CN103731826A - D2d user equipment authentication method and device - Google Patents

D2d user equipment authentication method and device Download PDF

Info

Publication number
CN103731826A
CN103731826A CN201210383325.3A CN201210383325A CN103731826A CN 103731826 A CN103731826 A CN 103731826A CN 201210383325 A CN201210383325 A CN 201210383325A CN 103731826 A CN103731826 A CN 103731826A
Authority
CN
China
Prior art keywords
d2d
ue
discovery
authorization data
list
Prior art date
Application number
CN201210383325.3A
Other languages
Chinese (zh)
Inventor
甘露
梁爽
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to CN201210383325.3A priority Critical patent/CN103731826A/en
Publication of CN103731826A publication Critical patent/CN103731826A/en

Links

Abstract

The invention discloses a D2D user equipment authentication method and device. The method comprises the steps that one or more D2D authorization data corresponding to one or more D2D UE are obtained; the D2D UE is authenticated by using the authorization data. By means of the D2D user equipment authentication method and device, the problem that two kinds of UE can not be mutually authenticated in a D2D UE finding process in the correlation technique is solved, the D2D UE is mutually authenticated through the D2D authorization data, and therefore mutual D2D authentication authorization of the UE is possible.

Description

D2D用户设备认证方法及装直 D2D user equipment authentication method and apparatus linear

技术领域 FIELD

[0001] 本发明涉及通信领域,具体而言,涉及一种设备到设备(Device to Device,简称为D2D)用户设备(User Equipment,简称为UE)认证方法及装置。 [0001] The present invention relates to communication field, particularly, to a device to device (Device to Device, abbreviated as D2D) user equipment (User Equipment, abbreviated as UE) authentication method and apparatus.

背景技术 Background technique

[0002] 无线通信领域,随着智能终端和移动互联网应用的快速发展,对用户体验和数据量的要求越来越高,设备到设备(Device to Device,简称为D2D)技术正是在此背景下提出的,D2D技术打破了之前演进分组系统(Evolved Package System,简称为EPS)中,两个无线终端设备必须通过基站或无线接入设备才能通信的限制。 [0002] wireless communications, with the rapid development of intelligent terminals and mobile Internet applications, the requirements for user experience and increasing amount of data, device-to-device (Device to Device, referred to as D2D) technology is in this context under proposed, before breaking the D2D technology evolved packet system (evolved Package system, referred to as EPS), both wireless devices must be limited to the communication terminal through the base station or wireless access device.

[0003] 整个EPS系统分为无线接入网和核心网两部分,无线接入网分为第三代合作伙伴计划(3rdGeneration Partnership Project,简称为3GPP)接入网和非3GPP 接入网。 [0003] EPS entire system is divided into radio access network and the core network in two parts, the radio access network is divided into the third Generation Partnership Project (3rdGeneration Partnership Project, referred to as 3GPP) access network and non-3GPP access network.

[0004] 3GPP接入网由演进基站(Evolved NodeB,简称为eNB)组成,它主要负责无线信号的收发,通过空中接口和终端联系,管理空中接口的无线资源、资源调度、以及接入控制。 [0004] 3GPP access network by an evolved base station (Evolved NodeB, abbreviated to eNB) composition, which is mainly responsible for transceiving radio signals, and the contact terminal over the air interface, air interface radio resource management, resource scheduling, and access control.

[0005] 核心网,包含了归属用户服务器(Home Subscriber Server,简称为HSS)、移动性管理实体(Mobility Management Entity,简称为MME)、策略计费规则功能(Policy andCharging RuleFunction,简称为PCRF)、服务网关(Serving Gateway,简称为S-GW)和分组数据网关(PDNGateway,简称为P-GW)。 [0005] The core network, including the home subscriber server (Home Subscriber Server, referred to as HSS), a mobility management entity (Mobility Management Entity, referred to as MME), Policy Charging Rules Function (Policy andCharging RuleFunction, referred to as PCRF), a serving gateway (serving gateway, abbreviated as S-GW) and a packet data gateway (PDNGateway, abbreviated as P-GW).

[0006] 图1是相关技术的3GPP和非3GPP接入系统接入演进的分组核心网(EvolvedPacket Core,简称为EPC)的结构示意图。 [0006] FIG. 1 is a related art of 3GPP and non-3GPP access system is an evolved packet core (EvolvedPacket Core, referred to as EPC) the structure of FIG. 如图1所示,EPS系统支持3GPP接入。 1, EPS system supports 3GPP access. HSS是用户签约数据的永久存放地点,位于用户签约的归属网;MME负责移动性管理、非接入层信令的处理和用户移动性管理上下文的管理等控制面相关功能;S-GW是与3GPP接入网相连的接入网关设备,在3GPP接入和P-GW之间转发数据,并对数据进行缓存;P-GW是EPS与分组数据网络(PacketData Network,简称为TON)的边界网关,负责I3DN的接入及其在EPS与PDN之间转发数据等功能;PCRF是策略和计费规则功能实体,其通过接收接口Rx和运营商业务网络相连,负责提供计费控制、在线信用控制、门限控制、以及服务质量(Quality ofService,简称为QoS)。 HSS is a permanent storage location of the user subscription data, the user subscription is located in the home network; the MME is responsible for mobility management, non-access stratum signaling processing and user mobility management context management functions related to the control plane; S-GW is 3GPP access network connected to the access gateway device forwards between the P-GW and the 3GPP access data, and the data cache; EPS and the P-GW is a packet data network (PacketData network, abbreviated as TON) border gateway responsible I3DN access and transfer data between EPS and the PDN functions; the PCRF is a policy and charging rules function entity, by Rx and reception interface connected to the network operator's service, is responsible for providing charging control, online credit control , threshold control, and quality of service (quality ofService, referred to as QoS).

[0007] 如图1所示,EPS系统也支持非3GPP接入。 [0007] As shown in FIG 1, EPS system also supports non-3GPP access. 其中,与非3GPP接入的互通通过S2a/S2b/S2c接口实现,P-Gff作为3GPP与非3GPP接入间的锚点。 Wherein the interworking with non-3GPP access by S2a / S2b / S2c interface, P-Gff as 3GPP anchor and non-3GPP access. 非3GPP接入被分为授信非3GPP接入和非授信非3GPP接入。 It is divided into a non-3GPP access and non-3GPP access credit non credit non-3GPP access. 其中,授信非3GPP接入可直接通过S2a接口与P-GW连接,S2a接口采用代理移动IP (Proxy Mobile IP,简称为PMIP)协议进行信息交互。 Wherein the non-3GPP access credit may be directly connected to the P-GW through the S2a interface, S2a interface using Proxy Mobile IP (Proxy Mobile IP, referred to as PMIP) protocol to exchange information. 非授信非3GPP接入需经过演进的分组数据网关(evolved Packet Data Gateway, eFOG)与P-GW相连,ePDG与P-GW间的接口为S2b。 Non-credit subject to access non-3GPP Evolved Packet Data Gateway (evolved Packet Data Gateway, eFOG) is connected to the P-GW, ePDG and the interface between the P-GW S2b. S2c接口提供了用户设备(User Equipment,简称为UE)与P-GW之间的用户面控制以及移动性支持,其支持的移动性协议为支持双栈的移动IPv6(Mobile IPv6support for Dual Stack Hosts and Routers,简称为DSMIPv6)。 S2c interface provides a user equipment (User Equipment, abbreviated to UE) and user plane control and mobility support between the P-GW, which supports the mobility protocol to support a dual stack mobile IPv6 (Mobile IPv6support for Dual Stack Hosts and Routers, referred to as DSMIPv6).

[0008] 图2是相关技术的D2D网络架构图,如图2所示,该网络架构包括两个能够互相D2D发现和进行D2D通讯的UE,UE连接到的无线接入设备,以及网络设备和归属环境。 [0008] FIG 2 is a network architecture diagram D2D related art, shown in Figure 2, the network architecture comprises two mutually D2D can be found and the UE for D2D communication, the UE is connected to the wireless access apparatus, and network equipment and home environment. 无线接入设备可以是eNB,非3GPP接入,网络设备可以是网络设备如MME,邻居发现服务器,归属环境可以包括归属用户服务器(Home Subscriber Server,简称为HSS)、接入网发现和选择功能单兀(Access Network Discovery and Selection Function,简称为ANDSF)、应用服务器、P-GW等。 The eNB may be a wireless access device, a non-3GPP access, the network device may be a network device such as the MME, the neighbor discovery server, the home environment may comprise a home subscriber server (Home Subscriber Server, referred to as the HSS), an Access Network Discovery and Selection Function single Wu (Access Network Discovery and Selection Function, abbreviated as ANDSF), application servers, P-GW and the like.

[0009] D2D技术包括D2D发现和D2D通信两部分,D2D发现是指无线终端设备之间的,当距离近到无线设备之间可以直接通信时,彼此能发现对方。 [0009] D2D D2D discovery techniques and comprises two parts D2D communication, D2D discovery means between the wireless terminal device, when a distance close enough to direct communication between wireless devices to discover one another other. D2D通信指两个无线终端设备,在发现对方之后,不通过核心网,直接通信。 D2D communication means two wireless terminal device, after finding each other, not through a core network, direct communications.

[0010] D2D用户需要使用运营商的D2D服务时,运营商应该能够控制并统计根据该用户使用D2D服务的情况,并且进行计费。 When the [0010] D2D users need to use the operator's D2D service, operators should be able to control and statistical using D2D service based on the user, and billing. 用户也需要对该用户是否能被某些特定用户发现进行选择和限制。 Users also need to whether the user can select specific users find and limitations.

[0011] 针对相关技术中D2D UE通信安全性比较差的问题,目前尚未提出有效的解决方案。 [0011] in the related art D2D UE relatively poor communication security issues, has yet to come up with effective solutions.

发明内容 SUMMARY

[0012] 针对D2D UE通信安全性比较差的问题,本发明提供了一种D2D UE认证方法及装置,以至少解决该问题。 [0012] D2D UE for the relatively poor communication security issues, the present invention provides a method and apparatus D2D UE authentication, at least to solve the problem.

[0013] 根据本发明的一个方面,提供了一种D2D UE认证方法,包括:获取一个或多个D2DUE对应的一个或多个D2D授权数据;使用所述一个或多个D2D授权数据对所述一个或多个D2DUE进行认证。 [0013] In accordance with one aspect of the present invention, there is provided a D2D UE authentication method, comprising: obtaining the one or more corresponding one or more D2D D2DUE authorization data; using the one or more authorization data of the D2D one or more D2DUE for authentication.

[0014] 优选地,获取一个或多个D2D UE的D2D授权数据包括以下之一: [0014] Preferably, the one or more D2D UE acquires a D2D authorization data comprises one of the following:

[0015] 所述网络设备获取一个或多个D2D UE的一个或多个D2D授权数据; [0015] The network device acquires one or a plurality of D2D UE D2D or more authorized transactions;

[0016] 所述网络设备获取一个或多个D2D UE的D2D授权数据;所述网络设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表。 The [0016] Network device acquires one or more authorization data D2D D2D UE; said network device according to generate one or more of the one or more D2D D2D authorization data discovery list.

[0017] 优选地,所述网络设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表包括:所述网络设备根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或 [0017] Preferably, the device generates one or more network discovery list D2D comprising the one or more authorized D2D data: the network device or from the one or more authorization data and said a D2D a D2D UE identity ID generate the one or more D2D discovery list; or

[0018] 所述网络设备根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 [0018] The network device generating the one or more D2D discovery list from the one or more users and authorization data D2D App ID.

[0019] 优选地,使用所述一个或多个D2D授权数据对所述一个或多个D2D UE进行认证包括:所述网络设备根据多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否允许进行D2D发现操作。 [0019] Preferably, the one or more D2D authorization data of the one or more authenticating D2D UE comprising: a list of the network device discovery and / or authorization data is determined according to a plurality of D2D said plurality D2D It is allowed among the plurality of D2D D2D UE discovery operations.

[0020] 优选地,所述网络设备根据所述多个D2D发现列表判断所述多个D2D UE之间是否允许进行D2D发现操作包括:所述网络设备根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现所述两个D2DUE中的第二D2DUE,且所述第二D2DUE能够被第一D2DUE发现; [0020] Preferably, the network device determines whether to allow the discovery list among the plurality of D2D D2D UE based on the discovery operation comprises a plurality of D2D: the network device based on the plurality of D2D discovery list, and / or determining a plurality of authorization data D2D D2D UE of the plurality of the first two D2D UE D2D UE to discover whether the two D2DUE second D2DUE, and the second D2DUE found to be a first D2DUE ;

[0021] 如果判断结果为是,所述网络设备确定所述两个D2D UE之间允许进行所述D2D发现操作;如果判断结果为否,所述网络设备确定所述两个D2D UE之间不允许进行所述D2D发现操作。 [0021] If the judgment result is positive, the network device determines the D2D allows the discovery operation between two D2D UE; if the determination result is NO, the network device determines not between the two D2D UE D2D discovery allows for the operation.

[0022] 优选地,获取一个或多个D2D UE对应的一个或多个D2D授权数据包括:所述网络设备获取一个或多个D2D UE对应的一个或多个D2D授权数据; [0022] Preferably, acquiring one or more of the one or more D2D D2D UE corresponding authorization data comprises: acquiring the network device one or more authorized D2D data corresponding to one or more of D2D UE;

[0023] 使用所述一个或多个D2D授权数据对所述一个或多个D2D UE进行认证包括:所述网络设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表;所述网络设备将所述一个或多个D2D发现列表发送给无线接入设备,由所述无线接入设备使用该D2D发现列表对所述D2DUE进行认证。 [0023] using the one or more D2D authorization data of the one or more authenticating D2D UE comprising: the network device generates a list of one or more D2D discovery D2D according to one or more authorized transactions; the said network device to one or more of the D2D discovery sends a list to the wireless access device, the D2D used by the wireless access device discovery list D2DUE the authentication.

[0024] 优选地,所述网络设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表包括: [0024] Preferably, the network device discovery of the one or more authorized D2D D2D data generator according to one or more lists comprising:

[0025] 所述网络设备根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或 [0025] According to the network device to generate one or more D2D authorization data and the one or more D2D UE ID identifying said one or more D2D discovery list; or

[0026] 所述网络设备根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 The [0026] network device generating the one or more D2D discovery list from the one or more users and authorization data D2D App ID.

[0027] 优选地,获取D2D UE的D2D授权数据包括以下之一: [0027] Preferably, a D2D D2D UE acquires the authorization data comprises one of the following:

[0028] 无线接入设备接收网络设备转发的所述一个或多个D2D UE对应的一个或多个D2D授权数据; [0028] The radio access network apparatus receiving device forwards one or more of the one or more D2D D2D UE corresponding authorization data;

[0029] 所述无线接入设备接收网络设备转发的所述一个或多个D2D UE对应的一个或多个D2D授权数据;所述无线接入设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表。 [0029] The radio access device of the one or more corresponding receiving D2D UE forwarded by network device or a plurality of D2D authorization data; said apparatus to generate a wireless access according to the authorization data to one or more D2D or more D2D discovery list.

[0030] 优选地,所述无线接入设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表包括: [0030] Preferably, the wireless access device generates one or more D2D discovery list comprises one or more in accordance with the authorization data D2D:

[0031] 所述无线接入设备根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或 [0031] The wireless access device according to generate one or more D2D authorization data and the one or more D2D UE ID identifying said one or more D2D discovery list; or

[0032] 所述无线接入设备根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 The [0032] wireless access device generating the one or more D2D discovery list from the one or more users and authorization data D2D App ID.

[0033] 优选地,使用所述一个或多个D2D授权数据对所述一个或多个D2D UE进行认证包括:所述无线接入设备根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否允许进行D2D发现操作。 [0033] Preferably, the one or more D2D authorization data of the one or more authenticating D2D UE comprising: the wireless access device discovery list and / or more based on the plurality of authorized D2D D2D determining whether to allow the data between the plurality of D2D D2D UE perform discovery operations.

[0034] 优选地,所述无线接入设备根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否可以进行D2D发现操作包括:所述无线接入设备根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现所述两个D2D UE中的第二D2D UE,且所述第二D2D UE能够被所述第一D2DUE发现;如果判断结果为是,所述无线接入设备确定所述两个D2D UE之间允许进行所述D2D发现操作;如果判断结果为否,所述无线接入设备确定所述两个D2D UE之间不允许进行所述D2D发现操作。 [0034] Preferably, if the wireless access device can be found between D2D list and / or a plurality of said plurality of data judging authorization D2D D2D UE discovery operation comprising a plurality of the D2D: the wireless access whether the device discovery list and / or a plurality of said plurality of data judging authorization D2D D2D UE in the first two D2D UE D2D UE to discover the two second D2D D2D UE in accordance with said plurality of D2D UE, and the second D2D UE D2DUE found to be the first; if the determination result is YES, the wireless device determines to allow access between the two D2D UE the D2D discovery operation; if the determination result It is NO, the wireless access device determines that the operation is not permitted between the two D2D discovery D2D UE.

[0035] 优选地,所述多个D2D UE对应的移动管理实体(MME),基站(eNB)和/或归属环境(HE)是不相同的,其中,所述HE包括以下之一:归属用户服务器(HSS)、接入网发现和选择功能单元(ANDSF)、应用服务器、分组数据网关(P-GW)。 [0035] Preferably, the plurality of corresponding D2D UE mobility management entity (the MME), a base station (eNB) and / or the home environment (HE) are not identical, wherein one of said HE comprising: a home subscriber server (the HSS), the access network discovery and selection function unit (the ANDSF), an application server, a packet data gateway (P-GW).

[0036] 优选地,所述网络设备包括以下之一:MME、邻居发现服务器。 [0036] Preferably, the network device comprises one of the following: MME, the neighbor discovery server.

[0037] 优选地,所述无线接入设备包括以下之一:基站、接入控制器(AC)、接入点(AP)。 [0037] Preferably, the wireless access device comprises one of the following: a base station, an access controller (the AC), Access Point (AP).

[0038] 优选地,所述D2D UE的ID包括以下至少之一:国际移动用户识别码(MSI)、国际移动装备识别码(MEI )、全球唯一用户设备标识(⑶TI )、D2D发现过程中的标识。 [0038] Preferably, the D2D UE ID comprises at least one of: international mobile subscriber identity (the MSI), the international mobile equipment identity (the MEI), globally unique user equipment identifier (⑶TI), D2D discovery process identity.

[0039] 优选地,所述D2D发现列表包括:允许发现所述D2D UE的第一D2D UE的标识和/或允许被所述D2DUE发现的第二D2DUE的标识。 [0039] Preferably, the D2D discovery list comprising: identifying a first discovery allows the D2D UE D2D UE and / or allow identification of the second D2DUE found the D2DUE.

[0040] 根据本发明的又一方面,还提供了一种D2D UE认证装置,包括:第一获取模块,用于获取一个或多个D2D UE对应的一个或多个D2D授权数据;第一认证模块,用于使用所述一个或多个D2D授权数据对所述一个或多个D2D UE进行认证。 [0040] According to another aspect of the present invention, there is provided a D2D UE authentication apparatus, comprising: a first acquiring module, for acquiring one or more D2D UE D2D corresponding to one or more authorization data; a first authentication means for using the one or more D2D authorization data of the one or more authentication D2D UE.

[0041] 优选地,所述第一获取模块位于网络设备,其中,所述第一获取模块包括以下之 [0041] Preferably, the first acquisition module is located in a network device, wherein the first module comprises obtaining the

[0042] 第二获取模块,用于获取一个或多个D2D UE对应的一个或多个D2D授权数据; [0043] 第三获取模块,用于获取一个或多个D2D UE的一个或多个D2D授权数据;和,第一生成模块,用于根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表。 [0042] The second acquiring module, for acquiring one or more D2D UE D2D corresponding to one or more authorized transactions; [0043] a third acquiring module, for acquiring one or more of the one or more D2D UE D2D authorization data; and, a first generating module, for generating one or more D2D discovery list from the one or more D2D authorization data.

[0044] 优选地,第一生成模块包括:第二生成模块,用于根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或第三生成模块,用于根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 [0044] Preferably, a first generation module comprises: a second generating means for generating the one or more discovery D2D D2D according to one or more of the authorization data and the one or more D2D UE identification ID list; or the third generating means for generating the one or more D2D discovery list from the one or more users and authorization data D2D app ID.

[0045] 优选地,所述第一认证模块位于网络设备,其中,所述第一认证模块包括:第一判断模块,用于根据多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否允许进行D2D发现操作。 [0045] Preferably, the first module is located in a network authentication apparatus, wherein said first authentication module comprises: a first determining module, for discovering a list and / or authorization data is determined according to a plurality of D2D said plurality D2D It is allowed among the plurality of D2D D2D UE discovery operations.

[0046] 优选地,所述第一判断模块包括:第二判断模块,用于根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现所述两个D2D UE中的第二D2D UE,且所述第二D2D UE能够被第一D2D UE发现•'第一确定模块,用于所述第二判断模块的判断结果为是时,确定所述两个D2D UE之间允许进行所述D2D发现操作;第二确定模块,用于所述第二判断模块的判断结果为否时,确定所述两个D2D UE之间不允许进行所述D2D发现操作。 [0046] Preferably, the first determination module comprises: a second determining module configured to discover a list and / or a plurality of said plurality of data judging authorization D2D D2D UE in accordance with said plurality of two D2D UE D2D D2D UE whether the first two D2D UE to discover the second D2D UE, and the second D2D UE first D2D UE can be found • 'a first determination means for determining the second module determination result is YES, it is determined between the two to allow the D2D UE D2D discovery operation; and a second determining means for determining the result of the second determining module is NO, it is determined the two It does not allow the discovery operation between D2D D2D UE.

[0047] 优选地,所述第一获取模块和所述第一认证模块位于所述网络设备,其中,所述第一获取模块包括:第三获取模块,用于获取一个或多个D2D UE对应的一个或多个D2D授权数据;所述第一认证模块包括:第四生成模块,用于根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表;发送模块,用于将所述D2D发现列表发送给无线接入设备,其中,所述D2D发现列表用于所述无线接入设备使用该D2D发现列表对所述D2D UE进行认证。 [0047] Preferably, the first acquisition module and the first module located in the network authentication device, wherein the first acquisition module comprises: a third acquiring module, for acquiring one or more D2D UE corresponding to D2D one or more authorized transactions; the first authentication module comprising: a fourth generating module, for discovering a list of the one or more authorized D2D D2D data generation according to one or more; and a sending module, for the said D2D discovery list sent to the wireless access device, wherein the D2D discovery list for the wireless access device uses the list to find the D2D D2D UE authentication.

[0048] 优选地,所述第四生成模块包括:第五生成模块,用于根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或第六生成模块,用于根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 [0048] Preferably, the fourth generation module comprises: a fifth generation module, according to one or more of the D2D authorization data and the one or more D2D UE identity ID generate the one or more D2D discovery list; or the sixth generating means for generating the one or more D2D discovery list from the one or more users and authorization data D2D app ID.

[0049] 优选地,所述第一获取模块位于无线接入设备,其中,所述第一获取模块包括以下之一: [0049] Preferably, the first acquiring module located in a wireless access device, wherein, the first acquisition module comprises one of the following:

[0050] 第一接收模块,用于接收所述网络设备转发的所述一个或多个D2D UE对应的一个或多个D2D授权数据; [0050] a first receiving module, for the one or more or a plurality of D2D UE D2D authorization data corresponding to the network device receiving forwarded;

[0051] 第二接收模块,用于接收所述网络设备转发的所述D2D UE的D2D授权数据;和,第七生成模块,用于根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表。 [0051] a second receiving module, the authorization data for D2D D2D UE receiving the forwarded network device; and, a seventh generation module configured to generate one or more of the one or more in accordance with the authorization data D2D D2D discovery list. [0052] 优选地,所述第七生成模块包括:第八生成模块,用于根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或第九生成模块,用于根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 [0052] Preferably, the seventh generation module comprises: an eighth generation module for generating from the one of the one or more D2D authorization data and the one or more D2D UE ID or a plurality of identification D2D discovery list; or ninth generation module for generating said one or more D2D discovery list from the one or more users and authorization data D2D app ID.

[0053]优选地,所述第一认证模块位于无线接入设备,所述第一认证模块包括:第三判断模块,用于根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否允许进行D2D发现操作。 [0053] Preferably, the first authentication module is located in a wireless access device, the first authentication module comprises: a third determining module, for discovering a list and / or determining a plurality of D2D authorization data based on the plurality of D2D allow between said plurality of D2D D2D UE perform discovery operations.

[0054] 优选地,所述第三判断模块包括:第四判断模块,用于根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现所述两个D2D UE中的第二D2D UE,且所述第二D2D UE能够被第一D2D UE发现•'第三处理模块,用于所述第四判断模块的判断结果为是时,确定所述两个D2D UE之间允许进行所述D2D发现操作;第四确定模块,用于所述第四判断模块的判断结果为否时,确定所述两个D2D UE之间不允许进行所述D2D发现操作。 [0054] Preferably, the third determining module comprises: a fourth determining module, for discovering a list and / or a plurality of said plurality of data judging authorization D2D D2D UE in accordance with said plurality of two D2D UE D2D D2D UE whether the first two D2D UE to discover the second D2D UE, and the second D2D UE first D2D UE can be found • 'a third processing module, for determining the fourth module determination result is YES, it is determined between the two to allow the D2D UE D2D discovery operation; and a fourth determining means for determining the result of the fourth determination module is NO, it is determined the two It does not allow the discovery operation between D2D D2D UE.

[0055] 通过本发明,采用获取D2D UE的D2D授权数据,然后使用该D2D授权数据对该D2DUE进行认证,使得可以D2D UE可以被认证管理,解决了相关技术中D2D UE通信安全性比较差的问题,从而实现了对D2D UE通过D2D授权数据进行认证,提高了D2D UE通信的安全性。 [0055] By the present invention, a data acquisition D2D D2D UE is authorized, then the authorization data using the D2D D2DUE authentication, making it possible to manage D2D UE may be authenticated, in the related art to solve the relatively poor D2D UE Communication Security question, thus realizing the D2D D2D UE through certification authorization data, improves security D2D UE communication.

附图说明 BRIEF DESCRIPTION

[0056] 此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。 [0056] The drawings described herein are provided for further understanding of the present invention, constitute a part of this application, exemplary embodiments of the present invention are used to explain the present invention without unduly limiting the present invention. 在附图中: In the drawings:

[0057] 图1是相关技术的3GPP和非3GPP接入系统接入演进的分组核心网(EvolvedPacket Core,简称为EPC)的结构示意图; [0057] FIG. 1 is an evolved 3GPP access technologies and non-3GPP access system packet core (EvolvedPacket Core, referred to as EPC) a structural diagram;

[0058] 图2是相关技术的D2D网络架构示意图; [0058] FIG 2 is a network architecture diagram D2D related art;

[0059] 图3是根据本发明实施例的D2D UE认证方法的流程图; [0059] FIG. 3 is a flowchart of D2D UE authentication method of an embodiment of the present invention;

[0060] 图4是根据本发明实施例的D2D UE认证装置的结构框图; [0060] FIG. 4 is a block diagram D2D UE authentication device of the embodiment of the present invention;

[0061] 图5是根据本发明实施例的D2D UE认证装置优选的结构框图一; [0061] FIG. 5 is a block diagram of an authentication apparatus according D2D UE preferred embodiment of the present invention, the structure;

[0062] 图6是根据本发明实施例的D2D UE认证装置优选的结构框图二; [0062] FIG. 6 is a block diagram of two apparatus according to the authentication D2D UE preferred embodiment of the present invention, the structure;

[0063] 图7是根据本发明实施例的D2D UE认证装置优选的结构框图三; [0063] FIG. 7 is a block diagram of a three D2D UE authentication device according to a preferred embodiment of the present invention, the structure;

[0064] 图8是根据本发明实施例的D2D认证方法的流程图一; [0064] FIG 8 is a flowchart of a method of authentication D2D an embodiment of the present invention;

[0065] 图9是根据本发明实施例的D2D认证方法的流程图二; [0065] FIG. 9 is a flowchart two D2D authentication method according to an embodiment of the present invention;

[0066] 图10是根据本发明实施例的D2D认证方法的流程图三; [0066] FIG. 10 is a D2D authentication method of an embodiment of the present invention a flowchart three;

[0067] 图11是根据本发明优选实施例的D2D UE认证方法的流程图一; [0067] FIG. 11 is a flowchart illustrating a UE D2D authentication method according to a preferred embodiment of the present invention;

[0068] 图12是根据本发明优选实施例的D2D UE认证方法的流程图二; [0068] FIG. 12 is a flowchart of an authentication method D2D two UE according to a preferred embodiment of the present invention;

[0069] 图13是根据本发明优选实施例的D2D UE认证方法的流程图三; [0069] FIG. 13 is a flowchart three D2D UE authentication method according to a preferred embodiment of the present invention;

[0070] 图14是根据本发明优选实施例的D2D UE认证方法的流程图四; [0070] FIG. 14 is a flowchart four D2D UE authentication method according to a preferred embodiment of the present invention;

[0071] 图15是根据本发明优选实施例的D2D UE认证方法的流程图五; [0071] FIG. 15 is an embodiment of the D2D UE authentication method according to a preferred embodiment five of the present invention, a flow chart;

[0072] 图16是根据本发明优选实施例的D2D UE认证方法的流程图六; [0072] FIG. 16 is a flowchart six D2D UE authentication method according to a preferred embodiment of the present invention;

[0073] 图17是根据本发明优选实施例的D2D UE认证方法的流程图七;以及[0074] 图18是根据本发明优选实施例的D2D UE认证方法的流程图八。 [0073] FIG 17 is a flowchart of an authentication method D2D UE seven preferred embodiment of the present invention; and [0074] FIG. 18 is a flowchart eight D2D UE authentication method according to a preferred embodiment of the present invention.

具体实施方式 Detailed ways

[0075] 下文中将参考附图并结合实施例来详细说明本发明。 [0075] Hereinafter with reference to the accompanying drawings and embodiments of the present invention will be described in detail. 需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。 Incidentally, in the case of no conflict, embodiments and features of the embodiments of the present application can be combined with each other.

[0076] 本实施例提供了一种D2D UE认证方法,图3是根据本发明实施例的D2D UE认证方法的流程图,该方法包括如下的步骤S302至步骤S304。 [0076] The present embodiment provides a D2D UE authentication method, FIG. 3 is a flowchart of a method embodiment D2D UE authentication embodiment of the present invention, the method comprising the steps of S302 to step S304.

[0077] 步骤S302:获取一个或多个D2D UE对应的一个或多个D2D授权数据。 [0077] Step S302: acquiring one or more D2D UE D2D corresponding to one or more authorization data.

[0078] 步骤S304:使用该一个或多个D2D授权数据对该一个或多个D2D UE进行认证。 [0078] Step S304: using the one or more D2D authorization data to authenticate the one or more D2D UE.

[0079] 通过上述步骤,获取D2D UE的D2D授权数据,然后使用该D2D授权数据对该D2DUE进行认证,使得可以D2D UE可以被认证管理,解决了相关技术中D2D UE通信安全性比较差的问题,从而实现了对D2D UE通过D2D授权数据进行认证,提高了D2D UE通信的安全性。 [0079] Through the above steps, obtaining authorization data D2D D2D UE, and the authorization data using the D2D D2DUE authentication, making it possible to manage D2D UE may be authenticated, in the related art to solve the relatively poor communication D2D UE security issues , thus realizing the D2D UE authentication via D2D authorization data, improves security D2D UE communication.

[0080] 在实施中,在认证操作的主体为网络设备的情况下,步骤S302可以分为如下两种方式获取授权数据: [0080] In the embodiment, the authentication operation in the main body of a network device, the step S302 can be divided into the following two manners obtain authorization data:

[0081] 方式一:网络设备获取一个或多个D2D UE的一个或多个D2D授权数据。 [0081] Method 1: obtaining a plurality of D2D UE or a network device or a plurality of D2D authorization data.

[0082] 方式二:网络设备获取一个或多个D2D UE的一个或多个D2D授权数据之后,该网络设备根据该一个或多个D2D授权数据生成D2D发现列表,使得该网络设备使用该D2D发现列表对该D2D UE进行认证。 [0082] Second way: after the network device obtains one or a plurality of D2D UE D2D or more authorization data, the network device generates a D2D or more based on the discovery list D2D authorization data, such that the network device discovery using the D2D lists for authentication of the D2D UE.

[0083] 上述两种认证操作的主体为网络设备,使得网络设备可以控制D2D UE的认证情况,在D2D发现过程中保证D2D UE的私密性。 [0083] The main body of the two authentication operation for network devices, so that the network can control the device authentication is D2D UE, the discovery process to ensure the privacy of the D2D UE D2D. 比较优的,在方式二的实施过程中,网络设备可以通过多种方式实现根据一个或多个D2D授权数据生成D2D发现列表,例如:网络设备根据一个或多个D2D授权数据和一个或多个D2D UE的ID生成一个或多个D2D发现列表;或网络设备根据一个或多个D2D授权数据和用户的应用ID生成一个或多个D2D发现列表。 Rather desirable, in the process embodiment two embodiments, the network device may be implemented to generate a list of D2D discovery according to one or more of D2D authorization data in various ways, for example: a network device in accordance with one or more D2D authorization data and one or more D2D UE ID of generating one or more D2D discovery list; or generate one or more network devices according to one or more of D2D D2D authorization data and the user ID of the application discovery list.

[0084] 在认证过程中,网络设备可以根据现有的认证方法对D2D UE进行认证,为了提高认证的可靠性,可以采用如下方式进行认证:网络设备根据多个D2D发现列表和/或多个D2D授权数据判断多个D2D UE之间是否允许进行D2D发现操作。 [0084] In the authentication process, the network device may authenticate D2D UE according to the prior authentication method, in order to improve the reliability of authentication, the authentication may be performed in the following way: a network discovery list and / or a plurality of the plurality of D2D D2D determine whether to allow authorization data between a plurality of D2D D2D UE discovery operations. 比较优的,在方式的实施过程中,网络设备可以根据多个D2D发现列表和/或多个D2D授权数据判断多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现两个D2D UE中的第二D2D UE,且第二D2D UE能够被第一D2D UE发现;在判断结果为是时,网络设备确定两个D2D UE之间允许进行D2D发现操作;在判断结果为否时,网络设备确定两个D2D UE之间不允许进行D2D发现操作。 Rather desirable, in the embodiment of the process, a list of network devices can discover and / or authorization data is determined in accordance with a plurality of D2D plurality D2D D2D UE plurality of first two D2D UE D2D UE to discover whether the two D2D UE second D2D UE, and the second D2D UE can be found first D2D UE; the determination result is positive, the network determines to allow the device discovery operation performed between two D2D D2D UE; when the determination result is NO , the network device determines D2D does not allow the discovery operation between two D2D UE.

[0085] 在实施中,在认证操作的主体为无线接入设备的情况下,步骤S302可以分为如下两种方式获取授权数据: [0085] In the embodiment, the case where the authentication operation for the main body of the wireless access device, step S302 can be divided into the following two manners obtain authorization data:

[0086] 方式一:网络设备获取D2D UE的D2D授权数据,然后,该网络设备根据该D2D授权数据生成D2D发现列表,该网络设备将该D2D发现列表发送给无线接入设备,用于该无线接入设备使用该D2D发现列表对该D2D UE进行认证。 [0086] Mode 1: the network device obtains a D2D D2D UE authorization data, then, the network device generates the authorization data based on the D2D D2D discovery list, the network device sends a list to find the D2D radio access device for the wireless using the access device to authenticate the discovery list D2D D2D UE.

[0087] 比较优的,在方式一的实施过程中,网络设备可以通过多种方式实现根据一个或多个D2D授权数据生成D2D发现列表,例如:网络设备根据一个或多个D2D授权数据和一个或多个D2D UE的ID生成一个或多个D2D发现列表;或网络设备根据一个或多个D2D授权数据和用户的应用ID生成一个或多个D2D发现列表。 [0087] Comparative superior, in a process embodiment, the network device may be implemented by various means generating D2D discovery list according to one or more of D2D authorization data, for example: a network device in accordance with one or more authorization data and a D2D D2D UE or a plurality of ID generating one or more D2D discovery list; or generate one or more network devices according to one or more of D2D D2D authorization data and the user ID of the application discovery list.

[0088] 方式二:无线接入设备接收网络设备转发的该D2D UE的D2D授权数据,然后该无线接入设备将该D2D授权数据和该D2D UE的标识ID生成D2D发现列表;使用该D2D发现列表对该D2D UE进行认证。 [0088] Second way: the D2D radio access network device forwards the receiving device of the UE D2D authorization data and the identification ID of the wireless device the access authorization data and of the D2D D2D UE generates D2D discovery list; found using the D2D lists for authentication of the D2D UE.

[0089] 比较优的,在方式二的实施过程中,无线接入设备可以通过多种方式实现根据一个或多个D2D授权数据生成D2D发现列表,例如:无线接入设备根据一个或多个D2D授权数据和一个或多个D2D UE的ID生成一个或多个D2D发现列表;或无线接入设备根据一个或多个D2D授权数据和用户的应用ID生成一个或多个D2D发现列表。 [0089] comparative advantages of the two embodiments of the process of embodiment, the wireless access device may be implemented in a variety of ways to generate D2D discovery list according to one or more of D2D authorization data, for example: a wireless access device according to one or more of D2D authorization data and the one or more of D2D UE ID to generate one or more D2D discovery list; wireless access device, or generating one or more D2D D2D according to one or more authorized users and application ID data discovery list.

[0090] 在上述该方式中,该认证操作的主体为无线接入设备,使得无线接入设备可以控制D2DUE的认证情况,在D2D发现过程中保证D2D UE的私密性。 [0090] In the above-described embodiment, the main body of the authentication operation for the wireless access device, so that the device may control the wireless access authentication D2DUE case, the discovery process to ensure the privacy of the D2D UE D2D.

[0091] 在认证过程中,无线接入设备可以根据现有的认证方法对D2D UE进行认证,为了提高认证的可靠性,可以采用如下方式进行认证:无线接入设备根据多个D2D发现列表和/或多个D2D授权数据判断多个D2D UE之间是否允许进行D2D发现操作。 [0091] In the authentication process, the wireless access device may be authenticated prior D2D UE according to an authentication method, in order to improve the reliability of authentication, authentication may be performed in the following way: a wireless access device and a plurality of discovery list D2D / or more D2D data judging whether to allow authorization among a plurality of D2D D2D UE discovery operations. 比较优的,在该方式的实施过程中,无线接入设备可以根据多个D2D发现列表和/或多个D2D授权数据判断多个D2DUE中的两个D2D UE中的第一D2D UE是否能够发现两个D2D UE中的第二D2D UE,且第二D2D UE能够被第一D2D UE发现;在判断结果为是时,无线接入设备确定两个D2D UE之间允许进行D2D发现操作;在判断结果为否时,无线接入设备确定两个D2D UE之间不允许进行D2D发现操作。 Rather desirable, in the implementation of the embodiment, the wireless access device can be found in the list and / or a plurality of D2D authorization data determines whether a plurality of two D2DUE D2D UE in accordance with a first plurality of D2D UE to discover D2D two second D2D UE D2D UE, and the second D2D UE can be found first D2D UE; the determination result is yes, the wireless device determines to allow access between the two D2D D2D UE discovery operations; determined when the result is NO, the wireless access device is determined not permitted between the two D2D D2D UE discovery operations.

[0092] 优选地,在实施中,多个D2D UE对应的移动性管理实体(Mobility ManagementEntity,简称为MME),基站和/或归属环境(Home Environment,简称为HE)可以是不相同的,其中,HE可以包括以下之一:归属用户服务器(HSS)、接入网发现和选择功能单元(ANDSF)、应用服务器、分组数据网关(P-GW)。 [0092] Preferably, in the embodiment, a plurality of corresponding D2D UE mobility management entity (Mobility ManagementEntity, referred to as the MME), base stations and / or home environment (Home Environment, simply referred to as HE) may not be the same, wherein , HE may include one of the following: a home subscriber server (the HSS), the access network discovery and selection function unit (the ANDSF), an application server, a packet data gateway (P-GW).

[0093] 优选地,在实施中,网络设备可以包括多种网元,例如:该网络设备可以包括以下之一:移动性管理实体(MME)、邻居发现服务器。 [0093] Preferably, in the embodiment, the network device may include a plurality of network elements, for example: the network device may include one of the following: Mobility Management Entity (the MME), the neighbor discovery server.

[0094] 优选地,在实施中,无线接入设备可以包括多种网元,例如:该无线接入设备可以包括以下之一:基站、接入控制器(AC)、接入点(AP)。 [0094] Preferably, in the embodiment, the wireless access device can include a plurality of network elements, for example: the wireless access device may comprise one of the following: a base station, an access controller (the AC), an access point (AP) .

[0095] 在实施时,为了提高标示D2D UE的准确性,D2D UE的ID可以包括以下至少之一:国际移动用户识别码(International Mobie Subscriber Identity,简称为IMSI)、国际移动装备识别码(International Mobie Equipment Identity,简称为IMEI )、全球唯一用户设备标识(GloballyUnique Temporary UE Identity,简称为GUTI )、D2D 发现过程中的标识。 [0095] In practice, in order to improve the accuracy of the indicated D2D UE, D2D UE ID may include at least one of: international mobile subscriber identity (International Mobie Subscriber Identity, referred to as the IMSI), International Mobile Equipment Identifier (International mobie equipment identity, abbreviated as IMEI), a globally unique user equipment identifier (GloballyUnique Temporary UE identity, referred to as GUTI), D2D discovery identification process.

[0096] 作为一个较优的实施方式,为了提高D2D发现的准确性,该D2D发现列表包括:允许发现D2D UE的第一D2D UE的标识和/或允许被所述D2D UE发现的第二D2D UE的标识。 [0096] with a preferred embodiment as embodiment, in order to improve the accuracy of the D2D discovery, the discovery list D2D comprising: allowing a first discovery second D2D D2D UE identification of D2D UE and / or the D2D UE allowed to be found UE logo.

[0097] 需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。 [0097] It should be noted that the steps illustrated in the flowchart drawings can be executed on a computer system such as a set of executable instructions, and, although in the flowchart shown in a logical order, but in some case, the steps shown or may be performed in a different order than described herein.

[0098] 在另外一个实施例中,还提供了一种D2D UE认证软件,该软件用于执行上述实施例及优选实施例中描述的技术方案。 [0098] In a further embodiment, there is also provided a D2D UE authentication software, the software for performing the above-described preferred embodiments and the technical solutions described in the embodiments.

[0099] 在另外一个实施例中,还提供了一种存储介质,该存储介质中存储有上述D2D UE认证软件,该存储介质包括但不限于:光盘、软盘、硬盘、可擦写存储器等。 [0099] In a further embodiment, there is also provided a storage medium, the storage medium stores the above-described authentication software D2D UE, the storage media include, but are not limited to: an optical disc, a flexible disk, hard disk, a flash memory or the like.

[0100] 本发明实施例还提供了一种D2D UE认证装置,该D2D UE认证装置可以用于实现上述D2D UE认证方法及优选实施方式,已经进行过说明的,不再赘述,下面对该D2D UE认证装置中涉及到的模块进行说明。 [0100] Embodiments of the present invention further provides a D2D UE authentication apparatus, the authentication means D2D UE may be used to achieve the above D2D UE authentication method and preferred embodiment, has been described, will not be repeated, following the a module to be described D2D UE authentication device. 如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。 Combination of software and / or hardware as used hereinafter, the term "module" may implement a predetermined function. 尽管以下实施例所描述的系统和方法较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。 While the following embodiments systems and methods described herein are preferably implemented in software, but implemented as a combination of hardware, or software and hardware it is also possible and contemplated.

[0101] 图4是根据本发明实施例的D2D UE认证装置的结构框图,如图4所示,该方法包括:第一获取模块42和第一认证模块44,下面对上述结构进行详细描述。 [0101] FIG. 4 is a block diagram D2D UE authentication apparatus according to an embodiment of the present invention, shown in Figure 4, the method comprising: a first acquisition module 42 and the first authentication module 44, The above structure will be described in detail .

[0102] 第一获取模块42,用于获取一个或多个D2D UE的D2D授权数据;第一认证模块44,连接至第一获取模块42,用于使用第一获取模块42获取到的一个或多个D2D授权数据对该一个或多个D2D UE进行认证。 [0102] The first acquisition module 42, configured to obtain license data for one or more D2D D2D UE; a first authentication module 44, 42 connected to the first acquiring module, for acquiring a module 42 using the first or acquired D2D plurality of authorization data to authenticate the one or more D2D UE.

[0103] 图5是根据本发明实施例的D2D UE认证装置优选的结构框图一,在该优选实施例中,第一获取模块42和第一认证模块44位于网络设备,如图5所不,第一获取模块42包括:第二获取模块422 ;第三获取模块424和第一生成模块426 ;其中,第一生成模块426包括:第二生成模块4262或第三生成模块4264 ;第一认证模块44包括:第一判断模块441,其中,第一判断模块441包括:第二判断模块4412,第一确定模块4414,第二确定模块4416,下面对上述结构进行详细描述。 [0103] FIG. 5 is a block D2D UE authentication device according to a preferred embodiment of the present invention, the structure, in the preferred embodiment, the first acquisition module 42 and authentication module 44 located in a first network device, not shown in Figure 5, a first acquiring module 42 comprises: a second acquiring module 422; a third acquisition module 424 and a first generation module 426; wherein, a first generating module 426 includes: a second or third generation module 4262 generating module 4264; a first authentication module 44 comprises: a first determining module 441, wherein the first determining module 441 includes: a second determining module 4412, a first determination module 4414, a second determination module 4416, the following detailed description of the above-described structure.

[0104] 第一获取模块42包括以下之一:第二获取模块422,用于一个或多个D2D UE对应的一个或多个D2D授权数据;第三获取模块424,用于获取一个或多个D2D UE的一个或多个D2D授权数据;和,第一生成模块426,用于根据一个或多个D2D授权数据生成一个或多个D2D发现列表。 [0104] The first acquisition module 42 comprises one of the following: a second acquiring module 422, one or more for a corresponding one or more D2D UE D2D authorization data; a third acquisition module 424, configured to obtain one or more D2D UE or a plurality of D2D authorization data; and, a first generating module 426 for generating one or more D2D discovery list in accordance with one or more D2D authorization data.

[0105] 优选地,第一生成模块426包括:第二生成模块4262,用于根据一个或多个D2D授权数据和一个或多个D2D UE的标识ID生成一个或多个D2D发现列表;或第三生成模块4264,用于根据一个或多个D2D授权数据和用户的应用ID生成一个或多个D2D发现列表。 [0105] Preferably, a first generation module 426 includes: a second generation module 4262 for generating one or more D2D discovery list in accordance with one or more D2D authorization data and the one or more D2D UE identifier ID; or the three generation module 4264 for generating a list of one or more D2D discovery according to one or more users and authorization data D2D app ID.

[0106] 第一认证模块44包括:第一判断模块441,用于根据多个D2D发现列表和/或多个D2D授权数据判断多个D2D UE之间是否允许进行D2D发现操作。 [0106] The first authentication module 44 comprises: a first determining module 441, a discovery list and / or authorization data determines whether a plurality of D2D permitted between the plurality of D2D D2D UE discovery operation according to a plurality of D2D.

[0107] 优选地,第一判断模块441包括:第二判断模块4412,用于根据多个D2D发现列表和/或多个D2D授权数据判断多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现两个D2D UE中的第二D2D UE,且第二D2D UE能够被第一D2D UE发现;第一确定模块4414,连接至第二判断模块4412,用于第二判断模块4412的判断结果为是时,确定两个D2DUE之间允许进行D2D发现操作;第二确定模块4416,连接至第二判断模块4412,用于第二判断模块4412的判断结果为否时,确定两个D2D UE之间不允许进行D2D发现操作。 [0107] Preferably, the first determining module 441 includes: a second determining module 4412, a discovery list and / or authorization data determines a first plurality of the plurality of D2D D2D UE in two D2D UE in accordance with a plurality of D2D D2D UE to discover whether the two second D2D UE D2D UE, and the second D2D UE can be found in a first D2D UE; a first determining module 4414 is connected to a second determination module 4412, a second determining module 4412 the determination result is YES, it is determined to allow the discovery operation between two D2D D2DUE; a second determining module 4416 is connected to a second determination module 4412, a second determination module 4412 determination result is NO, it is determined two D2D discovery operation is not allowed between D2D UE.

[0108] 图6是根据本发明实施例的D2D UE认证装置优选的结构框图二,在该优选实施例中,第一获取模块42和第一认证模块44位于网络设备,如图5所不,第一获取模块42包括:第三获取模块428 ;第一认证模块44包括:第四生成模块442和发送模块443,第四生成模块442包括:第五生成模块4422或第六生成模块4424,下面对上述结构进行详细描述。 [0108] FIG. 6 is a block diagram of two apparatus according to the authentication D2D UE preferred embodiment of the present invention, the structure, in the preferred embodiment, the first acquisition module 42 and authentication module 44 located in a first network device, not shown in Figure 5, a first acquiring module 42 comprises: a third acquisition module 428; a first authentication module 44 comprises: a fourth generation module 442 and a sending module 443, a fourth generation module 442 includes: a fifth or sixth generation module 4422 generating module 4424, the face configuration described in detail above.

[0109] 第一获取模块42包括:第三获取模块428,用于获取一个或多个D2D UE对应的一个或多个D2D授权数据。 [0109] The first acquisition module 42 comprises: a third obtaining module 428, configured to acquire the one or more corresponding one or more D2D UE D2D authorization data.

[0110] 第四生成模块442,用于根据该一个或多个D2D授权数据生成一个或多个D2D发现列表;发送模块444,连接至第四生成模块442,用于将该一个或多个D2D发现列表发送给无线接入设备,D2D发现列表用于该无线接入设备使用该D2D发现列表对D2D UE进行认证。 [0110] Fourth generation module 442, for finding a list of the one or more authorized D2D data generation according to one or more D2D; transmitting module 444, connected to the fourth generation module 442, one or more for the D2D found sends a list to the wireless access device, D2D discovery list for the wireless access device uses the list to find D2D D2D UE authentication.

[0111] 优选地,第四生成模块442包括:第五生成模块4422,用于根据一个或多个D2D授权数据和一个或多个D2D UE的标识ID生成一个或多个D2D发现列表;或第六生成模块4424,用于根据一个或多个D2D授权数据和用户的应用ID生成一个或多个D2D发现列表。 [0111] Preferably, a fourth generation module 442 includes: a fifth generation module 4422 for generating a list of one or more D2D discovery according to one or more of D2D authorization data and the one or more D2D UE identifier ID; or the six generating module 4424 for generating a list of one or more D2D discovery according to one or more users and authorization data D2D app ID.

[0112] 图7是根据本发明实施例的D2D UE认证装置优选的结构框图三,在该优选实施例中,第一获取模块42和第一认证模块44位于无线接入设备,如图7所不,第一获取模块42包括:第一接收模块429 ;第二接收模块430和第七生成模块432 ;第一认证模块44包括:第三判断模块444,第三判断模块444包括:第四判断模块4442,第三处理模块4444,第四确定模块4446,下面对上述结构进行详细描述。 [0112] FIG. 7 is a D2D UE authentication device of the preferred embodiment of the present invention is a block diagram showing the structure of three, in the preferred embodiment, the first acquisition module 42 and authentication module 44 located in a first wireless access device, Figure 7 without first obtaining module 42 comprises: a first receiving module 429; a second receiving module 430, and a seventh generation module 432; a first authentication module 44 comprises: a third determining module 444, a third determining module 444 includes: a fourth judgment module 4442, a third processing module 4444, a fourth determination module 4446, the following detailed description of the above-described structure.

[0113] 第一获取模块42包括:第一接收模块429,用于接收网络设备转发的一个或多个D2D UE对应的一个或多个D2D授权数据;第二接收模块430,用于接收网络设备转发的D2DUE的D2D授权数据;和,第七生成模块432,连接至第二接收模块430,用于根据一个或多个D2D授权数据生成一个或多个D2D发现列表。 [0113] The first acquisition module 42 comprises: a first receiving module 429, one or more for a D2D UE receiving a corresponding plurality of network device or forwarded D2D authorization data; a second receiving module 430, a network device for receiving D2D D2DUE authorization data forwarding; and a seventh generation module 432, connected to the second receiving module 430, configured to generate one or more D2D discovery list in accordance with one or more D2D authorization data.

[0114] 优选地,第七生成模块432包括:第八生成模块4322,用于根据一个或多个D2D授权数据和一个或多个D2D UE的标识ID生成一个或多个D2D发现列表;或第九生成模块4324,用于根据一个或多个D2D授权数据和用户的应用ID生成一个或多个D2D发现列表。 [0114] Preferably, the seventh generation module 432 comprises: an eighth generation module 4322 for generating a list of one or more D2D discovery according to one or more of D2D authorization data and the one or more D2D UE identifier ID; or the nine generation module 4324 for generating a list of one or more D2D discovery according to one or more users and authorization data D2D app ID.

[0115] 第一认证模块44包括:第三判断模块444,用于根据多个D2D发现列表和/或多个D2D授权数据判断多个D2D UE之间是否允许进行D2D发现操作。 [0115] The first authentication module 44 comprises: a third determining module 444, according to a plurality of D2D discovery list and / or authorization data determines whether a plurality of D2D permitted between the plurality of D2D D2D UE discovery operations.

[0116] 优选地,第三判断模块444包括:第四判断模块4442,用于根据多个D2D发现列表和/或多个D2D授权数据判断多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现两个D2D UE中的第二D2D UE,且第二D2D UE能够被第一D2D UE发现;第三处理模块4444,连接至第四判断模块4442,用于第四判断模块4442的判断结果为是时,确定两个D2DUE之间允许进行D2D发现操作;第四确定模块4446,连接至第四判断模块4442,用于第四判断模块4442的判断结果为否时,确定两个D2D UE之间不允许进行D2D发现操作。 [0116] Preferably, the third determining module 444 includes: a fourth determination module 4442, a discovery list and / or authorization data determines a first plurality of the plurality of D2D D2D UE in two D2D UE in accordance with a plurality of D2D D2D UE to discover whether the two second D2D UE D2D UE, and the second D2D UE can be found in a first D2D UE; a third processing module 4444 connected to the fourth determination module 4442, a fourth determining module 4442 the determination result is YES, it is determined to allow D2D discovery operation between two D2DUE; determining a fourth module 4446, connected to the fourth determination module 4442, a fourth determination module 4442 determination result is NO, it is determined two D2D discovery operation is not allowed between D2D UE.

[0117] 下面将结合优选实施例进行说明,以下优选实施例结合了上述实施例及优选实施方式。 [0117] Example embodiments will now be described with reference to preferred, embodiment combines the embodiments described above the following preferred embodiment and a preferred embodiment.

[0118] 优选实施例一 [0118] Preferred embodiments of a

[0119] 本优选实施例提供了一种D2DUE的认证方法,在本实施例中,用户对应的网络设备,如MME获取到该用户的授权数据。 [0119] This preferred embodiment provides a method of authentication of D2DUE, in the present embodiment, the network device corresponding to the user, such as the MME to obtain authorization data of the user. 网络设备根据授权数据,进行判断,哪些用户可以发现该用户,或者哪些终端可以发现该终端,该用户可以被哪些用户发现,该终端可以被哪些终端发现,等等;或者,网络设备将授权数据以及用户相关的标识发送给该用户终端连接的基站或其他无线接入设备,由基站或其他无线接入设备进行判断;或者网络设备根据授权数据,以及用户相关的标识,生成列表,其中可以包括可以发现该用户或终端的用户或终端列表,可以包括该用户或终端被发现的用户或终端列表;网络设备根据列表进行判断,或者网络设备将列表发送给基站或其他无线接入设备,由基站或其他无线接入设备进行判断。 The authorization data network device, for determining which users may find that the user or the terminal which the terminal can be found, which the user may be found to a user, the terminal which the terminal can be found, and the like; or a network device authorization data and a user identifier associated to the base station connected to the user terminal or other wireless access device, the determination by a base station or other wireless access device; or a network device according to the authorization data, and identifying relevant user, generate a list, which may include or it can be found in the user list of the user terminal or terminal, or may include a user terminal or a listing of the user terminal is found; Analyzing network device, a network device list based on the list transmitted to the base station or other wireless access device, by the base station or other wireless access device is determined.

[0120] 优选地,该用户的签约数据中有相应的数据表明授权该用户使用D2D服务,包括D2D发现和D2D通讯服务。 [0120] Preferably, the user's subscription data indicates that corresponding data D2D service the user is authorized to use, and comprising a D2D discovery D2D communication services. 并且,在D2D发现过程中,根据用户D2D服务的相关授权信息,对D2D用户的D2D发现请求进行鉴权认证。 Further, D2D discovery process, according to the relevant user authorization information and services D2D for D2D D2D discovery request user authentication and authorization. [0121] D2D用户在认证过程中,获取认证中心的用户签约数据,其中包括D2D用户跟D2D服务相关的授权数据,该授权数据可以包括该用户是否可以使用D2D服务,该用户是否使用开放性的D2D服务,该用户是否使用限制性的D2D服务,该用户允许哪些用户发现该用户,该用户可以发现那些其他用户,等等。 [0121] D2D users in the certification process, obtaining the user authentication center's subscription data, including D2D user service-related authorization data with D2D, the authorization data can include whether the user can use the D2D service, whether the user using the open-ended D2D service, the user is restricted to use of D2D service, which allows the user users find the user, the user can find those other users, and so on.

[0122] 优选地,D2D用户的授权数据也可能来自应用服务,该用户使用的某一应用,有相应的授权数据,包括该用户是否可以使用D2D服务,该用户是否使用开放性的D2D服务,该用户是否使用限制性的D2D服务,该用户允许哪些用户发现该用户,该用户可以发现那些其他用户,等等。 [0122] Preferably, the user authorization D2D data may come from an application service, an application used by the user, a corresponding authorization data, including whether the user can use the D2D service, whether the user is using open D2D service, the user whether restrictive D2D service, which allows the user users find the user, the user can find those other users, and so on.

[0123] 作为一个较优的实施方式:相关设备可以根据授权数据进行判断,哪些用户可以发现该用户,或者哪些终端可以发现该终端,该用户可以被哪些用户发现,该终端可以被哪些终端发现,等等。 [0123] with a preferred embodiment as: the device can be determined according to the relevant authorization data, which users may find that the user or the terminal which the terminal can be found, which the user may be found to a user, the terminal which the terminal can be found ,and many more.

[0124] 优选地,相关设备可以根据授权数据,以及用户相关的标识,生成列表,用列表进行判断。 [0124] Preferably, the device according to the relevant authorization data, and user-related identifier, generate a list, a list with the determination. 列表中可以包括可以发现该用户的用户相关标识列表,可以包括该用户被发现的用户相关标识列表。 May include a list can be found in the user's user identity-related list may include a list of relevant user identification the user is found.

[0125] 优选地,用户相关的标识,可以是MSI,IMEI,⑶TI,D2D发现过程中使用的标识, [0125] Preferably, the user associated identity may be MSI, IMEI, ⑶TI, D2D discovery identification procedure used in

坐坐寸寸ο Begins to sit ο

[0126] 优选地,生成列表的相关设备可以是网络设备,如LTE的MME,如WLAN D2D发现的ANDSF,邻居发现服务器等,或者,生成列表的相关设备也可以是无线接入设备,如LTE的基站eNB,如WLAN 的AC,AP。 [0126] Preferably, a list of associated devices may be a network device, such as the MME of the LTE, as found ANDSF WLAN D2D, neighbor discovery server, etc., or generate a list of related equipment may be a wireless access device, such as LTE base station eNB, such as a WLAN AC, AP.

[0127] 优选地,生成列表的网络设备可以将列表发送给其他网络设备,或者无线接入设备,由其他网络设备或无线接入设备进行判断。 [0127] Preferably, a list of the network device may send the list to the other network device, or a wireless access device, the determination by the other network device or wireless access device.

[0128] 优选地,进行判断的相关设备可以是网络设备,或者无线接入设备。 [0128] Preferably, the determination device may be a network-related device, or a wireless access device.

[0129] 需要说明的是,为了进行判断,相关设备需要获取用户的相关ID。 [0129] Note that, for the determination, the user needs to obtain the relevant equipment associated ID.

[0130] 优选实施例二 [0130] according to a second preferred embodiment

[0131] 本优选实施例提供了一种D2D UE认证方法,图8是根据本发明实施例的D2D认证方法的流程图一,如图8所示,该方法包括如下步骤S802至步骤S818。 Embodiment [0131] The preferred embodiment provides a D2D UE authentication method, FIG. 8 is a flowchart of an authentication method D2D embodiment of the present invention, an embodiment shown in Figure 8, the method comprising the step S802 to step S818.

[0132] 步骤S802:网络设备获取该用户的D2D授权数据。 [0132] Step S802: the network device obtains the user authorization data D2D.

[0133] 需要说明的是,在步骤S802之后,网络设备可以根据如下流程之一进行处理: [0133] Incidentally, after step S802, the network device can be processed in accordance with one of the following processes:

[0134] 流程一:网络设备可以直接根据D2D授权数据进行判断(步骤S808)。 [0134] Process a: The network equipment may authorize the data directly from the D2D judged (step S808).

[0135] 流程二:网络设备可以根据D2D授权数据,生成D2D发现列表(步骤S804),然后根据D2D发现列表进行判断(步骤S806)。 [0135] Scheme II: The network device may authorize D2D data to generate D2D discovery list (step S804), and then found that the list is determined (step S806) according D2D.

[0136] 流程三:网络设备可以根据D2D授权数据,生成D2D发现列表(步骤S804),然后网络设备可以将D2D发现列表发送给无线接入设备(步骤S810),然后由无线接入设备根据D2D发现列表进行判断(步骤S812)。 [0136] Scheme III: D2D network device according to the authorization data, generating D2D discovery list (step S804), then the network device may send the list to find D2D radio access device (step S810), then the wireless access device according D2D discovery list is judged (step S812).

[0137] 流程四:网络设备可以将D2D授权设备发送给无线接入设备(步骤S814),然后无线接入设备直接根据该D2D授权数据进行判断(步骤S818)。 [0137] Scheme IV: D2D network device may transmit to the wireless device authorizing access device (step S814), then the wireless access device is determined (step S818) based on the direct D2D authorization data.

[0138] 流程五:网络设备可以将D2D授权设备发送给无线接入设备(步骤S814),然后无线接入设备使用D2D授权数据和用户相关ID生成D2D发现列表(步骤S816),无线接入设备根据D2D发现列表进行判断(步骤S812)。 [0138] Scheme V: D2D network device may transmit to the wireless access device authorized device (step S814), and then using the D2D radio access device authorization data associated with the user ID generating D2D discovery list (step S816), the wireless access device The D2D discovery list is determined (step S812). [0139] 步骤S804:网络设备根据该用户的D2D授权数据,生成D2D发现列表。 [0139] Step S804: The network device D2D data of the authorized user, to generate D2D discovery list.

[0140] 步骤S806:网络设备根据D2D发现列表进行判断。 [0140] Step S806: the network device discovery list in accordance with the determination D2D.

[0141] 步骤S808:网络设备根据D2D授权数据进判断。 [0141] Step S808: The network device determines D2D into authorization data.

[0142] 步骤S810:无线接入设备将D2D发现列表发送给无线接入设备。 [0142] Step S810: The wireless access device sends a list to find the D2D radio access device.

[0143] 步骤S812:无线接入设备根据D2D发现列表进行判断。 [0143] Step S812: the wireless access device discovery list in accordance with the determination D2D.

[0144] 步骤S814:无线接入设备获取从网络设备处获取该用户的D2D授权数据。 [0144] Step S814: acquiring device acquires D2D radio access authorization data of the user from the network device.

[0145] 步骤S816:无线接入设备根据该用户的D2D授权数据,生成D2D发现列表。 [0145] Step S816: The wireless access device D2D data of the authorized user, to generate D2D discovery list.

[0146] 步骤S818:无线接入设备根据D2D授权数据进行判断。 [0146] Step S818: The wireless access device judges D2D authorization data.

[0147] 作为一个较优的实施方式,用户的D2D授权数据包括以下信息:该用户是否可以使用D2D服务,该用户是否使用开放性的D2D服务,该用户是否使用限制性的D2D服务,该用户允许哪些用户发现该用户,该用户可以发现哪些其他用户,等等。 [0147] As with a preferred embodiment, the D2D user authorization data includes the following information: whether the user can use the D2D service, whether the user is using open D2D service, whether the subscriber limiting D2D service, the subscriber which allows users find the user, the user can discover what other users, and so on.

[0148] 作为一个较优的实施方式,该用户的D2D发现列表包括以下信息:可以发现该用户的用户列表;和/或可以被该用户发现的用户列表;和/或不可以发现该用户的用户列表;和/或不可以被该用户发现的用户列表,等。 [0148] As with a preferred embodiment, the user's D2D discovery list includes the following information: a user can find a list of the user; and / or user lists may be found in the user; and / or the user may not find user list; and / or can not be found in the user list of the user, and the like. 如果该用户使用的是开放性的D2D服务,即所有的用户都可以发现该用户,那么可以发现该用户的用户列表为“所有用户”,或者该用户可以发现所有的用户,那么可以被该用户发现的用户列表为“所有用户”。 If the user is using open-ended D2D service that all users can find the user, you may find that the user's user list is "all users", or the user can find all of the users, it may be the user list of users found for "All users."

[0149] 作为另一个较优的实施方式,判断的内容为,该用户在进行发现时,发现了另一个D2D用户,此时需要判断该用户是否可以发现另一个D2D用户,或者,该用户在被另一个D2D用户发现的过程中,此时需要判断该用户是否能被另一个D2D用户发现。 [0149] As still another preferred embodiment, the content is determined, when the user is performing found D2D found another user, then the user needs to determine whether the user can find another D2D, or the user D2D process is found another user, then the user needs to determine whether the user can find another D2D.

[0150] 优选实施例三 [0150] Example Three preferred embodiments

[0151] 本优选实施例提供了一种D2D UE认证方法,图9是根据本发明实施例的D2D认证方法的流程图二,如图9所示,该方法包括如下步骤S902至步骤S906。 Embodiment [0151] The preferred embodiment provides a D2D UE authentication method, FIG. 9 is a flow diagram shown in Figure 9 two D2D authentication method of the embodiment of the present invention, the method comprising the step S902 to step S906. 在本优选实施例中,网络设备根据用户的D2D授权数据或D2D发现列表进行判断是否可以进行D2D发现。 In the preferred embodiment, the network device according to the user authorization data or D2D D2D discovery list may be determined whether D2D discovery.

[0152] 步骤S902:网络设备从归属环境获取用户的D2D授权数据,或是网络设备从归属环境获取用户的D2D发现列表。 [0152] Step S902: the network device discovery list acquired from the home environment of the user from the home environment acquisition D2D D2D user authorization data, or network device.

[0153] 步骤S904:网络设备可能根据D2D授权数据生成该用户的D2D发现列表,如果402是网络设备从归属环境获取用户的D2D发现列表,则不用生成。 [0153] Step S904: the network device may be generated according to the user authorization data D2D D2D discovery list, if the list of discovered network device 402 from the home environment acquisition D2D user, is not generated.

[0154] 步骤S906:网络设备根据该用户的D2D授权数据或D2D发现列表进行判断,该用户是否可以被别的用户发现,或者该用户是否可以发现别的用户。 [0154] Step S906: the network device discovery list in accordance with the determination of the authorization data D2D D2D or user, whether the user may be other users found, or if the user can discover other users.

[0155] 优选实施例四 [0155] according to a fourth preferred embodiment

[0156] 本优选实施例提供了一种D2D UE认证方法,图10是根据本发明实施例的D2D认证方法的流程图三,如图10所示,该方法包括如下步骤S1002至步骤S1008。 Embodiment [0156] The preferred embodiment provides a D2D UE authentication method, FIG. 10 is a flowchart of an authentication method D2D three embodiments of the present invention, shown in Figure 10, the method comprising the step S1002 to step S1008. 在本优选实施例中,无线接入设备根据用户的D2D授权数据或D2D发现列表进行判断是否可以进行D2D发现。 In the preferred embodiment, the wireless access device according to the user authorization data or D2D D2D discovery list may be determined whether D2D discovery.

[0157] 步骤S1002:网络设备从归属环境获取用户的D2D授权数据,或是网络设备从归属环境获取用户的D2D发现列表。 [0157] Step S1002: the network device discovery list acquired from the home environment of the user from the home environment acquisition D2D D2D user authorization data, or network device.

[0158] 步骤S1004:网络设备可能根据D2D授权数据生成该用户的D2D发现列表,如果502是网络设备从归属环境获取用户的D2D发现列表,则不用生成。 [0158] Step S1004: the network device may be generated according to the user authorization data D2D D2D discovery list, if network device 502 is a discovery list acquired from the user home environment D2D, then not generated.

[0159] 步骤S1006:网络设备将D2D授权数据或D2D发现列表发送给无线接入设备。 [0159] Step S1006: The network device D2D D2D discovery transmit authorization data or list to the wireless access device. [0160] 步骤S1008:无线接入设备根据该用户的D2D授权数据或D2D发现列表进行判断,该用户是否可以被别的用户发现,或者该用户是否可以发现别的用户。 [0160] Step S1008: the wireless access device discovery list in accordance with the determination of the authorization data D2D D2D or user, whether the user may be other users found, or if the user can discover other users.

[0161] 优选实施例五 [0161] Preferred embodiments according to the fifth

[0162] 本优选实施例提供了一种D2D UE认证方法,图11是根据本发明优选实施例的D2DUE认证方法的流程图一,如图11所示,该方法包括如下步骤S1102至步骤S1138。 Embodiment [0162] The preferred embodiment provides a D2D UE authentication method, authentication D2DUE 11 is a flowchart of a method according to a preferred embodiment of the present invention, an embodiment, shown, the method comprising the step S1102 to step S1138 in FIG. 11. 本优选实施例描述了接入到3GPP接入的两个UE进行D2D认证的流程。 Preferred embodiments according to the present embodiment describes the process that the access to the two D2D UE 3GPP access authentication is performed. 本优选实施例中UEl和UE2的eNB可以是同一个eNB,也可以是不同的eNB.UEl和UE2的MME可以是同一个MME,也可以是不同的MME。 UEl and UE2 eNB embodiment of the present preferred embodiment with the eNB may be one, or may be different and the UE2 eNB.UEl one MME with MME may be, or may be a different MME. UEl和UE2的HE可以是同一个HE,也可以是不同的HE。 UEl and the UE2 may be a HE HE the same, may be different HE.

[0163] 步骤S1102:UE2向MME发送用户认证请求,包含UE2的用户相关ID。 [0163] Step S1102: UE2 sends a user authentication request to the MME, comprising a user-related ID UE2.

[0164] 步骤S1104:MME向归属环境请求UE2用户的认证向量,以及该用户的D2D授权数据。 [0164] Step S1104: MME requests authentication vectors to the home environment, the user UE2, and D2D user authorization data.

[0165] 步骤S1106:归属环境向MME发送UE2用户的认证向量,以及该用户的D2D授权数据。 [0165] Step S1106: send home environment authentication vector to the user UE2 MME, D2D and authorization data of the user. 如果MME已经保存该用户的认证向量以及D2D授权数据,步骤SI 104及SI 106可以不执行。 If the MME has been saved and the authentication vector of the user authorization data D2D, step SI 104 and SI 106 may not be performed.

[0166] 步骤S1108 =MME向UE2回复用户认证响应。 [0166] Step S1108 = MME authentication response back to the user to UE2.

[0167] 步骤SlllO〜步骤SI 116为UEl获取D2D授权数据的过程,和步骤SI 102〜步骤S1108 一致。 Consistent [0167] Step SI 116 Step SlllO~ D2D authorization data acquiring process for UEl, step SI 102~ step S1108.

[0168] UEl获取D2D授权数据的过程在UE2获取D2D授权数据的过程之后和之前均可。 After the [0168] UEl obtain authorization D2D D2D data of the process of obtaining authorization data in the process and before UE2 can.

[0169] 步骤SI 118 =UEl和UE2感知终端设备在附近,需要进一步确认是否可以互相进行D2D发现。 [0169] Step SI 118 = UEl and UE2 sensing device in the vicinity of the terminal, requires further confirmation can be found in each D2D. 如,UEl感知到UE2在附近,通知UE2该终端感知到了它,并且UEl的用户想发现UE2的用户;而UE2获悉UEl感知到了它在附近,并且UEl的用户想发现UE2的用户.[0170] 步骤SI 120:UE2向eNB发送D2D发现请求,其中携带UE2的用户相关ID。 Such as, UEL perceived near UE2, notifies UE2 the terminal perceives it, and UEL user wanted to find UE2 user; and UE2 learned UEL perceive it around, and UEL user wanted to find UE2 of user [0170]. step SI 120: UE2 transmits D2D discovery request to eNB, wherein the user carrying the relevant ID UE2.

[0171] 步骤S1122:eNB向MME发送D2D发现请求,其中携带UE2的用户相关ID。 [0171] Step S1122: eNB transmits D2D discovery request to the MME, where the user carries the associated ID UE2. 此步骤里的用户相关ID和S1120中的可以相同,也可以是该用户对应的不同ID,例如,步骤S1120中的ID可以是基站分配给该用户的D2DID,而本步骤中的ID是⑶TI或其他ID。 This step was related to the user ID and S1120 may be the same or may be different ID corresponding to the user, e.g., in step S1120, the ID may be a base station assigned to the user D2DID, and this step ID is ⑶TI or other ID.

[0172] 步骤SI 124:MME根据UE2用户的D2D授权数据进行判断,UE2用户是否能够被UEl的用户发现。 [0172] Step SI 124: MME D2D authorization data is judged according to the user UE2, UE2 whether the user can be found UEl user.

[0173] 步骤S1126 =MME向eNB发送D2D发现响应,其中携带UE2用户是否能够被UEl用户发现的判断结果。 [0173] Step S1126 = MME transmits a response to the discovery D2D eNB, which carries the determination result whether the user can be found UE2 UEl user.

[0174] 步骤SI 128:eNB向UE2发送D2D发现响应。 [0174] Step SI 128: eNB D2D to UE2 transmits a discovery response.

[0175] 步骤SI 130〜步骤SI 132与步骤SI 120〜步骤SI 122 —致, [0175] Step SI 130~ step SI 132 to step SI 120~ Step SI 122 - induced,

[0176] 步骤SI 134 =MME根据UEl用户的D2D授权数据进行判断,UEl用户是否能够发现UE2的用户。 [0176] Step SI 134 = MME D2D judged according to the user authorization data UEl, UE2 users to discover whether UEl user.

[0177] 步骤SI 136〜步骤SI 138与步骤SI 126〜步骤SI 128 —致。 [0177] Step SI 136~ step SI 138 to step SI 126~ Step SI 128 - induced.

[0178] 需要说明的是,UEl的发现过程在UE2的发现过程之前或之后均可。 [0178] It should be noted, UEl discovery process can be before or after the discovery process UE2.

[0179] 如果判断结果为,UE2用户能够被UEl用户发现,UEl用户能够发现UE2用户,D2D发现可以进行;如果判断结果为,UE2用户不能够被UEl用户发现,UEl用户能够发现UE2用户;或服2用户能够被UEl用户发现,UEl用户不能够发现UE2用户;或服2用户不能够被UEl用户发现,UEl用户不能够发现UE2用户,D2D发现不可以进行。 [0179] If the determination result is, UE2 user can be UEL users found, UEl user can find UE2 user, D2D discovery may be performed; if the determination result is, UE2 user can not be UEL users found, UEl user can find UE2 user; or 2 served user can be found UEL users, UEl the user can not find the user UE2; 2 users or services can not be found UEL users, UEl the user can not find the user UE2, D2D can not be found. [0180] 优选实施例六 [0180] according to a sixth preferred embodiment

[0181] 本优选实施例提供了一种D2D UE认证方法,图12是根据本发明优选实施例的D2DUE认证方法的流程图二,如图12所示,该方法包括如下步骤S1202至步骤S1236。 [0181] This preferred embodiment provides a D2D UE authentication method, two D2DUE 12 is a flowchart of an authentication method according to a preferred embodiment of the present invention, shown in Figure 12, the method comprising the step S1202 to step S1236. 本优选实施例描述了接入到3GPP接入的两个UE进行D2D认证的流程。 Preferred embodiments according to the present embodiment describes the process that the access to the two D2D UE 3GPP access authentication is performed. 本优选实施例中MME生成D2D发现列表供判断,并且仅由UEl发送D2D发现请求。 In a preferred embodiment of the present embodiment generates MME D2D discovery list for determination, and only by the discovery request transmitted UEl D2D. 该实施例中UEl和UE2的eNB可以是同一个eNB,也可以是不同的eNB.UEI和UE2的MME可以是同一个MME,也可以是不同的MME。 eNB this embodiment UEl and UE2 one eNB may be the same or may be different and the UE2 eNB.UEI one MME with MME may be, or may be a different MME. UEl和UE2的HE可以是同一个HE,也可以是不同的HE。 UEl and the UE2 may be a HE HE the same, may be different HE.

[0182] 步骤S1202〜步骤S1216:同步骤S1102〜步骤S1116。 [0182] Step S1202~ Step S1216: step S1102~ with step S1116.

[0183] UEl获取D2D授权数据的过程在UE2获取D2D授权数据的过程之后和之前均可。 After the [0183] UEl obtain authorization D2D D2D data of the process of obtaining authorization data in the process and before UE2 can.

[0184] 步骤S1218 =MME根据UEl用户的D2D授权数据生成UEl用户D2D发现列表。 [0184] Step S1218 = MME generates UEl user list according D2D D2D discovery UEl user authorization data. 该步骤在步骤S1206和步骤S1228之前。 This step in step S1206 and before step S1228. 如果从HE处获取的是D2D发现列表,此步骤可省略。 If the acquired HE is from D2D discovery list, this step may be omitted.

[0185] 步骤S1220 =MME根据UE2用户的D2D授权数据生成UE2用户D2D发现列表。 [0185] Step S1220 = MME D2D discovery list generated according to user UE2 D2D UE2 user authorization data. 该步骤在S1214和S1228之间。 The step between the S1214 and S1228. 如果从HE处获取的是D2D发现列表,此步骤可省略。 If the acquired HE is from D2D discovery list, this step may be omitted.

[0186] 步骤S1222 =UEl和UE2感知终端设备在附近,需要进一步确认是否可以互相进行D2D发现。 [0186] Step S1222 = UEl and UE2 sensing device in the vicinity of the terminal, requires further confirmation can be found in each D2D. 如,UEl感知到UE2在附近,并且UEl的用户想发现UE2的用户.[0187] 步骤S1224:UE1向eNB发送D2D发现请求,其中携带UEl的用户相关ID和UE2的用户相关ID。 Such, UEl perceived around the UE2, and the user wants to find UEL user UE2 [0187] Step S1224:. UE1 transmits D2D discovery request to eNB, wherein a user carries UEL UE2 and user ID associated correlation ID.

[0188] 步骤S1226:eNB向MME发送D2D发现请求,其中携带UEl的用户相关ID和UE2的用户相关ID。 [0188] Step S1226: eNB transmits D2D discovery request to the MME, wherein the user ID associated UEl and UE2 carries associated user ID. 此步骤里的用户相关ID和S1120中的可以相同,也可以是该用户对应的不同ID,例如,步骤S1120中的ID可以是基站分配给该用户的D2D ID,而本步骤中的ID是⑶TI或其他ID。 User correlation ID and S1120 of this step in the may be the same or may be different ID corresponding to the user, e.g., in step S1120, the ID may be a base station assigned to the user the D2D ID, and this step ID is ⑶TI or other ID.

[0189] 步骤S1228:MME根据UEl的D2D发现列表进行判断,UEl的用户是否能够发现UE2的用户。 [0189] Step S1228: MME discovery list in accordance with the determination of UEl D2D, the user can find whether UEl user UE2.

[0190] 步骤S1230 =MME根据UE2的D2D发现列表进行判断,UE2的用户是否能够被UEl的用户发现。 [0190] Step S1230 = MME discovery list in accordance with the determination of UE2 D2D, whether the user can be UE2 users find UEl.

[0191] 步骤S1232 =MME向eNB发送D2D发现响应,其中携带UEl的用户是否能够发现UE2的用户,UE2用户是否能够被UEl用户发现的判断结果。 [0191] Step S1232 = MME transmits a response to the discovery D2D eNB, whether carrying UEl users to find the determination result of the user UE2, UE2 user whether the user can be found UEl.

[0192] 如果判断结果为,UE2用户能够被UEl用户发现,UEl用户能够发现UE2用户,D2D发现可以进行;如果判断结果为,UE2用户不能够被UEl用户发现,UEl用户能够发现UE2用户;或服2用户能够被UEl用户发现,UEl用户不能够发现UE2用户;或服2用户不能够被UEl用户发现,UEl用户不能够发现UE2用户,D2D发现不可以进行。 [0192] If the determination result is, UE2 user can be UEL users found, UEl user can find UE2 user, D2D discovery may be performed; if the determination result is, UE2 user can not be UEL users found, UEl user can find UE2 user; or 2 served user can be found UEL users, UEl the user can not find the user UE2; 2 users or services can not be found UEL users, UEl the user can not find the user UE2, D2D can not be found.

[0193] 步骤S1234:eNB向UEl发送D2D发现响应。 [0193] Step S1234: eNB discovery response sent to the UEl D2D.

[0194] 步骤S1236:eNB向UE2发送D2D发现响应。 [0194] Step S1236: eNB transmits a response to the discovery D2D UE2. 此步骤为可选,在被发现终端UE2也需要得知D2D发现结果时发生。 This step is optional, it is found to occur when the terminal UE2 needs to be informed D2D findings.

[0195] 优选实施例七 [0195] according to a seventh preferred embodiment

[0196] 本优选实施例提供了一种D2D UE认证方法,图13是根据本发明优选实施例的D2DUE认证方法的流程图三,如图13所示,该方法包括如下步骤S1302至步骤S1336。 [0196] This preferred embodiment provides a D2D UE authentication method, three D2DUE FIG 13 is a flowchart of an authentication method according to a preferred embodiment of the present invention, shown in Figure 13, the method comprising the step S1302 to step S1336. 本优选实施例描述了接入到3GPP接入的两个UE进行D2D认证的流程。 Preferred embodiments according to the present embodiment describes the process that the access to the two D2D UE 3GPP access authentication is performed. 本优选实施例描述了接入到3GPP接入的两个UE进行D2D认证的流程。 Preferred embodiments according to the present embodiment describes the process that the access to the two D2D UE 3GPP access authentication is performed. 本优选实施例中MME将UEl用户和UE2用户的D2D发现列表发送给eNB,由eNB进行判断。 In the preferred embodiment the MME user UEl and UE2 user D2D discovery list to the eNB, the determination by the eNB. 本优选实施例中UEl和UE2的eNB可以是同一个eNB,也可以是不同的eNB.UEl和UE2的MME可以是同一个MME,也可以是不同的MME。 UEl and UE2 eNB embodiment of the present preferred embodiment with the eNB may be one, or may be different and the UE2 eNB.UEl one MME with MME may be, or may be a different MME. UEl和UE2的HE可以是同一个HE,也可以是不同的HE。 UEl and the UE2 may be a HE HE the same, may be different HE.

[0197] 步骤S1302〜步骤S1320:同步骤S1202〜步骤S1220。 [0197] Step S1302~ Step S1320: step S1202~ with step S1220. 如果从HE处获取的是D2D发现列表,步骤S1318,步骤S1320步骤可省略。 If the acquired HE is from D2D discovery list, step S1318, step S1320 step can be omitted.

[0198] 步骤S1322:MME在Initial context setup消息中,将UEl用户的D2D发现列表发送给eNB.该步骤在S1318之后,S1330之前。 [0198] Step S1322: MME in Initial context setup message, the user UEl D2D discovery list sent to the eNB, before the following step S1318 S1330..

[0199] 步骤S1324:MME在Initial context setup消息中,将UE2用户的D2D发现列表发送给eNB.该步骤在步骤S1320之后,步骤S1332之前。 [0199] Step S1324: MME in Initial context setup message, the user UE2 D2D discovery list sent to the eNB after step the step S1320, before the step S1332..

[0200] 步骤S1326 =UEl和UE2感知终端设备在附近,需要进一步确认是否可以互相进行D2D发现。 [0200] Step S1326 = UEl and UE2 sensing device in the vicinity of the terminal, requires further confirmation can be found in each D2D. 如,UEl感知到UE2在附近,并且UEl的用户想发现UE2的用户.[0201] 步骤S1328:UE1向eNB发送D2D发现请求,其中携带UEl的用户相关ID和UE2的用户相关ID。 Such, UEl perceived around the UE2, and the user wants to find UEL user UE2 [0201] Step S1328:. UE1 transmits D2D discovery request to eNB, wherein a user carries UEL UE2 and user ID associated correlation ID.

[0202] 步骤S1330:eNB根据UEl的D2D发现列表进行判断,UEl的用户是否能够发现UE2的用户 [0202] Step S1330: eNB discovery list in accordance with the determination of the D2D UEl, UEl whether the user can find a user UE2

[0203] 步骤S1332:eNB根据UE2的D2D发现列表进行判断,UE2的用户是否能够被UEl的用户发现。 [0203] Step S1332: eNB discovery list in accordance with the determination of UE2 D2D, whether the user can be UE2 users find UEl.

[0204] 如果判断结果为,UE2用户能够被UEl用户发现,UEl用户能够发现UE2用户,D2D发现可以进行;如果判断结果为,UE2用户不能够被UEl用户发现,UEl用户能够发现UE2用户;或服2用户能够被UEl用户发现,UEl用户不能够发现UE2用户;或服2用户不能够被UEl用户发现,UEl用户不能够发现UE2用户,D2D发现不可以进行。 [0204] If the determination result is, UE2 user can be UEL users found, UEl user can find UE2 user, D2D discovery may be performed; if the determination result is, UE2 user can not be UEL users found, UEl user can find UE2 user; or 2 served user can be found UEL users, UEl the user can not find the user UE2; 2 users or services can not be found UEL users, UEl the user can not find the user UE2, D2D can not be found.

[0205] 步骤S1334:eNB向UEl发送D2D发现响应。 [0205] Step S1334: eNB discovery response sent to the UEl D2D.

[0206] 步骤S1336:eNB向UE2发送D2D发现响应。 [0206] Step S1336: eNB transmits a response to the discovery D2D UE2. 此步骤为可选,在被发现终端UE2也需要得知D2D发现结果时发生。 This step is optional, it is found to occur when the terminal UE2 needs to be informed D2D findings.

[0207] 优选实施例八 [0207] Preferred embodiments of eight

[0208] 本优选实施例提供了一种D2D UE认证方法,图14是根据本发明优选实施例的D2DUE认证方法的流程图四,如图14所示,该方法包括如下步骤S1402至步骤S1442。 Embodiment [0208] The preferred embodiment provides a D2D UE authentication method, FIG. 14 is a flowchart of an authentication method four D2DUE preferred embodiment of the present invention, shown in Figure 14, the method comprising the step S1402 to step S1442. 本优选实施例描述了接入到3GPP接入的两个UE进行D2D认证的流程。 Preferred embodiments according to the present embodiment describes the process that the access to the two D2D UE 3GPP access authentication is performed. 本优选实施例描述了接入到3GPP接入的两个UE进行D2D认证的流程。 Preferred embodiments according to the present embodiment describes the process that the access to the two D2D UE 3GPP access authentication is performed. 本优选实施例中UEl和UE2的非3GPP接入可以是相同的,也可以是不同的UEl和UE2的AAA Server可以是同一个AAA Server,也可以是不同的AAA Server。 In the preferred embodiment the non-3GPP access UEl and UE2 may be the same or may be different UEl and UE2, AAA Server AAA Server may be the same or may be different AAA Server. UEl和UE2的HE可以是同一个HE,也可以是不同的HE。 UEl and the UE2 may be a HE HE the same, may be different HE. 邻居发现服务器和AAA Server可以是同一个设备,也可以是不同的设备 Neighbor Discovery Server and AAA Server may be the same device can also be a different device

[0209] 步骤S1402:UE2向AAA Server发送用户认证请求,包含UE2的用户相关ID。 [0209] Step S1402: UE2 sends a user authentication request to the AAA Server, containing the user ID UE2 is associated.

[0210] 步骤S1404:AAA Server向归属环境请求UE2用户的认证向量,以及该用户的D2D授权数据。 [0210] Step S1404: AAA Server requesting authentication vectors to the home environment, the user UE2, D2D and authorization data of the user.

[0211] 步骤S1406:归属环境向AAA Server发送UE2用户的认证向量,以及该用户的D2D授权数据。 [0211] Step S1406: send home environment authentication vector to the user UE2 AAA Server, D2D and authorization data of the user. 如果AAA Server已经保存该用户的认证向量以及D2D授权数据,步骤S1404及步骤S1406可以不执行。 If the AAA Server authentication vector has been saved and the user's authorization data D2D, step S1404 and step S1406 may not be performed.

[0212] 步骤S1408:AAA Server向UE2回复用户认证响应。 [0212] Step S1408: AAA Server authentication response back to the user to UE2. [0213] 步骤S1410:AAA Server向邻居发现服务器发送D2D授权数据。 [0213] Step S1410: AAA Server to discover neighbor D2D server sends authorization data. 该步骤可以发生在S1406和步骤S1422之间。 This step may occur between step S1406 and S1422. 如果AAA Server和邻居发现服务器为同一个设备,该步骤可以不执行。 If the AAA Server and neighbor discovery server for the same device, this step can not be performed.

[0214]步骤 S1412 〜步骤S1420:同步骤S1402 〜S1410。 [0214] Step S1412 ~ Step S1420: same step S1402 ~S1410.

[0215] UEl获取D2D授权数据的过程在UE2获取D2D授权数据的过程之后和之前均可。 After the [0215] UEl obtain authorization D2D D2D data of the process of obtaining authorization data in the process and before UE2 can.

[0216] 步骤S1422:邻居发现服务器根据UEl的D2D授权数据生成UEl用户的D2D发现列表。 [0216] Step S1422: generating a neighbor discovery server UEl user list according D2D D2D discovery of authorization data UEl. 该步骤可以发生在S1420之后,S1442之前。 This may occur after step S1420, before S1442. 如果从HE处获取的是D2D发现列表,此步骤可省略。 If the acquired HE is from D2D discovery list, this step may be omitted.

[0217] 步骤S1424:邻居发现服务器根据UE2的D2D授权数据生成UE2用户的D2D发现列表。 [0217] Step S1424: the neighbor discovery server generates a user UE2 D2D discovery list according D2D authorization data UE2. 该步骤可以发生在步骤S1410之后,步骤S1432之前。 This step may occur in step S1410, before the step S1432. 如果从HE处获取的是D2D发现列表,此步骤可省略。 If the acquired HE is from D2D discovery list, this step may be omitted.

[0218] 步骤S1426 =UEl和UE2感知终端设备在附近,需要进一步确认是否可以互相进行D2D发现。 [0218] Step S1426 = UEl and UE2 sensing device in the vicinity of the terminal, requires further confirmation can be found in each D2D. 如,UEl感知到UE2在附近,并且UEl的用户想发现UE2的用户.[0219] 步骤S1428:UE2向非3GPP接入发送D2D发现请求,其中携带UE2的用户相关ID。 As, in the vicinity of perceived UEL UE2, and the user wants to find UEL user UE2 [0219] Step S1428:. UE2 transmits D2D non-3GPP access to a discovery request, which carries the user ID of UE2 related.

[0220] 步骤S1430:非3GPP接入向邻居发现服务器发送D2D发现请求,其中携带UE2的用户相关ID。 [0220] Step S1430: the non-3GPP access neighbor discovery server transmits D2D discovery request, which carries the user ID UE2 related. 此步骤里的用户相关ID和步骤S1428中的可以相同,也可以是该用户对应的不同ID,例如,步骤骤S1428中的ID可以是基站分配给该用户的D2D ID,而本步骤中的ID是⑶TI或其他ID。 In S1428 may be the same for this step in the user associated ID and the steps may be different ID corresponding to the user, e.g., the step of step S1428 in ID may be a base station assigned to the user the D2D ID, and this step ID It is ⑶TI or other ID.

[0221] 步骤S1432:邻居发现服务器根据UE2用户的D2D授权数据或者D2D发现列表进行判断,UE2用户是否能够被UEl的用户发现。 [0221] Step S1432: the neighbor discovery server discovery list to judge whether the user UE2 can be found that the D2D UEl user authorization data or user UE2 D2D. 如果步骤S1424步骤没有执行,则根据UE2用户的D2D授权数据判断,如果步骤S1424步骤执行了,根据D2D发现列表进行判断。 If the step is not performed in step S1424, the authorization data is determined according to the D2D user UE2, the step S1424 if the executed step, D2D discovery list in accordance with the determination.

[0222] 步骤S1434:邻居发现服务器向非3GPP接入发送D2D发现响应,其中携带UE2用户是否能够被UEl用户发现的判断结果。 [0222] Step S1434: D2D neighbor discovery server sends a response to the discovery of non-3GPP access, wherein the user carries UE2 whether the user is found UEl determination result.

[0223] 步骤S1436:非3GPP接入向UE2发送D2D发现响应。 [0223] Step S1436: D2D non-3GPP access to UE2 transmits a discovery response.

[0224] 步骤S1438〜步骤S1440与步骤S1428〜步骤S1430 —致。 [0224] Step S1440 and Step S1438~ step S1428~ step S1430 - induced.

[0225] 步骤S1442:邻居发现服务器根据UEl用户的D2D授权数据或者D2D发现列表进行判断,UEl用户是否能够发现UE2的用户。 [0225] Step S1442: the neighbor discovery server determines discovery list, the user can find whether UEl according to user UE2 D2D user authorization data UEl or D2D. 如果步骤S1422没有执行,则根据UEl用户的D2D授权数据判断,如果步骤S1422执行了,根据D2D发现列表进行判断。 If the step S1422 is not executed, according to the authorization data determines UEl D2D user, if the step S1422 is performed, according to the judgment discovery list D2D.

[0226] 步骤S1444〜步骤S1446:同步骤S1434〜步骤S1436步骤。 [0226] Step S1444~ Step S1446: step S1436 with the step S1434~ step. UEl的D2D发现过程在UE2的D2D发现过程之前或之后均可。 UEl of D2D discovery process discovery process can be before or after the UE2 D2D.

[0227] 步骤S1442步骤后,如果判断结果为,UE2用户能够被UEI用户发现,UEI用户能够发现UE2用户,D2D发现可以进行;如果判断结果为,UE2用户不能够被UEl用户发现,UEl用户能够发现UE2用户;或服2用户能够被UEl用户发现,UEl用户不能够发现UE2用户;或UE2用户不能够被UEl用户发现,UEl用户不能够发现UE2用户,D2D发现不可以进行。 [0227] After step S1442 step, if the determination result is, UE2 user can be UEI users found, UEI user can find UE2 users, the D2D discovery may be performed; if the determination result is, UE2 user can not be UEL users found, UEL user can found UE2 user; 2 users or services can be found UEL users, UEl the user can not find the user UE2; UE2 or user UEL user can not be found, UEl the user can not find the user UE2, D2D can not be found.

[0228] 优选实施例九 [0228] Preferred Embodiment 9

[0229] 本优选实施例提供了一种D2D UE认证方法,图15是根据本发明优选实施例的D2DUE认证方法的流程图五,如图15所示,该方法包括如下步骤S1502至步骤S1524。 [0229] Preferred embodiments of the present embodiment provides a D2D UE authentication method, FIG. 15 is a flowchart of an authentication method D2DUE five preferred embodiment of the present invention, shown in Figure 15, the method comprising the step S1502 to step S1524. 本优选实施例描述了接入到3GPP接入的两个UE进行D2D认证的流程。 Preferred embodiments according to the present embodiment describes the process that the access to the two D2D UE 3GPP access authentication is performed. 本优选实施例描述了接入到3GPP接入的两个UE进行D2D认证的流程。 Preferred embodiments according to the present embodiment describes the process that the access to the two D2D UE 3GPP access authentication is performed. 本优选实施例中,D2D发现过程开始之后,再进行网络获取授权数据,并且,由一个UE向网络发送D2D发现请求。 In the preferred embodiment, after the discovery process begins D2D, then obtain authorization data network, and transmits to the network of a UE D2D discovery request. 该实施例中UEl和UE2的非3GPP接入可以是相同的,也可以是不同的.UEl和UE2的AAA Server可以是同一个AAAServer,也可以是不同的AAA Server。 This embodiment UEl and UE2 non-3GPP access may be the same or may be different and UE2 .UEl the AAA Server may be the same AAAServer, or may be different AAA Server. UEI和UE2的HE可以是同一个HE,也可以是不同的HE。 UEI and UE2 of a HE HE can be the same or may be different HE. 邻居发现服务器和AAA Server可以是同一个设备,也可以是不同的设备 Neighbor Discovery Server and AAA Server may be the same device can also be a different device

[0230] 步骤S1502 =UEl和UE2感知终端设备在附近,需要进一步确认是否可以互相进行D2D发现。 [0230] Step S1502 = UEl and UE2 sensing device in the vicinity of the terminal, requires further confirmation can be found in each D2D. 如,UEl感知到UE2在附近,并且UEl的用户想发现UE2的用户.[0231] 步骤S1504:UE1向非3GPP接入发送D2D发现请求,其中携带UEl的用户相关ID和UE2的用户相关ID。 As, in the vicinity of perceived UEL UE2, and the user wants to find UEL user UE2 [0231] Step S1504:. UE1 D2D discovery request to send non-3GPP access, wherein the user carries the UEL and UE2 user ID associated correlation ID.

[0232] 步骤S1506:非3GPP接入向邻居发现服务器发送D2D发现请求,请求UEl和UE2的D2D授权数据。 [0232] Step S1506: the non-3GPP access neighbor discovery server transmits D2D discovery request, requesting authorization data D2D UEl and UE2. 如果UEl和UE2的邻居发现服务器不同,则需要单独的两条消息进行请求。 If UEl and UE2 different neighbor discovery server, you need two separate request message.

[0233] 步骤S1508:邻居发现服务器向归属环境发送获取D2D授权数据请求,请求UEl和UE2的D2D授权数据。 [0233] Step S1508: the neighbor discovery server transmits an acquisition request to the authorization data D2D home environment, requesting authorization data D2D UEl and UE2. 如果UEl和UE2的归属环境不同,则需要单独的两条消息进行请求。 If UEl and UE2 different home environment, you need two separate request message.

[0234] 步骤S1510:归属服务器向邻居发现服务器返回获取D2D授权数据响应,包含UEl和UE2的D2D授权数据。 [0234] Step S1510: the neighbor discovery server is a home server returns data in response to obtaining authorization D2D, comprising D2D authorization data UEl and UE2. 如果UEl和UE2的归属环境不同,则需要单独的两条消息。 If UEl and UE2 different home environments, two separate messages are needed.

[0235] 步骤S1512:邻居发现服务器根据UEl的D2D授权数据生成UEl用户的D2D发现列表。 [0235] Step S1512: generating a neighbor discovery server UEl user list according D2D D2D discovery of authorization data UEl. 如果从HE处获取的是D2D发现列表,此步骤可省略。 If the acquired HE is from D2D discovery list, this step may be omitted.

[0236] 步骤S1514:邻居发现服务器根据UE2的D2D授权数据生成UE2用户的D2D发现列表。 [0236] Step S1514: the neighbor discovery server generates a user UE2 D2D discovery list according D2D authorization data UE2. 如果从HE处获取的是D2D发现列表,此步骤可省略。 If the acquired HE is from D2D discovery list, this step may be omitted.

[0237] 步骤S1516:邻居发现服务器根据UEl用户的D2D授权数据或者D2D发现列表进行判断,UEl用户是否能够发现UE2的用户。 [0237] Step S1516: the neighbor discovery server determines discovery list, the user can find whether UEl according to user UE2 D2D user authorization data UEl or D2D. 如果步骤S1512没有执行,则根据UEl用户的D2D授权数据判断,如果步骤S1512步骤执行了,根据D2D发现列表进行判断。 If the step S1512 is not executed, according to the judgment UEl D2D user authorization data, if the steps of step S1512, judgment discovery list according D2D.

[0238] 步骤S1518:邻居发现服务器根据UE2用户的D2D授权数据或者D2D发现列表进行判断,UE2用户是否能够被UEl的用户发现。 [0238] Step S1518: the neighbor discovery server discovery list to judge whether the user UE2 can be found that the D2D UEl user authorization data or user UE2 D2D. 如果步骤S1514没有执行,则根据UE2用户的D2D授权数据判断,如果步骤S1514执行了,根据D2D发现列表进行判断。 If the step S1514 is not executed, according to the authorization data determines D2D user UE2, if step S1514 is performed, in accordance with the determination D2D discovery list.

[0239] 如果判断结果为:UE2用户能够被UEl用户发现,UEl用户能够发现UE2用户,D2D发现可以进行;如果判断结果为,UE2用户不能够被UEl用户发现,UEl用户能够发现UE2用户;或服2用户能够被UEl用户发现,UEl用户不能够发现UE2用户;或服2用户不能够被UEl用户发现,UEl用户不能够发现UE2用户,D2D发现不可以进行。 [0239] If the determination result is: UE2 user can be UEL users found, UEl user can find UE2 user, D2D discovery may be performed; if the determination result is, UE2 user can not be UEL users found, UEl user can find UE2 user; or 2 served user can be found UEL users, UEl the user can not find the user UE2; 2 users or services can not be found UEL users, UEl the user can not find the user UE2, D2D can not be found.

[0240] 步骤S1520:邻居发现服务器向非3GPP接入回复D2D发现响应。 [0240] Step S1520: D2D discovery a neighbor discovery server replies a response to the non-3GPP access.

[0241] 步骤S1522:非3GPP接入向UEl回复D2D发现响应。 [0241] Step S1522: the non-3GPP access D2D discovery response replies to UEl.

[0242] 步骤S1524:非3GPP接入向UE2回复D2D发现响应。 [0242] Step S1524: the non-3GPP access D2D discovery response replies to UE2. 此步骤为可选,在被发现终端UE2也需要得知D2D发现结果时发生。 This step is optional, it is found to occur when the terminal UE2 needs to be informed D2D findings.

[0243] 优选实施例十 [0243] Preferred embodiments Embodiment 10

[0244] 本优选实施例提供了一种D2D UE认证方法,图16是根据本发明优选实施例的D2DUE认证方法的流程图六,如图16所示,该方法包括如下步骤S1602至步骤S1638。 [0244] Preferred embodiments of the present embodiment provides a D2D UE authentication method, six D2DUE FIG. 16 is a flowchart of an authentication method according to a preferred embodiment of the present invention, shown in Figure 16, the method comprising the step S1602 to step S1638. 本优选实施例描述了接入到3GPP的两个UE进行D2D认证的流程。 This example describes the preferred embodiment to two UE 3GPP access process performed D2D authentication. 本优选实施例中MME将UEl用户和UE2用户的D2D发现列表发送给eNB,由eNB进行判断。 In the preferred embodiment the MME user UEl and UE2 user D2D discovery list to the eNB, the determination by the eNB. 该实施例中UEl和UE2的eNB可以是同一个eNB,也可以是不同的eNB.UEI和UE2的MME可以是同一个MME,也可以是不同的MME。 eNB this embodiment UEl and UE2 one eNB may be the same or may be different and the UE2 eNB.UEI one MME with MME may be, or may be a different MME. UEl和UE2的HE可以是同一个HE,也可以是不同的HE。 UEl and the UE2 may be a HE HE the same, may be different HE. [0245] 步骤S1602~步骤S1626:同步骤S1302~S1326。 [0245] Step S1602 ~ Step S1626: same steps S1302 ~ S1326. 如果从HE处获取的是D2D发现列表,步骤S1618,步骤S1620步骤可省略。 If the acquired HE is from D2D discovery list, step S1618, step S1620 step can be omitted.

[0246] 步骤S1628:UE2向eNB发送D2D发现请求,其中携带UE2的用户相关ID。 [0246] Step S1628: UE2 transmits D2D discovery request to eNB, wherein the user carrying the relevant ID UE2.

[0247] 步骤S1630:eNB根据UE2的D2D发现列表进行判断,UE2的用户是否能够被UEl的用户发现。 [0247] Step S1630: eNB discovery list in accordance with the determination of UE2 D2D, whether the user can be UE2 users find UEl.

[0248] 步骤S1632:eNB向UE2发送D2D发现响应。 [0248] Step S1632: eNB transmits a response to the discovery D2D UE2.

[0249] 步骤S1634 =UEl向eNB发送D2D发现请求,其中携带UEl的用户相关ID。 [0249] Step S1634 = UEl transmits to the eNB D2D discovery request, which carries user related UEL ID.

[0250] 步骤S1636:eNB根据UEl的D2D发现列表进行判断,UEl的用户是否能够被UEl的用户发现。 [0250] Step S1636: eNB discovery list in accordance with the determination of UEl D2D, whether the user can be UEl users find UEl.

[0251] 步骤S1638:eNB向UEl发送D2D发现响应。 [0251] Step S1638: eNB discovery response sent to the UEl D2D.

[0252] 如果判断结果为:UE2用户能够被UEl用户发现,UEl用户能够发现UE2用户,D2D发现可以进行;如果判断结果为,UE2用户不能够被UEl用户发现,UEl用户能够发现UE2用户;或服2用户能够被UEl用户发现,UEl用户不能够发现UE2用户;或服2用户不能够被UEl用户发现,UEl用户不能够发现UE2用户,D2D发现不可以进行。 [0252] If the determination result is: UE2 user can be UEL users found, UEl user can find UE2 user, D2D discovery may be performed; if the determination result is, UE2 user can not be UEL users found, UEl user can find UE2 user; or 2 served user can be found UEL users, UEl the user can not find the user UE2; 2 users or services can not be found UEL users, UEl the user can not find the user UE2, D2D can not be found.

[0253] 优选实施例1^一 [0253] ^ a preferred embodiment Example 1

[0254] 本优选实施例提供了一种D2D UE认证方法,图17是根据本发明优选实施例的D2DUE认证方法的流程图七,如图17所示,该方法包括如下步骤S1702至步骤S1738。 [0254] Preferred embodiments of the present embodiment provides a D2D UE authentication method shown in FIG. 17 is a flowchart of an authentication method D2DUE preferred embodiment of the present invention, seven, 17, the method comprising the step S1702 to step S1738.

[0255] 步骤S1702:UE2向MME2发送用户认证请求。 [0255] Step S1702: UE2 sends a user authentication request to the MME2.

[0256] 步骤S1704:MME2向HE发送获取D2D授权数据请求。 [0256] Step S1704: MME2 sends a data request authorization D2D HE acquired.

[0257] 步骤S1706:HE向MME2发送获取D2D授权数据响应。 [0257] Step S1706: HE MME2 sends authorization data acquired in response D2D.

[0258] 步骤S1708:MME2向UE2发送用户认证响应。 [0258] Step S1708: MME2 sends a user authentication response to UE2.

[0259] 步骤S1710 =UEl向MMEl发送用户认证请求。 [0259] Step S1710 = UEl transmits a user authentication request to MMEl.

[0260] 步骤S1712:MME1向HE发送获取D2D授权数据请求。 [0260] Step S1712: MME1 D2D acquired HE sends authorization request data.

[0261] 步骤S1714:HE向MMEl发送获取D2D授权数据响应。 [0261] Step S1714: HE MMEl sends authorization data acquired in response D2D.

[0262] 步骤S1716 =MMEl向UEl发送用户认证响应。 [0262] Step S1716 = MMEl sends a user authentication response to UEl.

[0263] 步骤S1718:根据UEl的D2D授权数据生成D2D发现列表。 [0263] Step S1718: The discovery list D2D D2D generating authorization data to UEl.

[0264] 步骤S1720:根据UE2的D2D授权数据生成D2D发现列表。 [0264] Step S1720: The discovery list D2D D2D generating authorization data UE2.

[0265] 步骤S1722 =MMEl向eNBl发送UEl的D2D授权数据或D2D发现列表。 [0265] Step S1722 = D2D MMEl authorization data sent to the UEl or eNBl D2D discovery list.

[0266] 步骤S1724:MME2向eNB2发送UEl的D2D授权数据或D2D发现列表。 [0266] Step S1724: MME2 D2D authorization data transmitted to eNB2 UEl or D2D discovery list.

[0267]步骤 S1726:UE2 感知存在UEl。 [0267] Step S1726: UE2 sense the presence of UEl.

[0268] 步骤S1728:UE2向eNBl发送D2D发现请求。 [0268] Step S1728: UE2 transmits a discovery request to the D2D eNBl.

[0269] 步骤S1730:eNBl根据UE2的D2D发现列表进行判断。 [0269] Step S1730: eNBl discovery list in accordance with the determination of UE2 D2D.

[0270] 步骤S1732:eNBl向UE2发送D2D发现响应。 [0270] Step S1732: eNBl D2D discovery response sent to UE2.

[0271] 步骤S1734 =UEl向eNB2发送D2D发现请求。 [0271] Step S1734 = UEl D2D discovery request sent to eNB2.

[0272] 步骤S1736:eNB2根据UEl的D2D发现列表进行判断。 [0272] Step S1736: eNB2 discovery list in accordance with the determination of the D2D UEl.

[0273] 步骤S1738:eNB2向UEl发送D2D发现响应。 [0273] Step S1738: eNB2 discovery response sent to the UEl D2D.

[0274] 优选实施例十二 [0274] Preferred embodiments of twelve

[0275] 本优选实施例提供了一种D2D UE认证方法,图18是根据本发明优选实施例的D2DUE认证方法的流程图八,如图18所示,该方法包括如下步骤S1802至步骤S1836。 [0275] This preferred embodiment provides a D2D UE authentication method, FIG. 18 is a flowchart of a preferred embodiment of the present invention, eight D2DUE authentication method of the embodiment shown in Figure 18, the method comprising the step S1802 to step S1836. [0276] 步骤S1802:UE2向MME2发送用户认证请求。 [0276] Step S1802: UE2 sends a user authentication request to the MME2.

[0277] 步骤S1804:MME2向HE发送获取D2D授权数据请求。 [0277] Step S1804: MME2 sends a data request authorization D2D HE acquired.

[0278] 步骤S1806:HE向MME2发送获取D2D授权数据响应。 [0278] Step S1806: HE MME2 sends authorization data acquired in response D2D.

[0279] 步骤S1808:MME2向UE2发送用户认证响应。 [0279] Step S1808: MME2 sends a user authentication response to UE2.

[0280] 步骤S1810 =UEl向MMEl发送用户认证请求。 [0280] Step S1810 = UEl transmits a user authentication request to MMEl.

[0281] 步骤S1812 =MMEl向HEl发送获取D2D授权数据请求。 [0281] Step S1812 = MMEl sends a data request authorization D2D HEl acquired.

[0282] 步骤S1814 =HEl向MMEl发送获取D2D授权数据响应。 [0282] Step S1814 = HEl MMEl sends authorization data acquired in response D2D.

[0283] 步骤S1816 =MMEl向UEl发送用户认证响应。 [0283] Step S1816 = MMEl sends a user authentication response to UEl.

[0284] 步骤S1818 =MMEl根据UEl的D2D授权数据生成D2D发现列表。 [0284] Step S1818 = MMEl D2D discovery list generated according to the D2D authorization data UEl.

[0285] 步骤S1820:MME2根据UE2的D2D授权数据生成D2D发现列表。 [0285] Step S1820: MME2 D2D discovery list generated according D2D authorization data UE2.

[0286] 步骤S1822 =UEl和UE2感知对方存在。 [0286] Step S1822 = UEl and UE2 perceive other exist.

[0287] 步骤S1824 =UEl向eNB发送D2D发现请求。 [0287] Step S1824 = UEl D2D discovery request sent to the eNB.

[0288] 步骤S1826:eNB向MMEl发送D2D发现请求。 [0288] Step S1826: eNB transmits a discovery request to MMEl D2D.

[0289] 步骤S1828 =MMEl根据UEl的D2D发现列表进行判断,并请求MME2进行判断。 [0289] Step S1828 = MMEl judge discovery list, and judge according to UEl MME2 requests the D2D.

[0290] 步骤S1830:MME2根据UE2的D2D发现列表进行判断。 [0290] Step S1830: MME2 discovery list in accordance with the determination of UE2 D2D.

[0291] 步骤S1832 =MMEl向eNB发送D2D发现响应。 [0291] Step S1832 = MMEl D2D to the eNB transmits a discovery response.

[0292] 步骤S1834:eNB向UEl发送D2D发现响应。 [0292] Step S1834: eNB discovery response sent to the UEl D2D.

[0293] 步骤S1836:eNB向UE2发送D2D发现响应。 [0293] Step S1836: eNB transmits a response to the discovery D2D UE2.

[0294] 通过上述实施例,提供了一种D2D UE认证方法及装置,通过获取D2D UE的D2D授权数据,然后使用该D2D授权数据对该D2D UE进行认证,使得可以D2D UE可以被认证管理,解决了相关技术中D2D UE通信安全性比较差的问题,从而实现了对D2D UE通过D2D授权数据进行认证,提高了D2D UE通信的安全性,且通过对D2D鉴权数据的管理,以及根据D2D鉴权数据进行D2D发现的判断,令运营商对D2D发现的权限客观可控,同时令用户可以对D2D发现的权限进行控制。 [0294] By the above-described embodiment, there is provided a method and apparatus for authentication D2D UE, by acquiring data D2D D2D UE is authorized, then the authorization data using the D2D D2D UE authentication, making it possible to manage D2D UE may be authenticated, solve the related technologies in relatively poor D2D UE communication security issues, thus realizing the D2D UE authentication via D2D authorization data, improves security D2D UE communication, and through the management of D2D authentication data, and based on D2D authentication data to judge the D2D discovery, so that operators permission to D2D discovery of objective control, at the same time so that the user can control the privileges D2D discovery. 需要说明的是,这些技术效果并不是上述所有的实施方式所具有的,有些技术效果是某些优选实施方式才能取得的。 Incidentally, the technical effect of these embodiments, not all of the above-described embodiment has some technical effects of certain preferred embodiments in order to achieve the embodiment.

[0295] 显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而可以将它们存储在存储装置中由计算装置来执行,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。 [0295] Obviously, those skilled in the art should understand that the modules or steps of the present invention described above can be used general-purpose computing device, they can be integrated in a single computing device or distributed across multiple computing devices available on the Internet, optionally, they can be implemented with program codes executable by the computing device, thereby may be performed by a computing device stored in a storage device, or they are made into integrated circuit modules, or they plurality of modules or steps are manufactured into a single integrated circuit module. 这样,本发明不限制于任何特定的硬件和软件结合。 Thus, the present invention is not limited to any particular hardware and software combination.

[0296] 以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。 [0296] The foregoing is only preferred embodiments of the present invention, it is not intended to limit the invention to those skilled in the art, the present invention may have various changes and variations. 凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 Any modification within the spirit and principle of the present invention, made, equivalent substitutions, improvements, etc., should be included within the scope of the present invention.

Claims (27)

1.一种设备到设备D2D用户设备UE认证方法,其特征在于包括: 获取一个或多个D2D UE对应的一个或多个D2D授权数据; 使用所述一个或多个D2D授权数据对所述一个或多个D2D UE进行认证。 1. An apparatus to a user apparatus UE D2D device authentication method, comprising: obtaining the one or more corresponding one or more D2D UE D2D authorization data; using the one or more authorization data of the one D2D or more D2D UE authentication.
2.根据权利要求1所述的方法,其特征在于, 获取一个或多个D2D UE的一个或多个D2D授权数据包括以下之一: 所述网络设备获取一个或多个D2D UE的一个或多个D2D授权数据; 所述网络设备获取一个或多个D2D UE的一个或多个D2D授权数据;所述网络设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表。 2. The method according to claim 1, wherein the one or more acquired D2D UE D2D or more authorization data comprises one of: acquiring one or more of the network device or a plurality of D2D UE a D2D authorization data; the network device, obtaining a plurality or a D2D UE D2D or more authorized transactions; the network device according to generate one or more of the one or more D2D D2D authorization data discovery list.
3.根据权利要求2所述的方法,其特征在于,所述网络设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表包括: 所述网络设备根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或所述网络设备根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 3. The method according to claim 2, wherein the network device according to generate one or more of the one or more D2D D2D authorization data discovery list comprising: the network device based on the one or more D2D authorization data and the one or more D2D UE identity ID generate the one or more D2D discovery list; or the network device generates the user's authorization data and the application ID based on the one or a plurality of the D2D or more D2D discovery list.
4.根据权利要求2所述的方法,其特征在于,使用所述一个或多个D2D授权数据对所述一个或多个D2DUE进行认证包括: 所述网络设备根据多个D2D发现列表和/或多个D2D授权数据判断所述多个D2DUE之间是否允许进行D2D发现操作。 4. The method according to claim 2, characterized in that, using the one or more D2D authorization data of the one or more D2DUE authenticating comprising: a plurality of the network device according D2D discovery list, and / or D2D authorization data determines whether a plurality of permitted between said plurality D2DUE D2D discovery operation performed.
5.根据权利要求4所述的方法,其特征在于,所述网络设备根据所述多个D2D发现列表判断所述多个D2D UE之间是否允许进行D2D发现操作包括: 所述网络设备根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2DUE中的两个D2D UE中的第一D2D UE是否能够发现所述两个D2D UE中的第二D2DUE,且所述第二D2DUE能够被第一D2DUE发现; 如果判断结果为是,所述网络设备确定所述两个D2D UE之间允许进行所述D2D发现操作;如果判断结果为否,所述网络设备确定所述两个D2D UE之间不允许进行所述D2D发现操作。 The method according to claim 4, wherein the network device discovery list determining whether to permit between the plurality of D2D D2D UE discovery operation comprising a plurality of the D2D: according to the network device D2D discovery whether said plurality of lists and / or multiple two D2D D2D UE determines authorization data in the first plurality D2DUE D2D UE can be found in the two second D2D UE D2DUE, and the a first D2DUE second D2DUE can be found; if the judgment result is positive, the network device determines the allowed between the two D2D UE D2D discovery operation; if the determination result is NO, the network device determines the It does not allow the discovery operation between two D2D D2D UE.
6.根据权利要求1所述的方法,其特征在于, 获取一个或多个D2D UE对应的一个或多个D2D授权数据包括:所述网络设备获取一个或多个D2D UE对应的一个或多个D2D授权数据; 使用所述一个或多个D2D授权数据对所述一个或多个D2D UE进行认证包括:所述网络设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表;所述网络设备将所述一个或多个D2D发现列表发送给无线接入设备,由所述无线接入设备使用该D2D发现列表对所述D2D UE进行认证。 6. The method according to claim 1, wherein the one or more D2D UE acquires a corresponding one or more D2D authorization data comprises: acquiring the network device one or more of a corresponding one or more D2D UE D2D authorization data; D2D using the one or more authorization data of the one or more D2D UE authenticating comprises: the network device generates one or more authorization data D2D discovery list from the one or more D2D; the network device to one or more of the D2D discovery list sent to the wireless access device, the D2D used by the wireless access device discovery list authenticating the D2D UE.
7.根据权利要求6所述的方法,其特征在于,所述网络设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表包括: 所述网络设备根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或所述网络设备根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 7. The method according to claim 6, wherein the network device according to generate one or more of the one or more D2D D2D authorization data discovery list comprising: the network device based on the one or more D2D authorization data and the one or more D2D UE identity ID generate the one or more D2D discovery list; or the network device generates the user's authorization data and the application ID based on the one or a plurality of the D2D or more D2D discovery list.
8.根据权利要求1所述的方法,其特征在于, 获取D2D UE的D2D授权数据包括以下之一: 无线接入设备接收网络设备转发的所述一个或多个D2D UE对应的一个或多个D2D授权数据; 所述无线接入设备接收网络设备转发的所述一个或多个D2D UE对应的一个或多个D2D授权数据;所述无线接入设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表。 8. The method according to claim 1, characterized in that a D2D D2D UE acquires the authorization data comprises one of the following: a receiving device of the wireless access network device forwards one or more corresponding one or more D2D UE D2D authorization data; D2D one or more of the authorization data corresponding to the one or more D2D UE device receives the radio access network device forwards; and the wireless access device according to one or more authorization data generating D2D one or more D2D discovery list.
9.根据权利要求8所述的方法,其特征在于,所述无线接入设备根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表包括: 所述无线接入设备根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或所述无线接入设备根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 9. The method according to claim 8, wherein said wireless access device according to generate one or more of the one or more D2D D2D authorization data discovery list comprising: the wireless access equipment according to the D2D one or more authorization data and the one or more D2D UE identity ID generate the one or more D2D discovery list; or the wireless access device according to one or more users and authorization data D2D application of one or more of the ID generating D2D discovery list.
10.根据权利要求6至9中任一项所述的方法,其特征在于,使用所述一个或多个D2D授权数据对所述一个或多个D2D UE进行认证包括: 所述无线接入设备根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否允许进行D2D发现操作。 10. The method of claim 6-1 according to any claim 9, characterized in that, using the one or more D2D authorization data of the one or more authenticating D2D UE comprising: the wireless access device the D2D discovery of the plurality of lists and / or multiple D2D determines whether to allow authorization data between a plurality of D2D D2D UE perform discovery operations.
11.根据权利要求10所述的方法,其特征在于,所述无线接入设备根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否可以进行D2D发现操作包括:` 所述无线接入设备根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现所述两个D2D UE中的第二D2DUE,且所述第二D2DUE能够被所述第一D2DUE发现; 如果判断结果为是,所述无线接入设备确定所述两个D2D UE之间允许进行所述D2D发现操作;如果判断结果为否,所述无线接入设备确定所述两个D2D UE之间不允许进行所述D2D发现操作。 11. The method according to claim 10, wherein, if the wireless access device can be found between D2D list and / or a plurality of said plurality of data judging authorization D2D D2D UE according to the plurality of D2D discovery operation comprising: `find out whether the list of wireless access device and / or a plurality of said plurality of data judging authorization D2D D2D UE in the first two D2D UE D2D UE can be found based on the plurality of the D2D said two second D2D UE D2DUE, and the second D2DUE D2DUE found to be the first; if the determination result is YES, the wireless access device determines the allowable for the D2D UE between two said D2D discovery operation; if the determination result is NO, the wireless access device is determined not allow the discovery operation between the two D2D D2D UE.
12.根据权利要求2至9、11中任一项所述的方法,其特征在于,所述多个D2D UE对应的移动性管理实体MME,基站和/或归属环境HE是不相同的,其中,所述HE包括以下之一:归属用户服务器HSS、接入网发现和选择功能单元ANDSF、应用服务器、分组数据网关P-GW。 9, 11 to 12. The method according to any one of the preceding claims, wherein said plurality of corresponding D2D UE the MME mobility management entity, the base station and / or the home environment HE is not the same, wherein the HE comprises one of the following: the HSS home Subscriber server, the access network discovery and selection function unit the ANDSF, application server, a packet data gateway P-GW.
13.根据权利要求2至9、11中任一项所述的方法,其特征在于,所述网络设备包括以下之一:MME、邻居发现服务器。 9, 11 to 13. The method according to any one of the preceding claims, wherein the network device comprises one of the following: MME, the neighbor discovery server.
14.根据权利要求6至9、11中任一项所述的方法,其特征在于,所述无线接入设备包括以下之一:基站、接入控制器AC、接入点AP。 6 to 9, 11 14. The method according to any one of the preceding claims, characterized in that the wireless access device comprises one of the following: a base station, an access controller AC, the access point AP.
15.根据权利要求3或7所述的方法,其特征在于,所述D2D UE的ID包括以下至少之国际移动用户识别码MS1、国际移动装备识别码ME1、全球唯一用户设备标识GUT1、D2D发现过程中的标识。 15. The method of claim 3 or claim 7, wherein said D2D UE includes at least an ID of the international mobile subscriber identity MS1, international mobile equipment identity ME1, globally unique user equipment identifier GUT1, D2D found the process of identification.
16.根据权利要求2至9、11中任一项所述的方法,所述D2D发现列表包括:允许发现所述D2D UE的第一D2D UE的标识和/或允许被所述D2D UE发现的第二D2D UE的标识。 16. A method according to any one of claim 9,11 claim D2D discovery list comprising: a first discovery allows the D2D UE D2D UE identification and / or allow the D2D UE is found the identity of the second D2D UE.
17.一种设备到设备D2D用户设备UE认证装置,其特征在于包括: 第一获取模块,用于获取一个或多个D2D UE对应的一个或多个D2D授权数据; 第一认证模块,用于使用所述一个或多个D2D授权数据对所述一个或多个D2D UE进行认证。 17. An apparatus to apparatus D2D user equipment UE authentication apparatus, comprising: a first acquiring module, for acquiring one or more D2D UE D2D corresponding to one or more authorization data; a first authentication module, configured to using the one or more D2D authorization data of the one or more authentication D2D UE.
18.根据权利要求17所述的装置,其特征在于,所述第一获取模块位于网络设备,其中, 所述第一获取模块包括以下之一: 第二获取模块,用于获取一个或多个D2D UE对应的一个或多个D2D授权数据; 第三获取模块,用于获取一个或多个D2D UE的一个或多个D2D授权数据;和,第一生成模块,用于根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表。 18. The apparatus according to claim 17, wherein said first acquisition module is located in a network device, wherein the first acquisition module comprises one of the following: a second acquiring module, for acquiring one or more D2D UE D2D corresponding to one or more authorized transactions; a third acquiring module, for acquiring one or more of a plurality of D2D D2D UE or authorization data; and, a first generating module, according to one or more of a D2D generates one or more authorization data D2D discovery list.
19.根据权利要求18所述的装置,其特征在于,第一生成模块包括: 第二生成模块,用于根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或第三生成模块,用于根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 19. The apparatus according to claim 18, wherein the first generating module comprises: a second generating module, and the authorization data for the one or more D2D UE identity ID based on the one or more D2D generating the one or more D2D discovery list; or the third generating means for generating the one or more D2D discovery list from the one or more users and authorization data D2D app ID.
20.根据权利要求18所述的装置,其特征在于,所述第一认证模块位于网络设备,其中, 所述第一认证模块包括:第一判断模块,用于根据多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否允许进行D2D发现操作。 20. The apparatus according to claim 18, wherein said first module is located in a network authentication apparatus, wherein said first authentication module comprises: a first determining module, according to a plurality of D2D discovery list and / D2D or more authorization data determines whether to allow between the plurality of D2D D2D UE discovery operations.
21.根据权利要求20所述的装置,其特征在于,所述第一判断模块包括: 第二判断模块,用于根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现所述两个D2D UE中的第二D2DUE,且所述第二D2DUE能够被第一D2DUE发现; 第一确定模块,用于所述第二判断模块的判断结果为是时,确定所述两个D2D UE之间允许进行所述D2D发现操作;第二确定模块,用于所述第二判断模块的判断结果为否时,确定所述两个D2D UE之间不允许进行所述D2D发现操作。 21. The apparatus according to claim 20, wherein the first determining module comprises: a second determining module configured to discover a list and / or a plurality of said plurality D2D authorization data based on said determined plurality D2D whether one of the two D2D UE D2D UE first D2D UE can be found in the two second D2DUE D2D UE, and the second D2DUE D2DUE found to be a first; a first determining module configured to the determination result of the second determining module is yes, it is determined to allow the discovery operation between the two D2D D2D the UE; determining a second module, the second determination module for determination result is NO, determining the D2D discovery operation is not permitted between the two D2D UE.
22.根据权利要求17所述的装置,其特征在于,所述第一获取模块和所述第一认证模块位于所述网络设备,其中, 所述第一获取模块包括:第三获取模块,用于获取一个或多个D2D UE对应的一个或多个D2D授权数据; 所述第一认证模块包括:第四生成模块,用于根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表;发送模块,用于将所述D2D发现列表发送给无线接入设备,其中,所述D2D发现列表用于所述无线接入设备使用该D2D发现列表对所述D2D UE进行认证。 22. The apparatus according to claim 17, wherein the first acquisition module and the first module located in the network authentication device, wherein the first acquisition module comprises: a third acquisition module, with to obtain one or more D2D UE D2D corresponding to one or more authorized transactions; the first authentication module comprising: a fourth generating means for generating one or more D2D discovery based on the one or more authorization data D2D list; sending means for sending the list to find the D2D radio access device, wherein the D2D discovery list for the wireless access device uses the list to find the D2D D2D UE authentication.
23.根据权利要求22所述的装置,其特征在于,所述第四生成模块包括: 第五生成模块,用于根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或第六生成模块,用于根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 23. The apparatus according to claim 22, wherein said fourth generation module comprises: a fifth generation module, according to one or more of the D2D authorization data and the one or more of D2D UE identification ID to generate the one or more D2D discovery list; or the sixth generating means for generating the one or more D2D discovery list from the one or more users and authorization data D2D app ID.
24.根据权利要求17所述的装置,其特征在于,所述第一获取模块位于无线接入设备,其中, 所述第一获取模块包括以下之一: 第一接收模块,用于接收所述网络设备转发的所述一个或多个D2D UE对应的一个或多个D2D授权数据; 第二接收模块,用于接收所述网络设备转发的所述D2D UE的D2D授权数据;和,第七生成模块,用于根据所述一个或多个D2D授权数据生成一个或多个D2D发现列表。 24. The apparatus according to claim 17, wherein said first acquiring module located in a wireless access device, wherein one of the first acquisition module comprises: receiving the first receiving module, configured to D2D UE or a plurality of said network device corresponding to the one or more forwarding D2D authorization data; a second receiving module, for authorizing the D2D D2D UE receiving data forwarded by the network device; and, the seventh generation module, for discovering a list of the one or more authorized D2D D2D data generator according to one or more.
25.根据权利要求24所述的装置,其特征在于,所述第七生成模块包括: 第八生成模块,用于根据所述一个或多个D2D授权数据和所述一个或多个D2D UE的标识ID生成所述一个或多个D2D发现列表;或第九生成模块,用于根据所述一个或多个D2D授权数据和用户的应用ID生成所述一个或多个D2D发现列表。 25. The apparatus according to claim 24, wherein said seventh generation module comprises: generating an eighth module, according to one or more of the D2D authorization data and the one or more of D2D UE identification ID to generate the one or more D2D discovery list; or ninth generation module for generating said one or more D2D discovery list from the one or more users and authorization data D2D app ID.
26.根据权利要求24所述的装置,其特征在于,所述第一认证模块位于无线接入设备, 所述第一认证模块包括:第三判断模块,用于根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE之间是否允许进行D2D发现操作。 26. The apparatus according to claim 24, characterized in that the first authentication module is located in a wireless access device, the first authentication module comprises: a third determining module, for discovering from the plurality of lists D2D and / or a plurality of D2D data judging whether to allow authorization among a plurality of D2D D2D UE discovery operations.
27.根据权利要求26所述的装置,其特征在于,所述第三判断模块包括: 第四判断模块,用于根据所述多个D2D发现列表和/或多个D2D授权数据判断所述多个D2D UE中的两个D2D UE中的第一D2D UE是否能够发现所述两个D2D UE中的第二D2DUE,且所述第二D2DUE能够被第一D2DUE发现; 第三处理模块,用于所述第四判断模块的判断结果为是时,确定所述两个D2D UE之间允许进行所述D2D发现操作; 第四确定模块,用于所述第四判断模块的判断结果为否时,确定所述两个D2D UE之间不允许进行所述D2D发现操作。 27. The apparatus according to claim 26, wherein said third determining module comprises: a fourth determining module, for discovering a list and / or a plurality of said plurality D2D authorization data based on said determined plurality D2D whether one of the two D2D UE D2D UE first D2D UE can be found in the two second D2DUE D2D UE, and the second D2DUE D2DUE found to be a first; a third processing module, for a fourth determination result of the determining module is for determining the D2D allows the discovery operation between two D2D UE; determining a fourth module, for determining the result of the fourth determination module is NO, determining the D2D discovery operation is not permitted between the two D2D UE.
CN201210383325.3A 2012-10-11 2012-10-11 D2d user equipment authentication method and device CN103731826A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210383325.3A CN103731826A (en) 2012-10-11 2012-10-11 D2d user equipment authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210383325.3A CN103731826A (en) 2012-10-11 2012-10-11 D2d user equipment authentication method and device

Publications (1)

Publication Number Publication Date
CN103731826A true CN103731826A (en) 2014-04-16

Family

ID=50455718

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210383325.3A CN103731826A (en) 2012-10-11 2012-10-11 D2d user equipment authentication method and device

Country Status (1)

Country Link
CN (1) CN103731826A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015157995A1 (en) * 2014-04-18 2015-10-22 Nokia Technologies Oy Inter-operator device-to-device operation
WO2016054824A1 (en) * 2014-10-11 2016-04-14 华为技术有限公司 User detection method, user equipment and proximity service functional entity
CN106034283A (en) * 2015-03-19 2016-10-19 阿尔卡特朗讯 Direct communication connection method and device between intelligent equipment and mobile hard disk
WO2019110018A1 (en) * 2017-12-08 2019-06-13 大唐移动通信设备有限公司 Message authentication method for communication network system, communication method and communication network system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100011110A1 (en) * 2008-07-14 2010-01-14 Nokia Corporation Mobile terminal to media server connection apparatus, system, and method
CN101772199A (en) * 2008-11-24 2010-07-07 华为终端有限公司 Method and device for establishing D2D network
US20110182280A1 (en) * 2008-09-25 2011-07-28 Nokia Corporation Synchronization for Device-to-Device Communication
WO2011109941A1 (en) * 2010-03-11 2011-09-15 Nokia Corporation Method and apparatus for device-to-device communication setup
CN102711105A (en) * 2012-05-18 2012-10-03 华为技术有限公司 Method, device and system for communication through mobile communication network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100011110A1 (en) * 2008-07-14 2010-01-14 Nokia Corporation Mobile terminal to media server connection apparatus, system, and method
US20110182280A1 (en) * 2008-09-25 2011-07-28 Nokia Corporation Synchronization for Device-to-Device Communication
CN101772199A (en) * 2008-11-24 2010-07-07 华为终端有限公司 Method and device for establishing D2D network
WO2011109941A1 (en) * 2010-03-11 2011-09-15 Nokia Corporation Method and apparatus for device-to-device communication setup
CN102711105A (en) * 2012-05-18 2012-10-03 华为技术有限公司 Method, device and system for communication through mobile communication network

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015157995A1 (en) * 2014-04-18 2015-10-22 Nokia Technologies Oy Inter-operator device-to-device operation
TWI573486B (en) * 2014-04-18 2017-03-01 諾基亞科技公司 Inter-operator device-to-device operation
RU2661286C2 (en) * 2014-04-18 2018-07-13 Нокиа Текнолоджиз Ой Device-to-device communication between networks of different communication operators
WO2016054824A1 (en) * 2014-10-11 2016-04-14 华为技术有限公司 User detection method, user equipment and proximity service functional entity
CN106664731B (en) * 2014-10-11 2019-10-25 华为技术有限公司 User has found method, user equipment and close to business function entity
CN106664731A (en) * 2014-10-11 2017-05-10 华为技术有限公司 User detection method, user equipment and proximity service functional entity
US10306701B2 (en) 2014-10-11 2019-05-28 Huawei Technologies Co., Ltd. User discovery method, user equipment, and proximity service function entity
CN106034283A (en) * 2015-03-19 2016-10-19 阿尔卡特朗讯 Direct communication connection method and device between intelligent equipment and mobile hard disk
WO2019110018A1 (en) * 2017-12-08 2019-06-13 大唐移动通信设备有限公司 Message authentication method for communication network system, communication method and communication network system

Similar Documents

Publication Publication Date Title
JP6301429B2 (en) Device for performing communication, user device, and computer program
EP2304902B1 (en) Network discovery and selection
KR20130033409A (en) Multi-homed peer-to-peer network
US9763179B2 (en) Method and apparatus for supporting proximity discovery procedures
CN103188742B (en) A communication handover method, user equipment and base station
KR101405685B1 (en) Group-based machine to machine communication
JP2012525045A (en) Method and apparatus for discovering authentication information in a wireless network environment
KR20120123553A (en) Group paging for machine-type communications
US20130160101A1 (en) Wireless Communication Systems and Methods
US10193933B2 (en) System and method for post-discovery communication within a neighborhood-aware network
JP5793812B2 (en) Method, network side device, user equipment, and network system for triggering data offload
JP2014504065A (en) Probe messaging for direct link connections
US10299092B2 (en) Systems and methods for machine to machine device control and triggering
KR101549029B1 (en) User equipment-initiated control method and apparatus for providing proximity service
US9432960B2 (en) Method of handling proximity service in wireless communication system
WO2014040506A1 (en) Terminal discovery, discovery processing method and device
US9532224B2 (en) Method of device-to-device discovery and apparatus thereof
CN104854916A (en) Device-to-device finding adopting direct wireless signal
EP2833694A2 (en) Method of relay discovery and communication in a wireless communications system
CN103139930A (en) Connection establishment method and user devices
WO2013038325A1 (en) Methods and apparatus for controlling device-to-device discovery procedure
US20160065538A1 (en) Wireless communication systems and methods
CN102123477B (en) Access realization method and device of M2M (Machine to Machine) core network
CN103299700A (en) Methods and apparatus of integrating device policy and network policy for arbitration of packet data applications
US20130272287A1 (en) System and Method for ANDSF Enhancement with ANQP Server Capability

Legal Events

Date Code Title Description
C06 Publication
EXSB Decision made by sipo to initiate substantive examination
WD01