Authorization method, policy control function device and access and mobility management function device

文档序号：142935 发布日期：2021-10-22 浏览：51次中文

阅读说明：本技术 授权方法、策略控制功能设备和接入和移动管理功能设备 (Authorization method, policy control function device and access and mobility management function device ) 是由许胜锋杨艳梅李濛应江威于 2020-04-13 设计创作，主要内容包括：本申请提供了一种授权方法、策略控制功能设备和接入和移动管理功能设备,可以由中继终端的策略控制功能设备根据中继终端的标识和远端终端的标识的确定是否授权该远端终端和该中继终端建立中继服务关系,并将所确定的授权结果通知给中继终端,从而中继终端可以根据授权结果确定是否允许远端终端通过该中继终端接入网络。(The method comprises the steps that the strategy control function device of the relay terminal determines whether to authorize the remote terminal and the relay terminal to establish a relay service relation according to the identification of the relay terminal and the identification of the remote terminal, and informs the determined authorization result to the relay terminal, so that the relay terminal can determine whether to allow the remote terminal to access a network through the relay terminal according to the authorization result.)

1. An authorization method, comprising:

a first policy control function device receives a first request message from a first access and mobility management function device, wherein the first request message comprises an identifier of a remote terminal and an identifier of a relay terminal, the first policy control function device is the policy control function device of the relay terminal, and the first access and mobility management function device is the access and mobility management function device of the relay terminal;

the first policy control function device determines an authorization result according to the identifier of the remote terminal and the identifier of the relay terminal, wherein the authorization result is used for indicating whether the relay terminal is authorized to establish a relay service relationship with the remote terminal;

and the first policy control function device sends the authorization result to the first access and mobility management function device.

2. The method of claim 1, wherein the determining, by the first policy control function device, the authorization result according to the identifier of the remote terminal and the identifier of the relay terminal comprises:

the first policy control function device obtains first associated information according to the identifier of the relay terminal, wherein the first associated information indicates at least one remote terminal which can be provided with relay service by the relay terminal;

and the first policy control function device determines the authorization result according to the identifier of the remote terminal and the first associated information.

3. The method of claim 1, wherein the determining, by the first policy control function device, the authorization result according to the identifier of the remote terminal and the identifier of the relay terminal comprises:

the first policy control function device sends the identifier of the relay terminal and the identifier of the remote terminal to a second policy control function device, where the second policy control function device is a policy control function device of the remote terminal;

the first policy control function device receives first indication information from the second policy control function device, wherein the first indication information is used for indicating whether the remote terminal can use the relay service of the relay terminal;

and the first policy control function device determines the authorization result according to the identifier of the remote terminal, the first associated information and the first indication information.

4. The method of claim 3, wherein the first policy control function device sending the identity of the relay terminal and the identity of the remote terminal to the second policy control function device, comprises:

and the first policy control function device sends the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device according to the identifier of the second policy control function device, wherein the identifier of the second policy control function device is carried in the first request message.

5. The method of claim 3, wherein the first policy control function device sending the identity of the relay terminal and the identity of the remote terminal to the second policy control function device, comprises:

6. The method according to any one of claims 2 to 5, wherein the obtaining, by the first policy control function device, first association information according to the identifier of the relay terminal includes:

and the first policy control function device acquires the first associated information from a unified database according to the identifier of the relay terminal.

7. An authorization method, comprising:

a first access and mobility management function device sends a first request message to a first policy control function device, wherein the first access and mobility management function device is an access and mobility management function device of a relay terminal, the first policy control function device is a policy control function device of the relay terminal, and the first request message includes an identifier of the relay terminal and an identifier of a remote terminal;

the first access and mobile management function device receives an authorization result from the first policy control function device, wherein the authorization result is used for indicating whether the relay terminal is authorized to establish a relay service relationship with the remote terminal;

and the first access and mobile management function equipment sends the authorization result to the relay terminal.

8. The method of claim 7, wherein prior to the first access and mobility management function device sending the first request message to the first policy control function device, the method further comprises:

and the first access and mobile management function equipment receives the identification of the relay terminal and the identification of a remote terminal from the relay terminal.

9. The method according to claim 7 or 8, wherein the first request message further comprises an identification of a second policy control function device;

and before the first access and mobility management function device sends the first request message to the first policy control function device, the method further comprises:

the first access and mobile management function device obtains the identifier of the second policy control function device from a second access and mobile management function device, or a unified data management device, or a unified database according to the identifier of the remote terminal, wherein the second access and mobile management function device is the access and mobile management function device of the remote terminal, and the second policy control function device is the policy control function device of the remote terminal.

10. An authorization method, comprising:

a second policy control function device receives an identifier of a relay terminal and an identifier of a remote terminal from a first policy control function device, wherein the second policy control function device is the policy control function device of the remote terminal, and the first policy control function device is the policy control function device of the relay terminal;

the second policy control function device determines whether the remote terminal can use the relay service of the relay terminal according to the identifier of the relay terminal and the identifier of the remote terminal;

the second policy control function device sends first indication information to the first policy control function device, where the first indication information is used to indicate whether the remote terminal may use the relay service of the relay terminal.

11. A policy control function device, wherein the policy control function device is a policy control function device of a relay terminal, and the policy control function device includes:

a transceiver unit, configured to receive a first request message from a first access and mobility management function device, where the first request message includes an identifier of a remote terminal and an identifier of the relay terminal, and the first access and mobility management function device is an access and mobility management function device of the relay terminal;

the processing unit is used for determining an authorization result according to the identifier of the remote terminal and the identifier of the relay terminal, wherein the authorization result is used for indicating whether the relay terminal is authorized to establish a relay service relationship with the remote terminal;

the transceiver unit is further configured to send the authorization result to the first access and mobility management function device.

12. The policy control function device according to claim 11, wherein the processing unit is specifically configured to:

acquiring first associated information according to the identifier of the relay terminal, wherein the first associated information indicates at least one remote terminal which can be provided with relay service by the relay terminal;

and determining the authorization result according to the identification of the remote terminal and the first associated information.

13. The policy control function device according to claim 11, wherein the processing unit is specifically configured to:

controlling the transceiver unit to send the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device, where the second policy control function device is a policy control function device of the remote terminal;

controlling the transceiver unit to receive first indication information from the second policy control function device, where the first indication information is used to indicate whether the remote terminal can use a relay service of the relay terminal;

and determining the authorization result according to the identification of the remote terminal, the first associated information and the first indication information.

14. The policy control function device according to claim 13, wherein the transceiver unit is specifically configured to:

and sending the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device according to the identifier of the second policy control function device, wherein the identifier of the second policy control function device is carried in the first request message.

15. The policy control function device according to claim 13, wherein the transceiver unit is specifically configured to:

16. The policy control function device according to any one of claims 12 to 15, wherein the processing unit is specifically configured to:

and acquiring the first associated information from a unified database according to the identifier of the relay terminal.

17. An access and mobility management function device, wherein the access and mobility management function device is an access and mobility management function device of a relay terminal, and the access and mobility management function device includes:

a transceiving unit, configured to send a first request message to a first policy control function device, where the first policy control function device is a policy control function device of the relay terminal, and the first request message includes an identifier of the relay terminal and an identifier of a remote terminal;

the transceiver unit is further configured to receive an authorization result from the first policy control function device, where the authorization result is used to indicate whether to authorize the relay terminal to establish a relay service relationship with the remote terminal;

the transceiver unit is further configured to send the authorization result to the relay terminal.

18. The access and mobility management function device of claim 17, wherein the transceiving unit is further to:

and receiving the identification of the relay terminal and the identification of the remote terminal from the relay terminal.

19. The access and mobility management function device of claim 17 or 18, wherein an identification of a second policy control function device is also included in the first request message;

and the transceiver unit is further configured to:

and acquiring an identifier of a second policy control function device from a second access and mobile management function device, or a unified data management device, or a unified database according to the identifier of the remote terminal, wherein the second access and mobile management function device is the access and mobile management function device of the remote terminal, and the second policy control function device is the policy control function device of the remote terminal.

20. A policy control function device, wherein the policy control function device is a policy control function device of a remote terminal, and the policy control function device comprises:

a transceiver unit, configured to receive an identifier of a relay terminal and an identifier of the remote terminal from a first policy control function device, where the first policy control function device is a policy control function device of the relay terminal;

a processing unit, configured to determine whether the remote terminal may use the relay service of the relay terminal according to the identifier of the relay terminal and the identifier of the remote terminal;

the transceiver unit is further configured to send first indication information to the first policy control function device, where the first indication information is used to indicate whether the remote terminal may use the relay service of the relay terminal.

21. A policy control function device, comprising: a processor coupled with a memory for storing a program or instructions that, when executed by the processor, cause the policy control function device to perform the method of any one of claims 1 to 6.

22. An access and mobility management function device, comprising: a processor coupled with a memory for storing a program or instructions that, when executed by the processor, cause the ingress and mobility management function device to perform the method of any of claims 7 to 9.

23. A policy control function device, comprising: a processor coupled with a memory, the memory for storing a program or instructions, which when executed by the processor, causes the policy control function device to perform the method of claim 10.

24. A readable storage medium having stored thereon a computer program or instructions, which when executed cause the method of any of claims 1 to 7, any of claims 7 to 9, or claim 10 to be performed.

25. A communication system, comprising one or more of: a policy control function device according to any one of claims 11 to 16, an access and mobility management function device according to any one of claims 17 to 19, and a policy control function device according to claim 20.

Technical Field

The present application relates to the field of communications, and more particularly, to an authorization method, a policy control function device, and an access and mobility management function device.

Background

In general, a terminal may access a network directly through an access network device. In some special scenarios, for example, when the terminal is out of the network coverage or when the communication signal between the terminal and the access network device is poor, the terminal may access the network through the relay service provided by the relay terminal, and in this case, the terminal is referred to as a remote terminal with respect to the relay terminal.

In a practical operation scenario, in view of security performance or other factors, a remote terminal may access the network through any one relay terminal, or may only access the network through some relay terminals, for example, a commercial remote terminal may not be allowed to access the network through a public security relay terminal. Therefore, the relay terminal and/or the remote terminal need to know whether the relay service relationship can be established, that is, whether the remote terminal can access the network through the relay terminal.

Disclosure of Invention

The application provides an authorization method, a policy control function device and an access and mobility management function device, wherein the policy control function device can determine whether to authorize a remote terminal and a relay terminal to establish a relay service relationship, and inform the determined authorization result to the relay terminal or the remote terminal, so that the relay terminal can determine whether to allow the remote terminal to access a network through the relay terminal according to the authorization result, or the remote terminal can determine whether to access the network through the relay terminal according to the authorization result.

In a first aspect, an authorization method is provided, and the method includes: the first policy control function device receives a first request message from the first access and mobile management function device, wherein the first request message comprises an identifier of a remote terminal and an identifier of a relay terminal, the first policy control function device is the policy control function device of the relay terminal, and the first access and mobile management function device is the access and mobile management function device of the relay terminal; the first policy control function device determines an authorization result according to the identifier of the remote terminal and the identifier of the relay terminal, wherein the authorization result is used for indicating whether the relay terminal is authorized to establish a relay service relationship with the remote terminal; the first policy control function device sends the authorization result to the first access and mobility management function device.

According to the authorization method provided by the application, whether the relay terminal is authorized to establish the relay service relationship with the remote terminal can be determined by the policy control function device of the relay terminal according to the identifier of the relay terminal and the identifier of the remote terminal. Then, the policy control function device of the relay terminal may transmit the determined authorization result to the access and mobility management function device of the relay terminal, and the access and mobility management function device may forward the authorization result to the relay terminal. Further, the relay terminal may determine whether to allow the relay terminal to access the network through the relay terminal according to the authorization result.

In addition, whether a terminal can act as a relay terminal or not may also be authorized by the policy control function device of the terminal. Thus, a policy control function device can determine whether to authorize a terminal to be a relay terminal, and also determine whether to authorize the establishment of a relay service relationship between the terminal and a remote terminal under the condition that the terminal is authorized to be the relay terminal, thereby realizing the centralization of the authorization function.

Alternatively, the first association information may be an identifier of at least one remote terminal that may be provided with the relay service by the relay terminal, or may indicate that all the remote terminals may be provided with the relay service by the relay terminal.

Based on the scheme, the first policy control function device may determine whether to authorize the relay terminal to establish the relay service relationship with the remote terminal by determining whether at least one remote terminal that may be provided with the relay service by the relay terminal includes the remote terminal. That is, as long as at least one remote terminal capable of providing the relay service by the relay terminal includes the remote terminal, the relay terminal may be authorized to establish the relay service relationship with the remote terminal, otherwise, the relay terminal is not authorized to establish the relay service relationship with the remote terminal.

With reference to the first aspect, in some implementations of the first aspect, the determining, by the first policy control function device, an authorization result according to the identifier of the remote terminal and the identifier of the relay terminal includes: the first policy control function device acquires first associated information according to the identifier of the relay terminal, wherein the first associated information indicates a remote terminal which can be provided with relay service by the relay terminal; the first strategy control function device sends the identification of the relay terminal and the identification of the remote terminal to a second strategy control function device, and the second strategy control function device is the strategy control function device of the remote terminal; the first policy control function device receives first indication information from the second policy control function device, wherein the first indication information is used for indicating whether a remote terminal can use the relay service of the relay terminal; and the first policy control function device determines an authorization result according to the identifier of the remote terminal, the first association information and the first indication information.

Based on the scheme, the first policy control function device may determine, on the one hand, whether at least one remote terminal that may be provided with the relay service by the relay terminal includes the remote terminal, and on the other hand, may determine, according to the first indication information sent by the second policy control function device, whether the remote terminal may use the relay service of the relay terminal, and in combination with the information of the two aspects, the first policy control function device may determine whether to authorize the relay terminal to establish the relay service relationship with the remote terminal. That is, if at least one remote terminal capable of providing the relay service by the relay terminal includes a remote terminal and the remote terminal can use the relay service of the relay terminal, the relay terminal is authorized to establish a relay service relationship with the remote terminal; if at least one remote terminal which can provide the relay service by the relay terminal does not include the remote terminal, or the remote terminal cannot use the relay service of the relay terminal, the relay terminal and the remote terminal are not authorized to establish the relay service relationship.

With reference to the first aspect, in some implementations of the first aspect, the sending, by the first policy control function device, the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device includes: the first policy control function device relays the identifier of the terminal and the identifier of the remote terminal to the second policy control function device according to the identifier of the second policy control function device, wherein the identifier of the second policy control function device is carried in the first request message.

Based on the scheme, the first policy control function device may determine the second policy control function device according to the identifier of the second policy control function device in the first request message, and may further send the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device to request the second policy control function device to determine whether the remote terminal may use the relay service of the relay terminal.

With reference to the first aspect, in some implementations of the first aspect, the sending, by the first policy control function device, the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device includes: and the first policy control function device sends the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device according to the identifier of the second policy control function device, wherein the identifier of the second policy control function device is obtained by the first policy control function device from the unified database or the unified data management device according to the identifier of the remote terminal.

Based on the scheme, the first policy control function device may first obtain the identifier of the second policy control function device from the unified database or the unified data management device according to the identifier of the remote terminal, and then may send the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device to request the second policy control function device to determine whether the remote terminal may use the relay service of the relay terminal.

With reference to the first aspect, in some implementation manners of the first aspect, the acquiring, by the first policy control function device, the first association information according to the identifier of the relay terminal includes: and the first policy control function device acquires the first associated information from the unified database according to the identifier of the relay terminal.

Based on the scheme, the information of the remote terminal associated with the relay terminal, that is, the information of at least one remote terminal that can provide the relay service by the relay terminal, may be stored in the unified database as subscription information. When the remote terminal requests to access the network through the relay terminal, the first policy control function device may obtain the subscription information from the unified database, and may determine whether to authorize the relay terminal to establish a relay service relationship with the remote terminal according to the subscription information.

With reference to the first aspect, in some implementations of the first aspect, the identifier of the remote terminal is an International Mobile Subscriber Identity (IMSI) or a General Public Subscriber Identifier (GPSI), the identifier of the relay terminal is an IMSI or a GPSI, and the identifier of the remote terminal is different from the identifier of the relay terminal.

In a second aspect, there is provided an authorization method, including: the method comprises the steps that a first access and mobile management function device sends a first request message to a first policy control function device, wherein the first access and mobile management function device is an access and mobile management function device of a relay terminal, the first policy control function device is a policy control function device of the relay terminal, and the first request message comprises an identifier of the relay terminal and an identifier of a far-end terminal; the first access and mobile management function device receives an authorization result from the first policy control function device, wherein the authorization result is used for indicating whether the relay terminal is authorized to establish a relay service relationship with the remote terminal; and the first access and mobile management function equipment sends the authorization result to the relay terminal.

According to the authorization method provided by the application, when a remote terminal requests to access a network through a relay terminal, the access and mobile management function device of the relay terminal can request the policy control function device of the relay terminal to determine whether to authorize the relay terminal to establish a relay service relationship with the remote terminal, and after receiving an authorization result returned by the policy control function device of the relay terminal, the access and mobile management function device of the relay terminal can further return the authorization result to the relay terminal, so that the relay terminal can determine whether to allow the remote terminal to access the network through the relay terminal according to the authorization result.

With reference to the second aspect, before the first access and mobility management function device sends the first request message to the first policy control function device, the method may further include: the first access and mobility management function device receives the identity of the relay terminal and the identity of the remote terminal from the relay terminal.

With reference to the second aspect, in some implementations of the second aspect, the first request message may further include an identifier of the second policy control function device; and, before the first access and mobility management function device sends the first request message to the first policy control function device, the method may further comprise: the first access and mobility management function device obtains an identifier of a second policy control function device from a second access and mobility management function device, or a unified data management device, or a unified database according to the identifier of the remote terminal, wherein the second access and mobility management function device is an access and mobility management function device of the remote terminal, and the second policy control function device is a policy control function device of the remote terminal.

Based on the scheme, after the first access and mobility management function device obtains the identifier of the second policy control function device, the identifier of the second policy control function device may be sent to the first policy control function device, the first policy control function device may request the second policy control function device to determine whether the remote terminal may use the relay service of the relay terminal according to the identifier of the second policy control function device, and then the first policy control function device may determine whether to authorize the relay terminal to establish the relay service relationship with the remote terminal according to a result returned by the second policy control function device.

With reference to the second aspect, in some implementations of the second aspect, the identifier of the remote terminal is an IMSI or a GPSI, the identifier of the relay terminal is an IMSI or a GPSI, and the identifier of the remote terminal is different from the identifier of the relay terminal.

In a third aspect, an authorization method is provided, including: the second strategy control function device receives the identification of the relay terminal and the identification of the remote terminal from the first strategy control function device, the second strategy control function device is the strategy control function device of the remote terminal, and the first strategy control function device is the strategy control function device of the relay terminal; the second strategy control function device determines whether the remote terminal can use the relay service of the relay terminal according to the identification of the relay terminal and the identification of the remote terminal; the second policy control function device sends first indication information to the first policy control function device, wherein the first indication information is used for indicating whether the remote terminal can use the relay service of the relay terminal.

According to the authorization method provided by the application, the policy control function device of the relay terminal can request the policy control function device of the remote terminal to determine whether the remote terminal can use the relay service of the relay terminal, so that the policy control function device of the relay terminal can combine the determination result of the remote terminal to determine whether to authorize the relay terminal to establish the relay service relationship with the remote terminal.

With reference to the third aspect, in some implementations of the third aspect, the determining, by the second policy control function device, whether the remote terminal can use the relay service of the relay terminal according to the identifier of the relay terminal and the identifier of the remote terminal includes: the second policy control function device acquires second associated information according to the identifier of the remote terminal, wherein the second associated information is used for indicating at least one relay terminal which can provide relay service for the remote terminal; and the second policy control function device determines whether the relay terminal can provide relay service for the remote terminal according to the identifier of the relay terminal and the second associated information.

Optionally, the second association information may be an identifier of at least one relay terminal that may provide the relay service for the remote terminal, or may indicate that all the relay terminals may provide the relay service for the remote terminal.

Based on the scheme, the second policy control function device determines whether the relay terminal can provide the relay service for the remote terminal by determining whether at least one relay terminal that can provide the relay service for the remote terminal includes the relay terminal.

With reference to the third aspect, in some implementation manners of the third aspect, the acquiring, by the second policy control function device, the second authorization information according to the identifier of the remote terminal includes: and the second policy control function device acquires second authorization information from the unified database according to the identification of the remote terminal.

Based on the scheme, the information of the relay terminal associated with the remote terminal, that is, the information of at least one relay terminal providing the relay service for the remote terminal, may be stored in the unified database as subscription information. In this way, the second policy control function device may obtain the subscription information from the unified database, so as to determine whether the relay terminal may provide the relay service for the remote terminal.

With reference to the third aspect, in some implementations of the third aspect, before the second policy control function device receives the identity of the relay terminal and the identity of the remote terminal from the first policy control function device, the method may further include: and the second policy control function device stores the corresponding relation between the identifier of the second policy control function device and the identifier of the remote terminal into a unified database or unified data management device.

Based on the scheme, the first policy control function device or the first access and mobility management function device may obtain the identifier of the second policy control function device from the unified database or the unified data management device based on the identifier of the remote terminal.

With reference to the third aspect, in some implementations of the third aspect, the identifier of the remote terminal is an IMSI or a GPSI, the identifier of the relay terminal is an IMSI or a GPSI, and the identifier of the remote terminal is different from the identifier of the relay terminal.

In a fourth aspect, there is provided an authorization method, including: the first policy control function device receives a first request message from the first access and mobile management function device, wherein the first request message comprises an identifier of a remote terminal and an identifier of a relay terminal, the first policy control function device is the policy control function device of the remote terminal, and the first access and mobile management function device is the access and mobile management function device of the remote terminal; the first policy control function device determines an authorization result according to the identifier of the remote terminal and the identifier of the relay terminal, wherein the authorization result is used for indicating whether the relay terminal is authorized to establish a relay service relationship with the remote terminal; the first policy control function device sends the authorization result to the first access and mobility management function device.

According to the authorization method provided by the application, whether the relay terminal is authorized to establish the relay service relationship with the remote terminal can be determined by the policy control function device of the remote terminal according to the identifier of the relay terminal and the identifier of the remote terminal. Then, the policy control function device of the remote terminal may notify the determined authorization result to the remote terminal through the access and mobility management function device of the remote terminal, and the remote terminal may determine whether to access the network through the relay terminal according to the authorization result.

In addition, whether a terminal can be used as a remote terminal or not can be authorized by the policy control function device of the terminal. Thus, a policy control function device can determine whether to authorize a terminal to be a remote terminal, and also determine whether to authorize the establishment of a relay service relationship between the terminal and a relay terminal under the condition that the terminal is authorized to be the remote terminal, thereby realizing the centralization of the authorization function.

Optionally, the first association information may be an identifier of at least one relay terminal that may provide the relay service for the remote terminal, or may indicate that all the relay terminals may provide the relay service for the remote terminal.

Based on the scheme, the first policy control function device may determine whether to authorize the relay terminal to establish a relay service relationship with the remote terminal by determining whether at least one relay terminal that may provide a relay service for the remote terminal includes the relay terminal. That is, as long as at least one relay terminal capable of providing the relay service for the remote terminal includes the relay terminal, the relay terminal may be authorized to establish the relay service relationship with the remote terminal, otherwise, the relay terminal is not authorized to establish the relay service relationship with the remote terminal.

With reference to the fourth aspect, in some implementation manners of the fourth aspect, the determining, by the first policy control function device, an authorization result according to the identifier of the remote terminal and the identifier of the relay terminal includes: the first policy control function device acquires first associated information according to the identifier of the remote terminal, wherein the first associated information indicates a relay terminal capable of providing relay service for the remote terminal; the first strategy control function device sends the identification of the relay terminal and the identification of the remote terminal to a second strategy control function device, and the second strategy control function device is the strategy control function device of the relay terminal; the first policy control function device receives first indication information from the second policy control function device, wherein the first indication information is used for indicating whether the relay terminal can provide relay service for the remote terminal; and the first policy control function device determines an authorization result according to the identifier of the relay terminal, the first association information and the first indication information.

Optionally, the first association information may be an identifier of a relay terminal that may provide the relay service for the remote terminal, or may indicate that all relay terminals may provide the relay service for the remote terminal.

Based on the scheme, the first policy control function device may determine, on the one hand, whether at least one relay terminal that may provide a relay service for the remote terminal includes the relay terminal, and on the other hand, may determine, according to the first indication information sent by the second policy control function device, whether the relay terminal may provide a relay service for the remote terminal, and in combination with the information in the two aspects, the first policy control function device may determine whether to authorize the relay terminal to establish a relay service relationship with the remote terminal. That is, if at least one relay terminal capable of providing a relay service for the remote terminal includes the relay terminal and the relay terminal is capable of providing a relay service for the remote terminal, the relay terminal is authorized to establish a relay service relationship with the remote terminal; if the relay terminal that can provide the relay service for the remote terminal does not include the relay terminal, or the relay terminal cannot provide the relay service for the remote terminal, the relay terminal is not authorized to establish the relay service relationship with the remote terminal.

With reference to the fourth aspect, in some implementations of the fourth aspect, the sending, by the first policy control function device, the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device includes: and the first policy control function device sends the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device according to the identifier of the second policy control function device, wherein the identifier of the second policy control function device is carried in the first request message.

Based on the scheme, the first policy control function device may determine the second policy control function device according to the identifier of the second policy control function device in the first request message, and further may send the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device to request the second policy control function device to determine whether the relay terminal may provide the relay service for the remote terminal.

Based on the scheme, the first policy control function device may first obtain, according to the identifier of the relay terminal, the identifier of the second policy control function device from the unified database or the unified data management device, and then may send the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device, so as to request the second policy control function device to determine whether the relay terminal can provide the relay service for the remote terminal.

With reference to the fourth aspect, in some implementation manners of the fourth aspect, the acquiring, by the first policy control function device, the first association information according to the identifier of the remote terminal includes: and the first policy control function device acquires the first associated information from the unified database according to the identification of the remote terminal.

Based on the scheme, the information of the relay terminal associated with the remote terminal, that is, the information of the relay terminal providing the relay service for the remote terminal, may be stored in the unified database as subscription information. Under the condition that the remote terminal requests to access the network through the relay terminal, the first policy control function device may acquire the subscription information from the unified database, so as to determine whether to authorize the relay terminal to establish a relay service relationship with the remote terminal according to the subscription information.

With reference to the fourth aspect, in some implementations of the fourth aspect, the identifier of the remote terminal is an IMSI or a general GPSI, the identifier of the relay terminal is an IMSI or a GPSI, and the identifier of the remote terminal is different from the identifier of the relay terminal.

In a fifth aspect, there is provided an authorization method, including: the method comprises the steps that a first access and mobile management function device sends a first request message to a first policy control function device, wherein the first access and mobile management function device is an access and mobile management function device of a far-end terminal, the first policy control function device is a policy control function device of the far-end terminal, and the first request message comprises an identifier of a relay terminal and an identifier of the far-end terminal; the first access and mobile management function device receives an authorization result from the first policy control function device, wherein the authorization result is used for indicating whether the relay terminal is authorized to establish a relay service relationship with the remote terminal; the first access and mobility management function device sends the authorization result to the remote terminal.

According to the authorization method provided by the application, when a remote terminal wants to access a network through a relay terminal, the access and mobile management function device of the remote terminal can request the policy control function device of the remote terminal to determine whether to authorize the relay terminal to establish a relay service relationship with the remote terminal, and after receiving an authorization result returned by the policy control function device of the remote terminal, the access and mobile management function device of the remote terminal can further return the authorization result to the remote terminal, so that the remote terminal can determine whether to access the network through the relay terminal according to the authorization result.

With reference to the fifth aspect, in some implementations of the fifth aspect, before the first access and mobility management function device sends the first request message to the first policy control function device, the method may further include: the first access and mobile management function equipment receives the identification of the remote terminal and the identification of the relay terminal from the remote terminal; and the first access and mobile management function equipment generates a first request message according to the identifier of the relay terminal and the identifier of the remote terminal.

With reference to the fifth aspect, in some implementations of the fifth aspect, the first request message may further include an identifier of the second policy control function device; and, before the first access and mobility management function device sends the first request message to the first policy control function device, the method may further comprise: the first access and mobility management function device obtains an identifier of a second policy control function device from a second access and mobility management function device, or a unified data management device, or a unified database according to the identifier of the remote terminal, wherein the second access and mobility management function device is an access and mobility management function device of the first remote relay terminal, and the second policy control function device is a policy control function device of the relay terminal.

Based on the scheme, after the first access and mobility management function device obtains the identifier of the second policy control function device, the identifier of the second policy control function device may be sent to the first policy control function device, and the first policy control function device may request, according to the identifier of the second policy control function device, the second policy control function device to determine whether the relay terminal can provide the relay service for the remote terminal, and then the first policy control function device may determine whether to authorize the relay terminal to establish the relay service relationship with the remote terminal according to a result returned by the second policy control function device.

With reference to the fifth aspect, in some implementations of the fifth aspect, the identifier of the remote terminal is an IMSI or a GPSI, the identifier of the relay terminal is an IMSI or a GPSI, and the identifier of the remote terminal and the identifier of the relay terminal are different.

In a sixth aspect, there is provided an authorization method, including: the second strategy control function device receives the identification of the relay terminal and the identification of the far-end terminal from the first strategy control function device, the second strategy control function device is the strategy control function device of the relay terminal, and the first strategy control function device is the strategy control function device of the far-end terminal; the second strategy control function device determines whether the relay terminal can provide relay service for the remote terminal according to the identification of the relay terminal and the identification of the remote terminal; the second policy control function device sends first indication information to the first policy control function device, wherein the first indication information is used for indicating whether the relay terminal can provide the relay service for the remote terminal.

According to the authorization method provided by the application, the policy control function device of the remote terminal can request the policy control function device of the relay terminal to determine whether the relay terminal can provide the relay service for the remote terminal, so that the policy control function device of the remote terminal can determine whether to authorize the relay terminal to establish the relay service relationship with the remote terminal according to the determination result of the relay terminal.

With reference to the sixth aspect, in some implementations of the sixth aspect, the determining, by the second policy control function device, whether the relay terminal can provide the relay service for the remote terminal according to the identifier of the relay terminal and the identifier of the remote terminal includes: the second policy control function device acquires second associated information according to the identifier of the relay terminal, wherein the second associated information is used for indicating at least one remote terminal which can provide relay service by the relay terminal; and the second policy control function device determines whether the relay terminal can provide relay service for the remote terminal according to the identifier of the relay terminal and the second associated information.

Optionally, the second association information may be an identifier of at least one remote terminal that may provide the relay service by the relay terminal, and may also indicate that the relay terminal may provide the relay service for all the remote terminals.

Based on the scheme, the second policy control function device determines whether the relay terminal can provide the relay service for the remote terminal by determining whether at least one remote terminal that can provide the relay service by the relay terminal includes the remote terminal.

With reference to the sixth aspect, in some implementation manners of the sixth aspect, the obtaining, by the second policy control function device, the second authorization information according to the identifier of the relay terminal includes: and the second policy control function device acquires second authorization information from the unified database according to the identifier of the relay terminal.

Based on the scheme, the information of the remote terminal associated with the relay terminal, that is, the information of the remote terminal capable of providing the relay service by the relay terminal, may be stored in the unified database as subscription information. In this way, the second policy control function device may obtain the subscription information from the unified database, so as to determine whether the relay terminal may provide the relay service for the remote terminal.

With reference to the sixth aspect, in some implementations of the sixth aspect, before the second policy control function device receives the identity of the relay terminal and the identity of the remote terminal from the first policy control function device, the method may further include: and the second policy control function device stores the corresponding relation between the identifier of the second policy control function device and the identifier of the relay terminal to a unified database or unified data management device.

With reference to the sixth aspect, in some implementations of the sixth aspect, the identifier of the remote terminal is an IMSI or a GPSI, the identifier of the relay terminal is an IMSI or a GPSI, and the identifier of the remote terminal is different from the identifier of the relay terminal.

In a seventh aspect, a communication device is provided, which includes various means or units for performing the method of the first aspect or any one of the possible implementations of the first aspect, or includes various means or units for performing the method of the third aspect or any one of the possible implementations of the third aspect, or includes various means or units for performing the method of the fourth aspect or any one of the possible implementations of the fourth aspect, or includes various means or units for performing the method of the sixth aspect or any one of the possible implementations of the sixth aspect. Optionally, the communication device may be a policy control function device or a policy control function network element.

In an eighth aspect, a communications apparatus is provided that includes a processor. The processor is coupled to the memory and is operable to execute instructions in the memory to cause the apparatus to perform the method of any one of the possible implementations of the first aspect or the first aspect, or to perform the method of any one of the possible implementations of the third aspect or the third aspect, or to perform the method of any one of the possible implementations of the fourth aspect or the fourth aspect, or to perform the method of any one of the possible implementations of the sixth aspect or the sixth aspect. Optionally, the apparatus may be a policy control function device or a policy control function network element.

Optionally, the apparatus further comprises a memory. Optionally, the apparatus further comprises an interface circuit, the processor being coupled to the interface circuit.

In a ninth aspect, there is provided a communications device comprising means or units for performing the method of any one of the possible implementations of the second aspect or the second aspect, or comprising means or units for performing the method of any one of the possible implementations of the fifth aspect or the fifth aspect. Alternatively, the communication device may be an access and mobility management function device or an access and mobility management function network element.

In a tenth aspect, a communication device is provided that includes a processor. The processor is coupled to the memory and is operable to execute the instructions in the memory to cause the apparatus to perform the method of any of the possible implementations of the second aspect or the second aspect described above, or to perform the method of any of the possible implementations of the fifth aspect or the fifth aspect described above. Optionally, the apparatus may be an access and mobility management function device or an access and mobility management function network element.

Optionally, the apparatus further comprises a memory. Optionally, the apparatus further comprises an interface circuit, the processor being coupled to the interface circuit.

In an eleventh aspect, a processor is provided, including: input circuit, output circuit and processing circuit. The processing circuit is configured to receive a signal via the input circuit and transmit a signal via the output circuit, such that the processor performs the method of any one of the above-mentioned first aspect or any one of the above-mentioned possible implementations of the second aspect or the second aspect, or performs the method of any one of the above-mentioned third aspect or any one of the above-mentioned possible implementations of the third aspect, or performs the method of any one of the above-mentioned fourth aspect or any one of the above-mentioned possible implementations of the fourth aspect, or performs the method of any one of the above-mentioned fifth aspect or any one of the above-mentioned possible implementations of the fifth aspect, or any one of the above-mentioned possible implementations of the sixth aspect. Alternatively, the processor may be a processor disposed in a policy control function device or a policy control function network element. Alternatively, the processor may be a processor disposed within the access and mobility management function device or the access and mobility management function network element.

In a specific implementation process, the processor may be a chip, the input circuit may be an input pin, the output circuit may be an output pin, and the processing circuit may be a transistor, a gate circuit, a flip-flop, various logic circuits, and the like. The input signal received by the input circuit may be received and input by, for example and without limitation, a receiver, the signal output by the output circuit may be output to and transmitted by a transmitter, for example and without limitation, and the input circuit and the output circuit may be the same circuit that functions as the input circuit and the output circuit, respectively, at different times. The embodiment of the present application does not limit the specific implementation manner of the processor and various circuits.

In a twelfth aspect, a processing apparatus is provided that includes a processor and a memory. The processor is configured to read instructions stored in the memory and may receive signals via the receiver and transmit signals via the transmitter to perform a method in any one of the possible implementations of the first aspect or the first aspect, or to perform a method in any one of the possible implementations of the second aspect or the second aspect, or to perform a method in any one of the possible implementations of the third aspect or the third aspect, or to perform a method in any one of the possible implementations of the fourth aspect or the fourth aspect, or to perform a method in any one of the possible implementations of the fifth aspect or the fifth aspect, or to perform a method in any one of the possible implementations of the sixth aspect or the sixth aspect. Optionally, the processing device may be a processing device disposed in the policy control function device or the policy control function network element. Alternatively, the processing means may be processing means arranged within the access and mobility management function device or the access and mobility management function network element.

Optionally, the number of the processors is one or more, and the number of the memories is one or more.

Alternatively, the memory may be integral to the processor or provided separately from the processor.

In a specific implementation process, the memory may be a non-transient memory, such as a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.

It will be appreciated that the associated signal interaction process may be a process of reception or transmission from a processor. In particular, the signal output by the processor may be output to a transmitter and the input signal received by the processor may be from a receiver. The transmitter and receiver may be collectively referred to as a transceiver, among others.

The processing device in the twelfth aspect may be a chip, the processor may be implemented by hardware or software, and when implemented by hardware, the processor may be a logic circuit, an integrated circuit, or the like; when implemented in software, the processor may be a general-purpose processor implemented by reading software code stored in a memory, which may be integrated with the processor, located external to the processor, or stand-alone.

In a thirteenth aspect, there is provided a computer program product comprising a computer program (which may also be referred to as code, or instructions) that, when executed, causes the method in any one of the possible implementations of the first aspect or the first aspect described above, or the method in any one of the possible implementations of the second aspect or the second aspect described above, or the method in any one of the possible implementations of the third aspect or the third aspect described above, or the method in any one of the possible implementations of the fourth aspect or the fourth aspect described above, or the method in any one of the possible implementations of the fifth aspect or the fifth aspect described above, or the method in any one of the possible implementations of the sixth aspect described above to be performed.

In a fourteenth aspect, there is provided a readable storage medium, on which a computer program (also referred to as code or instructions) is stored, which when executed, causes a method in any one of the above-described first aspect or first aspect possible implementations, or a method in any one of the above-described second aspect or second aspect possible implementations, or a method in any one of the above-described third aspect or third aspect possible implementations, or a method in any one of the above-described fourth aspect or fourth aspect possible implementations, or a method in any one of the above-described fifth aspect or fifth aspect possible implementations, or a method in any one of the above-described sixth aspect or sixth aspect possible implementations to be performed.

In a fifteenth aspect, there is provided a communications system comprising a first policy control function device and a first access and mobility management function device of any of the above aspects or any possible implementation of the same. Optionally, the communication system may further comprise one or more of: the system comprises a relay terminal, a remote terminal, a second policy control function device or a second access and mobile management function device.

Drawings

Fig. 1 is a diagram of a communication system architecture in a non-direct communication mode.

Fig. 2 is a schematic diagram of a communication system provided herein.

Fig. 3 is a 5G system architecture diagram.

Fig. 4 is a schematic flow chart of an authorization method provided in the present application.

Fig. 5 to 8 are specific examples of the authorization method shown in fig. 4, respectively.

Fig. 9 is a schematic flow chart of another authorization method provided by the present application.

Fig. 10 to 13 are specific examples of the authorization method shown in fig. 9, respectively.

Fig. 14 is a schematic diagram of a communication device provided in the present application.

Fig. 15 is a schematic structural diagram of another communication device provided in the present application.

Detailed Description

The technical solution in the present application will be described below with reference to the accompanying drawings.

The technical scheme of the embodiment of the application can be applied to various communication systems, for example: a Long Term Evolution (LTE) system, a LTE Frequency Division Duplex (FDD) system, a LTE Time Division Duplex (TDD), a fifth generation (5G) system, a New Radio (NR) or other communication systems that may appear in the future, and the like.

With the rapid development of mobile communication, the widespread use of new service types, such as video chat, Virtual Reality (VR)/Augmented Reality (AR), and other data services, increases the bandwidth demand of users. Device-to-Device (D2D) communication allows terminals to communicate directly, and D2D terminals can share spectrum resources with cell users under the control of a cell network, thereby effectively improving the utilization rate of the spectrum resources.

The D2D communication includes One-to-many communication (One to any communication) and One-to-One communication (One to One communication). One-to-many communication corresponds to multicast and broadcast communication, and one-to-one communication corresponds to unicast communication. In the one-to-one Communication, if the transmission side terminal and the reception side terminal are in a short range, PC5(ProSe Communication 5) Communication is possible after mutual discovery. Referring to fig. 1, when a terminal is out of network coverage or has poor communication signals with an access network device, the terminal, as a remote terminal, may perform PC5 communication with a relay terminal, and connect to the access network device using a relay service provided by the relay terminal, thereby accessing the network. The indirect communication mode, namely the communication mode that the remote terminal accesses the network through the relay terminal, can extend and support the communication from the terminal outside the network coverage to the network.

In an actual operation scenario, a remote terminal may access the network through any relay terminal, or may only access the network through some relay terminals, for example, a commercial type remote terminal may not be allowed to access the network through a public security type relay terminal. Therefore, the relay terminal and/or the remote terminal need to know whether the relay service relationship can be established, that is, whether the remote terminal can access the network through the relay terminal.

In view of this, the present application provides two authorization methods, the first method may be to determine an authorization result by a first core network device, that is, to determine whether to authorize a relay terminal to establish a relay service relationship with a remote terminal, where the first core network device is the core network device that determines whether to authorize the terminal as a relay terminal. After determining the authorization result, the first core network device may notify the determined authorization result to the relay terminal, so that the relay terminal may determine whether to allow the remote terminal to access the network through the relay terminal. The method can realize centralized authorization while realizing the determination of whether the relay terminal is authorized to establish the relay service relationship with the remote terminal, and avoids signaling interaction between the equipment for determining whether the relay terminal is authorized to establish the relay service relationship with the remote terminal and the equipment for determining whether the terminal is the relay terminal when the two equipment are not the same equipment.

In the second method, the second core network device may determine the authorization result, that is, determine whether to authorize the relay terminal to establish the relay service relationship with the remote terminal, where the second core network device determines whether to authorize the terminal to be the core network device of the remote terminal. After determining the authorization result, the second core network device may notify the determined authorization result to the remote terminal, so that the remote terminal may determine whether to access the network through the relay terminal. The method can realize centralized authorization while realizing the determination of whether the relay terminal is authorized to establish the relay service relationship with the remote terminal, and avoids signaling interaction between the equipment for determining whether the relay terminal is authorized to establish the relay service relationship with the remote terminal and the equipment for determining whether the terminal is the remote terminal when the two equipment are not the same equipment.

The authorization method provided by the present application is mainly described by taking a first core network device and a second core network device as policy control function devices as examples. It should be understood that, when the first core network device and the second core network device are other devices in the core network, the process of implementing the authorization method of the present application is similar to that when the first core network device and the second core network device are policy control function devices, the process of implementing the authorization method of the present application is similar, and details will not be described herein.

Additionally, it should also be understood that a remote terminal may also be referred to as a remote terminal.

To facilitate understanding of the embodiments of the present application, first, an apparatus according to the embodiments of the present application will be described with reference to fig. 2 and 3.

Figure 2 the present application provides a schematic diagram of a communication system. As shown in fig. 2, the system includes one or more of the following devices: remote terminal 110, relay terminal 120, access network device 130, access and mobility management function devices 140 and 150, and policy control function devices 160 and 170. Optionally, the system may further include a unified database 180 and/or a unified data management device 190.

Remote terminal 110 and relay terminal 120 may be User Equipment (UE), an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote terminal, a mobile device, a user terminal, a wireless communication device, a user agent, or user equipment. For example, the mobile phone may be a mobile phone (mobile phone), a tablet (pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote medical (remote medical), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in home (smart home), and the like. The remote terminal 110 and the relay terminal 120 may also be devices or circuit structures, such as chips or systems of chips, provided in the various devices described above.

The access network device 130 is capable of managing radio resources and providing access services to the terminal, thereby completing forwarding of control signals and user data between the terminal and the core network.

The access network device 130 may be a Transmission Reception Point (TRP), an evolved Node B (eNB or eNodeB) in the LTE system, a home base station (e.g., home evolved NodeB, or home Node B, HNB), a Base Band Unit (BBU), a radio controller in a Cloud Radio Access Network (CRAN) scenario, or the access network device may be a relay station, an access point, a vehicle-mounted device, a wearable device, and an access network device in a 5G network or an access network device in a future evolved public mobile network (PLMN) network, or the access network device may be an access point (access point, AP) in a WLAN, and may be a gNB in a new radio system (NR) system, which is not limited in this embodiment. In one network configuration, the access network device may include a Centralized Unit (CU) node, or a Distributed Unit (DU) node, or an access network device including a CU node and a DU node, or an access network device including a control plane CU node (CU-CP node) and a user plane CU node (CU-UP node) and a DU node.

The access and mobility management function devices 140 and 150 are mainly used for mobility management, access management, and the like, for example, may be used to implement other functions besides session management in a Mobility Management Entity (MME) function, for example, functions such as lawful interception, or access authorization (or authentication). The access and mobility management function devices 140 and 150 described in this application may be a function module, a network element, or a device disposed in other network devices, and this application does not limit the specific implementation form thereof.

The access and mobility management function device 140 is an access and mobility management function device of the remote terminal 110. It is meant here that the access and mobility management function device 140 is responsible for access and mobility management of the remote terminal 110.

The access and mobility management function device 150 is an access and mobility management function device of the relay terminal 120. It means here that the access and mobility management function device 150 is responsible for access and mobility management of the relay terminal 120.

It should be noted that the access and mobility management function devices 140 and 150 may be two devices or may be the same device.

It should be understood that the access and mobility management function device may also be referred to as an access and mobility management function network element.

The policy control function devices 160 and 170 are used to guide a unified policy framework of network behavior, provide policy rule information for control plane function network elements, and the like. The policy control function devices 160 and 170 described in this application may be a function module, a network element, or a device disposed in other network devices, and the specific implementation form of the policy control function devices is not limited in this application.

The policy control function device 160 is a policy control function device of the remote terminal 110. What is meant here is that the policy control function device 160 is responsible for generating terminal policies (UE policies) and Access Management policies (Access Management policies) related to the remote terminal 110 and sending them to the remote terminal 110 and the Access and mobility Management function device 140, respectively. Specifically, the terminal policy is sent by the policy control function device 160 to the remote terminal 110 through the access and mobility management function device 140 for routing and access network selection of the remote terminal 110. The access management policy is sent by the policy control function device 160 to the access and mobility management function device 140 for access management of the remote terminal 110 by the access and mobility management function device 140.

The policy control function device 170 is a policy control function device of the relay terminal 120. It means here that the policy control function device 170 is responsible for generating a terminal policy (UE policy) and an Access Management policy (Access Management policy) related to the relay terminal 120 and transmitting them to the relay terminal 120 and the Access and mobility Management function device 150, respectively. Specifically, the terminal policy is transmitted to the relay terminal 120 by the policy control function device 170 through the access and mobility management function device 150 for routing and access network selection of the relay terminal 120. The access management policy is transmitted by the policy control function device 170 to the access and mobility management function device 150 for access management of the relay terminal 120 by the access and mobility management function device 150.

It should be noted that the policy control function devices 160 and 170 may be two devices or may be the same device.

It should be understood that the policy control function device may also be referred to as a policy control function network element.

The unified database 180 mainly includes access functions for type data such as subscription data, policy data, application data, and the like.

The unified data management device 190: for handling subscriber identification, access authentication, registration, or mobility management, etc.

It should be understood that the unified data management apparatus may also be referred to as a unified data management network element.

It should be understood that each of the above devices may refer to a physical apparatus, and may refer to a chip having a corresponding function.

Fig. 3 is a diagram of a 5G system architecture as applied to the present application. The system architecture may include the following devices:

1. user Equipment (UE): may be a terminal as described herein. Only one UE is shown in fig. 3, and at least a remote UE and a relay UE may be included in the present application.

2. (radio) access network, (R) AN): may be an access network device as described herein.

3. Access and mobility management function (AMF): may be an access and mobility management function device as described herein.

4. Policy Control Function (PCF): may be a policy control function device as described herein.

5. Unified Data Management (UDM): may be a unified data management device as described herein.

6. Unified Database (UDR): may be a unified database as described herein.

Optionally, the 5G system may further include:

7. session Management Function (SMF): the method is mainly used for session management, Internet Protocol (IP) address allocation and management of the terminal, selection of a termination point of an interface capable of managing a user plane function, policy control or charging function, downlink data notification and the like.

8. User Plane Function (UPF): for packet routing and forwarding, or quality of service (QoS) handling of user plane data, etc.

9. Data Network (DN): for providing a network for transmitting data, e.g. an Internet network or the like.

10. Application Function (AF): mainly supports the interaction with the 3rd generation partnership project (3 GPP) core network to provide services, for example, some services that affect data routing decisions, policy control functions, or provide third parties to the network side.

It should be understood that the name of each network element shown in fig. 2 is only one name, and the name does not limit the function of the network element itself. In the 5G network and other networks in the future, the network elements may also be given other names, which is not specifically limited in the embodiment of the present application. For example, in a 6G network, some or all of the above network elements may use the terminology in 5G, or may use other nomenclature, and so on, which are described herein in a unified manner and will not be described again below. Similarly, the interface or service interface between the network elements shown in fig. 3 is only an example, and in a 5G network and other networks in the future, the interface or service interface between the network elements may not be the interface shown in the figure, and the application does not limit this.

It should also be understood that the embodiments of the present application are not limited to the system architecture shown in fig. 3. For example, a communication system to which the present application may be applied may comprise more or fewer network elements or devices. The devices or network elements in fig. 3 may be hardware, or may be functionally divided software, or a combination of the two. The devices or network elements in fig. 3 may communicate with each other through other devices or network elements.

It should also be understood that any device or network element referred to in this application may be implemented in software, or in a combination of software and hardware. For example, the policy control function device may be an apparatus having functions that can be implemented by the policy control function device, or a software/hardware module or the like inside the apparatus. The authorization method provided by the present application is explained in detail below.

Fig. 4 is a schematic flow chart diagram of an authorization method provided by the present application. The steps of the method 400 shown in fig. 4 are described below. It should be noted that the method 400 may be applied to a scenario in which any remote terminal requests any relay terminal to access the network through the relay terminal, and for convenience of understanding, the method 400 is described by taking an example in which a first remote terminal requests a first relay terminal to access the network. S401, the first remote terminal sends a communication request message to the first relay terminal.

The communication request message is used for requesting the first relay terminal to establish indirect communication, namely requesting the first relay terminal to provide relay service for the first remote terminal. The communication request message comprises a first identifier, and the first identifier is used for identifying the first remote terminal. Illustratively, the first identifier may be an IMSI, a 5G globally unique temporary identifier (5G globally unique temporary identifier, 5G-GUTI), or a GPSI.

It should be understood that the Communication request message may be transmitted through a PC5(ProSe Communication 5) interface between the first remote terminal and the first relay terminal.

The communication request message may be a non-direct communication request (indirect communication request) message or a direct communication request (direct communication request) message. Optionally, if the direct communication request message is the direct communication request message, the message may carry the indirect communication indication information.

S402, the first relay terminal sends a non-access stratum (NAS) message to the first access and mobility management function device. The first access and mobility management function device is an access and mobility management function device of the first relay terminal.

And after receiving the communication request message, the first relay terminal sends an NAS message to the first access and mobility management function device, wherein the NAS message is used for requesting the first policy control function device to determine whether to authorize the first relay terminal to establish a relay service relationship with the first remote terminal. The NAS message includes a first identifier and a second identifier, and the second identifier is used to identify the first relay terminal. The second identity may be, for example, IMSI, 5G-GUTI, GPSI.

Optionally, the NAS message is a registration request (registration request) message.

Optionally, the first identity and the second identity are located in a container in the NAS message. For example, the first identity and the second identity may be located in a terminal policy container (UE policy container) in the NAS message.

Optionally, the container where the first identifier and the second identifier are located may further include an indication information, where the indication information is used to request the first policy control function device to determine whether to authorize the first relay terminal to establish the relay service relationship with the first remote terminal.

Illustratively, the indication information may be a Policy Section Identifier (PSI).

It should be understood that the first relay terminal first sends the NAS message to the access network device, and then the access network device forwards the NAS message to the first access and mobility management function device.

S403, the first access and mobility management function device generates a first request message.

The first request message includes an identification of the first remote terminal and an identification of the first relay terminal. For example, the identifier of the first remote terminal may be an IMSI or a GPSI of the first remote terminal; the identity of the first relay terminal may be the IMSI or the GPSI of the first relay terminal. The first request message is used for requesting to authorize whether the first relay terminal and the first remote terminal can establish a relay service relationship.

Optionally, in an embodiment, if the first identifier is an IMSI or a GPSI of the first remote terminal, the second identifier is an IMSI or a GPSI of the first relay terminal, and the first identifier and the second identifier are placed in a container of the NAS message in S402, the first access and mobility management function device generates the first request message according to the container.

In another mode, if the first identifier included in the NAS message in S402 is 5G-GUTI, the first access and mobility management function device first acquires the identifier of the first remote terminal, such as IMSI or GPSI, according to the first identifier. Specifically, the 5G-GUTI of the remote terminal includes identification information of a second access and mobility management function device, where the second access and mobility management function device is an access and mobility management function device of the first remote terminal, and the first access and mobility management function device may determine the second access and mobility management function device according to the 5G-GUTI of the first remote terminal. Then, the first access and mobility management function device may transmit the 5G-GUTI of the first remote terminal to the second access and mobility management function device. Since the second access and mobility management function device stores the corresponding relationship between the 5G-GUTI of the first remote terminal and the IMSI and/or GPSI of the first remote terminal, the second access and mobility management function device may return the IMSI or GPSI of the first remote terminal to the first access and mobility management function device according to the 5G-GUTI of the first remote terminal.

Similarly, the first access and mobility management function device stores a corresponding relationship between the 5G-GUTI of the first relay terminal and the IMSI and/or the GPSI of the first relay terminal, and if the second identifier included in the NAS message in S402 is the 5G-GUTI, the first access and mobility management function device determines the IMSI or the GPSI of the first relay terminal according to the corresponding relationship between the second identifier and the IMSI or the GPSI of the first relay terminal.

After obtaining the IMSI or GPSI of the first remote terminal and the IMSI or GPSI of the first relay terminal, the first access and mobility management function device may generate the first request message.

S404, the first access and mobility management function device sends a first request message to the first policy control function device. The first policy control function device is a policy control function device of the first relay terminal.

S405, the first policy control function device determines an authorization result according to the first request message, that is, determines whether to authorize the first relay terminal to establish a relay service relationship with the first remote terminal.

It should be understood that, in the present application, the authorization result may also be referred to as authorization information (authorization information).

The authorization result can also be understood as whether the first remote terminal is authorized to access the network through the first relay terminal.

In the first mode, only the first policy control function device determines whether the first relay terminal can provide the relay service for the first remote terminal, if so, determines that the first relay terminal is authorized to establish the relay service relationship with the first remote terminal, otherwise, does not authorize the first relay terminal to establish the relay service relationship with the first remote terminal.

In this manner, if at least one remote terminal that can provide relay service by the first relay terminal includes the first remote terminal, that is, the first relay terminal can provide relay service for the first remote terminal, for example, the first association information includes an identifier of the first remote terminal, the first policy control function device may determine that the first relay terminal is authorized to establish the relay service relationship with the first remote terminal, and otherwise, the first policy control function device may determine that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

Alternatively, the first association information may be stored in a unified database, for example, in the form of subscription information.

Accordingly, the first policy control function device may obtain the first association information from the unified database when the first relay terminal is registered, or may obtain the first association information from the unified database after receiving the first request message. In addition, the information of the at least one remote terminal that may be provided with the relay service by the first relay terminal may also be dynamically updated, for example, the first relay terminal requests an update to the operator, and then the operator updates the subscription information of the first relay terminal stored in the unified database.

Optionally, the first association information may also be autonomously determined by the first policy control function device. For example, the first policy control function device may determine the first association information from preconfigured policy information. In particular, the preconfigured policy information may be operator generated configured. For example, a common relay terminal can provide relay service for all remote terminals, and a specific relay terminal can only provide relay service for a specific remote terminal.

In a second manner, the first policy control function device determines whether the first relay terminal can provide the relay service for the first remote terminal, and the second policy control function device determines whether the first remote terminal can use the relay service of the first relay terminal, if both the determination results are yes, the first policy control function device may determine that the first relay terminal is authorized to establish the relay service relationship with the first remote terminal, otherwise, the first policy control function device may determine that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

Specifically, after receiving the first request message, the first policy control function device may obtain the first association information according to the identifier of the first relay terminal, and send the identifier of the first relay terminal and the identifier of the first remote terminal to the second policy control function device, where the second policy control function device is the policy control function device of the first remote terminal. After receiving the identifier of the first relay terminal and the identifier of the first remote terminal, the second policy control function device may obtain second association information, where the second association information indicates at least one relay terminal that may provide relay service for the first remote terminal, that is, which relay terminals may provide relay service for the first remote terminal. For example, the second association information may be an identification of at least one relay terminal that may provide the relay service for the first remote terminal. For another example, the second association information may indicate that all relay terminals may provide the relay service for the first remote terminal. The second policy control network element may determine whether the first remote terminal may use the relay service of the first relay terminal according to the identifier of the first relay terminal and the second association information. Then, the second policy control function device sends first indication information to the first policy control function device, where the first indication information is used to indicate whether the first remote terminal can use the relay service of the first relay terminal. The first policy control function device may determine whether to authorize the first relay terminal to establish the relay service relationship with the first remote terminal according to the first indication information, the identifier of the first remote terminal, and the first association information.

In this manner, if at least one remote terminal that can provide the relay service by the first relay terminal includes the first remote terminal, and the first indication information indicates that the first remote terminal can use the relay service of the first relay terminal, that is, the at least one relay terminal that can provide the relay service for the first remote terminal includes the first relay terminal, the first policy control function device may determine to authorize the first relay terminal to establish the relay service relationship with the first remote terminal. If at least one remote terminal which can provide the relay service by the first relay terminal does not include the first remote terminal, or if the first indication information indicates that the first remote terminal cannot use the relay service of the first relay terminal, the first policy control function device may determine that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

For example, if the first association information includes an identifier of the first remote terminal, and the second association information includes an identifier of the first relay terminal, the first policy control function device may determine to authorize the first relay terminal to establish the relay service relationship with the first remote terminal. For another example, if the first association information does not include the identifier of the first remote terminal, the first policy control function device may determine that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal. Or, if the second association information does not include the identifier of the first relay terminal, it may be determined that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

Optionally, the second association information may also be stored in the unified database, for example, in the form of subscription information.

Similarly, in the second two manners, the second policy control function device may obtain the second association information from the unified database when the first remote terminal registers, or may obtain the second association information from the unified database after receiving the identifier of the first relay terminal and the identifier of the first remote terminal, which are sent by the first policy control function device. In addition, the information of at least one relay terminal that can provide the relay service for the first remote terminal may also be dynamically updated, for example, the first remote terminal requests an update to the operator, and then the operator updates the subscription information of the first remote terminal stored in the unified database.

In addition, in the second manner, before the first policy control function device sends the identifier of the first relay terminal and the identifier of the first remote terminal to the second policy control function device, it needs to determine which device the second policy control function device is specifically, that is, it needs to acquire the identifier of the second policy control function device.

Alternatively, the identity of the second policy control function device may be obtained by the first access and mobility management function device and carried in the first request message.

For example, the first access and mobility management function device may obtain an identification of the second policy control function device from the second access and mobility management function device. Specifically, during the registration process of the first remote terminal, the second access and mobility management function device may determine a corresponding policy control function device (i.e., a second policy control function device) for the first remote terminal, and store a correspondence between an identifier (e.g., IMSI or GPSI) of the first remote terminal and an identifier of the second policy control function device. When the first access and mobility management function device obtains the identifier of the first remote terminal from the second access and mobility management function device according to the 5G-GUTI of the first remote terminal, the second access and mobility management function device may return the identifier of the first remote terminal and the identifier of the policy control function device corresponding to the identifier of the first remote terminal, that is, the identifier of the second policy control function device at the same time.

As another example, the first access and mobility management function device may obtain the identity of the second policy control function device from a unified database or unified data management device. Specifically, after the first remote terminal is registered, the second policy control function device registers a correspondence between an identifier (IMSI or GPSI) of the first remote terminal and an identifier of the second policy control function device in the unified database or the unified data management device, and the unified database or the unified data management device stores the correspondence. The first mobile and management device may obtain the identifier of the second policy control function device from the unified database or the unified data management device according to the identifier of the first remote terminal. Alternatively, the identity of the second policy control function device may be obtained by the first policy control function device.

For example, the first policy control function device may obtain the identity of the second policy control function device from a unified database or unified data management device. Specifically, after the remote terminal is registered, the second policy control function device registers a correspondence between an identifier (IMSI or GPSI) of the first remote terminal and an identifier of the second policy control function device in the unified database or the unified data management device, and the unified database or the unified data management device stores the correspondence. The first policy control function device may obtain the identifier of the second policy control function device from the unified database or the unified data management device according to the identifier of the first remote terminal.

It should be noted that, in the second manner, the first policy control function device may also determine, according to the first association information, whether the remote terminal that can provide the relay service by the first relay terminal includes the first remote terminal, if the first remote terminal includes the first remote terminal, send the identifier of the first relay terminal and the identifier of the first remote terminal to the second policy control function device, and if the remote terminal does not include the first remote terminal, may not send the identifier of the first relay terminal and the identifier of the first remote terminal to the second policy control function device, but directly determine that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

S406, the first policy control function device sends the authorization result to the first access and mobility management function device.

Optionally, the first policy control function device sends the authorization result to the first access and mobile devices in a container, which may be an N1container (N1container) or a terminal policy container.

Optionally, the first policy control function device sends the authorization result via an N1N2 messaging message (N1N2 MessageTransfer).

S407, the first access and mobility management function device sends the authorization result to the first relay terminal.

Optionally, the first access and mobility management function device receives the N1container from the first policy control function device, and sends the N1container or the terminal policy container to the first relay terminal through an NAS message.

It should be understood that the first access and mobility management function device first sends the authorization result to the access network device, and then the access network device forwards the authorization result to the first relay terminal.

Optionally, in step S406, the authorization result further includes an identifier of the first relay terminal and an identifier of the first remote terminal.

Optionally, the method may further include: s407a, the first access and mobility management function device sends the authorization result to the access network device through a Next Generation Application Protocol (NGAP) message, and the access network device stores the authorization result.

Then, when the first remote terminal requests to access the network, the access network device may determine, according to the authorization result, that the first remote terminal may access the network through the first relay terminal.

And S408, after receiving the authorization result, the first relay terminal sends a communication request response message to the first remote terminal according to the authorization result.

The communication request response message may be a non-direct communication response (indirect communication response) message or a direct communication response (direct communication response) message.

Specifically, if the authorization result indicates that the first relay terminal is authorized to establish the relay service relationship with the first remote terminal, the communication request response message indicates that the first remote terminal can use the relay service of the first relay terminal, otherwise, the first remote terminal cannot use the relay service of the first relay terminal. The operation of the first remote terminal after receiving the communication request response message may refer to the prior art, for example, refer to scheme 6 or scheme 7 in 3GPP TR23.752, and will not be described in detail here.

According to the method provided by the application, the policy control function device of the relay terminal can determine whether to authorize the relay terminal to establish the relay service relationship with the remote terminal, and the relay terminal can determine whether to allow the remote terminal to access the network through the relay terminal according to the authorization result by sending the determined authorization result to the relay terminal. In addition, whether the relay terminal can be used as the relay terminal or not is also authorized by the policy control function device of the relay terminal, so that the centralization of the authorization function can be realized, and the signaling interaction between core devices caused by the non-centralization of the authorization function is avoided.

For ease of understanding, the method 400 is illustrated in more detail below with reference to fig. 5-8, taking the command to the device in the 5G system as an example. It should be understood that the relay UE, the AMF of the relay UE, the PCF of the relay UE, the remote UE, the AMF of the remote UE, and the PCF of the remote UE in the methods shown in fig. 5 to 8 correspond to the first relay terminal, the first access and mobility management function device, the first policy control function device, the first remote terminal, the second access and mobility management function device, and the second policy control function device in the method 400, respectively.

It should also be understood that the names of the devices involved in fig. 4 may differ in different network systems, and the names of the devices in the methods shown in fig. 5 to 8 do not constitute any limitation to the present application.

Fig. 5 is an authorization method provided herein, where method 500 is a specific embodiment of method 400. The method 500 is applicable to the remote UE in a registration state, a deregistration state (deregistration after registration) and no registration state (no registration in the network so far), and the method 500 corresponds to the first way in step S405. The steps in method 500 are described below.

S501, registration process of UE.

Specifically, one UE (e.g., denoted as: UE #1) as a remote UE and one UE (e.g., denoted as: UE #2) as a relay UE subsequently perform registration procedures to register to the network, respectively.

It should be understood that if UE #1 does not perform the registration procedure, UE #1 may use the pre-configured authorization information.

Optionally, in the registration procedure of the relay UE, the first association information, that is, information of the remote UE that can be provided with the relay service by the relay UE, may be stored in the UDR. It should be understood that the UDRs correspond to a unified database in method 400.

It should be noted that, in the present application, UE #1 is authorized to be a remote UE and UE #2 is authorized to be a relay UE, so in fig. 5 and the description of fig. 5, UE #1 is referred to as a remote UE, AMF of UE #1 is referred to as AMF of the remote UE, PCF of UE #1 is referred to as PCF of the remote UE, UE #2 is referred to as a relay UE, AMF of UE #2 is referred to as AMF of the relay UE, and PCF of UE #2 is referred to as PCF of the relay UE.

And S502, relay discovery and selection.

In the relay discovery procedure, the remote UE initiates a relay discovery message. And the UE receiving the relay discovery message determines whether the UE can be used as the relay UE, and if so, replies a relay discovery response message to become a candidate relay UE. The remote UE may receive response messages of a plurality of candidate relay UEs, and perform relay selection according to the signal quality between the remote UE and the candidate relay UEs and the capability information of the candidate relay UEs.

It should be understood that S502 may refer specifically to the prior art.

S503, the remote UE sends a communication request message to the relay UE.

The role of the communication request message is the same as that of the communication request message in S401, and S301 may be referred to.

The first identity included in the communication request message may be the IMSI, 5G-GUTI, or GPSI of the remote UE.

S504, the relay UE sends NAS information to the AMF of the relay UE.

The NAS message is the same as the NAS message in S402. Wherein, the second identifier in the NAS message may be the IMSI, 5G-GUTI, or GPSI of the relay terminal.

S505, the AMF of the relay UE sends a first request message to the PCF of the relay UE.

It should be understood that the AMF of the relay UE first generates the first request message, and the process may refer to S403 and is not described in detail here.

S506, the PCF of the relay UE acquires the first correlation information from the UDR.

The first related information here is the same as the first related information related to S405, and reference may be made to S405.

Note that, instead of performing S506, the PCF of the relay UE may autonomously determine the first association information.

S507, the PCF of the relay UE determines an authorization result according to the first correlation information.

That is, the PCF of the relay UE determines whether the remote UE, which is indicated by the first association information and can be provided with the relay service by the relay UE, includes the remote UE, if so, determines that the authorization result is to authorize the relay UE to establish the relay service relationship with the remote UE, otherwise, determines that the authorization result is not to authorize the relay UE to establish the relay service relationship with the remote UE.

S508, the PCF of the relay UE returns the authorization result to the AMF of the relay UE.

S509, the AMF of the relay UE returns the authorization result to the relay UE.

Optionally, the authorization result may further include an identity of the remote UE and an identity of the relay UE.

Optionally, the method may further include: a step similar to S407a, i.e., the AMF sends the authorization result to the RAN by the NGAP message, and the RAN stores the authorization result.

And S510, the relay UE sends a communication request response message to the remote UE according to the authorization result.

This step is the same as S408, and S408 may be referred to.

According to the authorization method provided by the present application, a PCF (i.e., the PCF of a relay UE herein) can determine whether a UE can act as a relay UE. In a case where the UE may serve as a relay UE, if a remote UE requests to access a network through the relay UE, the relay UE may request a PCF of the relay UE to determine whether to authorize the relay UE to establish a relay service relationship with the remote UE. If the PCF of the relay UE determines that the relay UE can provide the relay service for the remote UE, the relay UE and the remote UE can be authorized to establish the relay service relationship, otherwise, the relay UE and the remote UE are not authorized to establish the relay service relationship. The method can realize centralization of authorization functions.

Fig. 6 is an authorization method provided herein, where method 600 is a specific embodiment of method 400. The method 600 is applicable to the remote UE being in the registration state, and the method 600 may correspond to the second manner in step S405. The steps in method 600 are described below.

S601, registration process of UE.

Unlike step S501, in step S501, the remote UE may not perform the registration procedure, and in S601, the remote UE needs to perform the registration procedure.

Similar to S501, in the registration process, UE #1 and UE #2 may respectively obtain authorization information from corresponding PCFs, and may determine whether to act as a remote UE or a relay UE according to the authorization information. During the registration process of the remote UE, the AMF of the remote UE may also determine a corresponding PCF (i.e., PCF of the remote UE) for the remote UE, and store a correspondence between the determined identity of the PCF and the identity of the remote UE (here, IMSI or GPSI of the remote UE).

In addition, in the registration procedure of the relay UE, the first association information, i.e., information of the remote UE that can be provided with the relay service by the relay UE, may be stored in the UDR. In the registration process of the remote UE, information of the relay UE that can provide the relay service for the remote UE, that is, the second association information, may also be stored in the UDR. It should be understood that the UDRs correspond to a unified database in method 400.

And S602, relay discovery and selection.

This step is the same as S502, and S502 may be referred to.

S603, the remote UE sends a communication request message to the relay UE.

The role of the communication request message is the same as that of the communication request message in S401, and S401 can be referred to.

The communication request message may include a first identity which may be the 5G-GUTI of the remote UE.

S604, the relay UE sends an NAS message to the AMF of the relay UE.

The NAS message is the same as the NAS message in S402. Wherein the second identifier in the NAS message can be IMSI, 5G-GUTI or GPSI of the relay UE.

S605, the AMF of the relay UE acquires the IMSI or the GPSI of the remote UE and the identification of the PCF of the remote UE from the AMF of the remote UE.

Specifically, the AMF of the relay UE may determine the AMF of the remote UE according to the 5G-GUTI of the remote UE, and then send the 5G-GUTI of the remote UE to the AMF of the remote UE, where a correspondence between the 5G-GUTI of the remote UE and the IMSI or GPSI of the remote UE and a correspondence between the IMSI or GPSI of the remote UE and the identifier of the PCF of the remote UE are stored in the AMF of the remote UE, so that the AMF of the remote UE may return the IMSI or GPSI of the remote UE and the identifier of the PCF of the remote UE to the AMF of the relay UE according to the 5G-GUTI of the remote UE.

S606, the AMF of the relay UE sends a first request message to the PCF of the relay UE.

The first request message includes the IMSI or GPSI of the relay UE, the IMSI or GPSI of the remote UE, and the identity of the PCF of the remote UE.

S607, the PCF of the relay UE acquires the first association information from the UDR.

The first related information here is the same as the first related information related to S405, and reference may be made to S405.

Note that, instead of performing S607, the PCF of the relay UE may autonomously determine the first association information.

Alternatively, if the first association information indicates that the remote UE that can be provided with the relay service by the relay UE does not include the remote UE, S608 to S612 may not be executed, and the PCF of the relay UE directly determines that the relay UE is not authorized to establish the relay service relationship with the remote UE as a result of the authorization.

S608, the PCF of the relay UE sends the identity of the remote UE (IMSI or GPSI) and the identity of the relay UE (IMSI or GPSI) to the PCF of the remote UE.

Optionally, the PCF of the relay UE sends a policy request message to the PCF of the remote UE, where the policy request message includes an identifier (IMSI or GPSI) of the remote UE and an identifier (IMSI or GPSI) of the relay UE.

S609, the PCF of the remote UE acquires the second associated information from the UDR according to the information sent by the PCF of the relay UE.

Here, the second related information is the same as the second related information related to S405, and S405 may be referred to.

It should be noted that S609 may not be executed, and the PCF of the remote UE may autonomously determine the second association information.

S610, the PCF of the remote UE determines whether the remote UE can use the relay service of the relay UE according to the second correlation information.

This step may specifically refer to the description of the second method in S405.

S611, the PCF of the remote UE sends the first indication information to the PCF of the relay UE.

The first indication information indicates whether the remote UE can use a relay service of the relay UE.

S612, the PCF of the relay UE determines the authorization result according to the first indication information and the first correlation information.

This step may specifically refer to the description of the second method in S405.

S613 to S615, the PCF of the relay UE returns the authorization result to the relay UE, specifically referring to S508 to S510.

According to the authorization method provided by the present application, a PCF (i.e., the PCF of a relay UE herein) can determine whether a UE can act as a relay UE. In a case where the UE may serve as a relay UE, if a remote UE requests to access a network through the relay UE, the relay UE may request a PCF of the relay UE to determine whether to authorize the relay UE to establish a relay service relationship with the remote UE. After receiving the request of the relay UE, the PCF of the relay UE determines whether the relay UE can provide relay service for the remote UE, and requests the PCF of the remote UE to determine whether the remote UE can use the relay service of the relay UE, if both the two determination results are positive, the PCF of the relay UE determines to authorize the relay UE to establish the relay service relationship with the remote UE, and if at least one of the two determination results is negative, the PCF of the relay UE determines not to authorize the relay UE to establish the relay service relationship with the remote UE. The method can realize centralization of authorization functions.

Fig. 7 is an authorization method provided herein, where method 700 is a specific embodiment of method 400. The method 700 is applicable when the remote UE is in a registration state, and the method 700 may correspond to the second method in step S405. Unlike the method 600, in the method 600, the AMF of the relay UE obtains the identity of the PCF of the remote UE from the AMF of the remote UE, and in the method 700, the AMF of the relay UE obtains the identity of the PCF of the remote UE from the UDR or the UDM. The steps of method 700 are described below.

S701, a registration process of the UE.

This step is similar to S601. In contrast, in S601, the correspondence between the identity of the PCF of the remote UE and the identity of the remote UE (the IMSI or the GPSI of the remote UE) may be stored in the AMF of the remote UE. In S701, after UE #1 is authorized as a remote UE, the PCF of UE #1 may register the correspondence between the identifier (IMSI or GPSI) of UE #1 and the identifier of the PCF of UE #1 in the UDR or UDM. It should be understood that the UDR corresponds to a unified database in method 400 and the UDM corresponds to a unified data management device in method 400.

S702, relay discovery and selection.

This step is the same as S502, and S502 may be referred to.

S703, the remote UE sends a communication request message to the relay UE.

The role of the communication request message is the same as that of the communication request message in S401, and S401 can be referred to.

The first identity included in the communication request message may be the IMSI, 5G-GUTI, or GPSI of the remote UE.

S704, the relay UE sends a NAS message to the AMF of the relay UE.

The NAS message is the same as the NAS message in S402. The first identifier in the NAS message can be the IMSI, 5G-GUTI or GPSI of the remote UE, and the second identifier can be the IMSI, 5G-GUTI or GPSI of the relay UE.

S705, the AMF of the relay UE obtains the identity of the PCF of the remote UE from the UDR or UDM.

Specifically, if the first identifier is the 5G-GUTI of the remote UE, the AMF of the relay UE first obtains the IMSI or the GPSI of the remote UE from the AMF of the remote UE, and the specific procedure may refer to the corresponding description above. If the first identifier is the IMSI or the GPSI of the remote UE, the process of acquiring the IMSI or the GPSI of the remote UE from the AMF of the remote UE does not need to be performed. And the AMF of the relay UE sends the IMSI or the GPSI of the remote UE to the UDR or the UDM, and the UDR or the UDM returns the identification of the PCF of the remote UE to the AMF of the relay UE according to the stored corresponding relation between the IMSI or the GPSI of the remote UE and the identification of the PCF of the remote UE.

S706 to S715, the PCF of the relay UE determines the authorization result and returns the authorization result, specifically refer to S606 to S615.

According to the authorization method provided by the present application, a PCF (i.e., the PCF of a relay UE herein) can determine whether a UE can act as a relay UE. In a case where the UE may serve as a relay UE, if a remote UE requests to access a network through the relay UE, the relay UE may request a PCF of the relay UE to determine whether to authorize the relay UE to establish a relay service relationship with the remote UE. After receiving the request of the relay UE, the PCF of the relay UE determines whether the relay UE can provide relay service for the remote UE, and requests the PCF of the remote UE to determine whether the remote UE can use the relay service of the relay UE, if both the two determination results are positive, the PCF of the relay UE determines to authorize the relay UE to establish the relay service relationship with the remote UE, and if at least one of the two determination results is negative, the PCF of the relay UE determines not to authorize the relay UE to establish the relay service relationship with the remote UE. The method can realize centralization of authorization functions.

Fig. 8 is an authorization method provided herein, where method 800 is a specific embodiment of method 400. The method 800 is applicable when the remote UE is in the registration state, and the method 800 may correspond to the second manner in step S405. Unlike method 800 and methods 600 and 700, in method 600 the identity of the PCF of the remote UE is obtained by the AMF of the relay UE from the AMF of the remote UE, in method 700 the identity of the PCF of the remote UE is obtained by the AMF of the relay UE from the UDR or UDM, and in method 800 the identity of the PCF of the remote UE is obtained by the PCF of the relay UE from the UDR or UDM. The steps of method 800 are described below.

S801 to S804 are the same as S701 to S704, and refer to S701 to S704 specifically.

S805, the AMF of the relay UE sends a first request message to the PCF of the relay UE.

It should be understood that the AMF of the relay UE first generates the first request message, and the process may refer to S403 and is not described in detail here.

S806, the PCF of the relay UE acquires the first association information from the UDR.

This step is the same as S607, and S607 may be referred to specifically.

Alternatively, if the first association information indicates that the remote UE that can be provided with the relay service by the relay UE does not include the remote UE, the PCF of the relay UE may not perform S807 to S815, and directly determine that the relay UE is not authorized to establish the relay service relationship with the remote UE as a result of the authorization.

S807, the PCF of the relay UE acquires the identity of the PCF of the remote UE from the UDR or UDM.

Specifically, the PCF of the relay UE sends the IMSI or the GPSI of the remote UE to the UDR or the UDM, and the UDR or the UDM returns the identifier of the PCF of the remote UE to the PCF of the relay UE according to the stored correspondence between the IMSI or the GPSI of the remote UE and the identifier of the PCF of the remote UE.

S808 to S815, the PCF of the relay UE determines the authorization result and returns the authorization result, specifically refer to S608 to S615.

According to the authorization method provided by the present application, a PCF (i.e., the PCF of a relay UE herein) can determine whether a UE can act as a relay UE. In a case where the UE may serve as a relay UE, if a remote UE requests to access a network through the relay UE, the relay UE may request a PCF of the relay UE to determine whether to authorize the relay UE to establish a relay service relationship with the remote UE. After receiving the request of the relay UE, the PCF of the relay UE determines whether the relay UE can provide relay service for the remote UE, and requests the PCF of the remote UE to determine whether the remote UE can use the relay service of the relay UE, if both the two determination results are positive, the PCF of the relay UE determines to authorize the relay UE to establish the relay service relationship with the remote UE, and if at least one of the two determination results is negative, the PCF of the relay UE determines not to authorize the relay UE to establish the relay service relationship with the remote UE. The method can realize centralization of authorization functions.

Fig. 9 is a schematic flow chart diagram of another authorization method provided by the present application. The method 900 differs from the method 400 in that in the method 400, the relay terminal requests the authorization result and the policy control function device of the relay terminal determines the authorization result, and in the method 900, the remote terminal requests the authorization result and the policy control function device of the remote terminal determines the authorization result. The steps of the method 900 shown in fig. 9 are explained below.

It should be noted that the method 900 may be applied to any scenario where a remote terminal requests to access a network through a relay terminal, and for convenience of understanding, the method 400 is described by taking an example where a first remote terminal requests to access the network through a first relay terminal.

S901, the first relay terminal sends the second identifier to the first remote terminal.

The first relay terminal may transmit a second identification to the first remote terminal during establishment of the PC5 connection, the second identification identifying the first relay terminal. Illustratively, the second identity may be an IMSI, a 5G-GUTI, or a GPSI.

S902, the first remote terminal sends NAS information to the first access and mobility management function device. The first access and mobility management function device is an access and mobility management function device of the first remote terminal.

The NAS message is used to request the first policy control function device to determine whether to authorize the first relay terminal to establish a relay service relationship with the first remote terminal. The NAS message may include a first identifier and a second identifier, and the first identifier is used to identify the first remote terminal. Illustratively, the first identity may be IMSI, 5G-GUTI, GPSI.

Optionally, the NAS message is a registration request (registration request) message.

Optionally, the first identity and the second identity are located within a container in the NAS message. For example, the first identity and the second identity may be located in a terminal policy container (UE policy container) in the NAS message.

Illustratively, the indication information may be a Policy Section Identifier (PSI).

It should be understood that the first remote terminal first sends the NAS message to the access network device, and then the access network device forwards the NAS message to the first access and mobility management function device. There are two ways for the first remote terminal to send the NAS message to the access network device: the first remote terminal directly sends the information to the access network equipment, or the first remote terminal sends the information to the access network equipment through the first relay terminal.

S903, the first access and mobility management function device generates a first request message.

Optionally, in an embodiment, if the first identifier is an IMSI or a GPSI of the first remote terminal, the second identifier is an IMSI or a GPSI of the first relay terminal, and the first identifier and the second identifier are placed in a container of the NAS message in S902, the first access and mobility management function device generates the first request message according to the container.

In another mode, if the second identifier included in the NAS message in S902 is 5G-GUTI, the first access and mobility management function device first acquires the identifier of the first relay terminal, such as IMSI or GPSI, according to the second identifier. Specifically, the 5G-GUTI of the relay terminal includes identification information of a second access and mobility management function device, where the second access and mobility management function device is an access and mobility management function device of the first relay terminal, and the first access and mobility management function device may determine the second access and mobility management function device according to the 5G-GUTI of the first relay terminal. Then, the first access and mobility management function device may transmit the 5G-GUTI of the first relay terminal to the second access and mobility management function device. Because the second access and mobility management function device stores the corresponding relation between the 5G-GUTI of the first relay terminal and the IMSI and/or GPSI of the first relay terminal, the second access and mobility management function device can return the IMSI or the GPSI of the first relay terminal to the first access and mobility management function device according to the 5G-GUTI of the first relay terminal.

Similarly, the first access and mobility management function device stores a correspondence between the 5G-GUTI of the first remote terminal and the IMSI and/or the GPSI of the first remote terminal, and if the first identifier included in the NAS message in S902 is the 5G-GUTI, the first access and mobility management function device may determine the IMSI or the GPSI of the first remote terminal according to the correspondence between the first identifier and the IMSI or the GPSI of the first remote terminal.

S904, the first access and mobility management function device sends a first request message to the first policy control function device. The first policy control function device is a policy control function device of the first remote terminal.

S905, the first policy control function device determines an authorization result according to the first request message, that is, determines whether to authorize the first relay terminal to establish a relay service relationship with the first remote terminal.

In the first mode, only the first policy control function device determines whether the first remote terminal can use the relay service of the first relay terminal, if so, it determines that the first relay terminal is authorized to establish the relay service relationship with the first remote terminal, otherwise, it does not authorize the first relay terminal to establish the relay service relationship with the first remote terminal.

Specifically, after receiving the first request message, the first policy control function device may obtain the first association information according to the identifier of the first remote terminal, and further may determine the authorization result according to the identifier of the first relay terminal and the first association information. The first association information indicates at least one relay terminal that can provide relay service for the first remote terminal, that is, which relay terminals can provide relay service for the first remote terminal. For example, the first association information may be an identifier of a relay terminal that may provide a relay service for the first remote terminal. For another example, the first association information may indicate that all relay terminals may provide the relay service for the first remote terminal. In this manner, if at least one relay terminal that can provide a relay service for the first remote terminal includes the first relay terminal, that is, the first remote terminal may use the relay service of the first relay terminal, for example, the first association information includes an identifier of the first relay terminal, the first policy control function device may determine that the first relay terminal is authorized to establish the relay service relationship with the first remote terminal, and otherwise, the first policy control function device may determine that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

Alternatively, the first association information may be stored in a unified database, for example, in the form of subscription information.

Accordingly, the first policy control function device may obtain the first association information from the unified database when the first remote terminal registers, or may obtain the first association information from the unified database after receiving the first request message. In addition, the information of at least one relay terminal that can provide the relay service for the first remote terminal may also be dynamically updated, for example, the first remote terminal requests an update to the operator, and then the operator updates the subscription information of the first remote terminal stored in the unified database.

Optionally, the first association information may also be autonomously determined by the first policy control function device. For example, the first policy control function device may determine the first association information from preconfigured policy information. In particular, the preconfigured policy information may be operator generated configured. For example, the remote terminal of the gold user may use the relay services of all the relay terminals, and the remote terminal of the non-gold user may use only the relay services of some of the relay terminals.

In a second mode, the first policy control function device determines whether the first remote terminal can use the relay service of the first relay terminal, and the second policy control function device determines whether the first relay terminal can provide the relay service for the first remote terminal, if both the determination results are yes, it is determined that the first relay terminal is authorized to establish the relay service relationship with the first remote terminal, otherwise, the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

Specifically, after receiving the first request message, the first policy control function device may obtain the first association information according to the identifier of the first remote terminal, and send the identifier of the first relay terminal and the identifier of the first remote terminal to the second policy control function device, where the second policy control function device is the policy control function device of the first relay terminal. After receiving the identifier of the first relay terminal and the identifier of the first remote terminal, the second policy control function device may obtain second association information, where the second association information indicates at least one remote terminal that may be provided with a relay service by the first relay terminal. For example, the second association information may be an identification of at least one remote terminal that may be provided with the relay service by the first relay terminal. As another example, the second association information may indicate that all remote terminals may be provided with relay service by the first relay terminal. The second policy control network element may determine whether the first relay terminal may provide the relay service for the first remote terminal according to the identifier of the first remote terminal and the second association information. Then, the second policy control function device sends first indication information to the first policy control function device, where the first indication information is used to indicate whether the first relay terminal can provide the relay service for the first remote terminal. The first policy control function device may determine whether to authorize the first relay terminal to establish the relay service relationship with the first remote terminal according to the first indication information, the identifier of the first relay terminal, and the first association information.

In this manner, if at least one relay terminal that can provide a relay service for the first remote terminal includes the first relay terminal, and the first indication information indicates that the first relay terminal can provide the relay service for the first remote terminal, the first policy control function device may determine to authorize the first relay terminal to establish a relay service relationship with the first remote terminal. If at least one relay terminal that can provide the relay service for the first remote terminal does not include the first relay terminal, or if the first indication information indicates that the relay service cannot be provided for the first remote terminal by the first relay terminal, the first policy control function device may determine that the relay service relationship between the first relay terminal and the first remote terminal is not authorized.

For example, if the first association information includes an identifier of the first relay terminal, and the second association information includes an identifier of the first remote terminal, the first policy control function device may determine to authorize the first relay terminal to establish the relay service relationship with the first remote terminal. For another example, if the first association information does not include the identifier of the first relay terminal, the first policy control function device may determine that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal. Or, if the second association information does not include the identifier of the first remote terminal, it may be determined that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

Optionally, the second association information may also be stored in the unified database, for example, in the form of subscription information.

Similarly, in the second two manners, the second policy control function device may obtain the second association information from the unified database when the first relay terminal is registered, or may obtain the second association information from the unified database after receiving the identifier of the first relay terminal and the identifier of the first remote terminal, which are sent by the first policy control function device. In addition, the information of the remote terminal that can provide the relay service by the first relay terminal may also be dynamically updated, for example, the first relay terminal requests an update to the operator, and then the operator updates the subscription information of the first relay terminal stored in the unified database.

Optionally, the second association information may also be autonomously determined by the second policy control function device. For example, the second policy control function device may determine the first association information from preconfigured policy information. In particular, the preconfigured policy information may be operator generated configured. For example, a common relay terminal can provide relay service for all remote terminals, and a specific relay terminal can only provide relay service for a specific remote terminal. In addition, in the second manner, before the first policy control function device sends the identifier of the first relay terminal and the identifier of the first remote terminal to the second policy control function device, it needs to determine which device the second policy control function device is specifically, that is, it needs to acquire the identifier of the second policy control function device.

Alternatively, the identity of the second policy control function device may be obtained by the first access and mobility management function device and carried in the first request message.

For example, the first access and mobility management function device may obtain an identification of the second policy control function device from the second access and mobility management function device. Specifically, in the registration process of the first relay terminal, the second access and mobility management function device may determine a corresponding policy control function device (i.e., a second policy control function device) for the first relay terminal, and store a correspondence relationship between an identifier (e.g., IMSI or GPSI) of the first relay terminal and an identifier of the second policy control function device. When the first access and mobility management function device acquires the IMSI or the GPSI of the first relay terminal from the second access and mobility management function device according to the 5G-GUTI of the first relay terminal, the second access and mobility management function device may return the IMSI or the GPSI of the first relay terminal and the identifier of the policy control function device corresponding to the IMSI or the GPSI of the first relay terminal, that is, the identifier of the second policy control function device.

As another example, the first access and mobility management function device may obtain the identity of the second policy control function device from a unified database or unified data management device. Specifically, in the registration process of the first relay terminal, the second policy control function device may register a correspondence between an identifier of the first relay terminal and an identifier of the second policy control function device in the unified database or the unified data management device. In this way, the first access and mobility management function device may obtain the identifier of the second policy control function device from the unified database or the unified data management device according to the identifier of the first relay terminal.

Alternatively, the identity of the second policy control function device may be obtained by the first policy control function device.

For example, the first policy control function device may obtain the identity of the second policy control function device from a unified database or unified data management device. Specifically, in the registration process of the first relay terminal, the second policy control function device may register a correspondence between an identifier of the first relay terminal and an identifier of the second policy control function device in the unified database or the unified data management device. In this way, the first policy control function device may obtain the identifier of the second policy control function device from the unified database or the unified data management device according to the identifier of the first relay terminal.

It should be noted that, in the second manner, the first policy control function device may also determine, according to the first association information, whether the relay terminal that can provide the relay service for the first remote terminal includes the first relay terminal, if the first relay terminal includes the first relay terminal, send the identifier of the first relay terminal and the identifier of the first remote terminal to the second policy control function device, and if the first relay terminal does not include the first relay terminal, may not send the identifier of the first relay terminal and the identifier of the first remote terminal to the second policy control function device, but directly determine that the first relay terminal is not authorized to establish the relay service relationship with the first remote terminal.

S906, the first policy control function device sends the authorization result to the first access and mobility management function device.

S907, the first access and mobility management function device sends the authorization result to the first remote terminal.

And after receiving the authorization result, the first remote terminal accesses the network through the first relay terminal according to the authorization result. The subsequent operations performed by the first remote terminal according to the authorization result can refer to the prior art, for example, refer to steps 7-9 in TR23.752, and are not described in detail here.

According to the method provided by the application, the policy control function device of the remote terminal can determine whether the relay terminal is authorized to establish the relay service relationship with the remote terminal, and the determined authorization result is sent to the remote terminal, so that the remote terminal can determine whether the relay terminal can be accessed to the network according to the authorization result. In addition, whether the remote terminal can be used as the remote terminal or not is also authorized by the policy control function device of the remote terminal, so that the centralization of the authorization function can be realized, and the signaling interaction between core devices caused by the non-centralization of the authorization function is avoided.

For ease of understanding, the method 900 is illustrated in more detail below with reference to fig. 10-13, taking the command to the device in the 5G system as an example. It should be understood that the remote UE, the AMF of the remote UE, the PCF of the remote UE, the relay UE, the AMF of the relay UE, and the PCF of the relay UE in the methods shown in fig. 10 to 13 correspond to the first remote terminal, the first access and mobility management function device, the first policy control function device, the first relay terminal, the second access and mobility management function device, and the second policy control function device in the method 900, respectively.

It should also be understood that the names of the devices involved in fig. 9 may differ in different network systems, and the names of the devices in the methods shown in fig. 10 to 13 do not constitute any limitation to the present application.

Fig. 10 is an authorization method provided herein, where method 1000 is a specific embodiment of method 900. The method 1000 corresponds to the first mode in step S905. The steps of the method 1000 are explained below.

S1001, registration procedure of the UE.

Specifically, one UE (e.g., denoted as: UE #1) as a remote UE and one UE (e.g., denoted as: UE #2) as a relay UE subsequently perform registration procedures to register to the network, respectively.

During the registration process, UE #1 and UE #2 may obtain authorization information from corresponding PCFs, respectively, and determine whether to serve as a remote UE or a relay UE according to the authorization information. It should be understood that if UE #1 does not perform the registration procedure, UE #1 may use the pre-configured authorization information.

Alternatively, in the registration process, the relay UE that can provide the relay service for the remote UE, that is, the first association information, may be stored in the UDR. It should be understood that the UDRs correspond to a unified database in the method 900.

It should be noted that, in the present application, UE #1 is authorized to be a remote UE and UE #2 is authorized to be a relay UE, so in fig. 10 and the description of fig. 10, UE #1 is referred to as a remote UE, AMF of UE #1 is referred to as AMF of the remote UE, PCF of UE #1 is referred to as PCF of the remote UE, UE #2 is referred to as a relay UE, AMF of UE #2 is referred to as AMF of the relay UE, and PCF of UE #2 is referred to as PCF of the relay UE.

S1002, relay UE discovery and selection procedure.

After this step, the relay UE and the remote UE may establish a PC5 connection, and the relay UE may send the second identity to the remote UE.

S1003, the remote UE sends a communication request message to the relay UE, and the communication request message requests the relay UE to establish indirect communication.

S1004, if the relay UE is not in a connected state (RRC connected), the relay UE initiates a Service Request (Service Request), so that the relay enters the connected state.

S1005, the relay UE returns a communication request response message.

S1006, the remote UE sends NAS message to AMF of the remote UE.

The NAS message is the same as the NAS message in S902. The second identifier in the NAS message can be IMSI, 5G-GUTI or GPSI, and the first identifier can be IMSI, 5G-GUTI or GPSI.

S1007, the AMF of the remote UE sends the first request message to the PCF of the remote UE.

It should be understood that the AMF of the remote UE first generates the first request message, and the process may refer to S1007 and will not be described in detail here.

S1008, the PCF of the far-end UE acquires the first correlation information from the UDR.

The first related information here is the same as the first related information related to S905, and reference may be made to S905.

It should be noted that instead of performing S1005, the PCF of the remote UE may autonomously determine the first association information.

S1009, the PCF of the remote UE determines the authorization result according to the first association information.

For a specific process of this step, reference may be made to the description of the first manner in S905, which is not described herein again.

S1010, the PCF of the remote UE returns the authorization result to the AMF of the remote UE.

S1011, the AMF of the remote UE returns the authorization result to the remote UE.

Subsequently, the prior art may be referred to for subsequent operations performed by the remote UE according to the authorization result.

According to the authorization method provided by the present application, the PCF (i.e., the PCF of the remote UE in this context) may determine whether a UE may act as a remote UE. In a case where the UE may serve as a remote UE, if the remote UE requests to access a network through the relay UE, the remote UE may request the PCF of the remote UE to determine whether to authorize the relay UE to establish a relay service relationship with the remote UE. If the PCF of the remote UE determines that the remote UE can use the relay service of the relay UE, the relay UE and the remote UE can be authorized to establish the relay service relationship, otherwise, the relay UE and the remote UE are not authorized to establish the relay service relationship. The method can realize centralization of authorization functions.

Fig. 11 is an authorization method provided herein, where method 1100 is a specific embodiment of method 900. The method 1100 may correspond to mode two in step S905. The steps in method 1100 are explained below.

S1101, registration procedure of the UE.

This step is the same as S1001.

Optionally, the first association information, that is, information of the relay UE that can provide the relay service for the remote UE, may be stored in the UDR; the second association information, i.e., information of the remote UE that can be provided with the relay service by the relay UE, may also be stored in the UDR. It should be understood that the UDRs correspond to a unified database in the method 900.

S1102 to S1105, like S1002 to S1005, may refer to S1002 to S1005.

S1106, the remote UE sends a NAS message to the AMF of the remote UE.

The NAS message is the same as the NAS message in S902.

The second identifier in the NAS message can be 5G-GUTI, and the first identifier can be IMSI, 5G-GUTI or GPSI.

S1107, the AMF of the remote UE obtains the IMSI or GPSI of the relay UE and the identifier of the PCF of the relay UE from the AMF of the relay UE.

Specifically, the AMF of the remote UE may determine the AMF of the relay UE according to the 5G-GUTI of the relay UE, and then send the 5G-GUTI of the relay UE to the AMF of the relay UE, where a correspondence between the 5G-GUTI of the relay UE and the IMSI or GPSI of the relay UE and a correspondence between the IMSI or GPSI of the relay UE and the identifier of the PCF of the relay UE are stored in the AMF of the relay UE, so that the AMF of the relay UE may return the IMSI or GPSI of the relay UE and the identifier of the PCF of the relay UE to the AMF of the remote UE according to the 5G-GUTI of the relay UE.

S1108, the AMF of the remote UE sends the first request message to the PCF of the remote UE.

The first request message includes the IMSI or GPSI of the relay UE, the IMSI or GPSI of the remote UE, and the identity of the PCF of the relay UE.

S1109, PCF of the remote UE acquires the first association information from the UDR.

The first related information here is the same as the first related information related to S905, and reference may be made to S905.

Note that, instead of performing S1109, the PCF of the remote UE may autonomously determine the first association information.

Optionally, if the first association information indicates that the relay UE that can provide the relay service for the remote UE does not include the relay UE, the PCF of the remote UE may not perform S1109 to 1113, and directly determine that the authorization result is that the relay UE is not authorized to establish the relay service relationship with the remote UE.

S1110, the PCF of the remote UE sends the identity of the relay UE (IMSI or GPSI) and the identity of the remote UE (IMSI or GPSI) to the PCF of the relay UE.

S1111, the PCF of the relay UE acquires the second associated information from the UDR according to the information sent by the PCF of the remote UE.

Here, the second related information is the same as the second related information related to S905, and reference may be made to S905.

Note that, instead of S1111, the PCF of the relay UE may autonomously determine the second association information.

S1112, the PCF of the relay UE determines whether the relay UE can provide the relay service for the remote UE according to the second correlation information.

This step may specifically refer to the description of the second method in S905.

S1113, the PCF of the relay UE sends the first indication information to the PCF of the remote UE.

The first indication information indicates whether the relay service can be provided for the remote UE by the relay UE.

S1114, the PCF of the remote UE determines the authorization result according to the first indication information and the first association information.

This step may specifically refer to the description of the second method in S905.

S1115 to S1116, the PCF of the remote UE returns the authorization result to the remote UE, specifically referring to S1010 to S1011.

According to the authorization method provided by the present application, the PCF (i.e., the PCF of the remote UE in this context) may determine whether a UE may act as a remote UE. In a case where the UE may serve as a remote UE, if the remote UE requests to access a network through the relay UE, the remote UE may request the PCF of the remote UE to determine whether to authorize the relay UE to establish a relay service relationship with the remote UE. After receiving the request of the remote UE, the PCF of the remote UE determines whether the remote UE can use the relay service of the relay UE, and the PCF of the remote relay UE requests to determine whether the relay UE can provide the relay service for the remote UE, if the two determination results are both yes, the PCF of the remote UE determines to authorize the relay UE to establish the relay service relationship with the remote UE, and if at least one of the two determination results is no, the PCF of the remote UE determines not to authorize the relay UE to establish the relay service relationship with the remote UE. The method can realize centralization of authorization functions.

Fig. 12 is an authorization method provided herein, where method 1200 is a specific embodiment of method 900. The method 1200 may correspond to mode two in step S905. Unlike method 1100, in method 1100, the AMF of the remote UE obtains the identity of the PCF of the relay UE from the AMF of the relay UE, and in method 1200, the AMF of the remote UE obtains the identity of the PCF of the relay UE from the UDR or UDM. The steps of the method 1200 are explained below.

S1201, registration process of UE.

This step is similar to S1101. In contrast, in S1101, the correspondence between the identity of the PCF of the relay UE and the identity of the relay UE (IMSI or GPSI of the relay UE) may be stored in the AMF of the relay UE. In S1201, after UE #2 is authorized as a relay UE, the PCF of UE #2 may register the correspondence between the identifier (IMSI or GPSI) of UE #2 and the identifier of the PCF of UE #2 in the UDR or UDM. It should be understood that the UDR corresponds to a unified database in the method 900 and the UDM corresponds to a unified data management device in the method 900.

S1202 to S1205, like S1002 to S1005, refer to S1002 to S1005.

S1206, the remote UE sends an NAS message to the AMF of the remote UE.

The NAS message is the same as the NAS message in S902.

The first identifier in the NAS message can be the IMSI, 5G-GUTI or GPSI of the remote UE, and the second identifier can be the IMSI, 5G-GUTI or GPSI of the relay UE.

S1207, the AMF of the remote UE obtains the identity of the PCF of the relay UE from the UDR or UDM.

Specifically, if the second identifier is the 5G-GUTI of the relay UE, the AMF of the remote UE first obtains the IMSI or the GPSI of the remote relay UE from the AMF of the relay UE, and the specific process may refer to the corresponding description above. If the second identifier is the IMSI or the GPSI of the relay UE, a process of acquiring the IMSI or the GPSI of the relay UE from the AMF of the relay UE does not need to be performed. And the AMF of the remote UE sends the IMSI or the GPSI of the relay UE to the UDR or the UDM, and the UDR or the UDM returns the identification of the PCF of the relay UE to the AMF of the remote UE according to the stored corresponding relation between the IMSI or the GPSI of the relay UE and the identification of the PCF of the relay UE.

S1208 to S1216, the PCF of the remote UE determines the authorization result and returns the authorization result, specifically refer to S1108 to S1116.

According to the authorization method provided by the present application, the PCF (i.e., the PCF of the remote UE in this context) may determine whether a UE may act as a remote UE. In a case where the UE may serve as a remote UE, if the remote UE requests to access a network through the relay UE, the remote UE may request the PCF of the remote UE to determine whether to authorize the relay UE to establish a relay service relationship with the remote UE. After receiving the request of the remote UE, the PCF of the remote UE determines whether the remote UE can use the relay service of the relay UE, and the PCF of the remote relay UE requests to determine whether the relay UE can provide the relay service for the remote UE, if the two determination results are both yes, the PCF of the remote UE determines to authorize the relay UE to establish the relay service relationship with the remote UE, and if at least one of the two determination results is no, the PCF of the remote UE determines not to authorize the relay UE to establish the relay service relationship with the remote UE. The method can realize centralization of authorization functions.

Fig. 13 illustrates an authorization method provided herein, where method 1300 is a specific embodiment of method 900. The method 1300 may correspond to the second method in step S905. Different from the methods 1100 and 1200, in the method 1100, the AMF of the remote UE acquires the identity of the PCF of the relay UE from the AMF of the relay UE, in the method 1200, the AMF of the remote UE acquires the identity of the PCF of the relay UE from the UDR or the UDM, and in the method 1300, whether the PCF of the remote UE acquires the identity of the PCF of the relay UE from the UDR or the UDM is determined. The steps in method 1300 are explained below.

S1301 to S1306, like S1201 to S1206, may refer to S1201 to S1206.

S1307, the AMF of the remote UE sends a first request message to the PCF of the remote UE.

It should be understood that the AMF of the middle remote UE first generates the first request message, and the process may refer to S903 and is not described in detail here.

S1308, the PCF of the remote UE acquires the first correlation information from the UDR.

This step is the same as S1109, and reference may be made to S1109.

Optionally, if the first association information indicates that the relay UE that can provide the relay service for the remote UE does not include the relay UE, the PCF of the remote UE may not perform S1308 to S1314, and directly determine that the relay UE is not authorized to establish the relay service relationship with the remote UE as the authorization result.

S1309, the PCF of the remote UE obtains the identity of the PCF of the relay UE from the UDR or UDM.

Specifically, the PCF of the remote UE sends the IMSI or the GPSI of the relay UE to the UDR or the UDM, and the UDR or the UDM returns the identifier of the PCF of the relay UE to the PCF of the remote UE according to the stored correspondence between the IMSI or the GPSI of the relay UE and the identifier of the PCF of the remote UE.

S1310 to S1316, the PCF of the remote UE determines the authorization result and returns the authorization result, specifically refer to S1110 to S1116.

According to the authorization method provided by the present application, the PCF (i.e., the PCF of the remote UE in this context) may determine whether a UE may act as a remote UE. In a case where the UE may serve as a remote UE, if the remote UE requests to access a network through the relay UE, the remote UE may request the PCF of the remote UE to determine whether to authorize the relay UE to establish a relay service relationship with the remote UE. After receiving the request of the remote UE, the PCF of the remote UE determines whether the remote UE can use the relay service of the relay UE, and the PCF of the remote relay UE requests to determine whether the relay UE can provide the relay service for the remote UE, if the two determination results are both yes, the PCF of the remote UE determines to authorize the relay UE to establish the relay service relationship with the remote UE, and if at least one of the two determination results is no, the PCF of the remote UE determines not to authorize the relay UE to establish the relay service relationship with the remote UE. The method can realize centralization of authorization functions.

It should be understood that the various aspects of the embodiments of the present application can be reasonably combined and explained, and the explanation or explanation of the various terms appearing in the embodiments can be mutually referred to or explained in the various embodiments, which is not limited.

It should also be understood that, in the various embodiments of the present application, the size of the serial number of each process described above does not mean the execution sequence, and the execution sequence of each process should be determined by the function and the inherent logic of each process. The various numbers or serial numbers involved in the above processes are merely used for convenience of description and should not be construed as limiting the implementation processes of the embodiments of the present application in any way.

The method provided by the embodiment of the present application is described in detail above with reference to fig. 4 to 13. Hereinafter, the apparatus provided in the embodiment of the present application will be described in detail with reference to fig. 14 and 15.

Fig. 14 is a schematic block diagram of a communication device provided in an embodiment of the present application. As shown in fig. 14, the communications device 2000 may include a transceiver unit 2010 and a processing unit 2020.

The transceiving unit 2010 may be configured to transmit information to other devices or apparatuses. For example, a first request message is sent. The processing unit 2020 may be used for performing part of the processing of the device, such as determining an authorization result.

In one implementation, the communication device 2000 corresponds to a policy control function device in the above method embodiment. The communication apparatus 2000 may be a policy control function device or a chip configured in the policy control function device, and may include a unit for performing an operation performed by the policy control function device.

In one example, the communication apparatus 2000 corresponds to the first policy control function device in the method 400, the PCF of the relay UE in the methods 500 to 800, and each unit in the communication apparatus 2000 is respectively for implementing the operation performed by the PCF of the first policy control function device or the relay UE in the corresponding methods.

Specifically, the transceiving unit 2100 is configured to receive a first request message from a first access and mobility management function device, where the first request message includes an identifier of a remote terminal and an identifier of the relay terminal, and the first access and mobility management function device is an access and mobility management function device of the relay terminal; a processing unit 2200, configured to determine an authorization result according to the identifier of the remote terminal and the identifier of the relay terminal, where the authorization result is used to indicate whether to authorize the relay terminal to establish a relay service relationship with the remote terminal; the transceiving unit 2100 is further configured to send the authorization result to the first access and mobility management function device.

Optionally, the processing unit 2200 is specifically configured to: acquiring first associated information according to the identifier of the relay terminal, wherein the first associated information indicates at least one remote terminal which can be provided with relay service by the relay terminal; controlling the transceiver unit 2100 to send the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device, where the second policy control function device is a policy control function device of the remote terminal; controlling the transceiving unit 2100 to receive first indication information from the second policy control function device, where the first indication information is used to indicate whether the remote terminal may use a relay service of the relay terminal; and determining the authorization result according to the identification of the remote terminal, the first associated information and the first indication information.

Optionally, the transceiver 2100 is specifically configured to: and sending the identifier of the relay terminal and the identifier of the remote terminal to the second policy control function device according to the identifier of the second policy control function device, wherein the identifier of the second policy control function device is carried in the first request message.

Optionally, the processing unit 2200 is specifically configured to: and acquiring the first associated information from a unified database according to the identifier of the relay terminal.

In another example, the communication apparatus 2000 corresponds to the second policy control function device in the method 400, the PCF of the remote UE in the methods 600 to 800, and each unit in the communication apparatus 2000 is respectively for implementing the operation performed by the second policy control function device or the PCF of the remote UE in the corresponding methods.

Specifically, the transceiving unit 2100 is configured to receive an identifier of a relay terminal and an identifier of the remote terminal from a first policy control function device, where the first policy control function device is a policy control function device of the relay terminal; a processing unit 2200, configured to determine whether the remote terminal may use the relay service of the relay terminal according to the identifier of the relay terminal and the identifier of the remote terminal; the transceiving unit 2100 is further configured to send first indication information to the first policy control function device, where the first indication information is used to indicate whether the remote terminal may use the relay service of the relay terminal.

Optionally, the processing unit 2200 is specifically configured to: acquiring second associated information according to the identifier of the remote terminal, wherein the second associated information is used for indicating at least one relay terminal which can provide relay service for the remote terminal; and determining whether the relay terminal can provide the relay service for the remote terminal or not according to the identifier of the relay terminal and the second associated information.

Optionally, the processing unit 2200 is specifically configured to: according to the identifier of the remote terminal, the transceiver unit 2100 is controlled to obtain the second authorization information from the unified database.

Optionally, the processing unit 2200 is further configured to: and storing the corresponding relation between the identifier of the second policy control function device and the identifier of the remote terminal into a unified database or unified data management device.

In yet another example, the communications apparatus 2000 corresponds to the first policy control function device in the method 900, the PCF of the remote UE in the methods 1000 to 1300, and the units in the communications apparatus 2000 are respectively for implementing the operations performed by the first policy control function device or the PCF of the remote UE in the respective methods.

Specifically, the transceiving unit 2100 is configured to receive a first request message from a first access and mobility management function device, where the first request message includes an identifier of a remote terminal and an identifier of a relay terminal, the apparatus is a policy control function device of the remote terminal, and the first access and mobility management function device is an access and mobility management function device of the remote terminal; the processing unit 2200 is configured to determine an authorization result according to the identifier of the remote terminal and the identifier of the relay terminal, where the authorization result is used to indicate whether to authorize the relay terminal to establish a relay service relationship with the remote terminal; the transceiving unit 2100 is further configured to send the authorization result to the first access and mobility management function device.

Optionally, the processing unit 2200 is specifically configured to: acquiring first associated information according to the identifier of the remote terminal, wherein the first associated information indicates at least one relay terminal capable of providing relay service for the remote terminal; controlling the transceiver unit 2100 to transmit the identifier of the relay terminal and the identifier of the remote terminal to a second policy control function device, where the second policy control function device is a policy control function device of the relay terminal; controlling the transceiving unit 2100 to receive first indication information from a second policy control function device, where the first indication information is used to indicate whether a relay terminal can provide a relay service for a remote terminal; and determining an authorization result according to the identifier of the relay terminal, the first associated information and the first indication information.

Optionally, the processing unit 2200 is specifically configured to: and acquiring the first associated information from the unified database according to the identification of the remote terminal.

In yet another example, the communication apparatus 2000 corresponds to the second policy control function device in the method 900, the PCF of the relay UE in the methods 1100 to 1300, and each unit in the communication apparatus 2000 is respectively for implementing the operation performed by the PCF of the second policy control function device or the relay UE in the corresponding methods.

Specifically, the transceiving unit 2100 is configured to receive an identifier of a relay terminal and an identifier of a remote terminal from a first policy control function device, where the apparatus is a policy control function device of the relay terminal, and the first policy control function device is a policy control function device of the remote terminal; the processing unit 2200 is configured to determine whether the relay terminal can provide the relay service for the remote terminal according to the identifier of the relay terminal and the identifier of the remote terminal; the transceiving unit 2100 is further configured to send first indication information to the first policy control function device, where the first indication information is used to indicate whether the relay terminal may provide the relay service for the remote terminal.

Optionally, the processing unit 2200 is specifically configured to: acquiring second associated information according to the identifier of the relay terminal, wherein the second associated information is used for indicating at least one remote terminal which can provide relay service by the relay terminal; and determining whether the relay terminal can provide the relay service for the remote terminal or not according to the identifier of the relay terminal and the second associated information.

Optionally, the processing unit 2200 is specifically configured to: and acquiring second authorization information from the unified database according to the identifier of the relay terminal.

Optionally, the processing unit 2200 is further configured to: and storing the corresponding relation between the identifier of the device and the identifier of the relay terminal into a unified database or unified data management equipment.

In another implementation, the communication apparatus 2000 corresponds to the access and mobility management function device in the above method embodiment. The communication apparatus 2000 may be an access and mobility management or a chip configured in the access and mobility management, and may include a unit for performing operations performed by the access and mobility management.

In one example, the communication apparatus 2000 corresponds to the first access and mobility management function device in the method 400, the AMF of the relay UE in the methods 500 to 800, and each unit in the communication apparatus 2000 is respectively for implementing operations performed by the AMF of the first access and mobility management or relay UE in the corresponding methods.

Specifically, the transceiving unit 2100 is configured to send the first request message to a first policy control function device, where the first policy control function device is a policy control function device of the relay terminal, and the first request message includes an identifier of the relay terminal and an identifier of a remote terminal; the transceiver 2100 is further configured to receive an authorization result from the first policy control function device, where the authorization result is used to indicate whether to authorize the relay terminal to establish a relay service relationship with the remote terminal; the transceiver 2100 is further configured to send the authorization result to the relay terminal.

Optionally, the transceiver 2100 is further configured to: and receiving the identification of the relay terminal and the identification of the remote terminal from the relay terminal.

Optionally, the first request message includes an identifier of a second policy control function device; the processing unit 2200 is further configured to: and acquiring an identifier of a second policy control function device from a second access and mobile management function device, or a unified data management device, or a unified database according to the identifier of the remote terminal, wherein the second access and mobile management function device is the access and mobile management function device of the remote terminal, and the second policy control function device is the policy control function device of the remote terminal.

In another example, the communication apparatus 2000 corresponds to the first access and mobility management function device in the method 900, the AMF of the remote UE in the methods 1000 to 1300, and each unit in the communication apparatus 2000 is respectively for implementing the operation performed by the first access and mobility management (or the AMF of the remote UE) in the corresponding method.

Specifically, the transceiving unit 2100 is configured to send a first request message to a first policy control function device, where the first policy control function device is a policy control function device of a remote terminal, and the first request message includes an identifier of a relay terminal and an identifier of the remote terminal; the transceiving unit 2100 is further configured to receive an authorization result from the first policy control function device, where the authorization result is used to indicate whether the relay terminal is authorized to establish a relay service relationship with the remote terminal; the transceiver unit is further configured to send the authorization result to the remote terminal.

Optionally, the processing unit 2200 is specifically configured to: controls the transceiving unit 2100 to receive the identity of the remote terminal and the identity of the relay terminal from the remote terminal.

Optionally, the processing unit 2200 is further configured to: the first request message comprises an identification of a second policy control function device; and acquiring the identifier of a second policy control function device from a second access and mobile management function device, or a unified data management device or a unified database according to the identifier of the remote terminal, wherein the second access and mobile management function device is an access and mobile management function device of the relay terminal, and the second policy control function device is a policy control function device of the relay terminal.

It is to be understood that the above-mentioned obtaining operation performed by the processing unit 2200, such as obtaining an identity of the second policy control function device, may also be performed by the transceiving unit 2100,

it should be understood that the specific processes of the units for executing the corresponding steps are already described in detail in the above method embodiments, and therefore, for brevity, detailed descriptions thereof are omitted.

It should also be understood that the communication apparatus 2000 may also correspond to the first remote terminal, the first relay terminal, the unified database, the unified data management device, and the like in the above method embodiments, and each unit in the communication apparatus 2000 is respectively for implementing the operation performed by the corresponding device in the corresponding method.

It is also to be understood that the transceiving unit 1100 in the communication device 2000 may correspond to the communication interface 3200 in the communication device 3000 shown in fig. 15, and the processing unit 2200 in the communication device 2000 may correspond to the processor 3100 in the communication device 3000 shown in fig. 15.

Fig. 15 is a schematic structural diagram of another communication device according to an embodiment of the present application. Any of the devices according to the above-described method embodiments may be implemented by the communication apparatus 3000 shown in fig. 15. It is understood that the communication apparatus 3000 may be a physical device, and may also be a component of a physical device (e.g., an integrated circuit, a chip, etc.).

As shown in fig. 15, the communication device 3000 includes: one or more processors 3100. Processor 3100 may store execution instructions for performing the methods of embodiments of the application. Alternatively, processor 3100 can invoke communication interface 3300 to implement receive and transmit functions. The communication interface 3300 may be a logical interface or a physical interface, which is not limited in this respect. For example, communication interface 3300 may be a transceiver circuit or an interface circuit. The transceiver circuitry, or interface circuitry, used to implement the receive and transmit functions may be separate or integrated. The transceiver circuit or the interface circuit may be used for reading and writing code/data, or the transceiver circuit or the interface circuit may be used for transmitting or transferring signals.

Alternatively, the communication interface 3300 may be implemented with a communication transceiver.

Alternatively, the communication interface 3300 may also be referred to as a transceiver unit, a transceiver, a transceiving circuit, a transceiver, or the like, for implementing transceiving function.

Optionally, the communication device 3000 may further include a memory 3200. The embodiment of the present application does not specifically limit the specific deployment location of the memory 3200, and the memory may be integrated into the processor or may be independent from the processor. For the case where the computer device does not include memory, the computer device may be processing-enabled, and the memory may be deployed elsewhere (e.g., a cloud system).

Processor 3100, memory 3200, and communications interface 3300 communicate among others, passing control and/or data signals, over internal connection paths.

It is understood that although not shown, the communication device 3000 may also include other modules, such as a battery, etc.

Alternatively, in some embodiments, memory 3200 may store instructions for performing the execution of the methods of embodiments of the present application. The processor 3100 may execute the instructions stored in the memory 3200 and perform the steps performed by the method described above in combination with other hardware (e.g. the communication interface 3300), and the specific working procedures and advantages may be as described in the above method embodiments.

Processor 3100 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The processor may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a Random Access Memory (RAM), a flash memory, a read-only memory (ROM), a programmable ROM, an electrically erasable programmable memory, a register, or other storage media that are well known in the art. The storage medium is located in a memory, and a processor reads instructions in the memory and combines hardware thereof to complete the steps of the method.

It will be appreciated that the memory 3100 can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory ROM, a programmable read-only memory (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash memory. Volatile memory can be random access memory, RAM, which acts as external cache memory. By way of example, but not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM, enhanced SDRAM, SLDRAM, Synchronous Link DRAM (SLDRAM), and direct rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

The communication device 3000 may be a general-purpose computer device or a special-purpose computer device. In a specific implementation, the communication device 3000 may be a desktop computer, a laptop computer, a web server, a Personal Digital Assistant (PDA), a mobile phone, a tablet computer, a wireless terminal device, a communication device, an embedded device, or a device with a similar structure as in fig. 15. The embodiment of the present application does not limit the type of the communication device 3000.

According to the method provided by the embodiment of the present application, the present application further provides a computer program product, which includes: computer program code which, when run on a computer, causes the computer to perform the method of any one of the method embodiments described above, the first policy control function device side, the second policy control function device side, the first access and mobility management function device side, or the second access and mobility management function device side.

According to the method provided by the embodiment of the present application, the present application further provides a computer-readable medium, which stores a program code, and when the program code runs on a computer, the computer is caused to execute the method of the first policy control function device side, the second policy control function device side, the first access and mobility management function device side, or the second access and mobility management function device side in the foregoing method embodiment.

According to the method provided by the embodiment of the present application, the present application also provides a system including one or more devices in the foregoing method embodiments, such as may include one or more of the following: a first policy control function device, a second policy control function device, a first access and mobility management function device, or a second access and mobility management function device side. Optionally, the system may further include the first relay terminal and the first remote terminal in the foregoing method embodiment.

The embodiment of the application also provides a processing device, which comprises a processor and an interface; the processor is configured to perform the method of communication in any of the above method embodiments.

It should be understood that the processing means may be a chip. For example, the processing device may be a Field Programmable Gate Array (FPGA), a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, a system on chip (SoC), a Central Processing Unit (CPU), a Network Processor (NP), a digital signal processing circuit (DSP), a microcontroller (micro controller unit, MCU), a Programmable Logic Device (PLD) or other integrated chip. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.

It will be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM, enhanced SDRAM, SLDRAM, Synchronous Link DRAM (SLDRAM), and direct rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a Digital Video Disk (DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), among others.

The network device in the foregoing device embodiments completely corresponds to the terminal device and the network device or the terminal device in the method embodiments, and the corresponding module or unit executes the corresponding steps, for example, the communication unit (transceiver) executes the steps of receiving or transmitting in the method embodiments, and other steps besides transmitting and receiving may be executed by the processing unit (processor). The functions of the specific elements may be referred to in the respective method embodiments. The number of the processors may be one or more.

As used in this specification, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components may reside within a process or thread of execution and a component may be localized on one computer and distributed between 2 or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local or remote processes such as in accordance with a signal having one or more data packets (e.g., data from two components interacting with another component in a local system, distributed system, or across a network such as the internet with other systems by way of the signal).

It should be appreciated that reference throughout this specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the various embodiments are not necessarily referring to the same embodiment throughout the specification. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

It should be understood that, in the embodiment of the present application, the numbers "first" and "second" … are only used for distinguishing different objects, such as for distinguishing different network devices, and do not limit the scope of the embodiment of the present application, and the embodiment of the present application is not limited thereto.

It should also be understood that, in this application, "when …", "if" and "if" all refer to a network element that performs the corresponding process under certain objective circumstances, and are not time-critical, nor do they require certain deterministic actions to be performed by the network element, nor do they imply that other limitations exist.

It is also understood that, in the present application, "at least one" means one or more, "a plurality" means two or more.

It should also be understood that in the embodiments of the present application, "B corresponding to a" means that B is associated with a, from which B can be determined. It should also be understood that determining B from a does not mean determining B from a alone, but may be determined from a and/or other information.

It should also be understood that the term "and/or" herein is merely one type of association that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.

Items appearing in this application as similar to "include one or more of the following: the meaning of the expressions A, B, and C "generally means that the item may be any of the following, unless otherwise specified: a; b; c; a and B; a and C; b and C; a, B and C; a and A; a, A and A; a, A and B; a, A and C, A, B and B; a, C and C; b and B, B, B and C, C and C; c, C and C, and other combinations of A, B and C. The above description is made by taking 3 elements of a, B and C as examples of optional items of the item, and when the expression "item" includes at least one of the following: a, B, … …, and X ", i.e., more elements in the expression, then the items to which the item may apply may also be obtained according to the aforementioned rules.

It is understood that, in the embodiments of the present application, a terminal device and/or a network device may perform some or all of the steps in the embodiments of the present application, and these steps or operations are merely examples, and the embodiments of the present application may also perform other operations or various modifications of the operations. Further, the various steps may be performed in a different order presented in the embodiments of the application, and not all operations in the embodiments of the application may be performed.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a read-only memory ROM, a random access memory RAM, a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

57页详细技术资料下载

Authorization method, policy control function device and access and mobility management function device

相关技术

网友询问留言