Search

EP-3713193-B1 - ACCESS CONTROL METHOD, APPARATUS AND COMMUNICATION SYSTEM

EP3713193B1EP 3713193 B1EP3713193 B1EP 3713193B1EP-3713193-B1

Inventors

  • JIA, Meiyi
  • ZHANG, LEI
  • WANG, XIN

Dates

Publication Date
20260506
Application Date
20171116

Claims (17)

  1. An access control apparatus (500; 800), comprising: a memory (820) that stores a plurality of instructions; and a processor (810) coupled to the memory (820) and configured to execute the instructions to: based on a mapping relationship between access attempt and access category, determine (201) an access category to which an access attempt corresponds, perform (202) access barring check based on the access category, and process a first timer used for access control and a second timer used for access control to determine whether an access attempt to which the access category corresponds is barred; and transmit (203) a connection setup request message or a connection recovery request message to a network device (700) when the access attempt is considered as allowed, wherein the first timer comprises an access-category-specific barring timer and the second timer comprises an access-category-group-specific barring timer, and the processor (810) is further configured to start the access-category-specific barring timer or the access-category-group-specific barring timer when the access category defines or configures the access-category-specific barring timer or the access-category-group-specific barring timer and a result of the performing access barring check based on the access category is that an access to which the access category corresponds is barred; and the processor (810) is further configured to determine that the access attempt or the access to which the access category or the access category group corresponds is barred when the access-category-specific barring timer or access-category-group-specific barring timer is running.
  2. The access control apparatus (500; 800) according to claim 1, wherein the timers are configured by a radio resource control layer or a NAS layer, and/or, the timers are maintained by the radio resource control layer or the NAS layer.
  3. The access control apparatus (500; 800) according to claim 1, wherein the timers comprise a UE-specific barring timer, and the processor (810) is further configured to start the UE-specific barring timer when the access category defines or configures the UE-specific barring timer and a result of the performing access barring check based on the access category is that an access to which the access category corresponds is barred; and the processor (810) is further configured to determine that the access attempt or the access to which the access category corresponds is barred when the UE-specific barring timer is running.
  4. The access control apparatus (500; 800) according to claim 1, wherein the timers comprise a UE-specific grant timer, and the processor (810) is further configured to start the UE-specific grant timer when the access category defines or configures the UE-specific grant timer and a result of the performing access barring check based on the access category is that an access to which the access category corresponds is allowed; and the processor (810) is further configured to determine that the access attempt or the access to which the access category corresponds is allowed when the UE-specific grant timer is running.
  5. The access control apparatus (500; 800) according to claim 1, wherein the timers comprise an access-category-specific grant timer or an access-category-group-specific grant timer, and the processor (810) is further configured to start the access-category-specific grant timer or the access-category-group-specific grant timer when the access category defines or configures the access-category-specific grant timer or the access-category- group-specific grant timer and a result of the performing access barring check based on the access category is that an access to which the access category corresponds is allowed; and the processor (810) is further configured to determine that the access attempt or the access to which the access category or the access category group corresponds is allowed when the access-category-specific grant timer or access-category-group-specific grant timer is running.
  6. The access control apparatus (500; 800) according to claim 1, wherein the processor (810) is further configured to, based on a mapping relationship between access attempt and setup cause value or a mapping relationship between access category and setup cause value, determine a setup cause value to which the access attempt corresponds.
  7. The access control apparatus (500; 800) according to claim 1, wherein the processor (810) is further configured to, based on an indication of the network device or a condition configured by the network device, contain the access category in the connection setup request message or the connection recovery request message, or contain the setup cause value in the connection setup request message or the connection recovery request message.
  8. The access control apparatus (500; 800) according to claim 1, wherein the access category and/or a setup cause value are/is determined in a non-access stratum, NAS; and wherein one or more of the mapping relationship between access attempt and access category, the mapping relationship between access attempt and setup cause value and the mapping relationship between access category and setup cause value is/are defined in the NAS, or notified by the network device to a user equipment, UE, (500; 800) via signaling of the NAS.
  9. The access control apparatus (500; 800) according to claim 8, wherein the NAS indicates or delivers the determined access category and/or the setup cause value to a radio resource control, RRC, layer, and the radio resource control layer performs the access barring check.
  10. The access control apparatus (500; 800) according to claim 1, wherein the access category and/or the setup cause value are/is determined in a radio resource control layer; and wherein one or more of the mapping relationship between access attempt and access category, the mapping relationship between access attempt and setup cause value and the mapping relationship between access category and setup cause value is/are defined in the radio resource control layer, or notified by the network device to a user equipment, UE, (500; 800) via signaling of the radio resource control layer.
  11. The access control apparatus (500; 800) according to claim 10, wherein an NAS provides the radio resource control layer with one or more parameters for determining the access category, and the radio resource control layer performs the access barring check.
  12. The access control apparatus (500; 800) according to claim 1, wherein the access category and/or the setup cause value are/is determined in at least two layers; and wherein the layers determining the access category and/or the setup cause value comprise: a layer initializing the access attempt, and/or, a layer determined according to a radio resource control state; and one or more of the mapping relationship between access attempt and access category, the mapping relationship between access attempt and setup cause value and the mapping relationship between access category and setup cause value is/are defined in the layers determining the access category and/or the setup cause value.
  13. The access control apparatus (500; 800) according to claim 12, wherein the layer initializing the access attempt comprises one or more of the following layers and/or entities: an application layer, an IP layer, an NAS, an RRC layer, or a user plane; and the layer determined according to a radio resource control state comprises one or more of the following layers and/or entities: an NAS when a user equipment, UE, (500; 800) is in an idle state, an RRC layer when the UE (500; 800) is in a deactivated state, and a user plane when the UE (500; 800) is in a connected state.
  14. The access control apparatus (500; 800) according to claim 12, wherein when at least two different access categories are determined in the at least two layers, the NAS or the radio resource control layer selects an access category from the at least two different access categories.
  15. An access control apparatus (600; 700), comprising: a memory (720) that stores a plurality of instructions; and a processor (710) coupled to the memory and configured to execute the instructions to: transmit (401) configuration information used for configuring a mapping relationship between access attempt and access category to a user equipment, UE, (500; 800), wherein an access category to which an access attempt corresponds is determined by the UE (500; 800) based on the mapping relationship between access attempt and access category; transmit configuration information used for configuring a first timer used for access control and a second timer used for access control to the UE (500; 800); receive (402) a connection setup request message or a connection recovery request message transmitted by the UE (500; 800); and determine (403) whether the connection setup request message or the connection recovery request message of the UE (500; 800) is allowed, wherein the first timer comprises an access-category-specific barring timer and the second timer comprises an access-category-group-specific barring timer, and the UE (500; 800) is further configured to start the access-category-specific barring timer or the access-category-group-specific barring timer when the access category defines or configures the access-category-specific barring timer or the access-category-group-specific barring timer and a result of the performing access barring check based on the access category is that an access to which the access category corresponds is barred; and the UE (500; 800) is further configured to determine that the access attempt or the access to which the access category or the access category group corresponds is barred when the access-category-specific barring timer or access-category-group-specific barring timer is running.
  16. The access control apparatus (600; 700) according to claim 15, wherein the processor (710) is further configured to: transmit configuration information used for configuring a mapping relationship between access attempt and setup cause value or a mapping relationship between access category and setup cause value to the UE (500; 800), wherein a setup cause value to which an access attempt corresponds is determined by the UE (500; 800) based on the mapping relationship between access attempt and setup cause value or the mapping relationship between access category and setup cause value.
  17. A communication system (100), comprising: a user equipment, UE, (102; 500; 800) configured to: determine (201) an access category to which an access attempt corresponds based on a mapping relationship between access attempt and access category; perform (202) access barring check based on the access category, and process a first timer used for access control and a second timer used for access control to determine whether an access attempt to which the access category corresponds is barred; and transmit (203) a connection setup request message or a connection recovery request message to a network device (101; 600; 700) when the access attempt is considered as allowed, wherein the first timer comprises an access-category-specific barring timer and the second timer comprises an access-category-group-specific barring timer, and the UE (102; 500; 800) is further configured to start the access-category-specific barring timer or the access-category-group-specific barring timer when the access category defines or configures the access-category-specific barring timer or the access-category-group-specific barring timer and a result of the performing access barring check based on the access category is that an access to which the access category corresponds is barred, and and the UE (102; 500; 800) is further configured to determine that the access attempt or the access to which the access category or the access category group corresponds is barred when the access-category-specific barring timer or access-category-group- specific barring timer is running; and a network device (101; 600; 700) configured to: transmit (401) configuration information used for configuring a mapping relationship between access attempt and access category to the UE (102; 500; 800); transmit configuration information used for configuring the first timer used for access control and the second timer used for access control to the UE (102; 500; 800); receive (402) a connection setup request message or a connection recovery request message transmitted by the UE (102; 500; 800); and determine (403) whether the connection setup request message or the connection recovery request message of the UE (102; 500; 800) is allowed.

Description

Technical Field This disclosure relates to the field of communication technologies, and in particular to an access control method and apparatus and a communication system. Background In a long-term evolution (LTE) system, for example, the following access control technologies exist: access category barring (ACB), which is an access barring mechanism based on a type of access attempt (such as terminal-initiated data or terminal-initiated signaling) and an access category (AC) to which a user equipment (UE) belongs;access control barring-skip (ACB-skip), which allows a high priority of multi-media telephony (MMTEL) voices/videos and short message services (SMS);service specific access control (SSAC), which is an access barring mechanism for sessions initiated by MMTEL voices/video;extended access barring (EAB), such as a machine-type communication (MTC)-specific access barring mechanism;AB for NB-IoT, which is an access barring mechanism specific for a narrow-band Internet of Things (NB-IoT); andApplication-specific congestion control for data communication (ACDC), which is an application-specific access barring mechanism in a UE determined by an operator. Furthermore, an access request rejection method may also be used for access control. For example, after performing a random access procedure, a user equipment may transmit a radio resource control (RRC) connection setup request or a connection recovery request, in which a setup cause value is carried, to a network side; based on the setup cause value, the network side may decide whether to accept the request; if the network side accepts the request, it may transmit an RRC connection setup message or an RRC connection recovery message, otherwise, it may reply with an RRC connection reject message. By accepting or rejecting the connection setup request or connection recovery request, the network side may control a situation of congestion. Prior art document "Establishment causes for NR" (2017-09-28), R2-1710480, XP051354322, relates to information included in a connection request and in particular aspects of access category, call type and establishment cause in NR. Prior art document "Access Control in NG-RAN", (2017-05-14), R2-1705324, R2-1703200, XP051275764, relates to unified access control requirements in NG-RAN. While CTI and SA2 need to analyse feasibility of RAN2 agreed requirements on unified access control barring solution, this document investigates further principles that would fall into RAN2 area, and confronts them with architecture options for NG-RAN targeted by New NR W1. Prior art document "Access Control for NR", (2017-09-28), R2-1710478, XP051354321, relates to a functional division between AS and NAS for access control. Prior art document "5G - discussion on unified access control", (2017-10-16), C1-173823, XP051349713, relates to new stage-1 requirements for the unified access control in 5GS as added to TS 22.261 Rel-15, and to a stage-3 solution for the stage-1 requirements. Prior art document WO 2018/127162 A1 (published 2018-07-12) relates to a generic access control procedure, in which every action that is subject to access control is associated with an access category, and each access category is in turn associated with a set of access control parameters. From the APP layer, a UE detects an action that is subject to access control. The UE obtains and stores access categorization rules. In NAS layer, the UE determines the access category for the action. The UE then determines the set of access control parameters for the action. In AS layer, the UE finally applies the set of access control parameters to the action and makes a barring decision for the action. It should be noted that the above description of the background is merely provided for clear and complete explanation of this disclosure and for easy understanding by those skilled in the art. And it should not be understood that the above technical solution is known to those skilled in the art as it is described in the background of this disclosure. Summary It was found by the inventors that in a fifth generation (5G) such as new radio (NR) system, there is a need to provide a unified access control (UAC) mechanism. However, for how to perform determination of an access category, there exists no solution currently. Embodiments of this disclosure provide an access control method and apparatus and communication system, in which an access category to which an initiated access attempt (such as each new access attempt) corresponds is determined based on a mapping relationship between access attempt and access category. The invention is defined by the independent claims, to which reference should now be made. Specific embodiments are defined in the dependent claims. An advantage of the embodiments of this disclosure exists in that an access category to which an initiated access attempt corresponds is determined based on a mapping relationship between access attempt and access category.