技术领域Technical Field
本申请属于无线通信技术领域,具体涉及一种用户级数据的管理方法、装置、通信设备及可读存储介质。The present application belongs to the field of wireless communication technology, and specifically relates to a method, apparatus, communication equipment and readable storage medium for managing user-level data.
背景技术Background technique
现有用户级数据收集是由核心网、无线接入网或网管等网络级功能根据需要触发收集,数据收集至网络级节点。收集的数据主要是用户在移动通信网络中产生的数据,主要用于网络服务优化等。现有的最小化路测用户同意(MDT user consent)中,同时同意了网络收集、存储和使用数据,即网络收集的数据完全由网络决定如何存储和使用。Existing user-level data collection is triggered by network-level functions such as the core network, wireless access network, or network management as needed, and data is collected to network-level nodes. The data collected is mainly data generated by users in mobile communication networks, and is mainly used for network service optimization, etc. In the existing Minimized Drive Test user consent (MDT user consent), the network also agrees to collect, store and use data, that is, the data collected by the network is completely determined by the network on how to store and use it.
未来用户级数据除了现有通信过程中的数据外,还可能包括通感一体化中感知的数据,以及算力服务中计算的数据等。一方面数据更丰富,另一方面有些数据与用户安全隐私更相关。因此,如何满足用户本身对数据的需求,而非由网络决定如何对收集的数据进行存储和使用,是需要解决的问题。In addition to data in the existing communication process, future user-level data may also include data sensed in synaesthesia integration and data calculated in computing services. On the one hand, the data is richer, and on the other hand, some data are more relevant to user security and privacy. Therefore, how to meet the users' own needs for data, rather than letting the network decide how to store and use the collected data, is a problem that needs to be solved.
发明内容Contents of the invention
本申请实施例提供一种用户级数据的管理方法、装置、通信设备及可读存储介质,能够解决现有的由网络决定如何对收集的数据进行存储和使用,不满足用户本身对数据的需求的问题。Embodiments of the present application provide a user-level data management method, device, communication equipment and readable storage medium, which can solve the problem of the existing network deciding how to store and use the collected data, which does not meet the user's own needs for data. The problem.
第一方面,提供了一种用户级数据的管理方法,包括:The first aspect provides a user-level data management method, including:
用户设备执行第一操作,所述第一操作包括以下至少一项:The user equipment performs a first operation, the first operation includes at least one of the following:
发送第一授权信息,所述第一授权信息用于指示允许或不允许进行第一用户的数据的收集,和/或,指示允许或不允许存储第一用户的数据;Send first authorization information, the first authorization information being used to indicate whether to allow or not allow the collection of the first user's data, and/or to indicate whether to allow or not allow the storage of the first user's data;
发送第二授权信息,所述第二授权信息用于指示允许或不允许提供所述第一用户的数据。Send second authorization information, where the second authorization information is used to indicate whether to allow or not to provide the first user's data.
第二方面,提供了一种用户级数据的管理方法,包括:The second aspect provides a user-level data management method, including:
第一节点执行第二操作,所述第二操作包括以下至少一项:The first node performs a second operation, the second operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否收集所述第一用户的数据,或者,是否收集所述第一用户的数据并将所述第一用户的数据存储至第二节点;Determine whether to collect the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information, or whether to collect the first user's data and transfer the first user's data to Store to the second node;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许所述第一节点提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the first user's user equipment and/or the first user's subscription information, where the second authorization information is used to indicate whether to allow or not allow the first user's data. The first node provides data of the first user.
第三方面,提供了一种用户级数据的管理方法,包括:The third aspect provides a user-level data management method, including:
第二节点执行第三操作,所述第三操作包括以下至少一项:The second node performs a third operation, the third operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否存储所述第一用户的数据;Determine whether to store the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the first user's user equipment and/or the first user's subscription information.
第四方面,提供了一种用户级数据的管理装置,包括:In the fourth aspect, a user-level data management device is provided, including:
执行模块,用于执行第一操作,所述第一操作包括以下至少一项:Execution module, used to perform a first operation, the first operation includes at least one of the following:
发送第一授权信息,所述第一授权信息用于指示允许或不允许进行第一用户的数据的收集,和/或,指示允许或不允许存储第一用户的数据;Send first authorization information, the first authorization information being used to indicate whether to allow or not allow the collection of the first user's data, and/or to indicate whether to allow or not allow the storage of the first user's data;
发送第二授权信息,所述第二授权信息用于指示允许或不允许提供所述第一用户的数据。Second authorization information is sent, and the second authorization information is used to indicate whether to allow or not to provide the data of the first user.
第五方面,提供了一种用户级数据的管理装置,包括:In the fifth aspect, a user-level data management device is provided, including:
执行模块,用于执行第二操作,所述第二操作包括以下至少一项:Execution module, used to perform a second operation, the second operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否收集所述第一用户的数据,或者,是否收集所述第一用户的数据并将所述第一用户的数据存储至第二节点;Determine whether to collect the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information, or whether to collect the first user's data and transfer the first user's data to Store to the second node;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许第一节点提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the user equipment of the first user and/or the first user's subscription information, where the second authorization information is used to indicate whether to allow or not allow the first user. A node provides the first user's data.
第六方面,提供了一种用户级数据的管理装置,包括:A sixth aspect provides a user-level data management device, including:
执行模块,用于执行第三操作,所述第三操作包括以下至少一项:Execution module, used to perform a third operation, the third operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否存储所述第一用户的数据;Determine whether to store the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the first user's user equipment and/or the first user's subscription information.
第七方面,提供了一种用户设备,该终端包括处理器和存储器,所述存储器存储可在所述处理器上运行的程序或指令,所述程序或指令被所述处理器执行时实现如第一方面所述的方法的步骤。In a seventh aspect, a user device is provided, which terminal includes a processor and a memory, wherein the memory stores a program or instruction that can be executed on the processor, and when the program or instruction is executed by the processor, the steps of the method described in the first aspect are implemented.
第八方面,提供了一种用户设备,包括处理器及通信接口,其中,所述处理器用于执行第一操作,所述第一操作包括以下至少一项:In an eighth aspect, a user equipment is provided, including a processor and a communication interface, wherein the processor is configured to perform a first operation, and the first operation includes at least one of the following:
发送第一授权信息,所述第一授权信息用于指示允许或不允许进行第一用户的数据的收集,和/或,指示允许或不允许存储第一用户的数据;Send first authorization information, the first authorization information being used to indicate whether to allow or not allow the collection of the first user's data, and/or to indicate whether to allow or not allow the storage of the first user's data;
发送第二授权信息,所述第二授权信息用于指示允许或不允许提供所述第一用户的数据。Second authorization information is sent, and the second authorization information is used to indicate whether to allow or not to provide the data of the first user.
第九方面,提供了一种通信设备,该网络侧设备包括处理器和存储器,所述存储器存储可在所述处理器上运行的程序或指令,所述程序或指令被所述处理器执行时实现如第一方面或第二方面所述的方法的步骤。In a ninth aspect, a communication device is provided. The network side device includes a processor and a memory. The memory stores programs or instructions that can be run on the processor. When the program or instructions are executed by the processor, Implement the steps of the method described in the first aspect or the second aspect.
第十方面,提供了一种通信设备,包括处理器及通信接口,其中,所述处理器用于执行第二操作,所述第二操作包括以下至少一项:In a tenth aspect, a communication device is provided, including a processor and a communication interface, wherein the processor is configured to perform a second operation, and the second operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否收集所述第一用户的数据,或者,是否收集所述第一用户的数据并将所述第一用户的数据存储至第二节点;Determine whether to collect the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information, or whether to collect the first user's data and transfer the first user's data to Store to the second node;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许第一节点提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the user equipment of the first user and/or the first user's subscription information, where the second authorization information is used to indicate whether to allow or not allow the first user. A node provides the first user's data.
第十一方面,提供了一种通信设备,包括处理器及通信接口,其中,所述处理器用于执行第三操作,所述第三操作包括以下至少一项:In an eleventh aspect, a communication device is provided, including a processor and a communication interface, wherein the processor is configured to perform a third operation, and the third operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否存储所述第一用户的数据;Determining whether to store the data of the first user according to the authorization of the user equipment of the first user and/or the contract information of the first user;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the first user's user equipment and/or the first user's subscription information.
第十二方面,提供了一种可读存储介质,所述可读存储介质上存储程序或指令,所述程序或指令被处理器执行时实现如第一方面、第二方面或第三方面所述的方法的步骤。In the twelfth aspect, a readable storage medium is provided, on which a program or instruction is stored. When the program or instruction is executed by a processor, the steps of the method described in the first aspect, the second aspect or the third aspect are implemented.
第十三方面,提供了一种芯片,所述芯片包括处理器和通信接口,所述通信接口和所述处理器耦合,所述处理器用于运行程序或指令,实现如第一方面、第二方面或第三方面所述的方法。In a thirteenth aspect, a chip is provided. The chip includes a processor and a communication interface. The communication interface is coupled to the processor. The processor is used to run programs or instructions to implement the first aspect and the second aspect. aspect or the method described in the third aspect.
第十四方面,提供了一种计算机程序/程序产品,所述计算机程序/程序产品被存储在存储介质中,所述计算机程序/程序产品被至少一个处理器执行以实现如第一方面、第二方面或第三方面所述的方法的步骤。A fourteenth aspect, a computer program/program product is provided, the computer program/program product is stored in a storage medium, and the computer program/program product is executed by at least one processor to implement the first aspect, the third aspect The steps of the method described in the second or third aspect.
在本申请实施例中,由用户授权用户级数据的收集、存储和/或使用,而非由网络决定如何对收集的用户级数据进行存储和使用,满足用户本身对自身数据的需求,提高用户对自身数据的控制程度。In the embodiment of this application, the user authorizes the collection, storage and/or use of user-level data, rather than the network deciding how to store and use the collected user-level data, so as to meet the user's own needs for their own data and improve the user's The degree of control you have over your own data.
附图说明Description of drawings
图1为本申请实施例可应用的一种无线通信系统的框图;Figure 1 is a block diagram of a wireless communication system applicable to the embodiment of the present application;
图2为NWDAF收集数据的示意图;Figure 2 is a schematic diagram of data collection by NWDAF;
图3为NWDAF提供数据分析结果的示意图;Figure 3 is a schematic diagram of the data analysis results provided by NWDAF;
图4为本申请实施例的用户级数据的管理方法的流程示意图之一;FIG4 is a flow chart of a method for managing user-level data according to an embodiment of the present application;
图5为本申请实施例的用户级数据的管理方法的流程示意图之二;Figure 5 is a schematic flowchart 2 of the user-level data management method according to the embodiment of the present application;
图6为本申请实施例的用户级数据的管理方法的流程示意图之三;Figure 6 is a schematic flowchart three of the user-level data management method according to the embodiment of the present application;
图7和图8为本申请实施例1的用户级数据的管理方法的流程示意图之一;Figures 7 and 8 are one of the flow diagrams of the user-level data management method in Embodiment 1 of the present application;
图9和图10为本申请实施例2的用户级数据的管理方法的流程示意图之一;9 and 10 are schematic diagrams of a flow chart of a method for managing user-level data according to Embodiment 2 of the present application;
图11为本申请实施例3的用户级数据的管理方法的流程示意图之一;FIG11 is a flowchart of a method for managing user-level data according to Embodiment 3 of the present application;
图12为本申请实施例的用户级数据的管理装置的结构示意图之一;FIG12 is a schematic diagram of a structure of a device for managing user-level data according to an embodiment of the present application;
图13为本申请实施例的用户级数据的管理装置的结构示意图之二;Figure 13 is the second structural schematic diagram of the user-level data management device according to the embodiment of the present application;
图14为本申请实施例的用户级数据的管理装置的结构示意图之三;FIG14 is a third structural diagram of the device for managing user-level data according to an embodiment of the present application;
图15为本申请实施例的通信设备的结构示意图;FIG15 is a schematic diagram of the structure of a communication device according to an embodiment of the present application;
图16为本申请实施例的用户设备的硬件结构示意图;Figure 16 is a schematic diagram of the hardware structure of user equipment according to an embodiment of the present application;
图17为本申请实施例的网络侧设备的硬件结构示意图之一;Figure 17 is one of the schematic diagrams of the hardware structure of the network side device according to the embodiment of the present application;
图18为本申请实施例的网络侧设备的硬件结构示意图之二。Figure 18 is the second schematic diagram of the hardware structure of the network side device according to the embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art fall within the scope of protection of this application.
本申请的说明书和权利要求书中的术语“第一”、“第二”等是用于区别类似的对象,而不用于描述特定的顺序或先后次序。应该理解这样使用的术语在适当情况下可以互换,以便本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施,且“第一”、“第二”所区别的对象通常为一类,并不限定对象的个数,例如第一对象可以是一个,也可以是多个。此外,说明书以及权利要求中“和/或”表示所连接对象的至少其中之一,字符“/”一般表示前后关联对象是一种“或”的关系。The terms "first", "second", etc. in the description and claims of this application are used to distinguish similar objects and are not used to describe a specific order or sequence. It is to be understood that the terms so used are interchangeable under appropriate circumstances so that the embodiments of the present application can be practiced in sequences other than those illustrated or described herein, and that "first" and "second" are distinguished objects It is usually one type, and the number of objects is not limited. For example, the first object can be one or multiple. In addition, "and/or" in the description and claims indicates at least one of the connected objects, and the character "/" generally indicates that the related objects are in an "or" relationship.
值得指出的是,本申请实施例所描述的技术不限于长期演进型(Long TermEvolution,LTE)/LTE的演进(LTE-Advanced,LTE-A)系统,还可用于其他无线通信系统,诸如码分多址(Code Division Multiple Access,CDMA)、时分多址(Time DivisionMultiple Access,TDMA)、频分多址(Frequency Division Multiple Access,FDMA)、正交频分多址(Orthogonal Frequency Division Multiple Access,OFDMA)、单载波频分多址(Single-carrier Frequency Division Multiple Access,SC-FDMA)和其他系统。本申请实施例中的术语“系统”和“网络”常被可互换地使用,所描述的技术既可用于以上提及的系统和无线电技术,也可用于其他系统和无线电技术。以下描述出于示例目的描述了新空口(New Radio,NR)系统,并且在以下大部分描述中使用NR术语,但是这些技术也可应用于NR系统应用以外的应用,如第6代(6th Generation,6G)通信系统。It is worth pointing out that the technology described in the embodiments of this application is not limited to Long Term Evolution (Long Term Evolution, LTE)/LTE Evolution (LTE-Advanced, LTE-A) systems, and can also be used in other wireless communication systems, such as code division Multiple Access (Code Division Multiple Access, CDMA), Time Division Multiple Access (Time Division Multiple Access, TDMA), Frequency Division Multiple Access (Frequency Division Multiple Access, FDMA), Orthogonal Frequency Division Multiple Access (OFDMA) , Single-carrier Frequency Division Multiple Access (SC-FDMA) and other systems. The terms "system" and "network" in the embodiments of this application are often used interchangeably, and the described technology can be used not only for the above-mentioned systems and radio technologies, but also for other systems and radio technologies. The following description describes a New Radio (NR) system for example purposes, and NR terminology is used in much of the following description, but these techniques can also be applied to applications other than NR system applications, such as 6thgeneration Generation, 6G) communication system.
图1示出本申请实施例可应用的一种无线通信系统的框图。无线通信系统包括终端11和网络侧设备12。其中,终端11可以是手机、平板电脑(Tablet Personal Computer)、膝上型电脑(Laptop Computer)或称为笔记本电脑、个人数字助理(Personal DigitalAssistant,PDA)、掌上电脑、上网本、超级移动个人计算机(ultra-mobile personalcomputer,UMPC)、移动上网装置(Mobile Internet Device,MID)、增强现实(augmentedreality,AR)/虚拟现实(virtual reality,VR)设备、机器人、可穿戴式设备(WearableDevice)、车载设备(VUE)、行人终端(PUE)、智能家居(具有无线通信功能的家居设备,如冰箱、电视、洗衣机或者家具等)、游戏机、个人计算机(personal computer,PC)、柜员机或者自助机等终端侧设备,可穿戴式设备包括:智能手表、智能手环、智能耳机、智能眼镜、智能首饰(智能手镯、智能手链、智能戒指、智能项链、智能脚镯、智能脚链等)、智能腕带、智能服装等。需要说明的是,在本申请实施例并不限定终端11的具体类型。网络侧设备12可以包括接入网设备或核心网设备,其中,接入网设备12也可以称为无线接入网设备、无线接入网(Radio Access Network,RAN)、无线接入网功能或无线接入网单元。接入网设备12可以包括基站、WLAN接入点或WiFi节点等,基站可被称为节点B、演进节点B(eNB)、接入点、基收发机站(Base Transceiver Station,BTS)、无线电基站、无线电收发机、基本服务集(BasicService Set,BSS)、扩展服务集(Extended Service Set,ESS)、家用B节点、家用演进型B节点、发送接收点(Transmitting Receiving Point,TRP)或所述领域中其他某个合适的术语,只要达到相同的技术效果,所述基站不限于特定技术词汇,需要说明的是,在本申请实施例中仅以NR系统中的基站为例进行介绍,并不限定基站的具体类型。核心网设备可以包含但不限于以下至少一项:核心网节点、核心网功能、移动管理实体(Mobility ManagementEntity,MME)、接入移动管理功能(Access and Mobility Management Function,AMF)、会话管理功能(Session Management Function,SMF)、用户平面功能(User Plane Function,UPF)、策略控制功能(Policy Control Function,PCF)、策略与计费规则功能单元(Policyand Charging Rules Function,PCRF)、边缘应用服务发现功能(Edge ApplicationServer Discovery Function,EASDF)、统一数据管理(Unified Data Management,UDM),统一数据仓储(Unified Data Repository,UDR)、归属用户服务器(Home SubscriberServer,HSS)、集中式网络配置(Centralized network configuration,CNC)、网络存储功能(Network Repository Function,NRF),网络开放功能(Network Exposure Function,NEF)、本地NEF(Local NEF,或L-NEF)、绑定支持功能(Binding Support Function,BSF)、应用功能(Application Function,AF)等。需要说明的是,在本申请实施例中仅以NR系统中的核心网设备为例进行介绍,并不限定核心网设备的具体类型。FIG1 shows a block diagram of a wireless communication system applicable to an embodiment of the present application. The wireless communication system includes a terminal 11 and a network side device 12 . Among them, the terminal 11 can be a mobile phone, a tablet computer (Tablet Personal Computer), a laptop computer (Laptop Computer) or a notebook computer, a personal digital assistant (Personal Digital Assistant, PDA), a handheld computer, a netbook, an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a mobile Internet device (Mobile Internet Device, MID), augmented reality (augmentedreality, AR)/virtual reality (virtual reality, VR) equipment, a robot, a wearable device (WearableDevice), a vehicle-mounted equipment (VUE), a pedestrian terminal (PUE), a smart home (home equipment with wireless communication functions, such as refrigerators, televisions, washing machines or furniture, etc.), a game console, a personal computer (personal computer, PC), a teller machine or a self-service machine and other terminal side devices, and the wearable device includes: a smart watch, a smart bracelet, a smart headset, a smart glasses, smart jewelry (smart bracelets, smart bracelets, smart rings, smart necklaces, smart anklets, smart anklets, etc.), a smart wristband, a smart clothing, etc. It should be noted that the specific type of the terminal 11 is not limited in the embodiment of the present application. The network side device 12 may include an access network device or a core network device, wherein the access network device 12 may also be referred to as a radio access network device, a radio access network (RAN), a radio access network function or a radio access network unit. The access network device 12 may include a base station, a WLAN access point or a WiFi node, etc. The base station may be referred to as a node B, an evolved node B (eNB), an access point, a base transceiver station (BTS), a radio base station, a radio transceiver, a basic service set (BSS), an extended service set (ESS), a home B node, a home evolved B node, a transmitting and receiving point (TRP) or some other suitable term in the field, as long as the same technical effect is achieved, the base station is not limited to a specific technical vocabulary, it should be noted that in the embodiment of the present application, only the base station in the NR system is used as an example for introduction, and the specific type of the base station is not limited. The core network equipment may include but is not limited to at least one of the following: core network node, core network function, mobility management entity (Mobility Management Entity, MME), access mobility management function (Access and Mobility Management Function, AMF), session management function (Session Management Function, SMF), user plane function (User Plane Function, UPF), policy control function (Policy Control Function, PCF), policy and charging rules function unit (Policy and Charging Rules Function, PCRF), edge application service discovery function (Edge Application Server Discovery Function, EASDF), unified data management (Unified Data Management, UDM), unified data storage (Unified Data Repository, UDR), home user server (Home Subscriber Server, HSS), centralized network configuration (CNC), network storage function (Network Repository Function, NRF), network exposure function (Network Exposure Function, NEF), local NEF (Local NEF, or L-NEF), binding support function (Binding Support Function, BSF), application function (Application Function, AF), etc. It should be noted that in the embodiments of the present application, only the core network device in the NR system is introduced as an example, and the specific type of the core network device is not limited.
下面先介绍本申请实施例中的相关技术点。The relevant technical points in the embodiments of this application are first introduced below.
1、5G网络数据分析服务1. 5G network data analysis service
请参考图2和图3,网络数据分析功能(Network Data Analytics Function,NWDAF)是5G核心网控制面(5GC)网络功能之一,可以根据不同目的与不同的实体进行交互,例如可以执行以下至少一项:Please refer to Figure 2 and Figure 3. Network Data Analytics Function (NWDAF) is one of the 5G core network control plane (5GC) network functions. It can interact with different entities according to different purposes. For example, it can perform at least the following One item:
基于AMF、SMF、PCF、UDM、AF(直接或通过NEF)或OAM(操作、管理、维护)提供的事件订阅来收集数据;Collect data based on event subscriptions provided by AMF, SMF, PCF, UDM, AF (directly or through NEF) or OAM (Operations, Administration, Maintenance);
使用数据收集协调功能(Data Collection Coordination Function,DCCF)进行分析和数据收集;Use the Data Collection Coordination Function (DCCF) for analysis and data collection;
从数据存储库检索信息(例如通过UDM检索用户相关信息的UDR);Retrieve information from a data repository (e.g. UDR to retrieve user-related information via UDM);
从分子数据存储功能(Analytics Data Repository Function,ADRF)存储和检索信息;Store and retrieve information from the Analytics Data Repository Function (ADRF);
从消息框架适配功能(Messaging Framework Adaptor Function,MFAF)分析和数据收集;Analysis and data collection from Messaging Framework Adaptor Function (MFAF);
检索有关NFs的信息(例如,从NRF检索与NFs相关的信息);Retrieve information about NFs (e.g., retrieve information related to NFs from NRF);
根据需求向消费者提供分析;Providing analytics to consumers on demand;
向消费者提供大量数据。Providing consumers with vast amounts of data.
其中,图2中,是NMDAF通过DCCF或MFAF从NF获取数据,图3中是NF通过DCCF或MFAF从NMDAF获取数据分析结果。Among them, in Figure 2, NMDAF obtains data from NF through DCCF or MFAF, and in Figure 3, NF obtains data analysis results from NMDAF through DCCF or MFAF.
2、最小化路测(Minimization of Drive-Test,MDT)中的用户同意处理2. User consent processing in Minimization of Drive-Test (MDT)
无论是基于信令还是基于管理的MDT在激活前都需要获取用户同意。一旦通过UDM获得用户同意,那么激活收集MDT数据,并且网络可根据需要存储和使用MDT数据。因此,现有的MDT user consent(MDT用户同意)同意了收集、存储、使用和分享。所以用户级数据一旦被收集,用户一定程度上是不可控的,进而导致现状是大部分用户都不会同意类似MDT数据收集。未来随着用户级数据使用的广泛需求,用户级数据收集和存储是不可避免的,用户级数据属于用户完全掌控的主权空间。核心网、无线接入网和网络管理系统等都是网络级的服务节点,用户无法按需自主控制。Whether it is signaling-based or management-based MDT, user consent is required before activation. Once user consent is obtained via UDM, collection of MDT data is activated and the network can store and use MDT data as needed. Therefore, the existing MDT user consent consents to collection, storage, use and sharing. Therefore, once user-level data is collected, the user is uncontrollable to a certain extent, which leads to the current situation that most users will not agree to similar MDT data collection. In the future, with the widespread demand for the use of user-level data, user-level data collection and storage are inevitable. User-level data belongs to a sovereign space that is fully controlled by the user. The core network, wireless access network and network management system are all network-level service nodes and cannot be controlled by users on demand.
下面结合附图,通过一些实施例及其应用场景对本申请实施例提供的用户级数据的管理方法、装置、通信设备及可读存储介质进行详细地说明。The following, in conjunction with the accompanying drawings, describes in detail the user-level data management method, apparatus, communication device, and readable storage medium provided in the embodiments of the present application through some embodiments and their application scenarios.
请参考图4,本申请实施例提供一种用户级数据的管理方法,包括:Please refer to Figure 4. This embodiment of the present application provides a user-level data management method, including:
步骤41:用户设备(User Equipment,UE,也可以称为终端)执行第一操作,所述第一操作包括以下至少一项:Step 41: The user equipment (User Equipment, UE, may also be called a terminal) performs a first operation. The first operation includes at least one of the following:
发送第一授权信息,所述第一授权信息用于指示允许或不允许进行第一用户的数据的收集,和/或,指示允许或不允许存储第一用户的数据;Sending first authorization information, where the first authorization information is used to indicate whether to allow or not to collect the data of the first user, and/or to indicate whether to allow or not to store the data of the first user;
发送第二授权信息,所述第二授权信息用于指示允许或不允许提供所述第一用户的数据。Second authorization information is sent, and the second authorization information is used to indicate whether to allow or not to provide the data of the first user.
也就是说,所述第一授权信息用于用户级数据的收集和/或存储的授权,所述第二授权信息用于用户级数据的使用(提供给第三节点,第三节点为用于请求数据的节点,也可以称为数据请求方节点)的授权。That is to say, the first authorization information is used for the authorization of the collection and/or storage of user-level data, and the second authorization information is used for the use of user-level data (provided to the third node, and the third node is used for Authorization of the node requesting data (also called the data requester node).
在有些实施例中,可选的,所述第一授权信息用于指示允许进行第一用户的数据的收集,如果未发送所述第一授权信息则表示不允许进行第一用户的数据的收集。In some embodiments, optionally, the first authorization information is used to indicate that the collection of the first user's data is allowed. If the first authorization information is not sent, it means that the collection of the first user's data is not allowed. .
在有些实施例中,可选的,所述第一授权信息可以指示允许或不允许进行第一用户的数据的收集,当所述第一授权信息指示允许时,可以进行第一用户的数据的收集,当所述第一授权信息指示不允许时,则不能进行第一用户的数据的收集。In some embodiments, optionally, the first authorization information may indicate whether to allow or disallow the collection of the first user's data. When the first authorization information indicates permission, the first user's data may be collected. Collection, when the first authorization information indicates that it is not allowed, the collection of the first user's data cannot be performed.
可选的,所述发送第一授权信息,是指向被授权收集和/或存储第一用户的数据的节点发送第一授权信息。可以是直接发送,也可以是通过其他网络功能发送。Optionally, sending the first authorization information means sending the first authorization information to a node authorized to collect and/or store the first user's data. It can be sent directly or through other network functions.
可选的,所述发送第二授权信息,是指向被授权收集和/或存储第一用户的数据的节点发送第一授权信息。可以是直接发送,也可以是通过其他网络功能发送。Optionally, sending the second authorization information means sending the first authorization information to a node authorized to collect and/or store the first user's data. It can be sent directly or through other network functions.
可选的,所述允许或不允许进行第一用户的数据的收集的指示中,可以携带具体的被授权收集所述第一用户的数据的节点的标识(如用户指定节点时),也可以不携带,例如由预定的共享的网络功能(如AMF等)收集所述第一用户的数据时。Optionally, the indication of allowing or disallowing the collection of the first user's data may carry the identification of a specific node authorized to collect the first user's data (such as when the user specifies a node), or may Not carried, for example, when the first user's data is collected by a predetermined shared network function (such as AMF, etc.).
可选的,所述允许或不允许存储第一用户的数据的指示中,可以携带具体的被授权存储所述第一用户的数据的节点的标识(如用户指定节点时),也可以不携带,例如由预定的共享的网络功能(如NRF等)存储所述第一用户的数据时。Optionally, the indication of allowing or disallowing storage of the first user's data may carry the identification of a specific node authorized to store the first user's data (such as when the user specifies a node), or may not carry , for example, when the first user's data is stored by a predetermined shared network function (such as NRF, etc.).
可选的,所述允许或不允许提供所述第一用户的数据的指示中,可以携带具体的被授权收集和/或存储所述第一用户的数据的节点的标识(如用户指定节点时),也可以不携带(如采用由预定的共享的网络功能收集和/或存储所述第一用户的数据时)。Optionally, the indication of allowing or disallowing the provision of the first user's data may carry the identification of a specific node authorized to collect and/or store the first user's data (such as when the user specifies a node). ), or may not be carried (such as when using a predetermined shared network function to collect and/or store the first user's data).
在本申请实施例中,由用户授权用户级数据的收集、存储和/或使用,而非由网络决定如何对收集的用户级数据进行存储和使用,满足用户本身对自身数据的需求,提高用户对自身数据的控制程度。In the embodiment of this application, the user authorizes the collection, storage and/or use of user-level data, rather than the network deciding how to store and use the collected user-level data, so as to meet the user's own needs for their own data and improve the user's The degree of control you have over your own data.
本申请实施例中,可选的,所述第一用户的数据包括以下至少一项:In this embodiment of the present application, optionally, the first user's data includes at least one of the following:
1)所述第一用户的一个或多个用户设备产生的数据;1) Data generated by one or more user equipments of the first user;
可选的,第一用户的一个或多个用户设备包括以下至少一项:手机、手表、眼镜、触觉设备等。所述用户设备既可以采用3GPP接入发送第一用户的数据,也可以采用非3GPP(non-3GPP)接入。3GPP接入包括4G(LTE)、5G(NR)、6G等,non-3GPP接入包括WLAN,Bluetooth(蓝牙)和有线网络等。所述用户设备提供的数据可能包括两类:一类是用户设备中调制解调器提供的与接入网络相关的用户数据,如4G modem、5Gmodem和/或Wi-Fi处理器等提供的下行参考信号接收功率(Reference Signal Received Power,RSRP)、下行参考信号接收质量(Reference Signal Received Quality,RSRQ)、信道状态信息(Channel StateInformation,CSI)、时延、角度和/或多普勒等,另一类是用户设备中其他模块或应用功能提供的用户数据,如GPS模块、某APP、陀螺仪和/或摄像头提供的位置信息、用户体验数据(如视频业务的体验质量(Quality of Experience,QoE))、围绕设备的x、y和z轴的旋转速率(弧度/秒)和/或图片等。Optionally, one or more user devices of the first user include at least one of the following: a mobile phone, a watch, glasses, a tactile device, etc. The user equipment may use 3GPP access to send the first user's data, or may use non-3GPP (non-3GPP) access. 3GPP access includes 4G (LTE), 5G (NR), 6G, etc., and non-3GPP access includes WLAN, Bluetooth (Bluetooth), and wired networks. The data provided by the user equipment may include two categories: one is user data related to the access network provided by the modem in the user equipment, such as downlink reference signal reception provided by 4G modem, 5G modem and/or Wi-Fi processor, etc. Power (Reference Signal Received Power, RSRP), downlink reference signal received quality (Reference Signal Received Quality, RSRQ), channel state information (Channel State Information, CSI), delay, angle and/or Doppler, etc. The other type is User data provided by other modules or application functions in the user device, such as GPS module, location information provided by an APP, gyroscope and/or camera, user experience data (such as Quality of Experience (QoE) of video services), Rotation rate (rad/second) about the device's x, y, and z axes and/or image, etc.
2)网络功能产生的与第一用户标识关联的数据;2) Data generated by network functions associated with the first user identification;
所述网络功能包括无线接入网功能和/或核心网功能,网络功能产生的与第一用户标识关联的数据例如为协议中定义的用户级的测量数据,如上行RSRP、RSRQ、上行吞吐量和/或下行吞吐量等。The network function includes a wireless access network function and/or a core network function. The data generated by the network function and associated with the first user identity is, for example, user-level measurement data defined in the protocol, such as uplink RSRP, RSRQ, and uplink throughput. and/or downlink throughput, etc.
3)应用功能产生的与第一用户标识关联的数据。3) Data generated by the application function and associated with the first user identification.
所述应用功能主要指部署于应用服务提供商服务器的应用功能,根据应用功能不同,潜在可提供的用户数据包括位置信息、浏览记录和/或视频内容分类等。The application functions mainly refer to the application functions deployed on the application service provider server. Depending on the application functions, the user data that may be provided may include location information, browsing history and/or video content classification, etc.
本申请实施例中,可选的,所述第一用户标识包括所述第一用户的标识和/或所述第一用户的用户设备的标识。In this embodiment of the present application, optionally, the first user identification includes the identification of the first user and/or the identification of the user equipment of the first user.
本申请实施例中,可选的,其中第一用户标识包括以下至少一项:In this embodiment of the present application, optionally, the first user identification includes at least one of the following:
1)移动台国际用户识别码(Mobile Station International SubscriberDirectory Number,MSISDN,俗称手机号码);1) Mobile Station International Subscriber Directory Number (MSISDN, commonly known as mobile phone number);
2)国际移动用户识别码(International Mobile Subscriber Identity,IMSI);2) International Mobile Subscriber Identity (IMSI);
3)用户永久标识符(Subscription Permanent Identifier,SUPI);3) User Permanent Identifier (Subscription Permanent Identifier, SUPI);
4)用户隐私标识符(Subscription Concealed Identifier,SUCI),SUCI是包含隐藏SUPI的保护隐私标识符;4) User Privacy Identifier (Subscription Concealed Identifier, SUCI), SUCI is a privacy-protecting identifier that contains hidden SUPI;
5)全局唯一的临时UE标识(Globally Unique Temporary Identifier,GUTI),5G称为5G GUTI;5) Globally Unique Temporary Identifier (GUTI), 5G is called 5G GUTI;
6)永久设备标识符(Permanent Equipment Identifier,PEI),PEI定义用来为3GPP UE进入5G系统,如果UE支持至少一种3GPP接入技术(即NG-RAN/5G,E-UTRAN/4G,UTRAN/3G,GERAN/EDGE/2.5G),则必须为UE分配国际移动设备识别码(internationalmobile equipment identity,IMEI,通常所述的手机序列号)或MEISV格式的PEI。6) Permanent Equipment Identifier (PEI), PEI is defined as a 3GPP UE to enter the 5G system, if the UE supports at least one 3GPP access technology (i.e. NG-RAN/5G, E-UTRAN/4G, UTRAN /3G, GERAN/EDGE/2.5G), the UE must be assigned an international mobile equipment identity (IMEI, commonly referred to as a mobile phone serial number) or PEI in MEISV format.
7)通用公共用户标识符(Generic Public Subscription Identifier,GPSI)。需要GPSI来处理3GPP系统外部不同数据网络(DN)中的EGPP用户。3GPP系统在用户数据内存池GPSI和对应的SUPI之间的关联。可以是前述MSISDN、外部IP地址等。7) Generic Public Subscription Identifier (GPSI). GPSI is required to handle EGPP users in different data networks (DNs) outside the 3GPP system. The 3GPP system associates the user data memory pool GPSI with the corresponding SUPI. It can be the aforementioned MSISDN, external IP address, etc.
8)RAN UE NGAP ID,gNB内的NG接口上唯一标识UE,在逻辑NG-RAN节点内应该是唯一的。4G中与此对应的是eNB UE S1AP ID。8) RAN UE NGAP ID, uniquely identifies the UE on the NG interface within the gNB, and should be unique within the logical NG-RAN node. Corresponding to this in 4G is the eNB UE S1AP ID.
9)AMF UE NGAP ID,用于在AMF中标识UE。4G中与此对应的是MME UE S1AP ID。9) AMF UE NGAP ID, used to identify the UE in AMF. Corresponding to this in 4G is the MME UE S1AP ID.
10)6G网络用户标识(类似IMSI或SUPI的永久标识)。10) 6G network user identity (a permanent identity similar to IMSI or SUPI).
11)无线接入网内的临时标识,如RA-RNTI,TC-RNTI,C-RNTI,CS-RNTI,MSC-RNTI等,这些临时标识用于无线接入网设备提供数据时使用。本申请实施例中,当用户级数据存储于第二节点时,如果该数据对应的是临时标识,那么关联转换至前述某一持久性标识,以便于采用不同用户标识的数据易于第二节点中识别,避免临时标识改变后无法识别是哪一个UE的数据。11) Temporary identifiers in the wireless access network, such as RA-RNTI, TC-RNTI, C-RNTI, CS-RNTI, MSC-RNTI, etc. These temporary identifiers are used when the wireless access network device provides data. In the embodiment of the present application, when the user-level data is stored in the second node, if the data corresponds to a temporary identifier, then the association is converted to a certain persistent identifier mentioned above, so that the data using different user identifiers can be easily identified in the second node, avoiding the inability to identify which UE's data is after the temporary identifier is changed.
12)临时移动用户标识(Temporary Mobile Subscriber Identities,TMSI);12) Temporary Mobile Subscriber Identities (TMSI);
13)分组临时移动用户标识(Packet-Temporary Mobile SubscriberIdentities,P-TMIS);13) Packet-Temporary Mobile SubscriberIdentities (P-TMIS);
14)账号,如应用功能账号apple ID,微信账号等;14) Account, such as application function account apple ID, WeChat account, etc.;
15)姓名;15) Name;
16)身份证号;16) ID number;
17)护照号。17) Passport number.
本申请实施例中,可选的,所述第一操作还包括:In this embodiment of the present application, optionally, the first operation further includes:
发送第一配置信息(也可以称为数据收集配置信息)。Send first configuration information (which may also be called data collection configuration information).
可选的,向用于收集所述第一用户的数据的节点发送第一配置信息。Optionally, send the first configuration information to a node used to collect data of the first user.
其中,所述第一配置信息包括以下至少一项:The first configuration information includes at least one of the following:
1)数据收集标识,用于指示进行所述第一用户的数据的收集;1) Data collection identifier, used to instruct the collection of data of the first user;
2)数据收集信息,所述数据收集信息包括以下至少一项:需收集的参数列表,数据收集的触发条件,数据收集的采样率;2) Data collection information, which includes at least one of the following: a list of parameters to be collected, trigger conditions for data collection, and sampling rate for data collection;
本申请实施例中,可选的,需收集的参数列表可以通过字符型来表示,或者,通过预定义的参数或参数列表标识来标识。In this embodiment of the present application, optionally, the parameter list to be collected can be represented by a character type, or can be identified by a predefined parameter or parameter list identifier.
本申请实施例中,可选的,数据收集的触发条件可以为任意情况(一旦接受,在修改或删除前的时间内任意情况均一直需要上报所订阅的数据),或有效时间(例如在指定时间区间,例如某年某月某日到某年某月某日),或通过字符型或预定义的触发条件,例如UE移动处于某个地理位置区域,小区物理资源块(Physical Resource Block,PRB)利用率大于50%,UE切换成功率低于90%等。In the embodiment of this application, optionally, the triggering condition for data collection can be any situation (once accepted, the subscribed data needs to be reported in any situation before modification or deletion), or a valid time (for example, within a specified period of time) time interval, such as a certain year and a certain day of a certain month to a certain year and a certain day of the month), or through character type or predefined trigger conditions, such as the UE moves in a certain geographical location area, the cell physical resource block (PRB) ) utilization rate is greater than 50%, UE handover success rate is less than 90%, etc.
本申请实施例中,可选的,数据收集的采样率是指每多长时间收集一次数据。In the embodiment of this application, optionally, the sampling rate of data collection refers to how often data is collected.
3)第二节点的指示信息,所述第二节点为被授权存储所述第一用户的数据的节点;3) Instruction information of the second node, the second node being the node authorized to store the data of the first user;
一种隐式的第二节点指示方案是数据的存储节点就是数据的收集节点(第一节点)。An implicit second node indication scheme is that the data storage node is the data collection node (the first node).
一种显式的第二节点指示方案是在所述第一配置信息中显式表示第二节点,如以第二节点标识表示,另一种表示方式是以传输层地址(Transport Layer Address)和端口号(port)的方式表示第二节点。An explicit second node indication scheme is to explicitly represent the second node in the first configuration information, such as by using a second node identifier. Another way of expressing it is by using a Transport Layer Address (Transport Layer Address) and The port number (port) represents the second node.
一种预置参数的第二节点方案是根据数据提供方预置的参数确定第二节点,例如若需要存储的参数为位置信息,对应的第二节点的标识为A,若需要存储的参数为上行吞吐量和上行信道信息,对应的第二节点的标识为B。A second node solution with preset parameters is to determine the second node based on the parameters preset by the data provider. For example, if the parameter that needs to be stored is location information, the identifier of the corresponding second node is A. If the parameter that needs to be stored is Uplink throughput and uplink channel information, the corresponding identifier of the second node is B.
4)数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;4) Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
本申请实施例中,可选的,数据可信证明指示可以包括以下至少一项:用于指示是否需要网络功能提供所述第一用户的数据的可信证明,以及,用于指示接收到第一用户的数据的节点是否需要提供所述第一用户的可信证明。接收到第一用户的数据的节点包括收集第一用户的数据的节点。In this embodiment of the present application, optionally, the data trustworthy proof indication may include at least one of the following: indicating whether a network function is required to provide trustworthy proof of the first user's data; and indicating receiving the third user's data. Whether the node of a user's data needs to provide trustworthy proof of the first user. The nodes that receive the first user's data include nodes that collect the first user's data.
本申请实施例中,若数据可信证明指示用于指示需要网络功能提供所述第一用户的数据的可信证明,可以包括两种方式:一种是由可信的网络功能直接提供所述第一用户的数据,另外一种是,用户设备和/或应用功能将第一用户的数据上报给网络功能,由网络功能对第一用户的数据进行复验,如果复验结果表示第一用户的数据可信,则网络功能可以为第一用户的数据添加可信标签,并提供给用户设备和/或应用功能和/或提供给收集和/或存储第一用户的数据的节点。In an embodiment of the present application, if the data trustworthy proof indication is used to indicate that a network function is required to provide a trustworthy proof of the data of the first user, it may include two methods: one is that a trusted network function directly provides the data of the first user, and the other is that a user device and/or an application function reports the data of the first user to the network function, and the network function rechecks the data of the first user. If the recheck result indicates that the data of the first user is trustworthy, the network function may add a trustworthy label to the data of the first user and provide it to the user device and/or the application function and/or to a node that collects and/or stores the data of the first user.
5)防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理;5) Anti-tampering indication, used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or indicate whether the received data of the first user needs to be anti-tampered. tampering;
所述数据提供方包括用户设备、应用功能和/或网络功能。The data providers include user equipment, application functions and/or network functions.
其中,指示是否需要对接收到的所述第一用户的数据进行防篡改处理是指:指示用于收集所述第一用户的数据的节点是否需要对接收到的所述第一用户的数据进行防篡改处理。Wherein, indicating whether it is necessary to perform anti-tampering processing on the received data of the first user means: indicating whether the node used to collect the data of the first user needs to perform anti-tampering processing on the received data of the first user. Tamper-proof treatment.
6)数据报告方式的指示,用于指示数据提供方上报所述第一用户的数据的方式。6) Instruction of data reporting method, used to instruct the data provider to report the method of the first user's data.
可选的,数据报告方式包括以下至少一项:以某一时间周期上报,以某一长度的数据上报,以数据提供方最快的上报频率上报,以最大时间间隔不超过某个时间等。Optionally, the data reporting method includes at least one of the following: reporting in a certain time period, reporting in a certain length of data, reporting in the fastest reporting frequency of the data provider, reporting in a maximum time interval not exceeding a certain time, etc.
其中数据报告方式的指示方式包括:The instructions for data reporting methods include:
一种显式的数据报告方式的指示方案是在所述第一配置信息中显示表示数据报告的方式,如周期上报等。An explicit indication scheme of the data reporting method is to display the data reporting method in the first configuration information, such as periodic reporting.
一种预置参数的数据报告方式的指示方案是根据数据提供方预置的参数确定数据报告方式,例如数据报告方式与数据报告接收方一一对应,潜在的方案可以是接收位置信息的第二节点是周期上报,接收上行吞吐量和上行信道信息的第二节点是以某一数据长度上报。An indication scheme for a data reporting method with preset parameters is to determine the data reporting method according to the parameters preset by the data provider. For example, the data reporting method corresponds one-to-one to the data report recipient. A potential scheme may be that the second node receiving the location information reports periodically, and the second node receiving the uplink throughput and uplink channel information reports with a certain data length.
本申请实施例中,可选的,所述第一操作还包括:发送第二配置信息(也可以称为数据存储配置信息)。In the embodiment of the present application, optionally, the first operation also includes: sending second configuration information (also referred to as data storage configuration information).
可选的,向用于存储所述第一用户的数据的节点发送第二配置信息。Optionally, send second configuration information to a node used to store data of the first user.
其中,所述第二配置信息包括以下至少一项:Wherein, the second configuration information includes at least one of the following:
1)数据存储表指示;1) Data storage table indication;
例如可以包括:数据存储表的名称(如实时位置存储表)和/或数据存储表标识符(如table I)等。For example, it may include: the name of the data storage table (such as the real-time location storage table) and/or the data storage table identifier (such as table I), etc.
2)数据存储时长;2) Data storage duration;
即数据保存的时间长度。超过所设置的数据存储时长的数据,将会被删除。That is, the length of time the data is stored. Data that exceeds the set data storage length will be deleted.
3)数据存储大小;3) Data storage size;
即数据存储的空间大小。超过所设置的数据存储大小,将不再存储新的数据。That is, the size of data storage space. If the set data storage size is exceeded, new data will no longer be stored.
4)数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;4) a data credibility proof indication, used to indicate whether it is necessary to provide credibility proof of the data of the first user;
本申请实施例中,可选的,数据可信证明指示可以包括以下至少一项:用于指示是否需要网络功能提供所述第一用户的数据的可信证明,以及,用于指示接收到第一用户的数据的节点是否需要提供所述第一用户的可信证明。接收到第一用户的数据的节点包括存储第一用户的数据的节点。In an embodiment of the present application, optionally, the data trustworthy proof indication may include at least one of the following: used to indicate whether a network function is required to provide a trustworthy proof of the data of the first user, and used to indicate whether a node that receives the data of the first user is required to provide a trustworthy proof of the first user. The node that receives the data of the first user includes a node that stores the data of the first user.
本申请实施例中,若数据可信证明指示用于指示需要网络功能提供所述第一用户的数据的可信证明,可以包括两种方式:一种是由可信的网络功能直接提供所述第一用户的数据,另外一种是,用户设备和/或应用功能将第一用户的数据上报给网络功能,由网络功能对第一用户的数据进行复验,如果复验结果表示第一用户的数据可信,则网络功能可以为第一用户的数据添加可信标签,并提供给用户设备和/或应用功能和/或提供给收集和/或存储第一用户的数据的节点。In the embodiment of the present application, if the data trustworthy proof indication is used to indicate that a network function is required to provide trustworthy proof of the first user's data, it may include two methods: one is to have the trusted network function directly provide the trustworthy proof of the first user's data. The data of the first user. Another method is that the user equipment and/or application function reports the data of the first user to the network function, and the network function rechecks the data of the first user. If the recheck result indicates that the first user If the data is trustworthy, the network function can add a trusted label to the first user's data and provide it to the user device and/or application function and/or to the node that collects and/or stores the first user's data.
5)防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理。5) Anti-tampering indication, used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or indicate whether the received data of the first user needs to be anti-tampered. Tamper handling.
所述数据提供方包括用户设备、应用功能和/或网络功能。The data providers include user equipment, application functions and/or network functions.
其中,指示是否需要对接收到的所述第一用户的数据进行防篡改处理是指:指示用于存储所述第一用户的数据的节点是否需要对接收到的所述第一用户的数据进行防篡改处理。本申请实施例中,可选的,所述第二授权信息(也可以称为授权配置信息)包括以下至少一项:Wherein, indicating whether it is necessary to perform anti-tampering processing on the received data of the first user means: indicating whether the node used to store the data of the first user needs to perform anti-tampering processing on the received data of the first user. Tamper-proof treatment. In this embodiment of the present application, optionally, the second authorization information (which may also be called authorization configuration information) includes at least one of the following:
1)允许或不允许提供数据的指示信息;1) Instructions for allowing or disallowing data provision;
允许或不允许提供数据可以包括允许或不允许向第三节点提供数据。即指示出具体的接收节点。Allowing or disallowing the provision of data may include allowing or disallowing the provision of data to a third node. That is, the specific receiving node is indicated.
2)授权类型,所述授权类型包括以下至少一项:基于签约信息的授权,基于请求和反馈的授权,基于凭证的授权;2) Authorization type, which includes at least one of the following: authorization based on contract information, authorization based on requests and feedback, and authorization based on credentials;
3)授权凭证;如验证码、二维码或token等。3) Authorization credentials; such as verification code, QR code or token, etc.
4)授权凭证的有效时长。4) The validity period of the authorization certificate.
授权凭证的有效时长可以是绝对时间或相对时间,例如第一节点(被授权进行数据收集的节点)或第二节点(被授权进行数据存储的节点)接收到凭证后15分钟有效,或者未来某天的某段时间有效。The validity period of the authorization certificate can be absolute time or relative time. For example, the first node (a node authorized to collect data) or the second node (a node authorized to store data) will be valid for 15 minutes after receiving the certificate, or it will be valid for some time in the future. Valid for a certain period of the day.
本申请实施例中,可选的,所述第一操作还包括:向发送第三配置信息(也可以称为数据使用配置信息)。In this embodiment of the present application, optionally, the first operation further includes: sending third configuration information (which may also be called data usage configuration information) to .
可选的,向用于收集所述第一用户的数据的节点和/或存储所述第一用户的数据的节点发送第三配置信息。Optionally, send third configuration information to a node used to collect data of the first user and/or a node that stores data of the first user.
所述第三配置信息包括以下至少一项:The third configuration information includes at least one of the following:
1)第三节点的标识,所述第三节点为数据请求方节点;1) The identification of the third node, which is the data requester node;
第三节点为接收数据的节点,所述第三节点的标识可采用网络功能标识、IP地址和/或端口号、用户指定凭证等。The third node is a node that receives data. The identifier of the third node may be a network function identifier, IP address and/or port number, user-specified credentials, etc.
2)是否对提供的所述第一用户的数据进行加密的指示;2) Instructions on whether to encrypt the provided data of the first user;
可选的,是否对提供的所述第一用户的数据进行加密的指示中还可以包括加密算法配置和密钥(key)配置。Optionally, the indication of whether to encrypt the provided data of the first user may also include encryption algorithm configuration and key configuration.
3)是否对提供的所述第一用户的数据进行完整性保护的指示;3) Instructions on whether to integrity-protect the provided data of the first user;
可选的,是否对提供的所述第一用户的数据进行完整性保护的指示中还包括完整性保护算法配置和密钥(key)配置。Optionally, the indication of whether to perform integrity protection on the provided data of the first user also includes integrity protection algorithm configuration and key configuration.
4)是否对提供的所述第一用户的数据添加数字签名的指示;4) an indication of whether to add a digital signature to the provided data of the first user;
可选的,是否对提供的所述第一用户的数据添加数字签名的指示中还包括数字签名算法配置。Optionally, the indication of whether to add a digital signature to the provided data of the first user also includes a digital signature algorithm configuration.
数字签名是防止数据被篡改Digital signatures prevent data from being tampered with.
5)是否对提供的所述第一用户的数据进行脱敏的指示;5) Instructions on whether to desensitize the provided data of the first user;
可选的,是否对提供的所述第一用户的数据进行脱敏的指示中还可以包括脱敏规则,例如电话号码为敏感信息。Optionally, the indication of whether to desensitize the provided data of the first user may also include a desensitization rule, for example, the telephone number is sensitive information.
脱敏是针对定义的敏感数据(配置脱敏规则)进行脱敏,不输出敏感数据。Masking is to mask the defined sensitive data (configured masking rules) without outputting sensitive data.
6)是否对提供的所述第一用户的数据添加数据水印的指示。6) An indication of whether to add a data watermark to the provided data of the first user.
数据水印是指在数据提供给数据需求方时在数据中插入特殊数据或对部分数据进行处理(例如在某些数据上加上一个微小的特定特征的随机数),不影响数据使用并且是面向数据需求方特有的特征,那么在数据发生泄漏时可根据所述特殊数据特征来确定是哪个数据需求方的数据发生了泄漏。Data watermarking refers to inserting special data in the data or processing part of the data when the data is provided to the data demander (for example, adding a small random number with specific characteristics to some data), which does not affect the use of the data and is oriented to Characteristics unique to the data demander, then when data is leaked, it can be determined based on the special data characteristics which data demander's data is leaked.
本申请实施例中,可选的,所述用户级数据的管理方法还包括:所述用户设备发送所述第一用户的数据。In the embodiment of the present application, optionally, the method for managing user-level data further includes: the user equipment sending the data of the first user.
本申请实施例中,可选的,所述用户设备发送所述第一用户的数据包括:In this embodiment of the present application, optionally, the user equipment sending the first user's data includes:
所述用户设备对所述第一用户的数据进行防篡改处理;The user equipment performs tamper-proof processing on the data of the first user;
所述用户设备发送防篡改处理后的数据和/或防篡改相关信息,所述防篡改相关信息包括至少一项:The user equipment sends the tamper-proof data and/or tamper-proof related information, where the tamper-proof related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been treated to prevent tampering;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate the parameters.
可选的,所述用户设备用于收集所述第一用户的数据的节点和/或存储所述第一用户的数据的节点向发送防篡改处理后的数据和/或防篡改相关信息。Optionally, the node used by the user equipment to collect the first user's data and/or the node that stores the first user's data sends tamper-resistant processed data and/or tamper-resistant related information.
本申请实施例中,可选的,防篡改方式包括以下至少一种:In the embodiment of this application, optional anti-tampering methods include at least one of the following:
1)对数据进行权限管理,设置为不可修改数据。1) Perform permission management on the data and set it so that the data cannot be modified.
2)对数据添加数据校验位,数据校验位是为了保证数据在传输过程中的完整性,采用一种指定的算法对原始数据进行计算,得出一个校验值。接收方接收到数据时,采用同样的校验算法对原始数据进行计算,如果计算结果和接收到的校验值一致,说明数据校验正确。如果不一致则说明数据被篡改或传输错误。校验算法有奇偶校验、校验和、循环冗余校验(Cyclic redundancy check,CRC),纵向冗余校验(Longitudinal Redundancy Check,LRC)、信息组校验码(Block Check Character,BCC)等。2) Add a data check digit to the data. The data check digit is to ensure the integrity of the data during transmission. A specified algorithm is used to calculate the original data and obtain a check value. When the receiver receives the data, it uses the same verification algorithm to calculate the original data. If the calculation result is consistent with the received verification value, it means that the data verification is correct. If they are inconsistent, the data has been tampered with or transmitted incorrectly. Check algorithms include parity check, checksum, cyclic redundancy check (Cyclic redundancy check, CRC), longitudinal redundancy check (Longitudinal Redundancy Check, LRC), and block check character (Block Check Character, BCC). wait.
循环冗余校验(CRC)是移动通信系统中普遍采用的方式,是一种根据网络数据封包或电脑档案等数据产生简短固定位数验证码的一种散列函数,主要用来检测或校验数据传输或者保存后可能出现的错误。CRC参数模型包括如下信息:Cyclic redundancy check (CRC) is a commonly used method in mobile communication systems. It is a hash function that generates a short fixed-digit verification code based on network data packets or computer files. It is mainly used to detect or verify Verify errors that may occur after data transmission or saving. The CRC parameter model includes the following information:
NAME:参数模型名称。NAME: parameter model name.
WIDTH:宽度,即生成的CRC数据位宽,如CRC-8,生成的CRC为8位。WIDTH: width, that is, the bit width of the generated CRC data. For example, CRC-8 generates 8 bits of CRC.
POLY:十六进制多项式,省略最高位1,如x8+x2+x+1,二进制为1 0000 0111,省略最高位1,转换为十六进制为0x07。POLY: Hexadecimal polynomial, omit the highest digit 1, such as x8+x2+x+1, the binary system is 1 0000 0111, omit the highest digit 1, and convert to hexadecimal system 0x07.
INIT:CRC初始值,和WIDTH位宽一致。INIT: CRC initial value, consistent with WIDTH bit width.
REFIN:true或false,在进行计算之前,原始数据是否翻转,如原始数据:0x34=00110100,如果REFIN为true,进行翻转之后为0010 1100=0x2c。REFIN: true or false, whether the original data is flipped before calculation, such as original data: 0x34=00110100, if REFIN is true, after flipping it is 0010 1100=0x2c.
REFOUT:true或false,运算完成之后,得到的CRC值是否进行翻转,如计算得到的CRC值:0x97=1001 0111,如果REFOUT为true,进行翻转之后为11101001=0xE9。REFOUT: true or false. After the operation is completed, whether the obtained CRC value is flipped. For example, the calculated CRC value is: 0x97=1001 0111. If REFOUT is true, after flipping, it is 11101001=0xE9.
XOROUT:计算结果与此参数进行异或运算后得到最终的CRC值,和WIDTH位宽一致。XOROUT: The calculation result is XORed with this parameter to obtain the final CRC value, which is consistent with the WIDTH bit width.
计算正确的CRC值需要知道参数模型。在一些实施例中,网络功能可基于第一用户的数据计算CRC作为校验值一并存储,CRC的参数值只有网络功能知道,用户或用户设备不知道。如果用户需网络提供可信证明给用户数据需求方时,网络提供计算CRC所需的具体参数,那么用户数据需求方根据CRC参数计算CRC,如果一致则说明数据可信。Calculating the correct CRC value requires knowledge of the parametric model. In some embodiments, the network function can calculate a CRC based on the first user's data and store it as a check value. The parameter value of the CRC is only known by the network function and not by the user or the user equipment. If the user requires the network to provide trustworthy proof to the user data demander, and the network provides the specific parameters required to calculate the CRC, then the user data demander calculates the CRC based on the CRC parameters. If they are consistent, the data is credible.
3)对数据添加数字签名,数字签名方案是一种以电子形式存储消息签名的方法。一个完整的数字签名方案应该由两部分组成:签名算法和验证算法。一种潜在的方式是发送端将第一用户的数据进行哈希运算(如MD5),得到数字摘要,然后发送端用私钥,采用非对称加密算法对数字摘要进行加密,得到数字签名。接收端用发送端的公钥解密数字签名,得到数字摘要1,并将接收到的第一用户的数据做同样的哈希运算得到数字摘要2。如果两个数字摘要一致,那么认为数据未被篡改。上述举例所述的哈希算法MD5消息摘要算法属于Hash算法一类。MD5算法对输入任意长度的消息进行运算,产生一个128位的消息摘要。MD5主要特点包括不可逆(即相同数据的MD5值肯定一样,不同数据的MD5值不一样,想找到两个不同的数据具有相同的MD5值,是非常困难的压缩性:任意长度的数据计算出的MD5值长度都是固定的),容易计算(原数据计算出MD5值很容易),抗修改性(对原数据进行任何改动,哪怕只修改一个字节,所得到的MD5值都有很大差别),弱抗碰撞(已知原始数据和MD5值,想找到一个具有相同MD5值的数据(即伪造数据)是非常困难的)。数字签名过程中是有一对公钥和私钥,传输之前用私钥加密,任何人都可以用公钥解密,但是不掌握私钥的人,想把解密后的文件再加密回原始状态是不可能的,这样就保证了其不可篡改。3) Add a digital signature to the data. A digital signature scheme is a method of storing message signatures in electronic form. A complete digital signature scheme should consist of two parts: signature algorithm and verification algorithm. One potential way is that the sending end performs a hash operation (such as MD5) on the first user's data to obtain a digital digest, and then the sending end uses the private key to encrypt the digital digest using an asymmetric encryption algorithm to obtain a digital signature. The receiving end uses the public key of the sending end to decrypt the digital signature to obtain digital digest 1, and performs the same hash operation on the received first user's data to obtain digital digest 2. If the two digital digests match, the data is considered not tampered with. The hash algorithm MD5 message digest algorithm described in the above example belongs to the category of Hash algorithms. The MD5 algorithm operates on an input message of any length and produces a 128-bit message digest. The main features of MD5 include irreversibility (that is, the MD5 value of the same data must be the same, and the MD5 value of different data is different. It is very difficult to find two different data with the same MD5 value. Compressibility: calculated for data of any length The length of the MD5 value is fixed), easy to calculate (it is easy to calculate the MD5 value from the original data), and resistant to modification (if any changes are made to the original data, even if only one byte is modified, the resulting MD5 value will be very different. ), weak collision resistance (the original data and MD5 value are known, and it is very difficult to find data with the same MD5 value (that is, forged data)). There is a pair of public and private keys in the digital signature process. The private key is used to encrypt before transmission. Anyone can use the public key to decrypt. However, it is not possible for someone who does not have the private key to encrypt the decrypted file back to its original state. possible, thus ensuring that it cannot be tampered with.
本申请的一些实施例中,用户在授权对用户级数据进行收集、存储和/或提供时,可以不指定具体执行收集、存储和/或提供的节点,而是授权公共的网络功能执行用户级数据的收集、存储和/或提供。In some embodiments of the present application, when authorizing the collection, storage, and/or provision of user-level data, the user may not specify the node that specifically performs collection, storage, and/or provision, but instead authorizes the public network function to perform user-level data collection, storage, and/or provision. Collection, storage and/or provision of data.
在一些实施例中,用户在授权对用户级数据进行收集、存储和/或提供时,也可以指定具体的节点,授权指定的节点执行用户级数据的收集、存储和/或提供。In some embodiments, when authorizing the collection, storage and/or provision of user-level data, the user can also specify a specific node and authorize the designated node to perform the collection, storage and/or provision of user-level data.
即,在一些实施例中,可选的,所述第一授权信息用于指示允许或不允许第一节点进行所述第一用户的数据的收集,或者,指示允许或不允许第二节点存储所述第一用户的数据,或者,允许或不允许第一节点进行所述第一用户的数据的收集并将收集的所述第一用户的数据存储至第二节点。That is, in some embodiments, optionally, the first authorization information is used to indicate whether the first node is allowed or not allowed to collect the first user's data, or to indicate whether the second node is allowed or not allowed to store the data. The first user's data, or the first node is allowed or not allowed to collect the first user's data and store the collected first user's data in the second node.
可选的,所述第一授权信息用于指示允许第一节点进行所述第一用户的数据的收集,或者,允许第一节点进行所述第一用户的数据的收集并将收集的所述第一用户的数据存储至第二节点时,所述第一操作还包括:向所述第一节点发送第一配置信息,所述第一配置信息包括以下至少一项:Optionally, the first authorization information is used to indicate that the first node is allowed to collect the data of the first user, or when the first node is allowed to collect the data of the first user and store the collected data of the first user in the second node, the first operation further includes: sending first configuration information to the first node, the first configuration information including at least one of the following:
数据收集标识,用于指示进行所述第一用户的数据的收集;A data collection identifier, used to indicate that the data of the first user is to be collected;
数据收集信息,所述数据收集信息包括以下至少一项:需收集的参数列表,数据收集的触发条件,数据收集的采样率;Data collection information, which includes at least one of the following: a list of parameters to be collected, trigger conditions for data collection, and sampling rate for data collection;
第二节点的指示信息,所述第二节点为被授权存储所述第一用户的数据的节点;Instruction information of a second node, which is a node authorized to store the first user's data;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要所述第一节点对接收到的所述第一用户的数据进行防篡改处理;Anti-tampering indication, used to indicate whether the data provider is required to perform anti-tampering processing on the reported data of the first user, and/or indicate whether the first node is required to perform anti-tampering processing on the received data of the first user. Data is tamper-proof;
数据报告方式的指示,用于指示数据提供方上报所述第一用户的数据的方式。The indication of the data reporting method is used to instruct the data provider to report the data of the first user.
可选的,所述第一授权信息用于指示允许第二节点存储所述第一用户的数据,或者,允许第一节点进行所述第一用户的数据的收集并将收集的所述第一用户的数据存储至第二节点时,所述第一操作还包括:向第二节点发送第二配置信息,所述第二配置信息包括以下至少一项:Optionally, the first authorization information is used to indicate that the second node is allowed to store the first user's data, or that the first node is allowed to collect the first user's data and the collected first user's data is allowed to be collected. When the user's data is stored in the second node, the first operation further includes: sending second configuration information to the second node, where the second configuration information includes at least one of the following:
数据存储表指示;Data storage table indication;
数据存储时长;Data storage duration;
数据存储大小;Data storage size;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要所述第二节点对接收到的所述第一用户的数据进行防篡改处理。Anti-tampering indication, used to indicate whether the data provider is required to perform anti-tampering processing on the reported data of the first user, and/or to indicate whether the second node is required to perform anti-tampering processing on the received data of the first user. Data is protected against tampering.
可选的,所述第一授权信息用于指示允许第一节点进行所述第一用户的数据的收集,或者,指示允许第二节点存储所述第一用户的数据,或者,允许第一节点进行所述第一用户的数据的收集并将收集的所述第一用户的数据存储至第二节点时,所述第一操作还包括:Optionally, the first authorization information is used to indicate that the first node is allowed to collect the first user's data, or that the second node is allowed to store the first user's data, or that the first node is allowed to collect the first user's data. When collecting the first user's data and storing the collected first user's data to the second node, the first operation further includes:
向所述第一节点和/或第二节点发送第三配置信息,所述第三配置信息包括以下至少一项:Send third configuration information to the first node and/or the second node, where the third configuration information includes at least one of the following:
第三节点的标识,所述第三节点为数据请求方节点;The identification of the third node, which is the data requester node;
是否对提供的所述第一用户的数据进行加密的指示;An indication of whether to encrypt the provided data of the first user;
是否对提供的所述第一用户的数据进行完整性保护的指示;An indication of whether to integrity-protect the provided data of the first user;
是否对提供的所述第一用户的数据添加数字签名的指示;an indication of whether to add a digital signature to the provided data of the first user;
是否对提供的所述第一用户的数据进行脱敏的指示;An indication of whether to desensitize the provided data of the first user;
是否对提供的所述第一用户的数据添加数据水印的指示。An indication of whether to add a data watermark to the provided data of the first user.
可选的,所述第一授权信息用于指示允许第一节点进行所述第一用户的数据的收集,或者,指示允许第二节点存储所述第一用户的数据,或者,允许第一节点进行所述第一用户的数据的收集并将收集的所述第一用户的数据存储至第二节点时,所述用户级数据的管理方法还包括:所述用户设备向所述第一节点和/或第二节点发送所述第一用户的数据。Optionally, the first authorization information is used to indicate that the first node is allowed to collect the first user's data, or that the second node is allowed to store the first user's data, or that the first node is allowed to collect the first user's data. When collecting the first user's data and storing the collected first user's data to the second node, the user-level data management method further includes: the user equipment transmits the data to the first node and the second node. /or the second node sends the first user's data.
一些实施例中,可选的,所述用户设备发送所述第一用户的数据包括:In some embodiments, optionally, the user equipment sending the first user's data includes:
所述用户设备对所述第一用户的数据进行防篡改处理;The user equipment performs tamper-proof processing on the first user's data;
所述用户设备向所述第一节点和/或第二节点发送防篡改处理后的数据和/或防篡改相关信息,所述防篡改相关信息包括至少一项:The user equipment sends anti-tampering processed data and/or anti-tampering related information to the first node and/or the second node, where the anti-tampering related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been tamper-proofed;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
本申请实施例中,可选的,所述用户级数据的管理方法还包括:所述用户设备在接入网络时发送能力信息,所述能力信息包括以下至少一项:In the embodiment of the present application, optionally, the method for managing user-level data further includes: the user equipment sending capability information when accessing the network, and the capability information includes at least one of the following:
是否支持采用第一节点进行所述第一用户的数据的收集;Whether the use of the first node to collect data of the first user is supported;
是否支持采用第二节点进行所述第一用户的数据的存储;Whether it supports using the second node to store the first user's data;
是否支持采用第一节点进行所述第一用户的数据的提供;whether to support using the first node to provide the data of the first user;
是否支持采用第二节点进行所述第一用户的数据的提供;Whether it supports using the second node to provide the first user's data;
所述第一节点的标识;用于网络功能与所述第一节点通信;The identification of the first node; used for network functions to communicate with the first node;
所述第二节点的标识。用于网络功能与所述第二节点通信。The identifier of the second node. Used for network functions to communicate with the second node.
本申请实施例中,可选的,所述能力信息可以通过注册管理消息等发送。In this embodiment of the present application, optionally, the capability information may be sent through a registration management message or the like.
本申请实施例中,可选的,所述发送第一授权信息包括:所述用户设备发送创建请求或者注册请求,所述创建请求用于请求创建所述第一节点和/或所述第二节点,所述注册请求用于进行所述第一节点和/或所述第二节点的注册,所述创建请求或者注册请求中包括所述第一授权信息。In an embodiment of the present application, optionally, sending the first authorization information includes: the user device sends a creation request or a registration request, the creation request is used to request creation of the first node and/or the second node, the registration request is used to register the first node and/or the second node, and the creation request or the registration request includes the first authorization information.
本申请实施例中,可选的,所述第一节点可以是网络节点或非网络节点,只有第一用户和/或第一用户授权的设备可以对第一节点进行数据收集配置。所述非网络节点指不是无线接入网节点或核心网节点(如传输层功能AMF/SMF/UPF等,业务层IMS功能等),是网络外部的应用功能、应用服务器或用户私人设备等。In the embodiment of the present application, optionally, the first node may be a network node or a non-network node, and only the first user and/or the device authorized by the first user may perform data collection configuration on the first node. The non-network node refers to a node that is not a wireless access network node or a core network node (such as a transport layer function AMF/SMF/UPF, a service layer IMS function, etc.), but an application function, application server, or user private device outside the network.
本申请实施例中,可选的,所述第二节点可以是网络节点或非网络节点,只有第一用户和/或第一用户授权的设备可以对第二节点进行数据存储配置、写入、读取、删除和/或修改等操作。可选的,第二节点可以与第一节点合并设置。所述非网络节点指不是无线接入网节点或核心网节点(如传输层功能AMF/SMF/UPF等,业务层IMS功能等),是网络外部的应用功能、应用服务器或用户私人设备等。In the embodiment of the present application, optionally, the second node can be a network node or a non-network node, and only the first user and/or the device authorized by the first user can perform data storage configuration, writing, reading, deleting and/or modifying operations on the second node. Optionally, the second node can be combined with the first node. The non-network node refers to a node that is not a wireless access network node or a core network node (such as a transport layer function AMF/SMF/UPF, a service layer IMS function, etc.), but an application function, application server or user private device outside the network.
本申请实施例中,可选的,所述第三节点可以是第一用户的用户设备或第一用户授权的其他设备。In this embodiment of the present application, optionally, the third node may be the user equipment of the first user or other equipment authorized by the first user.
请参考图5,本申请实施例还提供一种用户级数据的管理方法,包括:Please refer to Figure 5. This embodiment of the present application also provides a user-level data management method, including:
步骤51:第一节点执行第二操作,所述第二操作包括以下至少一项:Step 51: The first node performs a second operation, and the second operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否收集所述第一用户的数据,或者,是否收集所述第一用户的数据并将所述第一用户的数据存储至第二节点;Determine whether to collect the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information, or whether to collect the first user's data and transfer the first user's data to Store to the second node;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许所述第一节点提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the first user's user equipment and/or the first user's subscription information, where the second authorization information is used to indicate whether to allow or not allow the first user's data. The first node provides data of the first user.
本申请实施例中,可选的,所述第一节点可以是网络节点或非网络节点。所述非网络节点指不是无线接入网节点或核心网节点(如传输层功能AMF/SMF/UPF等,业务层IMS功能等),是网络外部的应用功能、应用服务器或用户私人设备等。In this embodiment of the present application, optionally, the first node may be a network node or a non-network node. The non-network nodes are not wireless access network nodes or core network nodes (such as transport layer functions AMF/SMF/UPF, etc., service layer IMS functions, etc.), but are application functions, application servers or user private devices outside the network.
在有些实施例中,第一节点可以根据第一用户的用户设备的授权,确定是否收集第一用户的数据,在有些实施例中,第一节点可以根据第一用户的签约信息,确定是否收集第一用户的数据,在有些实施例中,第一节点也可以结合第一用户的签约信息和第一用户的用户设备的授权,确定是否收集第一用户的数据。In some embodiments, the first node may determine whether to collect the first user's data based on the authorization of the first user's user equipment. In some embodiments, the first node may determine whether to collect the first user's data based on the first user's subscription information. For the first user's data, in some embodiments, the first node may also determine whether to collect the first user's data by combining the first user's subscription information and the authorization of the first user's user equipment.
在有些实施例中,第一节点可以根据第一用户的用户设备的授权,确定是否提供所述第一用户的数据,在有些实施例中,第一节点可以根据第一用户的签约信息,确定是否提供所述第一用户的数据,在有些实施例中,第一节点也可以结合第一用户的签约信息和第一用户的用户设备的授权,确定是否提供所述第一用户的数据。In some embodiments, the first node may determine whether to provide the first user's data based on the authorization of the first user's user equipment. In some embodiments, the first node may determine based on the first user's subscription information. Whether to provide the first user's data, in some embodiments, the first node may also determine whether to provide the first user's data in combination with the first user's subscription information and the authorization of the first user's user equipment.
在本申请实施例中,第一节点根据用户授权和/或用户签约信息进行用户级数据的收集、存储和/或使用,而非由网络决定如何对收集的用户级数据进行存储和使用,满足用户本身对自身数据的需求,提高用户对自身数据的控制程度。In the embodiment of this application, the first node collects, stores and/or uses user-level data based on user authorization and/or user subscription information, rather than letting the network decide how to store and use the collected user-level data, which satisfies Users' own needs for their own data and improve the degree of control that users have over their own data.
本申请实施例中,可选的,所述第一用户的数据包括以下至少一项:In this embodiment of the present application, optionally, the first user's data includes at least one of the following:
所述第一用户的一个或多个用户设备产生的数据;Data generated by one or more user devices of the first user;
网络功能产生的与第一用户标识关联的数据;Data generated by network functions associated with the first user identification;
应用功能产生的与第一用户标识关联的数据;Data associated with the first user identification generated by the application function;
其中,所述第一用户标识包括所述第一用户的标识和/或所述第一用户的用户设备的标识。Wherein, the first user identification includes the identification of the first user and/or the identification of the user equipment of the first user.
本申请实施例中,可选的,所述第二操作还包括:In this embodiment of the present application, optionally, the second operation further includes:
根据所述第一用户的用户设备发送的第一配置信息和/或第一用户的签约信息,收集所述第一用户的数据,或者,收集所述第一用户的数据并将所述第一用户的数据存储至第二节点;Collect the first user's data according to the first configuration information and/or the first user's subscription information sent by the first user's user equipment, or collect the first user's data and transfer the first user's data to the first user's data. The user's data is stored in the second node;
其中,所述第一配置信息包括以下至少一项:Wherein, the first configuration information includes at least one of the following:
1)数据收集标识,用于指示进行所述第一用户的数据的收集;1) Data collection identifier, used to instruct the collection of data of the first user;
2)数据收集信息,所述数据收集信息包括以下至少一项:需收集的参数列表,数据收集的触发条件,数据收集的采样率;2) Data collection information, which includes at least one of the following: a list of parameters to be collected, trigger conditions for data collection, and sampling rate for data collection;
3)所述第二节点的指示信息;3) Instruction information of the second node;
4)数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;4) Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
本申请实施例中,可选的,数据可信证明指示可以包括以下至少一项:用于指示是否需要网络功能提供所述第一用户的数据的可信证明,以及,用于指示收集第一用户的数据的节点是否需要提供所述第一用户的可信证明。In this embodiment of the present application, optionally, the data trustworthy proof indication may include at least one of the following: indicating whether a network function is required to provide trustworthy proof of the first user's data, and indicating collecting the first user's data. Whether the node of the user's data needs to provide trustworthy proof of the first user.
本申请实施例中,若数据可信证明指示用于指示需要网络功能提供所述第一用户的数据的可信证明,可以包括两种方式:一种是由可信的网络功能直接提供所述第一用户的数据,另外一种是,用户设备和/或应用功能将第一用户的数据上报给网络功能,由网络功能对第一用户的数据进行复验,如果复验结果表示第一用户的数据可信,则网络功能可以为第一用户的数据添加可信标签,并提供给用户设备和/或应用功能和/或提供给收集和/或存储第一用户的数据的节点。In an embodiment of the present application, if the data trustworthy proof indication is used to indicate that a network function is required to provide a trustworthy proof of the data of the first user, it may include two methods: one is that a trusted network function directly provides the data of the first user, and the other is that a user device and/or an application function reports the data of the first user to the network function, and the network function rechecks the data of the first user. If the recheck result indicates that the data of the first user is trustworthy, the network function may add a trustworthy label to the data of the first user and provide it to the user device and/or the application function and/or to a node that collects and/or stores the data of the first user.
5)防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理;5) Anti-tampering indication, used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or indicate whether the received data of the first user needs to be anti-tampered. tampering;
6)数据报告方式的指示,用于指示数据提供方上报所述第一用户的数据的方式。6) Instruction of data reporting method, used to instruct the data provider to report the method of the first user's data.
本申请实施例中,可选的,若所述数据可信证明指示指示需要提供所述第一用户的数据的可信证明,所述方法还包括以下至少一项:In the embodiment of the present application, optionally, if the data credibility proof indicates that a credibility proof of the data of the first user needs to be provided, the method further includes at least one of the following:
所述第一节点从可信的网络功能收集所述第一用户的数据,并为收集的所述第一用户的数据添加可信证明;从网络功能收集的第一用户的数据例如包括以下至少一项:网络中的定位功能提供的用户的位置信息、用户级的吞吐量信息、用户级的上行信道信息等。The first node collects the first user's data from a trusted network function and adds a trustworthy certificate to the collected first user's data; the first user's data collected from the network function includes, for example, at least the following: One item: User location information, user-level throughput information, user-level uplink channel information, etc. provided by the positioning function in the network.
所述第一节点将从所述第一用户的用户设备或网络外部功能收集的第一用户的数据,与从可信的网络功能收集的第一用户的数据比较,若比较结果指示从所述第一用户的用户设备或网络外部功能收集的第一用户的数据,与从所述可信的网络功能收集的所述第一用户的数据匹配,为从所述第一用户的用户设备或网络外部功能收集的第一用户的数据添加可信证明。例如,用户设备上报GPS位置信息,第一节点从网络侧获取用户设备的GPS信息,并比较用户设备上报的GPS信息是否与从网络侧获取的GPS数据是否一致,若一致,则为用户设备上报的GPS位置信息添加可信证明。The first node compares the first user's data collected from the first user's user device or network external function with the first user's data collected from the trusted network function, if the comparison result indicates that the first user's data is collected from the first user's user device or network external function. The first user's data collected from the first user's user device or network external function matches the first user's data collected from the trusted network function, which is the first user's user device or network function. The external function collects the first user's data to add trustworthy proof. For example, the user equipment reports GPS location information. The first node obtains the GPS information of the user equipment from the network side, and compares whether the GPS information reported by the user equipment is consistent with the GPS data obtained from the network side. If they are consistent, the user equipment reports Add trustworthy proof of GPS location information.
本申请实施例中,可选的,所述第一节点也可以请求其他网络功能执行数据的可信证明的验证步骤。In this embodiment of the present application, optionally, the first node may also request other network functions to perform the verification step of trustworthy proof of data.
本申请实施例中,可选的,若所述防篡改指示指示需要对接收到的所述第一用户的数据进行防篡改处理;所述方法还包括:In this embodiment of the present application, optionally, if the anti-tampering indication indicates that the received data of the first user needs to be anti-tampered; the method further includes:
所述第一节点对接收到的所述第一用户的数据进行防篡改处理;The first node performs tamper-proof processing on the received data of the first user;
所述第一节点向所述第二节点和/或所述第三节点发送防篡改处理后的所述第一用户的数据和/或发送防篡改相关信息,所述防篡改相关信息包括至少一项:The first node sends the tamper-proof processed data of the first user and/or sends tamper-proof related information to the second node and/or the third node, where the tamper-proof related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been treated to prevent tampering;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
上述实施例中,是第一节点对接收到的第一用户的数据进行防篡改处理,在本申请的其他一些实施例中,数据提供方(用户设备和/或网络功能和/或网络外部功能)也可以对提供给第一节点的数据进行防篡改处理。In the above embodiment, it is the first node that performs tamper-proof processing on the received data of the first user. In some other embodiments of the present application, the data provider (user equipment and/or network function and/or network external function ) can also perform tamper-proof processing on the data provided to the first node.
本申请实施例中,可选的,若所述防篡改指示指示需要数据提供方对所上报的所述第一用户的数据进行防篡改处理;In this embodiment of the present application, optionally, if the anti-tampering indication indicates that the data provider needs to perform anti-tampering processing on the reported data of the first user;
所述方法还包括:The method also includes:
所述第一节点接收数据提供方发送的防篡改处理后的所述第一用户的数据和/或接收数据提供方发送的防篡改相关信息,所述防篡改相关信息包括至少一项:The first node receives the tamper-proof processed first user's data sent by the data provider and/or receives tamper-proof related information sent by the data provider, where the tamper-proof related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been treated to prevent tampering;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
本申请实施例中,可选的,所述第二授权信息包括以下至少一项:In this embodiment of the present application, optionally, the second authorization information includes at least one of the following:
授权类型,所述授权类型包括以下至少一项:基于签约信息的授权,基于请求和反馈的授权,基于凭证的授权;Authorization type, the authorization type includes at least one of the following: authorization based on contract information, authorization based on request and feedback, and authorization based on credentials;
授权凭证;Authorization credentials;
授权凭证的有效时长。The validity period of the authorization certificate.
本申请实施例中,可选的,所述第二操作还包括:In this embodiment of the present application, optionally, the second operation further includes:
根据所述第一用户的用户设备发送的第三配置信息和/或第一用户的签约信息,向所述第三节点提供所述第一用户的数据;Provide the first user's data to the third node according to the third configuration information sent by the user equipment of the first user and/or the first user's subscription information;
其中,所述第三配置信息包括以下至少一项:The third configuration information includes at least one of the following:
第三节点的标识,所述第三节点为数据请求方节点;an identifier of a third node, where the third node is a data requesting node;
是否对提供的所述第一用户的数据进行加密的指示;An indication of whether to encrypt the provided data of the first user;
是否对提供的所述第一用户的数据进行完整性保护的指示;An indication of whether to integrity-protect the provided data of the first user;
是否对提供的所述第一用户的数据添加数字签名的指示;An indication of whether to add a digital signature to the provided data of the first user;
是否对提供的所述第一用户的数据进行脱敏的指示;an indication of whether to desensitize the provided data of the first user;
是否对提供的所述第一用户的数据添加数据水印的指示。An indication of whether to add a data watermark to the provided data of the first user.
上述实施例中,第一节点根据第三配置信息向所述第三节点提供所述第一用户的数据。在本申请的其他一些实例中,所述第一节点还可以根据第一用户的签约信息,向所述第三节点提供所述第一用户的数据。In the above embodiment, the first node provides the first user's data to the third node according to the third configuration information. In some other examples of this application, the first node may also provide the first user's data to the third node based on the first user's subscription information.
本申请实施例中,可选的,所述第一节点向所述第三节点提供所述第一用户的数据之前还可以包括:接收所述第三节点发送的数据请求,所述数据请求中携带所述第一用户标识和所需数据。所述第一节点基于所述数据请求,根据所述第一用户的用户设备发送的第三配置信息和/或第一用户的签约信息,向所述第三节点提供所述第一用户的数据。In this embodiment of the present application, optionally, before the first node provides the first user's data to the third node, it may also include: receiving a data request sent by the third node, in which Carrying the first user identification and required data. The first node provides the first user's data to the third node based on the third configuration information sent by the first user's user equipment and/or the first user's subscription information based on the data request. .
本申请实施例中,可选的,若所述第一节点接收所述第三节点发送的数据请求之后,如果第一节点还没有被授权提供数据给其他节点,和/或,还没有接收到第三配置信息(数据使用配置信息),则可以向用户设备请求授权和/或第三配置信息。In an embodiment of the present application, optionally, after the first node receives the data request sent by the third node, if the first node has not been authorized to provide data to other nodes, and/or has not received the third configuration information (data usage configuration information), it can request authorization and/or the third configuration information from the user device.
请参考图6,本申请实施例还提供一种用户级数据的管理方法,包括:Please refer to Figure 6. This embodiment of the present application also provides a user-level data management method, including:
步骤61:第二节点执行第三操作,所述第三操作包括以下至少一项:Step 61: The second node performs a third operation, where the third operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否存储所述第一用户的数据;Determine whether to store the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许第二节点提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the user equipment of the first user and/or the first user's subscription information, where the second authorization information is used to indicate whether to allow or not allow the first user. The second node provides the data of the first user.
在本申请实施例中,第二节点根据用户授权和/或用户签约信息进行用户级数据的存储和/或使用,而非由网络决定如何对收集的用户级数据进行存储和使用,满足用户本身对自身数据的需求,提高用户对自身数据的控制程度。In an embodiment of the present application, the second node stores and/or uses user-level data based on user authorization and/or user contract information, rather than the network deciding how to store and use the collected user-level data, thereby satisfying the user's own needs for his or her own data and improving the user's control over his or her own data.
本申请实施例中,可选的,所述第一用户的数据包括以下至少一项:In this embodiment of the present application, optionally, the first user's data includes at least one of the following:
所述第一用户的一个或多个用户设备产生的数据;Data generated by one or more user devices of the first user;
网络功能产生的与第一用户标识关联的数据;Data generated by network functions associated with the first user identification;
应用功能产生的与第一用户标识关联的数据;Data associated with the first user identification generated by the application function;
其中,所述第一用户标识包括所述第一用户的标识和/或所述第一用户的用户设备的标识。Wherein, the first user identification includes the identification of the first user and/or the identification of the user equipment of the first user.
本申请实施例中,可选的,所述第三操作还包括:In the embodiment of the present application, optionally, the third operation further includes:
根据所述第一用户的用户设备发送的第二配置信息和/或第一用户的签约信息,存储所述第一用户的用户设备和/或第一节点发送的所述第一用户的数据;storing, according to the second configuration information sent by the user equipment of the first user and/or the subscription information of the first user, the data of the first user sent by the user equipment of the first user and/or the first node;
其中,所述第一节点为被授权收集所述第一用户的数据的节点;Wherein, the first node is a node authorized to collect the data of the first user;
所述第二配置信息包括以下至少一项:The second configuration information includes at least one of the following:
数据存储表指示;Data storage table indication;
数据存储时长;Data storage duration;
数据存储大小;Data storage size;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;A data trustworthy proof indication, used to indicate whether it is necessary to provide a trustworthy proof of the data of the first user;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理。Anti-tampering indication, used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or indicate whether it needs to perform anti-tampering processing on the received data of the first user. .
本申请实施例中,可选的,若所述数据可信证明指示指示需要提供所述第一用户的数据的可信证明,所述方法还包括以下至少一项:In the embodiment of the present application, optionally, if the data credibility proof indicates that a credibility proof of the data of the first user needs to be provided, the method further includes at least one of the following:
所述第二节点为来自可信的网络功能的所述第一用户的数据添加可信证明;The second node adds a trustworthy certification to the first user's data from a trusted network function;
所述第二节点对来自所述第一用户的用户设备或网络外部功能收集的第一用户的数据,与来自可信的网络功能的第一用户的数据进行比较,若比较结果指示来自所述第一用户的用户设备或网络外部功能的第一用户的数据,与来自所述可信的网络功能的所述第一用户的数据匹配,为来自所述第一用户的用户设备或网络外部功能的第一用户的数据添加可信证明。The second node compares the first user's data collected from the first user's user equipment or network external function with the first user's data from the trusted network function, and if the comparison result indicates that the first user's data is collected from the first user's user equipment or network external function, The first user's data from the first user's user equipment or network external function matches the first user's data from the trusted network function, being from the first user's user equipment or network external function Add trustworthy proof to the first user's data.
本申请实施例中,可选的,所述第二节点也可以请求其他网络功能执行数据的可信证明的验证步骤。In this embodiment of the present application, optionally, the second node may also request other network functions to perform the verification step of trustworthy proof of data.
本申请实施例中,可选的,若所述防篡改指示指示需要对接收到的所述第一用户的数据进行防篡改处理;In this embodiment of the present application, optionally, if the anti-tampering indication indicates that the received data of the first user needs to be anti-tampered;
所述方法还包括:The method also includes:
所述第二节点对接收到的所述第一用户的数据进行防篡改处理;The second node performs tamper-proof processing on the received data of the first user;
所述第二节点向所述第三节点发送防篡改处理后的所述第一用户的数据和/或向所述第三节点发送防篡改相关信息,所述防篡改相关信息包括至少一项:The second node sends the tamper-proof processed data of the first user to the third node and/or sends tamper-proof related information to the third node, where the tamper-proof related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been treated to prevent tampering;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
本申请实施例中,可选的,若所述防篡改指示指示需要数据提供方对所上报的所述第一用户的数据进行防篡改处理;In this embodiment of the present application, optionally, if the anti-tampering indication indicates that the data provider needs to perform anti-tampering processing on the reported data of the first user;
所述方法还包括:The method also includes:
所述第二节点接收数据提供方和/或第一节点发送的防篡改处理后的所述第一用户的数据,和/或,接收数据提供方和/或第一节点发送的防篡改相关信息,所述防篡改相关信息包括至少一项:The second node receives the data of the first user after tamper-proof processing sent by the data provider and/or the first node, and/or receives tamper-proof related information sent by the data provider and/or the first node, wherein the tamper-proof related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been treated to prevent tampering;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
本申请实施例中,可选的,所述第二授权信息包括以下至少一项:In the embodiment of the present application, optionally, the second authorization information includes at least one of the following:
授权类型,所述授权类型包括以下至少一项:基于签约信息的授权,基于请求和反馈的授权,基于凭证的授权;Authorization type, the authorization type includes at least one of the following: authorization based on contract information, authorization based on request and feedback, and authorization based on credentials;
授权凭证;Authorization credentials;
授权凭证的有效时长。The validity period of the authorization certificate.
本申请实施例中,可选的,所述第三操作还包括:In this embodiment of the present application, optionally, the third operation further includes:
根据所述第一用户的用户设备发送的第三配置信息和/或第一用户的签约信息,向所述第三节点提供所述第一用户的数据;Providing data of the first user to the third node according to the third configuration information sent by the user equipment of the first user and/or the subscription information of the first user;
其中,所述第三配置信息包括以下至少一项:The third configuration information includes at least one of the following:
第三节点的标识,所述第三节点为数据请求方节点;The identification of the third node, which is the data requester node;
是否对提供的所述第一用户的数据进行加密的指示;An indication of whether to encrypt the provided data of the first user;
是否对提供的所述第一用户的数据进行完整性保护的指示;An indication of whether to integrity-protect the provided data of the first user;
是否对提供的所述第一用户的数据添加数字签名的指示;An indication of whether to add a digital signature to the provided data of the first user;
是否对提供的所述第一用户的数据进行脱敏的指示;An indication of whether to desensitize the provided data of the first user;
是否对提供的所述第一用户的数据添加数据水印的指示。An indication of whether to add a data watermark to the provided data of the first user.
本申请实施例中,可选的,所述第二节点向所述第三节点提供所述第一用户的数据之前还可以包括:接收所述第三节点发送的数据请求,所述数据请求中携带所述第一用户标识和所需数据。所述第二节点基于所述数据请求,根据所述第一用户的用户设备发送的第三配置信息和/或第一用户的签约信息,向所述第三节点提供所述第一用户的数据。In this embodiment of the present application, optionally, before the second node provides the first user's data to the third node, it may also include: receiving a data request sent by the third node. In the data request, Carrying the first user identification and required data. The second node provides the first user's data to the third node based on the third configuration information sent by the user equipment of the first user and/or the first user's subscription information based on the data request. .
本申请实施例中,可选的,若所述第二节点接收所述第三节点发送的数据请求之后,如果第二节点还没有被授权提供数据给其他节点,和/或,还没有接收到第三配置信息(数据使用配置信息),则可以向用户设备请求授权和/或第三配置信息。In the embodiment of this application, optionally, after the second node receives the data request sent by the third node, if the second node has not been authorized to provide data to other nodes, and/or has not received For third configuration information (data usage configuration information), authorization and/or third configuration information may be requested from the user equipment.
本申请的各实施例中,可选的,用户级数据既包括移动通信网络中产生的数据,也包括非移动通信网络中产生的数据。In various embodiments of the present application, optionally, user-level data includes both data generated in mobile communication networks and data generated in non-mobile communication networks.
本申请的上述实施例中,用户级数据的收集、存储和/或使用,需要支持用户根据需要触发,即用户对数据收集同意,与用户级数据存储、使用/分享解耦,用户需要对数据使用/分享具有更强的控制力。其次,用户级数据收集、存储和/或使用,需支持数据收集方(例如网络功能)对用户级数据背书和根据用户需要提供其背书历史数据来证明用户观点。最后用户级数据收集、存储和/或使用,需支持数据收集至用户指定的接收节点(第二节点,可以为网络内功能节点,也可以是网络外功能节点)存储和使用。In the above-mentioned embodiments of the present application, the collection, storage and/or use of user-level data needs to support user triggering as needed, that is, the user's consent to data collection is decoupled from user-level data storage, use/sharing, and the user needs to have stronger control over data use/sharing. Secondly, the collection, storage and/or use of user-level data needs to support the data collector (such as network functions) to endorse the user-level data and provide its endorsement history data according to user needs to prove the user's point of view. Finally, the collection, storage and/or use of user-level data needs to support data collection to the receiving node specified by the user (the second node, which can be a functional node within the network or a functional node outside the network) for storage and use.
本申请实施例的用户级数据的方法适用于以下场景:The user-level data method in the embodiment of this application is applicable to the following scenarios:
场景1:目前移动通信网络数据逐渐被广泛用于数字治理(如疫情流调、民事/刑事案件侦查)。当前上述移动通信网络用户级数据通常由移动运营商在网络运营和维护过程中搜集和提供,因此考虑现有商业模式(社会公益性质,并没有数据付费过程)和用户隐私等因素,数字治理采用移动网络运行过程中产生的精度较低的数据来进行初步判断。例如疫情流调通常采用用户设备(UE)在移动网络中的小区接入、驻留等信息。考虑到大部分地区小区频率大部分为3.5GHz及以下,特别是700M和1800M频率的小区,因小区覆盖半径较大,导致上述数据精度较差(部分距离偏差可达1km)。这部分数据用于初步筛查既复用了现有网络功能也不涉及高精度的用户数据,然而潜在的问题也是部分用户可能因较低精度的数据而被误判(例如用户所在位置与传染病确诊病例并无时空交集而被判断为有风险)。因此,从用户的角度可以通过更高精度的数据来证明准备信息,一方面减少用户被误判造成的出行不便等影响,另一方面也可以节省社区等行政治理开销。综上所述,本场景主要解决用户授权的用户数据预先收集和可信证明,在用户需要使用时可申请和提供上述数据用于证明用户的准确信息。那么这一场景下用户级数据如何收集和存储,如何进行可信证明,如何在需要时使用等需提供相应解决方案。例如一种潜在的方式是在用户授权情况下,运营商提供用户级数据收集和存储,用户可按需购买该服务(如在出差去某地时,为了避免因潜在的疫情风险导致无法返回时,可申请在出差期间开通用户级数据收集和存储服务,收集用户精确位置信息)。所述用户级数据收集和存储完全由用户控制(如出差地发现了传染病确诊病例,用户查看自己的准确位置轨迹后发现与确认病例并无时空交集时,那么可获取所述数据。一方面该数据是提前于传染病确认病例轨迹公布前已经上报收集的数据,其次是该数据经过较高信誉的第三方即运营商进行正确性复验和可信证明,因此用户可将获取的提供给相关疫情防控部门来证明并无时空交集,或者该用户可授权给相关疫情防控部门从运营商处获取该时间区间的数据),未经用户授权的网络内部和外部功能均无法访问和使用数据。Scenario 1: Currently, mobile communication network data are gradually being widely used in digital governance (such as epidemic investigation, civil/criminal case investigation). Currently, the above-mentioned mobile communication network user-level data is usually collected and provided by mobile operators during the network operation and maintenance process. Therefore, considering factors such as the existing business model (social welfare nature, no data payment process) and user privacy, digital governance adopts Preliminary judgment is made based on the lower-precision data generated during the operation of the mobile network. For example, epidemic situation monitoring usually uses information such as cell access and camping of user equipment (UE) in the mobile network. Considering that most cell frequencies in most areas are 3.5GHz and below, especially cells with 700M and 1800M frequencies, the accuracy of the above data is poor due to the large cell coverage radius (some distance deviations can reach 1km). This part of the data is used for preliminary screening, which reuses existing network functions and does not involve high-precision user data. However, the potential problem is that some users may be misjudged due to lower-precision data (such as user location and infection). The confirmed cases of the disease do not overlap in time and space and are judged to be at risk). Therefore, from the user's perspective, higher-precision data can be used to prove the preparation information. On the one hand, it can reduce the impact of users' travel inconvenience caused by misjudgment, and on the other hand, it can also save administrative management expenses such as communities. To sum up, this scenario mainly solves the pre-collection and trustworthy certification of user data authorized by the user. When the user needs to use it, the above data can be applied for and provided to prove the user's accurate information. So in this scenario, how to collect and store user-level data, how to conduct trustworthy certification, how to use it when needed, etc. need to provide corresponding solutions. For example, one potential way is that with user authorization, operators provide user-level data collection and storage, and users can purchase the service on demand (for example, when traveling to a certain place on business, in order to avoid being unable to return due to potential epidemic risks) , you can apply to activate user-level data collection and storage services during business trips to collect users’ precise location information). The user-level data collection and storage are completely controlled by the user (for example, if a confirmed case of an infectious disease is discovered while on a business trip, and the user checks his or her exact location trajectory and finds that there is no time and space intersection with the confirmed case, then the data can be obtained. On the one hand, This data has been reported and collected in advance before the trajectory of confirmed cases of infectious diseases is announced. Secondly, the data has been re-examined and proven credible by a highly reputable third party, that is, the operator, so users can provide the obtained data to Relevant epidemic prevention and control departments to prove that there is no intersection of time and space, or the user can authorize the relevant epidemic prevention and control departments to obtain data in this time interval from the operator). Internal and external functions of the network without user authorization cannot be accessed and used. data.
场景2:现有的部分移动通信网络数据分享或使用是通过用户私人无数据保护的方式分享。或者用户授权网络收集数据时同时授权了数据使用,因此网络功能将所收集的数据进行数据分享或使用。举例来说,目前用户的通信行程卡数据通常由用户向运营商请求,用户将通信行程卡截图信息再通过其它方式(如微信等)分享给通信行程卡需求方。这个过程中通信行程卡数据分享是没有数据保护方案的,对方可能将行程卡再分享给其它人造成数据泄漏等。综上所述,本场景主要解决用户数据如何安全的分享给用户指定授权方,降低数据泄漏风险。例如一种潜在的方式是用户发送通信行程卡数据使用授权凭证给通信行程卡需求方,通信行程卡需求方发送所述数据使用授权凭证给运营商提供的用户级数据收集和存储功能,为了降低数据泄漏风险,运营商提供的用户级数据收集和存储功能可反馈是否有风险给通信行程卡需求方。可选的,通信行程卡需求方可提供数据规则(例如是否到过A、B、C或D中任一地点等),运营商提供的用户级数据收集和存储功能基于所述规则反馈是否等结果。Scenario 2: Part of the existing mobile communication network data is shared or used through user private data sharing without data protection. Or when the user authorizes the network to collect data, he also authorizes data use, so the network function will share or use the collected data. For example, at present, the user's communication itinerary card data is usually requested by the operator from the operator, and the user shares the communication itinerary card screenshot information with the communication itinerary card requester through other methods (such as WeChat, etc.). In this process, there is no data protection plan for communicating the itinerary card data sharing, and the other party may share the itinerary card with other people, causing data leakage, etc. To sum up, this scenario mainly solves how to safely share user data with authorized parties designated by users to reduce the risk of data leakage. For example, one potential way is for the user to send the communication itinerary card data using authorization voucher to the communication itinerary card demander, and the communication itinerary card demander sends the data using authorization voucher to the user-level data collection and storage function provided by the operator. In order to reduce Regarding the risk of data leakage, the user-level data collection and storage functions provided by the operator can feedback whether there is a risk to the communication itinerary card demander. Optionally, the requester of the communication itinerary card can provide data rules (such as whether you have been to any one of A, B, C or D, etc.), and the user-level data collection and storage function provided by the operator will feedback whether etc. based on the rules. result.
场景3:行业数字化和基于数据的技术方案给生活带来了诸多便利,例如地图基于实时路况的路径规划和导航等。同时,也存在着潜在的数据风险。平衡前述便利/收益和风险的潜在方案是由用户完全自主决策是否提供数据或者数据变现。考虑到不同用户提供所需数据花费的时间价值、以及用户对隐私性的差异化要求,本场景需要解决用户可获取数据需求者的数据需求,其次用户可根据需求收集数据,并将数据以约定方式和价格提供给数据需求者。例如一种潜在的方式数据需求者将数据需求发送给运营商,运营商发送给潜在的用户级数据提供功能。如果用户愿意提供数据,那么运营商提供的用户级数据收集和存储功能根据数据需求收集数据,并发送给用户需求方。其中数据交互过程的数据保护方法(如是否加密、是否完整性保护、是否添加数字签名、是否脱敏、是否添加数据水印)由用户配置。Scenario 3: Industry digitization and data-based technical solutions have brought many conveniences to life, such as map path planning and navigation based on real-time traffic conditions. At the same time, there are also potential data risks. A potential solution to balance the aforementioned convenience/benefit and risk is to allow users to fully decide whether to provide data or monetize data. Taking into account the time value that different users spend in providing the required data, as well as users’ differentiated requirements for privacy, this scenario needs to address the data needs of users who can obtain data. Secondly, users can collect data according to their needs and store the data in an agreed upon manner. Methods and prices are provided to data demanders. For example, one potential approach is for the data requester to send the data request to the operator, and the operator sends it to the potential user-level data provider. If the user is willing to provide data, the user-level data collection and storage function provided by the operator collects data based on data requirements and sends it to the user requester. The data protection method during the data interaction process (such as whether to encrypt, whether to protect integrity, whether to add digital signature, whether to desensitize, whether to add data watermark) is configured by the user.
下面结合具体应用场景,对本申请的用户级数据的管理方法进行说明。The following describes the user-level data management method of the present application in conjunction with specific application scenarios.
实施例1Example 1
本实施例中,第一节点和第二节点均为网络功能。In this embodiment, both the first node and the second node are network functions.
如果第一节点和第二节点也是用户级的网络功能,而非多用户共享的网络功能(例如现有的AMF、SMF、UPF等),那么需要根据用户的授权和请求建立用户级的第一节点和第二节点。本实施例可以用于满足上述场景1的需求。If the first node and the second node are also user-level network functions, rather than network functions shared by multiple users (such as existing AMF, SMF, UPF, etc.), then the user-level first node needs to be established based on the user's authorization and request. node and the second node. This embodiment can be used to meet the requirements of scenario 1 above.
如图7所示,下面面向用户授权数据收集、配置数据收集和数据使用的情况进行简述。图7中的UDM(统一数据管理实体)是以5G中负责用户授权/鉴权信息管理的网络功能节点,也可以是其它名称。As shown in Figure 7, the following is a brief description of user authorization data collection, configuration data collection and data usage. The UDM (Unified Data Management Entity) in Figure 7 is the network function node responsible for user authorization/authentication information management in 5G, and it can also be named by another name.
本申请实施例的用户级数据的管理方法包括:The user-level data management method in the embodiment of this application includes:
步骤1a:用户根据需求通过UE(用户设备)发送第一节点和/或第二节点创建请求给第一网络功能节点;Step 1a: The user sends the first node and/or the second node creation request to the first network function node through the UE (User Equipment) according to the needs;
本申请实施例中,所述创建请求中包括第一授权信息,即用于指示允许第一节点进行第一用户的数据的收集并将收集的第一用户的数据存储置第二节点。In this embodiment of the present application, the creation request includes first authorization information, which is used to indicate that the first node is allowed to collect the first user's data and store the collected first user's data in the second node.
本申请实施例中,所述第一网络功能节点可以是AMF或数据面功能等,数据面是在控制面(control plane,CP)和用户面(user plane,UP)基础上新增的协议面,用于支持数据收集、数据分发、数据安全、数据隐私、数据分析和数据预处理中的至少一项的协议功能面。该数据面也可以为其他名称。该数据面既可终结于核心网数据面功能,也可以终结于无线接入网数据面功能。In the embodiment of this application, the first network function node may be an AMF or a data plane function, etc. The data plane is a new protocol plane based on the control plane (CP) and the user plane (UP). , a protocol functional surface used to support at least one of data collection, data distribution, data security, data privacy, data analysis and data preprocessing. The data plane can also have other names. This data plane can terminate at either the core network data plane function or the wireless access network data plane function.
步骤1b:第一网络功能节点根据请求创建第一节点和/或第二节点,并反馈创建响应。创建响应包括创建成功或创建失败,如果创建失败,可选的包括失败原因。Step 1b: The first network function node creates the first node and/or the second node according to the request, and feeds back a creation response. The creation response includes creation success or creation failure, and if the creation fails, optionally includes the reason for the failure.
在本申请的其他一些实施例中,也可以不执行步骤1a和步骤1b,而是由第一网络功能节点基于用户签约信息指示创建第一节点和/或第二节点。In some other embodiments of the present application, steps 1a and 1b may not be performed, but the first network function node creates the first node and/or the second node based on the user subscription information indication.
步骤2:UE向第一节点发送数据收集配置信息(即上述实施例中的第一配置信息)。Step 2: The UE sends data collection configuration information to the first node (ie, the first configuration information in the above embodiment).
步骤3:第一节点基于数据收集配置信息进行用户级数据收集。Step 3: The first node performs user-level data collection based on the data collection configuration information.
如果用户设备对所上报的数据进行了防篡改处理,那么用户设备需向第一节点发送防篡改相关信息,所述防篡改相关信息包括至少一项:If the user equipment performs anti-tampering processing on the reported data, the user equipment needs to send anti-tampering related information to the first node. The anti-tampering related information includes at least one item:
对数据进行了防篡改处理的指示;An indication that the data has been treated to be tamper-proof;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
在本申请的其他一些实施例中,可选的,也可以不执行步骤2,第一节点也可以基于用户签约信息指示进行用户级数据收集。In some other embodiments of this application, optionally, step 2 may not be performed, and the first node may also collect user-level data based on the user subscription information indication.
步骤4a:第一节点将收集的用户级数据存储至第二节点。Step 4a: The first node stores the collected user-level data to the second node.
本申请实施例中,可选的,第一节点可以基于数据收集配置信息和/或用户的签约信息,将所收集的用户级数据发送给第二节点存储。In this embodiment of the present application, optionally, the first node may send the collected user-level data to the second node for storage based on the data collection configuration information and/or the user's subscription information.
步骤4b:第一节点将收集的用户级数据发送给数据消费者(即上述实施例中的第三节点)。Step 4b: The first node sends the collected user-level data to the data consumer (ie, the third node in the above embodiment).
本申请实施例中,可选的,第一节点将收集的用户级数据发送给数据消费者之前还包括:接收用户设备发送的数据使用配置信息(即上述实施例中的第三配置信息)。第一节点根据数据使用配置信息将收集的用户级数据发送给数据消费者。In this embodiment of the present application, optionally, before sending the collected user-level data to the data consumer, the first node further includes: receiving data usage configuration information sent by the user equipment (ie, the third configuration information in the above embodiment). The first node sends the collected user-level data to the data consumer according to the data usage configuration information.
本申请实施例中,第一节点也可以基于用户的签约信息,将收集的用户级数据发送给数据消费者。In the embodiment of this application, the first node may also send the collected user-level data to the data consumer based on the user's subscription information.
本申请实施例中,如果需要指示提供的数据的可信证明,那么第一节点需指示是否认为数据可信。In this embodiment of the present application, if it is necessary to indicate the trustworthiness of the provided data, then the first node needs to indicate whether the data is believed to be trustworthy.
可选的,为防止数据被篡改,第一节点可对数据进行防篡改处理。如果第一节点对所述数据进行了防篡改处理,那么第一节点需指示防篡改相关信息,所述防篡改相关信息包括至少一项:Optionally, in order to prevent data from being tampered with, the first node can perform anti-tampering processing on the data. If the first node performs anti-tampering processing on the data, then the first node needs to indicate anti-tampering related information, and the anti-tampering related information includes at least one item:
对数据进行了防篡改处理的指示;An indication that the data has been treated to be tamper-proof;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
如图8所示,下面面向数据服务消费者触发的数据请求情况进行简述,假设上一示例中的用户级数据已经存储于第二节点。As shown in Figure 8, the following is a brief description of the data request triggered by the data service consumer. It is assumed that the user-level data in the previous example has been stored in the second node.
本申请实施例的用户级数据的管理方法还包括:The user-level data management method in the embodiment of the present application also includes:
步骤0:UE在接入网络时,发送能力信息(例如通过注册管理消息(RegistrationManagement procedures)发送),所述能力信息包括以下至少一项:Step 0: When accessing the network, the UE sends capability information (for example, through a registration management message (Registration Management procedures)), and the capability information includes at least one of the following:
是否支持采用第一节点进行用户级数据的收集;Whether it supports using the first node to collect user-level data;
是否支持采用第二节点进行用户级数据的存储;Whether it supports using a second node to store user-level data;
是否支持采用第一节点进行用户级数据的提供;Whether to support the use of the first node to provide user-level data;
是否支持采用第二节点进行用户级数据的提供;Whether to support the use of a second node to provide user-level data;
所述第一节点的标识;The identifier of the first node;
所述第二节点的标识。The identifier of the second node.
步骤1:数据消费者向第一网络功能节点(如AMF)发送数据请求。数据请求中携带用户标识和所需数据。Step 1: The data consumer sends a data request to the first network function node (such as AMF). The data request carries the user ID and required data.
数据消费者可以是用户设备、网络功能或应用功能等。Data consumers can be user devices, network functions or application functions, etc.
步骤2:第一网络功能节点根据用户标识和/或所需数据等选择第二节点。Step 2: The first network function node selects the second node based on the user identification and/or required data.
步骤3:第一网络功能节点发送数据请求给第二节点。Step 3: The first network function node sends a data request to the second node.
步骤4:第二节点可基于用户签约信息和/或基于UE发送的数据使用配置信息确定是否提供数据,并发送数据响应。数据响应可以包括所需数据或拒绝,如果拒绝,可选的包括拒绝原因。Step 4: The second node may determine whether to provide data based on the user subscription information and/or based on the data usage configuration information sent by the UE, and send a data response. The data response may include the required data or a rejection, and if rejected, the rejection reason may be optionally included.
如果第二节点进行了防篡改处理,那么第二节点发送数据时还需要发送防篡改相关信息,所述防篡改相关信息包括至少一项:If the second node has performed anti-tampering processing, the second node also needs to send anti-tampering related information when sending data. The anti-tampering related information includes at least one item:
对数据进行了防篡改处理的指示;An indication that the data has been treated to be tamper-proof;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
其中,验证参数例如是CRC方式对应的CRC参数模型中的参数值,数字签名方式对应的是公钥和MD5。The verification parameters are, for example, the parameter values in the CRC parameter model corresponding to the CRC method, and the digital signature method is the public key and MD5.
上述实施例以一个用户设备为例,可应用于多个用户设备的情况下。并且,所述第一节点和第二节点可以合设为一个功能节点。The above embodiment takes one user equipment as an example and can be applied to multiple user equipments. Furthermore, the first node and the second node may be combined into one functional node.
实施例2Example 2
本实施例中,第一节点和第二节点均为移动通信系统类似IP多媒体系统(IPMultimedia Subsystem,IMS)的核心网业务层功能。以5G系统为例,IMS是基于核心网和无线接入网通信传输功能之上面向运营商提供的话音(VoIMS)和短消息(SMS)定义的协议。那么第一节点和第二节点网络中类似IMS功能的好处是可以与用户实时交互,例如通过短消息或语音电话方式等,更加有助于增加用户体验上的可控性和灵活性。In this embodiment, the first node and the second node are both core network service layer functions of the mobile communication system similar to the IP Multimedia Subsystem (IMS). Taking the 5G system as an example, IMS is a protocol defined for voice (VoIMS) and short messages (SMS) provided to operators based on the communication transmission functions of the core network and the wireless access network. The benefit of the IMS-like functions in the first node and the second node network is that they can interact with users in real time, such as through short messages or voice calls, which is more helpful to increase the controllability and flexibility of the user experience.
如图9所示,本申请实施例的用户级数据的管理方法还包括:As shown in Figure 9, the user-level data management method in this embodiment of the present application also includes:
步骤0:UE在接入网络时,发送能力信息(例如通过注册管理消息(RegistrationManagement procedures)发送),所述能力信息包括以下至少一项:Step 0: When the UE accesses the network, it sends capability information (for example, through registration management messages (Registration Management procedures)). The capability information includes at least one of the following:
是否支持采用第一节点进行用户级数据的收集;Whether it supports using the first node to collect user-level data;
是否支持采用第二节点进行用户级数据的存储;Whether it supports using a second node to store user-level data;
是否支持采用第一节点进行用户级数据的提供;Whether to support the use of the first node to provide user-level data;
是否支持采用第二节点进行用户级数据的提供;Whether to support the use of a second node to provide user-level data;
所述第一节点的标识;The identifier of the first node;
所述第二节点的标识。The identifier of the second node.
步骤1:UE接入网络后,基于UP(用户面)(如PDU会话)进行第一节点和/或第二节点注册,即向网络发送第一节点和/或第二节点注册请求。所述注册请求中携带上述实施例中的第一授权信息。如果第一节点和/或第二节点是用户级功能,那么网络需要创建用户级第一节点和第二节点。Step 1: After the UE accesses the network, it registers the first node and/or the second node based on the UP (user plane) (such as PDU session), that is, sends the first node and/or the second node registration request to the network. The registration request carries the first authorization information in the above embodiment. If the first node and/or the second node are user-level functions, then the network needs to create user-level first nodes and second nodes.
步骤2:UE向第一节点发送数据收集配置信息(即上述实施例中的第一配置信息)。Step 2: The UE sends data collection configuration information to the first node (ie, the first configuration information in the above embodiment).
在其他实施例中哟,也可以在用户的签约信息中授权所需收集的数据。In other embodiments, the data to be collected can also be authorized in the user's contract information.
步骤3a和3b:第一节点基于数据收集配置信息和/或签约信息,收集数据,收集的数据潜在的包括UE和/或第二网络功能上报的用户级数据。Steps 3a and 3b: The first node collects data based on data collection configuration information and/or subscription information. The collected data potentially includes user-level data reported by the UE and/or the second network function.
第二网络功能可以是AMF\SMF和基站等可提供用户级数据的网络功能,也可以是用户面功能。The second network function can be a network function that can provide user-level data such as AMF\SMF and base station, or it can be a user plane function.
步骤4a:第一节点将收集的用户级数据存储至第二节点。Step 4a: The first node stores the collected user-level data to the second node.
本申请实施例中,可选的,第一节点可以基于数据收集配置信息和/或用户的签约信息,将所收集的用户级数据发送给第二节点存储。In this embodiment of the present application, optionally, the first node may send the collected user-level data to the second node for storage based on the data collection configuration information and/or the user's subscription information.
步骤4b:第一节点将收集的用户级数据发送给数据消费者(即上述实施例中的第三节点)。Step 4b: The first node sends the collected user-level data to the data consumer (ie, the third node in the above embodiment).
本申请实施例中,可选的,第一节点将收集的用户级数据发送给数据消费者之前还包括:接收用户设备发送的数据使用配置信息(即上述实施例中的第三配置信息)。第一节点根据数据使用配置信息将收集的用户级数据发送给数据消费者。In this embodiment of the present application, optionally, before sending the collected user-level data to the data consumer, the first node further includes: receiving data usage configuration information sent by the user equipment (ie, the third configuration information in the above embodiment). The first node sends the collected user-level data to the data consumer according to the data usage configuration information.
本申请实施例中,第一节点也可以基于用户的签约信息,将收集的用户级数据发送给数据消费者。In the embodiment of the present application, the first node may also send the collected user-level data to the data consumer based on the user's contract information.
本申请实施例中,如果需要指示提供的数据的可信证明,那么第一节点需指示是否认为数据可信。In this embodiment of the present application, if it is necessary to indicate the trustworthiness of the provided data, then the first node needs to indicate whether the data is believed to be trustworthy.
可选的,为防止数据被篡改,第一节点可对数据进行防篡改处理。如果第一节点对所述数据进行了防篡改处理,那么第一节点需指示防篡改相关信息,所述防篡改相关信息包括至少一项:Optionally, to prevent the data from being tampered with, the first node may perform tamper-proof processing on the data. If the first node performs tamper-proof processing on the data, the first node needs to indicate tamper-proof related information, and the tamper-proof related information includes at least one item:
对数据进行了防篡改处理的指示;An indication that the data has been treated to be tamper-proof;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate the parameters.
如图10所示,下面面向数据服务消费者(即第三节点,以UE1或AF为例)触发的数据请求情况进行简述,假设上一示例中的UE2的用户级数据已经存储于第二节点。本实施例可以用于满足场景2的需求。As shown in Figure 10, the following is a brief description of the data request triggered by the data service consumer (i.e., the third node, taking UE1 or AF as an example). It is assumed that the user-level data of UE2 in the previous example has been stored in the second node. node. This embodiment can be used to meet the requirements of scenario 2.
本申请实施例的用户级数据的管理方法还包括:The user-level data management method in the embodiment of the present application also includes:
步骤1:UE1向第二节点发送数据请求,数据请求中携带UE2标识和所需数据。Step 1: UE1 sends a data request to the second node, where the data request carries the UE2 identifier and required data.
与实施例1不同的是:因为第二节点类似于IMS网络功能,因此数据请求是通过移动网络的用户面(UP)发送至第二节点,核心网的用户面功能和无线接入网功能传输该数据,并不解析和处理。可选的,UE2标识可以是UE2发送给UE1的临时标识(例如6位数验证码,或者二维码等)。可选的,所述临时标识也可以同时兼具授权作用,UE2发送所述临时标识和有效时间给第二节点,第二节点接收到的UE1的信息和UE2的信息可以确定是否提供所请求的数据。如果所述临时标识用于授权,那么步骤2和步骤3中的授权配置交互就不需要了。The difference from Embodiment 1 is that because the second node functions similarly to the IMS network, the data request is sent to the second node through the user plane (UP) of the mobile network, and the user plane function of the core network and the radio access network function are transmitted This data is not parsed or processed. Optionally, the UE2 identity may be a temporary identity sent by UE2 to UE1 (such as a 6-digit verification code, or a QR code, etc.). Optionally, the temporary identification can also have an authorization function at the same time. UE2 sends the temporary identification and the validity time to the second node. The information of UE1 and the information of UE2 received by the second node can determine whether to provide the requested information. data. If the temporary identifier is used for authorization, the authorization configuration interaction in steps 2 and 3 is not required.
步骤2:如果第二节点是UE2专用的第二节点,那么网络侧需根据UE2的标识选择对应的第二节点。如果第二节点没有所需的用户授权(即第一授权信息)和/或数据使用配置信息,那么第二节点可向UE2发送授权和/或数据使用配置请求,请求中包括UE1标识和所需数据。所述授权或数据使用配置请求同样可通过短消息或语音电话等与用户交互。Step 2: If the second node is a second node dedicated to UE2, then the network side needs to select the corresponding second node according to the identity of UE2. If the second node does not have the required user authorization (ie, first authorization information) and/or data usage configuration information, then the second node may send an authorization and/or data usage configuration request to UE2, and the request includes the UE1 identity and the required data. The authorization or data usage configuration request can also be interacted with the user through short messages or voice calls.
步骤3:UE2向第二节点发送授权信息和/或数据使用配置信息。Step 3: UE2 sends authorization information and/or data usage configuration information to the second node.
步骤4:如果第二节点是UE2专用的第二节点,根据数据使用需要,可选的,可以为UE1和UE2的第二节点建立专属用户面通道,保障数据传输的性能和安全性。Step 4: If the second node is a dedicated second node for UE2, according to data usage needs, optionally, a dedicated user plane channel can be established for the second node of UE1 and UE2 to ensure the performance and security of data transmission.
步骤5:第二节点发送所需数据给UE1。Step 5: The second node sends the required data to UE1.
实施例3:Example 3:
本申请实施例中,第一节点为网络功能和第二节点为类IMS功能或网络外部功能。In this embodiment of the present application, the first node is a network function and the second node is an IMS-like function or a network external function.
本实施例侧重于数据收集与数据存储/使用分离的情况。如果第二节点为类IMS功能,那么用户级数据的存储和使用功能类似现有由运营商提供的语音/短消息。如果第二节点为网络外部功能,那么用户级数据的存储和使用功能类似现有由互联网公司提供的语音/短消息。因此,本实施例将第二节点的两种情况一起说明。This embodiment focuses on the case where data collection is separated from data storage/usage. If the second node has IMS-like functions, the storage and use functions of user-level data are similar to the existing voice/short message functions provided by operators. If the second node is an external function of the network, the storage and use functions of user-level data are similar to the existing voice/short message provided by Internet companies. Therefore, this embodiment describes the two situations of the second node together.
本申请实施例的用户级数据的管理方法包括:The user-level data management method in the embodiment of this application includes:
步骤0:UE在接入网络时,发送能力信息(例如通过注册管理消息(RegistrationManagement procedures)发送),所述能力信息包括以下至少一项:Step 0: When the UE accesses the network, it sends capability information (for example, through registration management messages (Registration Management procedures)). The capability information includes at least one of the following:
是否支持采用第一节点进行用户级数据的收集;Whether it supports using the first node to collect user-level data;
是否支持采用第二节点进行用户级数据的存储;Whether it supports using a second node to store user-level data;
是否支持采用第一节点进行用户级数据的提供;Whether to support the use of the first node to provide user-level data;
是否支持采用第二节点进行用户级数据的提供;Whether to support the use of a second node to provide user-level data;
所述第一节点的标识;The identifier of the first node;
所述第二节点的标识。The identifier of the second node.
步骤1a:用户根据需求通过UE(用户设备)发送第一节点和/或第二节点创建请求给第一网络功能节点;Step 1a: The user sends the first node and/or the second node creation request to the first network function node through the UE (User Equipment) according to the needs;
本申请实施例中,所述创建请求中包括第一授权信息。In this embodiment of the present application, the creation request includes first authorization information.
步骤1b:第一网络功能节点根据请求创建第一节点和/或第二节点,并反馈创建响应。创建响应包括创建成功或创建失败,如果创建失败,可选的包括失败原因。Step 1b: The first network function node creates the first node and/or the second node according to the request and feeds back a creation response. The creation response includes creation success or creation failure. If the creation fails, the failure reason may be optionally included.
在本申请的其他一些实施例中,也可以不执行步骤1a和步骤1b,而是由第一网络功能节点基于用户签约信息指示创建第一节点和/或第二节点。In some other embodiments of the present application, steps 1a and 1b may not be performed, but the first network function node creates the first node and/or the second node based on the user subscription information indication.
步骤2:UE向第一节点发送数据收集配置信息(即上述实施例中的第一配置信息)。Step 2: The UE sends data collection configuration information to the first node (ie, the first configuration information in the above embodiment).
步骤3:第一节点基于数据收集配置信息进行用户级数据收集。Step 3: The first node performs user-level data collection based on the data collection configuration information.
在本申请的其他一些实施例中,可选的,也可以不执行步骤2,第一节点也可以基于用户签约信息指示进行用户级数据收集。In some other embodiments of this application, optionally, step 2 may not be performed, and the first node may also collect user-level data based on the user subscription information indication.
如果用户的签约信息或数据收集配置信息指示进行可信证明/数据复验和/或防篡改处理。如果数据由网络外部功能提供(例如UE上报的GPS信息),那么第一节点(或第一节点可请求其他网络功能)需根据所收集的数据决策数据复验所需的网络内部数据(例如定位管理功能LMF提供的UE位置信息、UE的服务小区位置信息等)。使用网络内部的数据对网络外部的数据的正确性/可信性进行复验,如果通过复验,对网络外部上报的数据添加验证通过标签或可信标签(即指示该数据是可信的)。If the user's contract information or data collection configuration information indicates trustworthy certification/data re-verification and/or tamper-proof processing. If the data is provided by functions external to the network (such as GPS information reported by the UE), then the first node (or the first node can request other network functions) needs to make decisions based on the collected data and recheck the required network internal data (such as positioning). Management function LMF provides UE location information, UE serving cell location information, etc.). Use the data inside the network to recheck the correctness/credibility of the data outside the network. If it passes the recheck, add a verification pass label or trusted label to the data reported outside the network (that is, indicating that the data is trustworthy) .
步骤4:第一节点将收集的用户级数据存储至第二节点。Step 4: The first node stores the collected user-level data to the second node.
步骤5:数据消费者(如用户设备、网络功能或应用功能(AF)等)需要上述数据时,可以向第二节点请求数据。Step 5: When the data consumer (such as user equipment, network function or application function (AF), etc.) needs the above data, it can request data from the second node.
步骤6:如果第一节点在将数据发送给第二节点时,数据进行了防篡改处理,数据消费者需向第一节点(或其它网络功能)发送防篡改相关信息的请求,用以获取防篡改相关信息。Step 6: If the data is tamper-proofed when the first node sends the data to the second node, the data consumer needs to send a request for tamper-proof related information to the first node (or other network function) to obtain the tamper-proof information. Tampering with relevant information.
步骤7:如果第二节点没有所需的用户授权(即第一授权信息)和/或数据使用配置信息,那么第二节点可向UE发送授权和/或数据使用配置请求。UE向第二节点发送授权信息和/或数据使用配置信息。Step 7: If the second node does not have the required user authorization (ie, first authorization information) and/or data usage configuration information, the second node may send an authorization and/or data usage configuration request to the UE. The UE sends authorization information and/or data usage configuration information to the second node.
步骤8:第二节点向数据消费者发送数据响应。Step 8: The second node sends a data response to the data consumer.
实施例4Example 4
本申请实施例中,第一节点为网络功能。In the embodiment of this application, the first node is a network function.
实施例1中,网络功能提供可信证明,并对可信证明数据进行防篡改处理,如数字签名。本实施例与实施例1、2、3的主要区别是网络功能(包括无线接入网功能和核心网)不参与可信证明的验证;而是用户设备和网络功能分别对所上报的数据进行防篡改处理,数据消费者自行验证数据是否可信。In Example 1, the network function provides a trusted proof and performs tamper-proof processing on the trusted proof data, such as digital signature. The main difference between this embodiment and Examples 1, 2, and 3 is that the network function (including the radio access network function and the core network) does not participate in the verification of the trusted proof; instead, the user equipment and the network function perform tamper-proof processing on the reported data respectively, and the data consumer verifies whether the data is credible by himself.
本实施例中,假设第一节点为网络功能gNB,第二节点为用户授权的功能,可以是网络功能,也可以为核心网业务层类IMS功能或网络外部功能。In this embodiment, it is assumed that the first node is a network function gNB, and the second node is a user-authorized function, which can be a network function, or a core network service layer-type IMS function or a network external function.
本申请实施例的用户级数据的管理方法包括:The user-level data management method in the embodiment of this application includes:
步骤1:UE向gNB发送需要存储至第二节点的数据A,如通过RRC消息发送,数据A可通过容器(container)发送给gNB;Step 1: The UE sends data A to gNB that needs to be stored in the second node. For example, if it is sent through an RRC message, data A can be sent to gNB through a container;
步骤2:UE向gNB发送数据收集配置信息,指示gNB的数据收集操作。Step 2: The UE sends data collection configuration information to the gNB to instruct the gNB to perform data collection operations.
例如通过RRC消息指示gNB将步骤1中所述container中的数据发送给第二节点,指示gNB需要同时提供UE的位置信息(如:serving cell(服务小区),或者gNB上行测量量(如上行到达角、参考信号时间差、上行参考信号接收功率等),或者gNB基于测量得到的位置信息以及该位置信息对应的时间等,gNB可以将获得的用户数据给第二节点;由于gNB在接收UE发送的数据A时同时提供了对应时间的网络侧数据,因此UE发送的数据A与网络侧的数据关联,以进行任一数据的正确性验证,或者数据A作为网络侧数据的标注数据等。For example, the RRC message is used to instruct gNB to send the data in the container described in step 1 to the second node, indicating that gNB needs to provide the location information of the UE at the same time (such as serving cell), or the gNB uplink measurement volume (such as uplink arrival). angle, reference signal time difference, uplink reference signal received power, etc.), or gNB can send the obtained user data to the second node based on the measured location information and the time corresponding to the location information; since gNB is receiving the Data A also provides network-side data corresponding to the time. Therefore, data A sent by the UE is associated with data on the network side to verify the correctness of any data, or data A can be used as annotation data for network-side data, etc.
所述Container中数据可以包含UE数字签名。通过数据签名保证数据不被篡改,也可以采用其它防篡改方式,本实施例以数字签名为例;The data in the container may include a UE digital signature. The data signature is used to ensure that the data is not tampered with. Other anti-tampering methods may also be used. This embodiment takes a digital signature as an example;
gNB对所述gNB提供的数据进行数字签名,以及所述UE发送的数据A和gNB提供数据的关联关系进行背书。The gNB digitally signs the data provided by the gNB, and endorses the association between the data A sent by the UE and the data provided by the gNB.
步骤3:gNB将UE的RRC消息container中的内容和gNB提供的数据(含签名)发送给第二节点,第二节点保存收到的两部分数据;Step 3: gNB sends the content in the UE's RRC message container and the data (including signature) provided by gNB to the second node, and the second node saves the two parts of the received data;
步骤4:根据用户授权,第二节点将保存的数据提供给消费者;Step 4: Based on user authorization, the second node provides the saved data to the consumer;
本实施例具有如下特征:This embodiment has the following characteristics:
1)网络功能不对用户数据的真实性进行背书,只对网络提供数据的真实性进行背书;1) The network function does not endorse the authenticity of user data, but only endorses the authenticity of data provided by the network;
2)数据消费者负责验证用户签名和网络功能签名,确认信息未被改动;消费者负责确定数据和数据提供方(用户/网络功能等)是否可信。2) Data consumers are responsible for verifying user signatures and network function signatures to confirm that the information has not been altered; consumers are responsible for determining whether the data and data providers (users/network functions, etc.) are trustworthy.
3)网络功能无需解析数据提供方(如UE)传输的数据,数据提供方(如UE)可以随意加密。3) The network function does not need to parse the data transmitted by the data provider (such as UE), and the data provider (such as UE) can encrypt it at will.
除上述实施例外,第一节点还可以是类IMS功能,第二节点是网络外部功能。第一节点是类IMS功能更有助于收集IMS产生的数据,以及与外部AF交互。交互流程与实施例2类似,不再赘述。In addition to the above embodiments, the first node may also be an IMS-like function, and the second node may be a network external function. The first node is an IMS-like function that is more helpful in collecting data generated by IMS and interacting with external AF. The interaction process is similar to Embodiment 2 and will not be described again.
除上述实施例外,第一节点还可以是网络外部功能,第二节点是网络功能。第一节点为网络外部功能时(例如用户指定的用户设备(如个人电脑或服务器等)),有利于用户提供更多的用户级数据。第二节点为网络功能时有助于满足移动通信网络对用户级数据的需求,基于第二节点所存储的用户级数据,在用户的数据授权下满足网络功能对数据的需求。交互流程与实施例1类似,不再赘述。In addition to the above embodiments, the first node may also be a function external to the network, and the second node may be a network function. When the first node is an external function of the network (such as a user device specified by the user (such as a personal computer or server, etc.)), it is beneficial for the user to provide more user-level data. When the second node is a network function, it helps to meet the mobile communication network's demand for user-level data. Based on the user-level data stored in the second node, the data demand of the network function is satisfied under the user's data authorization. The interaction process is similar to Embodiment 1 and will not be described again.
除上述实施例外,第一节点和第二节点还可以均为网络外部功能,通常可以将第一节点和第二节点分别等效为某个应用功能。本实施例中用户设备与第一节点/第二节点的交互属于应用层消息。如果用户需要收集网络内部的用户级数据,那么第一节点需要与网络内部负责收集和提供数据的功能进行交互,获取所需网络内部的用户级数据。In addition to the above embodiments, both the first node and the second node can also be functions external to the network. Generally, the first node and the second node can each be equivalent to a certain application function. In this embodiment, the interaction between the user equipment and the first node/second node belongs to the application layer message. If the user needs to collect user-level data within the network, then the first node needs to interact with the function responsible for collecting and providing data within the network to obtain the required user-level data within the network.
本申请实施例提供的用户级数据的管理方法,执行主体可以为用户级数据的管理装置。本申请实施例中以用户级数据的管理装置执行用户级数据的管理方法为例,说明本申请实施例提供的用户级数据的管理装置。For the user-level data management method provided by the embodiments of the present application, the execution subject may be a user-level data management device. In the embodiment of the present application, the user-level data management device executing the user-level data management method is taken as an example to illustrate the user-level data management device provided by the embodiment of the present application.
请参考图12,本申请实施例还提供一种用户级数据的管理装置120,包括:Please refer to Figure 12. This embodiment of the present application also provides a user-level data management device 120, which includes:
执行模块121,用于执行第一操作,所述第一操作包括以下至少一项:Execution module 121 is used to perform a first operation, where the first operation includes at least one of the following:
发送第一授权信息,所述第一授权信息用于指示允许或不允许进行第一用户的数据的收集,和/或,指示允许或不允许存储所述第一用户的数据;Send first authorization information, the first authorization information being used to indicate whether to allow or not allow the collection of the first user's data, and/or to indicate whether to allow or not allow the storage of the first user's data;
发送第二授权信息,所述第二授权信息用于指示允许或不允许提供所述第一用户的数据。Sending second authorization information, where the second authorization information is used to indicate whether to allow or not to allow providing the data of the first user.
在本申请实施例中,由用户授权用户级数据的收集、存储和/或使用,而非由网络决定如何对收集的用户级数据进行存储和使用,满足用户本身对自身数据的需求,提高用户对自身数据的控制程度。In an embodiment of the present application, the user authorizes the collection, storage and/or use of user-level data, rather than the network deciding how to store and use the collected user-level data, thereby satisfying the user's own needs for his own data and improving the user's control over his own data.
可选的,所述第一用户的数据包括以下至少一项:Optionally, the first user's data includes at least one of the following:
所述第一用户的一个或多个用户设备产生的数据;Data generated by one or more user devices of the first user;
网络功能产生的与第一用户标识关联的数据;data generated by the network function and associated with the first user identifier;
应用功能产生的与第一用户标识关联的数据;Data associated with the first user identification generated by the application function;
其中,所述第一用户标识包括所述第一用户的标识和/或所述第一用户的用户设备的标识。The first user identification includes an identification of the first user and/or an identification of a user equipment of the first user.
可选的,所述第一操作还包括:Optionally, the first operation also includes:
发送第一配置信息,所述第一配置信息包括以下至少一项:Send first configuration information, where the first configuration information includes at least one of the following:
数据收集标识,用于指示进行所述第一用户的数据的收集;A data collection identifier, used to instruct the collection of data of the first user;
数据收集信息,所述数据收集信息包括以下至少一项:需收集的参数列表,数据收集的触发条件,数据收集的采样率;Data collection information, the data collection information including at least one of the following: a list of parameters to be collected, a trigger condition for data collection, and a sampling rate for data collection;
第二节点的指示信息,所述第二节点为被授权存储所述第一用户的数据的节点;Instruction information of a second node, which is a node authorized to store the first user's data;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理;an anti-tampering indication, used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or whether the received data of the first user needs to be tampered with;
数据报告方式的指示,用于指示数据提供方上报所述第一用户的数据的方式。The indication of the data reporting method is used to instruct the data provider to report the data of the first user.
可选的,所述第一操作还包括:Optionally, the first operation also includes:
发送第二配置信息,所述第二配置信息包括以下至少一项:Send second configuration information, where the second configuration information includes at least one of the following:
数据存储表指示;Data storage table indication;
数据存储时长;Data storage duration;
数据存储大小;Data storage size;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理。The anti-tampering indication is used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or to indicate whether the received data of the first user needs to be tampered with.
可选的,所述第二授权信息包括以下至少一项:Optionally, the second authorization information includes at least one of the following:
授权类型,所述授权类型包括以下至少一项:基于签约信息的授权,基于请求和反馈的授权,基于凭证的授权;Authorization type, the authorization type includes at least one of the following: authorization based on contract information, authorization based on request and feedback, and authorization based on credentials;
授权凭证;Authorization credentials;
授权凭证的有效时长。The validity period of the authorization certificate.
可选的,所述第一操作还包括:Optionally, the first operation further includes:
发送第三配置信息,所述第三配置信息包括以下至少一项:Sending third configuration information, where the third configuration information includes at least one of the following:
第三节点的标识,所述第三节点为数据请求方节点;The identification of the third node, which is the data requester node;
是否对提供的所述第一用户的数据进行加密的指示;An indication of whether to encrypt the provided data of the first user;
是否对提供的所述第一用户的数据进行完整性保护的指示;An indication of whether to integrity-protect the provided data of the first user;
是否对提供的所述第一用户的数据添加数字签名的指示;An indication of whether to add a digital signature to the provided data of the first user;
是否对提供的所述第一用户的数据进行脱敏的指示;An indication of whether to desensitize the provided data of the first user;
是否对提供的所述第一用户的数据添加数据水印的指示。An indication of whether to add a data watermark to the provided data of the first user.
可选的,所述第一授权信息用于指示允许或不允许第一节点进行所述第一用户的数据的收集,或者,指示允许或不允许第二节点存储所述第一用户的数据,或者,允许或不允许第一节点进行所述第一用户的数据的收集并将收集的所述第一用户的数据存储至第二节点。Optionally, the first authorization information is used to indicate whether the first node is allowed or not allowed to collect the first user's data, or to indicate whether the second node is allowed or not allowed to store the first user's data, Alternatively, the first node is allowed or not allowed to collect the first user's data and store the collected first user's data in the second node.
可选的,所述用户级数据的管理装置120还包括:Optionally, the user-level data management device 120 further includes:
第一发送模块,用于在接入网络时发送能力信息,所述能力信息包括以下至少一项:The first sending module is used to send capability information when accessing the network. The capability information includes at least one of the following:
是否支持采用第一节点进行所述第一用户的数据的收集;Whether the use of the first node to collect data of the first user is supported;
是否支持采用第二节点进行所述第一用户的数据的存储;Whether it supports using the second node to store the first user's data;
是否支持采用第一节点进行所述第一用户的数据的提供;Whether the use of the first node to provide the first user's data is supported;
是否支持采用第二节点进行所述第一用户的数据的提供;Whether it supports using the second node to provide the first user's data;
所述第一节点的标识;The identification of the first node;
所述第二节点的标识。The identifier of the second node.
可选的,所述发送第一授权信息包括:发送创建请求或者注册请求,所述创建请求用于请求创建所述第一节点和/或所述第二节点,所述注册请求用于进行所述第一节点和/或所述第二节点的注册,所述创建请求或者注册请求中包括所述第一授权信息。Optionally, sending the first authorization information includes: sending a creation request or a registration request, the creation request is used to request the creation of the first node and/or the second node, and the registration request is used to perform all For registration of the first node and/or the second node, the creation request or registration request includes the first authorization information.
可选的,所述用户级数据的管理装置120还包括:Optionally, the user-level data management device 120 also includes:
第二发送模块,用于发送所述第一用户的数据。The second sending module is used to send the data of the first user.
可选的,所述第二发送模块,用于对所述第一用户的数据进行防篡改处理;发送防篡改处理后的数据和/或防篡改相关信息,所述防篡改相关信息包括至少一项:Optionally, the second sending module is used to perform anti-tampering processing on the first user's data; send the anti-tampering processed data and/or anti-tampering related information, where the anti-tampering related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been treated to prevent tampering;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
本申请实施例中的用户级数据的管理装置可以是电子设备,例如具有操作系统的电子设备,也可以是电子设备中的部件,例如集成电路或芯片。该电子设备可以是终端,也可以为除终端之外的其他设备。示例性的,终端可以包括但不限于上述所列举的终端11的类型,其他设备可以为服务器、网络附属存储器(Network Attached Storage,NAS)等,本申请实施例不作具体限定。The user-level data management device in the embodiment of the present application may be an electronic device, such as an electronic device with an operating system, or may be a component in the electronic device, such as an integrated circuit or chip. The electronic device may be a terminal or other devices other than the terminal. For example, terminals may include but are not limited to the types of terminals 11 listed above, and other devices may be servers, network attached storage (Network Attached Storage, NAS), etc., which are not specifically limited in the embodiment of this application.
本申请实施例提供的用户级数据的管理装置能够实现图4的方法实施例实现的各个过程,并达到相同的技术效果,为避免重复,这里不再赘述。The user-level data management device provided by the embodiment of the present application can implement each process implemented by the method embodiment in Figure 4 and achieve the same technical effect. To avoid duplication, the details will not be described here.
请参考图13,本申请实施例还提供一种用户级数据的管理装置130,包括:Please refer to Figure 13. This embodiment of the present application also provides a user-level data management device 130, which includes:
执行模块131,用于执行第二操作,所述第二操作包括以下至少一项:Execution module 131 is used to perform a second operation, where the second operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否收集所述第一用户的数据,或者,是否收集所述第一用户的数据并将所述第一用户的数据存储至第二节点;Determine whether to collect the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information, or whether to collect the first user's data and transfer the first user's data to Store to the second node;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许第一节点提供所述第一用户的数据。Determine whether to provide the data of the first user according to the second authorization information sent by the user equipment of the first user and/or the subscription information of the first user, wherein the second authorization information is used to indicate whether the first node is allowed or not to provide the data of the first user.
在本申请实施例中,根据用户授权和/或用户签约信息进行用户级数据的收集、存储和/或使用,而非由网络决定如何对收集的用户级数据进行存储和使用,满足用户本身对自身数据的需求,提高用户对自身数据的控制程度。In an embodiment of the present application, user-level data is collected, stored and/or used based on user authorization and/or user contract information, rather than the network deciding how to store and use the collected user-level data, thereby satisfying the user's own needs for his or her own data and improving the user's control over his or her own data.
可选的,所述第一用户的数据包括以下至少一项:Optionally, the data of the first user includes at least one of the following:
所述第一用户的一个或多个用户设备产生的数据;Data generated by one or more user devices of the first user;
网络功能产生的与第一用户标识关联的数据;data generated by the network function and associated with the first user identifier;
应用功能产生的与第一用户标识关联的数据;Data associated with the first user identification generated by the application function;
其中,所述第一用户标识包括所述第一用户的标识和/或所述第一用户的用户设备的标识。Wherein, the first user identification includes the identification of the first user and/or the identification of the user equipment of the first user.
可选的,所述第二操作还包括:Optionally, the second operation also includes:
根据所述第一用户的用户设备发送的第一配置信息和/或所述第一用户的签约信息,收集所述第一用户的数据,或者,收集所述第一用户的数据并将所述第一用户的数据存储至第二节点;Collect the data of the first user according to the first configuration information sent by the user equipment of the first user and/or the subscription information of the first user, or collect the data of the first user and transfer the data to the first user. The first user's data is stored in the second node;
其中,所述第一配置信息包括以下至少一项:Wherein, the first configuration information includes at least one of the following:
数据收集标识,用于指示进行所述第一用户的数据的收集;A data collection identifier, used to instruct the collection of data of the first user;
数据收集信息,所述数据收集信息包括以下至少一项:需收集的参数列表,数据收集的触发条件,数据收集的采样率;Data collection information, which includes at least one of the following: a list of parameters to be collected, trigger conditions for data collection, and sampling rate for data collection;
所述第二节点的指示信息;Instruction information of the second node;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理;Anti-tampering indication, used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or indicate whether it needs to perform anti-tampering processing on the received data of the first user. ;
数据报告方式的指示,用于指示数据提供方上报所述第一用户的数据的方式。The indication of the data reporting method is used to instruct the data provider to report the data of the first user.
可选的,若所述数据可信证明指示指示需要提供所述第一用户的数据的可信证明,所述用户级数据的管理装置130还包括以下至少一项:Optionally, if the data trustworthy proof indication indicates that a trustworthy proof of the first user's data needs to be provided, the user-level data management device 130 further includes at least one of the following:
第一添加模块,用于从可信的网络功能收集所述第一用户的数据,并为收集的所述第一用户的数据添加可信证明;A first adding module, configured to collect the first user's data from a trusted network function and add a trustworthy certificate to the collected first user's data;
第二添加模块,用于将从所述第一用户的用户设备或网络外部功能收集的第一用户的数据,与从可信的网络功能收集的第一用户的数据比较,若比较结果指示从所述第一用户的用户设备或网络外部功能收集的第一用户的数据,与从所述可信的网络功能收集的所述第一用户的数据匹配,为从所述第一用户的用户设备或网络外部功能收集的第一用户的数据添加可信证明。The second adding module is configured to compare the first user's data collected from the first user's user equipment or network external function with the first user's data collected from the trusted network function. If the comparison result indicates that from The first user's data collected from the first user's user equipment or network external function matches the first user's data collected from the trusted network function, which is the first user's user equipment from the first user's user equipment. Or add proof of trust to the first user's data collected by a function outside the network.
可选的,若所述防篡改指示指示需要对接收到的所述第一用户的数据进行防篡改处理;Optionally, if the anti-tampering indication indicates that the received data of the first user needs to be anti-tampered;
所述用户级数据的管理装置130还包括:The user-level data management device 130 also includes:
防篡改处理模块,用于对接收到的所述第一用户的数据进行防篡改处理;An anti-tampering processing module, configured to perform anti-tampering processing on the received data of the first user;
发送模块,用于向所述第二节点和/或所述第三节点发送防篡改处理后的所述第一用户的数据和/或发送防篡改相关信息,所述防篡改相关信息包括至少一项:a sending module, configured to send the data of the first user after tamper-proof processing and/or send tamper-proof related information to the second node and/or the third node, wherein the tamper-proof related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been treated to prevent tampering;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
可选的,若所述防篡改指示指示需要数据提供方对所上报的所述第一用户的数据进行防篡改处理;Optionally, if the anti-tampering indication indicates that the data provider needs to perform anti-tampering processing on the reported data of the first user;
所述用户级数据的管理装置130还包括:The user-level data management device 130 also includes:
接收模块,用于接收数据提供方发送的防篡改处理后的所述第一用户的数据和/或接收数据提供方发送的防篡改相关信息,所述防篡改相关信息包括至少一项:A receiving module, configured to receive the tamper-proof processed first user's data sent by the data provider and/or receive tamper-proof related information sent by the data provider, where the tamper-proof related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been treated to prevent tampering;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
可选的,所述第二授权信息包括以下至少一项:Optionally, the second authorization information includes at least one of the following:
授权类型,所述授权类型包括以下至少一项:基于签约信息的授权,基于请求和反馈的授权,基于凭证的授权;Authorization type, the authorization type includes at least one of the following: authorization based on contract information, authorization based on request and feedback, and authorization based on credentials;
授权凭证;Authorization credentials;
授权凭证的有效时长。The validity period of the authorization certificate.
可选的,所述第二操作还包括:Optionally, the second operation also includes:
根据所述第一用户的用户设备发送的第三配置信息和/或第一用户的签约信息,向第三节点提供所述第一用户的数据;Provide the first user's data to a third node according to the third configuration information sent by the user equipment of the first user and/or the first user's subscription information;
其中,所述第三配置信息包括以下至少一项:Wherein, the third configuration information includes at least one of the following:
第三节点的标识,所述第三节点为数据请求方节点;The identification of the third node, which is the data requester node;
是否对提供的所述第一用户的数据进行加密的指示;An indication of whether to encrypt the provided data of the first user;
是否对提供的所述第一用户的数据进行完整性保护的指示;An indication of whether to integrity-protect the provided data of the first user;
是否对提供的所述第一用户的数据添加数字签名的指示;An indication of whether to add a digital signature to the provided data of the first user;
是否对提供的所述第一用户的数据进行脱敏的指示;An indication of whether to desensitize the provided data of the first user;
是否对提供的所述第一用户的数据添加数据水印的指示。An indication of whether to add a data watermark to the provided data of the first user.
本申请实施例中的用户级数据的管理装置可以是电子设备,例如具有操作系统的电子设备,也可以是电子设备中的部件,例如集成电路或芯片。The user-level data management device in the embodiment of the present application may be an electronic device, such as an electronic device with an operating system, or may be a component in the electronic device, such as an integrated circuit or chip.
本申请实施例提供的用户级数据的管理装置能够实现图5的方法实施例实现的各个过程,并达到相同的技术效果,为避免重复,这里不再赘述。The user-level data management device provided by the embodiment of the present application can implement each process implemented by the method embodiment in Figure 5 and achieve the same technical effect. To avoid duplication, the details will not be described here.
请参考图14,本申请实施例还提供一种用户级数据的管理装置140,包括:Please refer to Figure 14. This embodiment of the present application also provides a user-level data management device 140, which includes:
执行模块141,用于执行第三操作,所述第三操作包括以下至少一项:Execution module 141 is used to perform a third operation, where the third operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否存储所述第一用户的数据;Determine whether to store the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许第二节点提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the user equipment of the first user and/or the first user's subscription information, where the second authorization information is used to indicate whether to allow or not allow the first user. The second node provides the data of the first user.
在本申请实施例中,根据用户授权和/或用户签约信息进行用户级数据的存储和/或使用,而非由网络决定如何对收集的用户级数据进行存储和使用,满足用户本身对自身数据的需求,提高用户对自身数据的控制程度。In the embodiment of this application, user-level data is stored and/or used based on user authorization and/or user contract information, rather than the network deciding how to store and use the collected user-level data, so as to satisfy the user's own needs for his or her own data. needs to improve users’ control over their own data.
可选的,所述第一用户的数据包括以下至少一项:Optionally, the first user's data includes at least one of the following:
所述第一用户的一个或多个用户设备产生的数据;Data generated by one or more user devices of the first user;
网络功能产生的与第一用户标识关联的数据;Data generated by network functions associated with the first user identification;
应用功能产生的与第一用户标识关联的数据;Data associated with the first user identification generated by the application function;
其中,所述第一用户标识包括所述第一用户的标识和/或所述第一用户的用户设备的标识。The first user identification includes an identification of the first user and/or an identification of a user equipment of the first user.
可选的,所述第三操作还包括:Optionally, the third operation further includes:
根据所述第一用户的用户设备发送的第二配置信息和/或第一用户的签约信息,存储所述第一用户的用户设备和/或第一节点发送的所述第一用户的数据;store the first user's data sent by the user equipment of the first user and/or the first node according to the second configuration information sent by the user equipment of the first user and/or the subscription information of the first user;
其中,所述第一节点为被授权收集所述第一用户的数据的节点;Wherein, the first node is a node authorized to collect the data of the first user;
所述第二配置信息包括以下至少一项:The second configuration information includes at least one of the following:
数据存储表指示;Data storage table indication;
数据存储时长;Data storage duration;
数据存储大小;Data storage size;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理。Anti-tampering indication, used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or indicate whether it needs to perform anti-tampering processing on the received data of the first user. .
可选的,若所述数据可信证明指示指示需要提供所述第一用户的数据的可信证明,所述用户级数据的管理装置140还包括以下至少一项:Optionally, if the data trustworthy proof indication indicates that a trustworthy proof of the first user's data needs to be provided, the user-level data management device 140 further includes at least one of the following:
第一添加模块,用于为来自可信的网络功能的所述第一用户的数据添加可信证明;A first adding module, configured to add a trusted certificate to the data of the first user from a trusted network function;
第二添加模块,用于对来自所述第一用户的用户设备或网络外部功能收集的第一用户的数据,与来自可信的网络功能的第一用户的数据进行比较,若比较结果指示来自所述第一用户的用户设备或网络外部功能的第一用户的数据,与来自所述可信的网络功能的所述第一用户的数据匹配,为来自所述第一用户的用户设备或网络外部功能的第一用户的数据添加可信证明。A second adding module is used to compare the data of the first user collected from the user device of the first user or the external network function with the data of the first user from the trusted network function; if the comparison result indicates that the data of the first user from the user device of the first user or the external network function matches the data of the first user from the trusted network function, a trusted proof is added to the data from the user device of the first user or the external network function.
可选的,若所述防篡改指示指示需要对接收到的所述第一用户的数据进行防篡改处理;Optionally, if the anti-tampering indication indicates that the received data of the first user needs to be anti-tampered;
所述用户级数据的管理装置140还包括:The user-level data management device 140 further includes:
防篡改处理模块,用于对所述第一用户的数据进行防篡改处理;An anti-tampering processing module, configured to perform anti-tampering processing on the first user's data;
发送模块,用于向所述第三节点发送防篡改处理后的所述第一用户的数据和/或向所述第三节点发送防篡改相关信息,所述防篡改相关信息包括至少一项:A sending module, configured to send the tamper-proof processed data of the first user to the third node and/or send tamper-proof related information to the third node, where the tamper-proof related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been tamper-proofed;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate the parameters.
可选的,若所述防篡改指示指示需要数据提供方对所上报的所述第一用户的数据进行防篡改处理;Optionally, if the anti-tampering indication indicates that the data provider needs to perform anti-tampering processing on the reported data of the first user;
所述用户级数据的管理装置140还包括:The user-level data management device 140 also includes:
接收模块,用于接收数据提供方和/或第一节点发送的防篡改处理后的所述第一用户的数据,和/或,接收数据提供方和/或第一节点发送的防篡改相关信息,所述防篡改相关信息包括至少一项:A receiving module, configured to receive the tamper-proof processed data of the first user sent by the data provider and/or the first node, and/or receive tamper-proof related information sent by the data provider and/or the first node. , the anti-tampering related information includes at least one item:
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been tamper-proofed;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
可选的,所述第二授权信息包括以下至少一项:Optionally, the second authorization information includes at least one of the following:
授权类型,所述授权类型包括以下至少一项:基于签约信息的授权,基于请求和反馈的授权,基于凭证的授权;Authorization type, the authorization type including at least one of the following: authorization based on contract information, authorization based on request and feedback, and authorization based on credentials;
授权凭证;Authorization credentials;
授权凭证的有效时长。The validity period of the authorization certificate.
可选的,所述第三操作还包括:Optionally, the third operation also includes:
根据所述第一用户的用户设备发送的第三配置信息和/或第一用户的签约信息,向第三节点提供所述第一用户的数据;Providing data of the first user to a third node according to the third configuration information sent by the user equipment of the first user and/or the subscription information of the first user;
其中,所述第三配置信息包括以下至少一项:Wherein, the third configuration information includes at least one of the following:
第三节点的标识,所述第三节点为数据请求方节点;The identification of the third node, which is the data requester node;
是否对提供的所述第一用户的数据进行加密的指示;an indication of whether to encrypt the provided data of the first user;
是否对提供的所述第一用户的数据进行完整性保护的指示;An indication of whether to integrity-protect the provided data of the first user;
是否对提供的所述第一用户的数据添加数字签名的指示;An indication of whether to add a digital signature to the provided data of the first user;
是否对提供的所述第一用户的数据进行脱敏的指示;An indication of whether to desensitize the provided data of the first user;
是否对提供的所述第一用户的数据添加数据水印的指示。An indication of whether to add a data watermark to the provided data of the first user.
本申请实施例中的用户级数据的管理装置可以是电子设备,例如具有操作系统的电子设备,也可以是电子设备中的部件,例如集成电路或芯片。The user-level data management device in the embodiment of the present application can be an electronic device, such as an electronic device with an operating system, or a component in the electronic device, such as an integrated circuit or a chip.
本申请实施例提供的用户级数据的管理装置能够实现图6的方法实施例实现的各个过程,并达到相同的技术效果,为避免重复,这里不再赘述。The user-level data management device provided in the embodiment of the present application can implement the various processes implemented by the method embodiment of Figure 6 and achieve the same technical effect. To avoid repetition, it will not be repeated here.
如图15所示,本申请实施例还提供一种通信设备150,包括处理器151和存储器152,存储器152上存储有可在所述处理器151上运行的程序或指令,例如,该通信设备150为用户设备时,该程序或指令被处理器151执行时实现上述应用于用户设备的用户级数据的管理方法实施例的各个步骤,且能达到相同的技术效果。该通信设备150为第一节点时,该程序或指令被处理器151执行时实现上述应用于第一节点的用户级数据的管理方法实施例的各个步骤,且能达到相同的技术效果。该通信设备150为第二节点时,该程序或指令被处理器151执行时实现上述应用于第二节点的用户级数据的管理方法实施例的各个步骤,且能达到相同的技术效果,为避免重复,这里不再赘述。As shown in FIG15 , the embodiment of the present application further provides a communication device 150, including a processor 151 and a memory 152, the memory 152 storing programs or instructions that can be run on the processor 151, for example, when the communication device 150 is a user device, the program or instruction is executed by the processor 151 to implement the various steps of the above-mentioned embodiment of the method for managing user-level data applied to the user device, and can achieve the same technical effect. When the communication device 150 is a first node, the program or instruction is executed by the processor 151 to implement the various steps of the above-mentioned embodiment of the method for managing user-level data applied to the first node, and can achieve the same technical effect. When the communication device 150 is a second node, the program or instruction is executed by the processor 151 to implement the various steps of the above-mentioned embodiment of the method for managing user-level data applied to the second node, and can achieve the same technical effect. To avoid repetition, it will not be repeated here.
本申请实施例还提供一种用户设备,包括处理器和通信接口,处理器用于执行第一操作,所述第一操作包括以下至少一项:An embodiment of the present application also provides a user equipment, including a processor and a communication interface. The processor is configured to perform a first operation, where the first operation includes at least one of the following:
发送第一授权信息,所述第一授权信息用于指示允许或不允许进行第一用户的数据的收集,和/或,指示允许或不允许存储所述第一用户的数据;Send first authorization information, the first authorization information being used to indicate whether to allow or not allow the collection of the first user's data, and/or to indicate whether to allow or not allow the storage of the first user's data;
发送第二授权信息,所述第二授权信息用于指示允许或不允许提供所述第一用户的数据。Second authorization information is sent, and the second authorization information is used to indicate whether to allow or not to provide the data of the first user.
该用户设备实施例与上述用户设备侧方法实施例对应,上述方法实施例的各个实施过程和实现方式均可适用于该用户设备实施例中,且能达到相同的技术效果。具体地,图16为实现本申请实施例的一种用户设备的硬件结构示意图。This user equipment embodiment corresponds to the above-mentioned user equipment side method embodiment. Each implementation process and implementation manner of the above-mentioned method embodiment can be applied to this user equipment embodiment, and can achieve the same technical effect. Specifically, FIG. 16 is a schematic diagram of the hardware structure of a user equipment that implements an embodiment of the present application.
该用户设备160包括但不限于:射频单元161、网络模块162、音频输出单元163、输入单元164、传感器165、显示单元166、用户输入单元167、接口单元168、存储器169以及处理器1610等中的至少部分部件。The user equipment 160 includes but is not limited to: radio frequency unit 161, network module 162, audio output unit 163, input unit 164, sensor 165, display unit 166, user input unit 167, interface unit 168, memory 169, processor 1610, etc. at least some parts of it.
本领域技术人员可以理解,用户设备160还可以包括给各个部件供电的电源(比如电池),电源可以通过电源管理系统与处理器1610逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。图16中示出的用户设备结构并不构成对用户设备的限定,用户设备可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置,在此不再赘述。Those skilled in the art can understand that the user equipment 160 may also include a power supply (such as a battery) that supplies power to various components. The power supply may be logically connected to the processor 1610 through a power management system, thereby managing charging, discharging, and function through the power management system. Consumption management and other functions. The structure of the user equipment shown in Figure 16 does not constitute a limitation on the user equipment. The user equipment may include more or less components than shown in the figure, or combine certain components, or arrange different components, which will not be described again here. .
应理解的是,本申请实施例中,输入单元164可以包括图形处理单元(GraphicsProcessing Unit,GPU)1641和麦克风1642,图形处理器1641对在视频捕获模式或图像捕获模式中由图像捕获装置(如摄像头)获得的静态图片或视频的图像数据进行处理。显示单元166可包括显示面板1661,可以采用液晶显示器、有机发光二极管等形式来配置显示面板1661。用户输入单元167包括触控面板1671以及其他输入设备1672中的至少一种。触控面板1671,也称为触摸屏。触控面板1671可包括触摸检测装置和触摸控制器两个部分。其他输入设备1672可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆,在此不再赘述。It should be understood that in the embodiment of the present application, the input unit 164 may include a graphics processing unit (GPU) 1641 and a microphone 1642, and the graphics processor 1641 processes the image data of a static picture or video obtained by an image capture device (such as a camera) in a video capture mode or an image capture mode. The display unit 166 may include a display panel 1661, and the display panel 1661 may be configured in the form of a liquid crystal display, an organic light emitting diode, etc. The user input unit 167 includes a touch panel 1671 and at least one of other input devices 1672. The touch panel 1671 is also called a touch screen. The touch panel 1671 may include two parts: a touch detection device and a touch controller. Other input devices 1672 may include, but are not limited to, a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which will not be repeated here.
本申请实施例中,射频单元161接收来自网络侧设备的下行数据后,可以传输给处理器1610进行处理;另外,射频单元161可以向网络侧设备发送上行数据。通常,射频单元161包括但不限于天线、放大器、收发信机、耦合器、低噪声放大器、双工器等。In the embodiment of the present application, after receiving downlink data from the network side device, the RF unit 161 can transmit the data to the processor 1610 for processing; in addition, the RF unit 161 can send uplink data to the network side device. Generally, the RF unit 161 includes but is not limited to an antenna, an amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, etc.
存储器169可用于存储软件程序或指令以及各种数据。存储器169可主要包括存储程序或指令的第一存储区和存储数据的第二存储区,其中,第一存储区可存储操作系统、至少一个功能所需的应用程序或指令(比如声音播放功能、图像播放功能等)等。此外,存储器169可以包括易失性存储器或非易失性存储器,或者,存储器169可以包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(Read-Only Memory,ROM)、可编程只读存储器(Programmable ROM,PROM)、可擦除可编程只读存储器(Erasable PROM,EPROM)、电可擦除可编程只读存储器(Electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(Random Access Memory,RAM),静态随机存取存储器(Static RAM,SRAM)、动态随机存取存储器(Dynamic RAM,DRAM)、同步动态随机存取存储器(SynchronousDRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(Double Data Rate SDRAM,DDRSDRAM)、增强型同步动态随机存取存储器(Enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(Synch link DRAM,SLDRAM)和直接内存总线随机存取存储器(DirectRambus RAM,DRRAM)。本申请实施例中的存储器169包括但不限于这些和任意其它适合类型的存储器。Memory 169 may be used to store software programs or instructions as well as various data. The memory 169 may mainly include a first storage area for storing programs or instructions and a second storage area for storing data, wherein the first storage area may store an operating system, an application program or instructions required for at least one function (such as a sound playback function, Image playback function, etc.) etc. Additionally, memory 169 may include volatile memory or nonvolatile memory, or memory 169 may include both volatile and nonvolatile memory. Among them, the non-volatile memory can be read-only memory (Read-Only Memory, ROM), programmable read-only memory (Programmable ROM, PROM), erasable programmable read-only memory (Erasable PROM, EPROM), electrically removable memory. Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (Random Access Memory, RAM), static random access memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random access memory (Synchronous DRAM) , SDRAM), double data rate synchronous dynamic random access memory (Double Data Rate SDRAM, DDRSDRAM), enhanced synchronous dynamic random access memory (Enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (Synch link DRAM, SLDRAM) and direct memory bus random access memory (DirectRambus RAM, DRRAM). Memory 169 in embodiments of the present application includes, but is not limited to, these and any other suitable types of memory.
处理器1610可包括一个或多个处理单元;可选的,处理器1610集成应用处理器和调制解调处理器,其中,应用处理器主要处理涉及操作系统、用户界面和应用程序等的操作,调制解调处理器主要处理无线通信信号,如基带处理器。可以理解的是,上述调制解调处理器也可以不集成到处理器1610中。The processor 1610 may include one or more processing units; optionally, the processor 1610 integrates an application processor and a modem processor, where the application processor mainly handles operations related to the operating system, user interface, application programs, etc., Modem processors mainly process wireless communication signals, such as baseband processors. It can be understood that the above modem processor may not be integrated into the processor 1610.
其中,处理器1610,用于执行第一操作,所述第一操作包括以下至少一项:The processor 1610 is configured to perform a first operation, where the first operation includes at least one of the following:
发送第一授权信息,所述第一授权信息用于指示允许或不允许进行第一用户的数据的收集,和/或,指示允许或不允许存储所述第一用户的数据;Send first authorization information, the first authorization information being used to indicate whether to allow or not allow the collection of the first user's data, and/or to indicate whether to allow or not allow the storage of the first user's data;
发送第二授权信息,所述第二授权信息用于指示允许或不允许提供所述第一用户的数据。Second authorization information is sent, and the second authorization information is used to indicate whether to allow or not to provide the data of the first user.
在本申请实施例中,由用户授权用户级数据的收集、存储和/或使用,而非由网络决定如何对收集的用户级数据进行存储和使用,满足用户本身对自身数据的需求,提高用户对自身数据的控制程度。In an embodiment of the present application, the user authorizes the collection, storage and/or use of user-level data, rather than the network deciding how to store and use the collected user-level data, thereby satisfying the user's own needs for his own data and improving the user's control over his own data.
可选的,所述第一用户的数据包括以下至少一项:Optionally, the first user's data includes at least one of the following:
所述第一用户的一个或多个用户设备产生的数据;Data generated by one or more user devices of the first user;
网络功能产生的与第一用户标识关联的数据;Data generated by network functions associated with the first user identification;
应用功能产生的与第一用户标识关联的数据;Data generated by the application function and associated with the first user identifier;
其中,所述第一用户标识包括所述第一用户的标识和/或所述第一用户的用户设备的标识。Wherein, the first user identification includes the identification of the first user and/or the identification of the user equipment of the first user.
可选的,所述第一操作还包括:Optionally, the first operation also includes:
发送第一配置信息,所述第一配置信息包括以下至少一项:Send first configuration information, where the first configuration information includes at least one of the following:
数据收集标识,用于指示进行所述第一用户的数据的收集;A data collection identifier, used to indicate that the data of the first user is to be collected;
数据收集信息,所述数据收集信息包括以下至少一项:需收集的参数列表,数据收集的触发条件,数据收集的采样率;Data collection information, which includes at least one of the following: a list of parameters to be collected, trigger conditions for data collection, and sampling rate for data collection;
第二节点的指示信息,所述第二节点为被授权存储所述第一用户的数据的节点;indication information of a second node, where the second node is a node authorized to store data of the first user;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;Data credibility certification indication, used to indicate whether it is necessary to provide credible certification of the first user's data;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理;Anti-tampering indication, used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or indicate whether it needs to perform anti-tampering processing on the received data of the first user. ;
数据报告方式的指示,用于指示数据提供方上报所述第一用户的数据的方式。The indication of the data reporting method is used to instruct the data provider to report the data of the first user.
可选的,所述第一操作还包括:Optionally, the first operation also includes:
发送第二配置信息,所述第二配置信息包括以下至少一项:Send second configuration information, where the second configuration information includes at least one of the following:
数据存储表指示;Data storage table indication;
数据存储时长;Data storage duration;
数据存储大小;Data storage size;
数据可信证明指示,用于指示是否需要提供所述第一用户的数据的可信证明;A data trustworthy proof indication, used to indicate whether it is necessary to provide a trustworthy proof of the data of the first user;
防篡改指示,用于指示是否需要数据提供方对所上报的所述第一用户的数据进行防篡改处理,和/或,指示是否需要对接收到的所述第一用户的数据进行防篡改处理。The anti-tampering indication is used to indicate whether the data provider needs to perform anti-tampering processing on the reported data of the first user, and/or to indicate whether the received data of the first user needs to be tampered with.
可选的,所述第二授权信息包括以下至少一项:Optionally, the second authorization information includes at least one of the following:
授权类型,所述授权类型包括以下至少一项:基于签约信息的授权,基于请求和反馈的授权,基于凭证的授权;Authorization type, the authorization type includes at least one of the following: authorization based on contract information, authorization based on request and feedback, and authorization based on credentials;
授权凭证;Authorization credentials;
授权凭证的有效时长。The validity period of the authorization certificate.
可选的,所述第一操作还包括:Optionally, the first operation also includes:
发送第三配置信息,所述第三配置信息包括以下至少一项:Send third configuration information, where the third configuration information includes at least one of the following:
第三节点的标识,所述第三节点为数据请求方节点;The identification of the third node, which is the data requester node;
是否对提供的所述第一用户的数据进行加密的指示;an indication of whether to encrypt the provided data of the first user;
是否对提供的所述第一用户的数据进行完整性保护的指示;An indication of whether to integrity-protect the provided data of the first user;
是否对提供的所述第一用户的数据添加数字签名的指示;An indication of whether to add a digital signature to the provided data of the first user;
是否对提供的所述第一用户的数据进行脱敏的指示;An indication of whether to desensitize the provided data of the first user;
是否对提供的所述第一用户的数据添加数据水印的指示。An indication of whether to add a data watermark to the provided data of the first user.
可选的,所述第一授权信息用于指示允许或不允许第一节点进行所述第一用户的数据的收集,或者,指示允许或不允许第二节点存储所述第一用户的数据,或者,允许或不允许第一节点进行所述第一用户的数据的收集并将收集的所述第一用户的数据存储至第二节点。Optionally, the first authorization information is used to indicate whether the first node is allowed or not allowed to collect the first user's data, or to indicate whether the second node is allowed or not allowed to store the first user's data, Alternatively, the first node is allowed or not allowed to collect the first user's data and store the collected first user's data in the second node.
可选的,所述射频单元161,用于在接入网络时发送能力信息,所述能力信息包括以下至少一项:Optionally, the radio frequency unit 161 is configured to send capability information when accessing the network. The capability information includes at least one of the following:
是否支持采用第一节点进行所述第一用户的数据的收集;Whether the use of the first node to collect data of the first user is supported;
是否支持采用第二节点进行所述第一用户的数据的存储;Whether it supports using the second node to store the first user's data;
是否支持采用第一节点进行所述第一用户的数据的提供;Whether the use of the first node to provide the first user's data is supported;
是否支持采用第二节点进行所述第一用户的数据的提供;Whether it supports using the second node to provide the first user's data;
所述第一节点的标识;The identification of the first node;
所述第二节点的标识。The identifier of the second node.
可选的,所述发送第一授权信息包括:发送创建请求或者注册请求,所述创建请求用于请求创建所述第一节点和/或所述第二节点,所述注册请求用于进行所述第一节点和/或所述第二节点的注册,所述创建请求或者注册请求中包括所述第一授权信息。Optionally, sending the first authorization information includes: sending a creation request or a registration request, the creation request is used to request the creation of the first node and/or the second node, and the registration request is used to perform all For registration of the first node and/or the second node, the creation request or registration request includes the first authorization information.
可选的,所述射频单元161,用于发送所述第一用户的数据。Optionally, the radio frequency unit 161 is used to send data of the first user.
可选的,所述射频单元161,用于对所述第一用户的数据进行防篡改处理;发送防篡改处理后的数据和/或防篡改相关信息,所述防篡改相关信息包括至少一项:Optionally, the radio frequency unit 161 is configured to perform anti-tampering processing on the first user's data; send the anti-tampering processed data and/or anti-tampering related information, where the anti-tampering related information includes at least one item. :
对所述第一用户的数据进行了防篡改处理的指示;An indication that the data of the first user has been tamper-proofed;
防篡改方式;Tamper-proof method;
校验位;Check Digit;
数字签名;digital signature;
验证参数。Validate parameters.
本申请实施例还提供一种网络侧设备,包括处理器和通信接口,处理器用于执行第二操作,所述第二操作包括以下至少一项:An embodiment of the present application also provides a network side device, including a processor and a communication interface. The processor is configured to perform a second operation, where the second operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否收集所述第一用户的数据,或者,是否收集所述第一用户的数据并将所述第一用户的数据存储至第二节点;Determine whether to collect the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information, or whether to collect the first user's data and transfer the first user's data to Store to the second node;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许第一节点提供所述第一用户的数据。Determine whether to provide the first user's data according to the second authorization information sent by the user equipment of the first user and/or the first user's subscription information, where the second authorization information is used to indicate whether to allow or not allow the first user. A node provides the first user's data.
或者,所述处理器,用于执行第三操作,所述第三操作包括以下至少一项:Alternatively, the processor is configured to perform a third operation, where the third operation includes at least one of the following:
根据第一用户的用户设备的授权和/或第一用户的签约信息,确定是否存储所述第一用户的数据;Determine whether to store the first user's data according to the authorization of the first user's user equipment and/or the first user's subscription information;
根据所述第一用户的用户设备发送的第二授权信息和/或第一用户的签约信息,确定是否提供所述第一用户的数据,所述第二授权信息用于指示允许或不允许第二节点提供所述第一用户的数据。Determine whether to provide the data of the first user according to the second authorization information sent by the user equipment of the first user and/or the subscription information of the first user, wherein the second authorization information is used to indicate whether the second node is allowed or not to provide the data of the first user.
该网络侧设备实施例与上述第一节点或第二节点执行的方法实施例对应,上述方法实施例的各个实施过程和实现方式均可适用于该网络侧设备实施例中,且能达到相同的技术效果。This network side device embodiment corresponds to the method embodiment executed by the first node or the second node. Each implementation process and implementation manner of the above method embodiment can be applied to this network side device embodiment, and can achieve the same technical effects.
本申请实施例还提供了一种网络侧设备。如图17所示,该网络侧设备170包括:天线171、射频装置172、基带装置173、处理器174和存储器175。天线171与射频装置172连接。在上行方向上,射频装置172通过天线171接收信息,将接收的信息发送给基带装置173进行处理。在下行方向上,基带装置173对要发送的信息进行处理,并发送给射频装置172,射频装置172对收到的信息进行处理后经过天线171发送出去。An embodiment of the present application also provides a network side device. As shown in FIG. 17 , the network side device 170 includes: an antenna 171 , a radio frequency device 172 , a baseband device 173 , a processor 174 and a memory 175 . The antenna 171 is connected to the radio frequency device 172 . In the uplink direction, the radio frequency device 172 receives information through the antenna 171 and sends the received information to the baseband device 173 for processing. In the downlink direction, the baseband device 173 processes the information to be sent and sends it to the radio frequency device 172. The radio frequency device 172 processes the received information and then sends it out through the antenna 171.
以上实施例中网络侧设备执行的方法可以在基带装置173中实现,该基带装置173包括基带处理器。The method performed by the network side device in the above embodiment can be implemented in the baseband device 173, which includes a baseband processor.
基带装置173例如可以包括至少一个基带板,该基带板上设置有多个芯片,如图17所示,其中一个芯片例如为基带处理器,通过总线接口与存储器175连接,以调用存储器175中的程序,执行以上方法实施例中所示的网络设备操作。The baseband device 173 may include, for example, at least one baseband board, on which a plurality of chips are arranged, as shown in FIG17 , wherein one of the chips is, for example, a baseband processor, which is connected to the memory 175 through a bus interface to call a program in the memory 175 and execute the network device operations shown in the above method embodiment.
该网络侧设备还可以包括网络接口176,该接口例如为通用公共无线接口(commonpublic radio interface,CPRI)。The network side device may also include a network interface 176, which is, for example, a common public radio interface (CPRI).
具体地,本发明实施例的网络侧设备170还包括:存储在存储器175上并可在处理器174上运行的指令或程序,处理器174调用存储器175中的指令或程序执行图13或图14所示各模块执行的方法,并达到相同的技术效果,为避免重复,故不在此赘述。Specifically, the network side device 170 in this embodiment of the present invention also includes: instructions or programs stored in the memory 175 and executable on the processor 174. The processor 174 calls the instructions or programs in the memory 175 to execute Figure 13 or Figure 14 The execution methods of each module are shown and achieve the same technical effect. To avoid repetition, they will not be described in detail here.
具体地,本申请实施例还提供了一种网络侧设备。如图18所示,该网络侧设备180包括:处理器181、网络接口182和存储器183。其中,网络接口182例如为通用公共无线接口(common public radio interface,CPRI)。Specifically, the embodiment of the present application further provides a network side device. As shown in FIG18 , the network side device 180 includes: a processor 181, a network interface 182 and a memory 183. The network interface 182 is, for example, a common public radio interface (CPRI).
具体地,本发明实施例的网络侧设备180还包括:存储在存储器183上并可在处理器181上运行的指令或程序,处理器181调用存储器183中的指令或程序执行图13或图14所示各模块执行的方法,并达到相同的技术效果,为避免重复,故不在此赘述。Specifically, the network side device 180 of the embodiment of the present invention also includes: instructions or programs stored in the memory 183 and executable on the processor 181. The processor 181 calls the instructions or programs in the memory 183 to execute the methods executed by the modules shown in Figure 13 or Figure 14 and achieve the same technical effect. To avoid repetition, it will not be repeated here.
本申请实施例还提供一种可读存储介质,所述可读存储介质上存储有程序或指令,该程序或指令被处理器执行时实现上述用户级数据的管理方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。Embodiments of the present application also provide a readable storage medium, with programs or instructions stored on the readable storage medium. When the program or instructions are executed by a processor, each process of the above user-level data management method embodiment is implemented, and can achieve the same technical effect, so to avoid repetition, we will not repeat them here.
其中,所述处理器为上述实施例中所述的终端中的处理器。所述可读存储介质,包括计算机可读存储介质,如计算机只读存储器ROM、随机存取存储器RAM、磁碟或者光盘等。Wherein, the processor is the processor in the terminal described in the above embodiment. The readable storage medium includes computer readable storage media, such as computer read-only memory ROM, random access memory RAM, magnetic disk or optical disk, etc.
本申请实施例另提供了一种芯片,所述芯片包括处理器和通信接口,所述通信接口和所述处理器耦合,所述处理器用于运行程序或指令,实现上述用户级数据的管理方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。An embodiment of the present application further provides a chip. The chip includes a processor and a communication interface. The communication interface is coupled to the processor. The processor is used to run programs or instructions to implement the above user-level data management method. Each process of the embodiment can achieve the same technical effect, so to avoid repetition, it will not be described again here.
应理解,本申请实施例提到的芯片还可以称为系统级芯片,系统芯片,芯片系统或片上系统芯片等。It should be understood that the chips mentioned in the embodiments of this application may also be called system-on-chip, system-on-a-chip, system-on-chip or system-on-chip, etc.
本申请实施例另提供了一种计算机程序/程序产品,所述计算机程序/程序产品被存储在存储介质中,所述计算机程序/程序产品被至少一个处理器执行以实现上述用户级数据的管理方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。Embodiments of the present application further provide a computer program/program product, the computer program/program product is stored in a storage medium, and the computer program/program product is executed by at least one processor to implement the above-mentioned management of user-level data. Each process of the method embodiment can achieve the same technical effect, so to avoid repetition, it will not be described again here.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。此外,需要指出的是,本申请实施方式中的方法和装置的范围不限按示出或讨论的顺序来执行功能,还可包括根据所涉及的功能按基本同时的方式或按相反的顺序来执行功能,例如,可以按不同于所描述的次序来执行所描述的方法,并且还可以添加、省去、或组合各种步骤。另外,参照某些示例所描述的特征可在其他示例中被组合。It should be noted that, in this article, the terms "comprise", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, an element defined by the sentence "comprises one..." does not exclude the presence of other identical elements in the process, method, article or device including the element. In addition, it should be noted that the scope of the methods and devices in the embodiments of the present application is not limited to performing functions in the order shown or discussed, and may also include performing functions in a substantially simultaneous manner or in reverse order according to the functions involved, for example, the described method may be performed in an order different from that described, and various steps may also be added, omitted, or combined. In addition, the features described with reference to certain examples may be combined in other examples.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以计算机软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present application, or the part that contributes to the prior art, can be embodied in the form of a computer software product, which is stored in a storage medium (such as ROM/RAM, a magnetic disk, or an optical disk), and includes a number of instructions for enabling a terminal (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the methods described in each embodiment of the present application.
上面结合附图对本申请的实施例进行了描述,但是本申请并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本申请的启示下,在不脱离本申请宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本申请的保护之内。The embodiments of the present application have been described above in conjunction with the accompanying drawings. However, the present application is not limited to the above-mentioned specific implementations. The above-mentioned specific implementations are only illustrative and not restrictive. Those of ordinary skill in the art will Inspired by this application, many forms can be made without departing from the purpose of this application and the scope protected by the claims, all of which fall within the protection of this application.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211154186.7ACN117792647A (en) | 2022-09-21 | 2022-09-21 | User-level data management method, device, communication equipment and readable storage medium |
| PCT/CN2023/119674WO2024061207A1 (en) | 2022-09-21 | 2023-09-19 | User-level data management method and apparatus, communication device, and readable storage medium |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211154186.7ACN117792647A (en) | 2022-09-21 | 2022-09-21 | User-level data management method, device, communication equipment and readable storage medium |
| Publication Number | Publication Date |
|---|---|
| CN117792647Atrue CN117792647A (en) | 2024-03-29 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211154186.7APendingCN117792647A (en) | 2022-09-21 | 2022-09-21 | User-level data management method, device, communication equipment and readable storage medium |
| Country | Link |
|---|---|
| CN (1) | CN117792647A (en) |
| WO (1) | WO2024061207A1 (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2901744B1 (en)* | 2012-09-27 | 2016-11-23 | Telefonaktiebolaget LM Ericsson (publ) | Method for handling user consent for mdt data collection |
| EP4030799A4 (en)* | 2019-09-30 | 2022-09-28 | Huawei Technologies Co., Ltd. | COMMUNICATION METHOD, DEVICE AND SYSTEM, AND STORAGE MEDIA |
| US12047780B2 (en)* | 2021-01-07 | 2024-07-23 | Nokia Technologies Oy | Authorization in cellular communication systems |
| WO2022173258A1 (en)* | 2021-02-12 | 2022-08-18 | Samsung Electronics Co., Ltd. | Method and apparatus for providing user consent in wireless communication system |
| CN114491626B (en)* | 2022-01-05 | 2025-08-01 | 山东数据交易有限公司 | Data use authorization method and device based on authorization center |
| CN114513373B (en)* | 2022-04-20 | 2022-11-15 | 北京掌趣无限科技有限公司 | Trusted data exchange method, device, system, electronic equipment and storage medium |
| Publication number | Publication date |
|---|---|
| WO2024061207A1 (en) | 2024-03-28 |
| Publication | Publication Date | Title |
|---|---|---|
| US11829774B2 (en) | Machine-to-machine bootstrapping | |
| US11727396B2 (en) | Processing electronic tokens | |
| CN110312305B (en) | Method and device for determining position of terminal device | |
| US20190037401A1 (en) | Method and apparatus for assignment of subscription electronic sim credentials via local service brokers | |
| CN102415119B (en) | Managing undesired service requests in a network | |
| CN113709729B (en) | Data processing method, device, network equipment and terminal | |
| US9106603B2 (en) | Apparatus, method and computer-readable storage mediums for determining application protocol elements as different types of lawful interception content | |
| US12089040B2 (en) | Caller verification in rich communication services (RCS) | |
| US10051428B2 (en) | Subscriber location database | |
| EP4021048A1 (en) | Identity authentication method and apparatus | |
| CN108738015B (en) | Network security protection method, device and system | |
| US20230245109A1 (en) | Billing account authentication enhancement from user authentication contexts | |
| US11974129B2 (en) | Token-based security risk assessment for multi-factor authentication | |
| WO2019112923A1 (en) | Improving security via automated sideband communication for m2m/iot | |
| Amgoune et al. | 5g: Interconnection of services and security approaches | |
| CN117792647A (en) | User-level data management method, device, communication equipment and readable storage medium | |
| WO2016165443A1 (en) | Method for protecting machine type communication device, network entity, and mtc device | |
| US20250071102A1 (en) | Authentication method and apparatus, medium and chip | |
| CN109995728A (en) | Method for secret protection, device, equipment and storage medium based on location-based service | |
| Wang | Advancing the Security and Reliability of Operational Mobile Networks | |
| Xie | Toward Secure and Dependable Mobile Networks | |
| WO2023216082A1 (en) | Subscription processing method and apparatus, and medium and chip | |
| WO2024179262A1 (en) | Communication method and communication apparatus | |
| CN117378231A (en) | Authentication methods, devices, media and chips | |
| WO2025209362A1 (en) | Communication method and apparatus, and device and storage medium |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |