Search

US-20260129443-A1 - ACCESS CONTROL METHOD AND COMMUNICATIONS DEVICE

US20260129443A1US 20260129443 A1US20260129443 A1US 20260129443A1US-20260129443-A1

Abstract

An access control method and a communications device are provided. The method includes: sending first information and/or first indication information to a first target end, where the first information includes at least one of the following: index information of a second authentication server, vendor-related information of the first communications device, and address-related information of the second authentication server; and the first indication information is used for requesting to obtain a credential related to a first network, or used to indicate that an access type is a restricted service.

Inventors

  • Xiaowan KE

Assignees

  • VIVO MOBILE COMMUNICATION CO., LTD.

Dates

Publication Date
20260507
Application Date
20251229
Priority Date
20200320

Claims (19)

  1. 1 . A communications device, the communications device is a first communications device and comprising a processor, a memory, and a program stored in the memory and executable by the processor, wherein the program, when executed by the processor, implements: sending, by the first communication device, first information and/or first indication information to a second communication device, wherein the first information comprises at least one of the following: index information of a second authentication server; vendor-related information of the first communications device; or address-related information of the second authentication server; and the first indication information is used for requesting to obtain a credential related to a first network, or used to indicate that an access type is a restricted service; wherein the first communication device comprises a terminal; the second communication device comprises a communication device in the first network; wherein the program, when executed by the processor, further implements: obtaining second information from the second communication device, wherein the second information comprises address-related information of a first server; wherein the first server is a server capable of configuring the credential related to the first network; wherein the program, when executed by the processor, further implements: performing a second operation based on the second information; wherein the second operation includes at least one of the following: establishing a first data channel, wherein the first data channel satisfies at least one of the following: the first data channel is used for interaction between the first communications device and the first server; the first data channel is used by the first communications device to request a credential related to the first network; or the first data channel is used for configuring, for the first communications device, the credential related to the first network; or, requesting the first server to configure the credential related to the first network.
  2. 2 . The communications device according to claim 1 , wherein the sending first information comprises: in a case that a first condition is satisfied, sending the first information; wherein the first condition comprises at least one of the following: the first communications device has a second credential; the first communications device has no credential related to the first network; the first communications device requests to access the first network; the first communications device requests to access a restricted service of the first network; the first communications device requests to obtain a credential related to the first network; at least one piece of the first information has been obtained; request information for the first information has been obtained; information that the first network supports the restricted service has been obtained; information that the first network supports and/or requests authentication for the restricted service has been obtained; information that the first network supports and/or requests authentication on the first communications device has been obtained; or information that the first network supports configuring, for the first communications device, the credential related to the first network has been obtained.
  3. 3 . The communications device according to claim 2 , wherein the request information for the first information comprises at least one of the following: first request information, wherein the first request information is used to request vendor information of the first communications device; second request information, wherein the second request information is used to request index information of the second authentication server; or third request information, wherein the third request information is used to request address-related information of the second authentication server.
  4. 4 . The communications device according to claim 1 , wherein before the step of sending first information, wherein the program, when executed by the processor, further implements: sending an access request and/or sending the first indication information to the second communication device; wherein the first indication information is used for requesting to obtain the credential related to the first network, or used to indicate that the access type is a restricted service.
  5. 5 . The communications device according to claim 1 , wherein the restricted service comprises at least one of the following: only access to the first server being allowed; only a credential download application being allowed.
  6. 6 . The communications device according to claim 1 , wherein the second authentication server comprises an authentication server outside the first network.
  7. 7 . The communications device according to claim 1 , wherein the program, when executed by the processor, further implements: obtaining the credential related to the first network to access the first network.
  8. 8 . The communications device according to claim 7 , wherein the credential related to the first network comprises a credential for accessing the first network or a credential that can be directly authenticated by an authentication server of the first network.
  9. 9 . The communications device according to claim 1 , wherein the first network comprises standalone non-public network (SNPN).
  10. 10 . The communications device according to claim 2 , wherein the second credential includes at least one of the following: the credential unrelated to the first network; the credential for accessing the first network in a case that the terminal has no credential related to the first network; the credential for accessing the first network in a case that the terminal requests for configuration of the credential related to the first network; the credential for accessing the restricted service of the first network; the credential configured for the first communications device by a vendor of the first communications device; and the credential that can be authenticated by the second authentication server.
  11. 11 . A communications device, the communications device is a second communications device and comprising a processor, a memory, and a program stored in the memory and executable by the processor, wherein the program, when executed by the processor, implements: obtaining, by the second communication device, at least one of first information, first indication information, a legitimate device list, or third information; and wherein the first information comprises at least one of the following: index information of a second authentication server, vendor-related information of a first communications device, or address-related information of the second authentication server; the first indication information is used for requesting to obtain a credential related to a first network, or used to indicate that an access type is a restricted service; and the third information comprises at least one of the following: mapping information between the index information of the second authentication server and the address-related information of the second authentication server; or the address-related information of the second authentication server; wherein the second communication device comprises a communication device in the first network; wherein the program, when executed by the processor, further causes the communications device to: sending second information, wherein the second information comprises at least one of the following: address-related information of a first server; or second indication information; wherein the first server is a server capable of configuring the credential related to the first network; wherein the second indication information is used to indicate at least one of the following: the first data channel is used for interaction between the first communications device and the first server; the first data channel is used by the first communications device to request the credential related to the first network; or the first data channel is used for configuring, for the first communications device, the credential related to the first network.
  12. 12 . The communications device according to claim 11 , wherein the program, when executed by the processor, further implements: performing, by the second communication device, a first operation based on at least one of the first information, the first indication information, the legitimate device list, or the third information; wherein the first operation comprises at least one of the following: determining the second authentication server; determining to request the second authentication server to perform authentication on the first communications device; requesting the second authentication server to perform authentication on the first communications device; requesting a first server to perform authentication on the first communications device; sending the first information to the first server; determining whether the first communications device is a legitimate device in the first network; determining whether configuring, for the first communications device, the credential related to the first network is allowed; or determining whether accepting a registration request of the first communications device by the first network is allowed; wherein the first server is a server capable of configuring, for the first communications device, the credential related to the first network.
  13. 13 . The communications device according to claim 12 , wherein the step of determining the second authentication server comprises at least one of the following: determining the second authentication server based on the index information of the second authentication server in the first information and the mapping information between the index information of the second authentication server and the address-related information of the second authentication server in the third information; determining the second authentication server based on the vendor-related information of the first communications device in the first information and the mapping information between the index information of the second authentication server and the address-related information of the second authentication server in the third information; determining the second authentication server based on the address-related information of the second authentication server in the first information and/or the address-related information of the second authentication server in the third information; or determining the second authentication server based on the first indication information and/or the address-related information of the second authentication server in the third information; and/or, the step of determining to request the second authentication server to perform authentication on the first communications device comprises but is not limited to at least one of the following: determining, based on the first indication information and/or the first information, to request the second authentication server to perform authentication on the first communications device; or determining, based on the first indication information and/or the address-related information of the second authentication server in the third information, to request the second authentication server to perform authentication on the first communications device.
  14. 14 . The communications device according to claim 11 , wherein the second information further comprises: related information for establishing a first data channel; the first data channel is a data channel in the first network.
  15. 15 . The communications device according to claim 11 , wherein the sending second information comprises: in a case that the first communication device is determined to be a legitimate device in the first network, sending second information.
  16. 16 . The communications device according to claim 11 , wherein the program, when executed by the processor, further implements: obtaining the credential related to the first network to access the first network.
  17. 17 . The communications device according to claim 16 , wherein the credential related to the first network comprises a credential for accessing the first network or a credential that can be directly authenticated by an authentication server of the first network.
  18. 18 . A communications device, the communications device is a fourth communications device and comprising a processor, a memory, and a program stored in the memory and executable by the processor, wherein the program, when executed by the processor, implements: obtaining second information; and performing a second operation based on the second information; wherein the second information comprises at least one of the following: a first terminal routing policy; default DNN information being left blank; default slice information being left blank; related information for establishing a first data channel; second indication information; third indication information; address-related information of a first server; or address-related information of a second authentication server; wherein the first server is a server capable of configuring a credential related to a first network; the first terminal routing policy is used for accessing the first server or a credential download application; the first data channel is a data channel in the first network; the second indication information is used to indicate at least one of the following: the first data channel is used for interaction between a first communications device and the first server, the first data channel is used by the first communications device to request the credential related to the first network; or the first data channel is used for configuring, for the first communications device, the credential related to the first network; and the third indication information is used to indicate at least one of the following: only a restricted service being allowed, only control plane being allowed while user plane being prohibited, only access to the first server being allowed, or only a credential download application being allowed; wherein the fourth communication device comprises a terminal; wherein the second operation comprises at least one of the following: establishing a first data channel, wherein the first data channel satisfies at least one of the following: the first data channel is used for interaction between the first communications device and the first server; the first data channel is used by the first communications device to request a credential related to the first network; or the first data channel is used for configuring, for the first communications device, the credential related to the first network; or requesting the first server to configure the credential related to the first network.
  19. 19 . The communications device according to claim 18 , wherein the second operation further comprises at least one of the following: requesting the second authentication server to configure the credential related to the first network; declining an access request or a data sending request for a target not being the first server and/or a credential download application at an application layer; or allowing an access request or a data sending request only for a target being the first server and/or the credential download application.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 17/947,713 filed on Sep. 19, 2022, which is a continuation of PCT International Application No. PCT/CN2021/081741 filed on Mar. 19, 2021 which claims priority to Chinese Patent Application No. 202010203175.8 filed on Mar. 20, 2020, which are incorporated herein by reference in their entireties. TECHNICAL FIELD The present invention relates to the field of wireless communications technologies, and in particular, to an access control method and a communications device. BACKGROUND In some communication scenarios, there are scenarios in which communications devices with no network credential accesses a network. For example, a terminal being delivered from a factory still has no credential for a standalone non-public network (SNPN) and therefore cannot pass authentication by the SNPN. Before successful authentication by the network, it is currently impossible to obtain authentication-related information of the communications devices. SUMMARY Embodiments of the present invention provide an access control method and a communications device, so as to resolve the problem of failing to obtain authentication-related information of a communications device. According to a first aspect, an embodiment of the present invention provides an access control method, applied to a first communications device and including: sending first information and/or first indication information to a first target end, where the first information includes at least one of the following:index information of a second authentication server;vendor-related information of the first communications device; andaddress-related information of the second authentication server. The first indication information is used for requesting to obtain a credential related to a first network, or used to indicate that an access type is a restricted service. According to a second aspect, an embodiment of the present invention provides an access control method, applied to a second communications device and including: obtaining at least one of first information, first indication information, a legitimate device list, and third information; andperforming a first operation based on at least one of the first information, the first indication information, the legitimate device list, and the third information. The first information includes at least one of the following: index information of a second authentication server, vendor-related information of a first communications device, and address-related information of the second authentication server. The first indication information is used for requesting to obtain a credential related to a first network, or used to indicate that an access type is a restricted service. The third information includes at least one of the following: mapping information between the index information of the second authentication server and the address-related information of the second authentication server; andthe address-related information of the second authentication server. According to a third aspect, an embodiment of the present invention provides an access control method, applied to a third communications device and including: determining third information; andsending the third information. The third information includes at least one of the following: mapping information between index information of a second authentication server and address-related information of the second authentication server; andthe address-related information of the second authentication server. According to a fourth aspect, an embodiment of the present invention provides an access control method, applied to a fourth communications device and including: obtaining second information; andperforming a second operation based on the second information. The second information includes at least one of the following: a first terminal routing policy;default DNN information being left blank;default slice information being left blank;related information for establishing a first data channel;second indication information;third indication information;address-related information of a first server; andaddress-related information of a second authentication server. The first server is a server capable of configuring a credential related to a first network. The first terminal routing policy is used for accessing the first server or a credential download application. The first data channel is a data channel in the first network. The second indication information is used to indicate at least one of the following: the first data channel is used for interaction between a first communications device and the first server;the first data channel is used by the first communications device to request the credential related to the first network; andthe first data channel is used for configuring, for the first communications device, the credential related to the first network. The third