Search

CN-122029857-A - Authorization method, first node, second node, first access network device, third node, second access network device, communication system, storage medium, and program product

CN122029857ACN 122029857 ACN122029857 ACN 122029857ACN-122029857-A

Abstract

The disclosure provides an authorization method, a first node, a second node, first access network equipment, a third node, second access network equipment, a communication system, a storage medium and a program product, and relates to the technical field of communication. The method is executed by a first node and comprises the steps of receiving a first request sent by a second node or first access network equipment, wherein the first request is used for requesting first information, and if the second node or the first access network equipment is authorized according to the first authorization information and the second authorization information, the first information is sent to the second node or the first access network equipment, the first authorization information comprises authorization information provided by a terminal UE or a user, and the second authorization information is used for indicating authorization information corresponding to a network function configuration file. The method and the device can timely authorize the network entity.

Inventors

  • LIANG HAORAN
  • LU WEI

Assignees

  • 北京小米移动软件有限公司

Dates

Publication Date
20260512
Application Date
20240909

Claims (20)

  1. A method of authorization, performed by a first node, the method comprising: Receiving a first request sent by a second node or first access network equipment, wherein the first request is used for requesting first information; And if the second node or the first access network equipment is authorized according to the first authorization information and the second authorization information, the first information is sent to the second node or the first access network equipment, the first authorization information comprises authorization information provided by the terminal UE or a user, and the second authorization information is used for indicating authorization information corresponding to the network function configuration file.
  2. The method of claim 1, wherein the first authorization information is configured by the user to the first node or a third node, or wherein the first authorization information is configured by the UE to the first node or a third node.
  3. The method according to claim 1 or 2, wherein the first authorization information comprises at least one of user information, data type, data processing purpose, purpose of processing the data type.
  4. A method according to any one of claims 1-3, wherein the method further comprises: and receiving second authorization information sent by the third node.
  5. The method of claim 4, wherein the second authorization information is used to indicate authorization information for a fourth node.
  6. The method of claim 5, wherein the authorization information for the fourth node comprises at least one of a network function NF type of the second node or a NF type of the first access network device, a NF type of the fourth node or a NF instance identifier ID of the fourth node, a service of the fourth node, or a service operation of the fourth node.
  7. The method of any of claims 1-6, wherein the first information comprises at least one of a data type, a data processing purpose, a purpose of processing the data type, an NF instance ID of the first node.
  8. The method of claim 5 or 6, wherein the first request comprises at least one of user information, a service or service operation, a data type, a data processing purpose, a purpose of processing the data type, an NF type of the fourth node, or an NF instance ID of the fourth node.
  9. The method according to any one of claims 4-8, further comprising: And if any one of the following is determined according to the first authorization information, sending a second request to the third node: The data type in the first request and the purpose of processing the data type are allowed; the data processing purpose in the first request is allowed.
  10. The method of claim 9, wherein the second request is for the third node to determine the corresponding network function profile based on a NF type of a fourth node provided by the first node or an NF instance ID of the fourth node.
  11. The method according to claim 9 or 10, wherein the second request comprises at least one of a NF type of the second node or a NF type of a first access network device, a NF type of the fourth node or a NF instance ID of the fourth node, a service or a service operation.
  12. The method according to any one of claims 1-11, further comprising: According to the first authorization information and the second authorization information, if the first condition is not met, ending the authorization process of the second node or the first access network equipment or sending third information to the second node or the first access network equipment; wherein the first request includes a seventh request and an eighth request; The seventh request is used for requesting the authorization of the UE or the user, and the eighth request is used for requesting the authorization of the network function; The first condition includes that the seventh request is allowed based on the first authorization information and the eighth request is allowed based on the second authorization information; The third information is used for indicating any one of the following: the second node or first access network device is not authorized; the second node or the first access network equipment fails to authorize; And the second node or the first access network equipment fails in authorization.
  13. The method according to any one of claims 1-11, further comprising: According to the first authorization information and the second authorization information, if the first condition is not met, ending the authorization process of the second node or the first access network equipment or sending third information to the second node or the first access network equipment; The first condition includes that data processing purposes in the first request are allowed and the second node or first access network device is allowed to request a service of the fourth node or a service operation of the fourth node, or that a data type in the first request and a purpose of processing the data type are allowed and the second node or first access network device is allowed to request a service of the fourth node or a service operation of the fourth node; The third information is used for indicating any one of the following: the second node or first access network device is not authorized; the second node or the first access network equipment fails to authorize; And the second node or the first access network equipment fails in authorization.
  14. A method according to claim 3, characterized in that the method further comprises: Receiving second information sent by the UE, wherein the second information is used for indicating whether the second node or the first access network equipment is authorized for the purpose of data processing or the purpose of data type processing; And if the second node or the first access network equipment is authorized for the data processing purpose or the purpose of processing the data type, sending the authorization identification to the UE.
  15. A method of authorization, performed by a second node or a first access network device, the method comprising: Transmitting a first request to a first node, the first request for requesting first information; receiving the first information sent by the first node; The first information is sent by the first node when determining to authorize the second node or the first access network device according to first authorization information and second authorization information, wherein the first authorization information comprises authorization information provided by UE or a user, and the second authorization information is used for indicating authorization information corresponding to a network function configuration file.
  16. The method of claim 15, wherein the first authorization information is configured by the user to the first node or a third node, or wherein the first authorization information is configured by the UE to the first node or a third node.
  17. The method according to claim 15 or 16, wherein the first authorization information comprises at least one of user information, data type, data processing purpose, purpose of processing the data type.
  18. The method according to any of claims 15-17, wherein the first information comprises at least one of a data type, a data processing purpose, a purpose of processing the data type, an NF instance ID of the first node.
  19. The method according to claim 15 or 16, characterized in that the method further comprises: And sending a third request to a third node, wherein the third request is used for determining a corresponding network function configuration file by the third node according to the NF type of a fourth node or the NF instance ID of the fourth node provided by the first node.
  20. The method according to any of claims 15-19, wherein the second authorization information is used to indicate authorization information of a fourth node.

Description

Authorization method, first node, second node, first access network device, third node, second access network device, communication system, storage medium, and program product Technical Field The present disclosure relates to the field of communications technologies, and in particular, to an authorization method, a first node, a second node, a first access network device, a third node, a second access network device, a communication system, a storage medium, and a program product. Background With the rapid development of internet technology and the continuous emergence of big data, the network security problem is increasingly prominent. Network attack, fraud, information leakage of users and other events occur at time, and serious property and privacy security threats are brought to users and enterprises. In order to better ensure network security and ensure legal access and use of network resources, network entity authorization techniques have been developed. Disclosure of Invention The disclosure provides an authorization method, a first node, a second node, a first access network device, a third node, a second access network device, a communication system, a storage medium and a program product, which solve the technical problem of authorizing a network entity. According to a first aspect of embodiments of the present disclosure, an authorization method is provided, performed by a first node, comprising: Receiving a first request sent by a second node or first access network equipment, wherein the first request is used for requesting first information; And if the second node or the first access network equipment is authorized according to the first authorization information and the second authorization information, the first information is sent to the second node or the first access network equipment, the first authorization information comprises authorization information provided by the terminal UE or a user, and the second authorization information is used for indicating authorization information corresponding to the network function configuration file. According to a second aspect of the embodiments of the present disclosure, an authorization method is proposed, performed by a second node or a first access network device, comprising: Transmitting a first request to a first node, the first request for requesting first information; And receiving the first information sent by the first node, wherein the first information is sent by the first node when determining to authorize the second node or the first access network equipment according to first authorization information and second authorization information, the first authorization information comprises authorization information provided by UE or a user, and the second authorization information is used for indicating authorization information corresponding to a network function configuration file. According to a third aspect of embodiments of the present disclosure, an authorization method is provided, performed by a third node, comprising: receiving a second request sent by the first node, or receiving a third request sent by the second node or the first access network device; And sending second authorization information to the first node, wherein the second authorization information is used for indicating authorization information corresponding to a network function configuration file, the second authorization information is used for the first node to send first information to the second node or the first access network equipment when determining to authorize the second node according to the second authorization information and the acquired first authorization information, and the first authorization information comprises authorization information provided by UE or a user. According to a fourth aspect of embodiments of the present disclosure, an authorization method is provided, performed by a second access network device, comprising: Transmitting a fourth request to the second node, the fourth request being for requesting the first information, the fourth request being for the second node to transmit the first request to the first node; And receiving first information sent by a second node, wherein the first information is sent to the second node when the first node determines to authorize the second access network equipment according to first authorization information and second authorization information, the first authorization information comprises authorization information provided by UE or a user, and the second authorization information is used for indicating authorization information corresponding to a network function configuration file. According to a fifth aspect of embodiments of the present disclosure, there is provided a first node comprising: The receiving and transmitting module is used for receiving a first request sent by the second node or the first access network equipment, wherein the first request is used for requesting first in