CN109787796B

CN109787796B - Method and device for authorizing network function service

Info

Publication number: CN109787796B
Application number: CN201711116100.0A
Authority: CN
Inventors: 杨水根; 陆伟; 孙文琦; 谭巍; 冯珍妮; 蒋若冰
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2017-11-13
Filing date: 2017-11-13
Publication date: 2022-08-09
Anticipated expiration: 2037-11-13
Also published as: CN109787796A

Abstract

The patent application provides a method for authorizing network function services. The method includes the network management system sending a configuration request to a network function instance, wherein the configuration request includes at least one authorized network function type of a network function service. Accordingly, the network function instance configures at least one authorized network function type for the network function service. Further, the configuration request sent by the network management system to the network function instance includes at least one authorized network function type and at least one network slice instance/network slice subnet instance information to which the network function type belongs. Accordingly, the network function instance configures at least one authorized network function type of at least one network slice instance/network slice subnet instance for the network function service.

Description

Method and device for authorizing network function service

Technical Field

The present invention relates to the field of wireless communications, and in particular, to a method and an apparatus for authorizing a network function service.

Background

With the rapid development of wireless communication technology, the fifth Generation (5G) wireless communication technology has been a hot spot in the industry. The 5G will support diverse application requirements including access capability supporting higher rate experience and larger bandwidth, lower latency and highly reliable information interaction, and access and management of larger-scale and low-cost machine type communication devices, etc. In addition, 5G can support various vertical industry application scenes such as vehicle networking, emergency communication, industrial internet and the like. In the face of the performance requirements and application scenarios of 5G, the 5G network needs to be closer to the specific requirements of users, and the customization capability needs to be further improved. To this end, 5G introduces the important concept of network slicing. The 5G network is composed of various network slices that satisfy different connection capabilities, one network slice being a logical network that satisfies the communication service requirements of one class or one use case. Fig. 1 shows a 5G network scenario after introducing a network slicing concept, where communication of three cases, namely critical machine type communication (critical MTC), massive machine type communication (massive MTC), and mobile broadband (MBB), is included. As shown in fig. 1, a 3GPP operator network may include a critical machine type communication network slice, a large scale machine type communication network slice, and a mobile broadband network slice. It should be understood that an actual 5G network may also contain other network slices, providing communication services for various use cases.

One network slice is a combination of a plurality of network functions and corresponding resources that implement a communication service. Specifically, a plurality of network functions are connected to each other, and provide specific services to each other to constitute one network slice. One network function has certain resources (e.g., storage, computing resources), implements certain communication service functions, and provides corresponding services to other network functions. In a 5G network, how to implement a network function provides what services to other network functions does not currently have a suitable solution.

Disclosure of Invention

The embodiment of the application provides a method and a device for authorizing network function services, which are used for realizing authorization management of the network function services.

In a first aspect, an embodiment of the present application provides a method for authorizing a network function service, where the method includes: the network management system determines at least one authorized network function type of a network function service which the network function instance has; the network management system sends a configuration request to the network function instance, the configuration request including the at least one authorized network function type of the network function service, and the configuration request is used for requesting the network function instance to configure the at least one authorized network function type for the network function service.

By the method for authorizing the network function service, the network management system configures the authorized network function type for the network function service of the network function, so that the authorized management of the network function service is realized.

In a possible implementation manner, the network management system determines at least one authorized network function type of a network function service that the network function instance has, and further includes: the network management system determines at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

In a possible implementation, the configuration request further includes information of at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

By the method for authorizing the network function service, the network management system can configure the network function type of the specific network slice example/network slice subnet example authorized for the network function service of the network function.

In one possible implementation, the sending, by the network management system, the configuration request to the network function instance includes: the network management system sends the configuration request to the network function instance through an interface based on the network function service.

By the method for authorizing the network function service, the network management system can configure the authorized network function type or the network function type of the specific network slice example/network slice subnet example for the network function service of the network function through the interface based on the network function service.

In a possible implementation manner, the network management system receives a configuration response sent by the network function instance, and the configuration response is used for indicating whether the configuration is successful or not.

In a second aspect, an embodiment of the present application provides a method for authorizing a network function service, where the method includes: the network function instance receives a configuration request from a network management system, wherein the configuration request comprises at least one authorized network function type of a network function service of the network function instance, and the configuration request is used for requesting the network function instance to configure the at least one authorized network function type for the network function service; the network function instance configures the network function service according to the configuration request.

In one possible implementation, the network function instance receiving a configuration request from a network management system includes: the network function instance receives the configuration request from the network management system through an interface based on the network function service.

In one possible implementation, the network function instance sends a configuration response to the network management system to indicate whether the configuration was successful.

In a third aspect, an embodiment of the present application provides a network management system, including a processor and a transceiver, where the processor is configured to determine at least one authorized network function type of a network function service that a network function instance has; the transceiver is communicatively coupled to the processor and configured to send a configuration request to the network function instance, the configuration request including the at least one authorized network function type of the network function service, the configuration request requesting the network function instance to configure the at least one authorized network function type for the network function service.

By the network management system provided by the embodiment of the application, the network management system configures the authorized network function type for the network function service of the network function, so that the authorized management of the network function service is realized.

In a possible implementation manner, the determining at least one authorized network function type of a network function service that the network function instance has further includes: at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs is determined.

By the network management system provided by the embodiment of the application, the network management system can configure the network function type of the specific authorized network slice example/network slice subnet example for the network function service of the network function.

In a possible implementation manner, the sending the configuration request to the network function instance includes: the configuration request is sent to the network function instance through an interface based on the network function service.

By the network management system provided by the embodiment of the application, the network management system can configure authorized network function types or network function types of specific network slice examples/network slice subnet examples for the network function services of the network functions through the interfaces based on the network function services.

In one possible implementation, the transceiver receives a configuration response sent by the network function instance to indicate whether the configuration was successful.

In a fourth aspect, embodiments of the present application provide a network function instance, including a processor and a transceiver, where the transceiver is communicatively coupled to the processor and configured to receive a configuration request from a network management system, where the configuration request includes at least one authorized network function type of a network function service that the network function instance has, and the configuration request is used to request the network function instance to configure the at least one authorized network function type for the network function service; the processor configures the network function service according to the configuration request.

Through the network function example provided by the embodiment of the application, the network management system configures the authorized network function type for the network function service of the network function, so that the authorized management of the network function service is realized.

Through the network function example provided by the embodiment of the application, the network management system can be used for configuring the network function type of the specific authorized network slice example/network slice subnet example for the network function service of the network function.

In one possible implementation, the receiving a configuration request from a network management system includes: the configuration request is received from the network management system through an interface based on the network function service.

Through the network function example provided by the embodiment of the application, the network management system can configure the authorized network function type or the network function type of the specific network slice example/network slice subnet example for the network function service of the network function through the interface based on the network function service.

In one possible implementation, the transceiver sends a configuration response to the network management system to indicate whether the configuration was successful.

In a fifth aspect, an embodiment of the present application provides a method for authorizing a network function service, where the method includes: the network management system determines at least one authorized network function type of at least one network function service possessed by the network function instance; the network management system sends a configuration request to the network function instance, where the configuration request includes information of the at least one network function service and the at least one authorized network function type of the at least one network function service, and the configuration request is used to request the network function instance to configure the at least one authorized network function type for the at least one network function service.

By the method for authorizing the network function service, provided by the embodiment of the application, the network management system configures the authorized network function type for at least one network function service of the network function, so that the authorization management of the network function service is realized.

In one possible implementation manner, the network management system determines at least one authorized network function type of at least one network function service that the network function instance has, and further includes: the network management system determines at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

By the method for authorizing the network function service, the network management system configures the network function type of authorizing the specific network slice example/network slice subnet example for at least one network function service of the network function.

In one possible implementation, the sending, by the network management system, the configuration request to the network function instance includes: the network management system sends the configuration request to the network function instance through an integration interface.

By the method for authorizing the network function service, the network management system can configure the authorized network function type or the network function type of the specific network slice example/network slice subnet example for at least one network function service of the network function through the integrated interface.

In a sixth aspect, an embodiment of the present application provides a method for authorizing a network function service, where the method includes: the network function instance receives a configuration request from a network management system, wherein the configuration request comprises information of at least one network function service possessed by the network function instance and at least one authorized network function type of the at least one network function service, and the configuration request is used for requesting the network function instance to configure the at least one authorized network function type for the at least one network function service; the network function instance configures the at least one network function service according to the configuration request.

In one possible implementation, the network function instance receiving a configuration request from a network management system includes:

the network function instance receives the configuration request from the network management system through an integration interface.

In a seventh aspect, an embodiment of the present application provides a network management system, including a processor and a transceiver, where the processor is configured to determine at least one authorized network function type of at least one network function service that a network function instance has; the transceiver is communicatively coupled to the processor and configured to send a configuration request to the network function instance, the configuration request including the at least one authorized network function type of the at least one network function service, the configuration request requesting the network function instance to configure the at least one authorized network function type for the at least one network function service.

By the network management system provided by the embodiment of the application, the network management system configures the authorized network function type for at least one network function service of the network functions, so that the authorized management of the network function service is realized.

In one possible implementation manner, the determining at least one authorized network function type of the at least one network function service that the network function instance has further includes: at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs is determined.

By the network management system provided by the embodiment of the application, the network management system can configure the network function type of the specific authorized network slice example/network slice subnet example for at least one network function service of the network function.

By the network management system provided by the embodiment of the application, the network management system can configure the authorized network function type or the network function type of the specific network slice example/network slice subnet example for at least one network function service of the network function through the integrated interface.

In an eighth aspect, embodiments of the present application provide a network function instance, including a processor and a transceiver, where the transceiver is communicatively coupled to the processor, and configured to receive a configuration request from a network management system, where the configuration request includes at least one authorized network function type of at least one network function service that the network function instance has, and the configuration request is used to request the network function instance to configure the at least one authorized network function type for the at least one network function service; the processor configures the network function service according to the configuration request.

Through the network function example provided by the embodiment of the application, the network management system configures the authorized network function type for at least one network function service of the network function, so that the authorized management of the network function service is realized.

Through the network function example provided by the embodiment of the application, the network management system configures the network function type of the specific authorized network slice example/network slice subnet example for at least one network function service of the network function.

In one possible implementation, the receiving a configuration request from a network management system includes: the configuration request is received from the network management system through an integration interface.

Through the network function example provided by the embodiment of the application, the network management system can configure the authorized network function type or the network function type of the specific network slice example/network slice subnet example for at least one network function service of the network function through the integrated interface.

A ninth aspect provides a communication device for performing the method of the first aspect or any of its possible implementations, or for performing the method of the fifth aspect or any of its possible implementations. In particular, the communication device may comprise means for performing the method of the first aspect or any of its possible implementations, or means for performing the method of the fifth aspect or any of its possible implementations.

A tenth aspect provides another communication device for performing the method of the second aspect or any of its possible implementations, or for performing the method of the sixth aspect or any of its possible implementations. In particular, the communication device may comprise means for performing the method of the second aspect or any of its possible implementations, or means for performing the method of the sixth aspect or any of its possible implementations.

In an eleventh aspect, there is provided another communication device comprising a memory for storing a computer program and a processor for invoking and running the computer program from the memory, such that the communication device performs the method of the first aspect or any of the possible implementations of the first aspect, or performs the method of the fifth aspect or any of the possible implementations of the fifth aspect.

In a twelfth aspect, there is provided another communication device comprising a memory for storing a computer program and a processor for calling up and running the computer program from the memory so that the communication device performs the method of the second aspect or any of the possible implementations of the second aspect, or performs the method of the sixth aspect or any of the possible implementations of the sixth aspect.

In a thirteenth aspect, an embodiment of the present invention provides a communication system, including: a first network device and a second network device. Wherein: the first network device is the first network device in the third aspect or the seventh aspect, and the second network device is the second network device in the fourth aspect or the eighth aspect.

In a fourteenth aspect, there is provided a computer program product comprising: computer program code which, when executed by a communication unit, a processing unit or a transceiver, a processor of a communication device (e.g. a network management device), causes the communication device to perform the method of the first aspect or any of its possible implementations, or to perform the method of the fifth aspect or any of its possible implementations.

In a fifteenth aspect, another computer program product is provided, the computer program product comprising: computer program code which, when executed by a communication unit, processing unit or transceiver, processor, of a communication device (e.g. a network function device), causes the communication device to perform the method of the second aspect or any of the possible implementations of the second aspect, or to perform the method of the sixth aspect or any of the possible implementations of the sixth aspect.

A sixteenth aspect provides a computer readable storage medium storing computer software program instructions for the above-mentioned first communication device, which program instructions, when executed by the first communication device, cause the first communication device to perform the method of the first aspect or any of its possible implementations, or to perform the method of the fifth aspect or any of its possible implementations.

A seventeenth aspect provides another computer readable storage medium for storing computer software program instructions for the above-mentioned second communication device, which program instructions, when executed by the second communication device, cause the second communication device to perform the method of the second aspect or any of the possible implementations of the second aspect, or to perform the method of the sixth aspect or any of the possible implementations of the sixth aspect.

These and other aspects of the invention will be apparent from and elucidated with reference to the embodiment(s) described hereinafter.

Drawings

The drawings that accompany the detailed description can be briefly described as follows:

fig. 1 is a 5G network scenario provided in an embodiment of the present application;

fig. 2 is a schematic diagram illustrating a network function service provided between possible network functions according to an embodiment of the present disclosure;

fig. 3 is a schematic diagram of a network architecture for authorizing a network function service according to an embodiment of the present application;

fig. 4 is a flowchart illustrating a method for authorizing a network function service according to an embodiment of the present application;

fig. 5 is a flowchart illustrating another method for authorizing a network function service according to an embodiment of the present application;

fig. 6 is a flowchart illustrating a method for authorizing a network function service according to an embodiment of the present application;

fig. 7 is a flowchart illustrating a method for authorizing a network function service according to an embodiment of the present application;

fig. 8 is a schematic block diagram of a network management system provided in an embodiment of the present application;

fig. 9 is another schematic block diagram of a network management system provided in an embodiment of the present application;

FIG. 10 is a schematic block diagram of an example network function provided by an embodiment of the present application;

fig. 11 is another schematic block diagram of an example of a network function provided in an embodiment of the present application.

Detailed Description

The embodiments of the present application will be described below with reference to the drawings.

In this application, the word "exemplary" is used to mean "serving as an example, instance, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. The following description is presented to enable any person skilled in the art to make and use the invention. In the following description, details are set forth for the purpose of explanation. It will be apparent to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and processes are not shown in detail to avoid obscuring the description of the invention with unnecessary detail. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.

The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

The terms "system" and "network" are often used interchangeably herein. The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.

The technical means of the present invention will be described in detail with reference to specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.

As a key feature of 5G, a 5G network may be divided into multiple network slices. One network slice corresponds to one logical network for satisfying the communication service requirement of one use case (use case). A network slice is composed of a plurality of network functions and is implemented by a Network Slice Instance (NSI), that is, a network slice is formed by instantiating each network function of the network slice and corresponding resources and configurations. Different NSIs may have different configurations of network functions and/or resources. An NSI may further include a plurality of Network Slice Subnet Instances (NSSI), where an NSSI is composed of one or more network functions and is an instance of a subnet divided by an NSI according to certain criteria (e.g., deployment area, function division, device provider, etc.).

A network function (network function) is a processing function in a network adopted or defined by 3GPP, having functional behaviors and interfaces defined by 3 GPP. The network function may be implemented by dedicated hardware, by running software on dedicated hardware, or in the form of a virtual function on a general hardware platform. From an implementation point of view, network functions can be divided into physical network functions and virtual network functions. From a usage point of view, network functions may be divided into dedicated network functions and shared network functions. A network function is a dedicated network function when it belongs to only one NSI or NSSI; when a network function belongs to multiple NSI/NSSI, then the network function is a shared network function. Similar to the network slice instance, the network function is also implemented by network function instances, one having corresponding computing and storage resources, etc. For ease of description, the terms "network function" and "network function instance" are used interchangeably herein.

There are various types of network functions in a 5G network, such as access and mobility management function (AMF), Session Management Function (SMF), Network Slice Selection Function (NSSF), User Plane Function (UPF), and Policy Control Function (PCF). Different types of network functions have different functions and roles in the operation of the network slice. Different types of network functions may differ in the services they provide to, the services they obtain from, and the connections with other network functions. One network function may open its own capabilities to other network functions through an interface. For example, a network function service is a type of capability that a network function provides to other network functions, which may be that the network function provides to other network functions through an interface based on the network function service or through an integrated interface. An interface based on a network function service may be a logical interface or may be one or more physical interfaces that are specific to a particular network function service. An integrated interface is a collection of one or more network function service-based interfaces, which may be a logical interface or one or more physical interfaces, that serve all network function services that the network function provides to other network functions. One network function may open one or more network function services to other network functions. Illustratively, the AMF may provide at least the following three network function services to other network functions: (1) communication service to realize communication between other network functions and terminal equipment through AMF; (2) event open service to enable other network functions to subscribe and notify mobility-related events and performance statistics; (3) and measuring and tracking service to realize the position tracking of the terminal equipment by other network functions and the like. It should be noted that the multiple network function services provided by one network function may serve other multiple types of network functions. A network function service provided by a network function may also serve other types of network functions. The other network function, acting as a subscriber (subscriber) to the network function, obtains one or more network function services provided by the network function. Exemplarily, the AMF may provide a communication service to the SMF and an event opening service to the NSSF, respectively; the AMF can also provide communication services to the SMF and the UPF; the AMF may also provide communication services and event opening services, etc. to the SMF.

Fig. 2 shows a schematic diagram of a possible network function service provision between network functions, in which the interface between the network functions is based on the network function service. As shown in fig. 2, the network function a has network function services a1 to An; the network function B has B1 to Bn network function services, and the Bn network function service in the network function B is also a user of the network function service An in the network function a, or the network function B is a user of the network function service An; network function C is a subscriber to network function service B1, network function service A1, and network function service Bn. The network function A and the network function B can be connected through An interface based on a network function service An; the network function A and the network function C can be connected through An interface based on the network function service A1 and An interface based on the network function service An; network function B and network function C may be connected through an interface based network function service B1. In the case where the interface between the network functions is an integrated interface, the network function a is connected to the network function B through one integrated interface, the network function a is connected to the network function C through another integrated interface, and the network function B is connected to the network function C through one integrated interface.

The inventor has found that although one network function can provide different network function services to a plurality of users (or a plurality of other network functions), based on the service content and security requirements, a service authorization mechanism is required so that only authorized users (or network functions) can obtain the specific network function services provided by the network function. Therefore, the embodiment of the application provides a technical scheme for managing the authorization of the network function service.

A network function has a specific type, different type of network function, and the services it provides to other network functions, and the services it obtains from other network functions, may be different. In view of this, the embodiments of the present application configure an authorized network function type for a network function, so as to enable the network function to authorize a network function service of a specific network function type. Further, a network function may be specific to one NSI/NSSI or may be shared by multiple NSIs/NSSIs. The services provided by a network function may only be allowed to be acquired by a particular NSI/NSSI. In view of this, the embodiments of the present application configure one or more authorized network function types of the NSI/NSSI for a network function, so as to enable the network function to authorize the network function service of a specific network function type of a specific NSI/NSSI.

Fig. 3 is a schematic diagram of a network architecture for authorizing a network function service provided in an embodiment of the present application, where the network architecture includes a network management system and a network function instance. The network management system is mainly responsible for managing the life cycle, performance, fault, configuration and the like of the network function instance. The network management system may be a network manager (network manager), a domain manager (domain manager), a network element manager (element manager), a network slice management function (network slice management function), a network slice subnet management function (network slice subnet management function), a communication service management function (communication service management function), a network function virtualization (network function virtualization), a virtualized network function manager (virtualized network function manager), a virtualized infrastructure manager (virtualized infrastructure manager), or any combination of the above devices/modules, such as a combination of a network slice management function and a network element manager, or a combination of a network slice subnet management function and a network element manager, and the like. A network function may provide different types of capabilities, i.e., different network function services, to a particular user, i.e., other particular network functions. Each network function service provided by a network function may be independent (self-contained), reusable, and use management mechanisms (e.g., configuration, scaling, extension, etc.) that are provided to other network function services independently of the network function. It should be understood that the interface between the network management system and the network function instance in fig. 3 may be based on network function services or may be integrated. A network function service may be accessed through an interface based on the network function service through which one or more operations may be performed. One or more network function services may also be accessed through an integrated interface.

The following embodiments are specifically provided, and the technical solution of the present application is described in detail with reference to fig. 4 to 7. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. It should be understood that fig. 4 to 7 are schematic flow charts of the communication method of the embodiment of the present application, and show detailed communication steps or operations of the method, but these steps or operations are merely examples, and the embodiment of the present application may also perform other operations or variations of the various operations in fig. 4 to 7. Furthermore, the various steps in fig. 4-7 may be performed in a different order than presented in fig. 4-7, respectively, and it is possible that not all of the operations in fig. 3-7 are performed.

Fig. 4 is a flowchart illustrating a method for authorizing a network function service according to an embodiment of the present application, where the method 400 is applicable to the operations of the network management system and the network function instance shown in fig. 3. In this embodiment, the network management system requests, via a network function service-based interface, the network function instance to configure one or more authorized network function types for one of the network function services. It should be understood that one network function service-based interface and one network function service are in a one-to-one correspondence. For example, the AMF has an interface based on a communication service and an event open service, corresponding to the communication service provided by the AMF and the event open service provided by the AMF, respectively. The process illustrated in FIG. 4 includes the following steps:

401. the network management system sends a configuration request to the network function instance.

Wherein, the configuration request includes at least one authorized network function type.

Specifically, the network management system sends a configuration request containing one or more authorized network function types to the network function instance through an interface based on the network function service. The configuration request is used for requesting the network function instance to configure one or more network function types authorized for the network function service corresponding to the interface. It should be noted that a network function instance may have one or more network function service-based interfaces, and each network function service-based interface is used for configuring the network function service corresponding to the interface. In the case where the network function instance provides multiple network function services, the network function instance has an interface for each network function service that is based on the network function service to communicate with the network management system and/or other network function instances. Illustratively, the network function AMF may provide a first network function service to the SMF and the UPF and a second network function service to the NSSF. In this case, the network management system sends a configuration request to the AMF instance over the first network function service based interface, the configuration request containing information for the SMF and the UPF. The network management system sends a configuration request to the AMF instance over the second network function service based interface, the configuration request including information for the NSSF. The information of the SMF, the UPF and the NSSF is used to respectively indicate the three types of network functions, and for example, the information can be respectively indicated by type identifiers (such as a character string "SMF", a character string "UPF" and a character string "NSSF") of the three types of network functions.

Before the network management system sends a configuration request to the network function instance, the network management system determines one or more authorized network function types in the configuration request. In a possible implementation manner, the network management system determines the authorized network function type in the configuration request by itself, for example, the network management system determines by itself that the authorized network function type of the first network function service corresponding to the interface based on the first network function service of the AMF is SMF and UPF, and the authorized network function type of the second network function service corresponding to the interface based on the second network function service of the AMF is NSSF. In another possible implementation manner, the network management system may further obtain one or more authorized network function types in the configuration request from other network devices/units. The embodiments of the present application do not limit this.

402. The network function instance configures a network function service.

Specifically, after a network function instance receives a configuration request of a network management system through an interface based on a network function service, the network function instance configures the network function service corresponding to the interface. For example, after receiving a configuration request of a network function service, the network function instance writes an authorized network function type in the configuration request into a configuration file/template (profile) of the network function instance, thereby implementing configuration of the corresponding network function service. Illustratively, after receiving a configuration request containing information of the SMF and the UPF sent by the network management system through the interface based on the first network function service, the AMF instance writes the information of the SMF and the UPF into the configuration file/template of the AMF instance, wherein the SMF and the UPF are associated with the first network function service. After receiving a configuration request containing NSSF information sent by a network management system through an interface based on a second network function service, the AMF instance writes the NSSF information into a configuration file/template of the AMF instance, wherein the NSSF is associated with the second network function service.

403. The network function instance sends a configuration response to the network management system.

In this step, the network function instance sends a configuration response to the network management system to inform the network function instance of the configuration result. This step is optional.

Optionally, the network function instance feeds back, to the network management system, whether the configuration of the network function service corresponding to the interface is successful through an interface based on the network function service. Illustratively, the AMF instance feeds back to the network management system whether its authorized SMF and UPF configured for the first network function service are successful or not through the interface based on the first network function service, and feeds back to the network management system whether its authorized NSSF configured for the second network function service are successful or not through the interface based on the second network function service.

It should be understood that, in the case where the network management system manages a plurality of network function service authorizations for one network function, the network management system manages the network function service authorizations corresponding to the respective interfaces on the basis of the interface of each network function service. In other words, the network management system performs the steps 401-402 or 401-403 for each network function service of the network function.

It should be noted that, in the embodiment of the present application, the configuration request or the configuration response may be carried in any message interacted between the network management system and the network function instance, such as a configuration request message or a configuration response message, and the present application is not limited to this specifically.

Through the steps of the embodiment of the application, the network management system configures the authorized network function type for the network function service of the network function through the interface based on the network function service, so that the authorized management of the network function service is realized.

Fig. 5 is a flowchart illustrating another method for authorizing a network function service according to an embodiment of the present application, where the method 500 is applicable to the operations of the network management system and the network function instance shown in fig. 3. In this embodiment, the network management system requests, via a network function service-based interface, the network function instance to configure one or more network function types for authorization of one of the network function services for one of the NSI/NSSI. The process illustrated in FIG. 5 includes the following steps:

501. the network management system sends a configuration request to the network function instance.

The configuration request comprises at least one authorized network function type and at least one NSI/NSSI information belonging to the authorized network function type.

In this step, the NSI/NSSI information is used to indicate the NSI/NSSI to which the authorized network function type or types in the configuration request belong. Specifically, the network management system sends a configuration request including one or more authorized network function types for one or more NSI/NSSIs to the network function instance via a network function service-based interface. The configuration request is used for requesting the network function instance to configure one or more network function types of one or more NSI/NSSI authorized for the network function service corresponding to the interface. It should be understood that in the embodiments of the present application, there are many ways to configure the network function service authorization. For example, one network function type of one NSI/NSSI is authorized for the network function service configuration corresponding to the interface, multiple network function types of one NSI/NSSI are authorized for the network function service configuration corresponding to the interface, one network function type of multiple NSIs/NSSI is authorized for the network function service configuration corresponding to the interface, and multiple network function types of multiple NSIs/NSSI are authorized for the network function service configuration corresponding to the interface. Illustratively, the network function AMF may provide a first network function service to the SMF of a first NSI/NSSI, a first network function service to the UPF of a second NSI/NSSI, and a second network function service to the NSSF of a third NSI/NSSI and a fourth NSI/NSSI. In this case, the network management system sends a configuration request to the AMF instance over the first network function service based interface, the configuration request including SMF information for the first NSI/NSSI and UPF information for the second NSI/NSSI. The network management system sends a configuration request to the AMF instance over the second network function service based interface, the configuration request including NSSF information for the third NSI/NSSI and the fourth NSI/NSSI. Further, the SMF of the first NSI/NSSI is indicated using information of the SMF and information of the first NSI/NSSI to which the SMF belongs; the UPF for the second NSI/NSSI is indicated using information for the UPF and information for the second NSI/NSSI described by the UPF; the NSSF for the third NSI/NSSI and the fourth NSI/NSSI is indicated using information for the NSSF and information for the third NSI/NSSI and the fourth NSI/NSSI to which the NSSF belongs, respectively.

Optionally, the NSI/NSSI information may be characterized using at least one of the following parameters:

1. network slice identity (slice ID)/network slice subnet identity (slice subnet ID):

1.1, NSI/NSSI type information, for example, the NSI/NSSI type information may indicate an NSI/NSSI type such as enhanced mobile broadband service, ultra-reliable low-latency communication, massive machine type communication, or the like, optionally, the NSI type information may also indicate an end-to-end NSI type including an NSI type from an access network to a core network, and the NSI type information may indicate an NSI type on an access network side, an NSI type on a core network side, an NSI type on a transmission network side, or the like;

1.2, service type information, which is related to a specific service, for example, the service type information may indicate service characteristics such as a video service, an internet of vehicles service, a voice service, and the like, or information of the specific service;

1.3, Tenant (Tenant) information for indicating the client information of creating or renting the network slice/network slice sub-network, such as Tencent, national grid, etc.;

1.4, user group information, which is used for indicating grouping information for grouping users according to certain characteristics, such as user levels and the like;

1.5. slice group information indicating that all network slices accessible by the terminal device may be regarded as one slice group according to a certain characteristic, or the grouping of the network slices may be divided according to other standards;

1.6, NSI information, configured to indicate an instance identifier and feature information created for the network slice, for example, an identifier may be allocated to the NSI to indicate the NSI, a new identifier may also be mapped on the basis of the NSI identifier, the NSI is associated, and the specific NSI indicated by the identifier may be identified by the receiver according to the identifier;

1.7, NSSI information, configured to indicate an instance identifier and feature information created for the network slice subnet, for example, an identifier may be allocated for the NSSI to indicate the NSSI, or a new identifier may be mapped based on the NSSI identifier, the NSSI is associated, and the specific NSSI indicated by the identifier may be identified by the receiving party according to the identifier.

2. Single network slice selection assistance information (S-NSSAI), which at least includes slice type/service type (SST) information, and optionally may also include slice differentiation information (SD). The SST information is used to indicate the behavior of the network slice, such as the feature and service type of the network slice, and the SD information is complementary information of the SST, and if the SST points to multiple network slices for implementation, the SD may correspond to only one network slice instance.

3. S-NSSAI group information indicating that, according to a certain characteristic, for example, all network slices of a certain common AMF that the terminal device can access can be treated as one S-NSSAI group.

4. Temporary identity (temporary ID): the temporary identification information includes AMF assigned to the terminal registered on the core network side, and the temporary ID may uniquely point to a certain AMF.

It should be understood that, in the embodiment of the present application, the NSI/NSSI may use at least one of the above parameters to characterize the NSI/NSSI information, for example, the information of the NSI/NSSI may be characterized by an NSI/NSSI type, or may also be characterized by an NSI/NSSI type and a service type, or may also be characterized by a service type plus tenant information, and the like, which is not limited in this embodiment of the present application. Optionally, the specific encoding form of the NSI/NSSI information is not limited, different fields of the interface message carried between different devices may respectively represent different NSI/NSSI information, or may be replaced by abstracted index values, where the different index values respectively correspond to different network slices/network slice subnets.

Before the network management system sends a configuration request to the network function instance, the network management system determines one or more authorized network function types for one or more NSI/NSSIs in the configuration request. In a possible implementation manner, the network management system determines the authorized network function type in the configuration request and the corresponding NSI/NSSI information thereof by itself, for example, the network management system determines that the authorized network function type of the first network function service corresponding to the interface based on the first network function service of the AMF is an SMF of the first NSI/NSSI and a UPF of the second NSI/NSSI by itself, and the authorized network function type of the second network function service corresponding to the interface based on the second network function service of the AMF is an NSSF of the third NSI/NSSI and the fourth NSI/NSSI. In another possible implementation manner, the network management system may further obtain one or more authorized network function types in the configuration request and one or more NSI/NSSI information to which the authorized network function types belong from other network devices/units. The embodiments of the present application do not limit this.

502. The network function instance configures a network function service.

Specifically, after a network function instance receives a configuration request of a network management system through an interface based on a network function service, the network function instance configures the network function service corresponding to the interface. For example, after receiving a configuration request of a network function service, the network function instance writes the authorized network function type of the NSI/NSSI in the configuration request into a configuration file/template of the network function instance, thereby implementing configuration of the corresponding network function service. Illustratively, after receiving a configuration request containing the SMF of the first NSI/NSSI and the UPF of the second NSI/NSSI sent by the network management system through the interface based on the first network function service, the AMF instance writes the SMF information of the first NSI/NSSI and the UPF information of the second NSI/NSSI into the configuration file/template of the AMF instance, wherein the SMF of the first NSI/NSSI and the UPF of the second NSI/NSSI are associated with the first network function service. And after receiving a configuration request of NSSF containing a third NSI/NSSI and a fourth NSI/NSSI sent by the network management system through an interface based on the second network function service, the AMF instance writes NSSF information of the third NSI/NSSI and the fourth NSI/NSSI into a configuration file/template of the AMF instance, wherein the NSSF of the third NSI/NSSI and the fourth NSI/NSSI is associated with the second network function service.

503. The network function instance sends a configuration response to the network management system.

Optionally, the network function instance feeds back, to the network management system, whether the configuration of the network function service corresponding to the interface is successful through an interface based on the network function service. Illustratively, the AMF instance feeds back to the network management system whether the SMF authorizing the first NSI/NSSI and the UPF of the second NSI/NSSI of its configuration for the first network function service are successful or not through the interface based on the first network function service, and feeds back to the network management system whether the NSSF authorizing the third NSI/NSSI and the fourth NSI/NSSI of its configuration for the second network function service are successful or not through the interface based on the second network function service.

It should be understood that, in the case where the network management system manages a plurality of network function service authorizations for one network function, the network management system manages the network function service authorizations corresponding to the respective interfaces on the basis of the interface of each network function service. In other words, the network management system performs the steps 501-502 or 501-503 for each network function service of the network function.

It should be noted that, in the embodiment of the present application, the configuration request and the configuration response may be carried in any message interacted between the network management system and the network function instance, such as a configuration request message or a configuration response message, and the present application is not limited to this specifically.

Through the steps of the embodiment of the application, the network management system configures the authorized NSI/NSSI network function type for the network function service of the network function through the interface based on the network function service, thereby realizing the authorized management of the network function service.

In the embodiments of fig. 4 and 5 described above, the network management system communicates with the network function instance through an interface based network function service. In this scenario, a network function instance has, for each network function service provided by itself, an interface that is available for communication with the network management system and with the respective network function instance authorized to use the network function service. The network function instance communicates with the network management system through interfaces with corresponding number according to the number of network function services provided by the network function instance. In another scenario, an interface between the network management system and a network function instance is integrated, the integrated interface aggregates interfaces of the network function instance based on network function services, and the integrated interface is used for requesting, by the network management system, authorization of one or more network function services configured by the network function instance.

Fig. 6 is a flowchart illustrating a method for authorizing a network function service according to an embodiment of the present application, where the method 600 is applicable to the operations of the network management system and the network function instance shown in fig. 3. In this embodiment, the network management system requests, via an integrated interface, the network function instance to configure the authorized one or more network function types for one or more network function services therein. The process illustrated in FIG. 6 includes the following steps:

601. the network management system sends a configuration request to the network function instance.

The configuration request comprises information of at least one network function service and at least one corresponding authorized network function type.

Specifically, the network management system sends a configuration request containing information of one or more network function services and one or more authorized network function types corresponding to the one or more network function services to the network function instance through an integrated interface. The configuration request is for requesting the network function instance to configure the authorized one or more network function types for the one or more network function services. It should be understood that in the embodiments of the present application, there are many ways to configure the network function service authorization. For example, one network function service may be configured to authorize one network function type, one network function service may be configured to authorize multiple network function types, multiple network function services may be configured to authorize one network function type, and multiple network function services may be configured to authorize multiple network function types. It should be noted that, unlike the interface based on the network function service, the integrated interface is used for configuring one or more network function services. Illustratively, the network function AMF may provide a first network function service to the SMF and the UPF and a second network function service to the NSSF. In this case, the network management system sends a configuration request to the AMF via the integrated interface, the configuration request including the first network function service information and the corresponding SMF and UPF information, and the second network function service information and the corresponding NSSF information.

Before the network management system sends a configuration request to the network function instance, the network management system determines one or more authorized network function types of one or more network function services in the configuration request. In a possible implementation manner, the network management system determines the information of the one or more network function services in the configuration request and the corresponding one or more authorized network function types by itself, for example, the network management system determines the authorized network function types of the first network function service provided by the AMF as SMF and UPF, and the authorized network function type of the second network function service as NSSF by itself. In another possible implementation manner, the network management system may further obtain, from other network devices/units, information of one or more network function services in the configuration request and corresponding one or more authorized network function types. The embodiments of the present application do not limit this.

602. The network function instance configures a network function service.

Specifically, after the network function instance receives a configuration request of the network management system through an integrated interface, the network function instance configures each network function service included in the configuration request. For example, after receiving a configuration request of one or more network function services, the network function instance writes the authorized one or more network function types of the one or more network function services in the configuration request into a configuration file/template of the network function instance, thereby implementing configuration of the one or more network function services. Illustratively, after receiving a configuration request sent by a network management system through the integrated interface, the AMF instance writes first network function service information and information of SMF and UPF into a configuration file/template of the AMF instance, where the SMF and UPF are associated with the first network function service. After receiving a configuration request sent by a network management system through an integrated interface, the AMF instance writes second network function service information and NSSF information into a configuration file/template of the AMF instance, wherein the NSSF is associated with the second network function service.

603. The network function instance sends a configuration response to the network management system.

Optionally, the network function instance feeds back to the network management system through an integrated interface whether the configuration of the one or more network function services is successful. Illustratively, the AMF instance feeds back to the network management system through the integrated interface whether its authorization SMF and UPF for the first network function service configuration was successful and its authorization NSSF for the second network function service configuration was successful.

Through the steps of the embodiment of the application, the network management system configures the authorized network function type for the network function service of the network function through the integrated interface, so that the authorized management of the network function service is realized.

Fig. 7 is a flowchart illustrating a method for authorizing a network function service according to an embodiment of the present application, where the method 700 is applicable to the operations of the network management system and the network function instance shown in fig. 3. In this embodiment, the network management system requests, via an integrated interface, the network function instance to configure one or more network function types of the authorized one or more NSI/NSSI for one or more network function services therein. The process illustrated in FIG. 7 includes the following steps:

701. the network management system sends a configuration request to the network function instance.

The configuration request includes information of at least one network function service, corresponding at least one authorized network function type and at least one NSI/NSSI information belonging to the authorized network function type.

Specifically, the network management system sends a configuration request for one or more network function types including information of one or more network function services and authorized one or more NSIs/NSSIs of the one or more network function services to the network function instance via an integrated interface. The configuration request is for requesting the network function instance to configure one or more network function types of the one or more NSI/NSSIs authorized for the one or more network function services. It should be understood that in the embodiments of the present application, there are many ways to configure the network function service authorization. For example, one network function type may be configured to authorize one NSI/NSSI for one network function service, multiple network function types may be configured to authorize one NSI/NSSI for one network function service, one network function type may be configured to authorize multiple NSIs/NSSIs for one network function service, multiple network function types may be configured to authorize multiple NSI/NSSIs for one network function service, one network function type may be configured to authorize one NSI/NSSI for multiple network function services, multiple network function types may be configured to authorize one NSI/NSSI for multiple network function services, one network function type may be configured to authorize multiple NSI/NSSI for multiple network function services, and multiple network function types may be configured to authorize multiple NSI/NSSIs for multiple network function services. Illustratively, the network function AMF may provide a first network function service to the SMF of a first NSI/NSSI, a first network function service to the UPF of a second NSI/NSSI, and a second network function service to the NSSF of a third NSI/NSSI and a fourth NSI/NSSI. In this case, the network management system sends a configuration request to the AMF via the integrated interface, the configuration request including the first network function service information and the SMF information of the corresponding first NSI/NSSI, the UPF information of the second NSI/NSSI, and the second network function service information and the NSSF information of the corresponding third NSI/NSSI and fourth NSI/NSSI. Further, the SMF of the first NSI/NSSI is indicated using information of the SMF and information of the first NSI/NSSI to which the SMF belongs; the UPF for the second NSI/NSSI is indicated using information for the UPF and information for the second NSI/NSSI to which the UPF belongs; the NSSF for the third NSI/NSSI and the fourth NSI/NSSI is indicated using information for the NSSF and information for the third NSI/NSSI and the fourth NSI/NSSI to which the NSSF belongs, respectively.

Before the network management system sends a configuration request to the network function instance, the network management system determines one or more network function types of the one or more NSIs/NSSIs authorized for the one or more network function services in the configuration request. In one possible implementation, the network management system determines the information of the network function service in the configuration request and the corresponding network function type of the authorized NSI/NSSI by itself, for example, the network management system determines the authorized network function type of the first network function service of the AMF to be the SMF of the first NSI/NSSI and the UPF of the second NSI/NSSI by itself, and the authorized network function type of the second network function service of the AMF to be the NSSF of the third NSI/NSSI and the fourth NSI/NSSI by itself. In another possible implementation manner, the network management system may further obtain, from other network devices/units, information of the one or more network function services in the configuration request and one or more authorized network function types of the corresponding one or more NSIs/NSSIs. The embodiments of the present application do not limit this.

702. The network function instance configures a network function service.

Specifically, after the network function instance receives a configuration request of the network management system through an integrated interface, the network function instance configures each network function service included in the configuration request. For example, after receiving a configuration request of one or more network function services, the network function instance writes one or more network function types of one or more NSI/NSSI authorized by the one or more network function services in the configuration request into a configuration file/template of the network function instance, thereby implementing configuration of the one or more network function services. Illustratively, after receiving a configuration request sent by a network management system through the integrated interface, the AMF instance writes service information of the first network function, SMF information of the first NSI/NSSI, and UPF information of the second NSI/NSSI into a configuration file/template of the AMF instance, wherein the SMF of the first NSI/NSSI and the UPF of the second NSI/NSSI are associated with the first network function. The AMF instance writes the second network function service information and NSSF information for a third NSI/NSSI and a fourth NSI/NSSI associated with the second network function service into a configuration file/template of the AMF instance.

703. The network function instance sends a configuration response to the network management system.

Optionally, the network function instance feeds back to the network management system through an integrated interface whether the configuration of the one or more network function services is successful. Illustratively, the AMF instance feeds back to the network management system through the integrated interface whether it succeeded in authorizing the SMF of the first NSI/NSSI and the UPF of the second NSI/NSSI for the first network function service configuration, and whether it succeeded in authorizing the NSSF of the third NSI/NSSI and the fourth NSI/NSSI for the second network function service configuration.

Through the steps of the embodiment of the application, the network management system configures the authorized NSI/NSSI network function type for the network function service of the network function through the integrated interface, so that the authorized management of the network function service is realized.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present patent application.

Method embodiments of the present application are described in detail above in conjunction with fig. 4-7, and apparatus embodiments of the present application are described in detail below in conjunction with fig. 8-11. It is to be understood that the apparatus embodiments correspond to the method embodiments and similar descriptions may be made with reference to the method embodiments. It is noted that the device embodiments may be used in conjunction with the above-described methods, or may be used alone.

Fig. 8 shows a schematic block diagram of a network management system 800 according to an embodiment of the present application, where the network management system 800 may correspond to (e.g., may be configured with or be itself) the network management system described in any of the

methods

400, 500, 600, or 700 described above. The network management system 800 may include: processor 801 and transceiver 802, processor 801 and transceiver 802 being communicatively coupled. Optionally, the network management system 800 further comprises a memory 803, the memory 803 being communicatively coupled to the processor 801. Optionally, the processor 801, the memory 803, and the transceiver 802 may be communicatively coupled, the memory 803 may be used to store instructions, and the processor 801 may be used to execute the instructions stored by the memory 803 to control the transceiver 802 to receive and/or transmit information or signals. In the embodiment of the present application, the processor 801 is configured to call the program and data stored in the memory 803, and perform the following operations:

the processor 801 determines one or more authorized network function types in the configuration request, or one or more authorized network function types for one or more NSI/NSSI in the configuration request, or one or more authorized network function types for one or more network function services in the configuration request, or one or more network function types for one or more NSI/NSSI for authorization for one or more network function services in the configuration request.

The processor 801 sends a configuration request to the network function instance through the transceiver 802, where the configuration request includes at least one authorized network function type, or the configuration request includes at least one authorized network function type and at least one corresponding NSI/NSSI information thereof, or the configuration request includes information of at least one network function service and at least one corresponding authorized network function type, or the configuration request includes information of at least one network function service, at least one corresponding authorized network function type and at least one corresponding NSI/NSSI information thereof.

Optionally, the transceiver 802 receives a configuration response sent by the network function instance.

It should be noted that the processor 801 and the transceiver 802 in the network management system 800 described in the embodiments of the present application are respectively configured to perform some or all of the steps described in any of the

methods

400, 500, 600, or 700 described above, which are performed by the network management system. Here, detailed description thereof is omitted in order to avoid redundancy.

Fig. 9 shows another schematic block diagram of a network management system 900 according to an embodiment of the present application, where the network management system 900 may correspond to (e.g., may be configured with or be itself) the network management system described in any of the

methods

400, 500, 600, or 700 described above. The network management system 900 may include: a communication unit 901 and a processing unit 902, the processing unit 902 and the communication unit 901 being communicatively coupled. In the present embodiment, the network management system 900 is presented in the form of a functional unit. A "unit" herein may be a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other devices that may provide the functionality described above. The network management system may take the form shown in figure 8. The processing unit 902 may be implemented by the processor 801 in fig. 8, and the communication unit 901 may be implemented by the transceiver 802 in fig. 8. The network management system 900 may further include a storage unit for storing a program or data to be executed by the processing unit 902, or storing information received and/or transmitted through the communication unit 901.

It should be noted that, in the network management system 900 described in the embodiment of the present application, the communication unit 901 and the processing unit 902 are respectively configured to execute some or all of the steps described in any of the

methods

400, 500, 600, or 700 described above, which are executed by the network management system. Here, detailed description thereof is omitted in order to avoid redundancy.

Fig. 10 shows a schematic block diagram of a network function instance 1000 according to an embodiment of the present application, where the network function instance 1000 may correspond to (e.g., may be configured with or be itself) the network function instance described in any of the

methods

400, 500, 600, or 700 described above. The network function instance 1000 may include: processor 1001 and transceiver 1002, processor 1001 and transceiver 1002 being communicatively coupled. Optionally, the network function instance 1000 further comprises a memory 1003, the memory 1003 being communicatively coupled to the processor 1001. Optionally, a processor 1001, a memory 1003, and a transceiver 1002 may be communicatively coupled, the memory 1003 may be used to store instructions, and the processor 1001 is used to execute the instructions stored by the memory 1003 to control the transceiver 1002 to receive and/or transmit information or signals. In the embodiment of the present application, the processor 1001 is configured to call the program and data stored in the memory 1002, and perform the following operations:

the processor 1001 receives a configuration request sent by the network management system through the transceiver 1002, where the configuration request includes at least one authorized network function type, or the configuration request includes at least one authorized network function type and at least one piece of NSI/NSSI information to which the authorized network function type belongs, or the configuration request includes information of at least one network function service and at least one corresponding authorized network function type, or the configuration request includes information of at least one network function service, at least one corresponding authorized network function type and at least one piece of NSI/NSSI information to which the authorized network function type belongs.

The processor 1001 configures the network function service according to the received configuration request.

Optionally, the transceiver 802 sends a configuration response to the network management system.

It should be noted that the processor 1001 and the transceiver 1002 in the network function example 1000 described in the embodiments of the present application are respectively configured to perform part or all of the steps performed by the network function example described in any of the

methods

400, 500, 600, or 700 described above. Here, detailed description thereof is omitted in order to avoid redundancy.

Fig. 11 shows another schematic block diagram of a network function instance 1100 according to an embodiment of the present application, where the network function instance 1100 may correspond to (e.g., may be configured with or be itself) a network function instance described in any of the

methods

400, 500, 600, or 700 described above. The network function instance 1100 may include: a communication unit 1101 and a processing unit 1102, the processing unit 1102 and the communication unit 1101 being communicatively coupled. In the present embodiment, the network function instance 1100 is presented in the form of a functional unit. A "unit" herein may be a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other devices that may provide the functionality described above. The network function instance may take the form shown in fig. 10. The processing unit 1102 may be implemented by the processor 1001 in fig. 10, and the communication unit 1101 may be implemented by the transceiver 1002 in fig. 10. The network function instance 1100 may also include a storage unit for storing programs or data to be executed by the processing unit 1102 or storing information received and/or transmitted through the communication unit 1101.

It should be noted that the communication unit 1101 and the processing unit 1102 in the network function example 1100 described in the embodiment of the present application are respectively configured to execute some or all of the steps executed by the network function example described in any one of the

methods

It should be understood that the processors (801, 1001) in the apparatus embodiments of the present application may be Central Processing Units (CPUs), Network Processors (NPs), hardware chips, or any combination thereof. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.

The memory (803, 1003) in the device embodiments of the present application may be a volatile memory (volatile memory), such as a random-access memory (RAM); a non-volatile memory (non-volatile memory) such as a read-only memory (ROM), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD); combinations of the above types of memories are also possible.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is only a logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication coupling may be an indirect coupling or communication coupling of devices or units through some interfaces, and may be in an electrical, mechanical or other form.

Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present patent application or a part of the technical solution that substantially contributes to the prior art may be embodied in the form of a software product stored in a storage medium and containing instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present patent application. And the aforementioned storage medium comprises: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present patent application shall be subject to the protection scope of the claims.

Claims

1. A method for network function service authorization, comprising: the network management system determines at least one authorized network function type of a network function service which the network function instance has;

the network management system sends a configuration request to the network function instance, where the configuration request includes the at least one authorized network function type of the network function service, and the configuration request is used to request the network function instance to configure the at least one authorized network function type for the network function service, where a network function instance has multiple interfaces based on the network function service, and each interface based on the network function service is used to configure the network function service corresponding to the interface;

the network function instance is used for providing a plurality of network function services, and an interface based on the network function services is communicated with a network management system and/or other network function instances for each network function service;

wherein, the configuration request includes: at least one authorized network function type and at least one NSI/NSSI information belonging to the authorized network function type; wherein the NSI/NSSI information is used for indicating NSI/NSSI to which one or more authorized network function types in the configuration request belong;

the network management system is used for sending a configuration request containing one or more authorized network function types of one or more NSI/NSSIs to a network function instance through an interface based on network function service, wherein the configuration request is used for requesting the network function instance to configure the one or more authorized network function types of one or more NSIs/NSSIs for the network function service corresponding to the interface;

wherein authorizing network function service configuration comprises: authorizing a network function type of one NSI/NSSI to the network function service configuration corresponding to the interface, multiple network function types of one NSI/NSSI to the network function service configuration corresponding to the interface, one network function type of multiple NSI/NSSI to the network function service configuration corresponding to the interface, or multiple network function types of multiple NSI/NSSI to the network function service configuration corresponding to the interface;

wherein, in the case that the AMF is allowed to provide the first network function service to the SMF of the first NSI/NSSI, the first network function service to the UPF of the second NSI/NSSI, and the second network function service to the NSSF of the third NSI/NSSI and the fourth NSI/NSSI, the network management system is configured to send a configuration request to the AMF instance through the interface based on the first network function service, the configuration request including SMF information of the first NSI/NSSI and UPF information of the second NSI/NSSI, the network management system sending a configuration request to the AMF instance through the interface based on the second network function service, the configuration request including NSSF information of the third NSI/NSSI and the fourth NSI/NSSI, the SMF of the first NSI/NSSI being allowed to use information of the SMF and information of the first NSI/NSSI to which the SMF belongs; allowing the UPF of the second NSI/NSSI to be indicated using the information of the UPF and the information of the second NSI/NSSI described by the UPF; the NSSF allowed for the third NSI/NSSI and the fourth NSI/NSSI is indicated using the information for the NSSF and the information for the third NSI/NSSI and the fourth NSI/NSSI to which the NSSF belongs, respectively.

2. The method of claim 1, wherein the network management system determines at least one authorized network function type of a network function service that the network function instance has, and further comprising:

the network management system determines at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

3. The method according to claim 1 or 2, wherein the configuration request further comprises information of at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

4. The method of claim 1 or 2, wherein the network management system sending a configuration request to the network function instance comprises: the network management system sends the configuration request to the network function instance through an interface based on the network function service.

5. A method for network function service authorization, comprising:

a network function instance receives a configuration request from a network management system, wherein the configuration request comprises at least one authorized network function type of a network function service of the network function instance, and the configuration request is used for requesting the network function instance to configure the at least one authorized network function type for the network function service, wherein one network function instance is provided with a plurality of interfaces based on the network function service, and each interface based on the network function service is used for configuring the network function service corresponding to the interface;

the network function instance configures the network function service according to the configuration request;

the network management system is used for sending a configuration request containing one or more authorized network function types of one or more NSI/NSSIs to a network function instance through an interface based on network function services, wherein the configuration request is used for requesting the network function instance to configure the one or more authorized network function types of one or more NSI/NSSIs for the network function services corresponding to the interface;

wherein, in the case that the AMF is allowed to provide the first network function service to the SMF of the first NSI/NSSI, the first network function service to the UPF of the second NSI/NSSI, and the second network function service to the NSSF of the third NSI/NSSI and the fourth NSI/NSSI, the network management system is configured to send a configuration request to the AMF instance through the interface based on the first network function service, the configuration request including SMF information of the first NSI/NSSI and UPF information of the second NSI/NSSI, the network management system sending a configuration request to the AMF instance through the interface based on the second network function service, the configuration request including NSSF information of the third NSI/NSSI and the fourth NSI/NSSI, the SMF of the first NSI/NSSI being allowed to use information of the SMF and information of the first NSI/NSSI to which the SMF belongs; allowing the UPF of the second NSI/NSSI to be indicated using the information of the UPF and the information of the second NSI/NSSI described by the UPF; the NSSF for the third NSI/NSSI and the fourth NSI/NSSI is allowed to be indicated using the information for the NSSF and the information for the third NSI/NSSI and the fourth NSI/NSSI to which the NSSF belongs, respectively.

6. The method of claim 5, wherein the configuration request further comprises information of at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

7. The method of claim 5 or 6, wherein the network function instance receives a configuration request from a network management system, comprising:

the network function instance receives the configuration request from the network management system through an interface based on the network function service.

8. A network management system comprising a processor and a transceiver, wherein,

the processor is used for determining at least one authorized network function type of a network function service which the network function instance has;

the transceiver is communicatively coupled to the processor and configured to send a configuration request to the network function instance, where the configuration request includes the at least one authorized network function type of the network function service, and the configuration request is used to request the network function instance to configure the at least one authorized network function type for the network function service, where a network function instance has a plurality of network function service-based interfaces, and each network function service-based interface is used to configure the network function service corresponding to the interface;

9. The network management system of claim 8, wherein determining at least one authorized network function type of a network function service that the network function instance has further comprises:

determining at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

10. The network management system according to claim 8 or 9, wherein the configuration request further comprises information of at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

11. The network management system according to claim 8 or 9, wherein said sending a configuration request to the network function instance comprises:

sending the configuration request to the network function instance through an interface based on the network function service.

12. A network function instance, comprising a processor and a transceiver, wherein the transceiver is communicatively coupled to the processor and configured to receive a configuration request from a network management system, the configuration request including at least one authorized network function type of a network function service that the network function instance has, and the configuration request is configured to request the network function instance to configure the at least one authorized network function type for the network function service, wherein a network function instance has a plurality of network function service-based interfaces, and each network function service-based interface is used for configuring the network function service corresponding to the interface;

the processor configures the network function service according to the configuration request;

13. The network function instance of claim 12, wherein the configuration request further comprises information of at least one network slice instance or network slice subnet instance to which the at least one authorized network function type belongs.

14. The network function instance of claim 12 or 13, wherein receiving a configuration request from a network management system comprises:

receiving the configuration request from the network management system through an interface based on the network function service.

15. A computer-readable storage medium comprising instructions that, when executed on a network management system, cause the network management system to perform the method of any one of claims 1-4.

16. A computer-readable storage medium comprising instructions that,

when run on a network function, cause the network function to perform the method of any one of claims 5-7.