission to access to the NPN type network.
7) In another embodiment, the terminal may send first information, such as identification information of the first NPN, when accessing the third network. And the third network may be different from the second network and the first NPN.
Optionally, after the sending the first information, the method may further include:
Acquiring third information, wherein the third information comprises at least one of certificate information of a second NPN and update information of the second certificate;
and executing an operation of accessing the second NPN or the fourth network according to the third information.
Wherein the fourth network may be one of a further network different from the second NPN (e.g. a further NPN different from the first NPN, or a PLMN), a further network different from the second network.
In one embodiment, the second NPN is equivalent to the first NPN, i.e., all of the first NPN. In another embodiment, in case a plurality of NPNs are included in the first NPN, the second NPN is a subset of said first NPNs, i.e. the second NPN is part of the first NPNs.
In one embodiment, the network performs access authorization (i.e., the second NPN) only for a portion of the first NPN for which credentials are configured only for the first communication device. For example, the terminal requests access rights to access NPN1, NPN2, and NPN 3. It will be appreciated that the network may only allow the terminal to obtain rights to access NPN1 and NPN2, configuring the terminal with a certificate of NPN1 and a certificate of NPN2. The terminal can only access the NPN1 through the certificate of the NPN1. The terminal can only access the NPN2 through the certificate of the NPN2.
In another embodiment, the network performs access authorization on multiple nps in the first NPN, but only configures a certificate of a part of the NPN (i.e., the second NPN) for the first communication device, through which the multiple nps can be accessed. For example, the terminal requests access rights to access NPN1, NPN2, and NPN 3. It will be appreciated that the network may allow the terminals to access NPN1 and NPN2. The network may only configure the terminal with the certificate of NPN2, but the certificate passing through NPN2 may access not only NPN2 but also NPN1. At this time, the NPN1 that can be accessed by the certificate of the NPN2 may be referred to as an equivalent NPN of the NPN2, an NPN in which the terminal of the NPN2 is allowed to roam, or an NPN in which access can be provided for the NPN2. NPN2 may be referred to as the service provider of NPN1.
Optionally, the certificate information of the second NPN comprises at least one of a certificate of the second NPN, information (such as network identification information) of a network which is allowed to be accessed through the certificate of the second NPN, and authority which is allowed to be accessed into the NPN type network through the certificate of the second NPN. Wherein the network allowing access by the certificate of the second NPN may comprise other networks than the second NPN. The other network than the second NPN comprises at least one of other NPNs than the second NPN, PLMNs and PNI NPNs. The second NPN may be referred to as a service provider of the other network. The other network may be referred to as an equivalent network of the second NPN, a network in which the terminal of the second NPN is allowed to roam, or a network capable of providing access for the second NPN.
Optionally, the certificate information of the current access network may include at least one of information of a network (such as network identification information (e.g., network identification information of NPN)) that is allowed to be accessed through the certificate of the current access network, indication information of the requested NPN that is allowed to be accessed through the certificate of the current access network, and indication information of a NPN type network that is allowed to be accessed through the certificate of the current access network. Wherein the network allowing access through the certificate of the current access network may include other networks than the current access network. The other network than the current access network may include at least one of an NPN, a PLMN, a PNI NPN other than the current access network. The current access network may be referred to as a service provider of the other network. The other network may be referred to as an equivalent network of the current access network, a network in which a terminal of the current access network is allowed to roam, or a network capable of providing access to the current access network.
Optionally, the update information of the second certificate may include at least one of information of the network allowed to be accessed through the second certificate (such as network identification information (e.g., identification information of the NPN)), indication information of the requested NPN allowed to be accessed through the second certificate, and indication information of the NPN type network allowed to be accessed through the second certificate. Wherein the network permitted to be accessed through the second certificate may include other networks than the second network. The other networks than the second network include at least one of NPN, PLMN, PNI NPN other than the second network. The second network may be referred to as a service provider of the other network. The other network may be referred to as an equivalent network of the second network, a network in which the terminal of the second network is allowed to roam, or a network capable of providing access to the second network.
In one embodiment, the network allowing access through credentials of the second NPN comprises a fourth network.
In one embodiment, the network allowing access through the second credentials comprises a fourth network.
In one embodiment, the update information of the second certificate contains network identification information of all networks allowed to be accessed through the second certificate. I.e. a network for which no access rights are requested to the terminal, the network also sends network identification information of said network allowing access via the second credentials to the terminal.
In another embodiment, the update information of the second certificate only increases the identification information of the NPN that includes the allowed access rights in the requested first NPN.
In one embodiment, when the network identification information of the network to which access by the certificate of the second NPN is permitted includes identification information of the fourth network, the terminal may access the fourth network through the certificate of the second NPN. The accessing the certificate of the second NPN to the fourth network may include providing, when accessing to the fourth network, a UE identifier (such as SUPI, sui, NAI, etc.) corresponding to the certificate of the second NPN, where the UE identifier may include identification information of the second NPN. The UE identity is provided, for example, by a registration request.
In one embodiment, when the network identification information of the network permitted to be accessed through the second certificate contains an identification of the fourth network, the terminal may access the fourth network through the second certificate. The accessing the fourth network through the second certificate includes providing a UE identifier (such as SUPI, sui, NAI, etc.) corresponding to the second certificate when accessing the fourth network, where the UE identifier may include identification information of the second network.
Optionally, after the step of sending the first information, at least one of address information of the first server and identification information of NPN corresponding to the first server is received.
In one embodiment, the NPN corresponding to the first server comprises a certificate which can be configured by the first server and is used for accessing the NPN. The credentials for accessing the NPN include the credentials of the NPN.
In one embodiment, address information of the first server and/or identification information of NPN corresponding to the first server are obtained from a network (such as a second communication device). The network may be a network to which the terminal is connected through a first access mode (e.g., onboarding access network such as O-SNPN)
Optionally, when the fourth condition is met, address information of the first server and/or identification information of NPN corresponding to the first server are ignored or discarded.
The fourth condition includes at least one of:
The terminal supports and/or requests a certificate downloading mode of a control plane type;
the terminal supports and/or requests a first access mode of the control plane type;
the terminal does not support and/or request a certificate downloading mode of the user plane type;
The terminal does not support and/or request the first access mode of the user plane type;
the first server is not a configuration server for the certificate of the first NPN.
It will be appreciated that the address of the first server is for the user plane type of certificate download mode or the user plane type of first access mode. And for the terminal which does not support the user plane type certificate downloading mode or the user plane type first access mode, the related information (such as the address information of the first server and/or the identification information of the NPN corresponding to the first server) of the first server sent by the network can be ignored or discarded.
The terminal supporting and/or requesting the control plane type of certificate downloading manner may include a terminal supporting and/or requesting only the control plane type of certificate downloading manner.
The first access manner that the terminal supports and/or requests the control plane type may include a first access manner that the terminal supports and/or requests only the control plane type.
It is to be understood that, according to the embodiment, when the authority of accessing the NPN is requested, the network may decide to allocate the certificate of the corresponding NPN or increase the access authority of the requested NPN network for the existing certificate of the terminal, and when the authority of accessing the NPN is requested, the network may allocate only one certificate of the NPN, but may access the NPN through the certificate of the NPN or the network may increase the access authority of the requested NPN network for the existing certificate of the terminal. For example, the first NPN includes NPN1 and NPN2, the network may only assign the certificate of NPN1, and the first communication device, for example, the terminal, may access NPN1 and NPN2 through the certificate of NPN1. NPN2 may be an equivalent NPN of NPN1 or an NPN that allows roaming. At this time, the second NPN is NPN1. Therefore, the certificate configuration and the network access control of the terminal can be effectively realized.
Referring to fig. 2, an embodiment of the present invention provides an access control method applied to a second communication device, where the second communication device includes, but is not limited to, a core network element (such as an AMF), and the core network may be one of a core network element of a first NPN, a core network element of a second network, or a core network element of a third network, and the method includes:
And step 21, acquiring first information.
It should be noted that, the first information obtained in this step is specifically described in the embodiment shown in fig. 1, and will not be described herein.
In one embodiment, the second communication device may obtain the first information from the terminal.
And step 22, executing a first operation according to the first information.
Wherein the performing the first operation may include at least one of:
Confirming a request of a terminal for accessing the authority of the first NPN;
confirming whether the terminal is allowed to acquire the authority of accessing the first NPN;
Confirming whether the permission of the terminal to access the first NPN through the second certificate is increased;
confirming whether permission of accessing the NPN type network through the second certificate is allowed to be added for the terminal or not;
Confirming that the terminal configures the certificate information of the second NPN, or confirming that the terminal increases the authority of accessing the third NPN through the second certificate, or confirming that the terminal increases the authority of accessing the NPN type network through the second certificate;
Determining a first server;
Transmitting address information of a first server and/or identification information of NPN corresponding to the first server;
Determining a second server;
determining second information;
Initiating a certificate configuration request or a configuration update request of the terminal to the first server and/or the second server;
Transmitting second information to the first server and/or the second server;
and sending the certificate information of the second NPN or sending the second certificate updating information to the first communication device.
The first server is one of a configuration server for configuring a certificate of a second NPN for the terminal, a configuration server for configuring the certificate for accessing the NPN for the terminal, and a server which the terminal needs to access in order to download the certificate for accessing the NPN, wherein the second server is a configuration server for configuring the second certificate for the terminal.
Alternatively, the second NPN may be the whole NPN or part of the NPN in the first NPN. In one embodiment, the second NPN is an NPN in the first NPN that allows the terminal to be configured with the certificate. It will be appreciated that the first NPN, which may be all or only partially requested, allows the terminal to be configured with the corresponding certificate. It will be appreciated that, for example, the terminal requests access rights for NPN1, NPN2, NPN3, but only NPN1 and NPN2 are allowed to access, in one embodiment, the network may configure credentials for NPN1 and NPN2 for the terminal. In another embodiment, the network may configure a certificate of NPN1 for the terminal and may access NPN2 through the certificate of NPN 1. It will be appreciated that when the number of NPN's that the terminal is allowed to access is numerous, the certificate of the configured NPN can be saved by this method. It will be appreciated that the second NPN may be a subset of the NPN allowing the terminal to obtain access rights.
Alternatively, the third NPN may be the whole NPN or part of the NPN in the first NPN. In one embodiment, the third NPN is an NPN in the first NPN that allows the terminal to obtain the access rights. It will be appreciated that only a portion of the requested first NPN may allow the terminal to gain access rights. It will be appreciated that, for example, the terminal requests access rights for NPN1, NPN2, NPN3, but only NPN1 and NPN2 are allowed access. In one embodiment, the network may update the second certificate for the terminal, increasing the rights to access NPN1 and NPN2 through the second certificate.
Optionally, the second information may include at least one of NPN information, index information of the second network (such as identification information of the second network), first indication information, second indication information, third indication information, and fourth indication information. The NPN in the second message may be all or part of the first NPN in the first message. It will be appreciated that for the NPN requested to gain access, only a portion of the NPN may be allowed or acknowledged to gain access.
In one embodiment, the NPN may include one of a first NPN, a second NPN, and a third NPN. The first NPN is as described in the embodiment of fig. 1, and the second NPN is as described in the previous embodiment, and will not be described here. The third NPN is as described in the previous embodiments and will not be described here. The second NPN may be the same as or different from the third NPN.
The information of the NPN can be used for at least one of requesting access to the NPN, requesting a certificate of the NPN, requesting access to the NPN through a second certificate, requesting access to a NPN-type network.
The first indication information is used for requesting the authority to access the NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network.
The second indication information is used for requesting the certificate of the NPN, or requesting the certificate of the current access network, or requesting the certificate of the access NPN type network.
The third indication information is used for requesting the authority of accessing the NPN through the second certificate or requesting the authority of accessing the NPN through the certificate of the current access network.
The fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network.
In one embodiment, when there is a protocol between the network receiving the first information and one or more NPNs, access to the NPNs is allowed through credentials of the network. When the first indication information (such as the authority for requesting access to the NPN type network), the second indication information (such as the authority for requesting access to the NPN type network) and the third indication information (such as the authority for requesting access to the NPN through the certificate of the current access network) or the fourth indication information (such as the authority for requesting access to the NPN type network through the second certificate or the authority for requesting access to the NPN type network through the certificate of the current access network) are acquired, the network may update the certificate information of the network for the terminal, including the access authority of the NPN type network.
Illustratively, there is a protocol such as NPN1 and NPN2, NPN3, allowing the terminal to access NPN2 and NPN3 with the certificate information of NPN 1. When the terminal requests an access right of the NPN type network from the NPN 1. NPN1 may open the right for the terminal and indicate to the terminal. One embodiment is to add NPN2 and NPN3 to the information of the network that will be allowed access by the certificate of NPN 1. In another embodiment, an access-allowed NPN type network is indicated in the certificate information of NPN 1.
Illustratively, for example, the second network has a protocol with NPN1, NPN2, and NPN3, allowing the terminal to access NPN1, NPN2, and NPN3 using the certificate information of the second network. And the terminal sends the first information to a second network. When the terminal requests an access right of the NPN type network from the second network. The second network may open the rights for the terminal and indicate to the terminal. One embodiment is to add NPN1, NPN2 and NPN3 to the information of the network to which access by the certificate of the second network is allowed. Another embodiment is to indicate in the certificate information of the second network that an access to an NPN type network is allowed.
The second certificate may comprise a certificate already possessed by the first communication device. The certificate that the first communication device already has may comprise one of a certificate of the second network that the first communication device already has, a certificate of a third party that the first communication device already has, a certificate of a service provider that the first communication device already has. The third party's certificate is another type of certificate than the network's certificate, such as the terminal manufacturer's certificate, or the Application (APP) certificate. The service provider includes, but is not limited to, one of a second network (e.g., PLMN, or NPN (e.g., SNPN, or PNI NPN), etc.), a third party.
In one embodiment, the second information may include all information in the first information, that is, the acquired first information. In another embodiment, the second information may include part of the first information, that is, part of the first information obtained. It will be appreciated that part of the information in the first information may be used only to index the certificate configuration server and need not be sent to the relevant server.
In one embodiment, the second communication device may perform at least one of confirming whether the terminal is allowed to obtain the right to access the first NPN, confirming whether the terminal is allowed to configure the certificate information of the first NPN for the terminal, and confirming whether the right to access the first NPN through the second certificate is allowed to be increased for the terminal by acquiring subscription information of the terminal, a policy of the network, and/or an allowed device list of the NPN.
Optionally, the subscription information of the terminal may include at least one of information (such as identification information of the NPN) allowing the terminal to acquire the NPN of the access right, information (such as identification information of the NPN) allowing the terminal to configure the NPN of the certificate, and information (such as identification information of the NPN) allowing the terminal to increase the NPN of the access right based on the existing certificate.
Optionally, the policy of the network (may be referred to as an operator policy) may include one of configuring certificate information of the NPN for the terminal if the terminal is confirmed to be allowed to obtain the authority to access a certain NPN, and adding the authority to access the NPN on the basis of the existing certificate if the terminal is confirmed to be allowed to obtain the authority to access the certain NPN.
1) In one embodiment, the second communication device may directly add (or referred to as append) to the terminal the authority of accessing the third NPN through the second certificate, or configure the certificate of the second NPN for the terminal.
2) In one embodiment, the second communication device may request to the second server to append to the terminal rights to access the third NPN through the second certificate.
3) In one embodiment, the second communication device may request to the first server to configure the certificate of the second NPN for the terminal.
The manner in which the first information is obtained may include, but is not limited to, an embodiment of one of the following:
1) In one embodiment, the terminal may request, from the first NPN, permission to access the first NPN by sending the first information. It is to be understood that, in this embodiment, the first information may include the first instruction information without including the first NPN information. The first indication information may be understood as a right for requesting the current access network.
2) In one embodiment, when the first NPN includes a plurality of NPN, the terminal may request permission to access the first NPN from one of the first NPN. The access authority of the first NPN can be realized by acquiring the certificate information of the first NPN or by increasing the authority of accessing the first NPN through the second certificate.
3) In one embodiment, the terminal may request access to the first NPN from the second network by sending the first information. It will be appreciated that in this manner, the first information needs to include information of the first NPN. In this manner, the first information may not include index information of the second network.
4) In one embodiment, the terminal may be configured to request the right to access the first NPN through the second certificate or request the right to access the first NPN through the certificate of the current access network by sending third indication information. When the current access network of the terminal is the second network, the third indication information can be understood as requesting the authority of accessing the first NPN through the certificate of the current access network.
5) In one embodiment, the terminal may request an increase in authority to access the first NPN through the second certificate from the first NPN or the third network by transmitting the first information. It will be appreciated that in this manner, the first information needs to include index information of the second network. The index information of the second network may be used to index the second server.
Alternatively, the second communication device may determine the first server (e.g., determine the address of the first server) based on at least one of:
information of a first NPN in the first information;
The terminal is currently accessing the network.
In one embodiment, a terminal accesses a first NPN and transmits first information to the first NPN. It will be appreciated that in this case, the second communication device is a device in the first NPN, and the first server may be determined according to the mapping between the current access network and the first server address and the current access network.
In one embodiment, a terminal accesses a second NPN and transmits first information to the second NPN. It will be appreciated that in this case, the second communication device is a device in the second NPN, and the first server may be determined according to the mapping between the current access network and the first server address and the current access network.
In another embodiment, the first server may be determined according to the information of the first NPN and the mapping relationship between the first server address and the identification information of the NPN.
The type information of the first access mode indicates at least one of a first access mode of a control plane type and a first access mode of a user plane type;
the type information of the certificate downloading mode indicates at least one of a control plane type certificate downloading mode and a user plane type certificate downloading mode.
In one embodiment, address information of the first server and/or identification information of NPN corresponding to the first server are transmitted to the terminal.
Optionally, sending the address information of the first server and/or the identification information of the NPN corresponding to the first server includes sending the address information of the first server and/or the identification information of the NPN corresponding to the first server when the third condition is satisfied.
The third condition includes:
The type information of the first access mode indicates the first access mode of the user plane type;
the type information of the certificate downloading mode indicates the certificate downloading mode of the user plane type.
It will be appreciated that the address information of the first server is for a user plane type of certificate download mode or a user plane type of first access mode. For terminals that do not support and/or do not request the user plane type certificate download mode or the user plane type first access mode, the network may not send relevant information of the first server (e.g., address information of the first server and/or identification information of NPN corresponding to the first server). Or, the network may send information about the first server to the terminal supporting and/or requesting the user plane type certificate download mode or the user plane type first access mode.
In one embodiment, the second communication device may perform the operation of determining the first server, determining the second information and/or performing the operation of transmitting the second information to the first server if the first condition is satisfied. The first condition may include at least one of:
Confirming permission of allowing the terminal to acquire access to the first NPN;
Confirming certificate information allowing configuration of a first NPN for the terminal;
Confirming certificate information of configuring a second NPN for the terminal;
acquiring first indication information in the first information;
acquiring second indication information in the first information;
information of a first NPN in the first information is acquired.
Wherein the second NPN is all NPNs in the first NPN or part of NPNs in the first NPN.
In an embodiment, the confirming that the terminal is allowed to obtain the right to access the first NPN may include confirming that the terminal is allowed to obtain the right to access a part of the first NPN. In an embodiment, the confirming the certificate information of the first NPN allowed to be configured for the terminal may include confirming the certificate information of a part of the first NPN allowed to be configured for the terminal.
Alternatively, the second communication device may determine the second server (e.g., determine the address of the second server) based on at least one of:
Information of a second network in the first information;
information of a first NPN in the first information;
The terminal is currently accessing the network.
In one embodiment, the second communication device is a device in the second network, and the second server may be confirmed through the network to which the terminal is currently connected and/or the second server address corresponding to the current access network.
In another embodiment, the second server may be determined according to the information of the first NPN and the mapping relationship between the second server address and NPN identification information.
In another embodiment, the second server may be determined according to the index information of the second network and a mapping relationship between the second server address and the network identification information.
In one embodiment, the second communication device may perform the operation of determining the second server, determining the second information and/or performing the operation of transmitting the second information to the second server, if the second condition is satisfied. The second condition may include at least one of:
Confirming permission of allowing the terminal to acquire access to the first NPN;
Confirming permission to increase the authority of the terminal to access the first NPN through the second certificate;
confirming that the terminal increases the authority of accessing the third NPN through the second certificate;
acquiring first indication information in the first information;
Acquiring third indication information in the first information;
acquiring fourth indication information in the first information;
Acquiring information of a first NPN in the first information;
index information of a second network in the first information is acquired.
Wherein the third NPN is all NPNs in the first NPN or part of NPNs in the first NPN.
In an embodiment, the confirming that the terminal is allowed to obtain the right to access the first NPN may include confirming that the terminal is allowed to obtain the right to access a part of the first NPN. In one embodiment, the confirming permission to increase the authority of the terminal to access the first NPN through the second certificate may include confirming permission to increase the authority of the terminal to access a portion of the first NPN through the second certificate
Optionally, after the step of sending the second information to the first server, the method may further include:
acquiring certificate information of a second NPN;
And sending the acquired certificate information of the second NPN.
Such as obtaining the certificate information of the second NPN from the first server. At this point, the certificate information of the second NPN may be sent to at least one of the first communication device (including the terminal), the user data management device (e.g. UDM, HSS and/or UDR).
Optionally, after the step of sending the second information to the second server, the method may further include:
acquiring update information of a second certificate;
And sending the acquired update information of the second certificate.
Such as obtaining updated information for the second certificate from the second server. At this point, the update information of the second certificate may be sent to at least one of the first communication device (including the terminal), the user data management device (e.g., UDM, HSS and/or UDR).
It is to be understood that, according to this embodiment, the second communication device may determine, based on the obtained first information, whether to allow the terminal to obtain the authority of accessing the NPN, or determine whether to configure the certificate information of the corresponding NPN for the terminal, or determine a certificate configuration server or the like required by the terminal, so as to effectively implement certificate configuration and network access control for the terminal.
Referring to fig. 3, an embodiment of the present invention provides an access control method applied to a third communication device, where the third communication device includes, but is not limited to, a first server, a second server, or a core network element (such as an AMF). The core network may be one of a core network element of the first NPN, a core network element of the second network or a core network element of the third network, the method comprising:
Step 31, acquiring the first information or the second information.
The first information may include at least one of information of a first NPN, index information of a second network, first indication information, second indication information, third indication information, and fourth indication information. The information of the first NPN, the index information of the second network, the first indication information, the second indication information, the third indication information, and the fourth indication information in the first information may be specifically described in the embodiment shown in fig. 1, and are not described herein.
The second information may include at least one of NPN information, index information of the second network (e.g., identification information of the second network), first indication information, second indication information, third indication information, and fourth indication information.
The information of the NPN can be used for at least one of requesting access to the NPN, requesting a certificate of the NPN, requesting access to the NPN through a second certificate, requesting access to a NPN-type network.
The first indication information is used for requesting the authority to access the NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network.
The second indication information is used for requesting the certificate of the NPN, or requesting the certificate of the current access network, or requesting the certificate of the access NPN type network.
The third indication information is used for requesting the authority of accessing the NPN through the second certificate or requesting the authority of accessing the NPN through the certificate of the current access network.
The fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network.
The second certificate may comprise a certificate already possessed by the first communication device. The certificate that the first communication device already has may comprise one of a certificate of the second network that the first communication device already has, a certificate of a third party that the first communication device already has, a certificate of a service provider that the first communication device already has. The third party's certificate is another type of certificate than the network's certificate, such as the terminal manufacturer's certificate, or the Application (APP) certificate. The service provider includes, but is not limited to, one of a second network (e.g., PLMN, or NPN (e.g., SNPN, or PNI NPN), etc.), a third party.
In one embodiment, the first information may be obtained from a first communication device or from a second communication device. For example, the first communication device sends the first information to the second communication device, which in turn sends the first information to the third communication device.
In one embodiment, the second information may be obtained from a second communication device. For example, the first communication device sends the first information to the second communication device, and the second communication device generates the second information according to the first information and then sends the second information to the third communication device. The NPN of the second message may be all or part of the NPN of the first NPN in the first message.
In one embodiment, the NPN may include one of a first NPN, a second NPN, and a third NPN. The first NPN is described in the embodiment of fig. 1, and the second NPN is described in the embodiment of fig. 2, which is not described here. The third NPN is as described in the embodiment of fig. 2, and will not be described here again. The second NPN may be the same as or different from the third NPN.
And step 32, executing a second operation according to the first information or the second information.
Wherein the performing the second operation may include at least one of:
Confirming a request of a terminal for accessing the authority of the first NPN;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether permission of accessing the first NPN through the second certificate is allowed to be added for the terminal or not;
confirming whether permission of accessing the NPN type network through the second certificate is allowed to be added for the terminal or not;
Configuring certificate information of a second NPN for the terminal, or adding authority of accessing a third NPN through the second certificate to the terminal, or adding authority of accessing an NPN type network through the second certificate to the terminal;
And sending the certificate information of the second NPN or sending the update information of the second certificate.
The second certificate may comprise a certificate already possessed by the first communication device. The certificate that the first communication device already has may comprise one of a certificate of the second network that the first communication device already has, a certificate of a third party that the first communication device already has. The third party's certificate is another type of certificate than the network's certificate, such as the terminal manufacturer's certificate, or the Application (APP) certificate.
The second network may include, but is not limited to, one of a PLMN, NPN (e.g., SNPN, or PNI NPN), etc.
Alternatively, the second NPN may be the whole NPN or part of the NPN in the first NPN. In one embodiment, the second NPN is an NPN in the first NPN that allows the terminal to be configured with the certificate. It will be appreciated that the first NPN, which may be all or only partially requested, allows the terminal to be configured with the corresponding certificate. It will be appreciated that, for example, the terminal requests access rights for NPN1, NPN2, NPN3, but only NPN1 and NPN2 are allowed to access, in one embodiment, the network may configure credentials for NPN1 and NPN2 for the terminal. In another embodiment, the network may configure a certificate of NPN1 for the terminal and may access NPN2 through the certificate of NPN 1. It will be appreciated that when the number of NPN's that the terminal is allowed to access is numerous, the certificate of the configured NPN can be saved by this method. It will be appreciated that the second NPN may be a subset of the NPN allowing the terminal to obtain access rights.
Alternatively, the third NPN may be the whole NPN or part of the NPN in the first NPN. In one embodiment, the third NPN is an NPN in the first NPN that allows the terminal to obtain the access rights. It will be appreciated that only a portion of the requested first NPN may allow the terminal to gain access rights. It will be appreciated that, for example, the terminal requests access rights for NPN1, NPN2, NPN3, but only NPN1 and NPN2 are allowed access. In one embodiment, the network may update the second certificate for the terminal, increasing the rights to access NPN1 and NPN2 through the second certificate.
The certificate information of the second NPN may include at least one of a certificate of the second NPN, information of a network (such as network identification information) to which access is allowed through the certificate of the second NPN, and rights to which access to the NPN type network is allowed through the second NPN certificate. The network allowing access by the certificate of the second NPN may comprise other networks than the second NPN including at least one of other NPN than the second NPN, PLMN, PNI NPN. The second NPN may be referred to as a service provider of the other network. The other network may be referred to as an equivalent network of the second NPN, a network in which the terminal of the second NPN is allowed to roam, or a network capable of providing access for the second NPN.
The second NPN is a subset of the first NPN in the case where a plurality of NPN are included in the first NPN.
Optionally, the update information of the second certificate may include at least one of information (such as network identification information) of a network allowed to be accessed through the second certificate, authority allowed to be accessed through the second certificate to the NPN type network, indication information of a requested NPN allowed to be accessed through the second certificate, and indication information of a NPN type network allowed to be accessed through the second certificate. Wherein the network permitted to be accessed through the second certificate may include other networks than the second network. The other networks than the second network include at least one of an NPN, PLMN, PNI NPN other than the second network. The second network may be referred to as a service provider of the other network. The other network may be referred to as an equivalent network of the second network, a network in which the terminal of the second network is allowed to roam, or a network capable of providing access to the second network.
In one embodiment, the network that is allowed access through the second certificate includes at least one requested NPN (e.g., at least one of the first NPN, the second NPN, or the third NPN).
In one embodiment, the sent update information of the second certificate includes network identification information of all networks allowed to be accessed through the second certificate, not only the requested identification information of the NPN (such as identification information of at least one NPN in the identification information of the first NPN, the second NPN, or the third NPN).
In one embodiment, the update information of the second certificate contains network identification information of all networks allowed to be accessed through the second certificate. I.e. a network for which no access rights are requested to the terminal, the network also sends network identification information of said network allowing access via the second credentials to the terminal.
In another embodiment, the update information of the second certificate only increases the identification information of the NPN that includes the allowed access rights in the requested first NPN.
Optionally, the first information is obtained from a first source comprising one of a first communication device (including a terminal).
Optionally, the second information is acquired from a second source end, wherein the second source end comprises second communication equipment, a network for sending the first information by the terminal and a network accessed by the terminal.
Optionally, the certificate information of the second NPN or the update information of the second certificate is sent to a target end, wherein the target end comprises at least one of a first communication device (comprising a terminal), a second communication device, a network for receiving the first information (such as UDM or UDR in the network for receiving the first information), a user management device in the second network, a network device in the second NPN (such as user management device) and a network currently accessed by the terminal. It will be appreciated that when a new network certificate is configured or updated, synchronization is required to both the first communication device (including the terminal) and the network so that the network can authenticate the terminal when the terminal accesses the network. The second network may also request the first network to authenticate the terminal when the terminal allows access to the second network via said first network credentials.
It is to be understood that, according to this embodiment, the third communication device may configure the terminal with the required certificate information based on the acquired second information, so as to effectively implement certificate configuration and network access control for the terminal.
Referring to fig. 4, an embodiment of the present invention provides an access control method applied to a first communication device, where the first communication device includes, but is not limited to, a terminal, and the method includes:
Step 41, obtaining third information.
And step 42, executing the operation of accessing the second NPN or the fourth network according to the third information.
Wherein the third information may include at least one of certificate information of the second NPN and update information of the second certificate.
In one embodiment, the second NPN may be referred to generally as one or more NPN. In one embodiment, the certificate of the second NPN can be obtained directly, and in another embodiment, the certificate of the second NPN is obtained after the first NPN is requested. In this case, the second NPN is identical to the first NPN in one embodiment, and in another embodiment, the second NPN is a subset of the first NPN, such as a portion of the first NPN when a plurality of NPNs are included in the first NPN.
Optionally, the certificate information of the second NPN comprises at least one of a certificate of the second NPN, information (such as network identification information) of a network which is allowed to be accessed through the certificate of the second NPN, and authority which is allowed to be accessed into the NPN type network through the certificate of the second NPN. Wherein the network allowing access by the certificate of the second NPN may comprise other networks than the second NPN, the other networks than the second NPN comprising at least one of other NPNs than the second NPN, PLMNs, PNI NPNs. The second NPN may be referred to as a service provider of the other network. The other network may be referred to as an equivalent network of the second NPN, a network in which the terminal of the second NPN is allowed to roam, or a network capable of providing access for the second NPN.
In one embodiment, the current access network is a network that transmits the first information or a network that obtains the third information. The fourth network may be different from the current access network.
The first information is specifically described in the embodiment of fig. 1.
Optionally, the certificate information of the current access network may include at least one of information of a network (such as network identification information (e.g., network identification information of NPN)) that is allowed to be accessed through the certificate of the current access network, indication information of the requested NPN that is allowed to be accessed through the certificate of the current access network, and indication information of a NPN type network that is allowed to be accessed through the certificate of the current access network. Wherein the information of the network allowed to be accessed through the certificate of the current access network may include other networks than the current access network. The other network than the current access network includes at least one of an NPN, PLMN, PNI NPN other than the current access network. The current access network may be referred to as a service provider of the other network. The other network may be referred to as an equivalent network to the current access network, a network in which a terminal of the current access network allows roaming, or a network capable of providing access to the current access network.
Optionally, the update information of the second certificate may include at least one of information (such as network identification information (e.g., identification information of NPN)) of the network allowed to be accessed through the second certificate, authority of the network allowed to be accessed through the second certificate, indication information of the requested NPN allowed to be accessed through the second certificate, and indication information of the network allowed to be accessed through the second certificate. Wherein the network allowing access through the second certificate may comprise other networks than the second network including at least one of an NPN, a PLMN, a PNI NPN other than the second network. The second network may be referred to as a service provider of the other network. The other network may be referred to as an equivalent network of the second network, a network in which the terminal of the second network is allowed to roam, or a network capable of providing access to the second network.
In one embodiment, the network allowing access through credentials of the second NPN comprises a fourth network.
In one embodiment, the network allowing access through the second credentials comprises a fourth network.
In one embodiment, the update information of the second certificate contains network identification information of all networks allowed to be accessed through the second certificate. I.e. a network for which no access rights are requested to the terminal, the network also sends network identification information of said network allowing access via the second credentials to the terminal.
In another embodiment, the update information of the second certificate only increases the identification information of the NPN that includes the allowed access rights in the requested first NPN.
Wherein the fourth network may be one of a different network than the second NPN (e.g., a different NPN than the second NPN, or a PLMN), a different network than the network requesting access rights of the first NPN, or a different network than the second network.
In one embodiment, when the network identification information of the network to which access by the certificate of the second NPN is permitted includes identification information of the fourth network, the terminal may access the fourth network through the certificate of the second NPN. The accessing the certificate of the second NPN to the fourth network may include providing, when accessing to the fourth network, a UE identifier (such as SUPI, sui, NAI, etc.) corresponding to the certificate of the second NPN, where the UE identifier may include identification information of the second NPN. The UE identity is provided, for example, by a registration request.
In one embodiment, when the network identification information of the network permitted to be accessed through the second certificate contains an identification of the fourth network, the terminal may access the fourth network through the second certificate. The accessing the fourth network through the second certificate includes providing a UE identifier (such as SUPI, sui, NAI, etc.) corresponding to the second certificate when accessing the fourth network, where the UE identifier may include identification information of the second network.
In one embodiment, when the network identification information of the network to which access by the certificate of the first NPN is permitted includes identification information of the fourth network, the terminal may access the fourth network through the certificate of the first NPN. The accessing the certificate of the first NPN to the fourth network may include providing, when accessing the fourth network, a UE identifier (such as SUPI, sui, NAI, etc.) corresponding to the certificate of the first NPN, where the UE identifier may include identification information of the first NPN.
Optionally, before step 41, the method may further include sending the first information. The related content of the first information may be described in the embodiment shown in fig. 1, and will not be described herein.
Alternatively, in this case, the second NPN is identical to the first NPN in one embodiment, and in another embodiment, the second NPN is a subset of the first NPN, such as a portion of the first NPN when the first NPN includes a plurality of NPNs.
In one embodiment, the network performs access authorization (i.e., the second NPN) only for a portion of the first NPN for which credentials are configured only for the first communication device. For example, the terminal requests access rights to access NPN1, NPN2, and NPN 3. It will be appreciated that the network may only allow the terminal to obtain rights to access NPN1 and NPN2, configuring the terminal with a certificate of NPN1 and a certificate of NPN2. The terminal can only access the NPN1 through the certificate of the NPN1. The terminal can only access the NPN2 through the certificate of the NPN2.
In another embodiment, the network performs access authorization on multiple nps in the first NPN, but only configures a certificate of a part of the NPN (i.e., the second NPN) for the first communication device, through which the multiple nps can be accessed. For example, the terminal requests access rights to access NPN1, NPN2, and NPN 3. It will be appreciated that the network may allow the terminals to access NPN1 and NPN2. The network may only configure the terminal with the certificate of NPN2, but the certificate passing through NPN2 may access not only NPN2 but also NPN1. At this time, the NPN1 that can be accessed by the certificate of the NPN2 may be referred to as an equivalent NPN of the NPN2, an NPN in which the terminal of the NPN2 is allowed to roam, or an NPN in which access can be provided for the NPN2. NPN2 may be referred to as the service provider of NPN1.
In one embodiment, the third information is obtained from a source comprising one of a first communication device, a second communication device, a network receiving the first information, a currently accessed network.
It will be appreciated that, with the present embodiment, when requesting access to the rights of multiple NPN's, the network may only assign one NPN's certificate, but may access the multiple NPN's through the NPN's certificate. Therefore, the network access control of the terminal can be effectively realized.
The method provided by the embodiment of the invention is described below with reference to specific embodiments.
In this embodiment, as shown in fig. 5, the NPN certificate configuration procedure of the UE may include the following steps:
step 51, the UE initiates a registration request to an AMF of the first network via the NG-RAN. Optionally, the registration request includes an NPN list of access certificates (keys) requested by the UE.
In one embodiment, the UE already has credetial of NPN1 requesting to append the certificate of NPN 2. At this time, the AMF may authenticate the UE by accessing the certificate of NPN 1.
In another embodiment, the UE has not yet had a certificate of NPN1 and requests certificates of NPN1 and NPN2 at the same time. At this time, the UE needs to be authenticated by a default certificate (default credential) or UDM corresponding to SUPI provided by the UE.
Step 52. AMF selects a configuration server according to the NPN list and sends a certificate configuration request to the configuration server.
Step 53, if the UE is not authenticated in the above steps, optionally, the configuration server authenticates the UE through the authentication server.
And step 54, after the authentication is passed, the configuration server sends a configuration response to the UE through the AMF so as to configure the UE.
In one embodiment, when the NPN list of the requested certificate contains NPN2, on the one hand, the configuration server of NPN1 may update the certificate of NPN1, supplementing NPN2 that is allowed to roam. Or the configuration server of the NPN2 configures the certificate of the NPN2 for the UE independently.
Further, optionally, the configuration server may synchronize the UE's credentials to the UDM.
Referring to fig. 6, an embodiment of the present invention provides a communication device, which is a first communication device, as shown in fig. 6, the communication device 60 includes:
a transmitting module 61 for transmitting the first information;
the first information comprises at least one of information of a non-public network NPN of a first independent networking, index information of a second network, first indication information, second indication information, third indication information, fourth indication information, indication information for requesting certificate downloading, indication information for requesting a first access mode, type information of the first access mode and type information of a certificate downloading mode;
The information of the first NPN can be used for at least one of requesting access to the authority of the first NPN, requesting a certificate of the first NPN, requesting access to the first NPN through a second certificate and requesting access to an NPN type network;
the first indication information is used for requesting the authority to access the first NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network;
The second indication information is used for requesting a certificate of the first NPN, or requesting a certificate of the current access network, or requesting a certificate of the access NPN type network;
the third indication information is used for requesting the authority of accessing the first NPN through the second certificate or requesting the authority of accessing the first NPN through the certificate of the current access network;
the fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network;
The second certificate may comprise a certificate already possessed by the first communication device. The credentials that the first communication device already has include credentials of a second network that the first communication device already has, credentials of a third party that the first communication device already has. The third party's certificate is another type of certificate than the network's certificate, such as the terminal manufacturer's certificate, or the Application (APP) certificate.
Optionally, the communication device 60 may further include:
The third acquisition module is used for acquiring third information, wherein the third information comprises at least one of certificate information of a second NPN and update information of the second certificate;
The third execution module is used for executing the operation of accessing the second NPN or the fourth network according to the third information;
Wherein the fourth network is one of a network other than the second NPN, a network other than the second network;
the second NPN is all NPNs in the first NPN or part of NPNs in the first NPN.
Optionally, the certificate information of the second NPN comprises at least one of a certificate of the second NPN, information of a network which is allowed to be accessed through the certificate of the second NPN and authority which is allowed to be accessed through the certificate of the second NPN to the NPN type network;
And/or the update information of the second certificate comprises at least one of information of a network which is allowed to be accessed through the second certificate, authority which is allowed to be accessed through the second certificate to the NPN type network, indication information of the requested NPN which is allowed to be accessed through the second certificate, and indication information of the NPN type network which is allowed to be accessed through the second certificate.
Optionally, the network allowing access through credentials of the second NPN includes the fourth network;
And/or the network allowing access through the second credentials comprises the fourth network.
Optionally, after the step of sending the first information, at least one of address information of the first server and identification information of NPN corresponding to the first server is received.
In one embodiment, the NPN corresponding to the first server includes a certificate configurable by the first server for accessing the NPN. The credentials for accessing the NPN include the credentials of the NPN.
In one embodiment, address information of the first server and/or identification information of NPN corresponding to the first server are obtained from a network. The network may be a network to which the terminal is connected through a first access mode (e.g., onboarding access network such as O-SNPN)
Optionally, when the fourth condition is met, address information of the first server and/or identification information of NPN corresponding to the first server are ignored or discarded.
The fourth condition includes at least one of:
The terminal supports and/or requests a certificate downloading mode of a control plane type;
the terminal supports and/or requests a first access mode of the control plane type;
the terminal does not support and/or request a certificate downloading mode of the user plane type;
The terminal does not support and/or request the first access mode of the user plane type;
the first server is not a configuration server for the certificate of the first NPN.
It will be appreciated that the address of the first server is for the user plane type of certificate download mode or the user plane type of first access mode. And for the terminal which does not support the user plane type certificate downloading mode or the user plane type first access mode, the related information of the first server sent by the network can be ignored or discarded.
The terminal supporting and/or requesting the control plane type of certificate downloading manner may include a terminal supporting and/or requesting only the control plane type of certificate downloading manner.
The first access manner that the terminal supports and/or requests the control plane type may include a first access manner that the terminal supports and/or requests only the control plane type.
In this embodiment, the communication device 60 can implement each process implemented in the embodiment of the method shown in fig. 1 of the present invention and achieve the same beneficial effects, and in order to avoid repetition, the description is omitted here.
Referring to fig. 7, an embodiment of the present invention provides a communication device, which is a second communication device, as shown in fig. 7, the communication device 70 includes:
a first acquisition module 71 for acquiring first information;
a first execution module 72, configured to execute a first operation according to the first information;
wherein the performing a first operation includes at least one of:
Confirming a request of a terminal for accessing the authority of the first NPN;
confirming whether the terminal is allowed to acquire the authority of accessing the first NPN;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether permission of accessing the first NPN through the second certificate is allowed to be added for the terminal or not;
confirming whether permission of accessing the NPN type network through the second certificate is allowed to be added for the terminal or not;
Confirming that the terminal configures the certificate information of the second NPN, or confirming that the terminal increases the authority of accessing the third NPN through the second certificate, or confirming that the terminal increases the authority of accessing the NPN type network through the second certificate;
Determining a first server;
Transmitting address information of a first server and/or identification information of NPN corresponding to the first server;
Determining a second server;
determining second information;
Initiating a certificate configuration request or a configuration update request of the terminal to the first server and/or the second server;
Transmitting second information to the first server and/or the second server;
The first server is one of a configuration server for configuring a certificate of a second NPN for the terminal, a configuration server for configuring the certificate for accessing the NPN for the terminal, and a server which the terminal needs to access in order to download the certificate for accessing the NPN, wherein the second server is a configuration server for configuring the second certificate for the terminal, and the second information comprises all or part of information in the first information.
Optionally, the first information includes at least one of information of a first NPN, index information of a second network, first indication information, second indication information, third indication information, fourth indication information, indication information for requesting a certificate download, indication information for requesting a first access mode, type information of the first access mode, and type information of a certificate download mode;
The information of the first NPN can be used for at least one of requesting access to the authority of the first NPN, requesting a certificate of the first NPN, requesting access to the first NPN through a second certificate and requesting access to an NPN type network;
the first indication information is used for requesting the authority to access the first NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network;
The second indication information is used for requesting a certificate of the first NPN, or requesting a certificate of the current access network, or requesting a certificate of the access NPN type network;
the third indication information is used for requesting the authority of accessing the first NPN through the second certificate or requesting the authority of accessing the first NPN through the certificate of the current access network;
the fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network;
The second certificate may comprise a certificate already possessed by the first communication device. The certificate that the first communication device already has may comprise one of a certificate of the second network that the first communication device already has, a certificate of a third party that the first communication device already has. The third party's certificate is another type of certificate than the network's certificate, such as the terminal manufacturer's certificate, or the Application (APP) certificate.
The type information of the first access mode indicates at least one of a first access mode of a control plane type and a first access mode of a user plane type;
the type information of the certificate downloading mode indicates at least one of a control plane type certificate downloading mode and a user plane type certificate downloading mode.
In one embodiment, address information of the first server and/or identification information of NPN corresponding to the first server are transmitted to the terminal.
Optionally, the first execution module 72 sends the address information of the first server and/or the identification information of the NPN corresponding to the first server when the third condition is satisfied.
The third condition includes:
The type information of the first access mode indicates the first access mode of the user plane type;
the type information of the certificate downloading mode indicates the certificate downloading mode of the user plane type.
It will be appreciated that the address information of the first server is for a user plane type of certificate download mode or a user plane type of first access mode. For terminals that do not support and/or do not request the user plane type certificate download mode or the user plane type first access mode, the network may not send relevant information of the first server (e.g., address information of the first server and/or identification information of NPN corresponding to the first server). Or, the network may send information about the first server to the terminal supporting and/or requesting the user plane type certificate download mode or the user plane type first access mode.
Optionally, the first execution module 72 may perform an operation of determining the first server, determining the second information and/or performing an operation of sending the second information to the first server if a first condition is satisfied, where the first condition includes at least one of:
Confirming permission of allowing the terminal to acquire access to the first NPN;
Confirming certificate information allowing configuration of a first NPN for the terminal;
Confirming certificate information of configuring a second NPN for the terminal;
acquiring first indication information in the first information;
acquiring second indication information in the first information;
Acquiring information of a first NPN in the first information;
Wherein the second NPN is all NPNs in the first NPN or part of NPNs in the first NPN.
Optionally, the first execution module 72 may perform an operation of determining the second server, determining the second information and/or performing an operation of sending the second information to the first server if a second condition is satisfied, where the second condition includes at least one of:
Confirming permission of allowing the terminal to acquire access to the first NPN;
Confirming permission to increase the authority of the terminal to access the first NPN through the second certificate;
confirming that the terminal increases the authority of accessing the third NPN through the second certificate;
acquiring first indication information in the first information;
Acquiring third indication information in the first information;
acquiring fourth indication information in the first information;
Acquiring information of a first NPN in the first information;
Acquiring index information of a second network in the first information;
wherein the third NPN is all NPNs in the first NPN or part of NPNs in the first NPN.
In this embodiment, the communication device 70 can implement each process implemented in the embodiment of the method shown in fig. 2 of the present invention and achieve the same beneficial effects, and in order to avoid repetition, a detailed description is omitted here.
Referring to fig. 8, an embodiment of the present invention provides a communication device, which is a third communication device, as shown in fig. 8, the communication device 80 includes:
A second acquiring module 81, configured to acquire the first information or the second information;
a second execution module 82, configured to execute a second operation according to the first information or the second information;
Wherein the performing a second operation includes at least one of:
Confirming a request of a terminal for accessing the authority of the first NPN;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether the certificate information of the first NPN is allowed to be configured for the terminal;
Confirming whether permission of accessing the first NPN through the second certificate is allowed to be added for the terminal or not;
confirming whether permission of accessing the NPN type network through the second certificate is allowed to be added for the terminal or not;
Configuring certificate information of a second NPN for the terminal, or adding authority of accessing a third NPN through the second certificate to the terminal, or adding authority of accessing an NPN type network through the second certificate to the terminal;
Sending the certificate information of the second NPN or sending the update information of the second certificate;
Wherein the second certificate comprises a certificate already possessed by the terminal;
the second NPN is all NPNs in the first NPN or part of NPNs in the first NPN;
the third NPN is all NPNs in the first NPN or part of NPNs in the first NPN;
The second NPN is the same as or different from the third NPN.
Optionally, the first information includes at least one of information of a first NPN, index information of a second network, first indication information, second indication information, third indication information, fourth indication information, indication information for requesting a certificate download, indication information for requesting a first access mode, type information of the first access mode, and type information of a certificate download mode;
The information of the first NPN can be used for at least one of requesting access to the authority of the first NPN, requesting a certificate of the first NPN, requesting access to the first NPN through a second certificate and requesting access to an NPN type network;
the first indication information is used for requesting the authority to access the first NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network;
The second indication information is used for requesting a certificate of the first NPN, or requesting a certificate of the current access network, or requesting a certificate of the access NPN type network;
the third indication information is used for requesting the authority of accessing the first NPN through the second certificate or requesting the authority of accessing the first NPN through the certificate of the current access network;
The fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network.
Optionally, the second information comprises at least one of NPN information, index information of a second network, first indication information, second indication information, third indication information and fourth indication information;
The information of the NPN can be used for at least one of requesting access to the NPN, requesting a certificate of the NPN, requesting access to the NPN through a second certificate and requesting access to a NPN type network;
the first indication information is used for requesting the authority to access the NPN, or requesting the authority to access the network currently, or requesting the authority to access the NPN type network;
The second indication information is used for requesting the certificate of the NPN, or requesting the certificate of the current access network, or requesting the certificate of the access NPN type network;
the third indication information is used for requesting the authority of accessing the NPN through the second certificate or requesting the authority of accessing the NPN through the certificate of the current access network;
The fourth indication information is used for requesting the authority of accessing the NPN type network through the second certificate or requesting the authority of accessing the NPN type network through the certificate of the current access network.
Optionally, the certificate information of the first NPN comprises at least one of a certificate of the first NPN, information of a network which is allowed to be accessed through the certificate of the first NPN and authority which is allowed to be accessed through the certificate of the first NPN to the NPN type network;
and/or the certificate information of the second NPN comprises at least one of a certificate of the second NPN, information of a network which is allowed to be accessed through the certificate of the second NPN and authority which is allowed to be accessed into the NPN type network through the second NPN certificate;
and/or the update information of the second certificate comprises at least one of information of a network which is allowed to be accessed through the second certificate, authority which is allowed to be accessed through the second certificate to the NPN type network, indication information of the requested NPN which is allowed to be accessed through the second certificate, and indication information of the NPN type network which is allowed to be accessed through the second certificate;
Wherein the second NPN is all NPNs in the first NPN or part of NPNs in the first NPN.
In this embodiment, the communication device 80 can implement each process implemented in the embodiment of the method shown in fig. 3 of the present invention and achieve the same beneficial effects, and in order to avoid repetition, a detailed description is omitted here.
Referring to fig. 9, an embodiment of the present invention provides a communication device, which is a fourth communication device, as shown in fig. 9, the communication device 90 includes:
a third obtaining module 91, configured to obtain third information, where the third information includes at least one of certificate information of a second NPN and update information of the second certificate, where the second certificate includes a certificate that the first communication device already has;
a third executing module 92, configured to execute an operation of accessing the second NPN or the fourth network according to the third information;
Wherein the fourth network is one of a network other than the second NPN, a network other than the second network;
the certificate information of the second NPN comprises at least one of a certificate of the second NPN, information of a network which is allowed to be accessed through the certificate of the second NPN and authority which is allowed to be accessed through the certificate of the second NPN to the NPN type network;
the certificate information of the current access network includes at least one of information of a network allowing access through a certificate of the current access network, indication information of an NPN which allows access through a certificate of the current access network to be requested, and indication information of a network allowing access through a certificate of the current access network to be of an NPN type;
The updated information of the second certificate includes at least one of information of a network permitted to be accessed through the second certificate, authority permitted to be accessed through the second certificate to the NPN type network, indication information of a requested NPN permitted to be accessed through the second certificate, and indication information permitted to be accessed through the second certificate to the NPN type network.
In this embodiment, the communication device 90 can implement each process implemented in the method embodiment shown in fig. 4 of the present invention and achieve the same beneficial effects, and in order to avoid repetition, a detailed description is omitted here.
Referring to fig. 10, fig. 10 is a schematic structural diagram of another communication device provided in the embodiment of the present invention, where, as shown in fig. 10, the communication device 100 includes a processor 101, a memory 102, and a computer program stored in the memory 102 and capable of running on the processor, where, when the computer program is executed by the processor 101, the respective components in the communication device 100 are coupled together through a bus interface 103, and the computer program may implement each process implemented in the method embodiment shown in fig. 1, or implement each process implemented in the method embodiment shown in fig. 2, or implement each process implemented in the method embodiment shown in fig. 3, or implement each process implemented in the method embodiment shown in fig. 4, and achieve the same technical effect, and are not repeated herein.
The embodiment of the present invention further provides a computer readable storage medium, where a computer program is stored, where the computer program when executed by a processor implements each process implemented in the method embodiment shown in fig. 1, or implements each process implemented in the method embodiment shown in fig. 2, or implements each process implemented in the method embodiment shown in fig. 3, or implements each process implemented in the method embodiment shown in fig. 4, and achieves the same technical effects, and is not repeated herein. Wherein the computer readable storage medium is selected from Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.

Claims (23)

1.一种接入控制方法,应用于第一通信设备,其特征在于,包括:1. An access control method, applied to a first communication device, comprising: 向第二通信设备或第三通信设备发送第一信息;Sending first information to the second communication device or the third communication device; 其中,所述第一信息包括以下至少一项:第一非公众网络NPN的信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息;The first information includes at least one of the following: information of the first non-public network NPN, first indication information, second indication information, third indication information, and fourth indication information; 所述第一NPN的信息能够用于以下至少一项:请求接入第一NPN的权限、请求第一NPN的证书、请求通过第二证书接入第一NPN;The information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting a certificate of the first NPN, and requesting access to the first NPN through a second certificate; 所述第一指示信息用于请求接入第一NPN的权限,或用于请求当前接入网络的权限;The first indication information is used to request permission to access the first NPN, or to request permission to currently access the network; 所述第二指示信息用于请求第一NPN的证书,或用于请求当前接入网络的证书;The second indication information is used to request a certificate of the first NPN, or to request a certificate of the current access network; 所述第三指示信息用于请求通过第二证书接入第一NPN的权限,或用于请求通过当前接入网络的证书接入第一NPN的权限;The third indication information is used to request permission to access the first NPN through the second certificate, or to request permission to access the first NPN through the certificate of the current access network; 所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限;The fourth indication information is used to request permission to access an NPN type network through a second certificate, or to request permission to access an NPN type network through a certificate currently accessing the network; 所述第二证书包括第一通信设备已经具有的证书;The second certificate includes a certificate that the first communication device already has; 所述第一通信设备包括终端;所述当前接入网络为所述第一NPN中的一个NPN;The first communication device includes a terminal; the current access network is one of the first NPNs; 其中,所述第二通信设备包括以下之一:第一NPN的核心网网元、第二网络的核心网网元或第三网络的核心网网元;The second communication device includes one of the following: a core network element of the first NPN, a core network element of the second network, or a core network element of the third network; 所述第三通信设备包括以下之一:第一服务器,第二服务器;The third communication device includes one of the following: a first server, a second server; 其中,in, 所述第一服务器是为终端配置第二NPN的证书的配置服务器;The first server is a configuration server that configures a certificate of the second NPN for the terminal; 所述第二服务器是为终端配置第二证书的配置服务器。The second server is a configuration server that configures a second certificate for the terminal. 2.根据权利要求1所述的方法,其特征在于,所述第一信息还包括第二网路的索引信息。2. The method according to claim 1, characterized in that the first information also includes index information of the second network. 3.根据权利要求1或2所述的方法,其特征在于,所述发送第一信息之后,所述方法还包括:3. The method according to claim 1 or 2, characterized in that after sending the first information, the method further comprises: 获取第三信息;其中,所述第三信息包括第二NPN的证书信息和所述第二证书的更新信息中的至少一者;Acquire third information; wherein the third information includes at least one of the certificate information of the second NPN and the update information of the second certificate; 根据所述第三信息,执行接入第二NPN或第四网络的操作;According to the third information, performing an operation of accessing the second NPN or the fourth network; 其中,所述第四网络是以下之一:不同于第二NPN的其他网络、不同于第二网络的其他网络;所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN。The fourth network is one of the following: other networks different from the second NPN, other networks different from the second network; the second NPN is all NPNs in the first NPN, or a part of NPNs in the first NPN. 4.根据权利要求3所述的方法,其特征在于,4. The method according to claim 3, characterized in that 所述第二NPN的证书信息包括以下至少一项:第二NPN的证书、允许通过第二NPN的证书接入的网络的信息、允许通过第二NPN证书接入NPN类型网络的权限;The certificate information of the second NPN includes at least one of the following: a certificate of the second NPN, information of a network that is allowed to be accessed through the certificate of the second NPN, and permission to access an NPN type network through the certificate of the second NPN; 和/或,所述第二证书的更新信息包括以下至少一项:允许通过第二证书接入的网络的信息、允许通过第二证书接入NPN类型网络的权限、允许通过第二证书接入被请求的NPN的指示信息、允许通过第二证书接入NPN类型的网络的指示信息。And/or, the update information of the second certificate includes at least one of the following: information about the network allowed to be accessed through the second certificate, permission to access the NPN type network through the second certificate, indication information allowing access to the requested NPN through the second certificate, and indication information allowing access to the NPN type network through the second certificate. 5.根据权利要求4所述的方法,其特征在于,5. The method according to claim 4, characterized in that 所述允许通过第二NPN的证书接入的网络包括所述第四网络;The network allowed to be accessed through the certificate of the second NPN includes the fourth network; 和/或and/or 所述允许通过第二证书接入的网络包括所述第四网络。The network that is allowed to be accessed through the second certificate includes the fourth network. 6.根据权利要求1所述的方法,其特征在于,所述发送第一信息的步骤之后,接收以下至少一项:第一服务器的地址信息,第一服务器对应的NPN的标识信息。6 . The method according to claim 1 , wherein after the step of sending the first information, at least one of the following items is received: address information of the first server, identification information of the NPN corresponding to the first server. 7.根据权利要求6所述的方法,其特征在于,当满足第四条件时,忽略或丢弃所述第一服务器的地址信息和/或第一服务器对应的NPN的标识信息;7. The method according to claim 6, characterized in that when the fourth condition is met, the address information of the first server and/or the identification information of the NPN corresponding to the first server is ignored or discarded; 所述第四条件包括以下至少一项:The fourth condition includes at least one of the following: 终端支持和/或请求控制面类型的证书下载方式The terminal supports and/or requests the certificate download method of the control plane type 终端支持和/或请求控制面类型的第一接入方式;The terminal supports and/or requests a first access mode of a control plane type; 终端不支持和/或不请求用户面类型的证书下载方式The terminal does not support and/or does not request the certificate download method of the user plane type 终端不支持和/或不请求用户面类型的第一接入方式;The terminal does not support and/or does not request a first access mode of the user plane type; 所述第一服务器不是第一NPN的证书的配置服务器。The first server is not a configuration server for the certificate of the first NPN. 8.一种接入控制方法,应用于第二通信设备,其特征在于,包括:8. An access control method, applied to a second communication device, comprising: 获取第一信息和第四信息中至少一项;Acquiring at least one of the first information and the fourth information; 根据所述第一信息和第四信息中至少一项,执行第一操作;Perform a first operation according to at least one of the first information and the fourth information; 其中,所述执行第一操作包括以下至少一项:The performing of the first operation includes at least one of the following: 确认为终端配置第二NPN的证书信息;所述第二NPN是第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;Confirm the certificate information of the second NPN configured for the terminal; the second NPN is all the NPNs in the first NPN, or a part of the NPNs in the first NPN; 确定第一服务器,向终端发送第一服务器的地址信息和/或第一服务器对应的NPN的标识信息;或,向第一服务器发起终端的证书配置请求或配置更新请求;Determine the first server, and send the address information of the first server and/or the identification information of the NPN corresponding to the first server to the terminal; or initiate a certificate configuration request or configuration update request of the terminal to the first server; 确认为终端增加通过第二证书接入第三NPN的权限,或者确认为终端增加通过第二证书接入NPN类型网络的权限;所述第三NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;其中,所述第二证书包括终端已经具有的证书;Confirming that the terminal is given permission to access a third NPN through a second certificate, or confirming that the terminal is given permission to access an NPN type network through a second certificate; the third NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN; wherein the second certificate includes a certificate that the terminal already has; 向第二服务器发起终端的证书配置请求或配置更新请求;Initiating a certificate configuration request or configuration update request of the terminal to the second server; 向第二服务器发送第二信息;Sending second information to the second server; 其中,所述第一服务器是以下之一:为终端配置第二NPN的证书的配置服务器,为终端配置用于接入NPN的证书的配置服务器,终端为了下载用于接入NPN的证书而需要访问的服务器;The first server is one of the following: a configuration server for configuring a certificate of a second NPN for the terminal, a configuration server for configuring a certificate for accessing the NPN for the terminal, and a server that the terminal needs to access in order to download a certificate for accessing the NPN; 所述第二服务器是为终端配置第二证书的配置服务器;所述第二信息包括所述第一信息中的全部信息或者部分信息;The second server is a configuration server for configuring a second certificate for the terminal; the second information includes all or part of the information in the first information; 所述第二通信设备包括以下之一:第一NPN的核心网网元、第二网络的核心网网元或第三网络的核心网网元。The second communication device includes one of the following: a core network element of the first NPN, a core network element of the second network, or a core network element of the third network. 9.根据权利要求8所述的方法,其特征在于,所述执行第一操作还包括以下至少一项:9. The method according to claim 8, wherein the performing the first operation further comprises at least one of the following: 确认终端对接入第一NPN的权限的请求;Confirming the terminal's request for permission to access the first NPN; 确认是否允许终端获取接入第一NPN的权限;Confirm whether the terminal is allowed to obtain permission to access the first NPN; 确认是否允许为终端配置第一NPN的证书信息;Confirm whether to allow the terminal to configure the certificate information of the first NPN; 确认是否允许为终端增加通过第二证书接入第一NPN的权限;Confirm whether to allow the terminal to add permission to access the first NPN through the second certificate; 确认是否允许为终端增加通过第二证书接入NPN类型网络的权限;Confirm whether to allow the terminal to access the NPN type network through the second certificate; 向第一服务器发起终端的证书配置请求或配置更新请求;Initiating a certificate configuration request or configuration update request of the terminal to the first server; 向第一服务器发送第二信息;Sending second information to the first server; 确定第二服务器;determining a second server; 确定第二信息。The second information is determined. 10.根据权利要求8所述的方法,其特征在于,10. The method according to claim 8, characterized in that 所述第四信息包括以下至少一项:用于请求证书下载的指示信息、用于请求第一接入方式的指示信息、第一接入方式的类型信息、证书下载方式的类型信息;The fourth information includes at least one of the following: instruction information for requesting certificate download, instruction information for requesting the first access method, type information of the first access method, and type information of the certificate download method; 所述第一信息包括以下至少一项:第一NPN的信息、第二网络的索引信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息;The first information includes at least one of the following: information of the first NPN, index information of the second network, first indication information, second indication information, third indication information, and fourth indication information; 所述第一NPN的信息用于以下至少一项:请求接入第一NPN的权限、请求第一NPN的证书、请求通过第二证书接入第一NPN;The information of the first NPN is used for at least one of the following: requesting permission to access the first NPN, requesting a certificate of the first NPN, and requesting access to the first NPN through a second certificate; 所述第一指示信息用于请求接入第一NPN的权限,或用于请求当前接入网络的权限;The first indication information is used to request permission to access the first NPN, or to request permission to currently access the network; 所述第二指示信息用于请求第一NPN的证书,或用于请求当前接入网络的证书;The second indication information is used to request a certificate of the first NPN, or to request a certificate of the current access network; 所述第三指示信息用于请求通过第二证书接入第一NPN的权限,或用于请求通过当前接入网络的证书接入第一NPN的权限;The third indication information is used to request permission to access the first NPN through the second certificate, or to request permission to access the first NPN through the certificate of the current access network; 所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限;The fourth indication information is used to request permission to access an NPN type network through a second certificate, or to request permission to access an NPN type network through a certificate currently accessing the network; 所述第一接入方式的类型信息指示以下至少一项:控制面类型的第一接入方式、用户面类型的第一接入方式;The type information of the first access method indicates at least one of the following: a first access method of a control plane type, a first access method of a user plane type; 所述证书下载方式的类型信息指示以下至少一项:控制面类型的证书下载方式、用户面类型的证书下载方式。The type information of the certificate downloading method indicates at least one of the following: a control plane type certificate downloading method, a user plane type certificate downloading method. 11.根据权利要求10所述的方法,其特征在于,发送第一服务器的地址信息和/或第一服务器对应的NPN的标识信息包括:当满足第三条件时,发送第一服务器的地址信息和/或第一服务器对应的NPN的标识信息;11. The method according to claim 10, characterized in that sending the address information of the first server and/or the identification information of the NPN corresponding to the first server comprises: when a third condition is met, sending the address information of the first server and/or the identification information of the NPN corresponding to the first server; 其中,所述第三条件包括:Wherein, the third condition includes: 所述第一接入方式的类型信息指示用户面类型的第一接入方式;The type information of the first access mode indicates a first access mode of a user plane type; 所述证书下载方式的类型信息指示用户面类型的证书下载方式。The type information of the certificate downloading method indicates a certificate downloading method of a user plane type. 12.根据权利要求9所述的方法,其特征在于,所述第二通信设备在满足第一条件的情况下,执行确定第一服务器的操作、确定第二信息和/或执行向第一服务器发送第二信息的操作;其中,所述第一条件包括以下至少一项:12. The method according to claim 9, wherein the second communication device performs an operation of determining the first server, determining the second information, and/or performing an operation of sending the second information to the first server when a first condition is satisfied; wherein the first condition includes at least one of the following: 确认允许终端获取接入第一NPN的权限;Confirm that the terminal is allowed to obtain permission to access the first NPN; 确认允许为终端配置第一NPN的证书信息;Confirm the certificate information that allows the first NPN to be configured for the terminal; 确认为终端配置第二NPN的证书信息;Confirm the certificate information of the second NPN configured for the terminal; 获取第一信息中的第一指示信息;Obtaining first indication information in the first information; 获取第一信息中的第二指示信息;Obtaining second indication information in the first information; 获取第一信息中的第一NPN的信息。The information of the first NPN in the first information is obtained. 13.根据权利要求9所述的方法,其特征在于,所述第二通信设备在满足第二条件的情况下,执行确定第二服务器的操作、确定第二信息和/或执行向第一服务器发送第二信息的操作;其中,所述第二条件包括以下至少一项:13. The method according to claim 9, wherein the second communication device performs an operation of determining a second server, determining second information, and/or performing an operation of sending second information to the first server when a second condition is satisfied; wherein the second condition includes at least one of the following: 确认允许终端获取接入第一NPN的权限;Confirm that the terminal is allowed to obtain permission to access the first NPN; 确认允许为终端增加通过第二证书接入第一NPN的权限;Confirm that permission to add access to the first NPN through the second certificate is allowed for the terminal; 确认为终端增加通过第二证书接入第三NPN的权限;Confirm that the terminal is given the permission to access the third NPN through the second certificate; 获取第一信息中的第一指示信息;Obtaining first indication information in the first information; 获取第一信息中的第三指示信息;Obtaining third indication information in the first information; 获取第一信息中的第四指示信息;Obtain fourth indication information in the first information; 获取第一信息中的第一NPN的信息;Obtain information of the first NPN in the first information; 获取第一信息中的第二网络的索引信息。The index information of the second network in the first information is obtained. 14.根据权利要求9所述的方法,其特征在于,所述向第一服务器发送第二信息的步骤之后,所述方法还包括:14. The method according to claim 9, characterized in that after the step of sending the second information to the first server, the method further comprises: 获取第二NPN的证书信息;Get the certificate information of the second NPN; 发送所述获取的第二NPN的证书信息;Sending the obtained certificate information of the second NPN; 和/或and/or 所述向第二服务器发送第二信息的步骤之后,所述方法还包括:After the step of sending the second information to the second server, the method further includes: 获取第二证书的更新信息;Obtaining update information of the second certificate; 发送所述第二证书的更新信息。Send update information of the second certificate. 15.一种接入控制方法,应用于第三通信设备,其特征在于,包括:15. An access control method, applied to a third communication device, comprising: 获取第一信息或第二信息;obtaining first information or second information; 根据所述第一信息或第二信息,执行第二操作;Perform a second operation according to the first information or the second information; 其中,所述执行第二操作包括以下至少一项:The performing of the second operation includes at least one of the following: 确认终端对接入第一NPN的权限的请求;Confirming the terminal's request for permission to access the first NPN; 确认是否允许为终端配置第一NPN的证书信息;Confirm whether to allow the terminal to configure the certificate information of the first NPN; 确认是否允许为终端配置第一NPN的证书信息;Confirm whether to allow the terminal to configure the certificate information of the first NPN; 确认是否允许为终端增加通过第二证书接入第一NPN的权限;Confirm whether to allow the terminal to add permission to access the first NPN through the second certificate; 确认是否允许为终端增加通过第二证书接入NPN类型网络的权限;Confirm whether to allow the terminal to access the NPN type network through the second certificate; 为终端配置第二NPN的证书信息;Configure the second NPN certificate information for the terminal; 为终端增加通过所述第二证书接入第三NPN的权限,或者为终端增加通过所述第二证书接入NPN类型网络的权限;Adding permission for the terminal to access a third NPN through the second certificate, or adding permission for the terminal to access an NPN type network through the second certificate; 发送第二NPN的证书信息,或者发送第二证书的更新信息;Send the certificate information of the second NPN, or send the update information of the second certificate; 其中,所述第二证书包括终端已经具有的证书;Wherein, the second certificate includes a certificate already possessed by the terminal; 所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;The second NPN is all the NPNs in the first NPN, or a part of the NPNs in the first NPN; 所述第三NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;The third NPN is all the NPNs in the first NPN, or a part of the NPNs in the first NPN; 所述第二NPN与所述第三NPN相同或者不同;The second NPN is the same as or different from the third NPN; 所述第三通信设备包括以下之一:第一服务器,第二服务器;The third communication device includes one of the following: a first server, a second server; 其中,in, 所述第一服务器是为终端配置第二NPN的证书的配置服务器;The first server is a configuration server that configures a certificate of the second NPN for the terminal; 所述第二服务器是为终端配置第二证书的配置服务器。The second server is a configuration server that configures a second certificate for the terminal. 16.根据权利要求15所述的方法,其特征在于,所述第一信息包括以下至少一项:第一NPN的信息、第二网络的索引信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息;16. The method according to claim 15, characterized in that the first information comprises at least one of the following: information of the first NPN, index information of the second network, first indication information, second indication information, third indication information, and fourth indication information; 所述第一NPN的信息能够用于以下至少一项:请求接入第一NPN的权限、请求第一NPN的证书、请求通过第二证书接入第一NPN;The information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting a certificate of the first NPN, and requesting access to the first NPN through a second certificate; 所述第一指示信息用于请求接入第一NPN的权限,或用于请求当前接入网络的权限;The first indication information is used to request permission to access the first NPN, or to request permission to currently access the network; 所述第二指示信息用于请求第一NPN的证书,或用于请求当前接入网络的证书;The second indication information is used to request a certificate of the first NPN, or to request a certificate of the current access network; 所述第三指示信息用于请求通过第二证书接入第一NPN的权限,或用于请求通过当前接入网络的证书接入第一NPN的权限;The third indication information is used to request permission to access the first NPN through the second certificate, or to request permission to access the first NPN through the certificate of the current access network; 所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限。The fourth indication information is used to request permission to access an NPN type network through a second certificate, or to request permission to access an NPN type network through a certificate currently used to access a network. 17.根据权利要求15所述的方法,其特征在于,所述第二信息包括以下至少一项:NPN的信息、第二网络的索引信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息;17. The method according to claim 15, characterized in that the second information comprises at least one of the following: information of the NPN, index information of the second network, first indication information, second indication information, third indication information, and fourth indication information; 所述NPN的信息能够用于以下至少一项:请求接入NPN的权限、请求所述NPN的证书、请求通过第二证书接入所述NPN;The information of the NPN can be used for at least one of the following: requesting permission to access the NPN, requesting a certificate of the NPN, and requesting access to the NPN through a second certificate; 所述第一指示信息用于请求接入所述NPN的权限,或用于请求当前接入网络的权限;The first indication information is used to request permission to access the NPN, or to request permission to currently access the network; 所述第二指示信息用于请求所述NPN的证书,或用于请求当前接入网络的证书;The second indication information is used to request a certificate of the NPN, or to request a certificate of a currently accessed network; 所述第三指示信息用于请求通过第二证书接入所述NPN的权限,或用于请求通过当前接入网络的证书接入所述NPN的权限;The third indication information is used to request permission to access the NPN through the second certificate, or to request permission to access the NPN through the certificate of the current access network; 所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限。The fourth indication information is used to request permission to access an NPN type network through a second certificate, or to request permission to access an NPN type network through a certificate currently used to access a network. 18.根据权利要求15所述的方法,其特征在于,所述第一NPN的证书信息包括以下至少一项:第一NPN的证书、允许通过第一NPN的证书接入的网络的信息、允许通过第一NPN证书接入NPN类型网络的权限;18. The method according to claim 15, characterized in that the certificate information of the first NPN includes at least one of the following: the certificate of the first NPN, information of a network allowed to be accessed through the certificate of the first NPN, and permission to access an NPN type network through the certificate of the first NPN; 和/或,所述第二NPN的证书信息包括以下至少一项:第二NPN的证书、允许通过第二NPN的证书接入的网络的信息、允许通过第二NPN证书接入NPN类型网络的权限;And/or, the certificate information of the second NPN includes at least one of the following: a certificate of the second NPN, information of a network allowed to be accessed through the certificate of the second NPN, and permission to access an NPN type network through the certificate of the second NPN; 和/或,所述第二证书的更新信息包括以下至少一项:允许通过第二证书接入的网络的信息、允许通过第二证书接入NPN类型网络的权限、允许通过第二证书接入被请求的NPN的指示信息、允许通过第二证书接入NPN类型的网络的指示信息;And/or, the update information of the second certificate includes at least one of the following: information of a network allowed to be accessed through the second certificate, permission to access an NPN type network through the second certificate, indication information allowing access to a requested NPN through the second certificate, and indication information allowing access to an NPN type network through the second certificate; 其中,所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN。The second NPN is all the NPNs in the first NPN, or is a part of the NPNs in the first NPN. 19.一种通信设备,所述通信设备为第一通信设备,其特征在于,包括:19. A communication device, the communication device being a first communication device, characterized in comprising: 发送模块,用于向第二通信设备或第三通信设备发送第一信息;A sending module, used to send the first information to the second communication device or the third communication device; 其中,所述第一信息包括以下至少一项:第一非公众网络NPN的信息、第一指示信息、第二指示信息、第三指示信息、第四指示信息;The first information includes at least one of the following: information of the first non-public network NPN, first indication information, second indication information, third indication information, and fourth indication information; 所述第一NPN的信息能够用于以下至少一项:请求接入第一NPN的权限、请求第一NPN的证书、请求通过第二证书接入第一NPN;The information of the first NPN can be used for at least one of the following: requesting permission to access the first NPN, requesting a certificate of the first NPN, and requesting access to the first NPN through a second certificate; 所述第一指示信息用于请求接入第一NPN的权限,或用于请求当前接入网络的权限;The first indication information is used to request permission to access the first NPN, or to request permission to currently access the network; 所述第二指示信息用于请求第一NPN的证书,或用于请求当前接入网络的证书;The second indication information is used to request a certificate of the first NPN, or to request a certificate of the current access network; 所述第三指示信息用于请求通过第二证书接入第一NPN的权限,或用于请求通过当前接入网络的证书接入第一NPN的权限;The third indication information is used to request permission to access the first NPN through the second certificate, or to request permission to access the first NPN through the certificate of the current access network; 所述第四指示信息用于请求通过第二证书接入NPN类型的网络的权限,或用于请求通过当前接入网络的证书接入NPN类型网络的权限;The fourth indication information is used to request permission to access an NPN type network through a second certificate, or to request permission to access an NPN type network through a certificate currently accessing the network; 所述第二证书包括第一通信设备已经具有的证书;The second certificate includes a certificate that the first communication device already has; 所述第一通信设备包括终端;所述当前接入网络为所述第一NPN中的一个NPN;The first communication device includes a terminal; the current access network is one of the first NPNs; 所述第二通信设备包括以下之一:第一NPN的核心网网元、第二网络的核心网网元或第三网络的核心网网元;The second communication device includes one of the following: a core network element of the first NPN, a core network element of the second network, or a core network element of the third network; 所述第三通信设备包括以下之一:第一服务器,第二服务器;The third communication device includes one of the following: a first server, a second server; 其中,in, 所述第一服务器是为终端配置第二NPN的证书的配置服务器;The first server is a configuration server that configures a certificate of the second NPN for the terminal; 所述第二服务器是为终端配置第二证书的配置服务器。The second server is a configuration server that configures a second certificate for the terminal. 20.一种通信设备,所述通信设备为第二通信设备,其特征在于,包括:20. A communication device, the communication device being a second communication device, characterized in comprising: 第一获取模块,用于获取第一信息和第四信息中至少一项;A first acquisition module, used to acquire at least one of the first information and the fourth information; 第一执行模块,用于根据所述第一信息和第四信息中至少一项,执行第一操作;A first execution module, configured to execute a first operation according to at least one of the first information and the fourth information; 其中,所述执行第一操作包括以下至少一项:The performing of the first operation includes at least one of the following: 确认为终端配置第二NPN的证书信息;所述第二NPN是第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;Confirm the certificate information of the second NPN configured for the terminal; the second NPN is all the NPNs in the first NPN, or a part of the NPNs in the first NPN; 确定第一服务器,向终端发送第一服务器的地址信息和/或第一服务器对应的NPN的标识信息;或,向第一服务器发起终端的证书配置请求或配置更新请求;Determine the first server, and send the address information of the first server and/or the identification information of the NPN corresponding to the first server to the terminal; or initiate a certificate configuration request or configuration update request of the terminal to the first server; 确认为终端增加通过第二证书接入第三NPN的权限,或者确认为终端增加通过第二证书接入NPN类型网络的权限;所述第三NP N是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;其中,所述第二证书包括终端已经具有的证书;Confirming that the terminal has added the authority to access a third NPN through the second certificate, or confirming that the terminal has added the authority to access an NPN type network through the second certificate; the third NPN is all NPNs in the first NPN, or a part of the NPNs in the first NPN; wherein the second certificate includes a certificate that the terminal already has; 向第二服务器发起终端的证书配置请求或配置更新请求;Initiating a certificate configuration request or configuration update request of the terminal to the second server; 向第二服务器发送第二信息;Sending second information to the second server; 其中,所述第一服务器是以下之一:为终端配置第二NPN的证书的配置服务器,为终端配置用于接入NPN的证书的配置服务器,终端为了下载用于接入NPN的证书而需要访问的服务器;所述第二服务器是为终端配置第二证书的配置服务器;所述第二信息包括所述第一信息中的全部信息或者部分信息;The first server is one of the following: a configuration server for configuring a certificate of a second NPN for the terminal, a configuration server for configuring a certificate for accessing the NPN for the terminal, and a server that the terminal needs to access in order to download a certificate for accessing the NPN; the second server is a configuration server for configuring a second certificate for the terminal; the second information includes all or part of the information in the first information; 所述第二通信设备包括以下之一:第一NPN的核心网网元、第二网络的核心网网元或第三网络的核心网网元。The second communication device includes one of the following: a core network element of the first NPN, a core network element of the second network, or a core network element of the third network. 21.一种通信设备,所述通信设备为第三通信设备,其特征在于,包括:21. A communication device, the communication device being a third communication device, characterized in comprising: 第二获取模块,用于获取第一信息或第二信息;A second acquisition module, used to acquire the first information or the second information; 第二执行模块,用于根据所述第一信息或第二信息,执行第二操作;A second execution module, configured to execute a second operation according to the first information or the second information; 其中,所述执行第二操作包括以下至少一项:The performing of the second operation includes at least one of the following: 确认终端对接入第一NPN的权限的请求;Confirming the terminal's request for permission to access the first NPN; 确认是否允许为终端配置第一NPN的证书信息;Confirm whether to allow the terminal to configure the certificate information of the first NPN; 确认是否允许为终端配置第一NPN的证书信息;Confirm whether to allow the terminal to configure the certificate information of the first NPN; 确认是否允许为终端增加通过第二证书接入第一NPN的权限;Confirm whether to allow the terminal to add permission to access the first NPN through the second certificate; 确认是否允许为终端增加通过第二证书接入NPN类型网络的权限;Confirm whether to allow the terminal to access the NPN type network through the second certificate; 为终端配置第二NPN的证书信息,或者为终端增加通过所述第二证书接入第三NPN的权限,或者为终端增加通过所述第二证书接入NPN类型网络的权限;Configuring the certificate information of the second NPN for the terminal, or adding the authority for the terminal to access the third NPN through the second certificate, or adding the authority for the terminal to access the NPN type network through the second certificate; 发送第二NPN的证书信息,或者发送第二证书的更新信息;Send the certificate information of the second NPN, or send the update information of the second certificate; 其中,所述第二证书包括终端已经具有的证书;Wherein, the second certificate includes a certificate already possessed by the terminal; 所述第二NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;The second NPN is all the NPNs in the first NPN, or a part of the NPNs in the first NPN; 所述第三NPN是所述第一NPN中所有NPN,或者是所述第一NPN中的一部分NPN;The third NPN is all the NPNs in the first NPN, or a part of the NPNs in the first NPN; 所述第二NPN与所述第三NPN相同或者不同;The second NPN is the same as or different from the third NPN; 所述第三通信设备包括以下之一:第一服务器,第二服务器;The third communication device includes one of the following: a first server, a second server; 其中,in, 所述第一服务器是为终端配置第二NPN的证书的配置服务器;The first server is a configuration server that configures a certificate of the second NPN for the terminal; 所述第二服务器是为终端配置第二证书的配置服务器。The second server is a configuration server that configures a second certificate for the terminal. 22.一种通信设备,其特征在于,包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如权利要求1至7中任一项所述的接入控制方法的步骤,或者,实现如权利要求8至14中任一项所述的接入控制方法的步骤,或者,实现如权利要求15至18中任一项所述的接入控制方法的步骤。22. A communication device, characterized in that it comprises a processor, a memory, and a computer program stored in the memory and executable on the processor, wherein when the computer program is executed by the processor, the computer program implements the steps of the access control method as described in any one of claims 1 to 7, or implements the steps of the access control method as described in any one of claims 8 to 14, or implements the steps of the access control method as described in any one of claims 15 to 18. 23.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至7中任一项所述的接入控制方法的步骤,或者,实现如权利要求8至14中任一项所述的接入控制方法的步骤,或者,实现如权利要求15至18中任一项所述的接入控制方法的步骤。23. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, it implements the steps of the access control method as described in any one of claims 1 to 7, or implements the steps of the access control method as described in any one of claims 8 to 14, or implements the steps of the access control method as described in any one of claims 15 to 18.
CN202110078153.8A 2020-04-17 2021-01-20 Access control method and communication device Active CN113556746B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/086626 WO2021208857A1 (en) 2020-04-17 2021-04-12 Access control method and communication device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010307389 2020-04-17
CN202010307389X 2020-04-17

Publications (2)

Publication Number Publication Date
CN113556746A CN113556746A (en) 2021-10-26
CN113556746B true CN113556746B (en) 2025-02-18

Family

ID=

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110636506A (en) * 2018-06-22 2019-12-31 维沃移动通信有限公司 Network access method, terminal and network-side network element
CN114173333A (en) * 2020-08-19 2022-03-11 维沃移动通信有限公司 Access network, network selection method, device and communication equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110636506A (en) * 2018-06-22 2019-12-31 维沃移动通信有限公司 Network access method, terminal and network-side network element
CN114173333A (en) * 2020-08-19 2022-03-11 维沃移动通信有限公司 Access network, network selection method, device and communication equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Ericsson, Sony, Nokia, Nokia Shanghai Bell, OPPO, Futurewei, Intel, China Telecom, Lenovo, Motorola Mobility, Convida Wireless, Cisco, InterDigital, Samsung, Apple.S2-2008467 "KI#4: Conclusion update - UE Onboarding indications.".3GPP tsg_sa\wg2_arch.2020,(第tsgs2_142e_electronic期),第1-3页. *
Intel.S1-191560 "NPN access authentication based on PLMN subscription and credentials".3GPP tsg_sa\wg1_serv.2019,(第tsgs1_86_suzhou期),第1-6页. *

Similar Documents

Publication Publication Date Title
TWI766767B (en) Method and apparatus for network selection for supported standalone non-public network (s-snpn)
CN111869182B (en) Method for authenticating equipment, communication system, communication equipment
JP7372254B2 (en) 3GPP Access Node Selection in 5G Networks for Non-Cellular Access and Indication of Regional Requirements Subject to Lawful Interception Interception-Aware Access Node Selection
WO2013160673A1 (en) Content control in telecommunications networks
US20230171603A1 (en) Onboarding Devices in Standalone Non-Public Networks
US20130232561A1 (en) Common data model and method for secure online signup for hotspot networks
CN113676904A (en) Slice authentication method and device
WO2022062929A1 (en) Session establishment method and apparatus
TW202308363A (en) Authentication between user equipment and communication network for onboarding process
CN114915960A (en) Method, device and equipment for supporting information acquisition and readable storage medium
WO2017129101A1 (en) Routing control method, apparatus and system
CN113556746B (en) Access control method and communication device
CN114071465B (en) Access control method, device and communication equipment
WO2022080244A1 (en) Ue, core network node, access network node, amf device, terminal, and method for same
CN114173333B (en) Access network, network selection method, device and communication equipment
WO2021208857A1 (en) Access control method and communication device
CN113556746A (en) Access control method and communication device
JP7509991B2 (en) Access control method, device and communication device
CN113498055B (en) Access control method and communication equipment
JP7572568B2 (en) Information processing method, device, communication device, and readable storage medium
WO2014121613A1 (en) Method and corresponding device for acquiring location information
WO2022037611A1 (en) Network access method and apparatus, network selection method and apparatus, and communication device
CN113543112B (en) Network roaming authentication method, device, electronic device and storage medium
WO2023040728A1 (en) Network element selection method, communication apparatus, and communication system
WO2024212793A1 (en) Communication method and communication apparatus

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant