Search

JP-2026514460-A - Communication methods and communication devices

JP2026514460AJP 2026514460 AJP2026514460 AJP 2026514460AJP-2026514460-A

Abstract

Embodiments of the present application provide a communication method and a communication device. The method comprises the steps of: when the communication device detects an application, the communication device determines that the application matches a route selection policy rule based on a second application identifier and a second application distinction parameter associated with the application, and associates the application with a session according to the route selection policy rule. The route selection policy rule includes a first application identifier and a first application distinction parameter. According to the method disclosed herein, the addition of both the first and second application distinction parameters enables the communication device to effectively identify the application.

Inventors

  • レイ ゾンディン

Assignees

  • ホアウェイ・テクノロジーズ・カンパニー・リミテッド

Dates

Publication Date
20260511
Application Date
20240322
Priority Date
20230407

Claims (20)

  1. A communication method comprising: when a communication device detects an application, the communication device determines, based on the application's second application identifier and second application distinction parameter, that the application matches a route selection policy rule, wherein the route selection policy rule includes a first application identifier and a first application distinction parameter; and the communication device associates the application with a session in accordance with the route selection policy rule.
  2. Prior to the step in which the communication device determines, based on the second application identifier and second application distinction parameter of the application, that the application matches the route selection policy rule, the method further: The method according to claim 1, further comprising the step of receiving the route selection policy rule from a network device using the communication device.
  3. The second application distinction parameter is as follows: The method according to claim 1 or 2, comprising one or more of the following: an identifier for the binding platform of the application, an identifier for the application program source of the application, a name for the installation package of the application, a user identifier for the application, an identifier for the developer of the application, an identifier for a public land mobile network associated with the application, or an identifier for an application function used to generate the route selection policy rules.
  4. The aforementioned method further: The communication device includes a step of performing integrity or authenticity verification on the second application identifier and the second application distinction parameter; The steps by which the communication device determines whether the application matches the route selection policy rule based on the application's second application identifier and second application distinction parameter are as follows: The method according to any one of claims 1 to 3, further comprising the step of determining, by the communication device, that the application matches the route selection policy rule based on the second application identifier and the second application distinction parameter, when the integrity or authenticity verification is successful.
  5. The steps by which the communication device determines whether the application matches the route selection policy rule based on the application's second application identifier and second application distinction parameter are as follows: The method according to any one of claims 1 to 4, further comprising the step of determining by the communication device that the first application identifier is the same as the second application identifier and that the first application distinction parameter is the same as the second application distinction parameter.
  6. The communication device comprises an operating system and a modem, and the method further includes: The operating system receives a first parameter from the application, wherein the first parameter includes one or more of the following: a temporary identifier, a temporary key, or an access token; The operating system comprises the steps of: determining the second application identifier and the second application distinction parameter based on the first parameter; and transmitting the second application identifier and the second application distinction parameter to the modem; The steps by which the communication device determines whether the application matches the route selection policy rule based on the application's second application identifier and second application distinction parameter are as follows: The method according to any one of claims 1 to 5, further comprising the step of determining by the modem that the second application identifier is the same as the first application identifier and that the second application distinction parameter is the same as the first application distinction parameter.
  7. The steps by which the operating system determines the second application identifier and the second application distinction parameter based on the first parameter are as follows: The method according to claim 6, further comprising the steps of: determining the second application identifier and the second application distinguishing parameter based on the temporary identifier and the mapping relationship using the operating system, wherein the mapping relationship indicates a relationship among the second application identifier, the second application distinguishing parameter, and the temporary identifier; or determining the second application identifier and the second application distinguishing parameter based on the temporary key or the access token using the operating system.
  8. The step by which the operating system receives the first parameter from the application is: The method according to claim 6 or 7, wherein when the application is activated or used, the operating system has the step of receiving the first parameter from the application.
  9. Prior to the stage in which the operating system receives the first parameter from the application, the method further: The operating system comprises the steps of: generating the first parameter; and sending the first parameter to the application; wherein, when the first parameter is the temporary identifier, the operating system stores the mapping relationship. The method according to any one of claims 6 to 8.
  10. The aforementioned method further: The communication device sends an authentication request message to the user, wherein the authentication request message includes the second application identifier and the second application distinguishing parameter, and the authentication request message is used to request the user to verify the second application identifier and the second application distinguishing parameter, or the authentication request message is used to request the user to determine whether the second application identifier is the same as the first application identifier and whether the second application distinguishing parameter is the same as the first application distinguishing parameter; and the communication device receives an authentication response message from the user, wherein the authentication response message includes the verification result of the second application identifier and the second application distinguishing parameter, or the authentication response message includes a first matching result of the second application identifier and the first application identifier, and a second matching result of the second application distinguishing parameter and the first application distinguishing parameter. Equipped with; The steps by which the communication device determines whether the application matches the route selection policy rule based on the application's second application identifier and second application distinction parameter are as follows: The method according to any one of claims 1 to 5, further comprising the step of the communication device determining, based on the authentication response message, that the application matches the route selection policy rule.
  11. The steps by which the communication device determines, based on the authentication response message, that the application matches the route selection policy rule are as follows: The method according to claim 10, comprising the steps of: determining by the communication device that the application matches the route selection policy rule when the verification result indicates that the verification performed by the user on the second application identifier and the second application distinction parameter is successful; or determining by the communication device that the application matches the route selection policy rule when the first matching result indicates that the second application identifier is the same as the first application identifier and the second matching result indicates that the second application distinction parameter is the same as the first application distinction parameter.
  12. The aforementioned method further: The method according to any one of claims 1 to 11, comprising the steps of: obtaining the route selection policy rule by the network device; and transmitting the route selection policy rule to the communication device by the network device.
  13. A communication method comprising the steps of: obtaining a route selection policy rule by a network device, wherein the route selection policy rule includes a first application identifier and a first application distinction parameter; and transmitting the route selection policy rule to a communication device by the network device.
  14. When a communication device detects an application, the communication device determines that the application matches a route selection policy rule; A communication method comprising the steps of: sending a request message to a network device by the communication device, wherein the request message includes an application identifier of the application, and the request message is used to request that the application verify whether it matches the route selection policy rule; and receiving a response message from the network device by the communication device.
  15. The method according to claim 14, wherein the application identifier of the application is secure.
  16. The secure application identifier for the aforementioned application is as follows: The method according to claim 15, comprising one or more of the following: a digitally signed application identifier for the application, an application identifier for the application encrypted with a key, or a hashed application identifier for the application.
  17. The method according to any one of claims 14 to 16, wherein the request message further includes authentication information, the authentication information includes the application identifier of the application and a digital signature used to verify the application identifier of the application, the authentication information is used to verify the authenticity or integrity of the application, and the authentication information is one of the following: the digital signature, the hash value, or the message authentication code.
  18. Prior to the step of the communication device sending the request message to the network device, the method further: The communication device determines, based on first configuration information, to transmit the application identifier of the application to the network device, where the first configuration information instructs the transmission of the application identifier of the application to the network device, and the first configuration information is pre-configured in the communication device; or the communication device determines, based on first instruction information from the network device, to transmit the application identifier of the application to the network device, where the first instruction information instructs the transmission of the application identifier of the application to the network device. The method according to any one of claims 14 to 17, comprising:
  19. The method according to any one of claims 14 to 18, wherein the request message is a session setup request message or a session modification request message.
  20. The method according to any one of claims 14 to 19, wherein the request message further includes second instruction information, the second instruction information instructing the request message to retain the application identifier of the application, or the second instruction information instructing the network device to verify whether the application matches the route selection policy rule.

Description

This application claims priority to Chinese Patent Application No. 202310394661.6, entitled “Communication Method and Communication Apparatus,” filed with the China National Intellectual Property Administration on April 7, 2023, the entirety of which is incorporated herein by reference. This application relates to the field of communications, and more specifically, to communication methods and communication devices. In a communication system, a communication device or user equipment (UE) may determine the route for transmitting its data traffic according to a route selection policy (UE route selection policy, URSP). For example, a UE may transmit its data traffic by selecting an existing session connected to the data network (DN) according to URSP rules; or a UE may transmit its data traffic by setting up a new session in a specific network slice. Currently, how to mitigate or avoid potential security risks that terminal devices may encounter during the root selection process is an issue that needs to be considered. This application provides a communication method and communication device to reduce or avoid potential security risks that terminal devices may encounter in the route selection process. According to the first embodiment, a communication method is provided. The method may be performed by a communication device. Optionally, the communication device may be a terminal device, such as a mobile phone, a vehicle, an unmanned aerial vehicle, or a wearable device, or a chip or circuit in a terminal device. In addition, a terminal device may also be referred to as a user device. Therefore, the communication device may alternatively be a user device or a chip in a user device. This is not specifically limited in this application. The method includes the step of determining whether an application matches a route selection policy rule based on the application's second application identifier and second application distinction parameter when the communication device detects an application. The route selection policy rule includes a first application identifier and a first application distinction parameter. The communication device associates the application with a session, e.g., a protocol data unit (PDU) session, according to the route selection policy rule. For example, an application may also be referred to as application traffic. The communication device's determination that an application matches a route selection policy rule may be understood as evaluating whether the "application" matches a traffic descriptor in the route selection policy rule, or as evaluating whether application traffic (traffic) matches a traffic descriptor in the route selection policy rule. These distinctions are not made in this application, and the relevant parts are not explained again below. Based on the solution provided in this application, the first and second application discrimination parameters are further verified, and as a result, the terminal device can effectively identify the detected application and determine whether the application matches the route selection policy rule. This prevents the application's network resources in the route selection policy rule from being compromised and reduces the risk of network nodes being attacked by malicious traffic. Referring to the first embodiment, in some implementations of the first embodiment, before the communication device determines that an application matches a route selection policy rule based on the application's second application identifier and second application distinction parameter, the method further comprises: the step of the communication device receiving the route selection policy rule from a network device. Referring to the first embodiment, in some implementations of the first embodiment, the second application distinction parameter includes one or more of the following: an identifier for the application's binding platform, an identifier for the application's application program source, the name of the application's installation package, an identifier for the application's user, an identifier for the application's developer, an identifier for the public land mobile network associated with the application, or an identifier for the application function used to generate route selection policy rules. Referring to the first aspect, in some implementations of the first aspect, the communication device performs integrity or authenticity verification on the second application identifier and the second application distinction parameter. The communication device's determination that an application matches a route selection policy rule based on the application's second application identifier and second application distinction parameter includes: when the integrity or authenticity verification is successful, the communication device determines that the application matches a route selection policy rule based on the second application identifier and the second application