CN115811728A - Network element selection method, communication device and communication system - Google Patents

Abstract

The application provides a network element selection method, a communication device and a communication system. The method comprises the following steps: receiving identification information and indication information of a first home network, wherein the indication information indicates that terminal equipment accesses the network in a NSWO mode; and selecting a first uniform data management network element corresponding to the identification information of the first home network according to the indication information, wherein the first uniform data management network element has NSWO authentication capability. The method can realize the selection of a uniform data management network element with NSWO authentication capability, so that the uniform data management network element can provide NSWO authentication service for the terminal equipment which accesses the network by using the NSWO mode, and the method is favorable for realizing the quick and correct access of the terminal equipment.

Description

A network element selection method, communication device and communication system

technical field

The present application relates to the technical field of communication, and in particular to a method for selecting a network element, a communication device and a communication system.

Background technique

Terminal devices can access the network through non-seamless wireless local area network offload (NSWO), so as to realize access to the network through non-3rd generation partnership project (non-3GPP) technology .

Before the terminal device accesses the network through NSWO, the terminal device needs to be authenticated by the network element of the core network. However, there is no solution for how to select the network element with NSWO authentication capability.

Contents of the invention

Embodiments of the present application provide a method for selecting a network element, a communication device, and a communication system for selecting a network element with NSWO authentication capability.

In the first aspect, the embodiment of the present application provides a method for selecting a network element, which can be performed by a network element with a network storage function or a module (such as a chip) for a network element with a network storage function, or by a network element with an authentication service function or Execute by modules (such as chips) used to authenticate service function network elements. The method includes: receiving identification information and indication information of the first home network, the indication information instructing the terminal device to use NSWO to access the network; according to the indication information, selecting the first unified network corresponding to the identification information of the first home network Data management network element, the first unified data management network element has NSWO authentication capability.

According to the above scheme, it is possible to select a unified data management network element with NSWO authentication capability, so that the unified data management network element can provide NSWO authentication services for terminal devices connected to the network in NSWO mode, which helps to realize terminal Fast and correct access of equipment.

As a possible implementation method, the first unified data management network element corresponding to the identification information of the first home network is selected from the first mapping relationship according to the indication information, and the first mapping relationship includes the identification information of the home network The mapping relationship between information and unified data management network elements with NSWO authentication capabilities.

According to the above solution, the mapping relationship between the identification information of the home network and the unified data management network element with NSWO authentication capability can be defined in advance, so that the unified data management network element can be selected according to the mapping relationship, which is helpful to realize fast and accurate Select a unified data management network element with NSWO authentication capability.

As a possible implementation method, the identification information of the second home network is received; the second unified data management network element corresponding to the identification information of the second home network is selected from the second mapping relationship, and the second unified data management network element The element does not have the NSWO authentication capability, and the second mapping relationship includes the mapping relationship between the identification information of the home network and the unified data management network element that does not have the NSWO authentication capability.

According to the above solution, it is also possible to select a unified data management network element without NSWO authentication capability according to the mapping relationship between the predefined identification information of the home network and the unified data management network element without NSWO authentication capability, so that the The method can select the corresponding unified data management network element according to the requirement in the scene where the unified data management network element with NSWO authentication capability and the unified data management network element without NSWO authentication capability exist at the same time.

As a possible implementation method, the first routing identifier is received; according to the indication information, the first unified data management network element corresponding to the identification information of the first home network and the first routing identifier is selected.

According to the above solution, the unified data management network element is selected according to the identification information of the home network and the routing identification, so that multiple unified data management network elements corresponding to one home network can be implemented, and these unified data management network elements can be implemented through different routing identifications. distinguish. Since there are multiple unified data management network elements that can be used, the flexibility of selection can be improved and the load of each unified data management network element can be reduced.

As a possible implementation method, according to the indication information, the first unified data management network element corresponding to the identification information of the first home network and the first routing identifier is selected from the third mapping relationship, and the third mapping The relationship includes the mapping relationship between the combination of the identification information of the home network and the routing identification and the unified data management network element with NSWO authentication capability.

According to the above scheme, the mapping relationship between the combination of the identification information of the home network and the routing identification and the unified data management network element with NSWO authentication capability can be defined in advance, so that the unified data management network element can be selected according to the mapping relationship, which is helpful To realize fast and accurate selection of unified data management network elements with NSWO authentication capabilities.

As a possible implementation method, the identification information of the first home network and the indication information from the authentication service functional network element are received; and the identification information of the first unified data management network element is sent to the authentication service functional network element.

In the second aspect, the embodiment of the present application provides a network element selection method, which can be executed by a network storage function network element or a module (such as a chip) used for a network storage function network element, or by a NSWO network element or a network element used for Modules (such as chips) of NSWO network elements are implemented. The method includes: receiving identification information and indication information of the first home network, the indication information instructing the terminal device to use NSWO to access the network; according to the indication information, selecting the first authentication corresponding to the identification information of the first home network The service function network element, the first authentication service function network element has NSWO authentication capability.

According to the above scheme, it is possible to select an authentication service function network element with NSWO authentication capability, so that the authentication service function network element can provide NSWO authentication services for terminal devices that use NSWO to access the network, which helps to realize terminal Fast and correct access of equipment.

As a possible implementation method, according to the indication information, select the first authentication service function network element corresponding to the identification information of the first home network from the first mapping relationship, the first mapping relationship includes the identification of the home network The mapping relationship between the information and the authentication service function network element with NSWO authentication capability.

According to the above solution, the mapping relationship between the identification information of the home network and the authentication service function network element with NSWO authentication capability can be defined in advance, so that the authentication service function network element can be selected according to the mapping relationship, which is helpful to realize fast and accurate Select an authentication service functional network element with NSWO authentication capability.

As a possible implementation method, the identification information of the second home network is received; the second authentication service function network element corresponding to the identification information of the second home network is selected from the second mapping relationship, and the second authentication service function network element The element does not have the NSWO authentication capability, and the second mapping relationship includes the mapping relationship between the identification information of the home network and the authentication service function network element that does not have the NSWO authentication capability.

According to the above solution, it is also possible to select an authentication service function network element without NSWO authentication capability according to the mapping relationship between the predefined identification information of the home network and the authentication service function network element without NSWO authentication capability, so that the The method can select the corresponding authentication service function network element according to the requirement in the scenario where there are authentication service function network elements with NSWO authentication capability and authentication service function network elements without NSWO authentication capability at the same time.

As a possible implementation method, the first routing identifier is received; according to the indication information, the first authentication service function network element corresponding to the identification information of the first home network and the first routing identifier is selected.

According to the above solution, the authentication service function network element is selected according to the identification information of the home network and the routing identifier, so that a home network corresponds to multiple authentication service function network elements, and these authentication service function network elements are implemented through different routing identifiers. distinguish. Since there are multiple authentication service function network elements that can be used, the flexibility of selection can be improved and the load of each authentication service function network element can be reduced.

As a possible implementation method, according to the indication information, the first authentication service function network element corresponding to the identification information of the first home network and the first routing identifier is selected from the third mapping relationship, and the third mapping The relationship includes the mapping relationship between the combination of the identification information of the home network and the routing identification and the authentication service function network element with NSWO authentication capability.

According to the above scheme, the mapping relationship between the combination of the identification information of the home network and the routing identification and the authentication service function network element with NSWO authentication capability can be defined in advance, so that the authentication service function network element can be selected according to the mapping relationship, which is helpful In order to realize fast and accurate selection of authentication service functional network elements with NSWO authentication capabilities.

As a possible implementation method, the identification information of the first home network and the indication information from the NSWO network element are received; and the identification information of the first authentication service function network element is sent to the NSWO network element.

In a third aspect, the embodiment of the present application provides a method for selecting a network element, and the method may be executed by a network element with a network storage function or a module (such as a chip) used for the network element with a network storage function. The method includes: receiving a first message, the first message including the identification information of the first home network; according to the first message, it is determined that the terminal device uses NSWO to access the network, and then selecting the The first authentication service function network element, the first authentication service function network element has NSWO authentication capability.

According to the above scheme, it is possible to select an authentication service function network element with NSWO authentication capability, so that the authentication service function network element can provide NSWO authentication services for terminal devices that use NSWO to access the network, which helps to realize terminal Fast and correct access of equipment.

As a possible implementation method, the first authentication service function network element corresponding to the identification information of the first home network is selected from the first mapping relationship, the first mapping relationship includes the identification information of the home network and the The mapping relationship between authentication service function network elements of authorization capabilities.

According to the above solution, the mapping relationship between the identification information of the home network and the authentication service function network element with NSWO authentication capability can be defined in advance, so that the authentication service function network element can be selected according to the mapping relationship, which is helpful to realize fast and accurate Select an authentication service functional network element with NSWO authentication capability.

As a possible implementation method, the second message is received, and the second message includes the identification information of the second home network; according to the second message, it is determined that the terminal device does not use the NSWO method to access the network, then from the second mapping relationship Selecting a second authentication service function network element corresponding to the identification information of the second home network, the second authentication service function network element does not have the NSWO authentication capability, and the second mapping relationship includes the identification information of the home network and the network element without NSWO The mapping relationship between authentication service function network elements of authentication capabilities.

According to the above solution, it is also possible to select an authentication service function network element without NSWO authentication capability according to the mapping relationship between the predefined identification information of the home network and the authentication service function network element without NSWO authentication capability, so that the The method can select the corresponding authentication service function network element according to the requirement in the scenario where there are authentication service function network elements with NSWO authentication capability and authentication service function network elements without NSWO authentication capability at the same time.

As a possible implementation method, the first message further includes a first routing identifier; and the first authentication service function network element corresponding to the first home network identification information and the first routing identifier is selected.

According to the above solution, the authentication service function network element is selected according to the identification information of the home network and the routing identifier, so that a home network corresponds to multiple authentication service function network elements, and these authentication service function network elements are implemented through different routing identifiers. distinguish. Since there are multiple authentication service function network elements that can be used, the flexibility of selection can be improved and the load of each authentication service function network element can be reduced.

As a possible implementation method, the first authentication service function network element corresponding to the identification information of the first home network and the first routing identifier is selected from the third mapping relationship, where the third mapping relationship includes the identification information of the home network The mapping relationship between the combination of identification information and routing identification and the authentication service function network element with NSWO authentication capability.

According to the above scheme, the mapping relationship between the combination of the identification information of the home network and the routing identification and the authentication service function network element with NSWO authentication capability can be defined in advance, so that the authentication service function network element can be selected according to the mapping relationship, which is helpful In order to realize fast and accurate selection of authentication service functional network elements with NSWO authentication capabilities.

As a possible implementation method, the first message includes a network function type indicating the NSWO network function; according to the network function type, it is determined that the terminal device uses NSWO to access the network.

As a possible implementation method, according to the name of the first message, it is determined that the terminal device uses NSWO to access the network.

As a possible implementation method, the first message from the NSWO network element is received; and the identification information of the first authentication service function network element is sent to the NSWO network element.

In the fourth aspect, the embodiment of the present application provides a communication device, which can be a network storage function network element or a module (such as a chip) applied to a network storage function network element, or an authentication service function network element or an authentication service function network element A module (such as a chip) in a service function network element. The device has the function of realizing any realization method of the first aspect above. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware. The hardware or software includes one or more modules corresponding to the above functions.

In the fifth aspect, the embodiment of the present application provides a communication device, which can be a network storage function network element or a module (such as a chip) applied to a network storage function network element, or a NSWO network element or a NSWO network element Modules (such as chips) in . The device has the function of implementing any implementation method of the second aspect above. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware. The hardware or software includes one or more modules corresponding to the above functions.

In a sixth aspect, the embodiment of the present application provides a communication device, which may be a network storage function network element or a module (such as a chip) applied to a network storage function network element. The device has the function of realizing any realization method of the third aspect above. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware. The hardware or software includes one or more modules corresponding to the above functions.

In the seventh aspect, the embodiment of the present application provides a communication device, including a processor and a memory; the memory is used to store computer instructions, and when the device is running, the processor executes the computer instructions stored in the memory so that the device executes Any implementation method in the first aspect to the third aspect above.

In an eighth aspect, the embodiment of the present application provides a communication device, including a unit or means (means) for performing each step of any implementation method in the first aspect to the third aspect.

In a ninth aspect, the embodiment of the present application provides a communication device, including a processor and an interface circuit, the processor is configured to communicate with other devices through the interface circuit, and execute any implementation method in the first aspect to the third aspect above. The processor includes one or more.

In the tenth aspect, the embodiment of the present application provides a communication device, including a processor coupled to the memory, and the processor is used to call the program stored in the memory to execute any implementation method in the first aspect to the third aspect above . The memory may be located within the device or external to the device. And there may be one or more processors.

In the eleventh aspect, the embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores instructions, and when it is run on a communication device, the above-mentioned first to third aspects Any implementation method of is executed.

In the twelfth aspect, the embodiment of the present application also provides a computer program product, the computer program product includes a computer program or instruction, when the computer program or instruction is run by a communication device, any of the above first to third aspects The implementation method is executed.

In a thirteenth aspect, the embodiment of the present application further provides a chip system, including: a processor, configured to execute any implementation method in the first aspect to the third aspect above.

In a fourteenth aspect, the embodiment of the present application further provides a communication system, including an authentication service function network element and a network storage function network element. Wherein, the authentication service function network element is used to send the identification information and indication information of the first home network to the network storage function network element, and the indication information instructs the terminal device to use NSWO to access the network. A network element with a network storage function, configured to execute any implementation method in the first aspect.

In a fifteenth aspect, the embodiment of the present application further provides a communication system, including a NSWO network element and an authentication service function network element. Wherein, the NSWO network element is configured to send the identification information and indication information of the first home network to the network element with the authentication service function, and the indication information instructs the terminal equipment to use NSWO to access the network. The authentication service function network element is configured to execute any implementation method in the first aspect.

In a sixteenth aspect, the embodiment of the present application further provides a communication system, including a NSWO network element and a network storage function network element. Wherein, the NSWO network element is configured to send the identification information and indication information of the first home network to the network storage functional network element, and the indication information instructs the terminal device to use the NSWO mode to access the network. A network storage function network element, configured to implement any implementation method in the second aspect.

In a seventeenth aspect, the embodiment of the present application further provides a communication system, including a NSWO network element and a network storage function network element. Wherein, the NSWO network element is configured to send a first message to the network storage functional network element, where the first message includes identification information of the first home network. A network element with a network storage function, configured to implement any implementation method in the third aspect.

Description of drawings

FIG. 1 is a schematic diagram of a non-3GPP access architecture in a 4G system;

Figure 2 is a schematic diagram of the 5G network architecture;

Figure 3 is a schematic diagram of the NSWO architecture in 5G;

FIG. 4 is a schematic flowchart of a method for selecting a network element provided in an embodiment of the present application;

FIG. 5 is a schematic flowchart of a method for selecting a network element provided in an embodiment of the present application;

FIG. 6 is a schematic flowchart of a method for selecting a network element provided in an embodiment of the present application;

FIG. 7 is a schematic flowchart of a method for selecting a network element provided in an embodiment of the present application;

FIG. 8 is a schematic flowchart of a method for selecting a network element provided in an embodiment of the present application;

FIG. 9 is a schematic diagram of a communication device provided by an embodiment of the present application;

FIG. 10 is a schematic diagram of a communication device provided by an embodiment of the present application.

Detailed ways

The technical solutions provided by the embodiments of the present application may be applied to various communication systems, for example, a fifth generation (5th generation, 5G) system or a new radio (new radio, NR) or a future 3GPP system.

Generally speaking, the number of connections supported by traditional communication systems is limited and easy to implement. However, with the development of communication technologies, mobile communication systems will not only support traditional communication, but also support, for example, device-to-device (D2D ) communication, machine to machine (machine to machine, M2M) communication, machine type communication (machine type communication, MTC), vehicle to everything (vehicle to everything, V2X) communication (also called vehicle networking communication), for example, vehicle and Vehicle (vehicle to vehicle, V2V) communication (also known as vehicle-to-vehicle communication), vehicle-to-infrastructure (V2I) communication (also known as vehicle-to-infrastructure communication), vehicle-to-pedestrian (vehicle to pedestrian (V2P) communication (also called vehicle-to-person communication), and vehicle-to-network (V2N) communication (also called vehicle-to-network communication).

FIG. 1 provides a schematic diagram of a non-3GPP access architecture in a fourth generation (4th generation, 4G) system. Non-3GPP access means that terminal equipment accesses the operator's network through non-3GPP access technology and uses the operator's network resources. The non-3GPP access technologies include wireless local area network (wireless local area network, WLAN), code division multiple access (code division multiple access, CDMA) and other access technologies.

Each network element that may be involved in the embodiment of the present application will be described respectively below with reference to FIG. 1 .

1. Terminal equipment: can be called user equipment (user equipment, UE), terminal, access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, wireless communication device , User Agent, or User Device. The terminal device can also be a cellular phone, a cordless phone, a session initiation protocol (sessioninitiation protocol, SIP) phone, a wireless local loop (wireless local loop, WLL) station, a personal digital assistant (personal digital assistant, PDA), with a wireless communication function Handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, UEs in 5G networks or future evolutions of public land mobile networks (public land mobile network, PLMN) or non-terrestrial networks (non-terrestrial networks, NTN) UE, etc., can also be logical entities, smart devices, such as mobile phones, smart terminals, etc., or communication devices such as servers, gateways, base stations, controllers, or Internet of Things devices, such as sensors, Internet of things (IoT) devices such as electric meters and water meters. It may also be an unmanned aerial vehicle (unmannedaerial vehicle or uncrewed aerial vehicle, UAV) with a communication function. The embodiment of the present application does not limit this.

2. Home subscriber server (HSS): HSS is a server used to store user subscription information in the evolved packet system (EPS), and is mainly responsible for managing user subscription data and mobile user location information .

3. Policy and charging rules function (Policy and charging rules function, PCRF): PCRF is the policy and charging control policy decision point for service data flow and internet protocol (internet protocol, IP) bearer resources. The charging and charging execution function unit selects and provides available policies and charging control decisions.

4. Public data network (PDN) gateway: The PDN gateway includes functions such as providing user session management and bearer control, data forwarding, IP address allocation, and non-3GPP user access. It is the anchor point for 3GPP access and non-3GPP access to public data networks.

5. Authentication, authorization, and accounting (authentication, authorization, accounting, AAA) server: AAA server is a server program that can handle user access requests, and provides authentication authorization and account services. The main purpose is to manage user access to the network server. Services provided to users with access rights. AAA servers usually work in conjunction with network access control, gateway servers, databases, and user information directories.

6. IP multimedia subsystem (IP multimedia subsystem, IMS): IMS is a brand-new multimedia service form, which can meet the more novel and diversified multimedia service requirements of terminal customers.

It can be seen from Figure 1 that the terminal device can access the 4G network through the trusted non-3GPP based on the S2a interface, or it can also access the 4G network through the untrusted non-3GPP based on the Swu+S2b interface, Swa interface or STa interface. 4G network.

When a terminal device in a 4G system accesses a network through a non-3GPP, it passes through network elements such as an HSS and a 3GPP AAA server instead of a mobility management entity (MME). For example, when a terminal device accesses the network through NSWO, it can access the network through the WLAN access point instead of the MME. Wherein, not passing through the MME means that the process of accessing the network does not involve direct or indirect interaction between the terminal device and the MME.

During the evolution from 4G to 5G, the 5G network considers the situation that the terminal equipment accesses the 5G network through the S2a and S2b interfaces, but does not consider the Swa interface and the STa interface. Therefore, how the terminal equipment accesses the 5G network through the Swa interface and the STa interface is now being considered. The characteristic of the Swa interface and the STa interface is that after the terminal device accesses through an untrusted non-3GPP, it needs to complete the authentication through the interaction between the 3GPP AAA server and the HSS. After the terminal device is successfully authenticated, the terminal device can directly use the Trusted non-3GPP access technology for network access. In this case, the traffic data of the terminal device can go directly to the PDN gateway and be forwarded to the external network by the PDN gateway, or the traffic data of the terminal device can also go directly to the external network without passing through the PDN gateway.

Figure 2 shows the current 5G network architecture. Each network element that may be involved in the embodiment of the present application will be described respectively below with reference to FIG. 2 .

1. Terminal equipment: refer to the previous description for details.

2. Access network (AN): The access network is used to provide network access functions for authorized users in a specific area, and can use transmission tunnels of different qualities according to user levels and service requirements. The access network may be an access network using different access technologies. There are currently two types of radio access technologies: 3GPP access technologies (such as those used in 3G, 4G or 5G systems or future 3GPP radio access technologies) and non-3GPP access technologies (non-3GPP ) access technology. 3GPP access technology refers to the access technology that complies with 3GPP standards and specifications. The access network using 3GPP access technology is called radio access network (radio access network, RAN). Among them, the access network equipment in the 5G system is called Next generation Node Base station (gNB). The non-3GPP access technology refers to an access technology that does not conform to the 3GPP standard specification, for example, an air interface technology represented by an access point (access point, AP) in wireless fidelity (wireless fidelity, Wi-Fi).

An access network that implements access network functions based on wireless communication technology may be referred to as a radio access network (RAN). The wireless access network can manage wireless resources, provide access services for terminal equipment, and then complete the forwarding of control signals and user data between terminal equipment and the core network.

The access network equipment can be, for example, a base station (NodeB), an evolved base station (evolved NodeB, eNB or eNodeB), a base station (gNB) in a 5G mobile communication system, a base station in a future mobile communication system, or an AP in a Wi-Fi system etc., it can also be a wireless controller in a cloud radio access network (cloud radio access network, CRAN) scenario, or the access network device can be a relay station, an access point, a vehicle-mounted device, a wearable device, or a device in a future 5G network. network equipment or network equipment in the future evolved PLMN. The embodiment of the present application does not limit the specific technology and specific equipment form adopted by the access network equipment.

3. Access and mobility management function (AMF) network elements: AMF network elements are mainly used for mobility management and access management, etc., and can be used to implement other functions in MME functions except session management , for example, functions such as lawful interception, or access authorization (or authentication).

4. Authentication server function (authentication server function, AUSF) network element: the AUSF network element is mainly used for user authentication and the like.

5. Unified data management (unified data management, UDM) network element: the UDM network element is used to process user identification, access authentication, registration, or mobility management.

6. Network exposure function (network exposure function, NEF) network element: The NEF network element is used to support the exposure of capabilities and events.

7. Network repository function (network repository function, NRF) network element: The NRF network element is used to provide a network element discovery function, and based on the request of other network elements, provide network element information corresponding to the network element type. NRF also provides network element management services, such as network element registration, update, de-registration, network element status subscription and push, etc.

8. Policy control function (policy control function, PCF) network element: PCF network element includes billing for sessions and service flow levels, quality of service (quality of service, QoS) bandwidth guarantee and mobility management, terminal policy decisions, etc. Policy control function.

9. User plane function (user plane function, UPF) network element: UFP network element is used as an interface with the data network, including functions such as completing user plane data forwarding, session/flow-based charging statistics, and bandwidth limitation.

10. A session management function (session management function, SMF) network element, including functions such as executing session management, executing control policies issued by the PCF, selecting UPF, and assigning IP addresses to terminal equipment.

In the network architecture shown in Figure 2, the N1 interface is the reference point between the terminal equipment and the AMF network element; the N2 interface is the reference point between the AN and the AMF network element, and is used for the non-access stratum (NAS ) messages, etc.; N3 interface is the reference point between (R)AN and UPF network elements, used to transmit user plane data, etc.; N4 interface is the reference point between SMF network elements and UPF network elements, used for Transmit information such as the tunnel identification information of the N3 connection, data cache indication information, and downlink data notification messages; the N6 interface is the reference point between the UPF network element and the data network (DN), and is used to transmit data on the user plane wait.

It should be understood that the above-mentioned network architecture shown in FIG. 2 can be applied to the embodiment of the present application. In addition, the network architecture applicable to the embodiment of the present application is not limited thereto. Any network architecture that can realize the functions of the above-mentioned network elements is applicable to Example of this application.

It should also be understood that the AMF network element, SMF network element, UPF network element, NEF network element, AUSF network element, NRF network element, PCF network element, and UDM network element shown in FIG. Network elements with different functions, for example, can be combined into network slices on demand. These network elements of the core network may be independent devices, or may be integrated into the same device to implement different functions, which is not limited in this application. It should be noted that the foregoing "network element" may also be referred to as an entity, device, device, or module, etc., which are not specifically limited in this application.

It should also be understood that the above naming is only used to distinguish different functions, and does not mean that these network elements are independent physical devices. This application does not limit the specific form of the above network elements. For example, they can be integrated in the same physical device , can also be different physical devices. In addition, the above naming is only for the convenience of distinguishing different functions, and should not constitute any limitation to this application, and this application does not exclude the possibility of using other naming in 5G network and other networks in the future. For example, in a 6G network, some or all of the above network elements may use the terms in 5G, or may use other names. A unified description will be made here, and details will not be repeated below.

It should also be understood that the communication between network elements in FIG. 2 is based on the service-oriented interface, for example, the service-oriented interface is used between network elements to perform information exchange or call services. The name of the interface between network elements in FIG. 2 is just an example, and the name of the interface in a specific implementation may be another name, which is not specifically limited in this application. In addition, the name of the message (or signaling) transmitted between the above network elements is only an example, and does not constitute any limitation on the function of the message itself.

In this network architecture, RAN supports two access technologies, namely 3GPP access technologies and non-3GPP access technologies. It can be seen from Figure 2 that if a terminal device accesses the 5G core network through a non-3GPP technology, it needs to pass through the AMF network element. For example, the AMF network element needs to perform the main authentication process to complete the mutual authentication between the terminal device and the network side. In fact, in the context of the integration of 3GPP and non-3GPP, terminal equipment accesses the 5G core network through 3GPP and non-3GPP access technologies and performs authentication through AMF network elements. In this case, if the terminal device can complete the user plane data interaction through non-3GPP access, then the need to access the 5G core network will lead to heavy burdens such as AMF network element processing and signaling interaction, which will affect the communication efficiency of the network. In addition, the network architecture in which terminal devices are connected to the 5G core network through non-3GPP technologies has not yet been actually deployed, and the deployment of this network architecture requires a very high cost.

In view of the NSWO mode in the 4G system, the terminal device can access the network through the WLAN access point instead of the MME, and the architecture of the terminal device accessing the network through the NSWO mode has basically been deployed. A solution for accessing the 5G core network. Referring to Figure 3, it is a schematic diagram of the NSWO architecture in 5G. In the 5G NSWO architecture, a new NSWO network function (network funciton, NF) network element is added. The NSWONF network element is connected to the untrusted non-3GPP access network through the Swa interface, and through the Nx (x represents that the interface number has not been defined) interface Connect with AUSF. The NSWO NF network element has the protocol conversion function between the Swa interface and the Nx interface. Wherein, the Swa interface may be based on Remote Authentication Dial-In User Service (RADIUS) protocol or Diameter protocol, and the Nx interface may be a service-based interface (service-based interface, SBI) interface. The embodiment of the present application does not limit the name of the NSWO NF network element, and the name of the NSWO NF network element can also be changed in future communications. In the embodiment of the present application, the NSWO network element may also be referred to as the NSWO NF network element, or as the NSWO NF for short.

For convenience of description, in the embodiments of the present application, the unified data management (UDM) network element is referred to as UDM, the authentication service function network element (AUSF) network element is referred to as AUSF, and the network storage function (NRF) network element is referred to as NRF.

In this embodiment of the present application, the identification information of the home network refers to the identification information used to identify the home network, and the identification information of the home network may be a home network identifier (home network identifier, HNI), or other information that can identify the home network. Information, here is a unified explanation, and I won’t repeat it later. For ease of description, in the embodiment of the present application, the identification information of the home network is HNI as an example for illustration.

In this embodiment of the present application, a routing ID (routing ID, RID) is used to select a serviceable AUSF and/or UDM for a terminal device.

In the embodiment of this application, UDM has NSWO authentication capability, which can also be understood as UDM can select an authentication method for NSWO authentication, or it can be understood as UDM can identify and instruct terminal equipment to use NSWO to access the network Instructions. Moreover, in the current 5G network, the unupgraded UDM does not have the NSWO authentication capability, and the upgraded UDM has the NSWO authentication capability. Therefore, in the embodiment of this application, the UDM with the NSWO authentication capability can be understood as the upgraded UDMs.

In the embodiment of the present application, the AUSF has the NSWO authentication capability, which can also be understood as the AUSF being able to identify the indication information instructing the terminal device to use the NSWO method to access the network. Moreover, in the current 5G network, the unupgraded AUSF does not have the NSWO authentication capability, and the upgraded AUSF has the NSWO authentication capability. Therefore, in the embodiment of this application, the AUSF with the NSWO authentication capability can be understood as the upgraded AUSF AUSF.

Referring to FIG. 4 , it is a flow chart of a method for selecting a network element provided in an embodiment of the present application. This method is used to select a UDM with NSWO authentication capability. The method may be executed by the AUSF or a module (such as a chip) for the AUSF, or may also be executed by the NRF or a module (such as a chip) for the NRF.

The method includes the following steps:

Step 401, receiving the first HNI and indication information, the indication information instructing the terminal device to use NSWO to access the network.

The indication information may also be expressed by NSWO indicator, or by other names, which is not limited in this embodiment of the present application. A unified description is made here and will not be repeated later.

As an implementation method, the indication information in this embodiment of the present application may be included in a serving network name (serving network name, SNN), or may be an SNN that can be used to instruct the terminal device to access the network using NSWO; or the The indication information may be included in a user concealed identifier (subscription concealed identifier, SUCI), or may be a SUCI in a network access identifier (network access identifier, NAI) format; or the indication information is a separate piece of information (such as bit information), where Do a unified description, and will not repeat them later.

The indication information indicates that the terminal device uses the NSWO method to access the network. It can also be understood that the indication information indicates that the terminal equipment in the NSWO authentication process is authenticated, or that the indication information indicates that it is currently in the NSWO authentication process. Here Make a unified description, and will not repeat it later.

Step 402: Select the first UDM corresponding to the first HNI according to the indication information, and the first UDM has NSWO authentication capability.

It can be understood that the indication information triggers the execution of selecting a UDM with NSWO authentication capability.

According to the above solution, it is possible to select a UDM with NSWO authentication capability, so that the UDM can provide NSWO authentication services for terminal devices accessing the network in NSWO mode, which helps to realize fast and correct access of terminal devices.

An application scenario of the above method is introduced below. In the current 5G network, UDM (which can be a non-upgraded UDM or an upgraded UDM) supports two authentication methods, that is, extensible authentication protocol-authentication and key agreement (EAP- AKA') authentication method and 5G-AKA authentication method. At present, in the scenario where the terminal device uses NSWO to access the network, it has been determined that only the EAP-AKA' authentication method can be used to authenticate the terminal device. In order to enable the UDM to select the EAP-AKA' authentication method in the scenario where the terminal device uses NSWO to access the network, a possible implementation method is to send an indication message to the UDM, which indicates the terminal device Using NSWO to access the network, when the UDM receives the indication information, the UDM is triggered to select the EAP-AKA' authentication method instead of the 5G-AKA authentication method. However, according to the above description, if the UDM is not upgraded, the UDM does not have the NSWO authentication capability, so the UDM cannot recognize the indication information, so it cannot be guaranteed that the UDM can definitely select EAP-AKA' authentication method. If the UDM is an upgraded UDM, the UDM has NSWO authentication capability, so the UDM can recognize the indication information, thereby ensuring that the UDM can select the EAP-AKA' authentication method. Therefore, in combination with the method embodiment corresponding to Figure 4 above, it is possible to select a UDM with NSWO authentication capability (that is, an upgraded UDM), and then in the scenario where the terminal device uses NSWO to access the network, the NSWO authentication capability can be selected. The UDM with authorization capability can identify the received indication information, so as to ensure that the UDM can select the EAP-AKA' authentication method according to the indication information.

As an implementation method, the embodiment of the present application can predefine the mapping relationship between HNI and UDM. The mapping relationship can be defined in the form of a table or in the form of a function. The definition form of the mapping relationship in the embodiment of the present application No limit. The definition form of the table is taken as an example to illustrate below.

Wherein, the mapping relationship between HNI and UDM can be stored in NRF or AUSF, or can also be stored in a database independent of NRF or AUSF.

Exemplarily, the following table 1-1 is an example of the mapping relationship between HNI and UDM with NSWO authentication capability.

Table 1-1

HNI UDM with NSWO authentication capability HNI 1 Identification information of UDM1 or identification information of UDM set 1 HNI 2 Identification information of UDM 2 or identification information of UDM set 2 HNI 3 Identification information of UDM 3 or identification information of UDM set 3

Wherein, each UDM in the mapping relationship shown in Table 1-1 above is a UDM with NSWO authentication capability, that is, an upgraded UDM. In the embodiment of the present application, the mapping relationship between the HNI and the UDM with NSWO authentication capability is referred to as the first mapping relationship.

As an implementation method, in the embodiment of the present application, the mapping relationship between the HNI and the UDM without NSWO authentication capability can also be defined. In the embodiment of the present application, the mapping relationship between the HNI and the UDM without NSWO authentication capability is referred to as the second mapping relationship.

Exemplarily, the following table 1-2 is an example of the mapping relationship between HNI and UDM without NSWO authentication capability.

Table 1-2

HNI UDM without NSWO authentication capability HNI 1 Identification information of UDM4 or identification information of UDM set 4 HNI 2 Identification information of UDM 5 or identification information of UDM set 5 HNI 3 Identification information of UDM 6 or identification information of UDM set 6

Wherein, each UDM in the mapping relationship shown in Table 1-2 above is a UDM without NSWO authentication capability, that is, a UDM network element that has not been upgraded.

In the first mapping relationship or the second mapping relationship above, one HNI can uniquely correspond to the identification information of one UDM, and the identification information can be an instance ID (instance ID), an address (address) or a fully qualified domain name (fullyqualified domain name, FQDN) . One HNI may also correspond to the identification information (set ID) of a UDM set, and the UDM set includes identification information of multiple UDMs. When the UDM set corresponding to the HNI is obtained according to an HNI, a UDM can be further selected from the UDM set, for example, a UDM can be selected according to a preset rule, or a UDM can be randomly selected from the UDM set. The embodiment does not limit the implementation method of selecting a UDM from the UDM set.

In the embodiment of the present application, an HNI includes a mobile country code (mobile country code, MCC) and a mobile network code (mobile network code, MNC). Therefore, in the above-mentioned first mapping relationship or second mapping relationship, an HNI can also use MCC and MNC combination to replace. For example, HNI 1 in the above Table 1-1 can be replaced by (MCC=A, MNC=B), HNI 2 can be replaced by (MCC=A, MNC=C), HNI 3 can be replaced by (MCC=E, MNC=F) for substitution. The above Tables 1-2 can also be replaced by a similar method.

As an implementation method, the above step 402 may specifically be: selecting the first UDM corresponding to the first HNI from the above first mapping relationship according to the indication information.

As an implementation method, if the NRF or AUSF receives the second HNI, but does not receive the indication information instructing the terminal device to access the network through NSWO, the NRF or AUSF can select the second HNI from the above-mentioned second mapping relationship. The second UDM corresponding to the HNI does not have the NSWO authentication capability.

As another implementation method, if the NRF or AUSF receives the second HNI, but does not receive the indication information instructing the terminal device to use the NSWO method to access the network, the NRF or AUSF can base on the existing selection logic, according to the second HNI selects UDM, which may or may not have NSWO authentication capability. In other words, it is uncertain whether the UDM selected by NRF or AUSF has NSWO authentication capability.

As yet another implementation method, in the case of not receiving the instruction information instructing the terminal device to use NSWO to access the network, the NRF or AUSF can select the HNI corresponding to the second HNI from the above-mentioned first mapping relationship according to the local policy. A UDM with NSWO authentication capability, or a UDM without NSWO authentication capability corresponding to the second HNI selected from the second mapping relationship. For example, in the case of not receiving the instruction information instructing the terminal device to use NSWO to access the network, the NRF or AUSF will preferentially select the NSWO authentication capability corresponding to the second HNI from the first mapping relationship according to the local policy. A UDM. For another example, in the case of not receiving the instruction information instructing the terminal device to use the NSWO method to access the network, the NRF or AUSF, according to the local policy, preferentially selects the second HNI corresponding to the second HNI without NSWO authentication from the second mapping relationship. A UDM of capabilities.

As an implementation method, in the embodiment of the present application, the subscription data (also called user subscription data) of the terminal device may be stored in a database (unified data repository, UDR), and the same user subscription data on the UDR may be stored by multiple For example, different UDMs corresponding to the same HNI can go to UDR to obtain the same user subscription data. Combined with the implementation methods of selecting UDM introduced above, regardless of whether the UDM selected by NRF or AUSF has NSWO authentication capability, as long as these UDMs correspond to the same HNI, these UDMs can obtain the same user subscription data from the UDR. The user subscription data corresponds to the HNI. The following is combined with an example. For example, if NRF or AUSF receives HNI 1 and instruction information instructing the terminal device to use NSWO to access the network, NRF or AUSF selects UDM 1 with NSWO authentication capability according to the above Table 1-1. If the NRF or AUSF receives HNI 1 and does not receive the instruction information instructing the terminal device to use NSWO to access the network, it is assumed that the NRF or AUSF selects UDM4 without NSWO authentication capability according to the above table 1-2. In this example, both UDM 1 and UDM 4 correspond to HNI 1, so both UDM 1 and UDM 4 can obtain the same user subscription data from the same UDR, and the user subscription data corresponds to HNI 1.

A specific example of the method embodiment corresponding to the above-mentioned FIG. 4 is given below in conjunction with the above-mentioned Table 1-1 and Table 1-2. Take the NRF executing the method embodiment corresponding to FIG. 4 above as an example.

In an example, the NRF receives HNI1 and indication information, the indication information indicates that the terminal device uses NSWO to access the network, and the indication information triggers the NRF to select a UDM with NSWO authentication capability from the above table 1-1, Specifically, UDM 1 is selected, or a UDM in the UDM set indicated by the identification information of UDM set 1 is selected. According to the indication information, the NRF will not select the UDM without NSWO authentication capability (that is, the UDM before the upgrade) from Table 1-2. Through this method, the indication information is used to trigger the NRF to select a UDM with NSWO authentication capability from the above Table 1-1.

In yet another example, NRF receives HNI1, but does not receive the above indication information instructing the terminal device to use NSWO to access the network, then NRF selects a UDM without NSWO authentication capability from the above table 1-2, Specifically, UDM 4 is selected, or a UDM in the UDM set indicated by the identification information of UDM set 4 is selected. Since the above indication information has not been received, the NRF will not select a UDM with NSWO authentication capability from Table 1-1. Through this method, NRF selects a UDM without NSWO authentication capability from the above table 1-2.

In another example, NRF receives HNI1, but does not receive the above indication information instructing the terminal device to use NSWO to access the network, then NRF can select a UDM with NSWO authentication capability from the above table 1-1 , you can also select a UDM that does not have NSWO authentication capability from the above table 1-2. The specific selection depends on the implementation, such as selection according to local policies. It can be understood that if the above indication information is not received, the UDM selected by the NRF may or may not have the NSWO authentication capability.

As an implementation method, this embodiment of the present application may further establish an association between the foregoing indication information and the foregoing first mapping relationship or the second mapping relationship.

One implementation method is to establish an association between the indication information and the above-mentioned first mapping relationship, and the first mapping relationship can be found through the indication information.

Another implementation method is to combine the above-mentioned first mapping relationship with the second mapping relationship, and use the indication information as part of the combined mapping relationship, the indication information instructing the terminal device to use NSWO to access the network. Taking the above Table 1-1 and Table 1-2 as an example, the above Table 1-1 can be combined with the above Table 1-2, and the instruction information can be added to the combined table, as shown in Table 1-3. mapping relationship.

Table 1-3

Among them, in the above Tables 1-3, UDM 1, UDM 2, UDM 3, UDMs in UDM set 1, UDMs in UDM set 2, and UDMs in UDM set 3 are all UDMs with NSWO authentication capability. UDM 4, UDM 5, UDM 6, UDMs in UDM set 4, UDMs in UDM set 5, and UDMs in UDM set 6 are UDMs without NSWO authentication capability.

As an example, if the NRF or AUSF receives the HNI 1, the UDM 4 corresponding to the HNI 1 or a UDM in the UDM set 4 can be determined according to Table 1-3. If the NRF or AUSF receives HNI 1 and indication information, it determines the UDM 1 corresponding to HNI 1 or a UDM in UDM set 1 according to Table 1-3.

As an implementation method, the first RID may also be received in the above step 401, and the above step 402, specifically: according to the above indication information, select the first UDM corresponding to the first HNI and the first RID. That is, in this method, the corresponding UDM is found through the combination of the HNI and the RID.

In the embodiment of the present application, the mapping relationship between the combination of the HNI and the RID and the UDM can be defined, that is, the corresponding UDM can be found through the combination of the HNI and the RID. The mapping relationship may be defined in the form of a table or in the form of a function, and the embodiment of the present application does not limit the definition form of the mapping relationship. The definition form of the table is taken as an example to illustrate below. Wherein, the mapping relationship between the combination of HNI and RID and UDM can be stored in NRF or AUSF, or can also be stored in a database independent of NRF or AUSF.

Exemplarily, the following table 2-1 is an example of the mapping relationship between the combination of HNI and RID and the UDM with NSWO authentication capability.

table 2-1

Wherein, each UDM in the mapping relationship shown in Table 2-1 above is a UDM with NSWO authentication capability, that is, an upgraded UDM. In the embodiment of the present application, the mapping relationship between the combination of the HNI and the RID and the UDM having the NSWO authentication capability is referred to as the third mapping relationship.

As an implementation method, it can be understood that the RID corresponding to HNI3 in Table 2-1 is empty, which can mean that it can indicate that in the case of receiving the instruction information instructing the terminal device to use the NSWO method to access the network , choose to UDM6. Or it can be understood that, when receiving the instruction information and the HNI 3 instructing the terminal device to use the NSWO method to access the network, the corresponding UDM can be determined according to the HNI 3 without referring to the received RID.

In addition, it should be noted that the value range of the RID in Table 2-1 is just an example, and this embodiment does not limit the specific relationship between the number of HNIs and RIDs. For example, it can be understood that the network corresponding to HNI1 is configured with 3 RID values in total, and the network corresponding to HNI2 is configured with 2 RID values in total. It can also be understood that, taking the network corresponding to HNI1 as an example, the network corresponding to HNI1 is configured with more than 3 RID values, but only RID0, RID 1 and RID 2 that can be used for NSWO authentication are included in Table 2-1. Other RID values are not within the scope of this table. When receiving the RID value of the HNI not included in Table 2-1 (such as RID3), you can use the mapping relationship shown in Table 2-2 to query.

As an implementation method, in the embodiment of the present application, the mapping relationship between the combination of the HNI and the RID and the UDM without NSWO authentication capability can also be defined. In the embodiment of the present application, the mapping relationship between the combination of the HNI and the RID and the UDM without NSWO authentication capability is referred to as the fourth mapping relationship.

Exemplarily, the following table 2-2 is an example of the mapping relationship between the combination of HNI and RID and the UDM without NSWO authentication capability.

Table 2-2

Wherein, each UDM in the mapping relationship shown in Table 2-2 above is a UDM without NSWO authentication capability, that is, a UDM network element that has not been upgraded.

In the above third mapping relationship or fourth mapping relationship, a combination of an HNI and a RID may uniquely correspond to a UDM identification information, and the identification information may be an instance ID (instance ID), address (address) or FQDN. A combination of HNI and RID may also correspond to identification information (set ID) of a UDM set, and the UDM set includes identification information of multiple UDMs. When the UDM set corresponding to the HNI is obtained according to an HNI, a UDM can be further selected from the UDM set, for example, a UDM can be selected according to a preset rule, or a UDM can be randomly selected from the UDM set. The embodiment does not limit the implementation method of selecting a UDM from the UDM set.

In the embodiment of the present application, one HNI includes MCC and MNC. Therefore, in the third mapping relationship or the fourth mapping relationship, one HNI may also be replaced by a combination of MCC and MNC. Refer to the foregoing description for details.

As an implementation method, the above step 402 may specifically be: selecting the first UDM corresponding to the first HNI and the first RID from the above third mapping relationship according to the indication information.

As an implementation method, if the NRF or AUSF receives the third HNI, but does not receive the indication information instructing the terminal device to access the network in the way of NSWO, the NRF or AUSF can select the third HNI from the above fourth mapping relationship. UDM corresponding to HNI without NSWO authentication capability.

As another implementation method, if the NRF or AUSF receives the third HNI, but does not receive the indication information instructing the terminal device to use the NSWO method to access the network, the NRF or AUSF can base on the existing selection logic, according to the third HNI selects UDM, which may or may not have NSWO authentication capability. In other words, it is uncertain whether the UDM selected by NRF or AUSF has NSWO authentication capability.

As yet another implementation method, in the case of not receiving the instruction information instructing the terminal device to access the network in NSWO mode, the NRF or AUSF can select the third HNI corresponding to the third HNI from the above-mentioned third mapping relationship according to the local policy. A UDM with NSWO authentication capability, or a UDM without NSWO authentication capability corresponding to the third HNI selected from the fourth mapping relationship. For example, in the case of not receiving the instruction information instructing the terminal device to use NSWO to access the network, the NRF or AUSF, according to the local policy, preferentially selects the third HNI corresponding to the third HNI and has the NSWO authentication capability. A UDM. For another example, in the case of not receiving the instruction information instructing the terminal device to use NSWO to access the network, the NRF or AUSF, according to the local policy, preferentially selects the third HNI corresponding to the third HNI from the fourth mapping relationship without NSWO authentication. A UDM of capabilities.

As an implementation method, in the embodiment of this application, the subscription data (also called user subscription data) of the terminal device can be stored on the UDR, and the same user subscription data on the UDR can be obtained by multiple UDMs, for example, The same user subscription data is obtained from different UDMs corresponding to the same HNI to UDR. Combined with the implementation methods of selecting UDM introduced above, regardless of whether the UDM selected by NRF or AUSF has NSWO authentication capability, as long as these UDMs correspond to the same combination of HNI and RID, these UDMs can obtain the same user from UDR Subscription data, the user's subscription data corresponds to the HNI. The following is combined with an example. For example, if NRF or AUSF receives HNI 1, RID 0 and instruction information instructing terminal equipment to use NSWO to access the network, NRF or AUSF selects UDM 1 with NSWO authentication capability according to the above Table 2-1. If the NRF or AUSF receives HNI 1 and RID 0, and does not receive the instruction information instructing the terminal device to access the network through NSWO, it is assumed that the NRF or AUSF selects UDM without NSWO authentication capability according to the above table 2-2 7. In this example, both UDM 1 and UDM 7 correspond to the combination of HNI 1 and RID 0, so both UDM 1 and UDM 7 can obtain the same user subscription data from the same UDR, and the user subscription data corresponds to the HNI 1 and RID 0 The combination.

A specific example of the method embodiment corresponding to the above-mentioned FIG. 4 is given below in conjunction with the above-mentioned Table 2-1 and Table 2-2. Take the NRF executing the method embodiment corresponding to FIG. 4 above as an example.

In an example, the NRF receives HNI1, RID 0 and indication information, the indication information indicates that the terminal device uses NSWO to access the network, and the indication information triggers the NRF to select a NSWO authentication capability from the above table 2-1 Specifically, UDM 1 is selected, or a UDM in the UDM set indicated by the identification information of UDM set 1 is selected. According to the indication information, NRF will not select UDM without NSWO authentication capability (that is, UDM before upgrade) from Table 2-2. Through this method, the indication information is used to trigger the NRF to select a UDM with NSWO authentication capability from the above Table 2-1.

In yet another example, NRF receives HNI1 and RID 0, but does not receive the above indication information instructing the terminal device to access the network through NSWO, then NRF selects one from the above table 2-2 that does not have NSWO authentication capability Specifically, the UDM 7 is selected, or a UDM in the UDM set indicated by the identification information of the UDM set 7 is selected. Since the above indication information has not been received, the NRF will not select a UDM with NSWO authentication capability from Table 2-1. Through this method, NRF selects a UDM without NSWO authentication capability from the above table 2-2.

In another example, the NRF receives HNI1 and RID 0, but does not receive the above instruction information instructing the terminal device to access the network in the way of NSWO, then the NRF can select one from the above table 2-1 with NSWO authentication Capability UDM, you can also select a UDM without NSWO authentication capability from the above table 2-2. The specific selection depends on the implementation, such as selection according to local policies. It can be understood that if the above indication information is not received, the UDM selected by the NRF may or may not have the NSWO authentication capability.

As an implementation method, this embodiment of the present application may further establish an association between the foregoing indication information and the foregoing third or fourth mapping relationship.

An implementation method is to establish an association between the indication information and the above-mentioned third mapping relationship, and the first mapping relationship can be found through the indication information.

Another implementation method is to combine the above-mentioned third mapping relationship with the fourth mapping relationship, and use the indication information as part of the combined mapping relationship, the indication information instructing the terminal device to use the NSWO method to access the network. Taking the above Table 2-1 and Table 2-2 as an example, the above Table 2-1 can be combined with the above Table 2-2, and the instruction information can be added to the combined table, as shown in Table 2-3. mapping relationship.

Table 2-3

Wherein, in the above-mentioned Table 2-3, UDM 1 to UDM 6, and UDMs in UDM set 1 to UDM set 6 are all UDMs with NSWO authentication capability. UDM 7 to UDM 13, and UDMs in UDM set 7 to UDM set 13 are all UDMs without NSWO authentication capability.

As an example, if the NRF or AUSF receives HNI 1 and RID 0, it can determine the UDM 7 or a UDM in the UDM set 7 corresponding to the combination of HNI 1 and RID 0 according to Table 2-3. If the NRF or AUSF receives HNI 1, RID 0, and indication information, it determines the UDM 1 corresponding to HNI 1 or a UDM in UDM set 1 according to Table 2-3.

As an implementation method, if the above method embodiment corresponding to Figure 4 is executed by NRF, the above step 401 may specifically be: NRF receives the first HNI and indication information from AUSF, or NRF receives the first HNI from AUSF, The first RID and indication information. Further, after the above step 402, the NRF may also send the identified identification information of the first UDM with NSWO authentication capability to the AUSF.

As an implementation method, in the above step 401, the first HNI may be obtained from the received SUCI, or the first HNI and the first RID may be obtained from the received SUCI.

According to the method embodiment corresponding to FIG. 4 above, the AUSF selects a UDM, and selects a UDM instance, which is used to execute the connection between the terminal device and the UDM in the home public land mobile network (home public land mobile network, hPLMN). Inter-NSWO authentication. AUSF can select a UDM instance by itself, such as selecting a UDM instance locally through local configuration, or AUSF uses NRF to discover a UDM instance.

That is to say, the UDM selection function can be configured on the AUSF, and the UDM selection function can select an available UDM instance from the local configuration or use NRF to discover the UDM instance, and the UDM instance has NSWO authentication capability. Wherein, the UDM selection function in the AUSF uses the following information when selecting a UDM instance: 1. HNI in SUCI or HNI and RID in SUCI; 2. Indicator information (NSWO indicator).

Referring to FIG. 5 , it is a flow chart of a method for selecting a network element provided in an embodiment of the present application. This method is used to select AUSF with NSWO authentication capability. The method may be executed by NSWO NF or a module (such as a chip) for NSWO NF, or may also be executed by NRF or a module (such as a chip) for NRF.

The method includes the following steps:

Step 501, receiving the first HNI and indication information, the indication information instructing the terminal device to use NSWO to access the network.

The indication information may also be expressed by NSWO indicator, or by other names, which is not limited in this embodiment of the present application.

Step 502: Select the first AUSF corresponding to the first HNI according to the indication information, and the first AUSF has NSWO authentication capability.

It can be understood that the indication information triggers the execution of selecting an AUSF with NSWO authentication capability.

According to the above solution, it is possible to select an AUSF with NSWO authentication capability, so that the AUSF can provide NSWO authentication services for terminal devices accessing the network in NSWO mode, which helps to realize fast and correct access of terminal devices.

An application scenario of the above method is introduced below. According to the previous description, in the current 5G network, UDM supports two authentication methods, namely the EAP-AKA' authentication method and the 5G-AKA authentication method, and AUSF sends the UDM with NSWO authentication capability for The indication information instructing the terminal device to use the NSWO method to access the network triggers the UDM to select the EAP-AKA' authentication method according to the indication information, and the EAP-AKA' authentication method is used in the NSWO authentication process. In order to be able to send the above indication information to the UDM with NSWO authentication capability, it is first necessary to ensure that the AUSF can recognize the indication information, so it is necessary to select an AUSF with NSWO authentication capability. That is, it is necessary to select an AUSF with NSWO authentication capability. The AUSF can recognize the above indication information and send the indication information to the UDM with NSWO authentication capability. Then the indication information triggers the UDM to select EAP-AKA' authentication. right method.

As an implementation method, the embodiment of the present application can predefine the mapping relationship between HNI and AUSF, and the mapping relationship can be defined in the form of a table or in the form of a function. The definition form of the mapping relationship in the embodiment of the present application No limit. The definition form of the table is taken as an example to illustrate below.

Wherein, the mapping relationship between HNI and AUSF can be stored in NRF or NSWO NF, or can also be stored in a database independent of NRF or NSWO NF.

Exemplarily, the following Table 3-1 is an example of the mapping relationship between the HNI and the AUSF with NSWO authentication capability.

Table 3-1

HNI AUSF with NSWO authentication capability HNI 1 Identification information of AUSF1 or identification information of AUSF set 1 HNI 2 Identification information of AUSF 2 or identification information of AUSF set 2 HNI 3 Identification information of AUSF 3 or identification information of AUSF set 3

Wherein, each AUSF in the mapping relationship shown in Table 3-1 above is an AUSF with NSWO authentication capability, that is, an upgraded AUSF. In the embodiment of the present application, the mapping relationship between the HNI and the AUSF with NSWO authentication capability is referred to as the first mapping relationship.

As an implementation method, in the embodiment of the present application, the mapping relationship between the HNI and the AUSF without NSWO authentication capability can also be defined. In the embodiment of the present application, the mapping relationship between the HNI and the AUSF without NSWO authentication capability is referred to as the second mapping relationship.

Exemplarily, the following Table 3-2 is an example of the mapping relationship between the HNI and the AUSF that does not have the NSWO authentication capability.

Table 3-2

HNI AUSF without NSWO authentication capability HNI 1 Identification information of AUSF4 or identification information of AUSF set 4 HNI 2 Identification information of AUSF 5 or identification information of AUSF set 5 HNI 3 Identification information of AUSF 6 or identification information of AUSF set 6

Wherein, each AUSF in the mapping relationship shown in Table 3-2 above is an AUSF without NSWO authentication capability, that is, an AUSF network element that has not been upgraded.

In the first mapping relationship or the second mapping relationship above, one HNI may uniquely correspond to one AUSF identification information, and the identification information may be instance ID, address or FQDN. One HNI may also correspond to the identification information (set ID) of one AUSF set, and the AUSF set includes identification information of multiple AUSFs. When the AUSF set corresponding to the HNI is obtained according to an HNI, an AUSF can be further selected from the AUSF set, for example, an AUSF can be selected according to a preset rule, or an AUSF can be randomly selected from the AUSF set. This application The embodiment does not limit the implementation method of selecting an AUSF from the AUSF set.

In the embodiment of the present application, one HNI includes MCC and MNC. Therefore, in the first mapping relationship or the second mapping relationship, one HNI may also be replaced by a combination of MCC and MNC. For example, HNI 1 in the above Table 3-1 can be replaced by (MCC=A, MNC=B), HNI 2 can be replaced by (MCC=A, MNC=C), HNI 3 can be replaced by (MCC=E, MNC=F) for substitution. The above Table 3-2 can also be replaced by a similar method.

As an implementation method, the above step 502 may specifically be: selecting the first AUSF corresponding to the first HNI from the above first mapping relationship according to the indication information.

As an implementation method, if the NRF or NSWO NF receives the second HNI, but does not receive the indication information instructing the terminal device to use the NSWO method to access the network, the NRF or NSWO NF can select from the above-mentioned second mapping relationship and The second AUSF corresponding to the second HNI does not have the NSWO authentication capability.

As another implementation method, if the NRF or NSWO NF receives the second HNI, but does not receive the indication information instructing the terminal device to use the NSWO method to access the network, the NRF or NSWO NF can base on the existing selection logic, according to The second HNI selects the AUSF, and the AUSF may or may not have the NSWO authentication capability. That is to say, it is uncertain whether the AUSF selected by the NRF or the NSWO NF has the NSWO authentication capability.

As yet another implementation method, in the case of not receiving the instruction information instructing the terminal device to use NSWO to access the network, the NRF or NSWO NF can select from the above-mentioned first mapping relationship to correspond to the second HNI according to the local policy. An AUSF with NSWO authentication capability, or select an AUSF without NSWO authentication capability corresponding to the second HNI from the second mapping relationship. For example, in the case of not receiving the instruction information instructing the terminal device to use the NSWO method to access the network, the NRF or NSWO NF will preferentially select the NSWO authentication capability corresponding to the second HNI from the first mapping relationship according to the local policy. of an AUSF. For another example, in the case of not receiving the instruction information instructing the terminal device to use NSWO to access the network, the NRF or NSWO NF, according to the local policy, preferentially selects the HNI corresponding to the second HNI from the second mapping relationship without NSWO authentication. An AUSF of power.

As an implementation method, in the embodiment of this application, the subscription data (also called user subscription data) of the terminal device can be stored on the UDR, and the same user subscription data on the UDR can be obtained by multiple AUSFs, for example, The same user subscription data is obtained by UDR from different AUSFs corresponding to the same HNI. Combined with the implementation methods of selecting AUSF introduced above, regardless of whether the AUSF selected by NRF or NSWO NF has NSWO authentication capability, as long as these AUSFs correspond to the same HNI, these AUSFs can obtain the same user subscription data from UDR, The user subscription data corresponds to the HNI. The following is combined with an example. For example, if NRF or NSWO NF receives HNI 1 and the instruction information instructing the terminal device to use NSWO to access the network, NRF or NSWO NF selects AUSF1 with NSWO authentication capability according to the above Table 3-1. If the NRF or NSWO NF receives the HNI 1 and does not receive the instruction information instructing the terminal device to access the network through NSWO, it is assumed that the NRF or NSWO NF selects the AUSF 4 that does not have the NSWO authentication capability according to the above Table 3-1 . In this example, both AUSF 1 and AUSF 4 correspond to HNI 1, so both AUSF 1 and AUSF 4 can obtain the same user subscription data from the same UDR, and the user subscription data corresponds to the HNI 1.

A specific example of the method embodiment corresponding to the above-mentioned FIG. 5 is given below in conjunction with the above-mentioned Table 3-1 and Table 3-2. Take the NRF executing the method embodiment corresponding to FIG. 5 above as an example.

In an example, the NRF receives HNI1 and indication information, the indication information indicates that the terminal device uses NSWO to access the network, and the indication information triggers the NRF to select an AUSF with NSWO authentication capability from the above table 3-1, Specifically, AUSF 1 is selected, or an AUSF in the AUSF set indicated by the identification information of AUSF set 1 is selected. According to the indication information, the NRF will not select the AUSF without NSWO authentication capability (that is, the AUSF before the upgrade) from Table 3-2. Through this method, the indication information is used to trigger the NRF to select an AUSF with NSWO authentication capability from the above Table 3-1.

In another example, NRF receives HNI1, but does not receive the above indication information instructing the terminal device to use NSWO to access the network, then NRF selects an AUSF that does not have NSWO authentication capability from the above Table 3-2, Specifically, AUSF 4 is selected, or an AUSF in the AUSF set indicated by the identification information of AUSF set 4 is selected. Since the above indication information has not been received, the NRF will not select the AUSF with NSWO authentication capability from Table 3-1. Through this method, NRF selects an AUSF that does not have NSWO authentication capability from the above table 3-2.

In another example, NRF receives HNI1, but does not receive the above instruction information instructing the terminal device to access the network through NSWO, then NRF can select an AUSF with NSWO authentication capability from the above table 3-1 , you can also select an AUSF that does not have NSWO authentication capability from the above Table 3-2. The specific selection depends on the implementation, such as selection according to local policies. It can be understood that if the above indication information is not received, the AUSF selected by the NRF may or may not have the NSWO authentication capability.

As an implementation method, this embodiment of the present application may further establish an association between the foregoing indication information and the foregoing first mapping relationship or the second mapping relationship.

One implementation method is to establish an association between the indication information and the above-mentioned first mapping relationship, and the first mapping relationship can be found through the indication information.

Another implementation method is to combine the above-mentioned first mapping relationship with the second mapping relationship, and use the indication information as part of the combined mapping relationship, the indication information instructing the terminal device to use NSWO to access the network. Taking the above Table 3-1 and Table 3-2 as an example, the above Table 3-1 can be combined with the above Table 3-2, and the instruction information can be added to the combined table, as shown in Table 3-3. mapping relationship.

Table 3-3

Among them, in the above Table 3-3, AUSF 1, AUSF 2, AUSF 3, AUSF in AUSF set 1, AUSF in AUSF set 2, and AUSF in AUSF set 3 are all AUSFs with NSWO authentication capability. AUSF 4, AUSF 5, AUSF 6, AUSF in AUSF set 4, AUSF in AUSF set 5, and AUSF in AUSF set 6 are all AUSFs without NSWO authentication capability.

As an example, if NRF or NSWO NF receives HNI 1, it can determine AUSF 4 corresponding to HNI 1 or an AUSF in AUSF set 4 according to Table 3-3. If NRF or NSWO NF receives HNI 1 and indication information, it will determine AUSF 1 corresponding to HNI 1 or an AUSF in AUSF set 1 according to Table 3-3.

As an implementation method, the first RID may also be received in the above step 501, and the above step 502, specifically: according to the above indication information, select the first AUSF corresponding to the first HNI and the first RID. That is, in this method, the corresponding AUSF is found through the combination of HNI and RID.

In the embodiment of the present application, the mapping relationship between the combination of the HNI and the RID and the AUSF can be defined, that is, the corresponding AUSF can be found through the combination of the HNI and the RID. The mapping relationship may be defined in the form of a table or in the form of a function, and the embodiment of the present application does not limit the definition form of the mapping relationship. The definition form of the table is taken as an example to illustrate below. Wherein, the mapping relationship between the combination of HNI and RID and AUSF can be stored in NRF or NSWO NF, or can also be stored in a database independent of NRF or NSWO NF.

Exemplarily, the following table 4-1 is an example of the mapping relationship between the combination of HNI and RID and the AUSF with NSWO authentication capability.

Table 4-1

Wherein, each AUSF in the mapping relationship shown in Table 4-1 above is an AUSF with NSWO authentication capability, that is, an upgraded AUSF. In the embodiment of the present application, the mapping relationship between the combination of the HNI and the RID and the AUSF with NSWO authentication capability is referred to as the third mapping relationship.

As an implementation method, it can be understood that the RID corresponding to HNI3 in Table 4-1 is empty, which can mean that it can indicate that in the case of receiving the instruction information instructing the terminal device to use the NSWO method to access the network, no matter which RID is received , all selected to AUSF6. Or it can be understood that, when receiving the instruction information and the HNI 3 instructing the terminal device to use the NSWO method to access the network, the corresponding AUSF can be determined according to the HNI 3 without referring to the received RID.

In addition, it should be noted that the value range of the RID in Table 4-1 is just an example, and this embodiment does not limit the specific relationship between the number of HNIs and RIDs. For example, it can be understood that the network corresponding to HNI1 is configured with 3 RID values in total, and the network corresponding to HNI 2 is configured with 2 RID values in total. It can also be understood that, taking the network corresponding to HNI 1 as an example, the network corresponding to HNI 1 is configured with more than 3 RID values, but only RID0, RID 1 and RID that can be used for NSWO authentication are included in Table 4-1 2. Other RID values are not within the scope of this table. When receiving the RID value of the HNI not included in Table 4-1, you can use the mapping relationship shown in Table 4-2 to query.

As an implementation method, in the embodiment of the present application, the mapping relationship between the combination of the HNI and the RID and the AUSF that does not have the NSWO authentication capability can also be defined. In the embodiment of the present application, the mapping relationship between the combination of the HNI and the RID and the AUSF without NSWO authentication capability is referred to as the fourth mapping relationship.

Exemplarily, the following table 4-2 is an example of the mapping relationship between the combination of HNI and RID and the AUSF without NSWO authentication capability.

Table 4-2

Wherein, each AUSF in the mapping relationship shown in Table 4-2 above is an AUSF without NSWO authentication capability, that is, an AUSF network element that has not been upgraded.

In the above third or fourth mapping relationship, a combination of an HNI and a RID may uniquely correspond to an identification information of an AUSF, and the identification information may be an instance ID, address or FQDN. A combination of HNI and RID may also correspond to identification information (set ID) of an AUSF set, and the AUSF set includes identification information of multiple AUSFs. When the AUSF set corresponding to the HNI is obtained according to an HNI, an AUSF can be further selected from the AUSF set, for example, an AUSF can be selected according to a preset rule, or an AUSF can be randomly selected from the AUSF set. This application The embodiment does not limit the implementation method of selecting an AUSF from the AUSF set.

In the embodiment of the present application, one HNI includes MCC and MNC. Therefore, in the third mapping relationship or the fourth mapping relationship, one HNI may also be replaced by a combination of MCC and MNC. Refer to the foregoing description for details.

As an implementation method, the above step 502 may specifically be: selecting the first AUSF corresponding to the first HNI and the first RID from the above third mapping relationship according to the indication information.

As an implementation method, if the NRF or NSWO NF receives the third HNI, but does not receive the indication information instructing the terminal device to use the NSWO method to access the network, then the NRF or NSWO NF can choose from the above fourth mapping relationship with The third HNI corresponds to the AUSF that does not have the NSWO authentication capability.

As another implementation method, if the NRF or NSWO NF receives the third HNI, but does not receive the indication information instructing the terminal device to use the NSWO method to access the network, then the NRF or NSWO NF can base on the existing selection logic, according to The third HNI selects the AUSF, and the AUSF may or may not have the NSWO authentication capability. That is to say, it is uncertain whether the AUSF selected by the NRF or the NSWO NF has the NSWO authentication capability.

As another implementation method, in the case of not receiving the instruction information instructing the terminal device to access the network through NSWO, the NRF or NSWO NF can select the third HNI corresponding to the above third mapping relationship according to the local policy. An AUSF with NSWO authentication capability, or select an AUSF without NSWO authentication capability corresponding to the third HNI from the fourth mapping relationship. For example, in the case of not receiving the instruction information instructing the terminal device to use the NSWO method to access the network, the NRF or NSWO NF will preferentially select from the third mapping relationship the third HNI corresponding to the NSWO authentication capability according to the local policy. of an AUSF. For another example, when no instruction information indicating that the terminal device uses NSWO to access the network is received, the NRF or NSWO NF, according to the local policy, preferentially selects the third HNI corresponding to the third HNI from the fourth mapping relationship without NSWO authentication. An AUSF of power.

As an implementation method, in the embodiment of this application, the subscription data (also called user subscription data) of the terminal device can be stored on the UDR, and the same user subscription data on the UDR can be obtained by multiple AUSFs, for example, The same user subscription data is obtained by UDR from different AUSFs corresponding to the same HNI. Combined with the various implementation methods for selecting AUSF introduced above, regardless of whether the AUSF selected by NRF or NSWO NF has NSWO authentication capability, as long as these AUSFs correspond to the same combination of HNI and RID, these AUSFs can obtain the same from UDR. User subscription data, which corresponds to the HNI. The following is combined with an example. For example, if NRF or NSWO NF receives HNI 1, RID 0 and instruction information instructing terminal equipment to use NSWO to access the network, NRF or NSWO NF selects AUSF 1 with NSWO authentication capability according to the above Table 4-1. If the NRF or NSWO NF receives HNI 1 and RID 0, and does not receive the instruction information instructing the terminal device to use NSWO to access the network, it is assumed that the NRF or NSWO NF does not have the NSWO authentication capability according to the above table 4-2 AUSF 7. In this example, both AUSF 1 and AUSF 7 correspond to the combination of HNI 1 and RID 0, so both AUSF 1 and AUSF7 can obtain the same user subscription data from the same UDR, which corresponds to the HNI 1 and RID 0 combination.

A specific example of the method embodiment corresponding to the above-mentioned FIG. 5 is given below in conjunction with the above-mentioned Table 4-1 and Table 4-2. Take the NRF executing the method embodiment corresponding to FIG. 5 above as an example.

In an example, the NRF receives HNI1, RID 0 and indication information, the indication information indicates that the terminal device uses NSWO to access the network, and the indication information triggers the NRF to select a NSWO authentication capability from the above table 4-1 The AUSF, specifically, AUSF 1 is selected, or an AUSF in the AUSF set indicated by the identification information of AUSF set 1 is selected. According to the indication information, the NRF will not select the AUSF without NSWO authentication capability (that is, the AUSF before the upgrade) from Table 4-2. Through this method, the indication information is used to trigger the NRF to select an AUSF with NSWO authentication capability from the above Table 4-1.

In yet another example, NRF receives HNI1 and RID 0, but does not receive the above indication information instructing the terminal device to access the network through NSWO, then NRF selects one from the above table 4-2 that does not have NSWO authentication capability The AUSF, specifically, AUSF 7 is selected, or an AUSF in the AUSF set indicated by the identification information of the AUSF set 7 is selected. Since the above indication information is not received, the NRF will not select the AUSF with NSWO authentication capability from Table 2-1. Through this method, NRF selects an AUSF that does not have NSWO authentication capability from the above table 4-2.

In another example, the NRF receives HNI1 and RID 0, but does not receive the above instruction information instructing the terminal device to access the network in the way of NSWO, then the NRF can select one from the above table 4-1 with NSWO authentication The AUSF with the capability can also select an AUSF without NSWO authentication capability from the above table 4-2. The specific selection depends on the implementation, such as selection according to local policies. It can be understood that if the above indication information is not received, the AUSF selected by the NRF may or may not have the NSWO authentication capability.

As an implementation method, this embodiment of the present application may further establish an association between the foregoing indication information and the foregoing third or fourth mapping relationship.

An implementation method is to establish an association between the indication information and the above-mentioned third mapping relationship, and the first mapping relationship can be found through the indication information.

Another implementation method is to combine the above-mentioned third mapping relationship with the fourth mapping relationship, and use the indication information as part of the combined mapping relationship, the indication information instructing the terminal device to use the NSWO method to access the network. Taking the above Table 4-1 and Table 4-2 as an example, the above Table 4-1 can be combined with the above Table 4-2, and the instruction information can be added to the combined table, as shown in Table 4-3. mapping relationship.

Table 4-3

Wherein, in the above-mentioned Table 4-3, AUSF 1 to AUSF 6, and AUSFs in AUSF set 1 to AUSF set 6 are all AUSFs with NSWO authentication capability. AUSF 7 to AUSF 13, and the AUSFs in AUSF set 7 to AUSF set 13 are all AUSFs without NSWO authentication capability.

As an example, if NRF or NSWO NF receives HNI 1 and RID 0, it can determine AUSF 7 or an AUSF in AUSF set 7 corresponding to the combination of HNI 1 and RID 0 according to Table 4-3. If NRF or NSWO NF receives HNI1, RID 0 and indication information, it will determine AUSF 1 corresponding to HNI 1 or an AUSF in AUSF set 1 according to Table 4-3.

As an implementation method, if the above method embodiment corresponding to Figure 5 is executed by NRF, the above step 501 may specifically be: NRF receives the first HNI and indication information from NSWO NF, or NRF receives the first HNI from NSWO NF HNI, first RID and indication information. Further, after the above step 502, the NRF may also send the identified identification information of the first AUSF with NSWO authentication capability to the NSWO NF.

As an implementation method, in the above step 501, the first HNI may be obtained from the received SUCI, or the first HNI and the first RID may be obtained from the received SUCI.

According to the method embodiment corresponding to FIG. 5 above, the NSWO NF selects an AUSF, and selects an AUSF instance, which is used to perform NSWO authentication between the terminal device in the hPLMN and the UDM. The NSWO NF can select the AUSF instance by itself, for example, select the AUSF instance locally through the local configuration method, or the NSWO NF uses NRF to discover the AUSF instance.

That is to say, the AUSF selection function can be configured on the NSWO NF. The AUSF selection function can select an available AUSF instance from the local configuration or use NRF to discover the AUSF instance. The AUSF instance has NSWO authentication capability. Wherein, the AUSF selection function in NSWO NF uses the following information when selecting an AUSF instance: 1. HNI in SUCI or HNI and RID in SUCI; 2. Indicator information (NSWO indicator).

Referring to FIG. 6 , it is a flow chart of a method for selecting a network element provided in an embodiment of the present application. This method is used to select AUSF with NSWO authentication capability. The method can be performed by the NRF or a module (such as a chip) for the NRF.

The method includes the following steps:

Step 601: Receive a first message, where the first message includes a first HNI.

This first message may be from NSWO NF.

As an implementation method, the first message includes the SUCI, and the SUCI includes the first HNI.

Step 602: According to the first message, it is determined that the terminal device uses NSWO to access the network, and then select the first AUSF corresponding to the first HNI, and the first AUSF has NSWO authentication capability.

As an implementation method, according to the source of the first message, it may be determined whether the terminal device uses NSWO to access the network. For example, if it is determined that the first message is from the NSWO NF, then it is determined that the terminal device accesses the network in a NSWO manner.

As another implementation method, the first message includes a network function type (NF type) indicating a NSWO network function (NSWO NF), and according to the network function type, it can be determined that the terminal device uses NSWO to access the network. That is, if it is determined that the received first message is from the NSWO NF, trigger selection of an AUSF corresponding to the first HNI with NSWO authentication capability.

As another implementation method, according to the name of the first message, it may be determined that the terminal device accesses the network in a NSWO manner. That is, the name of the first message itself can instruct the terminal device to use NSWO to access the network, thereby triggering selection of an AUSF with NSWO authentication capability.

According to the above solution, it is possible to select an AUSF with NSWO authentication capability, so that the AUSF can provide NSWO authentication services for terminal devices accessing the network in NSWO mode, which helps to realize fast and correct access of terminal devices.

Wherein, the method for the NRF to select the first AUSF corresponding to the first HNI is the same as the method for selecting the first AUSF corresponding to the first HNI in the method embodiment corresponding to FIG. The first AUSF is determined by the three mapping relationships, for details, reference may be made to the foregoing description.

As an implementation method, the NRF may also receive a second message, where the second message includes the second HNI. According to the second message, the NRF determines that the terminal device does not use NSWO to access the network, then the NRF selects the second AUSF corresponding to the second HNI from the second mapping relationship or the fourth mapping relationship, and the second AUSF does not have NSWO authentication. power. The second mapping relationship is the same as the second mapping relationship in the method embodiment corresponding to FIG. 5 , and the fourth mapping relationship is the same as the fourth mapping relationship in the method embodiment corresponding to FIG. 5 , and reference may be made to the foregoing description.

As an implementation method, the above step 501 may specifically be: receiving the first HNI and indication information from NSWO NF, or the NRF receiving the first HNI, first RID and indication information from NSWO NF. Further, after the above step 502, the identification information of the determined first AUSF having NSWO authentication capability may also be sent to the NSWO NF.

The following describes the NSWO authentication process of the terminal device. The NSWO authentication process involves selecting a UDM with NSWO authentication capability and selecting an AUSF with NSWO authentication capability. The method for selecting an AUSF with NSWO authentication capability in the following embodiments may be one of the methods corresponding to the preceding Fig. 4 to Fig. 6 , or may be other methods. The method for selecting a UDM with NSWO authentication capability in the following embodiments may be one of the methods corresponding to the preceding Fig. 4 to Fig. 6 , or may be other methods. Instructions are given below.

Referring to FIG. 7 , it is a flow chart of a method for selecting a network element provided in an embodiment of the present application. This method is used to realize NSWO authentication of terminal equipment. The method includes the following steps:

Step 701, the terminal device establishes a connection with a non-3GPP access network element.

Exemplarily, the non-3GPP access technology used by the terminal device may be WLAN. If the non-3GPP access technology is WLAN, then the non-3GPP access network element is a Wi-Fi AP. The following uses a Wi-Fi AP as an example for description.

It should be understood that the Wi-Fi AP network connected to the terminal device may only support the NSWO mode or only the non-NSWO mode, and may also support both the NSWO mode and the non-NSWO mode. For AP messages, it is first necessary to determine whether to use non-NSWO or NSWO access. The message here belongs to the message sent by the Wi-Fi AP to the terminal device during the process of establishing a connection between the terminal device and the Wi-Fi AP. For information exchange during the process of establishing a connection between the terminal device and the Wi-Fi AP, please refer to IEEE802.11 related information exchange. As an example, when referring to the relevant information interaction in IEEE802.11, the information interaction can be directly used, and the message sent by the Wi-Fi AP to the terminal device can be used as a trigger for the terminal device to determine whether to access in a non-NSWO or NSWO mode Network trigger conditions. Or, as another example, on the basis of the relevant information exchange in IEEE802.11, it is also possible to add in the message sent by the Wi-Fi AP to the terminal device to instruct the terminal device to judge whether to use the non-NSWO method or the NSWO method to access the network. instructions for the .

Regarding whether the terminal device judges whether to use the non-NSWO method or the NSWO method to access the network, the following methods can be used to determine which access method to choose, for example, a list that the terminal device can store locally, a local policy, or a manual selection by the terminal device user.

As an example, the terminal device locally stores a list of Wi-Fi APs or service set identifiers (service setidentifier, SSID) or WLAN network names, and those that match the list will preferentially use non-NSWO access, or preferentially use NSWO access . The list operator can be configured to the terminal device in a variety of ways, such as downloading over the air (over the air, OTA), or passing it to the terminal device through a NAS message, such as a user equipment parameter update (UEParameters Update, UPU) process, etc., or Other methods can also be used, which are not limited in this application.

As another example, a local policy may be a network selection logic, or a logic for selecting an access method, which may include one or more policy forms, such as whitelist, blacklist, and priority ordering of access methods wait. The local policy can be transmitted by the operator to the terminal device through OTA or NAS message, for example, the UE route selection policy (UE route selection policy, URSP) is transmitted through NAS message, and the URSP can indicate that when the terminal device accesses a Wi-Fi When connecting to an AP, it is preferred to use a non-NSWO access method or a NSWO access method. The local policy can also instruct the terminal device to use non-NSWO access first, and only select the NSWO access method if it fails. There are many ways to configure the local policy, the purpose of which is to enable the terminal device to access the network according to a certain network access logic. The user of the terminal device can select a network through the screen of the mobile phone. When the network can be accessed by non-NSWO and NSWO at the same time, the user can select the desired access method according to the pop-up box on the screen.

In step 702, the Wi-Fi AP sends an EAP-Request/Identity (EAP-Request/Identity) message to the terminal device for triggering EAP authentication. Correspondingly, the terminal device receives the EAP request/authentication message.

Alternatively, this message can also be replaced by an EAP-Request/AKA'-Identity message.

Step 703, the terminal device generates SUCI.

When the terminal device has been connected to the network through 3GPP or non-NSWO, the terminal device may locally store valid 5G-GUTI and NAS security contexts. In the above situation, if the terminal device is using 3GPP access, the terminal device not only saves the effective 5G globally unique temporary identity (5G-globally unique temporary identity, 5G-GUTI), NAS security context, but also the access Layer (access stratum, AS) security context. When the terminal device determines to use the NSWO mode for access, the terminal device does not use the locally saved 5G-GUTI and effective security context, but generates SUCI according to the subscription permanent identifier (SUPI). This is because the SUPI corresponding to the 5G-GUTI is stored on the AMF. If the 5G-GUTI is to be sent, the terminal device must send the 5G-GUTI to the corresponding AMF, and then the AMF sends the SUPI corresponding to the 5G-GUTI to the UDM. However, the NSWO access method does not pass through AMF, so terminal equipment cannot use 5G-GUTI. That is, after the terminal device determines to use the NSWO mode for access, the terminal device generates SUCI according to the SUPI.

Wherein, the SUCI includes the HNI and the RID, and optionally, the SUCI also includes indication information, which indicates that the terminal device uses NSWO to access the network, or indicates that the EAP-AKA' authentication method needs to be used.

Exemplarily, the SUCI may be a SUCI in NAI format.

Step 704, the terminal device sends an EAP response/authentication message to the Wi-Fi AP. Correspondingly, the Wi-Fi AP receives the EAP response/authentication message.

The EAP Response/Authentication message contains the SUCI.

Step 705, Wi-Fi AP sends EAP response/authentication message to NSWO NF. Correspondingly, the NSWO NF receives the EAP response/authentication message.

The EAP Response/Authentication message contains the SUCI.

Step 706, NSWO NF selects AUSF with NSWO authentication capability.

After the NSWO NF receives the SUCI, it can determine that the terminal device uses the NSWO method to access the network according to the SUCI, and then the NSWO NF decides to select an AUSF with NSWO authentication capability.

Or, after the NSWO NF receives the SUCI, the SUCI contains indication information, the indication information indicates that the terminal equipment uses the NSWO method to access the network, or indicates that the EAP-AKA' authentication method needs to be used, then the NSWO NF can use the indication information Decided to choose an AUSF with NSWO authentication capability.

Alternatively, NSWO itself is a network element related to the NSWO process, so the NSWO NF determines to select the AUSF with NSWO authentication capability.

Among them, the specific implementation method for the NSWO NF to select an AUSF with NSWO authentication capability can refer to the description in the method embodiment corresponding to Figure 5 above, that is, according to the HNI in SUCI and the predefined first mapping relationship, determine an AUSF with NSWO authentication capability. An AUSF with authentication capability, or an AUSF with NSWO authentication capability is determined according to the HNI and RID in SUCI and the third predefined mapping relationship, refer to the foregoing description for details.

Step 707, NSWO NF sends an authentication request message (Nausf_UEAuthentication_Request) to AUSF. Correspondingly, the AUSF receives the authentication request message.

As an implementation method, the authentication request message carries SUCI and indication information, and the indication information instructs the terminal device to use NSWO to access the network. The indication information may be a single indication information, or may be carried in the SNN.

As another implementation method, the authentication request message carries SUCI, and the SUCI includes indication information, and the indication information instructs the terminal device to use NSWO to access the network.

As an implementation method, if the SUCI received by NSWO NF contains indication information, the indication information sent by NSWO NF to AUSF can be the same as the indication information in the received SUCI, or the NSWO NF can The instructions are regenerated.

As another implementation method, if the SUCI received by the NSWO NF does not contain indication information, the indication information sent by the NSWO NF to the AUSF may be generated by the NSWO NF.

Step 708, AUSF selects a UDM with NSWO authentication capability.

The AUSF triggers the AUSF to select a UDM with NSWO authentication capability according to the indication information instructing the terminal equipment to use the NSWO mode to access the network. The indication information is the indication information in the received SUCI, or a single received indication information, or a received indication information in the SNN.

Alternatively, the AUSF determines that the received authentication request message comes from the NSWO NF, and then determines to select a UDM with NSWO authentication capability.

Among them, the specific implementation method for AUSF to select a UDM with NSWO authentication capability can refer to the description in the method embodiment corresponding to Figure 4 above, that is, determine a UDM with NSWO authentication according to the HNI in SUCI and the predefined first mapping relationship. A UDM with NSWO authentication capability, or a UDM with NSWO authentication capability is determined according to the HNI and RID in SUCI and the predefined third mapping relationship. For details, refer to the foregoing description.

As another implementation method, the mapping relationship between the RID and the UDM with NSWO authentication capability may also be established in advance. If the AUSF is selected according to the HNI and RID in SUCI in the above step 706, after selecting the AUSF, the AUSF can determine a UDM set corresponding to the AUSF, and then according to the mapping relationship between RID and UDM, from the UDM corresponding to the AUSF Select a UDM corresponding to the RID in SUCI in the set. Wherein, the UDMs in the UDM set corresponding to the AUSF all have the NSWO authentication capability.

In step 709, the AUSF sends an authentication acquisition request message (Nudm_UEAuthentication_GetRequest) to the UDM. Correspondingly, the UDM receives the authentication acquisition request message.

As an implementation method, the authentication acquisition request message carries SUCI and indication information, and the indication information instructs the terminal device to use NSWO to access the network. The indication information may be a single indication information, or may be an indication information carried in the SNN.

As another implementation method, the authentication acquisition request message carries SUCI, and the SUCI includes indication information, and the indication information instructs the terminal device to use NSWO to access the network.

As an implementation method, the indication information sent by AUSF to UDM may be the same as the indication information received by AUSF from NSWO NF, or AUSF may regenerate it according to the indication information received from NSWO NF.

Step 710, UDM selects the EAP-AKA' authentication method according to the indication information.

Specifically, the indication information triggers the UDM to select the EAP-AKA' authentication method instead of the 5G-AKA authentication method. The process for the UDM to select the EAP-AKA' authentication method may be: the UDM first decrypts the SUCI to obtain the SUPI, and then obtains the EAP-AKA' authentication method corresponding to the SUPI.

In step 711, the UDM sends an authentication acquisition response message (Nudm_UEAuthentication_GetResponse) to the AUSF. Correspondingly, the AUSF receives the authentication acquisition response message.

The authentication acquisition response message carries an authentication vector (authentication vector, AV) and SUPI.

Wherein, the AV is an AV corresponding to the EAP-AKA' authentication method.

Step 712, the AUSF determines to use the EAP-AKA' authentication method, and sends an EAP Request/AKA'-Challenge (EAP Request/AKA'-Challenge) message to the terminal device through the NSWO NF and the Wi-Fi AP.

Step 713, the terminal device verifies the authenticity of the network side.

The above solution can implement NSWO authentication on the terminal device during the process of accessing the network by using the NSWO method, which can ensure the security of communication. In addition, the AUSF and UDM selected in the above method both have NSWO authentication capabilities, thereby ensuring the smooth execution of the entire NSWO authentication process and helping to improve the efficiency of the NSWO authentication process. In this approach, NSWO NF selects AUSF, and AUSF selects UDM.

Referring to FIG. 8 , it is a flowchart of a method for selecting a network element provided in an embodiment of the present application. This method is used to realize NSWO authentication of terminal equipment. The method includes the following steps:

Step 801 to step 805 are the same as step 701 to step 705.

In step 806a, the NSWO NF sends a discovery request (Nnrf_AUSFDiscovery_Request) message to the NRF. Correspondingly, the NRF receives the discovery request message.

As an implementation method, the discovery request message includes SUCI.

As another implementation method, the discovery request message includes SUCI and indication information used to indicate selection of an AUSF with NSWO authentication capability.

As another implementation method, the discovery request message includes SUCI and NSWO NF type, and the NSWO NF type indicates that the network element sending the discovery request message is a NSWO NF.

Step 806b, NRF selects AUSF with NSWO authentication capability.

If the discovery request message includes SUCI and indication information for indicating selection of an AUSF capable of NSWO authentication, the indication information triggers the NRF to select an AUSF capable of NSWO authentication.

If the discovery request message contains SUCI and NSWO NF type, the NRF determines to select an AUSF with NSWO authentication capability according to the NSWO NF type.

If the discovery request message contains SUCI, the NRF can determine to select an AUSF with NSWO authentication capability according to the name of the discovery request message.

Alternatively, the NRF determines that the discovery request message is from the NSWO NF, and determines to select an AUSF with NSWO authentication capability.

Among them, the method for NRF to select an AUSF with NSWO authentication capability may be: NRF selects an AUSF with NSWO authentication capability according to the HNI in SUCI, or selects an AUSF with NSWO authentication capability according to the HNI and RID in SUCI AUSF. For the specific method for the NRF to select the AUSF, reference may be made to the description in the method embodiment corresponding to FIG. 5 .

In step 806c, the NRF sends a discovery response (Nnrf_AUSFDiscovery_Response) message to the NSWO NF. Correspondingly, the NSWO NF receives the discovery response message.

The discovery response message includes identification information of the AUSF, and the identification information may be instance identification, address or FQDN.

Step 807 is the same as step 707.

In step 808a, the AUSF sends a discovery request (Nnrf_UDMDiscovery_Request) message to the NRF. Correspondingly, the NRF receives the discovery request message.

As another implementation method, the discovery request message includes SUCI and indication information used to indicate selection of a UDM with NSWO authentication capability.

In step 808b, the NRF selects a UDM with NSWO authentication capability.

The indication information in the discovery request message triggers the NRF to select a UDM with NSWO authentication capability.

Wherein, the method for NRF to select a UDM with NSWO authentication capability may be: NRF selects a UDM with NSWO authentication capability according to the HNI in SUCI, or selects a UDM with NSWO authentication capability according to the HNI and RID in SUCI UDM. For the specific method for the NRF to select the UDM, reference may be made to the description in the method embodiment corresponding to FIG. 4 .

In step 808c, the NRF sends a discovery response (Nnrf_UDMDiscovery_Response) message to the AUSF. Correspondingly, the AUSF receives the discovery response message.

The discovery response message includes UDM identification information, and the identification information may be instance identification, address or FQDN.

Step 809 to step 813 are the same as step 709 to step 713.

The above solution can implement NSWO authentication on the terminal device during the process of accessing the network by using the NSWO method, which can ensure the security of communication. In addition, the AUSF and UDM selected in the above method both have NSWO authentication capabilities, thereby ensuring the smooth execution of the entire NSWO authentication process and helping to improve the efficiency of the NSWO authentication process. In this method, AUSF and UDM are selected by NRF.

It can be understood that, in order to realize the functions in the above embodiments, NRF, AUSF and NSWO NF include hardware structures and/or software modules corresponding to each function. Those skilled in the art should easily realize that the present application can be implemented in the form of hardware or a combination of hardware and computer software with reference to the units and method steps of the examples described in the embodiments disclosed in the present application. Whether a certain function is executed by hardware or computer software drives the hardware depends on the specific application scenario and design constraints of the technical solution.

FIG. 9 and FIG. 10 are schematic structural diagrams of possible communication devices provided by the embodiments of the present application. These communication devices can be used to implement the functions of the NRF, AUSF or NSWO NF in the above method embodiments, and therefore can also realize the beneficial effects of the above method embodiments. In the embodiment of the present application, the communication device may be NRF, AUSF or NSWO NF, or a module (such as a chip) applied to NRF, AUSF or NSWO NF.

As shown in FIG. 9 , a communication device 900 includes a processing unit 910 and a transceiver unit 920 . The communication device 900 is configured to implement the functions of the NRF, AUSF or NSWO NF in the above method embodiments.

When the communication device is used to implement the above-mentioned method embodiment corresponding to FIG. 4 , the transceiver unit 920 is configured to receive identification information and indication information of the first home network, the indication information instructing the terminal device to use NSWO to access the network; processing The unit 910 is configured to select a first unified data management network element corresponding to the identification information of the first home network according to the indication information, where the first unified data management network element has NSWO authentication capability.

As a possible implementation method, the processing unit 910 is configured to select the first unified data management network element corresponding to the identification information of the first home network from the first mapping relationship according to the indication information, and the first mapping The relationship includes the mapping relationship between the identification information of the home network and the unified data management network element with NSWO authentication capability.

As a possible implementation method, the transceiver unit 920 is configured to receive the identification information of the second home network; the processing unit 910 is configured to select from the second mapping relationship the second uniform corresponding to the identification information of the second home network. For the data management network element, the second unified data management network element does not have the NSWO authentication capability, and the second mapping relationship includes the mapping relationship between the identification information of the home network and the unified data management network element without the NSWO authentication capability.

As a possible implementation method, the transceiver unit 920 is configured to receive the first routing identifier; the processing unit 910 is configured to select the first routing identifier corresponding to the identifier information of the first home network and the first routing identifier according to the indication information. The first unified data management network element.

As a possible implementation method, the processing unit 910 is configured to select the first unified data management network corresponding to the identification information of the first home network and the first routing identification from the third mapping relationship according to the indication information The third mapping relationship includes the mapping relationship between the combination of the identification information of the home network and the routing identification and the unified data management network element with NSWO authentication capability.

As a possible implementation method, the transceiver unit 920 is configured to receive the identification information of the first home network and the indication information from the authentication service functional network element; and send the first unified data management network to the authentication service functional network element. Identification information for the element.

When the communication device is used to implement the above method embodiment corresponding to FIG. 5 , the transceiver unit 920 is configured to receive the identification information and indication information of the first home network, and the indication information indicates that the terminal equipment uses NSWO to access the network; process The unit 910 is configured to select, according to the indication information, a first authentication service functional network element corresponding to the identification information of the first home network, where the first authentication service functional network element has NSWO authentication capability.

As a possible implementation method, the processing unit 910 is configured to select the first authentication service function network element corresponding to the identification information of the first home network from the first mapping relationship according to the indication information, and the first mapping The relationship includes the mapping relationship between the identification information of the home network and the authentication service function network element with NSWO authentication capability.

As a possible implementation method, the transceiver unit 920 is configured to receive the identification information of the second home network; the processing unit 910 is configured to select the second authentication corresponding to the identification information of the second home network from the second mapping relationship. The service function network element, the second authentication service function network element does not have the NSWO authentication capability, and the second mapping relationship includes the mapping relationship between the identification information of the home network and the authentication service function network element without the NSWO authentication capability.

As a possible implementation method, the transceiver unit 920 is configured to receive the first routing identifier; the processing unit 910 is configured to select the first routing identifier corresponding to the identifier information of the first home network and the first routing identifier according to the indication information. The first authentication service function network element.

As a possible implementation method, the processing unit 910 is configured to select the first authentication service functional network corresponding to the identification information of the first home network and the first routing identifier from the third mapping relationship according to the indication information The third mapping relationship includes the mapping relationship between the combination of the identification information of the home network and the routing identification and the authentication service function network element with NSWO authentication capability.

As a possible implementation method, the transceiver unit 920 is configured to receive the identification information of the first home network and the indication information from the NSWO network element; and send the identification information of the first authentication service function network element to the NSWO network element .

When the communication device is used to implement the above method embodiment corresponding to FIG. 6 , the transceiver unit 920 is configured to receive a first message, the first message includes identification information of the first home network; If a message confirms that the terminal device uses NSWO to access the network, select the first authentication service function network element corresponding to the identification information of the first home network, and the first authentication service function network element has NSWO authentication capability.

As a possible implementation method, the processing unit 910 is configured to select the first authentication service function network element corresponding to the identification information of the first home network from a first mapping relationship, where the first mapping relationship includes the identity information of the home network The mapping relationship between identification information and authentication service function network elements with NSWO authentication capabilities.

As a possible implementation method, the transceiver unit 920 is configured to receive a second message, the second message includes identification information of the second home network; the processing unit 910 is configured to determine that the terminal device does not use the NSWO access to the network in the same way, select the second authentication service function network element corresponding to the identification information of the second home network from the second mapping relationship, the second authentication service function network element does not have the NSWO authentication capability, the second The mapping relationship includes the mapping relationship between the identification information of the home network and the authentication service function network element that does not have the NSWO authentication capability.

As a possible implementation method, the first message further includes a first routing identifier; a processing unit 910 is configured to select the first authentication service function corresponding to the first home network identification information and the first routing identifier network element.

As a possible implementation method, the processing unit 910 is configured to select the first authentication service function network element corresponding to the identification information of the first home network and the first routing identifier from the third mapping relationship, and the third The mapping relationship includes the mapping relationship between the combination of the identification information of the home network and the routing identification and the authentication service function network element with NSWO authentication capability.

As a possible implementation method, the first message includes a network function type indicating the NSWO network function; and the processing unit 910 is configured to determine that the terminal device uses NSWO to access the network according to the network function type.

As a possible implementation method, the processing unit 910 is configured to determine, according to the name of the first message, that the terminal device uses NSWO to access the network.

As a possible implementation method, the transceiver unit 920 is configured to receive the first message from the NSWO network element; and send the identification information of the first authentication service function network element to the NSWO network element.

More detailed descriptions about the processing unit 910 and the transceiver unit 920 can be directly obtained by referring to related descriptions in the above method embodiments, and details are not repeated here.

As shown in FIG. 10 , the communication device 1000 includes a processor 1010 , and as an implementation method, the communication device 1000 may further include an interface circuit 1020 . The processor 1010 and the interface circuit 1020 are coupled to each other. It can be understood that the interface circuit 1020 may be a transceiver or an input-output interface. As an implementation method, the communication device 1000 may further include a memory 1030 for storing instructions executed by the processor 1010 or storing input data required by the processor 1010 to execute the instructions or storing data generated by the processor 1010 after executing the instructions.

When the communication device 1000 is used to implement the above method embodiments, the processor 1010 is used to implement the functions of the processing unit 910 , and the interface circuit 1020 is used to implement the functions of the transceiver unit 920 .

It can be understood that the processor in the embodiment of the present application may be a central processing unit (central processing unit, CPU), and may also be other general processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit (ASIC), field programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, transistor logic devices, hardware components or any combination thereof. A general-purpose processor can be a microprocessor, or any conventional processor.

The method steps in the embodiments of the present application may be implemented by means of hardware, or may be implemented by means of a processor executing software instructions. Software instructions can be composed of corresponding software modules, and software modules can be stored in random access memory, flash memory, read-only memory, programmable read-only memory, erasable programmable read-only memory, electrically erasable programmable read-only Memory, registers, hard disk, removable hard disk, CD-ROM or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be a component of the processor. The processor and storage medium can be located in the ASIC. In addition, the ASIC can be located in the base station or the terminal. Certainly, the processor and the storage medium may also exist in the base station or the terminal as discrete components.

In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer programs or instructions. When the computer program or instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are executed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, a base station, user equipment or other programmable devices. The computer program or instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer program or instructions may be downloaded from a website, computer, A server or data center transmits to another website site, computer, server or data center by wired or wireless means. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrating one or more available media. The available medium may be a magnetic medium, such as a floppy disk, a hard disk, or a magnetic tape; it may also be an optical medium, such as a digital video disk; and it may also be a semiconductor medium, such as a solid state disk. The computer readable storage medium may be a volatile or a nonvolatile storage medium, or may include both volatile and nonvolatile types of storage media.

In each embodiment of the present application, if there is no special explanation and logical conflict, the terms and/or descriptions between different embodiments are consistent and can be referred to each other, and the technical features in different embodiments are based on their inherent Logical relationships can be combined to form new embodiments.

In this application, "at least one" means one or more, and "multiple" means two or more. "And/or" describes the association relationship of associated objects, indicating that there may be three types of relationships, for example, A and/or B, which can mean: A exists alone, A and B exist simultaneously, and B exists alone, where A, B can be singular or plural. In the text description of this application, the character "/" generally indicates that the contextual objects are an "or" relationship; in the formulas of this application, the character "/" indicates that the contextual objects are a "division" Relationship.

It can be understood that the various numbers involved in the embodiments of the present application are only for convenience of description, and are not used to limit the scope of the embodiments of the present application. The size of the serial numbers of the above-mentioned processes does not mean the order of execution, and the execution order of each process should be determined by its functions and internal logic.

Claims (28)

1. A method for selecting a network element, comprising: Receive identification information and indication information of the first home network, where the indication information instructs the terminal device to access the network by using a slotted wireless local area network to offload NSWO; According to the indication information, select a first unified data management network element corresponding to the identification information of the first home network, and the first unified data management network element has NSWO authentication capability. 2. The method according to claim 1, wherein the selecting the first unified data management network element corresponding to the identification information of the first home network according to the indication information comprises: According to the indication information, select the first unified data management network element corresponding to the identification information of the first home network from the first mapping relationship, the first mapping relationship includes the identification information of the home network and the NSWO The unified data of authentication capability manages the mapping relationship between network elements. 3. the method as claimed in claim 1 or 2, is characterized in that, described method also comprises: receiving identification information of the second home network; Select a second unified data management network element corresponding to the identification information of the second home network from the second mapping relationship, the second unified data management network element does not have NSWO authentication capability, and the second mapping relationship includes The mapping relationship between the identification information of the home network and the unified data management network element without NSWO authentication capability. 4. The method of claim 1, further comprising: receiving the first routing identifier; The selecting the first unified data management network element corresponding to the identification information of the first home network according to the indication information includes: According to the indication information, select the first unified data management network element corresponding to the identification information of the first home network and the first routing identification. 5. The method according to claim 4, wherein, according to the indication information, the first unified data management system corresponding to the identification information of the first home network and the first routing identification is selected. Network elements, including: According to the indication information, select the first unified data management network element corresponding to the identification information of the first home network and the first routing identifier from a third mapping relationship, where the third mapping relationship includes the belonging The mapping relationship between the combination of network identification information and routing identification and the unified data management network element with NSWO authentication capability. 6. The method according to any one of claims 1 to 5, wherein the receiving the identification information and indication information of the first home network comprises: receiving the identification information of the first home network and the indication information from the authentication service function network element; The method also includes: Sending the identification information of the first unified data management network element to the authentication service function network element. 7. A method for selecting a network element, comprising: Receive identification information and indication information of the first home network, where the indication information instructs the terminal device to access the network by using a slotted wireless local area network to offload NSWO; According to the indication information, select a first authentication service function network element corresponding to the identification information of the first home network, and the first authentication service function network element has NSWO authentication capability. 8. The method according to claim 7, wherein the selecting the first authentication service function network element corresponding to the identification information of the first home network according to the indication information comprises: According to the indication information, select the first authentication service function network element corresponding to the identification information of the first home network from the first mapping relationship, the first mapping relationship includes the identification information of the home network and the NSWO The mapping relationship between authentication service function network elements of authentication capabilities. 9. The method according to claim 7 or 8, further comprising: receiving identification information of the second home network; Select a second authentication service function network element corresponding to the identification information of the second home network from the second mapping relationship, the second authentication service function network element does not have the NSWO authentication capability, and the second mapping relationship includes The mapping relationship between the identification information of the home network and the authentication service function network element that does not have the NSWO authentication capability. 10. The method of claim 7, further comprising: receiving the first routing identifier; The selecting the first authentication service function network element corresponding to the identification information of the first home network according to the indication information includes: Selecting the first authentication service function network element corresponding to the identification information of the first home network and the first routing identifier according to the indication information. 11. The method according to claim 10, wherein the first authentication service function corresponding to the identification information of the first home network and the first routing identification is selected according to the indication information Network elements, including: According to the indication information, select the first authentication service function network element corresponding to the identification information of the first home network and the first routing identifier from a third mapping relationship, where the third mapping relationship includes The mapping relationship between the combination of the identification information of the network and the routing identification and the authentication service function network element with NSWO authentication capability. 12. The method according to any one of claims 7 to 11, wherein the receiving the identification information and indication information of the first home network comprises: receiving the identification information of the first home network and the indication information from a NSWO network element; The method also includes: Sending the identification information of the first authentication service function network element to the NSWO network element. 13. A method for selecting a network element, comprising: receiving a first message, where the first message includes identification information of a first home network; According to the first message, it is determined that the terminal device accesses the network using a slotted wireless local area network to offload NSWO, then select the first authentication service function network element corresponding to the identification information of the first home network, and the first authentication service Functional network elements have NSWO authentication capabilities. 14. The method according to claim 13, wherein the selecting the first authentication service function network element corresponding to the identification information of the first home network comprises: Select the first authentication service function network element corresponding to the identification information of the first home network from the first mapping relationship, the first mapping relationship includes the identification information of the home network and the authentication service with NSWO authentication capability The mapping relationship between functional network elements. 15. The method of claim 13 or 14, further comprising: receiving a second message, where the second message includes identification information of a second home network; According to the second message, it is determined that the terminal device does not use NSWO to access the network, then select the second authentication service function network element corresponding to the identification information of the second home network from the second mapping relationship, and the second The authentication service function network element does not have the NSWO authentication capability, and the second mapping relationship includes the mapping relationship between the identification information of the home network and the authentication service function network element without the NSWO authentication capability. 16. The method according to claim 13, wherein the first message further comprises a first routing identifier; The selecting the first authentication service function network element corresponding to the identification information of the first home network includes: Selecting the first authentication service function network element corresponding to the identification information of the first home network and the first routing identification. 17. The method according to claim 16, wherein the selecting the first authentication service function network element corresponding to the identification information of the first home network and the first routing identification comprises: Select the first authentication service function network element corresponding to the identification information of the first home network and the first route identification from a third mapping relationship, where the third mapping relationship includes the identification information and routing of the home network The mapping relationship between the combination of identifiers and the authentication service function network element with NSWO authentication capability. 18. The method according to any one of claims 13 to 17, wherein the first message includes a network function type indicating a NSWO network function; The determining that the terminal device uses NSWO to access the network according to the first message includes: According to the network function type, it is determined that the terminal device uses NSWO to access the network. 19. The method according to any one of claims 13 to 17, wherein the determining that the terminal device uses NSWO to access the network according to the first message includes: According to the name of the first message, it is determined that the terminal device uses NSWO to access the network. 20. The method according to any one of claims 13 to 19, wherein the receiving the first message comprises: receiving said first message from a NSWO network element; The method also includes: Sending the identification information of the first authentication service function network element to the NSWO network element. 21. A communication device, characterized by comprising a module for performing the method according to any one of claims 1 to 6, or a module for performing the method according to any one of claims 7 to 12 , or a module for performing the method according to any one of claims 13 to 20. 22. A communication device, characterized in that it includes a processor and a memory; the memory is used to store computer instructions, and when the device is running, the processor executes the computer instructions stored in the memory, so that The device executes the method described in any one of claims 1 to 6 above, or executes the method described in any one of claims 7 to 12 above, or executes the method described in any one of claims 13 to 20 above. 23. A communication device, characterized in that it includes a processor and an interface circuit, and the interface circuit is used to receive signals from other communication devices other than the communication device and transmit them to the processor or transfer signals from the communication device to the processor. The signal of the processor is sent to other communication devices other than the communication device, and the processor is used to implement the method according to any one of claims 1 to 6 through a logic circuit or execute code instructions, or to implement The method according to any one of claims 7 to 12, or used to implement the method according to any one of claims 13 to 20. 24. A communication system, comprising: The authentication service function network element is used to send the identification information and indication information of the first home network to the network storage function network element, and the indication information instructs the terminal device to access the network by using the slotted wireless local area network to offload NSWO; The network storage function network element is configured to execute the method according to any one of claims 1-5. 25. A communication system, characterized in that it comprises: Slit WLAN offloading NSWO network elements, used to send identification information and indication information of the first home network to the authentication service function network element, the indication information instructs terminal equipment to use NSWO to access the network; The authentication service function network element is configured to execute the method according to any one of claims 1-5. 26. A communication system, comprising: The slotted wireless local area network offloads the NSWO network element, which is used to send the identification information and indication information of the first home network to the network storage function network element, and the indication information instructs the terminal device to use the NSWO mode to access the network; The network storage function network element is configured to execute the method according to any one of claims 7-11. 27. A communication system, comprising: The slotted wireless local area network offloads the NSWO network element, which is used to send the first message to the network storage function network element, and the first message includes the identification information of the first home network; The network storage function network element is configured to execute the method according to any one of claims 13-19. 28. A computer-readable storage medium, wherein a computer program or instruction is stored in the storage medium, and when the computer program or instruction is executed by a communication device, any one of claims 1 to 20 can be realized. the method described.

Images