Instructions
Title of invention: Access control method, device and communication system
Technical field
[0001]
The embodiments of the present invention relate to the field of communication technologies, and in particular, to an access control method, device, and communication system.
Background technique
[0002]
In a Long Term Evolution (LTE, Long Term Evolution) system, for example, there are the following access control technologies:
[0003]
Access Class Barring (ACB, Access Class Barring), which is based on the type of access attempt (such as terminal-initiated data or terminal-initiated signaling) and the access class (AC, Access) to which user equipment (UE, User Equipment) belongs Class) access prohibition mechanism;
[0004]
Access control barring-skip (ACB-skip, Access Control Barring-skip), which allows high priority for multimedia / telephone (MMTEL, Multi-Media Telephony) voice / video and short message service (SMS, Short Message Service);
[0005]
Service Specific Access Control (SSAC, Service Specific Access Control), that is, the access prohibition mechanism of the session initiated by MMTEL voice / video;
[0006]
Extended Access Barring (EAB, Extended Access Barring), such as the specific access barring mechanism of Machine Type Communications (MTC)
[0007]
AB for NB-IoT, that is, a specific access barring mechanism for Narrow-Band Internet of Things (NB-IoT); and
[0008]
Application specific data communication congestion control (ACDC, Application specific Congestion control for Data Communication), that is, a specific application access prohibition mechanism determined by an operator in the UE.
[0009]
In addition, the access request rejection method can also be used for access control. For example, after completing the random access process, the user equipment may send a radio resource control (RRC, Radio Resource Control) connection establishment request or connection recovery request to the network side, which carries the establishment reason value; based on the establishment reason value, the network side It can decide whether to accept the request; if the network side accepts the request, it can send an RRC connection establishment message or an RRC connection recovery message, otherwise reply to the RRC connection rejection message. By accepting or rejecting the connection establishment request or the connection restoration request, the network side can control the congestion situation.
[0010]
It should be noted that the above introduction to the technical background is set forth only to facilitate a clear and complete description of the technical solution of the present invention and to facilitate understanding by those skilled in the art. It cannot be considered that these technical solutions are known to those skilled in the art simply because these solutions are described in the background of the present invention.
[0011]
Summary of the invention
[0012]
The inventor found that in the fifth generation (5G), for example, a new radio (NR) system, a unified access control (UAC) mechanism needs to be provided. However, there is currently no solution on how to determine the access level.
[0013]
Embodiments of the present invention provide an access control method, device, and communication system. Based on the mapping relationship between the access attempt and the access level, the access level corresponding to the initiated access attempt (for example, each new access attempt) is determined.
[0014]
According to a first aspect of the embodiments of the present invention, an access control method is provided, including:
[0015]
Determine the access level corresponding to the access attempt based on the mapping relationship between the access attempt and the access level;
[0016]
Performing an access barring check based on the access class to determine whether access corresponding to the access class is barred; and
[0017]
When it is determined that the access is allowed, a connection establishment request message or a connection restoration request message is sent to the network device.
[0018]
According to a second aspect of the embodiments of the present invention, an access control device is provided, including:
[0019]
An access level determining unit, which determines the access level corresponding to the access attempt based on the mapping relationship between the access attempt and the access level;
[0020]
An access barring check unit that performs an access barring check based on the access class to determine whether access corresponding to the access class is barred; and
[0021]
A request sending unit that sends a connection establishment request message or a connection recovery request message to the network device when it is determined that the access is allowed.
[0022]
According to a third aspect of the embodiments of the present invention, an access control method is provided, including:
[0023]
Sending configuration information for configuring the mapping relationship between the access attempt and the access level to the user equipment, so that the user equipment determines the access level corresponding to the access attempt based on the mapping relationship between the access attempt and the access level;
[0024]
Receiving a connection establishment request message or a connection restoration request message sent by the device; and
[0025]
Determining whether to allow the connection establishment request or the connection restoration request of the user equipment.
[0026]
According to a fourth aspect of the embodiments of the present invention, an access control device is provided, including:
[0027]
A configuration sending unit, which sends configuration information for configuring the mapping relationship between the access attempt and the access level to the user equipment, so that the user equipment determines the access attempt corresponding to the mapping relationship between the access attempt and the access level Access level
[0028]
A request receiving unit, which receives a connection establishment request message or a connection recovery request message sent by the device; and
[0029]
A connection determination unit that determines whether to allow the connection establishment request or the connection restoration request of the user equipment.
[0030]
According to a fifth aspect of the embodiments of the present invention, a communication system is provided, including:
[0031]
Network equipment, which includes the access control device described in the fourth aspect above;
[0032]
User equipment, which includes the access control device described in the second aspect above.
[0033]
The beneficial effect of the embodiment of the present invention is that: based on the mapping relationship between the access attempt and the access level, the access level corresponding to the initiated access attempt is determined; thus, the access level can be determined even in different scenarios Implement a unified access control mechanism in a simple and efficient manner.
[0034]
With reference to the following description and drawings, specific embodiments of the present invention are disclosed in detail, and the manner in which the principles of the present invention can be adopted is indicated. It should be understood that the embodiments of the present invention are not thus limited in scope. Within the scope of the spirit and terms of the appended claims, the embodiments of the present invention include many changes, modifications, and equivalents.
[0035]
Features described and / or illustrated for one embodiment may be used in one or more other embodiments in the same or similar manner, combined with features in other embodiments, or substituted for features in other embodiments .
[0036]
It should be emphasized that the term "comprising / comprising" as used herein refers to the presence of features, whole pieces, steps or components, but does not exclude the presence or addition of one or more other features, whole pieces, steps or components.
BRIEF DESCRIPTION
[0037]
Elements and features described in one drawing or one embodiment of the embodiments of the present invention may be combined with elements and features shown in one or more other drawings or embodiments. Furthermore, in the drawings, similar reference numerals indicate corresponding parts in several drawings, and may be used to indicate corresponding parts used in more than one embodiment.
[0038]
FIG. 1 is a schematic diagram of a communication system according to an embodiment of the present invention;
[0039]
2 is a schematic diagram of an access control method according to an embodiment of the present invention;
[0040]
3 is another schematic diagram of an access control method according to an embodiment of the present invention;
[0041]
4 is another schematic diagram of an access control method according to an embodiment of the present invention;
[0042]
5 is a schematic diagram of an access control device according to an embodiment of the present invention;
[0043]
6 is another schematic diagram of an access control device according to an embodiment of the present invention;
[0044]
7 is a schematic diagram of a network device according to an embodiment of the invention;
[0045]
FIG. 8 is a schematic diagram of user equipment according to an embodiment of the present invention.
detailed description
[0046]
The foregoing and other features of the present invention will become apparent from the following description with reference to the drawings. In the specification and the drawings, specific embodiments of the present invention are disclosed in detail, which show some of the embodiments in which the principles of the present invention can be adopted. It should be understood that the present invention is not limited to the described embodiments. The invention includes all modifications, variations, and equivalents falling within the scope of the appended claims.
[0047]
In the embodiments of the present invention, the terms "first", "second", etc. are used to distinguish different elements in terms of titles, but do not mean the spatial arrangement or chronological order of these elements, and these elements should not be used by these terms Restricted. The term "and / or" includes any and all combinations of one or more of the associated listed terms. The terms "comprising", "including", "having" and the like refer to the stated features, elements, elements or components, but do not exclude the presence or addition of one or more other features, elements, elements or components.
[0048]
In the embodiments of the present invention, the singular forms "a", "the", etc. include plural forms, which should be broadly understood as "a" or "a class" rather than being limited to the meaning of "a"; in addition, the term " "Description" should be understood to include both singular and plural forms unless the context clearly indicates otherwise. In addition, the term "based on" should be understood as "based at least in part on ..." and the term "based on" should be understood as "based at least in part on ..." unless the context clearly indicates otherwise.
[0049]
In the embodiments of the present invention, the term "communication network" or "wireless communication network" may refer to a network that conforms to any of the following communication standards, such as Long Term Evolution (LTE, Long Term Evolution), Enhanced Long Term Evolution (LTE-A, LTE- Advanced), Wideband Code Division Multiple Access (WCDMA), High-Speed ​​Packet Access (HSPA, High-Speed ​​Packet Access), etc.
[0050]
In addition, the communication between devices in the communication system can be performed according to any stage of the communication protocol, for example, it can include but is not limited to the following communication protocols: 1G (generation), 2G, 2.5G, 2.75G, 3G, 4G, 4.5G and future 5G, New Radio (NR), etc., and / or other communication protocols that are currently known or will be developed in the future.
[0051]
In the embodiments of the present invention, the term "network device" refers to, for example, a device that connects a terminal device to a communication network and provides services for the terminal device in a communication system. Network equipment may include but is not limited to the following equipment: base station (BS, Base Station), access point (AP, Access Point), transmission and reception point (TRP, Transmission Reception Point), broadcast transmitter, mobile management entity (MME, Mobile Management Entity), gateway, server, radio network controller (RNC, Radio Network Controller), base station controller (BSC, Base Station Controller), etc.
[0052]
Among them, the base station may include but is not limited to: Node B (NodeB or NB), evolved Node B (eNodeB or eNB) and 5G base station (gNB), etc., and may also include a remote radio head (RRH) , Remote Radio Unit (RRU, Remote Radio Unit), relay (relay) or low power node (such as femto, pico, etc.). And the term "base station" may include some or all of their functions, and each base station may provide communication coverage for a specific geographic area. The term "cell" may refer to a base station and / or its coverage area, depending on the context in which the term is used.
[0053]
In the embodiments of the present invention, the term "user equipment" (UE, User Equipment) or "terminal equipment" (TE, Terminal Equipment) refers to, for example, a device that accesses a communication network through a network device and receives network services. The user equipment may be fixed or mobile, and may also be called a mobile station (MS, Mobile Station), terminal, subscriber station (SS, Subscriber Station), access terminal (AT, Access Terminal), station, and so on.
[0054]
Among them, the user equipment may include but is not limited to the following devices: cellular phones (Cellular Phone), personal digital assistants (PDA, Personal Digital Assistant), wireless modems, wireless communication devices, handheld devices, machine-type communication devices, laptop computers, Cordless phones, smart phones, smart watches, digital cameras, etc.
[0055]
For another example, in scenarios such as the Internet of Things (IoT, Internet of Things), the user equipment may also be a machine or device that performs monitoring or measurement, for example, it may include, but is not limited to, a machine type communication (MTC, Machine Type Communication) terminal, Vehicle-mounted communication terminal, device to device (D2D, Device to Device) terminal, machine to machine (M2M, Machine to Machine) terminal, etc.
[0056]
In addition, the term "network side" or "network device side" refers to a side of the network, which may be a certain base station, or may include one or more network devices as above. The term "user side" or "user equipment side" refers to the side of the user, which may be a certain UE or may include one or more user equipments as above.
[0057]
The following describes the scenario of the embodiment of the present invention by way of example, but the present invention is not limited to this.
[0058]
FIG. 1 is a schematic diagram of a communication system according to an embodiment of the present invention, and schematically illustrates a case where user equipment and a network device are taken as an example. As shown in FIG. 1, the communication system 100 may include a network device 101 and a user device 102. For simplicity, FIG. 1 takes only one user equipment and one network device as examples, but the embodiment of the present invention is not limited thereto.
[0059]
In the embodiment of the present invention, an existing service or a service that can be implemented in the future can be performed between the network device 101 and the user equipment 102. For example, these services may include, but are not limited to: enhanced mobile broadband (eMBB, enhanced Mobile Broadband), massive machine type communication (mMTC), and high-reliability and low-latency communication (URLLC, Ultra-Reliable and Low -Latency Communication), etc.
[0060]
Provide a unified access control mechanism in the NR system, for example: each access attempt can be classified into an access category (AC, access category); the network side can broadcast access control information; based on the access attempts According to the access control information of the corresponding access level, the user equipment checks whether an actual access attempt is made.
[0061]
For example, the access level may include the following features: support for scalability, allowing the addition of additional standardized access levels (such as AC 0 to AC 30) and operators using their own policies (such as applications, network slicing, etc.) defined access Access level (for example, AC 31 to AC 63); access levels are as mutually exclusive as possible, for example, user equipment related conditions and access attempt types can be used to define the access level; user equipment does not necessarily have to support NR and LTE carrier frequency band LTE simultaneous connection.
[0062]
For example, the unified access control mechanism can be applied to terrestrial radio access (E-UTRA, Evolved UMTS Terrestrial Radio Access) or NR access to the 5G core network using the evolved Universal Mobile Telecommunications System (UMTS) User equipment. In addition, the mechanism can also be applied to a situation when a user equipment in an idle state, an inactive state, or a connected state initiates a new access attempt (for example, a new session request).
[0063]
The following will take the NR system as an example to describe the embodiments of the present invention; however, the present invention is not limited to this, and can also be applied to any system that has similar problems.
[0064]
Example 1
[0065]
An embodiment of the present invention provides an access control method, which will be described from the user equipment side.
[0066]
FIG. 2 is a schematic diagram of an access control method according to an embodiment of the present invention, and shows the situation on the user equipment side. As shown in FIG. 2, the access control method 200 includes:
[0067]
Step 201: The user equipment determines the access level corresponding to the access attempt based on the mapping relationship between the access attempt and the access level;
[0068]
Step 202, the user equipment performs an access barring check based on the access class to determine whether access corresponding to the access class is barred; and
[0069]
In step 203, the user equipment sends a connection establishment request message or a connection recovery request message to the network device if it is determined that the access is allowed.
[0070]
In this embodiment, the user equipment may determine the corresponding access level for each new access attempt, or may determine the corresponding access level for a certain initiated access attempt. The mapping relationship between the access attempt and the access level may be predetermined and stored in the user equipment, for example, it may be predefined by an operator or a standard, or may be configured by a base station through a configuration message (such as an RRC message); however, the present invention does not Limited to this.
[0071]
FIG. 3 is another schematic diagram of the access control method according to an embodiment of the present invention, taking a new access attempt as an example for description. As shown in FIG. 3, the access control method 300 includes:
[0072]
Step 301, the user equipment initiates a new access attempt;
[0073]
Step 302: The user equipment determines the access level corresponding to the access attempt based on the mapping relationship between the access attempt and the access level;
[0074]
Step 303: The user equipment determines the establishment cause value corresponding to the access attempt based on the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value.
[0075]
Step 304, the user equipment performs an access barring check based on the access class to determine whether the access corresponding to the access class is barred; when it is determined that the access is not barred (ie, the access is allowed) In case, go to step 305, otherwise go to step 306;
[0076]
Step 305, the user equipment sends a connection establishment request message or a connection restoration request message containing the access level and / or the establishment reason value to the network equipment
[0077]
In step 306, the user equipment does not send a connection establishment request message or a connection recovery request message to the network device.
[0078]
In this embodiment, the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value may be predetermined and stored in the user equipment, for example, may be predefined by an operator or a standard, or The configuration is performed by the base station through a configuration message (for example, RRC message); however, the present invention is not limited to this.
[0079]
In this embodiment, multiple access levels may be defined in advance, for example, including standardized definitions of AC 0 to AC 30) and operator-defined AC 31 to AC 63. Multiple access levels can correspond to one establishment cause value, for example, AC 0 to AC 3 corresponds to cause value 1, AC 4 to AC 10 corresponds to cause value 2 ... However, the present invention is not limited to this, and the access level and establishment cause value can be defined according to actual needs.
[0080]
In this embodiment, the user equipment may include the access level in the connection establishment request message or the connection restoration request message based on an indication of the network equipment or based on the conditions configured by the network equipment; The value is included in the connection establishment request message or the connection restoration request message.
[0081]
For example, the network side may configure the parameter useAccessCate, and when the parameter is set to True, the access level may be included in the connection establishment request message or the connection recovery request message; thus the base station may obtain more accurate information. When the parameter is not set to True, for example, the parameter is set to false, the establishment reason value may be included in the connection establishment request message or the connection restoration request message; thereby saving message resources.
[0082]
Alternatively, the network side may configure a threshold TH, and in the case where the number of resources (for example, the number of bits) required to indicate the access level is greater than the threshold, the establishment reason value may be included in the connection establishment request message or the connection restoration request In the message; in the case that the number of resources (for example, the number of bits) required to indicate the access level is less than or equal to the threshold, the access level may be included in the connection establishment request message or the connection recovery request message.
[0083]
It is worth noting that the above figures 2 and 3 only schematically illustrate the embodiments of the present invention, but the present invention is not limited thereto. For example, the execution order between the various steps can be adjusted appropriately, and in addition, other steps can be added or some of the steps can be reduced. Those skilled in the art can make appropriate modifications based on the above content, and are not limited to the descriptions in FIGS. 2 and 3 above.
[0084]
In one embodiment, the access level and / or the establishment reason value may be determined in a non-access stratum (NAS, Non Access Stratum).
[0085]
One or more of the mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and the mapping relationship between the access level and the establishment cause value may be Defined at the NAS layer or the network equipment may also notify the user equipment through signaling at the NAS layer; the NAS layer may indicate or submit the determined access level and / or the establishment reason value to the RRC layer; and the RRC layer performs The access prohibition check.
[0086]
For example, any entity or layer that initiates an access attempt provides the NAS layer with information about the access attempt; the RRC layer can provide the NAS with parameters related to the determination of the access level from the access control information received from the network side, such as AC2 applicable UE level.
[0087]
As another example, the mapping relationship between the access attempt and the access level may be defined in the NAS layer protocol, and / or the mapping relationship or access level between the access attempt and the establishment cause value may be defined in the NAS layer protocol. Establish a mapping relationship between cause values.
[0088]
For another example, in the case where the RRC layer performs an access barring check, the NAS layer may notify the RRC layer of the determined access level and / or establishment reason value. In this way, the RRC layer can perform an access barring check based on the access level received from the NAS layer and the access control information received from the network side to determine whether the access corresponding to the access level is barred; The access is not prohibited (that is, the access is allowed), and the UE may include the access level or establishment reason value received from the NAS layer in the request message, so that the network side can determine whether the access level or establishment reason value is based on Accept the connection establishment request or the connection restoration request.
[0089]
In another embodiment, the access level and / or the establishment reason value may be determined in the RRC layer. One or more of the mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and the mapping relationship between the access level and the establishment cause value may be Defined at the RRC layer or the network device may notify the user equipment through signaling of the RRC layer; the NAS layer may provide the RRC layer with parameters for determining the access level; and the RRC layer performs the access barring check.
[0090]
For example, any entity or layer that initiates an access attempt can provide the RRC layer with information related to the access attempt; the NAS layer provides the RRC with the parameters needed to determine the access level, such as the Public Land Mobile Network (PLMN) Information, slice and / or UE level in AC2.
[0091]
For another example, the mapping relationship between the access attempt and the access level may be defined in the RRC layer protocol, and / or the mapping relationship between the access attempt and the establishment cause value or the access level and Establish a mapping relationship between cause values.
[0092]
As another example, in the case where the RRC layer performs an access barring check, the RRC layer is based on information received from any entity or layer that may initiate an access attempt, information received from the NAS layer, and information received from the network side. Map the access attempt to the corresponding access level and determine the establishment reason value based on the access attempt / access level; the RRC layer can perform an access barring check based on the access control information received from the network side to determine the Whether the access corresponding to the access level is prohibited; if it is determined that the access is not prohibited (ie, the access is allowed), the UE may include the access level or the establishment reason value in the request message, so that the network side can The access level or establishment reason value determines whether to accept the connection establishment request or the connection restoration request.
[0093]
Through the above-mentioned NAS layer centralized mapping method or RRC layer centralized mapping method, a unique access level can be easily determined, and a unified access control mechanism can be further efficiently realized.
[0094]
In yet another embodiment, the access level and / or the establishment reason value may be determined in multiple different layers. One or more of the mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and the mapping relationship between the access level and the establishment cause value may be Defined in the layer that initiated the access attempt or the layer determined according to the RRC state.
[0095]
For example, the access level is determined in the layer that initiated the access attempt or the layer determined according to the RRC state, and / or the layer determined in the access class or the layer determined according to the RRC state The establishment reason value.
[0096]
For another example, the layer that initiates the access attempt may include, for example, one or more layers as follows, and / or one or more entities: an application layer, an Internet Protocol (IP) layer, a NAS layer, and RRC Layer or user plane; the layer determined according to the RRC state may include, for example, one or more of the following layers, and / or one or more entities: NAS layer when the user equipment is in the idle state, and when the user equipment is in the deactivated state The user plane when the RRC layer and user equipment are connected. However, the present invention is not limited to this, and specific embodiments may be determined according to actual needs.
[0097]
In this embodiment, when multiple different access levels are determined by the multiple different layers, one access level may be selected from the multiple different access levels by the NAS layer or the RRC layer. Thus, a unique access level can be determined for the subsequent access barring check.
[0098]
For example, it can be implemented in the NAS layer; the ranking of ACs can be predetermined, for example, the AC with the highest rank or the lowest rank is selected.
[0099]
As another example, it may be implemented in the RRC layer; the principle of determining the unique access level may be specified in the RRC protocol, or the principle may be configured by the network side. The principle may be common to all user equipments, or may be specific to some user equipments.
[0100]
These principles can include: AC ranking and how to choose, such as selecting the highest or lowest access level; priority principle, that is, selecting a certain type of AC at different times or in different RRC states. For example, when the standardized access level and the operator-defined access level are determined at the same time, the operator-defined access level is used. However, the present invention is not limited to this, for example, it may also be a combination of the above principles, and a specific embodiment may be determined according to actual needs.
[0101]
Through the above-mentioned distributed mapping method, inter-layer interaction can be performed as little as possible, and a unique access level can be determined from multiple access levels, which further simply implements a unified access control mechanism.
[0102]
In yet another embodiment, the user equipment may process one or more timers for access control; wherein each timer corresponds to one or a group or all access levels. The timer may be configured by the RRC layer or the NAS layer, and / or, the timer may also be maintained by the RRC layer or the NAS layer; but the present invention is not limited thereto.
[0103]
The following four timers will be used as an example for description, but the present invention is not limited thereto. For example, only one or more timers may be defined, and other timers may be defined.
[0104]
For example, the timer may include a user equipment specific prohibit timer T ue_barred . The network side may send configuration information to configure the timer and the AC applicable to the timer for the UE. In a case where an access level is applicable (for example, defined or configured) to the T ue_barred , and the result of performing an access barring check according to the access level is that the access corresponding to the access level is barred, Start the T ue_barred ; and when the T ue_barred is running, determine (or consider) the access without performing an access barring check on all or specified or configured access levels of the user equipment The access attempt or access corresponding to the level is prohibited.
[0105]
For example, the UE determines that the access levels of an access attempt are AC 8 and AC 48 respectively; the T ue_barred is configured in the access control information configured on the network side , and indicates that the timer is applicable to all access levels. In this way, the UE can perform an access barring check according to AC 8 or AC 48 based on the UE implementation or the network side instruction; if the result is access barring, the access barring check will not be performed based on AC 48 or AC 8 and the T ue_barred ; if the result is to allow access, then the UE also needs to perform an access barring check based on AC 48 or AC 8.
[0106]
Therefore, by using the timer T ue_barred , it is possible to control how the user equipment that has determined multiple access levels performs the access barring check. The timer can be applied to a situation where network congestion is very serious. In this case, a smaller number of access barring checks can be used to allow more user equipment to be barred from access, so as to quickly alleviate network congestion.
[0107]
As another example, the timer may include a user equipment specific allowed timer T ue_allowed . The network side may send configuration information to configure the timer and the AC applicable to the timer for the UE. In a case where an access level is applicable (for example, defined or configured) to the T ue_allowed and the result of the access barring check according to the access level is that the access corresponding to the access level is allowed, Starting the T ue_allowed ; and when the T ue_allowed is running, the access barring check is not performed on all or prescribed or configured access levels of the user equipment, and the (or considered) said The access attempt or access corresponding to the access level is allowed.
[0108]
For example, the UE determines that the access levels of an access attempt are AC 8 and AC 48 respectively; the access control information configured on the network side is configured with the T ue_allowed and indicates that the timer is applicable to all access levels. In this way, the UE can perform an access barring check according to AC 8 or AC 48 based on the UE implementation or the network side instruction; if the result is to allow access, the access barring check will not be performed based on AC 48 or AC 8 and the T ue_allowed ; if the result is that access is prohibited, the UE also needs to perform an access barring check based on AC 48 or AC 8.
[0109]
Thus, by using the timer T ue_allowed , it is possible to control how user equipments that have determined multiple access levels perform access barring checks. The timer can be applied to a case where the network congestion is relatively light. In this case, a smaller number of access barring checks can be made to allow more user equipment to be allowed to access.
[0110]
For another example, the timer may include an access level (group) specific prohibit timer T ac_barred . The network side can send configuration information to configure the timer for a certain access level or group of access levels. In a case where an access level is suitable for (for example, defined or configured) the T ac_barred , and the result of the access barring check based on the access level is that the access corresponding to the access level is barred, Activate the T ac_barred ; and when the T ac_barred is running, do not perform the access barring check on the access level or the access level group, but determine (or consider) the access level or The access attempt or access corresponding to the access level group is prohibited.
[0111]
For example, the UE determines that the access levels of an access attempt are AC 8 and AC 48 respectively; the T ac_barred is configured in the access control information configured on the network side , and indicates that the timer is applicable to AC 8. In this way, the UE can perform the access barring check according to the AC 8 or AC 48 based on the UE implementation or the network side instruction. If the UE determines to perform the access barring check based on the AC 8 first, and the check result is that the access barring is prohibited, it will not be based on the AC 48 Perform an access barring check and start the timer T ac_barred ; if the result is to allow access, then the UE also needs to perform an access barring check based on AC 48.
[0112]
Thus, by using the timer T ac_barred , it is possible to control how user equipments that have determined multiple access levels perform access barring checks. The timer can be applied to the situation where the network congestion is moderate but some UEs or services have low priority or a large number. In this case, a smaller number of access barring checks can be made to make more corresponding levels of user equipment Access is prohibited.
[0113]
For another example, the timer may include an access level (group) specific allowed timer T ac_allowed . The network side can send configuration information to configure the timer for a certain access level or group of access levels. In a case where an access level is suitable for (for example, defined or configured) the T ac_allowed , and the result of the access barring check according to the access level is that the access corresponding to the access level is allowed, Start the T ac_allowed ; and when the T ac_allowed is running, do not perform the access prohibition check on the access class or the access class group, but determine (or consider) the access class or The access attempt or access corresponding to the access level group is allowed.
[0114]
For example, the UE determines that the access levels of an access attempt are AC 8 and AC 48 respectively; the access control information configured on the network side configures the T ac_allowed and indicates that the timer is applicable to AC 8. In this way, the UE can perform the access barring check based on the AC 8 or AC 48 based on the UE implementation or the network side instruction. If the UE determines to perform the access barring check based on AC 8 first, and the check result is that access is allowed, it will not be based on AC 48 Perform an access barring check and start the timer T ac_allowed ; if the result is access barring, then the UE also needs to perform an access barring check based on AC 48.
[0115]
Thus, by using this timer T ac_allowed , it is possible to control how user equipments that have determined multiple access levels perform access barring checks. This timer can be applied to the situation where the network congestion is moderate but some UEs or services have high priority or a small number; Access is allowed.
[0116]
It is worth noting that the above timers can be used in combination with each other in addition to their own use to handle more complex network load conditions. In the following, two examples will be used to illustrate schematically.
[0117]
In an example, for example, in the case of severe network congestion, the access control information notified by the network side includes a UE-specific prohibit timer T ue_barred applicable to all ACs , and an allow timer corresponding to AC 3 and AC 32 T ac_allowed .
[0118]
For example, UE 1 determines the access levels as AC 3 (that is, emergency calls defined in a standardized manner) and AC 32 (the access level corresponding to an emergency service defined by an operator); AC 3 performs access prohibition check. If the check result is access prohibited, UE 1 does not need to perform an access barring check against AC 32, and directly considers the access barred and starts the UE specific barring timer T ue_barred ; , Directly consider that the access is allowed, and start the AC specific allow timer T ac_allowed , considering that the timer is applicable to AC 32, UE 1 does not need to perform an access barring check for AC 32.
[0119]
For another example, UE 2 determines the access level as AC 3 (that is, emergency call defined by standardization) and AC 42 (the access level corresponding to a general service defined by an operator); according to the protocol / network configuration, UE 2 first Check access prohibition according to AC 3. If the check result is forbidden to access, then UE 2 does not need to perform an access barring check for AC 42, and directly considers that the access is prohibited, and starts the UE-specific barring timer T ue_barred ; if the check result is to allow access , Directly consider that the access is allowed, and start the AC specific allow timer T ac_allowed . Considering that the timer is not applicable to AC 42, UE 2 still needs to perform an access barring check on AC 42; if the check result is If access is allowed, the UE 2 initiates the connection establishment process, otherwise the access attempt is forbidden, and the UE-specific barring timer T ue_barred is started .
[0120]
In another example, the above-mentioned timer mechanism can be used not only for processing multiple access levels, but also for simplifying interaction between layers.
[0121]
For example, in order to determine whether an access attempt belongs to AC 1, the following steps are required: (1) Check which or more of AC 11 to AC 15 the UE class (access class) is; (2) The NAS layer determines that the selected PLMN type is The home PLMN is the visited PLMN, and determine whether the UE has a valid UE level; (3) Check whether the valid UE level flag (flag) corresponding to the UE in the network configuration prohibition control information is prohibited or not, if it is not If prohibited, the access attempt belongs to AC 1, otherwise the access attempt does not belong to AC 1, and the UE also needs to determine other non-AC 1 access levels for the access attempt.
[0122]
To simplify the above process, the above timers can be used to achieve the same effect.
[0123]
For example, the network configures AC 1 with a UE-specific allowed timer T ue_allowed , which is applicable to all ACs. Through the above steps (1) and (2), the UE determines that it has an effective high UE level (for example, one or some of AC 11 to AC 15), that is, it determines that an access level of the UE is AC 1; , Another one or more access levels are also determined for the UE, for example, it may be any other access level except AC 0, AC 1 and AC 2.
[0124]
In this way, the UE first performs an access barring check according to AC 1. If the result is that the access is allowed, the UE directly considers that the connection establishment process is allowed to be initiated; otherwise, the result of the check is that the access is prohibited, and then further based on another determined access level Access prohibition check.
[0125]
It is worth noting that AC 1 is taken as an example for description above, but the present invention is not limited to this; for example, it is also applicable to the case of determining whether an access attempt belongs to AC 2.
[0126]
Therefore, the network side can handle different congestion situations through a simple timer configuration; the terminal side can reduce the number of access barring checks as much as possible, reduce energy consumption, and reduce the delay in initiating connection establishment through simple timer processing.
[0127]
In addition, the above-mentioned timer configuration mechanism can be used alone or combined with the above-mentioned centralized mapping method or distributed mapping method. In the case of multiple access levels, which access level to perform the access barring check first may be determined by the implementation of the UE, may also be predetermined in the protocol, or may be controlled by the network side. For example, the network control may be implicit, for example, according to the order of access level configuration in the access control information, the access level that is configured first may be checked first; the network control may also be explicit, for example, it may be configured explicitly The execution order of access levels.
[0128]
It is worth noting that for UEs in the inactive or connected state, it is necessary to check in advance whether there is a running timer. The inspection time may be before the access level is determined, or after the access level is determined, before each access prohibition check is performed, or it may be other required time. For the content that is not explicitly described in the embodiments of the present invention, reference may be made to related technologies, and the present invention does not limit this.
[0129]
It can be known from the foregoing embodiments that, when the UE makes an access attempt in different scenarios (for example, different RRC states, including idle state, inactive state, and connected state), for example, the access level corresponding to the access attempt is uniquely determined; When the access level cannot be uniquely determined, multiple access levels are processed. This can facilitate access barring checks based on the access level and achieve a unified access control mechanism.
[0130]
Example 2
[0131]
An embodiment of the present invention provides an access control method, which is applied to a network device side. The content of the embodiment of the present invention that is the same as that of Embodiment 1 will not be repeated.
[0132]
FIG. 4 is a schematic diagram of an access control method according to an embodiment of the present invention, and shows the situation on the network device side. As shown in FIG. 4, the access control method 400 includes:
[0133]
Step 401: The network device sends configuration information for configuring the mapping relationship between the access attempt and the access level to the user equipment, so that the user equipment determines the access attempt based on the mapping relationship between the access attempt and the access level. Access level
[0134]
Step 402, the network device receives the connection establishment request message or the connection recovery request message sent by the device; and
[0135]
Step 403: The network device determines whether to allow the connection establishment request or the connection restoration request of the user equipment.
[0136]
In this embodiment, the network device may also send configuration information for configuring the mapping relationship between the access attempt and the establishment cause value or the access level and the establishment cause value to the user equipment, so that The mapping relationship between the access attempt and the establishment reason value or the mapping relationship between the access level and the establishment reason value determines the establishment reason value corresponding to the access attempt.
[0137]
In this embodiment, the network device may also send configuration information for configuring one or more timers for access control to the user equipment; where each timer corresponds to one or a group or all access levels .
[0138]
It is worth noting that the above FIG. 4 only schematically illustrates the embodiments of the present invention, but the present invention is not limited thereto. For example, the execution order between the various steps can be adjusted appropriately, and in addition, other steps can be added or some of the steps can be reduced. Those skilled in the art can make appropriate modifications based on the above content, and are not limited to the description in FIG. 4 described above.
[0139]
It can be known from the foregoing embodiments that, when the UE makes an access attempt in different scenarios (for example, different RRC states, including idle state, inactive state, and connected state), for example, the access level corresponding to the access attempt is uniquely determined; When the access level cannot be uniquely determined, multiple access levels are processed. This can facilitate access barring checks based on the access level and achieve a unified access control mechanism.
[0140]
Example 3
[0141]
An embodiment of the present invention provides an access control device. The apparatus may be, for example, user equipment, or may be one or some components or components configured on the user equipment. The same content of this embodiment 3 as that of embodiment 1 will not be repeated here.
[0142]
FIG. 5 is a schematic diagram of an access control device according to an embodiment of the present invention. As shown in FIG. 5, the access control device 500 includes:
[0143]
An access level determining unit 501, which determines the access level corresponding to the access attempt based on the mapping relationship between the access attempt and the access level;
[0144]
An access barring check unit 502, which performs an access barring check based on the access class to determine whether access corresponding to the access class is barred; and
[0145]
The request sending unit 503, when it is determined that the access is allowed, sends a connection establishment request message or a connection recovery request message to the network device.
[0146]
As shown in FIG. 5, the access control device 500 may further include:
[0147]
The cause value determination unit 504 determines the establishment cause value corresponding to the access attempt based on the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value.
[0148]
In this embodiment, the request sending unit 503 may include the access level in the connection establishment request message or the connection recovery request message based on an indication of a network device or based on conditions configured by the network device, or, The establishment reason value is included in the connection establishment request message or the connection restoration request message.
[0149]
For example, the network side may configure the parameter useAccessCate, and if the parameter is set to True, the access level may be included in the connection establishment request message or the connection recovery request message. In a case where the parameter is not set to True, for example, the parameter is set to false, the establishment reason value may be included in the connection establishment request message or the connection restoration request message.
[0150]
Alternatively, the network side may configure a threshold TH, and in the case where the number of resources (for example, the number of bits) required to indicate the access level is greater than the threshold, the establishment reason value may be included in the connection establishment request message or the connection restoration request In the message; in the case that the number of resources (for example, the number of bits) required to indicate the access level is less than or equal to the threshold, the access level may be included in the connection establishment request message or the connection recovery request message.
[0151]
In one embodiment, the access level and / or the establishment reason value may be determined in a non-access stratum (NAS, Non Access Stratum); wherein, the mapping relationship between the access attempt and the access level, One or more of the mapping relationship between the access attempt and the establishment cause value, the mapping relationship between the access level and the establishment cause value, may be defined in the non-access layer, or may be passed by the network device NAS layer signaling informs user equipment. The non-access layer notifies the radio resource control (RRC) layer of the determined access level and / or the establishment reason value; and the radio resource control layer performs the access barring check.
[0152]
In another embodiment, the access level and / or the establishment reason value may be determined in a radio resource control layer; wherein, the mapping relationship between the access attempt and the access level, the access attempt and One or more of the mapping relationship of the establishment cause value, the access level and the mapping relationship of the establishment cause value may be defined in the radio resource control layer, or may be performed by the network device through the radio resource control layer. Signaling informs the user equipment. The non-access layer provides the radio resource control layer with parameters for determining the access level; and the radio resource control layer performs the access barring check.
[0153]
In another embodiment, the access level and / or the establishment reason value may be determined in multiple different layers; wherein, the mapping relationship between the access attempt and the access level, the access attempt and One or more of the mapping relationship of the establishment cause value, the access level and the mapping relationship of the establishment cause value may be defined in a layer initiating the access attempt or a layer specific to the radio resource control state.
[0154]
For example, the access level is determined in the layer initiating the access attempt or the radio resource control state specific layer, and / or in the layer in which the access level is determined or the radio resource control state specific layer The establishment cause value is determined in.
[0155]
Wherein, the layer initiating the access attempt may include one or more of the following layers, and / or one or more entities: application layer, IP layer, NAS layer, RRC layer or user plane; the radio resource control The state-specific layer may include one or more layers as follows, and / or one or more entities: NAS layer when the user equipment is in the idle state, RRC layer when the user equipment is in the deactivated state, and user equipment in the connected state The user plane at the time.
[0156]
In this embodiment, when multiple different access levels are determined by the multiple different layers, a non-access layer or a radio resource control layer may select one of the multiple access levels. Into the grade.
[0157]
As shown in FIG. 5, the access control device 500 may further include:
[0158]
A timer processing unit 505 that processes one or more timers for access control; wherein each timer corresponds to one or a group or all access levels; and
[0159]
The timer starting unit 506 starts the one or more timers.
[0160]
For example, the timer includes a user equipment specific prohibit timer; the timer initiating unit 506 is adapted to the user equipment specific prohibit timer at the access level, and performs the access according to the access level The result of the prohibition check is that when the access corresponding to the access level is prohibited, the specific prohibition timer of the user equipment is started; and the access prohibition checking unit 502 may also be used to: When a specific prohibition timer is running, the access prohibition check is not performed on all or specified or configured access levels of the user equipment, and the access attempt or access corresponding to the access level is determined Entry is prohibited.
[0161]
For another example, the timer includes a user equipment specific allow timer; the timer initiating unit 506 is adapted to the user equipment specific allow timer at the access level, and performs the connection according to the access level The result of the access prohibition check is that when the access corresponding to the access level is allowed, the user equipment specific permission timer is started; and the access prohibition check unit 502 may also be used to: When the device-specific timer is allowed to run, the access barring check is not performed on all or specified or configured access levels of the user equipment, and the access attempt or access corresponding to the access level is determined. Access is allowed.
[0162]
For another example, the timer includes an access class-specific prohibit timer or an access class group-specific prohibit timer; the timer activation unit 506 applies the access class-specific prohibit timer at the access class Or an access level group specific prohibit timer, and when the result of the access prohibition check according to the access level is that access corresponding to the access level is prohibited, the access level specific is activated Forbidden timer or the forbidden timer specific to the access class group; and the access forbidden checking unit 502 can also be used for: When the prohibit timer of the server is running, the access prohibition check is not performed on the access class or the access class group, but the access attempt corresponding to the access class or the access class group is determined Or access is prohibited.
[0163]
For another example, the timer includes an access level-specific permission timer or an access level group-specific permission timer; the timer activation unit 506 applies the access level-specific permission timer at the access level Or an access timer specific to the access level group, and if the result of performing the access barring check according to the access level is that the access corresponding to the access level is allowed, the access level specific is activated Allow timer or the access class group specific allow timer; and the access barring check unit 502 can also be used to: in the access class specific allow timer or the access class group specific When the allow timer is running, the access prohibition check is not performed on the access class or the access class group, but the access attempt corresponding to the access class or the access class group is determined Or access is allowed.
[0164]
It is worth noting that the above only describes the components or modules related to the present invention, but the present invention is not limited thereto. The access control device 500 may further include other components or modules. For specific contents of these components or modules, reference may be made to related technologies.
[0165]
In addition, for the sake of simplicity, FIG. 5 only exemplarily shows the connection relationship or signal direction between various components or modules, but those skilled in the art should understand that various related technologies such as bus connection can be used. The above components or modules may be implemented by hardware facilities such as processors, memories, transmitters, receivers, etc .; the implementation of the present invention does not limit this.
[0166]
It can be known from the foregoing embodiments that, when the UE makes an access attempt in different scenarios (for example, different RRC states, including idle state, inactive state, and connected state), for example, the access level corresponding to the access attempt is uniquely determined; When the access level cannot be uniquely determined, multiple access levels are processed. This can facilitate access barring checks based on the access level and achieve a unified access control mechanism.
[0167]
Example 4
[0168]
An embodiment of the present invention provides an access control device. The apparatus may be, for example, a network device, or may be one or some components or components configured on the network device. The same content of this Embodiment 4 as that of Embodiment 2 will not be repeated here.
[0169]
FIG. 6 is a schematic diagram of an access control device according to an embodiment of the present invention. As shown in FIG. 6, the access control device 600 includes:
[0170]
The configuration sending unit 601 sends configuration information for configuring the mapping relationship between the access attempt and the access level to the user equipment, so that the user equipment determines the access attempt based on the mapping relationship between the access attempt and the access level Corresponding access level;
[0171]
A request receiving unit 602, which receives a connection establishment request message or a connection recovery request message sent by the device; and
[0172]
The connection determination unit 603 determines whether to allow the connection establishment request or the connection restoration request of the user equipment.
[0173]
In this embodiment, the configuration sending unit 601 may be further configured to: send to the user equipment configuration information for configuring the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value , So that the user equipment determines the establishment reason value corresponding to the access attempt based on the mapping relationship between the access attempt and the establishment reason value or the mapping relationship between the access level and the establishment reason value.
[0174]
In this embodiment, the configuration sending unit 601 may be further configured to: send configuration information for configuring one or more timers for access control to the user equipment; wherein each timer corresponds to one or One or all access levels.
[0175]
It is worth noting that the above only describes the components or modules related to the present invention, but the present invention is not limited thereto. The access control device 600 may further include other components or modules. For specific contents of these components or modules, reference may be made to related technologies.
[0176]
In addition, for the sake of simplicity, FIG. 6 only exemplarily shows the connection relationship or signal direction between various components or modules, but those skilled in the art should understand that various related technologies such as bus connection may be used. The above components or modules may be implemented by hardware facilities such as processors, memories, transmitters, receivers, etc .; the implementation of the present invention does not limit this.
[0177]
It can be known from the foregoing embodiments that, when the UE makes an access attempt in different scenarios (for example, different RRC states, including idle state, inactive state, and connected state), for example, the access level corresponding to the access attempt is uniquely determined; When the access level cannot be uniquely determined, multiple access levels are processed. This can facilitate access barring checks based on the access level and achieve a unified access control mechanism.
[0178]
Example 5
[0179]
An embodiment of the present invention also provides a communication system. Referring to FIG. 1, the same contents as those in Embodiments 1 to 4 are not described in detail. In this embodiment, the communication system 100 may include:
[0180]
The network device 101 is configured with the access control device 600 as described in Embodiment 4;
[0181]
The user equipment 102 is configured with the access control apparatus 500 as described in Embodiment 3.
[0182]
An embodiment of the present invention further provides a network device, which may be, for example, a base station, but the present invention is not limited to this, and may also be other network devices.
[0183]
7 is a schematic diagram of the configuration of a network device according to an embodiment of the present invention. As shown in FIG. 7, the network device 700 may include: a processor 710 (for example, a central processing unit CPU) and a memory 720; the memory 720 is coupled to the processor 710. The memory 720 can store various data; in addition, a program 730 for information processing is stored, and the program 730 is executed under the control of the processor 710.
[0184]
For example, the processor 710 may be configured to execute the program 730 to implement the access control method as described in Embodiment 2. For example, the processor 710 may be configured to perform the following control: sending configuration information for configuring a mapping relationship between an access attempt and an access level to the user equipment, so that the user equipment is based on the access attempt to the access level The mapping relationship determines the access level corresponding to the access attempt; receives the connection establishment request message or the connection restoration request message sent by the device; and determines whether to allow the connection establishment request or the connection restoration request of the user equipment.
[0185]
In one embodiment, the processor 710 may be further configured to perform the following control: sending to the user equipment a mapping relationship for configuring an access attempt and establishment cause value or a mapping relationship between an access level and establishment cause value The configuration information enables the user equipment to determine the establishment cause value corresponding to the access attempt based on the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value.
[0186]
In one embodiment, the processor 710 may also be configured to perform the following control: sending configuration information for configuring one or more timers for access control to the user equipment; wherein each timer corresponds to One or a group or all access levels.
[0187]
In addition, as shown in FIG. 7, the network device 700 may further include: a transceiver 740 and an antenna 750, etc .; where the functions of the above components are similar to those in the prior art, and will not be described here. It is worth noting that the network device 700 does not necessarily include all the components shown in FIG. 7; in addition, the network device 700 may also include components not shown in FIG. 7, and reference may be made to the prior art.
[0188]
An embodiment of the present invention further provides user equipment, but the present invention is not limited to this, and may also be other equipment.
[0189]
FIG. 8 is a schematic diagram of user equipment according to an embodiment of the present invention. As shown in FIG. 8, the user equipment 800 may include a processor 810 and a memory 820; the memory 820 stores data and programs, and is coupled to the processor 810. It is worth noting that the figure is exemplary; other types of structures can also be used to supplement or replace the structure to achieve telecommunications functions or other functions.
[0190]
For example, the processor 810 may be configured to execute a program to implement the access control method as described in Embodiment 1. For example, the processor 810 may be configured to perform the following control: determine the access level corresponding to the access attempt based on the mapping relationship between the access attempt and the access level; perform an access barring check based on the access level to determine Whether access corresponding to the access level is prohibited; and if it is determined that the access is allowed, sending a connection establishment request message or a connection recovery request message to the network device.
[0191]
In one embodiment, the processor 810 may be further configured to perform the following control: based on the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value, determine the correspondence of the access attempt The reason value for the establishment.
[0192]
In one embodiment, the processor 810 may be further configured to perform the following control: include the access level in the connection establishment request message or the connection restoration request based on an indication of a network device or based on conditions configured by the network device In the message, or, the establishment reason value is included in the connection establishment request message or the connection restoration request message.
[0193]
In one embodiment, the access level and / or the establishment reason value are determined in a non-access stratum (NAS, Non Access Stratum); wherein, the mapping relationship between the access attempt and the access level, all One or more of the mapping relationship between the access attempt and the establishment cause value, and the mapping relationship between the access level and the establishment cause value are defined in the non-access layer or the network device through the NAS layer. Order to inform the user of the device. The non-access layer notifies the radio resource control (RRC) layer of the determined access level and / or the establishment reason value; and the radio resource control layer performs the access barring check.
[0194]
In one embodiment, the access level and / or the establishment reason value are determined in the radio resource control layer; wherein, the mapping relationship between the access attempt and the access level, the access attempt and the establishment reason One or more of the mapping relationship of the value, the mapping relationship between the access level and the establishment cause value, is defined in the radio resource control layer or the network equipment notifies the user equipment through signaling of the RRC layer. The non-access layer provides the radio resource control layer with parameters for determining the access level; and the radio resource control layer performs the access barring check.
[0195]
In one embodiment, the access level and / or the establishment reason value are determined in multiple different layers; wherein, the mapping relationship between the access attempt and the access level, the access attempt and the establishment reason One or more of the mapping relationship of the value, the mapping relationship between the access level and the establishment cause value are defined in the layer initiating the access attempt or the layer specific to the radio resource control state.
[0196]
For example, the access level is determined in the layer initiating the access attempt or the radio resource control state specific layer, and / or in the layer in which the access level is determined or the radio resource control state specific layer The establishment cause value is determined in. The layer initiating the access attempt includes one or more layers or entities as follows: application layer, IP layer, NAS layer, RRC layer or user plane; the layer specific to the radio resource control state includes one or more of the following Layer or entity: NAS layer when the user equipment is in the idle state, RRC layer when the user equipment is in the deactivated state, and user plane when the user equipment is in the connected state.
[0197]
In one embodiment, when the multiple different layers determine multiple different access levels, the non-access layer or the radio resource control layer selects one access from the multiple different access levels grade.
[0198]
In one embodiment, the processor 810 may also be configured to control as follows: process one or more timers for access control; wherein each timer corresponds to one or a group of access levels.
[0199]
For example, the timer includes a user equipment-specific prohibit timer; the processor 810 may also be configured to perform control as follows: the access level applies to the user equipment-specific prohibit timer at the access level, and according to the The result of the access prohibition check performed by the access class is that, when the access corresponding to the access class is prohibited, the user equipment-specific prohibit timer is started; During operation, the access barring check is not performed on all or specified or configured access levels of the user equipment, but it is determined that the access attempt or access corresponding to the access bar is prohibited.
[0200]
For example, the timer includes a user equipment specific allow timer; the processor 810 may also be configured to perform the following control: apply to the user equipment specific allow timer at the access level, and according to the The result of the access prohibition check performed by the access class is that when the access corresponding to the access class is allowed, the user equipment-specific allow timer is started; and the user equipment-specific allow timer When running, the access barring check is not performed on all or specified or configured access levels of the user equipment, but it is determined that the access attempt or access corresponding to the access level is allowed.
[0201]
For example, the timer includes an access level specific prohibit timer or an access level group specific prohibit timer; the processor 810 may also be configured to perform the following control: the access level is applicable to the access level Entering a class-specific prohibit timer or an access class group-specific prohibit timer, and the result of performing the access prohibition check according to the access class is that the access corresponding to the access class is prohibited, Starting the access class-specific prohibit timer or the access class group-specific prohibit timer; and running on the access class-specific prohibit timer or the access class group-specific prohibit timer In this case, the access prohibition check is not performed on the access class or the access class group, but the access attempt or access corresponding to the access class or the access class group is determined to be prohibited.
[0202]
For example, the timer includes an access level-specific permission timer or an access level group-specific permission timer; the processor 810 may also be configured to control as follows: Entering a class-specific permission timer or an access class group-specific permission timer, and the result of performing the access barring check according to the access class is that the access corresponding to the access class is permitted, Start the access class-specific allow timer or the access class group-specific allow timer; and the access class-specific allow timer or the access class group-specific allow timer run In this case, the access prohibition check is not performed on the access class or the access class group, but it is determined that the access attempt or access corresponding to the access class or the access class group is allowed.
[0203]
As shown in FIG. 8, the user equipment 800 may further include: a communication module 830, an input unit 840, a display 850, and a power supply 860. Among them, the functions of the above components are similar to those in the prior art, and will not be repeated here. It is worth noting that the user equipment 800 does not necessarily include all the components shown in FIG. 8, and the above-mentioned components are not necessary; in addition, the user equipment 800 may also include components not shown in FIG. 8. Have technology.
[0204]
An embodiment of the present invention also provides a computer-readable program, wherein when the program is executed in a network device, the program causes the network device to execute the access control method described in Embodiment 2.
[0205]
An embodiment of the present invention also provides a storage medium storing a computer-readable program, where the computer-readable program causes the network device to execute the access control method described in Embodiment 2.
[0206]
An embodiment of the present invention further provides a computer-readable program, wherein when the program is executed in a user equipment, the program causes the user equipment to execute the access control method described in Embodiment 1.
[0207]
An embodiment of the present invention further provides a storage medium storing a computer-readable program, where the computer-readable program causes the user equipment to execute the access control method described in Embodiment 1.
[0208]
The above device and method of the present invention may be implemented by hardware, or may be implemented by hardware in combination with software. The present invention relates to such a computer-readable program which, when executed by a logic component, enables the logic component to implement the above-described device or component, or enables the logic component to implement the various methods described above Or steps. The invention also relates to storage media for storing the above programs, such as hard disks, magnetic disks, optical disks, DVDs, flash memories, and so on.
[0209]
The method / device described in conjunction with the embodiments of the present invention may be directly embodied as hardware, a software module executed by a processor, or a combination of both. For example, one or more of the functional block diagrams and / or one or more combinations of the functional block diagrams shown in the figures may correspond to each software module of the computer program flow or each hardware module. These software modules can respectively correspond to the steps shown in the figure. These hardware modules can be realized by solidifying these software modules using a field programmable gate array (FPGA), for example.
[0210]
The software module may be located in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM, or any other form of storage medium known in the art. A storage medium may be coupled to the processor, so that the processor can read information from the storage medium and write information to the storage medium; or the storage medium may be an integral part of the processor. The processor and the storage medium may be located in the ASIC. The software module can be stored in the memory of the mobile terminal or in a memory card that can be inserted into the mobile terminal. For example, if the device (such as a mobile terminal) uses a larger-capacity MEGA-SIM card or a larger-capacity flash memory device, the software module may be stored in the MEGA-SIM card or a larger-capacity flash memory device.
[0211]
For one or more of the functional blocks described in the drawings and / or one or more combinations of the functional blocks, it may be implemented as a general-purpose processor, digital signal processor (DSP) for performing the functions described in the present invention ), Application specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, or any suitable combination thereof. One or more of the functional blocks described in the drawings and / or one or more combinations of the functional blocks can also be implemented as a combination of computing devices, for example, a combination of a DSP and a microprocessor, multiple microprocessing Processor, one or more microprocessors in communication with the DSP, or any other such configuration.
[0212]
The present invention has been described above in conjunction with specific embodiments, but it should be clear to those skilled in the art that these descriptions are exemplary and do not limit the protection scope of the present invention. Those skilled in the art can make various variations and modifications to the present invention according to the spirit and principle of the present invention, and these variations and modifications are also within the scope of the present invention.
Claims
[Claim 1]
An access control device includes: an access level determination unit that determines an access level corresponding to an access attempt based on a mapping relationship between an access attempt and an access level; an access prohibition checking unit that is based on the access Enter the level to perform an access barring check to determine whether the access corresponding to the access level is barred; and a request sending unit that sends a connection establishment request message to the network device if it is determined that the access is allowed Connection recovery request message.
[Claim 2]
The access control device according to claim 1, wherein the access control device further comprises: a cause value determination unit based on the mapping relationship between the access attempt and the establishment cause value or the mapping between the access level and the establishment cause value Relationship to determine the establishment reason value corresponding to the access attempt.
[Claim 3]
The access control device according to claim 1, wherein the request sending unit includes the access level in the connection establishment request message or the connection restoration request based on an instruction of a network device or based on conditions configured by the network device In the message, or, the establishment reason value is included in the connection establishment request message or the connection restoration request message.
[Claim 4]
The access control device according to claim 1, wherein the access level and / or establishment reason value are determined in a non-access stratum; wherein, the mapping relationship between the access attempt and the access level, the The mapping relationship between the access attempt and the establishment cause value, one or more of the mapping relationship between the access level and the establishment cause value, is defined in the non-access layer, or the network device passes the non-access layer Signaling to inform the user equipment.
[Claim 5]
The access control device according to claim 4, wherein the non-access layer indicates or delivers the determined access level and / or the establishment reason value to a radio resource control layer; and the radio resource The control layer performs the access barring check.
[Claim 6]
The access control device according to claim 1, wherein the access level and / or establishment cause value are determined in a radio resource control layer; wherein, the mapping relationship between the access attempt and the access level is, The mapping relationship between the access attempt and the establishment cause value, one or more of the mapping relationship between the access level and the establishment cause value, is defined in the radio resource control layer, or is passed by the network device through the radio resource control layer Signaling to inform the user equipment.
[Claim 7]
The access control device according to claim 6, wherein the non-access layer provides the radio resource control layer with a parameter for determining the access level; and the radio resource control layer performs the access prohibition an examination.
[Claim 8]
The access control device according to claim 1, wherein the access level and / or establishment reason value are determined in at least two layers; wherein, the determination of the access level and / or establishment reason value The layer includes: a layer that initiates the access attempt, and / or a layer determined according to a radio resource control state; a mapping relationship between the access attempt and the access level, a mapping relationship between the access attempt and the establishment cause value One or more of the mapping relationships between the access level and the establishment cause value are defined in the layer that determines the access level and / or establishment cause value.
[Claim 9]
The access control device according to claim 8, wherein the layer initiating the access attempt includes one or more layers as follows, and / or one or more entities: application layer, IP layer, NAS Layer, RRC layer or user plane; the layer determined according to the radio resource control state includes one or more layers as follows, and / or one or more entities: the NAS layer when the user equipment is idle, the user equipment is in The RRC layer in the deactivated state and the user plane when the user equipment is in the connected state.
[Claim 10]
The access control device according to claim 8, wherein, in a case where the at least two layers determine at least two different access levels, the non-access layer or the radio resource control layer selects from the at least two Choose an access level from different access levels.
[Claim 11]
The access control device according to claim 1, wherein the access control device further comprises: a timer processing unit that processes one or more timers for access control; wherein each timer corresponds to One or a group or all access levels.
[Claim 12]
The access control device according to claim 11, wherein the timer is configured by a radio resource control layer or a non-access layer, and / or the timer is maintained by the radio resource control layer or a non-access layer.
[Claim 13]
The access control apparatus according to claim 11, wherein the timer includes a user equipment specific prohibit timer; the access control apparatus further includes: a timer start unit defined in the access level or The user equipment specific prohibit timer is configured, and when the result of the access prohibition check according to the access level is that access corresponding to the access level is prohibited, the user equipment specific Forbidden timer; and the access forbidden checking unit is also used for: when the specific forbidden timer of the user equipment is running, not for all or specified or configured access levels of the user equipment The access prohibition check, and it is determined that the access attempt corresponding to the access level or access is prohibited.
[Claim 14]
The access control apparatus according to claim 11, wherein the timer includes a user equipment specific allow timer; the access control apparatus further includes: a timer start unit defined in the access level or The user equipment specific permission timer is configured, and if the result of performing the access barring check according to the access level is that access corresponding to the access level is allowed, the user equipment specific Allowed timer; and the access prohibition checking unit is also used to: not to perform all or specified or configured access levels of the user equipment when the user equipment specific allow timer is running The access barring check, and it is determined that the access attempt or access corresponding to the access level is allowed.
[Claim 15]
The access control device according to claim 11, wherein the timer includes an access level specific prohibit timer or an access level group specific prohibit timer; the access control device further includes: a timer start A unit that defines or configures the access class-specific prohibit timer or the access class group-specific prohibit timer in the access class, and performs a result of the access prohibition check according to the access class When the access corresponding to the access class is prohibited, starting the access class specific prohibit timer or the access class group specific prohibit timer; and the access prohibition checking unit is also used For: when the access level specific prohibit timer or the access level group specific prohibit timer is running, the access prohibition check is not performed on the access level or the access level group , And determine that the access attempt or access corresponding to the access class or the access class group is prohibited.
[Claim 16]
The access control device according to claim 11, wherein the timer includes an access level-specific permission timer or an access level group-specific permission timer; the access control device further includes: a timer start A unit that defines or configures the access level-specific permission timer or the access level group-specific permission timer in the access class, and performs the access barring check result according to the access class When the access corresponding to the access level is allowed, start the access level-specific permission timer or the access level group-specific permission timer; and the access prohibition checking unit also uses For: when the access level specific permission timer or the access level group specific permission timer is running, the access prohibition check is not performed on the access level or the access level group , And determine that the access attempt or access corresponding to the access class or the access class group is allowed.
[Claim 17]
An access control apparatus includes: a configuration sending unit that sends configuration information for configuring a mapping relationship between an access attempt and an access level to user equipment, so that the user equipment is based on the access attempt to an access level The mapping relationship determines the access level corresponding to the access attempt; the request receiving unit, which receives the connection establishment request message or the connection recovery request message sent by the device; and the connection determination unit, which determines whether to allow the connection of the user equipment Establishment request or connection recovery request.
[Claim 18]
The access control apparatus according to claim 17, wherein the configuration sending unit is further configured to: send to the user equipment a mapping relationship for configuring an access attempt and establishment reason value or an access level and establishment reason value Configuration information of the mapping relationship of the user equipment, so that the user equipment determines the establishment reason value corresponding to the access attempt based on the mapping relationship between the access attempt and the establishment reason value or the mapping relationship between the access level and the establishment reason value .
[Claim 19]
The access control device according to claim 17, wherein the configuration sending unit is further configured to: send configuration information for configuring one or more timers for access control to the user equipment; wherein each The timer corresponds to one or a group or all access levels.
[Claim 20]
A communication system comprising: user equipment comprising the access control device according to claim 1; network equipment comprising the access control device according to claim 17.