CN113453222B - Communication method and device - Google Patents
Communication method and device Download PDFInfo
- Publication number
- CN113453222B CN113453222B CN202110703460.0A CN202110703460A CN113453222B CN 113453222 B CN113453222 B CN 113453222B CN 202110703460 A CN202110703460 A CN 202110703460A CN 113453222 B CN113453222 B CN 113453222B
- Authority
- CN
- China
- Prior art keywords
- smf
- upf
- pfcp
- identifier
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 103
- 238000004891 communication Methods 0.000 title claims abstract description 79
- 230000008878 coupling Effects 0.000 claims abstract description 166
- 238000010168 coupling process Methods 0.000 claims abstract description 166
- 238000005859 coupling reaction Methods 0.000 claims abstract description 166
- 230000004044 response Effects 0.000 claims abstract description 75
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 230000011664 signaling Effects 0.000 abstract description 6
- 208000037550 Primary familial polycythemia Diseases 0.000 abstract 4
- 208000017693 primary familial polycythemia due to EPO receptor mutation Diseases 0.000 abstract 4
- 230000006870 function Effects 0.000 description 43
- 230000008569 process Effects 0.000 description 24
- 238000010586 diagram Methods 0.000 description 16
- 238000007726 management method Methods 0.000 description 16
- 238000012545 processing Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 9
- 230000000977 initiatory effect Effects 0.000 description 7
- 239000003999 initiator Substances 0.000 description 6
- 230000003993 interaction Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 239000000306 component Substances 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- GVVPGTZRZFNKDS-JXMROGBWSA-N geranyl diphosphate Chemical compound CC(C)=CCC\C(C)=C\CO[P@](O)(=O)OP(O)(O)=O GVVPGTZRZFNKDS-JXMROGBWSA-N 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 239000013256 coordination polymer Substances 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/037—Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Abstract
The embodiment of the invention provides a communication method and a communication device, relates to the field of communication, and can ensure the safe transmission of control plane signaling between an SMF (simple message format) and an edge UPF (unified power flow) and improve the communication effectiveness. The method comprises the following steps: the SMF sends a PFCP coupling establishment request message to the edge UPF, wherein the PFCP coupling establishment request message is used for requesting to establish PFCP connection with the edge UPF; the SMF receives a PFCP coupling establishment response message sent by the edge UPF; the SMF analyzes the second ciphertext to obtain a second identifier; the SMF determines that the second identifier is the same as the identifier of the edge UPF; the SMF determines the edge UPF as the target edge UPF.
Description
Technical Field
The embodiment of the invention relates to the field of communication, in particular to a communication method and a communication device.
Background
At present, a control plane function related to a private network and a 5G core network (5G core network, 5GC) can be completed by deploying a User Plane Function (UPF) in an enterprise campus (i.e., in a local private network).
However, since the local computer room where the edge UPF is located belongs to an untrusted area for the operator and has high openness, the edge UPF may be vulnerable to external attacks, which affect the effectiveness of communication between the edge UPF and the 5 GC.
Disclosure of Invention
Embodiments of the present invention provide a communication method and apparatus, which can ensure secure transmission of a control plane signaling between an SMF and an edge UPF, and improve communication effectiveness.
In a first aspect, an embodiment of the present invention provides a communication method, including: a Session Management Function (SMF) sends a Packet Forwarding Control Protocol (PFCP) coupling establishment request message to an edge UPF, where the PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF, and the PFCP coupling establishment request message is used to request for establishing a PFCP connection with the edge UPF; the SMF receives a PFCP coupling establishment response message sent by the edge UPF, wherein the PFCP coupling establishment response message comprises a second plaintext and a second ciphertext, the second plaintext comprises an identifier of the edge UPF, and the second ciphertext is determined by the edge UPF based on a stored key corresponding to the SMF; the SMF analyzes the second ciphertext to obtain a second identifier; the SMF determines that the second identifier is the same as the identifier of the edge UPF; the SMF determines the edge UPF as the target edge UPF.
In a second aspect, an embodiment of the present invention provides a communication method, including: an edge UPF receives a PFCP coupling establishment request message sent by an SMF, wherein the PFCP coupling establishment request message comprises a first plaintext and a first ciphertext, the first plaintext comprises an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF, and the PFCP coupling establishment request message is used for requesting to establish PFCP connection with the edge UPF; the edge UPF analyzes the first ciphertext to obtain a first identifier; the edge UPF determines that the first identifier is the same as the identifier of the SMF; the edge UPF determines that the SMF is a target SMF, and sends a PFCP coupling establishment response message to the SMF, where the PFCP coupling establishment response message includes a second plaintext and a second ciphertext, the second plaintext includes an identifier of the edge UPF, and the second ciphertext is determined by the edge UPF based on a stored key corresponding to the SMF.
In a third aspect, an embodiment of the present invention provides an SMF, including: the device comprises a sending module, a receiving module, an analyzing module and a determining module; the sending module is configured to send a PFCP coupling establishment request message to an edge UPF, where the PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF, and the PFCP coupling establishment request message is used to request to establish a PFCP connection with the edge UPF; the receiving module is configured to receive a PFCP coupling establishment response message sent by the edge UPF, where the PFCP coupling establishment response message includes a second plaintext and a second ciphertext, the second plaintext includes an identifier of the edge UPF, and the second ciphertext is determined by the edge UPF based on a stored key corresponding to the SMF; the analysis module is used for analyzing the second ciphertext to obtain a second identifier; the determining module is configured to determine that the second identifier is the same as the identifier of the edge UPF; the determining module is further configured to determine that the edge UPF is a target edge UPF.
In a fourth aspect, an embodiment of the present invention provides an edge UPF, including: the device comprises a receiving module, an analysis module, a determination module and a sending module; the receiving module is configured to receive a PFCP coupling establishment request message sent by an SMF, where the PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF, and the PFCP coupling establishment request message is used to request to establish a PFCP connection with the edge UPF; the analysis module is used for analyzing the first ciphertext to obtain a first identifier; the determining module is configured to determine that the first identifier is the same as the identifier of the SMF; the determining module is further configured to determine that the SMF is a target SMF; the sending module is configured to send a PFCP coupling establishment response message to the SMF, where the PFCP coupling establishment response message includes a second plaintext and a second ciphertext, the second plaintext includes the identifier of the edge UPF, and the second ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
In a fifth aspect, an embodiment of the present invention provides another SMF, including: a processor, a memory, a bus, and a communication interface; the memory is used for storing computer execution instructions, the processor is connected with the memory through the bus, and when the SMF runs, the processor executes the computer execution instructions stored in the memory, so that the SMF executes the communication method provided by the first aspect.
In a sixth aspect, an embodiment of the present invention provides another edge UPF, including: a processor, a memory, a bus, and a communication interface; the memory is used for storing computer execution instructions, the processor is connected with the memory through the bus, and when the edge UPF runs, the processor executes the computer execution instructions stored in the memory, so that the edge UPF executes the communication method provided by the second aspect.
In a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, which includes a computer program, and when the computer program runs on a computer, the computer is caused to execute a communication method provided in the first aspect.
In an eighth aspect, an embodiment of the present invention provides a computer-readable storage medium, which includes a computer program, and when the computer program runs on a computer, the computer is caused to execute a communication method provided in the second aspect.
In a ninth aspect, an embodiment of the present invention provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the communication method of the first aspect and any one of the implementations thereof.
In a tenth aspect, an embodiment of the present invention provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the communication method of the second aspect and any implementation manner thereof.
According to the communication method and the device provided by the embodiment of the invention, the SMF can send a PFCP coupling establishment request message to the edge UPF, namely, the request is for establishing PFCP connection with the edge UPF; after receiving the PFCP coupling establishment request message, the edge UPF may parse a first ciphertext included in the request message to obtain a first identifier; then the edge UPF may determine that the first identifier is the same as the identifier of the SMF in the first plaintext included in the request message; the edge UPF determines that the SMF is the target SMF and sends a PFCP coupling response message to the SMF.
Further, after receiving the PFCP coupled response message sent by the edge UPF, the SMF may parse a second ciphertext included in the response message to obtain a second identifier; then determining that the second identifier is the same as the identifier of the edge UPF in the second plaintext included in the response message; the SMF determines the edge UPF as the target edge UPF. In this embodiment of the present invention, an initiator device (e.g., SMF) or a receiver device (e.g., edge UPF) in a PFCP coupling establishment procedure may receive a PFCP coupling establishment request message (or a response message) sent by an opposite device, and further determine whether authentication of the opposite device passes according to a device identifier included in a plaintext and a device identifier included in a ciphertext, specifically, whether authentication passes when the two identifiers are the same, so as to complete the PFCP coupling establishment procedure between the SMF and the edge UPF. For the initiator device or the receiver device, the identity of the opposite device can be verified in an encryption and decryption manner, so that the secure transmission of control plane signaling between the SMF and the edge UPF can be ensured, and the communication effectiveness is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a schematic diagram of a network architecture of a 5G communication system according to an embodiment of the present invention;
fig. 2 is a schematic network architecture diagram of another 5G communication system according to an embodiment of the present invention;
fig. 3 is a hardware schematic diagram of a server according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a communication method according to an embodiment of the present invention;
fig. 5 is a schematic diagram of another communication method provided by the embodiment of the present invention;
fig. 6 is a schematic diagram of another communication method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of another communication method according to an embodiment of the present invention;
fig. 8 is a schematic diagram of another communication method provided by the embodiment of the present invention;
fig. 9 is a schematic diagram of another communication method provided by the embodiment of the present invention;
fig. 10 is a schematic structural diagram of an SMF according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of another SMF according to an embodiment of the present invention;
FIG. 12 is a schematic structural diagram of an edge UPF according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of another edge UPF according to an embodiment of the present invention.
Detailed Description
The following describes a communication method and apparatus provided in an embodiment of the present invention in detail with reference to the accompanying drawings.
The terms "first" and "second" and the like in the specification and drawings of the present application are used for distinguishing different objects and not for describing a specific order of the objects, for example, first plain text and second plain text and the like are used for distinguishing different plain texts and not for describing a specific order of the plain texts.
Furthermore, the terms "including" and "having," and any variations thereof, as referred to in the description of the present application, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, in the embodiments of the present invention, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described as "exemplary" or "e.g.," an embodiment of the present invention is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
The term "and/or" as used herein includes the use of either or both of the two methods.
In the description of the present application, the meaning of "a plurality" means two or more unless otherwise specified.
Based on the problems existing in the background art, the embodiments of the present invention provide a communication method and apparatus, where an SMF may send a PFCP coupling establishment request message to an edge UPF, that is, request to establish a PFCP connection with the edge UPF; after receiving the PFCP coupling establishment request message, the edge UPF may parse a first ciphertext included in the request message to obtain a first identifier; then the edge UPF may determine that the first identifier is the same as the identifier of the SMF in the first plaintext included in the request message; the edge UPF determines that the SMF is the target SMF and sends a PFCP coupling response message to the SMF.
Further, after receiving the PFCP coupled response message sent by the edge UPF, the SMF may parse a second ciphertext included in the response message to obtain a second identifier; then determining that the second identifier is the same as the identifier of the edge UPF in the second plaintext included in the response message; the SMF determines the edge UPF as the target edge UPF. In this embodiment of the present invention, an initiator device (e.g., SMF) or a receiver device (e.g., edge UPF) in a PFCP coupling establishment procedure may receive a PFCP coupling establishment request message (or a response message) sent by an opposite device, and further determine whether authentication of the opposite device passes according to a device identifier included in a plaintext and a device identifier included in a ciphertext, specifically, whether authentication passes when the two identifiers are the same, so as to complete the PFCP coupling establishment procedure between the SMF and the edge UPF. For the initiator device or the receiver device, the identity of the opposite device can be verified in an encryption and decryption manner, so that the secure transmission of control plane signaling between the SMF and the edge UPF can be ensured, and the communication effectiveness is improved.
A communication method and apparatus provided in AN embodiment of the present invention may be applied to a wireless communication system, taking the wireless communication system as a 5G communication system as AN example, as shown in fig. 1, the 5G communication system may include a User Equipment (UE) 101, a Radio Access Network (RAN) device or AN Access Network (AN) device 102, AN UPF 103, AN access and mobility management function (AMF) 104, AN SMF 105, a Policy Control Function (PCF) 106, AN authentication service function (AUSF) 107, a network function storage function (network function retrieval function, NRF)108, AN application function (application function, AF)109, AN open network function (access function, network function, data management function (network) 110, and a network selection function (network selection function ), NSSF)112, and the like. The UE 101 accesses a 5G network (i.e., the UE 101 is understood to access a 5G system that can provide the 5G network) and establishes a session with the network, and then the UE 101 can communicate with functions (e.g., the UPF 103, the AMF 104, etc.) serving the UE 101 through the (R) AN apparatus 102, generally, in practical applications, connections between the above devices or service functions may be wireless connections or wired connections, and for convenience, connection relationships between the devices are shown visually, and AN implementation schematic is adopted in fig. 1.
The (R) AN apparatus 102 is used for the UE 101 to access the network, and the (R) AN apparatus 102 may include a base station, AN evolved node base (eNB), a next generation base station (gNB), a new radio base station (new radio eNB), a macro base station, a micro base station, a high frequency base station or a Transmission and Reception Point (TRP), a non-third generation partnership project (3 GPP) access network (e.g., WiFi), and/or a non-3GPP interworking function (N3 GPP IWF), and the like.
UPF 103: for handling events related to the user plane, such as transmitting or routing packets, detecting packets, reporting traffic, handling quality of service (QoS), lawful interception, storing downstream packets, etc.
The AMF 104: for connection management, mobility relationships, registration management, access authentication and authorization, reachability management, security context management, and the like.
SMF 105: for session management (e.g., establishment, modification, and release of sessions), selection and control of the UPF 103, selection of a service and session continuity (service and session continuity) mode, and roaming service, etc. In an embodiment of the present invention, the SMF 105 may send a PFCP coupling setup request message to an edge UPF (not shown in fig. 1), that is, request to establish a PFCP connection with the edge UPF.
The PCF 106: the method is used for making a strategy, providing a strategy control service, acquiring subscription information related to strategy decision and the like.
AUSF 107: for interacting with UDM 111 to obtain user information and perform authentication related functions, such as generating intermediate keys, etc.
NRF 108: network function text for service discovery, maintaining available network function instances, and services supported by those network functions.
AF 109: interacting with the 3GPP core network, providing services or servers, for example, may interact with NEF 110.
NEF 110: various services and capabilities provided by the secure open 3GPP network function (including content open or open to a third party, etc.), information for converting or translating interaction with the AF 109 and information for interaction with the internal network function, such as AF service identification and content 5G core network information (e.g., network slice selection assistance information, etc.), and the like.
UDM 111: processing authentication information in a 3GPP authentication and key agreement mechanism, processing user identity information, access authorization, registration and mobility management, subscription management, short message management and the like.
NSSF 112: for selecting a set of network slices for the UE 101, determining network slice selection protocol information, and determining a set of AMFs to serve the UE 101 (an AMF set refers to a set of multiple AMFs that may serve the UE 101).
Optionally, in the embodiment of the present invention, the above functional modules (i.e., UPF 103, AMF 104, SMF 105, PCF 106, AUSF 107, NRF 108, AF 109, NEF110, UDM 111, and NSSF 112) may be integrated on a server to implement the functions thereof.
In conjunction with the above 5G communication system architecture, as shown in fig. 2, AN embodiment of the present invention may deploy AN edge UPF 201, specifically, deploy the edge UPF 201 in a private network, near AN access location of the UE 101 (specifically, between the (R) AN device 102 and the public network) (alternatively, multiple edge UPFs may be deployed in the private network, where the edge UPF 201 shown in fig. 2 is one of the multiple edge UPFs). The private network may also include a local data network. In the embodiment of the invention, the edge UPF 201 can perform interaction or connection of a signaling surface with the SMF 105; for the data plane, the UE 101 may obtain relevant traffic data from a local data network in the private network.
Among other things, the edge UPF 201 may receive the PFCP coupling setup request message sent by the SMF 105 and send (or return) a PFCP coupling setup response message to the SMF 105.
In the embodiment of the present invention, a hardware architecture of a server is introduced by taking an example that the functions of the SMF are integrated in one server. As shown in fig. 3, the server 30 integrated with SMF function provided by the embodiment of the present invention may include a processor 301, a memory 302, a network interface 303, and the like.
The processor 301 is a core component of the server 30, and the processor 301 is configured to run an operating system of the server 30 and application programs (including a system application program and a third-party application program) on the server 30, so as to implement a communication method of the server 30.
In this embodiment, the processor 301 may be a Central Processing Unit (CPU), a microprocessor, a Digital Signal Processor (DSP), an application-specific integrated circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof, which is capable of implementing or executing various exemplary logic blocks, modules, and circuits described in connection with the disclosure of the embodiment of the present invention; a processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a DSP and a microprocessor, or the like.
Optionally, the processor 301 of the server 30 includes one or more CPUs, which are single-core CPUs (single-CPUs) or multi-core CPUs (multi-CPUs).
The memory 302 includes, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), an erasable programmable read-only memory (EPROM), a flash memory, an optical memory, or the like. The memory 302 holds the code for the operating system.
Optionally, the processor 301 implements the communication method in the embodiment of the present invention by reading the instruction stored in the memory 302, or the processor 301 implements the communication method provided in the embodiment of the present invention by using an instruction stored inside. In the case where the processor 301 implements the communication method provided by the embodiment of the present invention by reading the execution saved in the memory, the memory stores instructions for implementing the communication method provided by the embodiment of the present invention.
The network interface 303 is a wired interface, such as a Fiber Distributed Data Interface (FDDI) interface or a Gigabit Ethernet (GE) interface. Alternatively, the network interface 303 is a wireless interface. The network interface 303 is used for the server 30 to communicate with other devices.
The memory 302 is used for storing a first plaintext and a first ciphertext. The at least one processor 301 further performs the method described in the embodiments of the present invention according to the first plaintext and the first ciphertext stored in the memory 302. For more details of the processor 301 to implement the above functions, reference is made to the following description of various method embodiments.
Optionally, the server 30 further includes a bus, and the processor 301 and the memory 302 are connected to each other through the bus 304, or in other manners.
Optionally, the server 30 further includes an input/output interface 305, where the input/output interface 305 is configured to connect to an input device, and receive a PFCP coupling establishment request input by a user through the input device. Input devices include, but are not limited to, a keyboard, a touch screen, a microphone, and the like. The input/output interface 305 is also used to connect to an output device, which outputs the result of PFCP coupling establishment (i.e., whether SMF and edge UPF are successfully connected) of the processor 301. Output devices include, but are not limited to, a display, a printer, and the like.
It should be understood that, in the embodiment of the present invention, the hardware structure of the edge UPF is similar to the hardware structure of the server 30 shown in fig. 3, and the description of the hardware structure of the edge UPF may refer to the description of the hardware structure of the server 30, which is not described in detail herein.
In conjunction with the communication system shown in fig. 2, the following fully describes the communication method provided by the embodiment of the present invention from the perspective of interaction between devices in the communication system, so as to illustrate the PFCP coupling establishment procedure between the SMF and the edge UPF.
As shown in fig. 4, the communication method provided by the embodiment of the present invention may include S101 to S109.
S101, SMF sends PFCP coupling establishment request message to edge UPF.
The PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF, and the PFCP coupling establishment request is used to request to establish PFCP connection with the edge UPF.
It should be understood that one SMF may correspond to multiple edge UPFs, and the SMF may store keys corresponding to each of the multiple edge UPFs. For a key corresponding to an edge UPF stored in the SMF, the key is configured or calculated by an operator for the SMF and the UPF, and correspondingly, the key corresponding to the SMF is also stored in the UPF.
In an implementation manner of the embodiment of the present invention, one SMF and one edge UPF may use a shared key manner or a public and private key manner. When a key sharing mode is adopted, the key corresponding to the edge UPF stored in the SMF is the same as the key corresponding to the SMF stored in the edge UPF, i.e. the key is a shared key. When a public and private key mode is adopted, the SMF can store a private key, and the edge UPF stores a public key; or the edge UPF stores a private key and the SMF stores a public key.
Optionally, an operator (specifically, a certain device or server of the operator) may configure keys for a certain SMF and a certain edge UPF based on certain information (for example, a lifecycle, a device number, and the like) of the SMF and the edge UPF, and the algorithm for configuring or generating the keys is not particularly limited in the embodiment of the present invention.
It is understood that the SMF may encrypt the cell such as the identifier of the SMF based on the stored key (hereinafter referred to as the first key) corresponding to the edge UPF to obtain the first ciphertext.
In an implementation manner of the embodiment of the present invention, the first cipher further includes information elements such as a timestamp (recovery time stamp) and a control plane function characteristic (CP function features) when the SMF is started.
S102, the edge UPF receives a PFCP coupling establishment request message sent by the SMF.
The PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF, and the PFCP coupling establishment request is used to request to establish PFCP connection with the edge UPF.
S103, the edge UPF analyzes the first ciphertext to obtain a first identifier.
It should be understood that one edge UPF may correspond to multiple SMFs, and that the edge UPF may store keys corresponding to each of the multiple SMFs. After the edge UPF receives a PFCP coupling establishment request message sent by an SMF, the edge UPF may parse the first ciphertext based on a key (hereinafter, referred to as a second key) stored in the edge UPF and corresponding to the SMF, so as to obtain the first identifier.
In conjunction with the above description of the embodiment, it should be understood that the edge UPF may also obtain the cell such as the time stamp and the control plane function characteristic when the SMF is started.
And S104, determining that the first identifier is the same as the identifier of the SMF by the edge UPF.
It is understood that the SMF is the SMF that sends the PFCP coupling setup request message. When the first identifier is the same as the identifier of the SMF, it indicates that the SMF is authenticated, i.e. the edge UPF may allow the SMF to complete the establishment of PFCP coupling therewith.
S105, the edge UPF determines that the SMF is the target SMF, and sends a PFCP coupling establishment response message to the SMF.
The PFCP coupling establishment response message includes a second plaintext and a second ciphertext, where the second plaintext includes the identifier of the edge UPF, and the second ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
It should be understood that the target SMF is one of the SMFs corresponding to the edge UPF, and when the first identifier is the same as the identifier of the SMF (i.e., the SMF is authenticated), the edge UPF may determine that the UPF is one of the SMFs corresponding to the edge UPF, and thus, the edge UPF may return a corresponding response message to the SMF.
It is understood that the edge UPF may encrypt the cell such as the identifier of the edge UPF based on the stored key (i.e., the second key) corresponding to the SMF to obtain the second ciphertext.
In an implementation manner of the embodiment of the present invention, the second cipher text further includes cells such as a cause (cause), user plane functional characteristics (UP function features), and user plane IP resource information (user plane IP resource information). The reason is used to indicate acceptance or rejection of the PFCP coupling establishment request message, that is, the PFCP coupling establishment response message may be used to indicate that the PFCP coupling establishment is successful, or may be used to indicate that the PFCP coupling establishment is failed.
S106, the SMF receives the PFCP coupling establishment response message sent by the edge UPF.
The PFCP coupling establishment response message includes a second plaintext and a second ciphertext, where the second plaintext includes the identifier of the edge UPF, and the second ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
S107, the SMF analyzes the second ciphertext to obtain a second identifier.
It should be appreciated that the SMF may parse the second ciphertext to obtain the second identifier based on the first key.
With reference to the above description of the embodiment, it should be understood that the SMF may also obtain the above-mentioned information elements such as the reason, the user plane functional characteristics, and the user plane IP resource information by parsing the second ciphertext.
S108, the SMF determines that the second identifier is the same as the identifier of the edge UPF.
It is understood that the edge UPF is the edge UPF that sends the PFCP coupling setup response message. When the second identifier is the same as the identifier of the edge UPF, it indicates that the identity of the edge UPF is verified, i.e., the SMF can complete the PFCP coupling establishment procedure with the edge UPF.
S109, the SMF determines that the edge UPF is the target edge UPF.
It should be understood that the target edge UPF is one of the plurality of edge UPFs corresponding to the SMF, and when the second identifier is the same as the identifier of the edge UPF (i.e., the identity of the edge UPF is verified), the SMF may determine that the edge UPF is one of the plurality of edge UPFs corresponding to the SMF, so that the PFCP coupling establishment between the SMF and the edge UPF is completed.
In the embodiment of the invention, the SMF can send a PFCP coupling establishment request message to the edge UPF, namely, requests to establish PFCP connection with the edge UPF; after receiving the PFCP coupling establishment request message, the edge UPF may parse a first ciphertext included in the request message to obtain a first identifier; then the edge UPF may determine that the first identifier is the same as the identifier of the SMF in the first plaintext included in the request message; the edge UPF determines that the SMF is the target SMF and sends a PFCP coupling response message to the SMF.
Further, after receiving the PFCP coupled response message sent by the edge UPF, the SMF may parse a second ciphertext included in the response message to obtain a second identifier; then determining that the second identifier is the same as the identifier of the edge UPF in the second plaintext included in the response message; the SMF determines the edge UPF as the target edge UPF. In this embodiment of the present invention, an initiator device (e.g., SMF) or a receiver device (e.g., edge UPF) in a PFCP coupling establishment procedure may receive a PFCP coupling establishment request message (or a response message) sent by an opposite device, and further determine whether authentication of the opposite device passes according to a device identifier included in a plaintext and a device identifier included in a ciphertext, specifically, whether authentication passes when the two identifiers are the same, so as to complete the PFCP coupling establishment procedure between the SMF and the edge UPF. For the initiator device or the receiver device, the identity of the opposite device can be verified in an encryption and decryption manner, so that the secure transmission of control plane signaling between the SMF and the edge UPF can be ensured, and the communication effectiveness is improved.
As shown in fig. 5, the communication method provided in the embodiment of the present invention may further include S201 to S203.
S201, the SMF determines that the second identifier is different from the identifier of the edge UPF.
It should be understood that when the second identifier is different from the identifier of the edge UPF, it indicates that the identity of the edge UPF is not verified, i.e., the SMF may not be able to complete the PFCP coupling establishment procedure with the edge UPF.
S202, after a preset time interval, the SMF determines that no other PFCP coupling establishment response message is received.
It should be understood that the other PFCP coupling setup response message is not only the PFCP coupling setup response message sent by the edge UPF described in the above S106, but also may be the PFCP coupling setup response message sent by the edge UPF.
In the case that the interval is a preset duration and the SMF does not receive the other PFCP coupling establishment response message, the SMF may determine that the edge UPF is not the target edge UPF.
Optionally, within the preset time duration, the SMF may also determine that the edge UPF that sends the other PFCP coupling establishment response message is not the target edge UPF, when the SMF receives the other PFCP coupling establishment response message and the identifier after ciphertext parsing included in the other PFCP coupling establishment response message is different from the second identifier.
S203, the SMF determines that the edge UPF is not the target edge UPF.
With reference to fig. 5, as shown in fig. 6, in an implementation manner of the embodiment of the present invention, after the SMF determines that the edge UPF is not the target edge UPF, the communication method provided in the embodiment of the present invention may further include S204.
S204, the SMF sends alarm information to the network management equipment.
It should be understood that in the case that the edge UPF is not the above target edge UPF, the SMF may send an alarm message to the network management device to notify the network management device that the procedure of PFCP coupling establishment fails or that the relevant SMF (or edge UPF) fails to verify.
In an implementation manner of the embodiment of the present invention, after the step S103, the communication method provided in the embodiment of the present invention may further include a step a to a step D.
And step A, the edge UPF determines that the first identifier is different from the identifier of the SMF.
And step B, the edge UPF determines that other PFCP coupling establishment request messages are not received at intervals of preset duration.
Optionally, the preset duration in step B may be the same as or different from the preset duration in S202, and the preset duration is not specifically limited in the embodiment of the present invention.
And step C, the edge UPF determines that the SMF is not the target SMF.
And step D, the edge UPF sends alarm information to the network management equipment.
It should be understood that the explanation of steps a-D is the same as or similar to the explanation of steps S201-S204, and the explanation of steps a-D can refer to the explanation of steps S201-S204, which is not described herein again.
It should be noted that, in the foregoing embodiment, a procedure in which the SMF initiates PFCP coupling establishment to the edge UPF is described, that is, a procedure in which the SMF sends a PFCP coupling establishment request message to the edge UPF, and then the SMF may receive a PFCP coupling establishment response message sent by the edge UPF. The communication method provided by the embodiment of the invention also comprises a process of initiating the PFCP coupling establishment to the SMF by the edge UPF, namely, a process of sending a PFCP coupling establishment request message to the SMF by the edge UPF, and further receiving a PFCP coupling establishment response message sent by the SMF by the edge UPF. The process of initiating PFCP coupling establishment from edge UPF to SMF is not described here.
It should be understood that, in the foregoing embodiment, a PFCP coupling establishment procedure of an SMF and an edge UPF is described, and the communication method provided in the embodiment of the present invention may further include a PFCP coupling update procedure of an SMF and an edge UPF, as shown in fig. 7, when the communication method provided in the embodiment of the present invention is applied to the PFCP coupling update procedure of an SMF and an edge UPF, the method may include S301 to S309.
S301, SMF sends PFCP coupling update request message to edge UPF.
The PFCP coupling update request message includes a third plaintext and a third ciphertext, the third plaintext includes the identifier of the SMF, the third ciphertext is determined by the SMF based on the stored key corresponding to the edge UPF, and the PFCP coupling update request is used to request to update the PFCP connection with the edge UPF.
It should be understood that the SMF may encrypt the cell such as the identifier of the SMF based on the first key to obtain the third ciphertext.
In one implementation, the third cipher further includes information elements such as control plane functional characteristics.
S302, the edge UPF receives a PFCP coupling update request message sent by the SMF.
And S303, analyzing the third ciphertext by the edge UPF to obtain a third identifier.
It should be understood that the edge UPF can also parse the third ciphertext to obtain the cells such as the control plane functional characteristics described above.
And S304, the edge UPF determines that the third identifier is the same as the identifier of the SMF.
S305, the edge UPF determines the SMF to be the target SMF, and sends a PFCP coupling update response message to the SMF.
The PFCP coupled update response message includes a fourth plaintext and a fourth ciphertext, where the fourth plaintext includes the identifier of the edge UPF, and the fourth ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
It is understood that the edge UPF may encrypt the cell such as the identifier of the edge UPF based on the second key to obtain the fourth ciphertext.
In one implementation, the fourth cipher further includes information elements such as a reason and a user plane functional characteristic. The PFCP coupling update response message may be used to indicate that the PFCP coupling update is successful, or may be used to indicate that the PFCP coupling update fails.
S306, the SMF receives the PFCP coupling update response message sent by the edge UPF.
The PFCP coupled update response message includes a fourth plaintext and a fourth ciphertext, where the fourth plaintext includes the identifier of the edge UPF, and the fourth ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
And S307, the SMF analyzes the fourth ciphertext to obtain a fourth identifier.
It should be appreciated that the SMF may parse the fourth ciphertext based on the first key to obtain a fourth identity.
It is understood that the SMF may also parse the fourth ciphertext to obtain the cells such as the reason and the user plane functional characteristic.
S308, the SMF determines that the fourth mark is the same as the mark of the edge UPF.
S309, the SMF determines the edge UPF as the target edge UPF.
To this end, the PFCP coupling update between the SMF and the edge UPF is complete.
It should be noted that the explanation descriptions of S301 to S309 are the same as or similar to the explanation descriptions of S101 to S109, and for the explanation descriptions of S301 to S309, reference may be made to the explanation descriptions of S101 to S109, and no further description is provided here.
It should be understood that the above-mentioned process shown in fig. 7 is a process of initiating a PFCP coupling update from an SMF to an edge UPF, that is, a process of sending a PFCP coupling update request message from the SMF to the edge UPF, and then the SMF may receive a PFCP coupling update response message sent by the edge UPF. The communication method provided by the embodiment of the invention also comprises a process of initiating the PFCP coupling update to the SMF by the edge UPF, namely, a process of sending the PFCP coupling update request message to the SMF by the edge UPF, and further receiving the PFCP coupling update response message sent by the SMF by the edge UPF. The process of initiating PFCP coupling update from edge UPF to SMF is not described here.
The communication method provided by the embodiment of the present invention may further include a PFCP coupling and releasing process of the SMF and the edge UPF, as shown in fig. 8, when the communication method provided by the embodiment of the present invention is applied to the PFCP coupling and releasing process of the SMF and the edge UPF, the method may include S401 to S409.
S401, SMF sends PFCP coupling release request message to edge UPF.
The PFCP coupling release request message includes a fifth plaintext and a fifth ciphertext, the fifth plaintext includes the identifier of the SMF, the fifth ciphertext is determined by the SMF based on the stored key corresponding to the edge UPF, and the PFCP coupling release request is used to request to release the PFCP connection with the edge UPF.
It should be understood that the SMF may encrypt the cell such as the identifier of the SMF based on the first key to obtain the fifth ciphertext.
S402, the edge UPF receives the PFCP coupling release request message sent by the SMF.
And S403, analyzing the fifth ciphertext by the edge UPF to obtain a fifth identifier.
And S404, the edge UPF determines that the fifth identifier is the same as the identifier of the SMF.
S405, the edge UPF determines that the SMF is the target SMF, and sends a PFCP coupling release response message to the SMF.
The PFCP coupling release response message includes a sixth plaintext and a sixth ciphertext, where the sixth plaintext includes the identifier of the edge UPF, and the sixth ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
It is understood that the edge UPF may encrypt the cell such as the identifier of the edge UPF based on the second key to obtain the sixth ciphertext.
In one implementation, the fourth ciphertext further includes a reason cell. The PFCP coupling release response message may be used to indicate that the PFCP coupling release was successful, or may be used to indicate that the PFCP coupling release failed.
S406, the SMF receives the PFCP coupling release response message sent by the edge UPF.
The PFCP coupled update response message includes a sixth plaintext and a sixth ciphertext, where the sixth plaintext includes the identifier of the edge UPF, and the sixth ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
And S407, the SMF analyzes the sixth ciphertext to obtain a sixth identifier.
It should be appreciated that the SMF may parse the sixth ciphertext based on the first key to obtain a sixth identity.
It is understood that the SMF may also parse the fourth ciphertext to obtain the cells for the reason.
S408, the SMF determines that the sixth mark is the same as the mark of the edge UPF.
S409, SMF determines that the edge UPF is the target edge UPF.
To this point, the release of PFCP coupling between the SMF and the edge UPF is complete.
It should be noted that the explanation descriptions of the above S401 to S409 are the same as or similar to the descriptions of the above S101 to S109, and for the explanation descriptions of the S401 to S409, reference may be made to the descriptions of the above S101 to S109, and details are not described here again.
It should be understood that the above-mentioned process shown in fig. 8 is a process of initiating PFCP coupling release from the SMF to the edge UPF, that is, a process of sending a PFCP coupling release request message from the SMF to the edge UPF, and then the SMF may receive a PFCP coupling release response message sent by the edge UPF.
In an implementation manner of the embodiment of the present invention, the method further includes a process of initiating PFCP coupling release from the edge UPF to the SMF. When an edge UPF needs to initiate a PFCP coupling release process to an SMF, the edge UPF needs to initiate the PFCP coupling update procedure to the SMF first, a request message (specifically, a ciphertext) of the coupling update may include a cell of the coupling release request, and after receiving the request message of the coupling update, the SMF may obtain the cell of the coupling release request by parsing the ciphertext, and then the SMF initiates the PFCP coupling release process (i.e., executes the above S401 to S409).
As shown in fig. 9, in an implementation manner of the embodiment of the present invention, specifically after 109 is described above, that is, after the PFCP coupling between the SMF and the edge UPF is established, the communication method provided in the embodiment of the present invention may further include S501 to S509.
S501, the edge UPF sends a PFCP node report request message to the SMF.
The PFCP node reporting request message includes a seventh plaintext and a seventh ciphertext, the seventh plaintext includes the identifier of the edge UPF, the seventh ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF, and the PFCP node reporting request is used to request to report the node to the SMF.
It should be understood that the edge UPF may encrypt the cell such as the identifier of the edge UPF based on the second key to obtain the seventh ciphertext.
In an implementation manner, the seventh ciphertext further includes a node report type (node report type) and a user plane path failure report (user plane path failure report).
S502, the SMF receives a PFCP node report request message sent by the edge UPF.
S503, the SMF analyzes the seventh ciphertext to obtain a seventh identifier.
It is understood that the SMF parsing the seventh ciphertext may also obtain the cells of the node report type and the user plane path failure report.
S504, the SMF determines that the seventh mark is the same as the mark of the edge UPF.
S505, SMF determines the edge UPF as the target edge UPF, and sends a response message reported by the PFCP node to the edge UPF.
The PFCP node reports a response message including an eighth plaintext and an eighth ciphertext, where the eighth plaintext includes the identifier of the SMF, and the eighth ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF.
It is understood that the SMF may encrypt the cell such as the identifier of the SMF based on the first key to obtain the eighth ciphertext.
In one implementation, the fourth ciphertext further includes a cause cell, an violation cell (violating IE), and the like. The PFCP node report response message may be used to indicate that the node report is successful, or may be used to indicate that the node report is failed.
S506, the edge UPF receives a PFCP node report response message sent by the SMF.
The PFCP node reports a response message including an eighth plaintext and an eighth ciphertext, where the eighth plaintext includes the identifier of the SMF, and the eighth ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF.
And S507, the edge UPF analyzes the eighth ciphertext to obtain an eighth identifier.
It should be appreciated that the edge UPF may parse the eighth ciphertext based on the second key to obtain an eighth identity.
It is understood that the edge UPF may also obtain the above cause cell and violation cell by parsing the eighth ciphertext.
And S508, the edge UPF determines that the eighth identifier is the same as the identifier of the SMF.
And S509, determining the SMF as the target edge SMF by the edge UPF.
So far, the reporting of the PFCP node between the edge UPF and the SMF is completed.
It should be noted that the explanation descriptions of the above S501 to S509 are the same as or similar to the descriptions of the above S101 to S109, and for the explanation descriptions of the S501 to S509, reference may be made to the descriptions of the above S101 to S109, and no further description is provided here.
In the embodiment of the present invention, the SMF, the edge UPF, and the like may be divided into functional modules according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, the division of the modules in the embodiment of the present invention is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
In the case of dividing each functional module by corresponding functions, fig. 10 shows a possible structural diagram of the SMF involved in the foregoing embodiment, as shown in fig. 10, the SMF 40 may include: a sending module 401, a receiving module 402, a parsing module 403, and a determining module 404.
A sending module 401, configured to send a PFCP coupling establishment request message to an edge UPF, where the PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF, and the PFCP coupling establishment request message is used to request to establish a PFCP connection with the edge UPF.
A receiving module 402, configured to receive a PFCP coupling establishment response message sent by the edge UPF, where the PFCP coupling establishment response message includes a second plaintext and a second ciphertext, the second plaintext includes an identifier of the edge UPF, and the second ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
And an analyzing module 403, configured to analyze the second ciphertext to obtain a second identifier.
A determining module 404, configured to determine that the second identifier is the same as the identifier of the edge UPF.
The determining module 404 is further configured to determine that the edge UPF is the target edge UPF.
Optionally, the determining module 404 is further configured to determine that the second identifier is different from the identifier of the edge UPF.
The determining module 404 is further configured to determine that no other PFCP coupling establishment response message is received at a preset time interval.
The determining module 404 is further configured to determine that the edge UPF is not the target edge UPF.
Optionally, the sending module 401 is further configured to send alarm information to the network management device.
Fig. 11 shows a possible structural diagram of the SMF involved in the above-described embodiment, in the case of an integrated unit. As shown in fig. 11, SMF 50 may include: a processing module 501 and a communication module 502. Processing module 501 may be used to control and manage the actions of SMF 50. Communication module 502 may be used to support communication of SMF 50 with other entities. Optionally, as shown in fig. 11, the SMF 50 may further include a storage module 503 for storing program codes and data of the SMF 50.
The processing module 501 may be a processor or a controller (for example, the processor 301 shown in fig. 3). The communication module 502 may be a transceiver, a transceiver circuit, or a communication interface, etc. (e.g., may be the network interface 303 as shown in fig. 3 described above). The storage module 503 may be a memory (e.g., may be the memory 302 described above with reference to fig. 3).
When the processing module 501 is a processor, the communication module 502 is a transceiver, and the storage module 503 is a memory, the processor, the transceiver, and the memory may be connected by a bus. The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc.
In the case of dividing each functional module by corresponding functions, fig. 12 shows a possible structural diagram of the edge UPF involved in the above embodiment, and as shown in fig. 12, the edge UPF 60 may include: a receiving module 601, a parsing module 602, a determining module 603, and a sending module 604.
A receiving module 601, configured to receive a PFCP coupling establishment request message sent by an SMF, where the PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the edge UPF, and the PFCP coupling establishment request message is used to request to establish a PFCP connection with the edge UPF.
The parsing module 602 is configured to parse the first ciphertext to obtain a first identifier.
A determining module 603 configured to determine that the first identifier is the same as the identifier of the SMF.
The determining module 603 is further configured to determine that the SMF is the target SMF.
A sending module 604, configured to send a PFCP coupling establishment response message to the SMF, where the PFCP coupling establishment response message includes a second plaintext and a second ciphertext, the second plaintext includes the identifier of the edge UPF, and the second ciphertext is determined by the edge UPF based on the stored key corresponding to the SMF.
Optionally, the determining module 603 is further configured to determine that the first identifier is different from the identifier of the SMF.
The determining module 603 is further configured to determine that no other PFCP coupling establishment request message is received at a preset time interval.
The determining module 603 is further configured to determine that the SMF is not the target SMF.
Optionally, the sending module 604 is further configured to send alarm information to the network management device.
Fig. 13 shows a possible structural representation of the edge UPF referred to in the above-described embodiments, in the case of integrated units. As shown in fig. 13, the edge UPF 70 may include: a processing module 701 and a communication module 702. The processing module 701 may be used to control and manage the actions of the edge UPF 70. The communication module 702 may be used to support communication of the edge UPF 70 with other entities. Optionally, as shown in fig. 13, the edge UPF 70 may further include a storage module 703 for storing program codes and data of the edge UPF 70.
The processing module 701 may be a processor or a controller (for example, the processor 301 shown in fig. 3). The communication module 702 may be a transceiver, a transceiver circuit, or a communication interface, etc. (e.g., may be the network interface 303 as shown in fig. 3 described above). The storage module 703 may be a memory (e.g., may be the memory 302 described above with reference to fig. 3).
When the processing module 701 is a processor, the communication module 702 is a transceiver, and the storage module 703 is a memory, the processor, the transceiver, and the memory may be connected by a bus. The bus may be a PCI bus or an EISA bus, etc. The bus may be divided into an address bus, a data bus, a control bus, etc.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the invention are all or partially effected when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optics, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or can comprise one or more data storage devices, such as a server, a data center, etc., that can be integrated with the medium. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (12)
1. A method of communication, comprising:
a Session Management Function (SMF) sends a Packet Forwarding Control Protocol (PFCP) coupling establishment request message to an edge User Plane Function (UPF), wherein the PFCP coupling establishment request message comprises a first plaintext and a first ciphertext, the first plaintext comprises an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the UPF, and the PFCP coupling establishment request message is used for requesting to establish PFCP connection with the UPF;
the SMF receives a PFCP coupling establishment response message sent by the UPF, wherein the PFCP coupling establishment response message comprises a second plaintext and a second ciphertext, the second plaintext comprises an identifier of the UPF, and the second ciphertext is determined by the UPF based on a stored key corresponding to the SMF;
the SMF analyzes the second ciphertext to obtain a second identifier;
the SMF determines that the second identifier is the same as the identifier of the UPF;
and the SMF determines that the UPF is a target edge UPF.
2. The communication method of claim 1, wherein the method further comprises:
the SMF determines that the second identifier is different from the identifier of the UPF;
the SMF determines that no response message of establishing other PFCP couplings is received at preset time intervals;
the SMF determines that the UPF is not the target edge UPF.
3. The communications method of claim 2, wherein after the SMF determines that the UPF is not the target edge UPF, the method further comprises:
and the SMF sends alarm information to the network management equipment.
4. A method of communication, comprising:
an edge User Plane Function (UPF) receives a Packet Forwarding Control Protocol (PFCP) coupling establishment request message sent by a Session Management Function (SMF), wherein the PFCP coupling establishment request message comprises a first plaintext and a first ciphertext, the first plaintext comprises an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the UPF, and the PFCP coupling establishment request message is used for requesting to establish PFCP connection with the UPF;
the UPF analyzes the first ciphertext to obtain a first identifier;
the UPF determines that the first identifier is the same as the identifier of the SMF;
and the UPF determines that the SMF is the target SMF, and sends a PFCP coupling establishment response message to the SMF, wherein the PFCP coupling establishment response message comprises a second plaintext and a second ciphertext, the second plaintext comprises the identifier of the UPF, and the second ciphertext is determined by the UPF based on the stored key corresponding to the SMF.
5. The communication method of claim 4, wherein the method further comprises:
the UPF determines that the first identifier is different from the identifier of the SMF;
the UPF determines that other PFCP coupling establishment request messages are not received at intervals of preset duration;
the UPF determines that the SMF is not the target SMF.
6. The communications method of claim 5, wherein after the UPF determines that the SMF is not the target SMF, the method further comprises:
and the UPF sends alarm information to the network management equipment.
7. A session management function, SMF, comprising: the device comprises a sending module, a receiving module, an analyzing module and a determining module;
the sending module is configured to send a packet forwarding control protocol PFCP coupling establishment request message to an edge user plane function UPF, where the PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the UPF, and the PFCP coupling establishment request message is used to request to establish a PFCP connection with the UPF;
the receiving module is configured to receive a PFCP coupling establishment response message sent by the UPF, where the PFCP coupling establishment response message includes a second plaintext and a second ciphertext, the second plaintext includes an identifier of the UPF, and the second ciphertext is determined by the UPF based on a stored key corresponding to the SMF;
the analysis module is used for analyzing the second ciphertext to obtain a second identifier;
the determining module is configured to determine that the second identifier is the same as the identifier of the UPF;
the determining module is further configured to determine that the UPF is a target edge UPF.
8. The SMF of claim 7,
the determining module is further configured to determine that the second identifier is different from the identifier of the UPF;
the determining module is further configured to determine that no response message for establishing other PFCP couplings is received at a preset time interval;
the determining module is further configured to determine that the UPF is not the target edge UPF.
9. The SMF of claim 8,
the sending module is also used for sending alarm information to the network management equipment.
10. An edge User Plane Function (UPF), comprising: the device comprises a receiving module, an analysis module, a determination module and a sending module;
the receiving module is configured to receive a Packet Forwarding Control Protocol (PFCP) coupling establishment request message sent by a Session Management Function (SMF), where the PFCP coupling establishment request message includes a first plaintext and a first ciphertext, the first plaintext includes an identifier of the SMF, the first ciphertext is determined by the SMF based on a stored key corresponding to the UPF, and the PFCP coupling establishment request message is used to request to establish a PFCP connection with the UPF;
the analysis module is used for analyzing the first ciphertext to obtain a first identifier;
the determining module is configured to determine that the first identifier is the same as the identifier of the SMF;
the determining module is further configured to determine that the SMF is a target SMF;
the sending module is configured to send a PFCP coupling establishment response message to the SMF, where the PFCP coupling establishment response message includes a second plaintext and a second ciphertext, the second plaintext includes the identifier of the UPF, and the second ciphertext is determined by the UPF based on the stored key corresponding to the SMF.
11. The UPF of claim 10,
the determining module is further configured to determine that the first identifier is different from the identifier of the SMF;
the determining module is further configured to determine that no other PFCP coupling establishment request message is received at a preset time interval;
the determining module is further configured to determine that the SMF is not the target SMF.
12. The UPF of claim 11,
the sending module is also used for sending alarm information to the network management equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110703460.0A CN113453222B (en) | 2021-06-24 | 2021-06-24 | Communication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110703460.0A CN113453222B (en) | 2021-06-24 | 2021-06-24 | Communication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113453222A CN113453222A (en) | 2021-09-28 |
| CN113453222B true CN113453222B (en) | 2022-08-02 |
Family
ID=77812611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110703460.0A Active CN113453222B (en) | 2021-06-24 | 2021-06-24 | Communication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113453222B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115278641A (en) * | 2022-07-27 | 2022-11-01 | 中国电信股份有限公司 | Information transmission method, information transmission device, storage medium, and electronic apparatus |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112312466A (en) * | 2019-07-30 | 2021-02-02 | 华为技术有限公司 | Method, device and system for sending event report |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109167670B (en) * | 2018-07-09 | 2022-04-05 | 中兴通讯股份有限公司 | PFCP connection processing method, device, network element, system and storage medium |
| US11224093B2 (en) * | 2018-08-13 | 2022-01-11 | Ofinno, Llc | Network initiated UPF sessions transfer |
| CN111246453B (en) * | 2018-11-28 | 2021-06-15 | 华为技术有限公司 | Data transmission method, user plane network element and control plane network element |
| CN111294839B (en) * | 2020-02-20 | 2021-08-31 | 广州爱浦路网络技术有限公司 | PFCP session processing method and device |
| CN112153641B (en) * | 2020-09-09 | 2022-09-13 | 上海微波技术研究所(中国电子科技集团公司第五十研究所) | Secondary authentication enhancement and end-to-end encryption method and system based on edge UPF |
-
2021
- 2021-06-24 CN CN202110703460.0A patent/CN113453222B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112312466A (en) * | 2019-07-30 | 2021-02-02 | 华为技术有限公司 | Method, device and system for sending event report |
Non-Patent Citations (1)
| Title |
|---|
| S2-1912072 "Correction to N16a for the transfer of N4 requests from SMF / responses from local UPF";Nokia等;《3GPP tsg_sa\wg2_arch》;20191122;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113453222A (en) | 2021-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11895157B2 (en) | Network security management method, and apparatus | |
| CN113794784B (en) | Method and device for acquiring edge service | |
| WO2019220172A1 (en) | Token-based debugging for a service-based architecture | |
| WO2021037175A1 (en) | Network slice management method and related device | |
| CN113115299B (en) | URSP rule updating method and device | |
| CN113115332B (en) | UPF (unified power flow) determination method and device | |
| CN110933061B (en) | Communication method and device | |
| CN110535808B (en) | Equipment monitoring and de-registration method and device | |
| CN112312466A (en) | Method, device and system for sending event report | |
| CN113206814A (en) | Network event processing method and device and readable storage medium | |
| CN110933709B (en) | Protocol data unit session management method and communication device | |
| CN112929876B (en) | Data processing method and device based on 5G core network | |
| CN113453222B (en) | Communication method and device | |
| CN113038467B (en) | Event information reporting method and communication device | |
| CN115334081A (en) | Method and device for selecting edge application server | |
| CN110351722B (en) | Information sending method, key generation method and device | |
| CN115396978B (en) | Communication method, device, server and storage medium | |
| CN115396873B (en) | Communication method, device, server and storage medium | |
| US20240163670A1 (en) | Wireless communication method and apparatus | |
| EP4362516A1 (en) | Wireless communication method and apparatus | |
| CN116528234B (en) | Virtual machine security and credibility verification method and device | |
| WO2023246457A1 (en) | Security decision negotiation method and network element | |
| CN115396979A (en) | Communication method, device, server and storage medium | |
| WO2024093923A1 (en) | Communication method and communication apparatus | |
| CN115396978A (en) | Communication method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |