CN113489747B

CN113489747B - Session connection method, device and terminal

Info

Publication number: CN113489747B
Application number: CN202110942887.6A
Authority: CN
Inventors: 张伦泳
Original assignee: China United Network Communications Group Co Ltd
Current assignee: China United Network Communications Group Co Ltd
Priority date: 2021-08-17
Filing date: 2021-08-17
Publication date: 2023-03-24
Anticipated expiration: 2041-08-17
Also published as: CN113489747A

Abstract

The application discloses a session connection method, a session connection device and a session connection terminal, and belongs to the technical field of communication. The method comprises the following steps: responding a session connection request initiated by an application arranged at a terminal, and acquiring first session associated information from the terminal, wherein the session connection request is used for requesting to establish session connection between the application and a first type of network, and the first session associated information refers to the associated information of the session established by the application in a second type of network acquired from the terminal; determining whether second session associated information matched with the first session associated information exists in the preset storage space or not, and obtaining a session matching result, wherein the second session associated information refers to associated information which is stored in the preset storage space and applied to a session established in a second type of network; and determining whether to establish session connection for the application according to the session connection request according to the session matching result, thereby avoiding the terminal from simultaneously accessing a non-public network and a public land mobile network, improving the security of the non-public network and simultaneously ensuring the information security of the user.

Description

Session connection method, device and terminal

Technical Field

The present application relates to the field of communications technologies, and in particular, to a session connection method, an apparatus, and a terminal.

Background

Non-Public networks (NPN), which are networks distinct from Public Land Mobile Networks (PLMNs), can provide services for specific user groups or organizations, and generally have higher requirements for Network quality and Network security than those of the PLMN. In the current communication specification, the ue can access both the public land mobile network and the non-public network, which may affect the security of the non-public network.

Disclosure of Invention

Therefore, the application provides a session connection method, a session connection device and a session connection terminal, so as to solve the problem that the security of a non-public network is affected because user equipment can access both a public land mobile network and the non-public network.

In order to achieve the above object, a first aspect of the present application provides a session connection method, including:

responding a session connection request initiated by an application arranged at a terminal, and acquiring first session associated information from the terminal, wherein the session connection request is used for requesting to establish session connection between the application and a first type of network, and the first session associated information refers to associated information of a session established by the application in a second type of network acquired from the terminal;

determining whether a second session associated information matched with the first session associated information exists in a preset storage space, and obtaining a session matching result, wherein the second session associated information refers to the associated information of the session established by the application in the second type of network and stored in the preset storage space;

and determining whether to establish session connection for the application according to the session connection request according to the session matching result.

Further, the current functional entity comprises a session management functional entity arranged in the first type of network;

the responding a session connection request initiated by an application arranged at a terminal, and acquiring first session associated information from the terminal, including:

sending a first query request to the terminal in response to the session connection request initiated by an application arranged on the terminal, wherein the first query request is used for querying association information of a session which is irrelevant to a first access management functional entity and is not closed by the application, and the first access management functional entity is an access management functional entity in the first type of network;

and receiving a first query feedback message returned by the terminal, and acquiring the first session associated information according to the first query feedback message.

Further, the preset storage space comprises a storage space arranged in a block chain network;

the determining whether the preset storage space has second session associated information matched with the first session associated information to obtain a session matching result includes:

inquiring whether second session associated information matched with the first session associated information exists in a storage space of the blockchain network or not to obtain a first session inquiry result, wherein a session data entry is prestored in the storage space of the blockchain network, the session data entry is a data entry generated according to an application session message broadcasted by a session management functional entity in the blockchain network, the application session message is a message generated by the session management functional entity according to the applied session information, and the second session associated information matched with the first session associated information refers to second session associated information which is the same as a network identifier, an order identifier, a session identifier and an application identifier and has an unclosed session state;

and determining the session matching result according to the first session query result.

Further, the determining the session matching result according to the first session query result includes:

determining that the session matching result is a match when the first session query result is that second session associated information matched with the first session associated information exists in the storage space of the blockchain network;

and determining that the session matching result is not matched under the condition that the first session query result is that second session associated information matched with the first session associated information does not exist in the storage space of the block chain network.

Further, the current functional entity comprises a network server of the first type network;

the responding is to a session connection request initiated by an application arranged on a terminal, and the obtaining of the first session associated information from the terminal comprises the following steps:

responding to the session connection request initiated by an application arranged on the terminal, and sending a second query request to the terminal, wherein the second query request is used for querying network service subscription information of the application to the second type of network;

and receiving a second query feedback message returned by the terminal, and acquiring the first session associated information according to the second query feedback message.

Further, before the responding to the session connection request initiated by the application provided to the terminal and acquiring the first session association information from the terminal, the method further includes:

acquiring configuration information of the terminal;

determining whether the terminal has a function of simultaneously connecting the first type network and the second type network according to the configuration information of the terminal;

in the case that the terminal is determined to have the function of simultaneously connecting the first type of network and the second type of network, identifying whether the application can simultaneously connect the first type of network and the second type of network;

and under the condition that the application is identified to be capable of simultaneously connecting the first type of network and the second type of network, executing a step of responding a session connection request initiated by the application arranged on the terminal and acquiring the first session related information from the terminal.

Further, before the obtaining the configuration information of the terminal, the method further includes:

determining a target network, wherein the target network is a second type of network which overlaps with a signal coverage area of the first type of network;

and sending application prohibition information to a target network server so that the target network server stores the application prohibition information to a unified data warehouse function entity of the target network, wherein the application prohibition information comprises information for prohibiting applications which are accessed to a current network and the target network at the same time.

Further, the identifying whether the application can simultaneously connect the first type network and the second type network in the case that it is determined that the terminal has a function of simultaneously connecting the first type network and the second type network includes:

sending a third query request to a unified data warehouse functional entity, wherein the third query request is used for determining network connection authority information of the terminal according to the prohibited application information;

and receiving a third query feedback message returned by the unified data warehouse function entity, and determining whether the application can simultaneously connect the first type network and the second type network according to the third query feedback message.

Further, the preset storage space includes a storage space provided in the second type of network;

inquiring whether second session associated information matched with the first session associated information exists in a storage space of the second type of network or not to obtain a second session inquiry result, wherein the second session associated information matched with the first session associated information refers to second session associated information which is the same as a network identifier, an order identifier, a session identifier and an application identifier and has an unclosed session state;

and determining the session matching result according to the second session query result.

Further, the determining the session matching result according to the second session query result includes:

determining that the session matching result is a match when the second session query result is that second session associated information matched with the first session associated information exists in the storage space of the second type of network;

and determining that the session matching result is not matched under the condition that the second session query result is that second session associated information matched with the first session associated information does not exist in the storage space of the second type of network.

Further, the determining whether to establish session connection for the application according to the session connection request according to the session matching result includes:

under the condition that the session matching result is not matched, establishing the session connection of the application according to the session connection request;

and refusing to establish the session connection of the application according to the session connection request under the condition that the session matching result is matched.

Further, the current functional entity is a session management functional entity arranged in the first type network;

when the session matching result is not matched, after the session connection of the application is established according to the session connection request, the method further includes:

generating a first application session message according to the session connection information of the application;

broadcasting the first application session message at a blockchain network for the blockchain network to update the session data entry of the preset storage space based on the first application session message.

Further, after the broadcasting the first application session message in the blockchain network, the method further includes:

under the condition that the session connection of the application is closed, updating the session connection information of the application, and generating a second application session message according to the updated session connection information of the application;

broadcasting the second application session message at the blockchain network, so that the blockchain network updates the session data entry of the preset storage space again based on the second application session message.

In order to achieve the above object, a second aspect of the present application provides another session connection method, including:

forwarding the session connection request of the application to a preset functional entity;

sending first session associated information to the preset functional entity, so that the preset functional entity determines whether a preset storage space has second session associated information matched with the first session associated information, obtains a session matching result, and determines whether to establish session connection for the application according to the session connection request according to the session matching result, wherein the session connection request is used for requesting to establish session connection between the application and a first type of network, the first session associated information refers to associated information of a session established by the application in a second type of network, and the second session associated information refers to associated information of the session established by the application in the second type of network, which is stored in the preset storage space.

In order to achieve the above object, a third aspect of the present application provides a session connection apparatus, including:

the information acquisition module is configured to respond to a session connection request initiated by an application arranged on a terminal and acquire first session associated information from the terminal, wherein the session connection request is used for requesting to establish session connection between the application and a first type of network, and the first session associated information refers to the session associated information which is acquired from the terminal and is established by the application in a second type of network;

the result obtaining module is configured to determine whether a preset storage space has second session associated information matched with the first session associated information, and obtain a session matching result, wherein the second session associated information refers to associated information of the session established by the application in the second type of network, which is stored in the preset storage space;

a connection determination module configured to determine whether to establish a session connection for the application according to the session connection request according to the session matching result.

In order to achieve the above object, a fourth aspect of the present application provides a terminal comprising:

the sending module is configured to forward a session connection request of an application to a preset functional entity, and send first session association information to the preset functional entity, so that the preset functional entity determines whether a preset storage space has second session association information matched with the first session association information, obtains a session matching result, and determines whether to establish session connection for the application according to the session connection request according to the session matching result, wherein the session connection request is used for requesting establishment of session connection between the application and a first-class network, the first session association information refers to association information of a session established by a second-class network for the application, and the second session association information refers to association information of a session established by the second-class network for the application, which is stored in the preset storage space.

This application has following advantage:

the session connection method provided by the application responds to a session connection request initiated by an application arranged on a terminal, and acquires first session associated information from the terminal, wherein the session connection request is used for requesting to establish session connection between the application and a first type of network, and the first session associated information refers to associated information of a session established by a second type of network acquired from the terminal; determining whether second session associated information matched with the first session associated information exists in the preset storage space or not, and obtaining a session matching result, wherein the second session associated information refers to associated information which is stored in the preset storage space and applied to a session established in a second type of network; and determining whether to establish session connection for the application according to the session connection request according to the session matching result, thereby avoiding the terminal from simultaneously accessing a non-public network and a public land mobile network, improving the security of the non-public network and ensuring the information security of the user.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the principles of the application and not to limit the application.

Fig. 1 is a flowchart of a session connection method according to an embodiment of the present application;

fig. 2 is a flowchart of a session connection method according to another embodiment of the present application;

fig. 3 is a flowchart of a session connection method according to another embodiment of the present application;

fig. 4 is a flowchart of a session connection method according to still another embodiment of the present application;

fig. 5 is a block diagram illustrating a session connection apparatus according to an embodiment of the present disclosure;

fig. 6 is a block diagram illustrating a terminal according to an embodiment of the present disclosure;

fig. 7 is a block diagram illustrating a session connection system according to an embodiment of the present application;

fig. 8 is a block diagram illustrating a session connection system according to another embodiment of the present application;

fig. 9 is a schematic signaling interaction diagram of a session connection system according to the embodiment shown in fig. 7 of the present application;

fig. 10 is a schematic signaling interaction diagram of a session connection system according to the embodiment shown in fig. 8 of the present application.

Detailed Description

The following detailed description of embodiments of the present application will be made with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present application, are given by way of illustration and explanation only, and are not intended to limit the present application.

Non-public network NPN is defined in the fifth Generation Mobile Communication technology (5 th Generation Mobile Communication technology, 5G) network. NPN is typically used in private entities (e.g., businesses) that may be deployed using both virtual and physical devices. In practical applications, the NPN may be deployed as a completely separate network, may be hosted by the PLMN or provided as part of the PLMN. However, there is no limitation in 5G on whether the UE can use the network services of the NPN and the PLMN simultaneously, so that one application on the UE can connect to the NPN and the PLMN simultaneously, which may pose a potential risk to the privacy of the NPN network.

In view of this, embodiments of the present application provide a session connection method, an apparatus, and a terminal, which can prevent the terminal from accessing a non-public network and a public land mobile network simultaneously, improve security of the non-public network, and ensure information security of a user.

The application provides a session connection method in a first aspect. Fig. 1 is a flowchart of a session connection method according to an embodiment of the present application. As shown in fig. 1, the session connection method includes the following steps:

step S101, responding to a session connection request initiated by an application arranged on a terminal, and acquiring first session associated information from the terminal.

The session connection request is used for requesting to establish session connection between the application and the first type of network, and the first session associated information refers to associated information, which is acquired from the terminal and applied to a session established in the second type of network. The first type of network and the second type of network refer to a non-public network and a public land mobile network, respectively. In other words, if the first type of network is a non-public network, the second type of network is a public land mobile network; if the first type of network is a public land mobile network, the second type of network is a non-public network.

In some embodiments, the first session association information comprises a first network identifier, a first subscription identifier, a first application identifier, a first session identifier and a first session status, wherein the first subscription identifier is a subscription identifier used when the application subscribes to the services of the second type of network through the terminal.

It should be noted that, the above-mentioned first session related information is only an example, and in practical applications, as long as the session applied in the second type of network can be uniquely identified according to the first session related information, the first session related information is information that meets the requirement, which is not limited in this application. For example, the first session association information only includes a first session identifier, and when the session of the application in the second type of network can be uniquely determined by the first session identifier, the first session association information is the session information that meets the requirement of the embodiment.

In some embodiments, the first session association information may be obtained by sending a request to the terminal and receiving a feedback message returned by the terminal.

For example, the currently executing entity is a session management function entity provided in the first type network. Responding a session connection request initiated by an application arranged on a terminal, and acquiring first session associated information from the terminal, wherein the session connection request comprises: responding to a session connection request initiated by an application arranged on a terminal, and sending a first query request to the terminal, wherein the first query request is used for querying correlation information of a session which is irrelevant to a first access management functional entity and is not closed by the application, and the first access management functional entity is an access management functional entity in a first type of network; and receiving a first query feedback message returned by the terminal, and acquiring first session associated information according to the first query feedback message. The first Access Management Function entity may be an Access and Mobility Management Function (AMF) entity.

It should be noted that the first access management functional entity is a functional entity that currently provides a signaling forwarding service for a terminal or an application, and a session unrelated to the first access management functional entity refers to a session signaling that does not pass through the first access management functional entity. In general, a terminal is served by only one access management function entity at the same time in the same network, and therefore, a session unrelated to the first access management function entity is necessarily a session in a network other than the first type network. In this embodiment, the session unrelated to the first access management function entity refers to a session of the terminal applied in the second type of network.

As another example, the current execution subject is a web server of the first type of network. Responding to a session connection request initiated by an application arranged on a terminal, and acquiring first session associated information from the terminal, wherein the session connection request comprises: responding to a session connection request initiated by an application arranged on the terminal, and sending a second query request to the terminal, wherein the second query request is used for querying network service subscription (subscribe) information of the application to a second type of network; and receiving a second query feedback message returned by the terminal, and acquiring the first session associated information according to the second query feedback message.

Step S102, determining whether second session associated information matched with the first session associated information exists in the preset storage space, and obtaining a session matching result.

The second session association information refers to association information of the session established in the second type of network, which is stored in a preset storage space and applied to the second type of network. In some embodiments, the predetermined storage space includes storage space provided in a blockchain network or storage space provided in a second type of network. The storage space set in the second type of network may be a local storage space of a network server in the second type of network, or may be a functional entity (e.g., a Unified Data Repository (UDR) functional entity) having a storage function in the second type of network.

In some embodiments, the second session association information matching the first session association information refers to the second session association information in which the network identifier, the subscription identifier, the session identifier, and the application identifier are the same as the first session association information, and the session status is not closed.

It should be noted that, the above-mentioned manner for how to determine the second session related information matching the first session related information is only an example, and in practical applications, as long as it can be determined that the second session related information and the first session related information both point to the same session and the session is in an unopened state, the second session related information is determined as the second session related information matching the first session related information.

For example, in some embodiments, the second session associated information is determined to be the second session associated information matching the first session associated information, as long as it is determined that the session identifications in the first session associated information and the second session associated information are the same and the session states of both are not closed.

In some embodiments, when second session associated information matched with the first session associated information exists in the preset storage space, determining that the session matching result is a match; and under the condition that the preset storage space does not have second session associated information matched with the first session associated information, determining that the session matching result is not matched.

For example, the current execution subject is a session management function entity disposed in the first type of network, and the preset storage space is a storage space disposed in the blockchain network. The process of obtaining the session matching result comprises the following steps: inquiring whether second session associated information matched with the first session associated information exists in a storage space of the block chain network or not to obtain a first session inquiry result; determining that the session matching result is matching under the condition that the first session query result is that second session associated information matched with the first session associated information exists in the storage space of the block chain network; and under the condition that the first session query result is that the second session associated information matched with the first session associated information does not exist in the storage space of the blockchain network, determining that the session matching result is not matched.

For another example, the current execution subject is a network server of the first type of network, and the preset storage space is a storage space set in the second type of network. The process of obtaining the session matching result comprises the following steps: inquiring whether second session associated information matched with the first session associated information exists in a storage space of a second type of network or not to obtain a second session inquiry result; determining the session matching result as matching under the condition that the second session query result is that second session associated information matched with the first session associated information exists in the storage space of the second type of network; and under the condition that the second session query result is that the second session associated information matched with the first session associated information does not exist in the storage space of the second type of network, determining that the session matching result is not matched.

It should be noted that, part of the parameters in the first session related information may be in the form of hash values (for example, the session identifier uses a hash value of the session identifier), in this case, when determining whether the second session related information matches with the first session related information, it is determined whether the parameters are the same by comparing whether the hash values of the parameters are the same.

And step S103, determining whether to establish session connection for the application according to the session connection request according to the session matching result.

In some embodiments, in the case that the session matching result is not matched, establishing the session connection of the application according to the session connection request; and under the condition that the session matching result is matched, refusing to establish the session connection of the application according to the session connection request.

It should be noted that if the session matching result is not matched, it indicates that the application does not establish an unclosed session connection with the second type of network, so that the session connection between the application and the first type of network can be established, and the session connection does not enable the terminal to access the first type of network and the second type of network at the same time, thereby avoiding affecting the security of the non-public network. On the contrary, if the session matching result is a match, it indicates that the application and the second type network are maintaining session connection, and the session connection between the application and the first type network cannot be established, because the session connection may cause the terminal to access the first type network and the second type network at the same time, which will affect the security of the non-public network.

In this embodiment, a session connection request initiated by an application provided in a terminal is responded, first session associated information is obtained from the terminal, the session connection request is used for requesting to establish session connection between the application and a first type of network, and the first session associated information refers to associated information of a session established by an application in a second type of network, which is obtained from the terminal; determining whether second session associated information matched with the first session associated information exists in the preset storage space or not, and obtaining a session matching result, wherein the second session associated information refers to associated information which is stored in the preset storage space and applied to a session established in a second type of network; and determining whether to establish session connection for the application according to the session connection request according to the session matching result, thereby avoiding the terminal from simultaneously accessing a non-public network and a public land mobile network, improving the security of the non-public network and ensuring the information security of the user.

Fig. 2 is a flowchart of a session connection method according to another embodiment of the present application, where the session connection method is applicable to a session management function entity disposed in a first type of network. As shown in fig. 2, the session connection method includes the following steps:

step S201, sending a first query request to the terminal in response to a session connection request initiated by an application provided to the terminal.

The session connection request is used for requesting to establish session connection of the application and the first type network. The first query request is used for querying the association information of the session which is not related to the first access management functional entity and is not closed by the application, and the first access management functional entity is an access management functional entity in the first type of network.

Step S202, receiving a first query feedback message returned by the terminal, and acquiring first session associated information according to the first query feedback message.

The first session associated information refers to associated information of a session established by the application in the second type of network, which is acquired from the terminal.

Step S203, querying whether a storage space of the blockchain network has second session related information matching the first session related information, to obtain a first session query result.

The session data entry is a data entry generated according to an application session message broadcasted by the session management functional entity in the blockchain network, the application session message is a message generated by the session management functional entity according to the applied session information, and the second session associated information matched with the first session associated information refers to associated information pointing to the same session as the first session associated information.

In some embodiments, the second session association information matching the first session association information includes information corresponding to session data entries having the same network identifier, subscription identifier, application identifier as the first session association information and a session status of not closed.

In some embodiments, a first session function entity corresponding to a first type of network accesses a blockchain network. When the application of the terminal accesses the first network, and after the session connection is established, the first session functional entity generates a corresponding application session message according to the application session information, and broadcasts the application session message in the block chain network. The blockchain network receives the application session message broadcast by the first session function entity, and generates a corresponding session data entry (for example, the session data entry is in the form of { network identifier, application identifier, session state }) according to the application session message. When the session connection information changes (for example, the session is closed), the first session functional entity generates an updated application session message according to the changed session information, and broadcasts the updated application session message in the blockchain network. The block chain network receives the updated application session message broadcast by the first session function entity and generates a new session data entry according to the updated application session message.

The second session functional entity corresponding to the second type of network also accesses the blockchain network, and the manner of broadcasting the application session message in the blockchain network is the same as that of the first session functional entity, which is not described herein again.

The terminal queries a storage space of the blockchain network, and determines whether second session associated information pointing to the same session as the first session associated information exists, that is, whether second session associated information matched with the first session associated information exists.

In some implementations, the second session association information that matches the first session association information may be determined based on any number of parameters of network identification, application identification, session identification, and session state (e.g., parameters including session identification and session state). Specifically, when the parameters are the same and the session states are all not closed, it is indicated that the first session related information and the second session related information point to the same ongoing session, and therefore, it is determined that there is second session related information matching the first session related information. Specifically, when the parameters are not the same or the session states are not both not closed, it is indicated that the first session related information and the second session related information do not point to the same ongoing session, and therefore it is determined that there is no second session related information matching the first session related information.

It should be noted that, in this embodiment, the session state information is obtained from the terminal, and the session state information is also obtained from the storage space of the blockchain network, and whether the obtained state information is consistent or not may be compared to ensure that the obtained session state information is accurate, so as to effectively avoid misoperation caused by inconsistent session states.

And step S204, determining a session matching result according to the first session query result.

Step S205, determining whether to establish session connection for the application according to the session connection request according to the session matching result.

It should be noted that, in some embodiments, in the case that the session matching result is not matched, after the session connection of the application is established according to the session connection request, the method further includes: generating a first application session message according to the session connection information of the application; and broadcasting the first application session message in the blockchain network, so that the blockchain network updates the session data entry of the preset storage space based on the first application session message.

It should be further noted that, after the broadcasting the first application session message by the blockchain network, the method further includes: under the condition that the session connection of the application is closed, updating the session connection information of the application, and generating a second application session message according to the updated session connection information of the application; and broadcasting a second application session message in the blockchain network, so that the blockchain network can update the session data entry of the preset storage space again based on the second application session message.

In this embodiment, the storage space of the blockchain network stores second session related information, the session management function entity obtains the first session related information from the terminal, and determines whether the storage space of the blockchain network has the second session related information matched with the first session related information, and obtains a session matching result, so as to determine whether to establish session connection for the application according to the session matching result, thereby preventing the terminal from accessing a non-public network and a public land mobile network at the same time, improving the security of the non-public network, and simultaneously ensuring the information security of the user.

Fig. 3 is a flowchart of a session connection method, which is applicable to a network server of a first type network, according to another embodiment of the present application. As shown in fig. 3, the session connection method includes the following steps:

step S301, sending a second query request to the terminal in response to a session connection request initiated by an application installed on the terminal.

And the second query request is used for querying the network service subscription information of the application to the second type of network.

In some embodiments, the second query request includes any one or more of a network identifier, an application identifier, and a terminal identifier, so that the server of the second type network can obtain the network service subscription information of the application to the second type network based on the above information.

Step S302, receiving a second query feedback message returned by the terminal, and acquiring the first session association information according to the second query feedback message.

In some embodiments, the network service subscription information includes a network identification, an application identification, a terminal identification, and a subscription identification.

It should be noted that the above-mentioned network service subscription information is only an example, and other network service subscription information not described is also within the scope of the present application, and the present application does not limit the present application.

Step S303, querying whether second session related information matched with the first session related information exists in a storage space of the second type network, and obtaining a second session query result.

The second session related information matched with the first session related information refers to related information pointing to the same session as the first session related information.

In some embodiments, the second session association information matching the first session association information includes information of a session whose network identifier, subscription identifier, application identifier are the same as the first session association information and whose session state is not closed.

And step S304, determining a session matching result according to the second session query result.

Step S305, according to the session matching result, determining whether to establish session connection for the application according to the session connection request.

In some embodiments, in the case that the session matching result is not matched, establishing the session connection of the application according to the session connection request; and refusing to establish the session connection of the application according to the session connection request under the condition that the session matching result is matched.

It should be noted that, in some embodiments, before step S301, the method further includes: acquiring configuration information of a terminal; determining whether the terminal has the function of simultaneously connecting the first type network and the second type network according to the configuration information of the terminal; under the condition that the terminal is determined to have the function of simultaneously connecting the first-class network and the second-class network, identifying whether the application can simultaneously connect the first-class network and the second-class network; and under the condition that the application is identified to be capable of simultaneously connecting the first type network and the second type network, executing a step of responding a session connection request initiated by the application arranged on the terminal and acquiring first session associated information from the terminal.

Under the condition that the terminal is determined to have the function of simultaneously connecting the first-class network and the second-class network, identifying whether the application can simultaneously connect the first-class network and the second-class network comprises the following steps: sending a third query request to the unified data warehouse functional entity, wherein the third query request is used for determining network connection authority information of the terminal according to the forbidden application information; and receiving a third query feedback message returned by the unified data warehouse function entity, and determining whether the application can simultaneously connect the first type network and the second type network according to the third query feedback message, wherein the prohibited application information comprises information (which can be in a form of a list and the like) of applications prohibited from simultaneously accessing the current network and the target network.

In some embodiments, before obtaining the configuration information of the terminal, the method further includes: determining a target network, wherein the target network is a second type network overlapping with a signal coverage area of the first type network; and sending the application prohibition information to the target network server so that the target network server can store the application prohibition information to the unified data warehouse functional entity of the target network.

In other words, the non-public network may detect a public land mobile network overlapping with its signal coverage area, and send prohibition application information to the detected public land mobile network, where the prohibition application information includes information such as an identifier of an application prohibiting the public land mobile network from establishing a session connection with the current non-public network. After receiving the forbidding application information, the public land mobile network stores the forbidding application information to the unified data warehouse function entity so as to judge whether to establish the session connection for the application according to the forbidding application information (equivalent to the second session associated information) stored in the unified data warehouse function entity and the network service subscription information (equivalent to the first session associated information) obtained by inquiring the terminal when the application initiates the session connection with the public land mobile network.

In this embodiment, the network server or the functional entity with a storage function stores second session related information, and the network server obtains the first session related information from the terminal, and determines whether the second session related information matched with the first session related information exists in the network server or the functional entity with a storage function, and obtains a session matching result, so as to determine whether to establish session connection for the application according to the session matching result, thereby preventing the terminal from accessing a non-public network and a public land mobile network at the same time, improving the security of the non-public network, and simultaneously ensuring the information security of the user.

Fig. 4 is a flowchart of a session connection method according to still another embodiment of the present application, where the session connection method is applicable to a terminal. As shown in fig. 4, the session connection method includes the following steps:

step S401, forwarding the session connection request of the application to a preset functional entity.

Step S402, sending first session associated information to a preset functional entity, so that the preset functional entity determines whether second session associated information matched with the first session associated information exists in a preset storage space, obtains a session matching result, and determines whether to establish session connection for the application according to the session connection request according to the session matching result.

The session connection request is used for requesting to establish session connection between the application and the first type of network, the first session associated information refers to associated information of a session established by the application in the second type of network, and the second session associated information refers to associated information of the session established by the application in the second type of network, which is stored in a preset storage space.

In this embodiment, a session connection request of an application is forwarded to a preset functional entity, first session association information is sent to the preset functional entity, so that the preset functional entity determines whether second session association information matched with the first session association information exists in a preset storage space, obtains a session matching result, and determines whether to establish session connection for the application according to the session connection request according to the session matching result, thereby preventing a terminal from accessing a non-public network and a public land mobile network at the same time, improving the security of the non-public network, and simultaneously ensuring the information security of a user.

The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are within the scope of the present patent; it is within the scope of this patent to add insignificant modifications or introduce insignificant designs to the algorithms or processes, but not to change the core designs of the algorithms and processes.

A second aspect of the present application provides a session connection apparatus. Fig. 5 is a block diagram illustrating a session connection apparatus according to an embodiment of the present disclosure. As shown in fig. 5, the session connection apparatus 500 includes:

the information obtaining module 501 is configured to obtain first session association information from the terminal in response to a session connection request initiated by an application provided to the terminal.

The session connection request is used for requesting to establish session connection between the application and the first type of network, and the first session associated information refers to associated information of a session established by the application in the second type of network, which is acquired from the terminal.

The result obtaining module 502 is configured to determine whether the preset storage space has second session related information that matches the first session related information, and obtain a session matching result.

The second session association information refers to association information of the session established in the second type of network, which is stored in a preset storage space and applied to the second type of network.

A connection determining module 503 configured to determine whether to establish a session connection for the application according to the session connection request according to the session matching result.

It should be noted that, in some embodiments, the session connection apparatus 500 is disposed in a session management function entity of the first type network, and the preset storage space is a storage space disposed in a blockchain network, in this embodiment, the session connection apparatus 500 performs a session connection operation according to the session connection method provided in the embodiment shown in fig. 2.

In other embodiments, the session connection apparatus 500 is disposed in a network server of the first type network, and the predetermined storage space is a storage space disposed in the second type network, in which the session connection apparatus 500 performs the session connection operation according to the session connection method provided in the embodiment shown in fig. 3.

In this embodiment, the information obtaining module obtains, from the terminal, first session association information in response to a session connection request initiated by an application provided to the terminal, where the session connection request is used to request establishment of session connection between the application and a first type of network, and the first session association information is association information of a session established in a second type of network, where the session connection request is obtained from the terminal; determining whether second session associated information matched with the first session associated information exists in the preset storage space through a result acquisition module to obtain a session matching result, wherein the second session associated information refers to the associated information which is stored in the preset storage space and is applied to the session established in the second type of network; the connection determining module determines whether to establish session connection for the application according to the session connection request according to the session matching result, so that the terminal can be prevented from accessing a non-public network and a public land mobile network simultaneously, the security of the non-public network is improved, and the information security of the user is guaranteed.

Fig. 6 is a block diagram of a terminal according to an embodiment of the present disclosure. As shown in fig. 6, the terminal 600 includes:

the sending module 601 is configured to forward the session connection request of the application to a preset functional entity, and send first session association information to the preset functional entity, so that the preset functional entity determines whether second session association information matched with the first session association information exists in the preset storage space, obtains a session matching result, and determines whether to establish session connection for the application according to the session connection request according to the session matching result.

The session connection request is used for requesting to establish session connection between the application and the first-class network, the first session associated information refers to associated information of the session established by the application in the second-class network, which is acquired from the terminal, and the second session associated information refers to associated information of the session established by the application in the second-class network, which is stored in a preset storage space.

In this embodiment, the sending module forwards a session connection request of an application to a preset function entity, and sends first session association information to the preset function entity, so that the preset function entity determines whether second session association information matched with the first session association information exists in a preset storage space, obtains a session matching result, and determines whether to establish session connection for the application according to the session connection request according to the session matching result, thereby preventing the terminal from accessing a non-public network and a public land mobile network at the same time, improving the security of the non-public network, and ensuring the information security of a user.

Fig. 7 is a block diagram illustrating a session connection system according to an embodiment of the present application. As shown in fig. 7, the session connection system 700 includes: a terminal 710, an application 711 provided to the terminal 710, a first type network 720, a first session management function 721, a second type network 730, a second session management function 731, and a blockchain network 740.

The first session management function 721 is a function corresponding to the first type of network 720, the second session management function 731 is a function corresponding to the second type of network 730, and both the first session management function 721 and the second session management function 731 are connected to the blockchain network 740.

In some embodiments, after the application 711 accesses the first type of network 720, the first session management function 721 may generate an application session message from the session connection information of the application 711 and broadcast the application session message over the blockchain network 740. After the blockchain network 740 receives the broadcasted application session message, the pre-stored session data entry is updated based on the application session message. The second session management function 731 is similar to the first session management function 721 and will not be described herein.

Fig. 8 is a block diagram illustrating a session connection system according to another embodiment of the present application. As shown in fig. 8, the session connection system 800 includes: the terminal 810, an application 811 provided in the terminal 810, a first type network 820, a first wireless access device 821, a first network server 822, a first unified data warehouse function entity 823, a second type network 830, a second wireless access device 831, a second network server 832 and a second unified data warehouse function entity 833.

The first uniform data warehouse function entity 823 is configured to provide a storage function for the first type network 820, and may be configured to store information such as subscription data and policy data; second unified data warehouse function 833 is used to provide storage function for second type network 830, and may be used to store information such as subscription data and policy data.

In some embodiments, the terminal 810 may access the first-type network 820 through the first wireless access device 821 and may also access the second-type network 830 through the second wireless access device 831; the first web server 822 may issue various commands to functional entities in the first type of network 820, and similarly, the second web server 832 may issue various commands to functional entities in the second type of network 830.

Fig. 9 is a schematic signaling interaction diagram of a session connection system according to the embodiment shown in fig. 7 of the present application. As shown in fig. 9, the signaling interaction procedure includes:

step S901, the application has a requirement for establishing a session connection with the first type of network, and the terminal forwards a session connection request of the application to the first session management functional entity.

Step S902, the first session management functional entity receives and responds to the session connection request sent by the terminal, and sends a first query request to the terminal.

Step S903, the terminal receives the first query request, and queries the association information of the session that is not related to the first access management function entity and is not closed by the application.

Step S904, the terminal generates a first query feedback message based on the queried information, and sends the first query feedback message to the first session management function entity.

Step S905, the first session management functional entity receives the first query feedback message returned by the terminal, and acquires the first session association information according to the first query feedback message.

Step S906, the first session management functional entity sends a first matching session information query request to the blockchain network, where the first matching session information query request includes the first session related information.

In step S907, the blockchain network receives the first matching information query request, determines whether second session related information matching the first session related information exists in the storage space according to the first session related information in the first matching information query request, and obtains a first session query result.

Step S908, the blockchain network sends the first session query result to the first session management function entity.

In step S909, the first session management functional entity determines a session matching result according to the first session query result.

Specifically, when the first session query result is that second session associated information matched with the first session associated information exists in the storage space of the blockchain network, determining that the session matching result is matching; and under the condition that the first session query result is that the second session associated information matched with the first session associated information does not exist in the storage space of the blockchain network, determining that the session matching result is not matched.

Step S910, when the session matching result is not matched, the first session management functional entity establishes the session connection of the application according to the session connection request.

Step S911, the first session management functional entity generates a first application session message according to the session connection information of the application, and broadcasts the first application session message in the block chain network.

In step S912, the blockchain network updates the session data entry of the preset storage space based on the first application session message.

Step S913, receiving a session close message sent by the terminal.

Step S914, the first session correlation function entity disconnects the application from the session connection with the first type of network, updates the session connection information of the application, generates a second application session message according to the updated session connection information of the application, and broadcasts the second application session message in the blockchain network.

In step S915, the blockchain network updates the session data entry of the predetermined storage space again based on the second application session message.

Step S910', when the session matching result is matching, the first session management functional entity rejects to establish the session connection of the application according to the session connection request.

Fig. 10 is a schematic signaling interaction diagram of a session connection system according to the embodiment shown in fig. 8 of the present application. As shown in fig. 10, the signaling interaction procedure includes:

step S1001, the first network server issues an overlay coverage detection instruction to the first wireless access device.

Step S1002, the first radio access device receives the overlay coverage detection instruction, and detects a target network.

Wherein the target network is a second type of network that overlaps with a signal coverage area of the first type of network. It is assumed that the target network is the second type network in this embodiment.

In step S1003, the first web server transmits the prohibition application information to the second web server.

Step S1004, the second network server stores the prohibition application information to the second unified data warehouse functional entity.

In step S1005, the first web server stores the prohibited application information to the first unified data warehouse functional entity.

Step S1006, the application has a requirement for establishing session connection with the first network, and the terminal forwards the session connection request of the application to the first network server.

Step S1007, the first web server responds to the session connection request, and sends a second query request to the terminal.

Step S1008, the terminal receives the second query request, queries the network service subscription information of the application in the second type network, and returns a second query feedback message to the first network server.

Step S1009, the first network server receives the second query feedback message returned by the terminal, and acquires the first session association information according to the second query feedback message.

Step S1010, the first network server sends a second matching session information query request to the second network server, where the second matching session information query request includes the first session related information.

Step S1011, the second web server receives the second matching information query request, and determines whether second session related information matching the first session related information exists in the second unified data warehouse function entity according to the first session related information in the second matching information query request, so as to obtain a second session query result.

In step S1012, the second network server sends the second session query result to the first network server.

In step S1013, the first network server determines a session matching result according to the second session query result.

Specifically, when the second session query result is that second session associated information matched with the first session associated information exists in the second unified data warehouse functional entity, determining that the session matching result is matching; and under the condition that the second session query result is that the second session associated information matched with the first session associated information does not exist in the second unified data warehouse functional entity, determining that the session matching result is not matched.

Step S1014, when the session matching result is not matched, the first network server establishes the session connection of the application according to the session connection request.

Step 1014', the first web server refuses to establish the session connection of the application according to the session connection request, if the session matching result is matching.

It should be noted that, the information interaction between the first network server and the second network server may be implemented through a connection relationship between the first wireless access device and the second wireless access device, or may be implemented through other communication connection relationships, which is not limited in this application.

It should be noted that each module referred to in this embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present application, a unit that is not so closely related to solving the technical problem proposed by the present application is not introduced in the present embodiment, but it does not indicate that no other unit exists in the present embodiment.

It is to be understood that the above embodiments are merely exemplary embodiments that are employed to illustrate the principles of the present application, and that the present application is not limited thereto. It will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the application, and these changes and modifications are to be considered as the scope of the application.

Claims

1. A session connection method, comprising:

determining whether to establish session connection for the application according to the session connection request according to the session matching result;

wherein the determining whether to establish session connection for the application according to the session connection request according to the session matching result includes:

2. The session connection method according to claim 1, wherein the current functional entity comprises a session management functional entity disposed in the first type network;

3. The session connection method according to claim 2, wherein the predetermined storage space comprises a storage space provided in a blockchain network;

4. The session connection method according to claim 3, wherein the determining the session matching result according to the first session query result comprises:

and determining that the session matching result is not matched under the condition that the first session query result is that second session associated information matched with the first session associated information does not exist in the storage space of the blockchain network.

5. The session connection method according to claim 1, wherein the current functional entity comprises a network server of the first type network;

6. The session connection method according to claim 5, wherein before acquiring the first session association information from the terminal in response to the session connection request initiated by the application installed in the terminal, the method further comprises:

acquiring configuration information of the terminal;

and under the condition that the application is identified to be capable of simultaneously connecting the first type network and the second type network, executing a step of responding a session connection request initiated by the application arranged on a terminal and acquiring the first session related information from the terminal.

7. The session connection method according to claim 6, wherein before the obtaining the configuration information of the terminal, the method further comprises:

8. The session connection method according to claim 7, wherein the identifying whether the application can simultaneously connect the first type of network and the second type of network in the case that it is determined that the terminal has a function of simultaneously connecting the first type of network and the second type of network comprises:

9. The session connection method according to claim 5, wherein the preset storage space comprises a storage space provided in the second type network;

10. The session connection method according to claim 9, wherein the determining the session matching result according to the second session query result comprises:

11. The session connection method according to claim 1, wherein the current functional entity is a session management functional entity disposed in the first type network;

12. The session connection method according to claim 11, further comprising, after the broadcasting of the first application session message by the blockchain network:

13. A session connection method, comprising:

sending first session associated information to the preset functional entity, so that the preset functional entity determines whether a preset storage space has second session associated information matched with the first session associated information, obtains a session matching result, and determines whether to establish session connection for the application according to the session connection request according to the session matching result, wherein the session connection request is used for requesting to establish session connection between the application and a first type of network, the first session associated information refers to associated information of a session established by the application in a second type of network, and the second session associated information refers to associated information of the session established by the application in the second type of network, which is stored in the preset storage space;

wherein, the determining, by the preset functional entity, whether to establish session connection for the application according to the session connection request according to the session matching result includes: under the condition that the session matching result is not matched, establishing the session connection of the application according to the session connection request; and refusing to establish the session connection of the application according to the session connection request under the condition that the session matching result is matched.

14. A session connection apparatus, comprising:

the information acquisition module is configured to respond to a session connection request initiated by an application arranged on a terminal and acquire first session associated information from the terminal, wherein the session connection request is used for requesting to establish session connection between the application and a first type of network, and the first session associated information refers to the session associated information established by the application in a second type of network acquired from the terminal;

a connection determination module configured to determine whether to establish a session connection for the application according to the session connection request according to the session matching result;

the connection determining module is configured to establish session connection of the application according to the session connection request when the session matching result is not matched; and refusing to establish the session connection of the application according to the session connection request under the condition that the session matching result is matched.

15. A terminal, comprising:

a sending module, configured to forward a session connection request of an application to a preset functional entity, and send first session association information to the preset functional entity, so that the preset functional entity determines whether second session association information matching the first session association information exists in a preset storage space, obtains a session matching result, and determines whether to establish session connection for the application according to the session connection request according to the session matching result, where the session connection request is used to request establishment of session connection between the application and a first type of network, the first session association information refers to association information of a session established by a second type of network for the application, which is obtained from the terminal, and the second session association information refers to association information of a session established by the second type of network for the application, which is stored in the preset storage space;