CN104918246A

CN104918246A - Authentication method and system, ProSe (Proximity-based Service) functional entities and UE (User Equipment)

Info

Publication number: CN104918246A
Application number: CN201410091463.3A
Authority: CN
Inventors: 游世林; 梁爽; 蔡继燕; 林兆骥
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2014-03-12
Filing date: 2014-03-12
Publication date: 2015-09-16
Also published as: WO2015135278A1

Abstract

The invention discloses an authentication method. A first ProSe functional entity issues configuration parameters to UE; and the UE issues an authentication process to the first ProSe functional entity according to the configuration parameters, and after authentication on the UE by the first ProSe functional entity succeeds, a D2D service temporary identifier is distributed to the UE. The invention also discloses an authentication system, the UE and the ProSe functional entities.

Description

A kind of authentication method and system, ProSe functional entity and UE

Technical field

The present invention relates to moving communicating field, be specifically related to a kind of method and system of authentication, ProSe functional entity and UE.

Background technology

In order to keep 3-G (Generation Three mobile communication system) in the competitiveness of the communications field, and provide the Mobile Communication Service that speed is faster, time delay is lower, more personalized for user, simultaneously, in order to reduce the operation cost of operator, third generation partner program (3GPP, 3rd Generation Partnership Project) standard operation group is just being devoted to the research of evolved packet system (EPS, Evolved Packet System).Whole EPS comprises wireless access network (E-UTRAN, Evolved Universal Terrestrial Radio Access Network) and mobile core network (EPC, Evolved Packet Core Networking), wherein, EPC contains home subscriber server (HSS, Home Subscriber Server), Mobility Management Entity (MME, Mobility Management Entity), Serving GPRS Support Node (SGSN, Serving GPRS Support Node), policy charging rule function (PCRF, Policy and Charging Rule Function), gateway (S-GW, Serving Gateway), packet data gateway (P-GW, PDN Gateway) and packet data network (PDN, Packet Data Network).

When two subscriber equipmenies (UE, User Equipment) are communicated by EPS, two UE need to set up with EPS respectively to carry.But consider the fast development of UE and various mobile Internet business, a lot of business is wished the UE that can find to close on and is communicated, therefore device-to-device (D2D has been expedited the emergence of, Device to Device) business, D2D business is also called as the business (ProSe, Proximity-based Services) based on distance.In D2D business, when two UE location comparisons close to time, can direct communication, its data path connected can not rap around to core net, like this, can reduce the roundabout of data route on the one hand, also can reduce network data load on the other hand.Therefore, D2D business has obtained the attention of a lot of operator.

At present, conventional D2D business has D2D to find business, D2D finds the communication construction of business as shown in Figure 1, two UE of D2D access can only access EPC by E-UTRAN, two UE can belong to a PLMN (PLMN, Public Land Mobile Network) or belong to two PLMN; For a UE, PLMN can be divided into the PLMN(HPLMN of ownership, Home PLMN) and when this UE is from the PLMN(VPLMN of visit during other PLMN access, Visited PLMN), PLMN for the current residing region of UE can be referred to as local PLMN (LPLMN, Local PLMN), no matter the PLMN of this this locality is HPLMN or VPLMN.Business is found in order to realize D2D, not only EPS is deployed at carrier side, also comprise and dispose the ProSe application server (ProSe Application Server) that D2D finds business, ProSe application server can be provided by the service provider of operation D2D business, also can be provided by the Virtual network operator of operation EPS, also deploy ProSe functional entity (ProSe Function) at different PLMN.

Find in service communication framework at D2D, because UE provides relevant ProSe application (APP, Application), it is PC1 interface with the interface of ProSe application server, provides relevant authentication function.Interface between UE and UE is PC5, and for mutually directly finding and communicating between UE, and the interface between UE and ProSe functional entity is PC3, for the discovery certification by network.Interface between ProSe functional entity and existing EPC is PC4, comprises and the interface in the user plane of P-GW and the chain of command interface with HSS, finds service discovering certification for D2D.The interface of ProSe functional entity and ProSe application server is PC2, finds that the application of business realizes for D2D.ProSe functional entity and ProSe functional entity have PC6 and PC7 interface respectively, be respectively used to UE in roaming and two kinds of non-roaming situations, be PC7 interface during UE roaming, be be PC6 interface when UE is non-roaming, these two interfaces are used for the information interaction that UE carries out performing when D2D finds business between two ProSe functional entitys.

Fig. 2 is that in prior art, UE realizes the flow chart that D2D finds business, comprises the following steps:

Step 201, when UE need to be found to other one or more UE initiate D2D find business time, first UE needs the ProSe functional entity under self HPLMN to carry out D2D to find business authentication, concrete, after ProSe functional entity under UE and HPLMN sets up secure connection, ProSe functional entity under HPLMN sends and finds business request information, described discovery business request information comprises discovery type of service and user ID, described user ID is international mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number) or Mobile Subscriber International ISDN number (MSISDN, Mobile Station international ISDN number), wherein ISDN is integrated services digital network (Integrated Services Digital Network),

Described discovery type of service has: announce (announce), is namely found the discovery request that UE initiates; Monitor (monitor), namely find the discovery request that UE initiates; Coupling (match), namely finds that UE sends coupling report to the ProSe functional entity that can find.

ProSe functional entity under step 202, HPLMN performs UE and finds business authentication flow process, performs the discovery business authentication of UE according to existing technical scheme here; After the discovery request access authentication of UE, going to step 203 by the ProSe functional entity under HPLMN is that UE is found to other one or more discovery operation flow that UE initiates correspondence;

The ProSe functional entity that ProSe functional entity under step 203, HPLMN is found under the PLMN of this locality of UE to one or more according to the type of service of correspondence initiates corresponding discovery operation flow.

When type of service is for announcing, ProSe functional entity then under HPLMN to be found UE this locality PLMN under ProSe functional entity send publish request message, be found the loopback publish response message that the ProSe functional entity of ProSe functional entity under HPLMN under the PLMN of this locality of UE is corresponding; In like manner; When type of service is for monitoring, ProSe functional entity then under HPLMN to be found UE this locality PLMN under ProSe functional entity send interception request message, be found the ProSe functional entity loopback snoop responses message of ProSe functional entity under HPLMN under the PLMN of this locality of UE; In like manner, when type of service is for coupling, ProSe functional entity then under HPLMN to be found UE this locality PLMN under ProSe functional entity send matching request message, the match is successful, is found the ProSe functional entity loopback match responding message of ProSe functional entity under HPLMN under the PLMN of this locality of UE.

Step 204, after D2D finds that Business Processing completes, the ProSe functional entity under HPLMN finds service request response message accordingly to the UE loopback initiating discovery business, and described UE completes relevant allocation of radio resources.

In the prior art, MSISDN parameter is only contracted by HSS, the control network element of EPC can be downloaded to, general not signing MSISDN parameter in UE, but the MSISDN parameter in UE arbitrarily can be configured by user, in this case, if be configured with the MSISDN of mistake, will cause finding that service request is made mistakes; In addition, if adopt IMSI to realize authentication, then IMSI can be made to be exposed to and to find that in business request information, this exposes causing the privacy information of user, the risk that adding users victim is attacked.

Summary of the invention

In order to solve prior art Problems existing, the embodiment of the present invention is expected to provide a kind of method and system of authentication, ProSe functional entity and UE, avoids the privacy information exposing user.

Technical scheme of the present invention is achieved in that

A kind of authentication method that the embodiment of the present invention provides, described method comprises:

One ProSe functional entity issues configuration parameter to user equipment (UE); Described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, and a described ProSe functional entity, to after described UE authentication success, distributes D2D business temporary mark to described UE.

In such scheme, described configuration parameter comprise UE support PLMN identification list and a described ProSe functional entity be UE distribute D2D business temporary mark or described configuration parameter only comprise described UE support PLMN identification list.

In such scheme, before a described ProSe functional entity is to UE authentication, described method also comprises:

UE determines that local plmn is identified in the PLMN identification list received, and initiates authentication request to the 2nd ProSe functional entity.

In such scheme, when the configuration parameter that described UE receives comprises the PLMN identification list of described UE support and a described ProSe functional entity is the D2D business temporary mark of UE distribution, described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, comprising:

UE sends authentication request to the 2nd ProSe functional entity, and the D2D business temporary mark that local plmn identifies and described UE receives is carried in described authentication request;

2nd ProSe functional entity forwards described authentication request to a described ProSe functional entity;

A described ProSe functional entity searches UE context corresponding to described UE according to described D2D business temporary mark;

When finding UE context corresponding to described UE, a described ProSe functional entity, to the success of UE authentication, returns the D2D business temporary mark of distribution to UE;

When not finding context corresponding to UE, a described ProSe functional entity initiates the UE context acquisition process of described UE to home subscriber server HSS, described UE context obtains successfully, a described ProSe functional entity, to described UE authentication success, returns the D2D business temporary mark of distribution to described UE.

In such scheme, when the configuration parameter that described UE receives only comprises the PLMN identification list of described UE support, described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, comprising:

UE sends authentication request to the 2nd ProSe functional entity, and international mobile subscriber identity IMSI or D2D business temporary mark are carried in described authentication request;

Described authentication request forward is given a described ProSe functional entity by the 2nd ProSe functional entity;

A described ProSe functional entity performs UE authentication process according to described IMSI or D2D business temporary mark.

In such scheme, a described ProSe functional entity performs UE authentication process according to described IMSI or D2D business temporary mark, comprising:

A described ProSe functional entity searches the UE context corresponding with described UE according to described IMSI or D2D business temporary mark;

When finding UE context corresponding to described UE, a described ProSe functional entity, to described UE authentication success, returns the D2D business temporary mark of distribution to described UE;

When not finding context corresponding to described UE, a described ProSe functional entity initiates UE context acquisition process to HSS, UE context obtains successfully, and a described ProSe functional entity, to the success of UE authentication, returns the D2D business temporary mark of distribution to UE.

In such scheme, after a described ProSe functional entity distributes D2D business temporary mark to UE, described method also comprises:

UE sends to a described ProSe functional entity and finds business request information; Described discovery business request information comprises: find type of service and D2D business temporary mark;

Certification is carried out in the discovery request of a described ProSe functional entity to UE;

If find request access authentication, a described ProSe functional entity initiates corresponding discovery operation flow according to the type of service of correspondence;

After discovery Business Processing completes, a described ProSe functional entity finds service request response message to UE loopback, and it is the D2D business temporary mark that UE distributes that described message carries a described ProSe functional entity.

In such scheme, certification is carried out in the discovery request of a described ProSe functional entity to UE, comprising:

A described ProSe functional entity searches the UE context relevant to described UE according to D2D business temporary mark, and when finding UE context corresponding to UE, described UE finds request access authentication;

When not finding UE context corresponding to UE, a described ProSe functional entity initiates to obtain IMSI request to UE; UE obtains IMSI response to a described ProSe functional entity loopback, and carries IMSI corresponding to described UE; Whether a described ProSe functional entity exists the UE context corresponding with described UE according to IMSI inquiry, and when existing, described UE finds request access authentication;

If there is no, a described ProSe functional entity carries out discovery business authentication authentication to HSS, and described HSS is that described UE sets up new UE context, and described UE finds request access authentication.

One ProSe functional entity issues configuration parameter to UE; A described ProSe functional entity, to after described UE authentication success, distributes D2D business temporary mark to described UE.

In such scheme, described configuration parameter comprise UE support PLMN identification list and a described ProSe functional entity be UE distribute D2D business temporary mark, or described configuration parameter only comprise described UE support PLMN identification list.

In such scheme, a described ProSe functional entity, to UE authentication, comprising:

A described ProSe functional entity receives the authentication request that the 2nd ProSe functional entity sends, and the D2D business temporary mark that local plmn identifies and described UE receives is carried in described authentication request;

When finding context corresponding to UE, a described ProSe functional entity, to the success of UE authentication, returns to UE and distributes D2D business temporary mark;

When not finding context corresponding to UE, a described ProSe functional entity initiates UE context acquisition process to HSS, UE context obtains successfully, and a described ProSe functional entity, to the success of UE authentication, returns to UE and distributes D2D business temporary mark.

A described ProSe functional entity receives the authentication request that the 2nd ProSe functional entity sends, IMSI or D2D business temporary mark is carried in described authentication request;

A described ProSe performs UE authentication process according to described IMSI or D2D business temporary mark.

In such scheme, described execution UE authentication process, comprising:

A described ProSe searches the UE context corresponding with described UE according to described IMSI or D2D business temporary mark;

A described ProSe functional entity receives the discovery business request information that UE sends; Described discovery business request information comprises: find type of service and D2D business temporary mark;

After discovery Business Processing completes, a described ProSe functional entity finds service request response message to UE loopback, and it is the D2D business temporary mark that UE distributes that described message carries a ProSe functional entity.

A described ProSe functional entity searches the UE context relevant to described UE according to D2D business temporary mark, and when finding context corresponding to UE, described UE finds request access authentication;

When not finding context corresponding to UE, a described ProSe functional entity initiates to obtain IMSI request to UE; IMSI obtains successfully, and whether a described ProSe functional entity exists UE context corresponding to described UE according to described IMSI inquiry, and when existing, described UE finds request access authentication;

UE receives the configuration parameter that a ProSe functional entity issues; UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, and after authentication success, receives the D2D business temporary mark that a described ProSe functional entity distributes.

In such scheme, at UE to before a described ProSe functional entity authentication, described method also comprises:

UE determines that local plmn is identified in the PLMN identification list received, and UE initiates authentication request to the 2nd ProSe functional entity.

In such scheme, when the configuration parameter that described UE receives comprises the PLMN identification list of described UE support and described ProSe functional entity is the D2D business temporary mark of UE distribution, described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, comprising:

UE sends authentication request to a described ProSe functional entity, and the D2D business temporary mark that local plmn identifies and described UE receives is carried in described authentication request;

When authentication success, it is the D2D business temporary mark that described UE distributes that UE receives a described ProSe functional entity.

UE sends authentication request to a ProSe functional entity, IMSI or D2D business temporary mark is carried in described authentication request.

In such scheme, after described UE receives the D2D business temporary mark of a described ProSe functional entity distribution, described method also comprises:

When a described ProSe functional entity does not find UE context corresponding to described UE according to D2D business temporary mark, the acquisition IMSI that UE receives a described ProSe functional entity transmission asks, and ask to return to a described ProSe functional entity to obtain IMSI response according to described acquisition IMSI, IMSI corresponding to UE is carried in described acquisition IMSI response;

After discovery Business Processing completes, it is the D2D business temporary mark that described UE distributes that UE receives a described ProSe functional entity.

A kind of ProSe functional entity that the embodiment of the present invention provides, described ProSe functional entity comprises: configuration parameter issues module, authentication module and temporary mark distribution module; Wherein,

Described configuration parameter issues module, for issuing configuration parameter to UE;

Described authentication module, for performing authentication to UE, and triggers temporary mark distribution module when authentication success;

Described temporary mark distribution module, during for being triggered by described authentication module, issues D2D business temporary mark to described UE.

In such scheme, described configuration parameter issue module to the configuration parameter that UE issues comprise UE support PLMN identification list and described temporary mark distribution module be UE distribute D2D business temporary mark or described configuration parameter only comprise described UE support PLMN identification list.

In such scheme, described ProSe functional entity also comprises: find request authentication module and find Service Processing Module; Wherein,

Described discovery request authentication module, for receiving the discovery service request of UE, and carry out certification to the discovery service request of described UE, wherein said discovery service request comprises: find type of service and D2D business temporary mark; Also for after the discovery service request authentication success of described UE, trigger and find Service Processing Module;

Described discovery Service Processing Module, during for being found the triggering of request authentication module, Business Processing is found for UE performs, and after discovery Business Processing completes, return discovery service response message to UE, it is the D2D business temporary mark that UE distributes that described discovery service response message carries described temporary mark distribution module.

A kind of user equipment (UE) that the embodiment of the present invention provides, described UE comprises: configuration parameter receiver module, authentication request sending module; Wherein,

Described configuration parameter receiver module, for receiving the configuration parameter that a ProSe functional entity issues;

Described authentication request sending module, for initiating authentication process to a described ProSe functional entity;

Described configuration parameter receiver module, also for after a described ProSe functional entity authentication success, receives the D2D business temporary mark that a described ProSe functional entity distributes.

In such scheme, described UE also comprises judge module; Described judge module, before initiating authentication process in described authentication request sending module to a described ProSe functional entity, determine that the local plmn of UE is identified in the PLMN identification list received, trigger authentication request sending module and send authentication request to the 2nd ProSe functional entity.

In such scheme, described UE also comprises: find service request module and request processing module; Wherein,

Described discovery service request module, finds business request information for sending to a described ProSe functional entity; Described discovery business request information comprises: find type of service and D2D business temporary mark;

When a described ProSe functional entity does not find UE context corresponding to described UE according to D2D business temporary mark, described request processing module, the acquisition IMSI sent for receiving a described ProSe functional entity asks, and ask to return to described UE to obtain IMSI response according to described acquisition IMSI, IMSI corresponding to UE is carried in described acquisition IMSI response;

After discovery Business Processing completes, it is the D2D business temporary mark that described UE distributes that described configuration parameter receiver module receives a described ProSe functional entity.

A kind of authentication system that the embodiment of the present invention provides, described system comprises: ProSe functional entity and a UE;

A described ProSe functional entity, for issuing configuration parameter to UE; Also for after the success of UE authentication, distribute D2D business temporary mark to described UE;

Described UE, for initiating authentication process according to described configuration parameter to a ProSe functional entity.

In such scheme, a described ProSe functional entity issues configuration parameter to UE, comprising: the PLMN identification list that UE supports by a described ProSe functional entity and a described ProSe functional entity are that the D2D business temporary mark of UE distribution or the PLMN identification list of described UE support are handed down to UE as configuration parameter.

In such scheme, described UE, also for determining that local plmn is identified in the PLMN identification list received, initiates authentication request to a described ProSe functional entity.

In such scheme, described UE, also finds business request information for sending to a described ProSe functional entity; Described discovery business request information comprises: find type of service and D2D business temporary mark;

A described ProSe functional entity is also for carrying out certification to the discovery request of UE92;

After discovery Business Processing completes, a described ProSe functional entity finds service response message to described UE loopback, and it is the D2D business temporary mark that UE distributes that described discovery service response message carries a described ProSe functional entity.

The method and system of the authentication that the embodiment of the present invention provides, ProSe functional entity and UE, a ProSe functional entity issues configuration parameter to user equipment (UE); UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, and after authentication success, is that described UE distributes D2D business temporary mark by a described ProSe functional entity; So, can before the D2D discovery business of UE, be UE distribution D2D business temporary mark in the authentication process of UE, described D2D business temporary mark can be used for authentication during UE initiation discovery business; When adopting described D2D business temporary mark to perform authentication, when incidental mistake and employing IMSI perform authentication when can avoid adopting MSISDN parameter execution authentication, easily privacy of user is exposed to the shortcoming in discovery business.

Accompanying drawing explanation

Fig. 1 is that D2D finds service communication Organization Chart;

Fig. 2 is that in prior art, D2D finds business realizing flow chart;

The authentication method flow chart one that Fig. 3 provides at least one embodiment of the present invention;

The authentication method flowchart 2 that Fig. 4 provides at least one embodiment of the present invention;

The authentication method flow chart 3 that Fig. 5 provides at least one embodiment of the present invention;

The authentication method flow chart four that Fig. 6 provides at least one embodiment of the present invention;

The authentication method flow chart five that Fig. 7 provides at least one embodiment of the present invention;

The authentication method flow chart six that Fig. 8 provides at least one embodiment of the present invention;

The ProSe functional entity basic block diagram that Fig. 9 provides at least one embodiment of the present invention;

The user equipment (UE) basic block diagram that Figure 10 provides at least one embodiment of the present invention;

The authentication system basic block diagram that Figure 11 provides at least one embodiment of the present invention.

Embodiment

In the embodiment of the present invention, a ProSe functional entity issues configuration parameter to user equipment (UE); UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, and after authentication success, is that described UE distributes D2D business temporary mark by a described ProSe functional entity.

Below by drawings and the specific embodiments, the present invention is described in further detail.

Embodiment one

The embodiment of the present invention one provides a kind of authentication method, and as shown in Figure 3, the method comprises the following steps:

Step 301: a ProSe functional entity issues configuration parameter to described UE;

Here a ProSe functional entity refers to the ProSe functional entity under the HPLMN of UE, and after UE and a described ProSe functional entity set up secure connection, UE sends to a described ProSe functional entity and finds business request information;

A described ProSe functional entity issues configuration parameter to UE, and described configuration parameter comprises: UE support PLMN identification list and a described ProSe functional entity be UE distribute D2D business temporary mark or described configuration parameter only comprise described UE support PLMN identification list;

When the configuration parameter issued to UE comprises: the PLMN identification list that UE supports and a described ProSe functional entity be UE distribute D2D business temporary mark time, a described ProSe functional entity is by the corresponding relation described in preserving between the D2D business temporary mark that issues and the IMSI of described UE.

Concrete, described D2D business temporary mark is the temporary mark that a kind of D2D that can be used for UE finds business, this D2D business temporary mark or can be able to be unique parameter corresponding to described UE for ProSe functional entity mark, and described parameter can adopt any representation that can be used for a unique identification UE; Concrete, in D2D business temporary mark actual allocated, can be UE Random assignment D2D business temporary mark for UE distributes D2D business temporary mark or passes through mathematical function discrete in order.

Step 302: described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, a described ProSe functional entity, to after described UE authentication success, distributes D2D business temporary mark to described UE;

In this step, UE, after acquisition configuration parameter, first judges that local plmn identifies whether in the PLMN identification list received, if there is no, does not then do any operation, terminate current handling process;

When the local plmn mark of UE is present in the PLMN identification list received, UE will initiate authentication request to the 2nd ProSe functional entity, concrete, described 2nd ProSe functional entity refers to the ProSe functional entity under the LPLMN of UE, here, for the UE receiving different configuration parameter in step 301, different authentication processes will be had;

Below by Fig. 4 and Fig. 5, the authentication process of UE is in above-mentioned two situations described;

Fig. 4 is that the configuration parameter received comprises: when the PLMN identification list that UE supports and a ProSe functional entity are the D2D business temporary mark of UE distribution, the flow chart of the authentication process that UE performs, as shown in Figure 4, described authentication process comprises the following steps:

Step 401:UE sends authentication request to the 2nd ProSe;

Concrete, UE sends authentication request directly to the 2nd ProSe functional entity, the D2D business temporary mark that described authentication request is carried local plmn mark and received;

Step 402: the 2nd ProSe forwards described authentication request to a ProSe;

Concrete, described 2nd ProSe functional entity forwards described authentication request to a described ProSe functional entity, and D2D business temporary mark and local plmn mark are carried in described authentication request.

Step 403 a: ProSe judges whether UE context exists, if existed, continues to perform according to step 404a to 406a, if there is no, performs according to step 404b, 404b;

In this step, a described ProSe functional entity searches the UE context corresponding with described UE according to D2D business temporary mark, and described UE context comprises IMSI and the service parameter of UE; Concrete, because a ProSe functional entity has saved the corresponding relation between described D2D business temporary mark and the IMSI of described UE when UE issues D2D business temporary mark, therefore, one ProSe functional entity can find corresponding IMSI according to the D2D business temporary mark received, afterwards, the UE context corresponding with described IMSI is searched according to IMSI; When finding the UE context corresponding with described UE, authentication passes through, and now, continues to perform according to step 404a to 406a; If do not passed through, then perform according to step 404b, 404b.

Step 404a: a described ProSe functional entity is that UE distributes D2D business temporary mark;

In this step, after described UE uses described D2D business temporary mark for its distribution to carry out authentication success, a described ProSe functional entity can redistribute D2D business temporary mark for described UE, described in the D2D business temporary mark redistributed can be used for when described UE performs discovery business next time authentication; Like this, again for UE distributes D2D business temporary mark after each authentication success, the unsafe factor easily occurred when UE uses same D2D business temporary mark to perform repeatedly authentication can be stopped, this is because, if UE Long-Time Service same D2D business temporary mark, this D2D business temporary mark will be easy to victim or other users adopt illegal means to obtain and use; Therefore, in scheme described in the embodiment of the present invention one, the D2D business temporary mark of UE can be dynamically updated after every use, and the D2D business temporary mark used so is each time all different, can guarantee the fail safe of UE;

Step 405a: a described ProSe functional entity responds to the 2nd ProSe functional entity loopback authentication;

Concrete, the D2D business temporary mark and the UE context corresponding with described UE that a described ProSe functional entity is UE distribution is carried in described authentication response, and wherein, described UE context comprises authentication vector parameter group.

Step 406a: described 2nd ProSe functional entity is to UE loopback authentication request response;

Concrete, it is the D2D business temporary mark redistributed of UE and authentication parameter that described authentication request response carries a described ProSe functional entity, and UE preserves described D2D business temporary mark; Described D2D business temporary mark can be used for the authentication of the D2D discovery business of follow-up UE; Terminate current process;

404b: a described ProSe functional entity sends context to HSS and obtains request message;

Concrete, described context obtains the IMSI that UE is carried in request;

After 405b:HSS finds corresponding UE context, obtain response message to a ProSe functional entity loopback context;

Concrete, after HSS finds the UE context corresponding to described UE according to the IMSI of described UE, response message is obtained to a described ProSe functional entity loopback context, described context obtains response message and carries UE context corresponding to described UE, and described UE context comprises UE authentication vector group; After a described ProSe functional entity obtains UE context, return step 403, a ProSe functional entity passes through UE authentication according to described UE context, now performs according to step 404a-step 405a;

When the configuration parameter that UE receives only comprises the PLMN identification list of UE support, authentication process between described UE and a ProSe functional entity comprises two kinds of situations: in the first situation, UE is the UE not being assigned with D2D business temporary mark, in the second situation, UE is the UE being assigned with D2D business temporary mark;

Step 501:UE judges self whether to there is the D2D business temporary mark distributed, and if there is no, performs step 502a, if existed, performs step 502c;

UE can judge self whether to there is the D2D business temporary mark distributed by the value detecting self D2D business temporary mark field; Concrete, if UE detect self D2D business temporary mark field be empty or for non-D2D business temporary mark field (be all such as position 1 or be 0 situation), then can determine self to there is not the D2D business temporary mark distributed, now, perform process by the first situation; If UE detects self D2D business temporary mark field not for empty, and is normal D2D business temporary mark, then can determine that self exists the D2D business temporary mark distributed, and now, performs process by the second situation;

Below the process performed in the first situation is introduced:

Step 502a:UE sends authentication request to the 2nd ProSe functional entity;

Concrete, local plmn mark and IMSI are carried in described authentication request, and the D2D business temporary mark in described authentication request be empty or for non-D2D business temporary mark field (be all such as position 1 or be 0 situation);

Step 503a: the two ProSe functional entity forwards described authentication request to a ProSe functional entity;

Step 504a: the one ProSe functional entity judges whether UE context exists, if existed, performs step 505a, if there is no, performs step 505b;

Concrete, a ProSe functional entity searches corresponding UE context according to IMSI, and described UE context comprises service parameter corresponding to UE, and searching corresponding to UE according to the IMSI of UE is that UE context belongs to prior art, repeats no more here; If find corresponding UE context, then perform step 505a-step 507a; If do not found, then perform according to step 505b, 506b;

Step 505b: the one ProSe functional entity sends UE context to HSS and obtains request message, and described UE context obtains the IMSI that request message carries UE;

Step 506b:HSS, to after the success of UE authentication, responds to a ProSe functional entity loopback authentication;

After HSS finds the UE context corresponding with described UE, obtain response message to a ProSe functional entity loopback context, described context obtains response message and carries authentication vector parameter group corresponding to user; After obtaining UE context, return step 503b, a ProSe functional entity passes through UE authentication according to described UE context, now performs according to step 504a-step 505a;

Step 505a: a described ProSe functional entity is that UE distributes D2D business temporary mark;

In this step, after the success of described UE authentication, a described ProSe functional entity can be that described UE distributes D2D business temporary mark, and the D2D business temporary mark of described distribution can be used for authentication when described UE performs D2D discovery business next time;

Step 506a: a described ProSe functional entity responds to the 2nd ProSe functional entity loopback authentication;

Step 507a: described 2nd ProSe functional entity is to UE loopback authentication response message, it is the D2D business temporary mark redistributed of UE and authentication parameter that described authentication response message carries a described ProSe functional entity, and UE preserves described D2D business temporary mark; Described D2D business temporary mark can be used for UE perform next time D2D find business time authentication; Terminate current process.

Below the process performed in the second situation is introduced:

Step 502c:UE sends authentication request to the 2nd ProSe functional entity, and local plmn mark and D2D business temporary mark are carried in described authentication request;

It should be noted that, due to before this step, D2D business temporary mark is not comprised in the configuration parameter that one ProSe functional entity issues to UE, and D2D business temporary mark be here actually UE upper once execute authentication process after, by the D2D business temporary mark that a ProSe functional entity is UE distribution, this D2D business temporary mark itself can be used for the process of authentication next time of UE; That is, before flow process starts described in the embodiment of the present invention one, the D2D business temporary mark be assigned with in described UE, may have been there is; Therefore, in current handling process, a ProSe functional entity is not included as the D2D business temporary mark that UE distributes in the configuration parameter issued to UE, also be consider the UE for having obtained D2D business temporary mark in upper once authentication flow process, if directly distribute again new D2D business temporary mark there is no need in this time authentication, and the waste of resource can be caused;

Step 503c: the two ProSe functional entity sends described authentication request to a ProSe functional entity, and local plmn mark and D2D business temporary mark are carried in described authentication request.

Step 504c: the one ProSe functional entity searches corresponding UE context according to D2D business temporary mark, and described UE context comprises service parameter corresponding to UE, if found, performs step 505c, if do not found, performs step 505d;

Concrete, because UE is when obtaining D2D business temporary mark, one ProSe functional entity has saved the corresponding relation between described D2D business temporary mark and the IMSI of described UE, therefore, one ProSe functional entity can find corresponding IMSI according to the D2D business temporary mark received, afterwards, the UE context corresponding with described IMSI is searched according to IMSI; If find corresponding UE context, then perform step 505c-step 507c; If do not found, then perform according to step 505d, 506d;

Step 505d: the one ProSe functional entity sends context to HSS and obtains request message;

Concrete, described context obtains the IMSI that request message carries UE;

Step 506d:HSS, to after the success of UE authentication, responds to a ProSe functional entity loopback authentication;

Concrete, after HSS finds the UE context corresponding with described UE, obtain response message to a ProSe functional entity loopback context, described context obtains response message and carries authentication vector parameter group corresponding to user; After obtaining UE context, return step 504c, a ProSe functional entity passes through UE authentication according to described UE context, now performs according to step 505c-step 507c;

Step 505c: a described ProSe functional entity is that UE distributes D2D business temporary mark;

Step 506c: a described ProSe functional entity responds to the 2nd ProSe functional entity loopback authentication;

Step 507c: described 2nd ProSe functional entity is to UE loopback authentication request response;

Concrete, it is the D2D business temporary mark redistributed of UE and authentication parameter that described authentication request response carries a described ProSe functional entity, and UE preserves described D2D business temporary mark; Described D2D business temporary mark can be used for the authentication of the D2D discovery business of follow-up UE; Terminate current process.

Further, after the authentication method provided by the embodiment of the present invention one obtains D2D business temporary mark, can also initiate D2D according to the D2D business temporary mark of described acquisition and find business, described D2D finds business processing flow figure as shown in Figure 6, said method comprising the steps of:

Step 601: when UE need to be found to other one or more UE initiate D2D find business time, first UE needs ProSe functional entity, i.e. a ProSe functional entity under self HPLMN to carry out D2D to find business authentication; After UE and a ProSe functional entity set up secure connection, send to a ProSe functional entity and find business request information, described discovery business request information comprises: find type of service and D2D business temporary mark.

Described discovery type of service has: announce (announce), is namely found the discovery request that UE initiates; Monitor (monitor), namely find the discovery request that UE initiates; Coupling (match), namely finds that UE sends coupling report to the ProSe functional entity that can find; Here it should be noted that and find that UE refers to the UE initiating discovery business, be found UE and refer to the Finding Object finding that UE asks;

Step 602: a ProSe functional entity searches the UE context relevant to described UE according to D2D business temporary mark; If find relevant UE context, then find service request access authentication, go to step 607 execution and find Business Processing; If do not find relevant UE context, then after complete according to step 603-606, then perform according to step 607;

Step 603: a ProSe functional entity initiates to obtain IMSI request to UE;

Step 604:UE obtains IMSI response to a ProSe functional entity loopback, and described acquisition IMSI carries the IMSI corresponding with described UE in responding;

Step 605: whether a described ProSe functional entity exists UE context according to IMSI inquiry, when existing, finds business access authentication, now, directly goes to step 608 execution and finds Business Processing; If there is no, then according to step 606,607 complete after, continue to perform according to step 608;

Step 606: a ProSe functional entity and HSS carry out discovery business authentication authentication, is that described UE sets up new UE context by HSS, comprises the subscription parameters of UE in described UE context;

Step 607: if find request access authentication, a described ProSe functional entity according to the type of service of correspondence to be found UE this locality PLMN under ProSe functional entity initiate corresponding discovery operation flow.

When type of service is for announcing, then a ProSe functional entity to be found UE this locality PLMN under ProSe functional entity send publish request message, be found ProSe functional entity under the PLMN of this locality of UE to loopback publish request message corresponding to a ProSe functional entity; In like manner, when type of service is for monitoring, then a ProSe functional entity to be found UE this locality PLMN under ProSe functional entity send interception request message, be found ProSe functional entity under the PLMN of this locality of UE to a ProSe functional entity loopback interception request response message; In like manner, when type of service is for coupling, then a ProSe functional entity to be found UE this locality PLMN under ProSe functional entity send matching request message, the match is successful, is found ProSe functional entity under the PLMN of this locality of UE to a ProSe functional entity loopback matching request response message.

Step 608, after discovery Business Processing completes, a ProSe functional entity finds service request response message to UE loopback, and it is the D2D business temporary mark that UE distributes that described message carries a described ProSe functional entity, after UE receives response, complete relevant allocation of radio resources.

Described D2D business temporary mark can be: ProSe functional entity mark or 32 (bit), the parameter of a unique corresponding UE, this parameter can be distributed in order or be obtained by mathematical function is discrete;

Here, after discovery business completes, why again for UE distributes new D2D business temporary mark, be also to stop the unsafe factor easily occurred when UE uses same D2D business temporary mark to perform repeatedly authentication; In scheme described in the embodiment of the present invention one, the D2D business temporary mark of UE can be dynamically updated after every use, and the D2D business temporary mark used so is each time all different, can guarantee the fail safe of UE.

Embodiment two

The embodiment of the present invention two provides a kind of authentication method, and shown in the method flow chart 7, the method comprises the following steps:

Step 701: a ProSe functional entity issues configuration parameter to UE;

Concrete, a described ProSe functional entity to the configuration parameter that UE issues can comprise UE support PLMN identification list and a described ProSe functional entity be UE distribute D2D business temporary mark, or described configuration parameter only comprise described UE support PLMN identification list;

Wherein, described D2D business temporary mark can be ProSe functional entity mark or unique parameter corresponding to described UE, and described parameter can adopt any representation that can be used for a unique identification UE; Concrete, in D2D business temporary mark actual allocated, can in order to UE allocation of parameters or discrete to UE Random assignment parameter by mathematical function.

Step 702: a described ProSe functional entity, to after described UE authentication success, distributes D2D business temporary mark to described UE.

Concrete, a described ProSe functional entity, to UE authentication, comprising:

A described ProSe functional entity receives the authentication request that the 2nd ProSe functional entity sends, when the D2D business temporary mark that a ProSe functional entity in step 601 issues to described UE is carried in described authentication request, a described ProSe functional entity searches UE context corresponding to described UE according to described D2D business temporary mark; When finding context corresponding to UE, a described ProSe functional entity, to the success of UE authentication, distributes new D2D business temporary mark to UE, and described D2D business temporary mark can be used for the authentication that described UE initiates when finding business next time; When not finding context corresponding to UE, a described ProSe functional entity initiates UE context acquisition process to HSS, UE context obtains successfully, and a described ProSe functional entity, to the success of UE authentication, distributes new D2D business temporary mark to UE.

Concrete, a described ProSe functional entity, to UE authentication, also comprises:

A described ProSe functional entity receives the authentication request that the 2nd ProSe functional entity sends, when IMSI or D2D business temporary mark is carried in described authentication request, a described ProSe performs UE authentication process according to described IMSI or D2D business temporary mark;

Here, it is different that the D2D business temporary mark in described authentication request and a ProSe functional entity described in step 601 issue to UE the D2D business temporary mark carried in configuration parameter; Due in this step, the D2D business temporary mark for described UE distributes is not carried in the configuration parameter that a described ProSe functional entity issues to UE, therefore, D2D business temporary mark here be in fact UE before authentication process in the D2D business temporary mark that obtained; Accordingly, if there is no D2D business temporary mark before UE, then UE will initiate authentication request by IMSI to the 2nd ProSe functional entity, in this case, described 2nd ProSe functional entity by described authentication request forward to ProSe functional entity under HPLMN time, only carry the IMSI of described UE;

Concrete, a described ProSe performs UE authentication process according to described IMSI or D2D business temporary mark, comprising:

When finding context corresponding to UE, a described ProSe functional entity, to the success of UE authentication, distributes new D2D business temporary mark to UE; When not finding context corresponding to UE, a described ProSe functional entity initiates UE context acquisition process to HSS, UE context obtains successfully, and a described ProSe functional entity, to the success of UE authentication, returns to UE and distributes D2D business temporary mark;

Concrete, described D2D business temporary mark is encapsulated in authentication response and returns to the 2nd ProSe functional entity by a described ProSe functional entity, by described 2nd ProSe functional entity, described authentication response is transmitted to described UE.

Further, after a described ProSe functional entity distributes D2D business temporary mark to UE, described method also comprises:

A described ProSe functional entity receives the discovery business request information that UE sends; The discovery service request of described UE can be the discovery service request being found UE for, also can be for multiple discovery service request being found UE; Described discovery business request information comprises: find type of service and D2D business temporary mark; Certification is carried out in the discovery request of a described ProSe functional entity to UE; If find request access authentication, a described ProSe functional entity according to the type of service of correspondence to be found UE this locality PLMN under ProSe initiate corresponding discovery operation flow; After discovery Business Processing completes, a described ProSe functional entity finds service request response message to UE loopback, and it is the D2D business temporary mark that UE distributes that described discovery service request response message carries a described ProSe functional entity.

Concrete, certification is carried out in the discovery request of a described ProSe functional entity to UE, comprising:

When not finding context corresponding to UE, a described ProSe functional entity initiates to obtain IMSI request to UE; UE obtains IMSI response to a described ProSe functional entity loopback, and carries IMSI corresponding to UE; Whether a described ProSe functional entity exists UE context according to IMSI inquiry, and when existing, described UE finds request access authentication;

If there is no, a described ProSe functional entity carries out discovery business authentication authentication to HSS, and sets up new UE context, and described UE finds request access authentication.

Embodiment three

The embodiment of the present invention three provides a kind of authentication method, and as shown in Figure 8, the method comprises the following steps the method flow chart:

Step 801:UE receives the configuration parameter that a ProSe functional entity issues;

Concrete, described configuration parameter comprises PLMN identification list that UE supports and described ProSe functional entity is the D2D business temporary mark that UE distributes, or described configuration parameter only comprises the PLMN identification list that described UE supports;

Step 802:UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, and after authentication success, receives the D2D business temporary mark that a described ProSe functional entity distributes;

Concrete, at UE to before a described ProSe functional entity authentication, the method also comprises: UE judges local plmn mark whether in the PLMN identification list received, if existed, UE is to the 2nd ProSe functional entity initiation authentication request.

When the configuration parameter that described UE receives comprises the PLMN identification list of described UE support and described ProSe functional entity is the D2D business temporary mark of UE distribution, described UE initiates authentication request to a described ProSe functional entity, comprising:

UE sends authentication request to a described ProSe functional entity, and the D2D business temporary mark that local plmn identifies and described UE receives is carried in described authentication request; When authentication success, it is the D2D business temporary mark that described UE distributes that UE receives a described ProSe functional entity;

When the configuration parameter that described UE receives only comprises the PLMN identification list of described UE support, described UE initiates authentication request to a described ProSe functional entity, comprising:

UE sends authentication request to the 2nd ProSe functional entity, IMSI or D2D business temporary mark is carried in described authentication request;

Described authentication request forward is given a described ProSe by the 2nd ProSe functional entity;

Further, after described UE receives the D2D business temporary mark of a described ProSe functional entity distribution, the method also comprises:

When UE wishes to be found UE initiation discovery request to one or more, UE sends to a described ProSe functional entity and finds business request information; Described discovery business request information comprises: find type of service and D2D business temporary mark;

When a described ProSe functional entity does not find UE context corresponding to described UE according to D2D business temporary mark, the acquisition IMSI that UE receives a described ProSe functional entity transmission asks, and ask to return to described UE to obtain IMSI response according to described acquisition IMSI, IMSI corresponding to UE is carried in described acquisition IMSI response;

Embodiment four

The embodiment of the present invention four provides a kind of ProSe functional entity, described ProSe functional entity is the ProSe functional entity under the HPLMN being positioned at UE, as shown in Figure 9, described ProSe functional entity comprises its basic structure: configuration parameter issues module 91, authentication module 92 and temporary mark distribution module 93; Wherein,

Described configuration parameter issues module 91, for issuing configuration parameter to UE;

Described authentication module 92, for performing authentication to UE, and triggers temporary mark distribution module 93 when authentication success;

Described temporary mark distribution module 93, during for being triggered by described authentication module 92, issues D2D business temporary mark to described UE.

Concrete, described configuration parameter issues module can comprise to the configuration parameter that UE issues the PLMN identification list and the D2D business temporary mark that distributes for UE of described temporary mark distribution module 93 that UE supports, or described configuration parameter only comprises the PLMN identification list of described UE support; Therefore, described temporary mark distribution module 93, also for described configuration parameter issue module 91 issue configuration parameter to UE time, be that UE distributes D2D business temporary mark;

Concrete, described authentication module 92 couples of UE perform authentication, comprising:

Described authentication module 92 receives the authentication request that other ProSe functional entity sends, when the D2D business temporary mark that temporary mark distribution module 93 issues to described UE is carried in described authentication request, described authentication module 92 searches UE context corresponding to described UE according to described D2D business temporary mark; When finding context corresponding to UE, the 92 pairs of UE authentication successes of described authentication module, trigger described temporary mark distribution module 93 and distribute new D2D business temporary mark to UE, described D2D business temporary mark can be used for described UE initiate next time find business time authentication; When not finding context corresponding to UE, described authentication module 92 initiates UE context acquisition process to HSS, UE context obtains successfully, the 92 pairs of UE authentication successes of described authentication module, trigger described temporary mark distribution module 93 and distribute new D2D business temporary mark to UE; Here, other ProSe functional entity described can refer to the ProSe functional entity under the LPLMN of UE;

Concrete, described authentication module 92 pairs of UE authentications, also comprise:

Described authentication module 92 receives the authentication request that other ProSe functional entity described sends, when IMSI or D2D business temporary mark is carried in described authentication request, described authentication module 92 performs UE authentication process according to described IMSI or D2D business temporary mark; Here, the D2D business temporary mark in described authentication request and described configuration parameter issue module 91 when issuing configuration parameter to UE, and it is different that described temporary mark distribution module 93 is that UE distributes D2D business temporary mark; Due in this step, configuration parameter issues in the configuration parameter that module 91 issues to UE the D2D business temporary mark do not carried as UE distributes, therefore, D2D business temporary mark here be in fact UE before authentication process in the D2D business temporary mark that obtained; Accordingly, if there is no D2D business temporary mark before UE, then UE initiates authentication request by by IMSI to the ProSe functional entity under other PLMN, in this case, other ProSe functional entity described by described authentication request forward give described authentication module 92 time, only carry the IMSI of described UE;

Concrete, described authentication module 92 performs UE authentication process according to described IMSI or D2D business temporary mark, comprising:

Described authentication module 92 searches the UE context corresponding with described UE according to described IMSI or D2D business temporary mark;

When finding context corresponding to UE, the 92 pairs of UE authentications successes of described authentication module, trigger described temporary mark distribution module 93 and distribute new D2D business temporary mark to UE; When not finding context corresponding to UE, described authentication module 92 initiates UE context acquisition process to HSS, UE context obtains successfully, the 92 pairs of UE authentication successes of described authentication module, trigger described temporary mark distribution module 93 and distribute new D2D business temporary mark to UE;

Concrete, described D2D business temporary mark is encapsulated in authentication response and returns to other ProSe functional entity by described authentication module 92, by other ProSe functional entity described, described authentication response is transmitted to described UE.

Further, a described ProSe functional entity also comprises: find request authentication module 94 and find Service Processing Module 95; Wherein,

Described discovery request authentication module 94, for receiving the discovery service request of UE, and carry out certification to the discovery service request of described UE, wherein said discovery service request comprises: find type of service and D2D business temporary mark; And after to the discovery service request authentication success of described UE, trigger and find Service Processing Module;

Described discovery Service Processing Module 95, for be found request authentication module 94 trigger time, Business Processing is found for UE performs, and after discovery Business Processing completes, return discovery service response message to UE, described discovery service response message carries the D2D business temporary mark that described temporary mark distribution module 93 is distributed for UE.

The discovery service request of described discovery request authentication module 94 to described UE carries out certification, comprising:

Described authentication module 92 searches the UE context relevant to described UE according to D2D business temporary mark, when finding context corresponding to UE, finds request authentication success to described UE;

When not finding context corresponding to UE, described authentication module 92 is initiated to obtain IMSI request to UE; Whether the IMSI inquiry that described authentication module 92 is carried in responding according to the acquisition IMSI that UE returns exists UE context, when existing, finds request authentication success to described UE;

If there is no, described authentication module 92 carries out discovery business authentication authentication to HSS, and sets up new UE context, finds request authentication success to described UE.

Embodiment five

The embodiment of the present invention six provides a kind of user equipment (UE), and as shown in Figure 10, described UE comprises: configuration parameter receiver module 101, authentication request sending module 102; Wherein,

Described configuration parameter receiver module 101, for receiving the configuration parameter that a ProSe functional entity issues; Described authentication request sending module 102, for initiating authentication process to a ProSe functional entity; Described configuration parameter receiver module 101, also for after a ProSe functional entity authentication success, receives the D2D business temporary mark that a ProSe functional entity distributes.

Concrete, described configuration parameter comprises PLMN identification list that UE supports and a ProSe functional entity is the D2D business temporary mark that UE distributes, or described configuration parameter only comprises the PLMN identification list that described UE supports.

Further, described UE also comprises judge module 103, described judge module 103, before initiating authentication process in described authentication request sending module 102 to a ProSe functional entity, judge that the local plmn mark of UE is whether in the PLMN identification list received, when existing, trigger authentication request sending module 102 and send authentication request to the 2nd ProSe functional entity.

When the configuration parameter that described configuration parameter receiver module 101 receives comprises the PLMN identification list of described UE support and a described ProSe functional entity is the D2D business temporary mark of UE distribution, described authentication request sending module 102 initiates authentication process to a described ProSe functional entity, comprising:

Described authentication request sending module 102 sends authentication request to a ProSe functional entity, and the D2D business temporary mark that local plmn identifies and described configuration parameter receiver module 101 receives is carried in described authentication request; When authentication success, it is the D2D business temporary mark that described UE distributes that described configuration parameter receiver module 101 receives a described ProSe functional entity.

When the configuration parameter that described configuration parameter receiver module 101 receives only comprises the PLMN identification list of described UE support, described authentication request sending module 102 initiates authentication request to a ProSe functional entity, comprising:

Authentication request sending module 102 sends authentication request to the 2nd ProSe functional entity, IMSI or D2D business temporary mark is carried in described authentication request;

Described authentication request forward is given a ProSe functional entity by the 2nd ProSe functional entity;

One ProSe functional entity performs UE authentication process according to described IMSI or D2D business temporary mark.

Concrete, when the configuration parameter that described configuration parameter receiver module 101 receives only comprises the PLMN identification list of described UE support, before described authentication request sending module 102 initiates authentication request to a ProSe functional entity, first described authentication request sending module 102 can judge self whether to there is the D2D business temporary mark distributed, and according to the concrete condition whether existed of self D2D business temporary mark, determine the parameter of carrying in the authentication request initiated to a ProSe functional entity, concrete, if self there is not the D2D business temporary mark distributed, then in the authentication request of a ProSe functional entity initiation, only carry IMSI, if self exists the D2D business temporary mark distributed, then described D2D business temporary mark is carried in authentication request and sends to a ProSe functional entity,

Described UE also comprises: find service request module 104 and request processing module 105; Wherein,

Described discovery service request module 104, finds business request information for sending to a ProSe functional entity; Described discovery business request information comprises: find type of service and D2D business temporary mark; Described discovery business request information can be the D2D discovery service request for a UE, also can be the D2D discovery service request for multiple UE;

When a described ProSe functional entity does not find UE context corresponding to described UE according to D2D business temporary mark, described request processing module 105, the acquisition IMSI sent for receiving a described ProSe functional entity asks, and ask to return to described UE to obtain IMSI response according to described acquisition IMSI, IMSI corresponding to UE is carried in described acquisition IMSI response;

After discovery Business Processing completes, it is the D2D business temporary mark that described UE distributes that described configuration parameter receiver module 101 receives a described ProSe functional entity.

Embodiment six

The embodiment of the present invention five provides a kind of authentication system, and as shown in figure 11, described system comprises described system construction drawing: a ProSe functional entity 111 and user equipment (UE) 112;

A described ProSe functional entity 111, for issuing configuration parameter to UE; Also for after the success of UE authentication, distribute D2D business temporary mark to described UE;

Described UE112, for initiating authentication process according to described configuration parameter to a ProSe functional entity 111.

Concrete, a described ProSe functional entity 111 issues configuration parameter to UE, comprising: the PLMN identification list that UE supports by a described ProSe functional entity 111 and a described ProSe functional entity are that the D2D business temporary mark of UE distribution or the PLMN identification list of described UE support are handed down to UE as configuration parameter.

Further, described UE112, also for before initiating authentication process according to described configuration parameter to a ProSe functional entity 111, judges local plmn mark whether in the PLMN identification list received, when existing, initiate authentication request to a ProSe functional entity.

When the configuration parameter that described UE112 receives comprises the PLMN identification list of described UE support and described ProSe functional entity is the D2D business temporary mark of UE112 distribution, described UE112 initiates authentication process to a ProSe functional entity, comprising:

UE112 sends authentication request to the 2nd ProSe functional entity, and the D2D business temporary mark that local PLMN identifies and described UE112 receives is carried in described authentication request;

2nd ProSe functional entity forwards described authentication request to a ProSe functional entity;

One ProSe functional entity searches UE context corresponding to described UE112 according to described D2D business temporary mark;

When finding context corresponding to UE112, a ProSe functional entity, to the success of UE112 authentication, returns the D2D business temporary mark of distribution to UE112;

When not finding context corresponding to UE112, one ProSe functional entity initiates UE context acquisition process to HSS, UE context obtains successfully, and a ProSe functional entity, to the success of UE112 authentication, returns the D2D business temporary mark of distribution to UE112.

When the configuration parameter that described UE112 receives only comprises the PLMN identification list of described UE112 support, described UE112 initiates authentication process to a ProSe functional entity, comprising:

UE112 sends authentication request to the 2nd ProSe functional entity, IMSI or D2D business temporary mark is carried in described authentication request;

Concrete, when the configuration parameter that described UE112 receives only comprises the PLMN identification list of described UE support, before described UE112 initiates authentication request to a ProSe functional entity, first described UE112 can judge self whether to there is the D2D business temporary mark distributed, and according to the concrete condition whether existed of self D2D business temporary mark, determine the parameter of carrying in the authentication request initiated to a ProSe functional entity; Concrete, if self there is not the D2D business temporary mark distributed, then in the authentication request of a ProSe functional entity initiation, only carry IMSI; If self exists the D2D business temporary mark distributed, then described D2D business temporary mark is carried in authentication request and sends to a ProSe functional entity;

Concrete, a ProSe functional entity performs UE authentication process according to described IMSI or D2D business temporary mark, comprising:

One ProSe functional entity searches the UE context corresponding with described UE112 according to described IMSI or D2D business temporary mark;

When not finding context corresponding to UE112, one ProSe functional entity initiates UE context acquisition process to HSS, UE context obtains successfully, and a ProSe functional entity, to the success of UE112 authentication, returns to UE112 and distributes D2D business temporary mark.

Further, after a described ProSe functional entity distributes D2D business temporary mark to UE112, described UE112 also finds business request information for sending to a ProSe functional entity; Described discovery business request information can be the D2D discovery service request for a UE, also can be the D2D discovery service request for multiple UE; Described discovery business request information comprises: find type of service and D2D business temporary mark;

A described ProSe functional entity 111 is also for carrying out certification to the discovery request of UE112;

If find request access authentication, a ProSe functional entity according to the type of service of correspondence to be found UE this locality PLMN under ProSe initiate corresponding discovery operation flow;

After discovery Business Processing completes, a ProSe functional entity finds service response message to described UE112 loopback, and it is the D2D business temporary mark that UE112 distributes that described message carries a described ProSe functional entity.

Concrete, certification is carried out in the discovery request of a described ProSe functional entity to UE112, comprising:

One ProSe functional entity searches the UE context relevant to described UE112 according to D2D business temporary mark, and when finding context corresponding to UE112, described UE112 finds request access authentication;

When not finding context corresponding to UE112, a ProSe functional entity initiates to obtain IMSI request to UE112; UE112 obtains IMSI response to a ProSe functional entity loopback, obtains IMSI response and carries IMSI corresponding to UE112; Whether the one ProSe functional entity exists UE context according to IMSI inquiry, and when existing, described UE112 finds request access authentication;

If there is no, a ProSe functional entity carries out discovery business authentication authentication to HSS, and sets up new UE context, and described UE112 finds request access authentication.

Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of hardware embodiment, software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store and optical memory etc.) of computer usable program code.

The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.

Claims

1. an authentication method, is characterized in that, described method comprises:

2. method according to claim 1, it is characterized in that, described configuration parameter comprise UE support PLMN identification list and a described ProSe functional entity be UE distribute D2D business temporary mark or described configuration parameter only comprise described UE support PLMN identification list.

3. method according to claim 2, it is characterized in that, before a described ProSe functional entity is to UE authentication, described method also comprises: UE determines that local plmn is identified in the PLMN identification list received, and initiates authentication request to the 2nd ProSe functional entity.

4. method according to claim 2, it is characterized in that, when the configuration parameter that described UE receives comprises the PLMN identification list of described UE support and a described ProSe functional entity is the D2D business temporary mark of UE distribution, described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, comprising:

5. method according to claim 2, it is characterized in that, when the configuration parameter that described UE receives only comprises the PLMN identification list of described UE support, described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, comprising:

6. method according to claim 5, is characterized in that, a described ProSe functional entity performs UE authentication process according to described IMSI or D2D business temporary mark, comprising:

7. according to the method for claim 1 to 6 according to any one of it, it is characterized in that, after a described ProSe functional entity distributes D2D business temporary mark to UE, described method also comprises:

8. method according to claim 7, is characterized in that, certification is carried out in the discovery request of a described ProSe functional entity to UE, comprising:

9. an authentication method, is characterized in that, described method comprises:

10. method according to claim 9, it is characterized in that, described configuration parameter comprise UE support PLMN identification list and a described ProSe functional entity be UE distribute D2D business temporary mark, or described configuration parameter only comprise described UE support PLMN identification list.

11. methods according to claim 10, is characterized in that, a described ProSe functional entity, to UE authentication, comprising:

12. methods according to claim 10, is characterized in that, a described ProSe functional entity, to UE authentication, comprising:

13. methods according to claim 12, is characterized in that, described execution UE authentication process, comprising:

14., according to the method for claim 9 to 13 according to any one of it, is characterized in that, after a described ProSe functional entity distributes D2D business temporary mark to UE, described method also comprises:

15. methods according to claim 14, is characterized in that, certification is carried out in the discovery request of a described ProSe functional entity to UE, comprising:

16. 1 kinds of authentication methods, is characterized in that, described method comprises:

17. methods according to claim 16, it is characterized in that, described configuration parameter comprise UE support PLMN identification list and a described ProSe functional entity be UE distribute D2D business temporary mark, or described configuration parameter only comprise described UE support PLMN identification list.

18. methods according to claim 17, is characterized in that, at UE to before a described ProSe functional entity authentication, described method also comprises:

19. methods according to claim 16, it is characterized in that, when the configuration parameter that described UE receives comprises the PLMN identification list of described UE support and described ProSe functional entity is the D2D business temporary mark of UE distribution, described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, comprising:

20. methods according to claim 16, it is characterized in that, when the configuration parameter that described UE receives only comprises the PLMN identification list of described UE support, described UE initiates authentication process according to described configuration parameter to a described ProSe functional entity, comprising:

21., according to claim 16 to 20 methods according to any one of it, is characterized in that, after described UE receives the D2D business temporary mark that a described ProSe functional entity distributes, described method also comprises:

22. 1 kinds of ProSe functional entitys, is characterized in that, described ProSe functional entity comprises: configuration parameter issues module, authentication module and temporary mark distribution module; Wherein,

23. ProSe functional entitys according to claim 22, it is characterized in that, described configuration parameter issue module to the configuration parameter that UE issues comprise UE support PLMN identification list and described temporary mark distribution module be UE distribute D2D business temporary mark or described configuration parameter only comprise described UE support PLMN identification list.

24. ProSe functional entitys according to claim 23, is characterized in that, described ProSe functional entity also comprises: find request authentication module and find Service Processing Module; Wherein,

25. 1 kinds of user equipment (UE)s, is characterized in that, described UE comprises: configuration parameter receiver module, authentication request sending module; Wherein,

26. UE according to claim 25, it is characterized in that, described configuration parameter comprise UE support PLMN identification list and a described ProSe functional entity be UE distribute D2D business temporary mark, or described configuration parameter only comprise described UE support PLMN identification list.

27. UE according to claim 26, is characterized in that, described UE also comprises judge module; Described judge module, before initiating authentication process in described authentication request sending module to a described ProSe functional entity, determine that the local plmn of UE is identified in the PLMN identification list received, trigger authentication request sending module and send authentication request to the 2nd ProSe functional entity.

28. according to the UE of claim 25 to 27 according to any one of it, and it is characterized in that, described UE also comprises: find service request module and request processing module; Wherein,

29. 1 kinds of authentication systems, is characterized in that, described system comprises: ProSe functional entity and a UE;

30. systems according to claim 29, it is characterized in that, a described ProSe functional entity issues configuration parameter to UE, comprising: the PLMN identification list that UE supports by a described ProSe functional entity and a described ProSe functional entity are that the D2D business temporary mark of UE distribution or the PLMN identification list of described UE support are handed down to UE as configuration parameter.

31. systems according to claim 30, is characterized in that, described UE, also for determining that local plmn is identified in the PLMN identification list received, initiate authentication request to a described ProSe functional entity.

32. systems according to claim 30, is characterized in that, described UE, also find business request information for sending to a described ProSe functional entity; Described discovery business request information comprises: find type of service and D2D business temporary mark;