CN104918247A

CN104918247A - Service discovery and authentication method, equipment, terminal and system

Info

Publication number: CN104918247A
Application number: CN201410093709.0A
Authority: CN
Inventors: 游世林; 梁爽; 蔡继燕; 彭锦
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2014-03-13
Filing date: 2014-03-13
Publication date: 2015-09-16
Also published as: WO2015135269A1

Abstract

The embodiment of the invention discloses a service discovery and authentication method, equipment, a terminal and a system. The method comprises steps: a ProSe (Proximity-based Service) functional entity receives a type and a first identity of a discovery service sent by a terminal; a second identity is acquired according to the first identity; authentication is carried out on the discovery service according to the second identity; when authentication is passed, a corresponding service process is sent to a second ProSe functional entity according to the service type; and a discovery service response message is sent to the terminal.

Description

A kind of method of service discovering and authentication, equipment, terminal and system

Technical field

The present invention relates to moving communicating field, particularly relate to a kind of method of service discovering and authentication, equipment, terminal and system.

Background technology

In mobile communications, under prior art, UE is by wireless access network (E-UTRAN, Evolved Universal Terrestrial Radio Access Network) be linked into the evolved packet system (EPS of 3GPP, Evolved Packet System) core net (EPC, Evolved Packet Core Networking).In EPC, packet data gateway (P-GW, PDN Gateway) and Gateway GPRS Support Node (GGSN, Gateway GPRS Supporting Node) be referred to as public data network gateway, for distributing and the forwarding of IP data for the UE under E-UTRAN performs IP.In communication process, IP traffic is through evolved base station B(eNB, Evolved Node B) after be forwarded to public data network gateway (GGSN/PGW), and then by GGSN/PGW according to IP routing rule, IP traffic is sent to application server (AS, Application Server) or destination UE.

When two UE are in the region closed on, if still set up carrying by above-mentioned process to go forward side by side Serial Communication, so can take the resource of public data network gateway (GGSN/PGW) in core net, therefore, industry proposes a kind of device-to-device (D2D, Device to Device) between direct communication business, also can be called as the business (Proximity-based Services, be called for short ProSe) based on distance.In D2D business, when two UE location comparisons close to time, two terminals can direct communication, and its data path connected can not rap around to core net, reduce the route of data in GGSN/PGW on the one hand roundabout, decrease the data load in GGSN/PGW on the other hand.

Two terminal UE 1 accessed by D2D and UE2 can belong to same PLMN (PLMN, Public Land Mobile Network) or two different PLMN.When UE1 and UE2 belongs to same PLMN, this PLMN can be called the PLMN(HPLMN of the ownership of UE1 and UE2, Home PLMN), be characterized in: the Mobile Country Code MCC (MCC in HPLMN, Mobile Country Code) and Mobile Network Code (MNC, Mobile Network Code) be consistent with MCC with MNC that comprise in the international mobile subscriber identity (IMSI, International Mobile Subscriber IdentificationNumber) in UE1 and UE2; When UE1 and UE2 belongs to two different PLMN, in the configuration diagram of D2D as shown in Figure 1, the HPLMN of UE1 is PLMN1, the HPLMN of UE2 is PLMN2, when UE1 moves to PLMN2, for UE1, PLMN2 is the PLMN(VPLMN of the visit of UE1, Visited PLMN), and for UE1, the PLMN of current region can be called again the PLMN(LPLMN of this locality of UE1, Local PLMN), therefore, when UE1 enters into PLMN2, PLMN2 is exactly the PLMN of this locality of current UE 1.

In the D2D framework shown in Fig. 1, UE1 and UE2 all has relevant ProSe application, be connected with ProSe application server by PC1 interface, ProSe application server provides relevant authentication function and ProSe function (ProSe Function), ProSe application server can be provided by the service provider runed, and also can be provided by the carrier network of operation EPC; Interface between UE1 and UE2 is PC5, for mutually directly finding and communicating between terminal; Also deploy ProSe functional entity at different PLMN, the interface of terminal and ProSe functional entity is PC3, for the discovery certification by network; The interface of ProSe functional entity and existing EPC is PC4, comprises the chain of command interface with the interface in the user plane of the P-GW of existing EPC and the home subscriber server (HSS, Home Subscriber Server) with existing EPC, for the certification of D2D service discovering; The interface of ProSe functional entity and ProSe application server is PC2, and the application for D2D business realizes; PC6 and PC7 interface is had respectively between ProSe functional entity and ProSe functional entity, being respectively used to UE in roaming and two kinds of non-roaming situation: UE is PC7 interface when roaming, and non-roaming be PC6 interface, for finding that business is the information interaction between two ProSe functional entitys.

And in existing service discovering process, UE1 is when sending service discovering request, need the IMSI and/or the Mobile Subscriber International ISDN number (MSISDN that send self, Mobile Station international ISDN number) as mark when carrying out service discovering request, wherein ISDN is integrated services digital network (Integrated Services Digital Network).When IMSI is as mark, easily makes IMSI be exposed to and find, in business request information, to cause the privacy information of user to expose, the easy victim of user is attacked; When MSISDN is as mark, the MSISDN parameter in UE arbitrarily can be configured by user, and can easily cause UE when the MSISDN of configuration error, the discovery service request of transmission is made mistakes.

Summary of the invention

In view of this, the embodiment of the present invention is expected to provide a kind of method of service discovering and authentication, equipment, terminal and system, makes in the framework of D2D, the process that UE carries out service discovering more safety and not easily makeing mistakes.

For achieving the above object, technical scheme of the present invention is achieved in that

A method for service discovering, be applied to the network side in device-to-device D2D framework, described method comprises:

The type of the first discovery business sent based on the business ProSe functional entity receiving terminal of distance and the first mark;

A described ProSe functional entity identifies according to described first mark acquisition second;

A described ProSe functional entity carries out certification according to the second mark to described discovery business;

When certification is passed through, a described ProSe functional entity sends corresponding operation flow according to described type of service to the 2nd ProSe functional entity;

A described ProSe functional entity sends to described terminal and finds service response message.

Wherein, a described ProSe functional entity identifies according to described first mark acquisition second, comprising:

A described ProSe functional entity sends the second mark according to described first mark to mobile management entity MME and obtains request, wherein, described second mark obtains request and is used for described MME and obtains described second according to described first mark and described first mark identify with the described second corresponding relation identified;

Receive the second mark acquisition response that described MME sends, described second mark obtains response and comprises described second mark.

Wherein, a described ProSe functional entity identifies according to described first mark acquisition second, comprising: a described ProSe functional entity sends the second mark to described terminal and obtains request; A described ProSe functional entity receives the second mark acquisition response that described terminal sends, and described second mark obtains response and comprises described second mark.

Wherein, a described ProSe functional entity carries out certification according to the second mark to described discovery business, comprising:

A described ProSe functional entity is according to the described second identified query first information, and the described first information is the business contexts of described terminal;

When not inquiring the described first information, a described ProSe functional entity, after carrying out the certification of described discovery business with home subscriber server HSS, is preserved the described first information that described HSS generates;

When inquiring the described first information, a described ProSe functional entity and described terminal carry out the certification of described discovery business.

Wherein, the type of described discovery business is for announcing, monitoring or coupling;

Accordingly, a described ProSe functional entity sends corresponding operation flow according to described type of service to described 2nd ProSe functional entity, comprising:

When described type of service is for announcing, a described ProSe functional entity sends publish request message to described 2nd ProSe functional entity, and receives publish response message from described 2nd ProSe functional entity;

When described type of service is for monitoring, a described ProSe functional entity sends interception request message to described 2nd ProSe functional entity, and receives interception request response message from described 2nd ProSe functional entity

When described type of service is for coupling, a described ProSe functional entity sends matching request message to described 2nd ProSe functional entity, when the match is successful for described 2nd ProSe functional entity, receive matching request response message from described 2nd ProSe functional entity.

A kind of service discovering method, be applied to the terminal in device-to-device D2D framework, described method comprises:

Described terminal sends type and first mark of discovery business to a ProSe functional entity, and a described ProSe functional entity is the ProSe functional entity under described terminal HPLMN;

Identify after the second mark and the type of described discovery business that acquire carry out certification to described discovery business at a described ProSe functional entity according to described first, described terminal receives the discovery service response message that a described ProSe functional entity sends.

Wherein, after the type that described terminal sends discovery business to a described ProSe functional entity and the first mark, and before described terminal receives and send find service response message to described terminal, described method also comprises: described terminal receives a described ProSe functional entity and sends the second mark and obtain request; Described terminal sends the second mark to a described ProSe functional entity and obtains response, and described second mark obtains response and comprises described second mark.

A kind of method for authenticating, described method comprises:

Second based on distance business ProSe functional entity by terminal first mark obtain described terminal second mark;

Described 2nd ProSe functional entity sends to a described ProSe functional entity and obtains authentication information request, the request of described acquisition authentication information comprises beyond the mark of the PLMN of described this locality, also comprise described second mark or described first mark, the request of described acquisition authentication information is used for a described ProSe functional entity obtains described terminal authentication context according to described second mark or described first mark;

Described 2nd ProSe functional entity receives the acquisition authentication information request sent by a described ProSe functional entity and responds, and described acquisition authentication information request response comprises the authentication context of described terminal;

Described 2nd ProSe functional entity sends the response of described authentication request, to complete the authentication process between described 2nd ProSe functional entity and described terminal to described terminal.

Wherein, described 2nd ProSe functional entity obtains the second mark of described terminal by the first mark of described terminal, specifically comprises:

Described 2nd ProSe functional entity receives the authentication request that described terminal sends, and described authentication request comprises the first mark of described terminal;

Described 2nd ProSe functional entity sends the second mark to mobile management entity MME and obtains request, and described second mark acquisition request comprises described first mark;

The second mark that described 2nd ProSe functional entity receives described MME transmission obtains response, and described second mark acquisition response comprises the second mark of described terminal.

A kind of method for authenticating, described method comprises:

One ProSe functional entity receives the acquisition authentication information request that the 2nd ProSe functional entity sends, and the request of described acquisition authentication information comprises beyond the mark of local PLMN, also comprises the second mark or first mark of terminal;

When not comprising described second mark in the request of described acquisition authentication information, a described ProSe functional entity obtains described second mark according to described first mark;

A described ProSe functional entity obtains the authentication context of described terminal according to described second mark;

A described ProSe functional entity sends to described 2nd ProSe functional entity and obtains authentication information request response, and described acquisition authentication information request response comprises the authentication context of described terminal.

Wherein, a described ProSe functional entity obtains the authentication context of described terminal according to described second mark, specifically comprises:

The authentication context of described ProSe functional entity terminal according to described second identified query;

Authentication context according to described terminal carries out authentication to the mark of the PLMN of described this locality and described second mark;

When authentication is passed through, generate described acquisition authentication information request response according to the authentication context of described terminal;

When authentication is obstructed out-of-date, according to described second mark and described local plmn mark and after home subscriber server HSS carries out authentication, the described terminal authentication context that described HSS generates is preserved; And generate described acquisition authentication information request response according to the authentication context of described terminal.

A kind of method for authenticating, described method comprises:

Terminal sends authentication request message to the 2nd ProSe functional entity, and described authentication request message comprises local PLMN mark and the first mark, and described 2nd ProSe functional entity is the ProSe functional entity under described terminal local PLMN;

Described terminal receives the described authentication request sent by described 2nd ProSe functional entity and responds, to complete the authentication process between described terminal and described 2nd ProSe functional entity.

Wherein, before described terminal sends authentication request message to described 2nd ProSe functional entity, described method also comprises:

Described terminal obtains local plmn list from a ProSe functional entity, and described local plmn list comprises the mark of the local plmn that described terminal can be supported, a described ProSe functional entity is the ProSe functional entity under described terminal HPLMN;

Accordingly, described terminal sends authentication request message to described 2nd ProSe functional entity, specifically comprises:

Described terminal inquires about the mark of the PLMN of described this locality in described local plmn list, and when the PLMN of described this locality is identified in described local plmn list, described terminal sends authentication request message to described 2nd ProSe functional entity.

Based on a business ProSe functional entity device for distance, comprise the first receiving element, the first acquiring unit, the first authentication ' unit and the first transmitting element, wherein,

Described first receiving element is used for, the type of the discovery business that receiving terminal sends and the first mark;

Described first acquiring unit is used for, and identifies according to described first mark acquisition second;

Described first authentication ' unit is used for, and carries out certification according to the second mark to described discovery business;

Described first transmitting element is used for, and when certification is passed through, sends corresponding operation flow according to described type of service to the 2nd ProSe functional entity under the local plmn of at least one terminal; Send to described terminal and find service response message.

Wherein, described first acquiring unit specifically for:

Send described second mark according to described first transmitting element of described first mark instruction to mobile management entity MME and obtain request, described second mark obtains request and is used for described MME and obtains described second according to described first mark and described first mark identify with the described second corresponding relation identified;

The second mark indicating described first receiving element to receive described MME transmission obtains response, and described second mark acquisition response comprises described second mark.

Wherein, described first acquiring unit specifically for: indicate described first transmitting element to send the second mark to described terminal and obtain request; The second mark indicating described first receiving element to receive the transmission of described terminal obtains response, and described second mark acquisition response comprises described second mark.

Wherein, described first authentication ' unit is used for:

According to the described second identified query first information, the described first information is the business contexts of described terminal;

When not inquiring the described first information, carrying out the certification of described discovery business with home subscriber server HSS, and generating the described first information;

When inquiring the described first information, carry out the certification of described discovery business with described terminal.

Wherein, the type of described discovery business is for announcing, monitoring or coupling; Accordingly, described first transmitting element specifically for:

When described type of service is for announcing, send publish request message to described 2nd ProSe functional entity;

When described type of service is for monitoring, send interception request message to described 2nd ProSe functional entity;

When described type of service is for coupling, send matching request message to described 2nd ProSe functional entity;

Described first receiving element specifically for: when described type of service is for announcing, receive publish response message from described 2nd ProSe functional entity;

When described type of service is for monitoring, receive interception request response message from described 2nd ProSe functional entity;

When the match is successful for described 2nd ProSe functional entity, receive matching request response message from described 2nd ProSe functional entity.

A kind of terminal, comprising:

Second transmitting element, for sending type and first mark of discovery business to a ProSe functional entity, a described ProSe functional entity is the ProSe functional entity under described terminal HPLMN;

Second receiving element, for identifying after the second mark and the type of described discovery business that acquire carry out certification to described discovery business at a described ProSe functional entity according to described first, receive the discovery service response message that a described ProSe functional entity sends.

Wherein, described second receiving element also for, receive described one ProSe functional entity send second mark obtain request;

Described second transmitting element also for, to described one ProSe functional entity send second mark obtain response, described second mark obtain response comprises described second mark.

Second based on the business ProSe functional entity device of distance, and described equipment comprises: second acquisition unit, the 3rd transmitting element, the 3rd receiving element, wherein,

Described second acquisition unit is used for, and is obtained the second mark of described terminal by the first mark of terminal;

Described 3rd transmitting element is used for, send to a ProSe functional entity and obtain authentication information request, the request of described acquisition authentication information comprises beyond the mark of the PLMN of described this locality, also comprise described second mark or described first mark, the request of described acquisition authentication information is used for a described ProSe functional entity obtains described terminal authentication context according to described second mark or described first mark;

Described 3rd receiving element is used for, and receive the acquisition authentication information request sent by a described ProSe functional entity and respond, described acquisition authentication information request response comprises the authentication context of described terminal;

Described 3rd transmitting element also for, to described terminal send described authentication request response, to complete the authentication process between described ProSe functional entity and described terminal.

Wherein, described second acquisition unit specifically for:

Received the authentication request of described terminal transmission by described 3rd receiving element, described authentication request comprises the first mark of described terminal;

Send the second mark by described 3rd transmitting element to mobile management entity MME and obtain request, described second mark acquisition request comprises described first mark;

The second mark being received described MME transmission by described 3rd receiving element obtains response, and described second mark acquisition response comprises the second mark of described terminal.

Based on a business ProSe functional entity device for distance, comprise the 4th receiving element, the 3rd acquiring unit and the 4th transmitting element, wherein,

Described 4th receiving element is used for, and receives the acquisition authentication information request that the 2nd ProSe functional entity sends, and the request of described acquisition authentication information comprises beyond the mark of local PLMN, also comprises the second mark or first mark of terminal;

Described 3rd acquiring unit is used for, and when not comprising described second mark in the request of described acquisition authentication information, obtains described second mark according to described first mark; And the authentication context of described terminal is obtained according to described second mark;

Described 4th transmitting element is used for, and send to described 2nd ProSe functional entity and obtain authentication information request response, described acquisition authentication information request response comprises the authentication context of described terminal.

Wherein, described 3rd acquiring unit specifically for:

The authentication context of terminal according to described second identified query;

A kind of terminal, comprising: the 5th transmitting element and the 5th receiving element, wherein,

Described 5th transmitting element is used for, authentication request message is sent to the 2nd ProSe functional entity, described authentication request message comprises local PLMN mark and the first mark, and described 2nd ProSe functional entity is the ProSe functional entity under described terminal local PLMN;

Described 5th receiving element is used for, and receives the described authentication request sent by described 2nd ProSe functional entity and responds, to complete the authentication process between described terminal and described 2nd ProSe functional entity.

Wherein, described terminal also comprises:

4th acquiring unit, for obtaining local plmn list from a ProSe functional entity, described local plmn list comprises the mark of the local plmn that described terminal can be supported, a described ProSe functional entity is the ProSe functional entity under described terminal HPLMN;

Accordingly, described terminal also comprises query unit, for inquiring about the mark of the PLMN of described this locality in described local plmn list;

Described 5th transmitting element also for, when the PLMN of described this locality is identified in described local plmn list, described terminal to described 2nd ProSe functional entity send authentication request message.

A system for service discovering, described system comprises the business ProSe functional entity device of first under the PLMN HPLMN of the ownership of terminal and described terminal based on distance, wherein,

A described ProSe functional entity is used for, and receives type and first mark of the discovery business that described terminal sends; According to described first mark by obtaining the second mark alternately with mobile management entity MME or described terminal; The discovery business of type to described terminal according to described second mark and described discovery business carries out certification; After described certification is passed through, send to described terminal and find service response message;

Described terminal is used for, and sends type and first mark of discovery business to a described ProSe functional entity;

Identify after the second mark and the type of described discovery business that acquire carry out certification to described discovery business at a described ProSe functional entity according to described first, receive the discovery service response message that a described ProSe functional entity sends.

A kind of right discriminating system, described system comprises second under the home public land mobile network network PLMN of terminal, described terminal based on the ProSe functional entity device under the PLMN HPLMN of the ProSe functional entity device of distance, the ownership of described terminal, wherein

Described 2nd ProSe functional entity is used for, and according to first of terminal the mark by after getting the second mark alternately with mobile management entity MME, to send obtain authentication information request according to described second mark to a described ProSe functional entity;

And receive described one ProSe functional entity send the request of acquisition authentication information response after, complete the authentication process between described terminal;

A described ProSe functional entity is used for, and obtains obtaining authentication information request response, and described acquisition authentication information request response is recycled to described 2nd ProSe functional entity according to the acquisition authentication information request that described 2nd ProSe functional entity sends;

Described terminal is used for, and after described 2nd ProSe functional entity sends authentication request, receives the authentication request response that described 2nd ProSe functional entity sends.

Above-mentioned first is designated the whole world unique temporary user device mark GUTI that described MME is described terminal distribution.

Embodiments provide the method, apparatus and system of a kind of service discovering and authentication; after network side obtains the second mark of terminal by the first mark of terminal; discovery business and authorizing procedure is realized again by the second mark of described terminal; make terminal when initiation service discovering request and authentication request; do not need IMSI and/or MSISDN sending self; protect the privacy information of user, and not easily make mistakes.

Accompanying drawing explanation

Fig. 1 is the configuration diagram of D2D in prior art;

The method flow schematic diagram of a kind of service discovering that Fig. 2 provides for the embodiment of the present invention;

The process schematic that a kind of ProSe functional entity that Fig. 3 provides for the embodiment of the present invention identifies according to described first mark acquisition second;

The process schematic of the second mark of another kind the one ProSe functional entity acquisition terminal that Fig. 4 provides for the embodiment of the present invention;

A kind of ProSe functional entity that Fig. 5 provides for the embodiment of the present invention identifies according to second process schematic discovery business being carried out to certification;

The schematic flow sheet of the method for the another kind of service discovering that Fig. 6 provides for the embodiment of the present invention;

The detailed process schematic diagram of the method for the another kind of service discovering that Fig. 7 provides for the embodiment of the present invention;

A kind of ProSe functional entity that Fig. 8 provides for the embodiment of the present invention identifies according to second schematic flow sheet discovery business being carried out to certification;

The schematic flow sheet of a kind of method for authenticating that Fig. 9 provides for the embodiment of the present invention;

A kind of 2nd ProSe functional entity that Figure 10 provides for the embodiment of the present invention identifies by first of terminal the second identification procedure schematic diagram obtaining described terminal;

The schematic flow sheet of the another kind of method for authenticating that Figure 11 provides for the embodiment of the present invention;

A kind of ProSe functional entity that Figure 12 provides for the embodiment of the present invention identifies according to second the contextual schematic flow sheet of authentication obtaining terminal;

The schematic flow sheet of another method for authenticating that Figure 13 provides for the embodiment of the present invention;

The detailed process schematic diagram of a kind of method for authenticating that Figure 14 provides for the embodiment of the present invention

The structural representation of the ProSe functional entity device that Figure 15 provides for the embodiment of the present invention;

The structural representation of a kind of terminal that Figure 16 provides for the embodiment of the present invention;

The structural representation of a kind of 2nd ProSe functional entity device that Figure 17 provides for the embodiment of the present invention;

The structural representation of another kind the one ProSe functional entity device that Figure 18 provides for the embodiment of the present invention;

The structural representation of the another kind of terminal that Figure 19 provides for the embodiment of the present invention;

The structural representation of another terminal that Figure 20 provides for the embodiment of the present invention;

The structural representation of a kind of service discovery system that Figure 21 provides for the embodiment of the present invention;

The structural representation of a kind of right discriminating system that Figure 22 provides for the embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Be described in process to the technical scheme of the embodiment of the present invention, the D2D framework shown in embodiment of the present invention composition graphs 1 is described, and concrete scene is as follows: after terminal 1 enters VPLMN from HPLMN, and terminal 1 carries out service discovering in VPLMN; It should be noted that, after terminal 1 enters VPLMN from HPLMN, so VPLMN is exactly the local plmn of present terminal 1.Understandable, this scene, only for the explanation to technical scheme, does not do any restriction to this.

See Fig. 2, be the method for a kind of service discovering that the embodiment of the present invention provides, the method is applied in the ProSe functional entity in D2D framework under network side HPLMN, and the method can comprise:

The type of the described discovery business that the S201: the one ProSe functional entity receiving terminal sends and the first mark;

Exemplary, in the present embodiment, the type of described discovery business and the first mark can by finding that business request information carries;

Further, described first mark can be the whole world unique temporary user device mark (GUTI of described terminal, Globally Unique Temporary UE Identity), the GUTI terminal of described terminal is distributed by MME and is obtained in the process registered to MME, can comprise: for terminal carries out the mark of the MME registered and the IP address of this MME.

Exemplary, the type of described discovery business can be: announce, monitor or coupling.

S202: a described ProSe functional entity identifies according to described first mark acquisition second;

Exemplary, the second mark comprises the IMSI of terminal; Specifically can comprise see Fig. 3, S202:

S2021a: a described ProSe functional entity sends the second mark according to described first mark to described MME and obtains request;

Concrete, owing to including the mark of described MME and the IP address of described MME in the first mark, therefore, a described ProSe functional entity can send the second mark according to the IP address of the described MME in the first mark to the described MME that described MME mark is corresponding and obtain request;

S2022a: receive the second mark acquisition response that described MME sends;

Wherein, described MME can obtain the first mark included in request and described first mark according to described second mark and obtains second with the described second corresponding relation identified and identify;

Concrete, described MME can search corresponding relation between GUTI and IMSI according to GUTI, thus obtains the IMSI of terminal; Understandable, described corresponding relation can be described MME preserving for when described terminal distribution GUTI;

The IMSI of described terminal, after the IMSI obtaining described terminal, can be encapsulated in the second mark and obtain in response by described MME, and described second mark acquisition response is back to a described ProSe functional entity.

Further, when a described ProSe functional entity cannot obtain described second mark by S2021a to S2023a from described MME time, such as, described MME break down or between a described ProSe functional entity and described MME channel quality poor so that the communication process of S2021a to S2023a cannot be completed time, see Fig. 4, the process that a described ProSe functional entity obtains the second mark of described terminal can be:

S2021b: a described ProSe functional entity sends the second mark to described terminal and obtains request;

Concrete, described terminal can obtain request according to described second mark received, and inquires about the IMSI of self, and is encapsulated in by the IMSI of self in the second mark acquisition response,

S2022b: a described ProSe functional entity receives the second mark returned by described terminal and obtains response.

Concrete, a described ProSe functional entity, after receiving the second mark that described terminal returns and obtaining response, can obtain the IMSI of described terminal by decapsulation.

S203: a described ProSe functional entity carries out certification according to the second mark to described discovery business;

Exemplary, specifically can comprise see Fig. 5, S203:

S2031: a described ProSe functional entity is according to the described second identified query first information;

Concrete, the described first information can be the business contexts of described terminal, a described ProSe functional entity can inquire about according to the IMSI of described terminal the business contexts whether self exists described terminal, the business contexts of described terminal can comprise the parameter finding business described in described terminal subscribes, to set up and preserve after specifically can carrying out certification by a described ProSe functional entity and HSS to described discovery business;

S2032: when not inquiring the described first information, a described ProSe functional entity, after completing the certification of described discovery business with HSS, is preserved the first information that described HSS generates;

Concrete, because EPC does not also carry out certification to the discovery business of described terminal, therefore a described ProSe functional entity is needed to carry out certification according to the HSS in IMSI and the EPC of described terminal to described discovery business, concrete verification process is the state of the art, repeat no more, after certification terminates, HSS can set up the parameter finding business described in described terminal subscribes, and is kept in a described ProSe functional entity.

S2033: when inquiring the described first information, a described ProSe functional entity and terminal carry out the certification of described discovery business.

Concrete, because EPC carried out certification to the described discovery business of described terminal, therefore described terminal can retain the parameter of subscribing to described discovery business in the mode of the first information, therefore, a described ProSe functional entity can carry out the certification of discovery business according to the existing first information and terminal, concrete verification process is as consistent in the verification process in S2032, is the state of the art, also repeats no more at this.

S204: when certification is passed through, a described ProSe functional entity initiates corresponding operation flow according to described type of service to described 2nd ProSe functional entity;

Exemplary, corresponding to the type of the discovery business described in S201, S204 specifically can comprise:

S205: a described ProSe functional entity sends the response of described discovery business to described terminal.

Concrete, described discovery service response can be the response message corresponding with type of service returned by described 2nd ProSe functional entity in S204, may be used for described terminal and carries out corresponding Resourse Distribute according to described discovery service response to described discovery business.

See Fig. 6, be the method for the another kind of service discovering that the embodiment of the present invention provides, be applied to this side of terminal, described method can comprise:

S601: described terminal sends type and first mark of discovery business to the ProSe functional entity under described terminal HPLMN;

Exemplary, find that the type of business and the first mark can by finding that the mode of business request information carries; As previously mentioned, described first mark can be the GUTI of described terminal;

Exemplary, find after business request information when described terminal sends to a described ProSe functional entity, a described ProSe functional entity can processing the process that discovery business carries out certification according to Fig. 2 at network side, do not repeat them here.

Exemplary, carry out in the process of certification at network side to discovery business at a described ProSe functional entity, described method can also comprise:

Described terminal receives a described ProSe functional entity and sends the second mark acquisition request;

Described terminal sends the second mark to a described ProSe functional entity and obtains response, and described second mark obtains response and comprises described second mark.

In addition, described method can also comprise: described terminal and a described ProSe functional entity carry out the certification of described discovery business.

Identify after the second mark and the type of described discovery business that acquire carry out certification to described discovery business at a described ProSe functional entity according to described first, described terminal can perform S602.

S602: described terminal receives the discovery service response message that a described ProSe functional entity sends.

Concrete, described terminal can carry out corresponding Resourse Distribute according to described discovery service response message to described discovery business.So far, the discovery operation flow of end side terminates.

See Fig. 7, the detailed process schematic diagram of the method for a kind of service discovering provided for the embodiment of the present invention, the method can comprise:

S701: terminal sends type and first mark of discovery business to a ProSe functional entity;

Exemplary, find that the type of business and the first mark can by finding that the mode of business request information carries;

Exemplary, the described first GUTI being designated described terminal, terminal is distributed by MME and is obtained in the process registered to MME, and the GUTI of terminal can comprise: for terminal carries out the mark of the MME registered and the IP address of this MME.

S702: a described ProSe functional entity identifies according to described first mark acquisition second;

Exemplary, described second mark can be the IMSI of terminal; Shown in Figure 7, the detailed process of S702 can be:

S7021a: a described ProSe functional entity sends the second mark according to described first mark to described MME and obtains request;

S7022a: described MME obtains the first mark of request according to described second mark and described first mark obtains described second identify with the described second corresponding relation identified;

Concrete, described MME can search corresponding relation between GUTI and IMSI according to GUTI, thus obtains the IMSI of terminal; Understandable, described corresponding relation can be described MME preserving for when described terminal distribution GUTI.

S7023a: described MME sends the second mark to a described ProSe functional entity obtains response, and described second mark obtains response and comprises described second mark.

Concrete, the IMSI of described terminal, after the IMSI obtaining described terminal, can be encapsulated in the second mark and obtain in response by described MME, and described second mark acquisition response is back to a described ProSe functional entity.

Further, when a described ProSe functional entity cannot obtain described second mark by S7021a to S7023a from described MME time, such as, described MME break down or between a described ProSe functional entity and described MME channel quality poor so that the communication process of S2021a to S2023a cannot be completed time, shown in Figure 7, the process that a described ProSe functional entity obtains the second mark of described terminal can be:

S7021b: a described ProSe functional entity sends the second mark to described terminal and obtains request;

Concrete, described terminal can obtain request according to described second mark received, and inquires about the IMSI of self, and is encapsulated in by the IMSI of self in the second mark acquisition response;

S7022b: described terminal sends the second mark to a described ProSe functional entity and obtains response.

S703: a described ProSe functional entity carries out certification according to the second mark to described discovery business;

Exemplary, specifically can comprise see Fig. 8, S703:

S7031: a described ProSe functional entity is according to the described second identified query first information;

S7032: when not inquiring the described first information, a described ProSe functional entity, after completing the certification of described discovery business with HSS, is preserved the first information that described HSS generates;

S7033: when inquiring the described first information, a described ProSe functional entity and terminal carry out the certification of described discovery business.

Concrete, because EPC carried out certification to the described discovery business of described terminal, therefore described terminal can retain the parameter of subscribing to described discovery business in the mode of the first information, therefore, a described ProSe functional entity can carry out the certification of discovery business according to the existing first information and terminal, concrete verification process is as consistent in the verification process in S7032, is the state of the art, also repeats no more at this.

S704: when certification is passed through, a described ProSe functional entity initiates corresponding operation flow according to described type of service to described 2nd ProSe functional entity;

Exemplary, corresponding to the type of the discovery business described in S701, S704 specifically can comprise:

When described type of service is for monitoring, a described ProSe functional entity sends interception request message to described 2nd ProSe functional entity, and receives interception request response message from described 2nd ProSe functional entity;

S705: a described ProSe functional entity sends the response of described discovery business to described terminal;

Concrete, described discovery service response can be the response message corresponding with type of service returned by described 2nd ProSe functional entity in S704, may be used for described terminal and carries out corresponding Resourse Distribute according to described discovery service response to described discovery business.

Present embodiments provide a kind of method of service discovering; after one ProSe functional entity obtains the second mark of terminal by the first mark of terminal; realize finding operation flow by the second mark of described terminal again; make terminal when initiation service discovering; do not need IMSI and/or MSISDN sending self; protect the privacy information of user, and not easily make mistakes.

See Fig. 9, be a kind of method for authenticating schematic diagram that the embodiment of the present invention provides, be applied in the 2nd ProSe functional entity in D2D framework under network side local plmn, the method can comprise:

S901: described 2nd ProSe functional entity obtains the second mark of described terminal by the first mark of described terminal;

Exemplary, as shown in Figure 10, S901 specifically can comprise:

S9011: described 2nd ProSe functional entity receives the authentication request that described terminal sends, described authentication request comprises the first mark of described terminal;

Concrete, described authentication request message can comprise mark and first mark of local plmn, and as previously mentioned, described first mark comprises the GUTI of described terminal; And the GUTI of described terminal includes the mark of described MME and the IP address of described MME.

S9012: described 2nd ProSe functional entity sends the second mark to described MME and obtains request, described second mark acquisition request comprises described first mark;

S9013: the second mark that described 2nd ProSe functional entity receives described MME transmission obtains response, described second mark acquisition response comprises the second mark of described terminal.

Detailed process above about S901 is consistent with S2021a to S2023a, does not repeat them here.

S902: described 2nd ProSe functional entity sends to a ProSe functional entity and obtains authentication information request;

Concrete, the request of described acquisition authentication information is except comprising the mark of the PLMN of described this locality, can also comprise described second mark or described first mark according to the execution result of S901, and the request of described acquisition authentication information is used for a described ProSe functional entity obtains described terminal authentication context according to described second mark or described first mark;

S903: described 2nd ProSe functional entity receives the acquisition authentication information request sent by a described ProSe functional entity and responds, described acquisition authentication information request response comprises the authentication context of described terminal;

S904: described 2nd ProSe functional entity sends the response of described authentication request, to complete the authentication process between described 2nd ProSe functional entity and described terminal to described terminal.

See Figure 11, be the another kind of method for authenticating that the embodiment of the present invention provides, be applied in the ProSe functional entity in D2D framework under network side HPLMN, the method can comprise:

S1101: the one ProSe functional entity receives the acquisition authentication information request that the 2nd ProSe functional entity sends, and the request of described acquisition authentication information comprises beyond the mark of local PLMN, also comprises the second mark or first mark of terminal;

S1102: when not comprising described second mark in the request of described acquisition authentication information, a described ProSe functional entity obtains described second mark according to the first mark described in described acquisition request; Detailed process is consistent as described in S202, no longer specifically repeats at this.

S1103: a described ProSe functional entity obtains the authentication context of described terminal according to described second mark;

Exemplary, as shown in figure 12, S1103 specifically can comprise:

The authentication context of the S11031: the one ProSe functional entity terminal according to described second identified query;

S11032: the authentication context according to described terminal carries out authentication to the mark of the PLMN of described this locality and described second mark;

S11033: when authentication is passed through, generates described acquisition authentication information request response according to the authentication context of described terminal;

Concrete, authentication passes through, one ProSe functional entity is described by the certification realized alternately between described terminal and a described ProSe functional entity of HSS, a described ProSe functional entity has saved authentication context corresponding to described terminal in verification process, and described authentication context comprises the authentication vector group of described terminal.

S11034: when authentication is obstructed out-of-date, a described ProSe functional entity, according to described second mark and described local plmn mark and after HSS carries out authentication, is preserved the described terminal authentication context that described HSS generates; And generate described acquisition authentication information request response according to the authentication context of described terminal;

Exemplary, a described ProSe functional entity can send authentication request message to described HSS, described authentication request message comprises the mark of described second mark and described local plmn, and receive described HSS according to described second mark and described local plmn mark authentication success after loopback authentication request response, described authentication request response comprises authentication context corresponding to described terminal, and described authentication context comprises the authentication vector group of described terminal.

S1104: a described ProSe functional entity sends to described 2nd ProSe functional entity and obtains authentication information request response, and described acquisition authentication information request response comprises the authentication context of described terminal.

See Figure 13, be another method for authenticating that the embodiment of the present invention provides, be applied to terminal, the method can comprise:

S1301: terminal sends authentication request to the 2nd ProSe functional entity, described authentication request comprises local PLMN mark and the first mark, and described 2nd ProSe functional entity is the ProSe functional entity under described terminal local PLMN;

Exemplary, the described first GUTI being designated described terminal; Before S1301, described terminal can obtain local plmn list from a ProSe functional entity, described local plmn list comprises the mark of the local plmn that described terminal can be supported, a described ProSe functional entity is the ProSe functional entity under described terminal HPLMN;

Accordingly, S1301 specifically comprises:

Described terminal inquires about the mark of the PLMN of described this locality in described local plmn list, and when the PLMN of described this locality is identified in described local plmn list, described terminal sends authentication request to described 2nd ProSe functional entity.

S1302: described terminal receives the described authentication request sent by described 2nd ProSe functional entity and responds, to complete the authentication process between described terminal and described 2nd ProSe functional entity.

See Figure 14, be the detailed process schematic diagram of a kind of method for authenticating that the embodiment of the present invention provides, the method can comprise:

S1401: described terminal sends authentication request to the 2nd ProSe functional entity, described authentication request can comprise local PLMN mark and the first mark, and described 2nd ProSe functional entity is the ProSe functional entity under described terminal local PLMN;

Concrete, described authentication request can comprise local PLMN mark and the first mark, as previously mentioned, and the described first GUTI being designated described terminal;

Exemplary, before S1401, described terminal can obtain local plmn list from a ProSe functional entity, described local plmn list can comprise the mark of the local plmn that described terminal can be supported, a described ProSe functional entity is the ProSe functional entity under described terminal HPLMN;

Accordingly, S1401 specifically can comprise:

Described terminal inquires about the mark of the PLMN of described this locality in described local plmn list; When the PLMN of described this locality is identified in described local plmn list, described terminal sends authentication request message to described 2nd ProSe functional entity.

S1402: described 2nd ProSe functional entity identifies according to described first mark acquisition second;

Concrete, the GUTI due to described terminal includes the mark of described MME, and the IP address of described MME, and therefore, S1402 specifically can comprise:

Described 2nd ProSe functional entity sends the second mark to described MME and obtains request, and described second mark acquisition request comprises described first mark;

Detailed process above about S1402 is consistent with S7021a to S7023a, does not repeat them here.

S1403: described 2nd ProSe functional entity sends to a described ProSe functional entity and obtains authentication information request;

Concrete, the request of described acquisition authentication information is except comprising the mark of the PLMN of described this locality, can also comprise described second mark or described first mark according to the execution result of S1402, and the request of described acquisition authentication information is used for a described ProSe functional entity obtains described terminal authentication context according to described second mark or described first mark;

S1404: in time not comprising described second mark in the request of described acquisition authentication information, a described ProSe functional entity obtains described second mark according to described first mark; Detailed process is consistent as described in S702, no longer specifically repeats at this.

S1405: a described ProSe functional entity obtains the authentication context of described terminal according to described second mark;

Exemplary, as shown in figure 14, S1405 specifically can comprise:

The authentication context of the S14051: the one ProSe functional entity terminal according to described second identified query;

S14052: the one ProSe functional entity carries out authentication according to the authentication context of described terminal to the mark of the PLMN of described this locality and described second mark;

S14053: when authentication is passed through, a ProSe functional entity generates described acquisition authentication information request response according to the authentication context of described terminal;

S14054: when authentication is obstructed out-of-date, a described ProSe functional entity, according to described second mark and described local plmn mark and after HSS carries out authentication, is preserved the described terminal authentication context that described HSS generates; And generate described acquisition authentication information request response according to the authentication context of described terminal;

Concrete, a described ProSe functional entity can send authentication request message to described HSS, and described authentication request message comprises the mark of described second mark and described local plmn; And receive described HSS according to described second mark and described local plmn mark authentication success after loopback authentication request response, described authentication request response comprises authentication context corresponding to described terminal, and described authentication context comprises the authentication vector group of described terminal.

S1406: a described ProSe functional entity certification obtains authentication request response to described 2nd ProSe functional entity loopback.

S1407: described 2nd ProSe functional entity sends the response of described authentication request, to complete the authentication process between described 2nd ProSe functional entity and described terminal to described terminal.

Present embodiments provide a kind of method of authentication; after 2nd ProSe functional entity obtains the second mark of terminal by the first mark of terminal; authorizing procedure is realized again by the second mark of described terminal; make terminal when initiation authentication; do not need IMSI and/or MSISDN sending self; protect the privacy information of user, and not easily make mistakes.

See Figure 15, the ProSe functional entity device 150 under the HPLMN of a kind of terminal provided for the embodiment of the present invention, described equipment 150 comprises:

First receiving element 1501, first acquiring unit 1502, first authentication ' unit 1503 and the first transmitting element 1504, wherein,

First receiving element 1501 sends type and first mark of discovery business for, receiving terminal;

First acquiring unit 1502 for, according to described first mark acquisition second identify;

First authentication ' unit 1503 for, according to second mark certification is carried out to described discovery business;

First transmitting element 1504 for, when certification by time, send corresponding operation flow according to described type of service to the 2nd ProSe functional entity under at least one local plmn; Send to described terminal and find service response message.

Further, described first mark can be the GUTI of described terminal.The GUTI terminal of described terminal is distributed by MME and is obtained in the process registered to MME, can comprise: for terminal carries out the mark of the MME registered and the IP address of this MME.

Exemplary, the second mark comprises the IMSI of terminal; First acquiring unit 1502 specifically for:

Send the second mark according to described first mark instruction first transmitting element 1504 to MME and obtain request, described second mark obtains request and is used for described MME and obtains described second according to described first mark and described first mark with the described second corresponding relation identified and identify; Concrete, owing to including the mark of described MME and the IP address of described MME in the first mark, therefore, the first acquiring unit 1502 can indicate the first transmitting element 1504 to send the second mark to the described MME that described MME mark is corresponding according to the IP address of the described MME in the first mark and obtain request;

The second mark indicating the first receiving element 1501 to receive described MME transmission obtains response, and described second mark acquisition response comprises described second mark.

Exemplary, the first acquiring unit 1502 specifically for:

Indicate the first transmitting element 1504 to send the second mark to described terminal and obtain request;

The second mark indicating the first receiving element 1501 to receive the transmission of described terminal obtains response, and described second mark acquisition response comprises described second mark.

Exemplary, the first authentication ' unit 1503 for:

According to the described second identified query first information; Concrete, the described first information can be the business contexts of described terminal, first authentication ' unit 1503 can inquire about according to the IMSI of described terminal the business contexts whether self exists described terminal, the business contexts of described terminal can comprise the parameter finding business described in described terminal subscribes, to set up and preserve after specifically can carrying out certification by a described ProSe functional entity 150 and HSS to described discovery business;

When not inquiring the described first information, after carrying out the certification of described discovery business with HSS, the first information that described HSS generates is preserved;

Exemplary, the type of described discovery business is for announcing, monitoring or coupling; Accordingly, the first transmitting element 1504 specifically for:

First receiving element 1501 specifically for: when described type of service is for announcing, receive publish response message from described 2nd ProSe functional entity;

See Figure 16, be a kind of terminal 160 that the embodiment of the present invention provides, terminal 160 can comprise:

Second transmitting element 1601, for sending type and first mark of discovery business to a ProSe functional entity, a described ProSe functional entity is the ProSe functional entity under described terminal HPLMN;

Second receiving element 1602, for identifying after the second mark and the type of described discovery business that acquire carry out certification to described discovery business at a described ProSe functional entity according to described first, receive the discovery service response message that a described ProSe functional entity sends.

Exemplary, find that the type of business and the first mark can by finding that the mode of business request information carries; As previously mentioned, described first mark can be the GUTI of described terminal 160; Described second IMSI being designated described terminal 160;

Exemplary, the second receiving element 1602 also for, receive a described ProSe functional entity and send the second mark and obtain request;

Second transmitting element 1601 also for, to described one ProSe functional entity send second mark obtain response, described second mark obtain response comprises described second mark.

See Figure 17, the 2nd ProSe functional entity device 170 under the local plmn of a kind of terminal provided for the embodiment of the present invention, comprising: second acquisition unit 1701, the 3rd transmitting element the 1702, three receiving element 1703, wherein,

Second acquisition unit 1701 for, by terminal first mark obtain described terminal second mark;

3rd transmitting element 1702 for, send to a ProSe functional entity and obtain authentication information request, the request of described acquisition authentication information comprises beyond the mark of the PLMN of described this locality, also comprise described second mark or described first mark, the request of described acquisition authentication information is used for a described ProSe functional entity obtains described terminal authentication context according to described second mark or described first mark;

3rd receiving element 1703 for, receive the acquisition authentication information request sent by a described ProSe functional entity and respond, described acquisition authentication information request response comprises the authentication context of described terminal;

3rd transmitting element 1702 also for, to described terminal send described authentication request response, to complete the authentication process between described 2nd ProSe functional entity and described terminal.

Exemplary, second acquisition unit 1701 specifically for:

Received the authentication request of described terminal transmission by the 3rd receiving element 1703, described authentication request comprises the first mark of described terminal; Concrete, described authentication request message can comprise mark and first mark of local plmn, and as previously mentioned, described first mark can be the GUTI of described terminal; And the GUTI of described terminal includes the mark of described MME and the IP address of described MME.

Send the second mark by the 3rd transmitting element 1702 to described MME and obtain request, described second mark acquisition request comprises described first mark; Concrete, the request of described acquisition authentication information is except comprising the mark of described local plmn, can also comprise described second mark or described first mark, and the request of described acquisition authentication information is used for a described ProSe functional entity obtains described terminal authentication context according to described second mark or described first mark;

The second mark being received described MME transmission by the 3rd receiving element 1703 obtains response, and described second mark acquisition response comprises the second mark of described terminal.

See Figure 18, the ProSe functional entity device 180 under the HPLMN of the another kind of terminal provided for the embodiment of the present invention, can comprise: the 4th receiving element 1801, the 3rd acquiring unit 1802 and the 4th transmitting element 1803, wherein,

4th receiving element 1801 for, receive the 2nd ProSe functional entity send the request of acquisition authentication information, the request of described acquisition authentication information comprises beyond the mark of local plmn, also comprise terminal second mark or first mark;

3rd acquiring unit 1802 for, when do not comprise in the request of described acquisition authentication information described second mark time, according to described first mark obtain described second mark; And the authentication context of described terminal is obtained according to described second mark;

4th transmitting element 1803 for, send to described 2nd ProSe functional entity and obtain authentication information request response, described acquisition authentication information request response comprises the authentication context of described terminal.

Exemplary, the 3rd acquiring unit 1802 specifically for:

When authentication is obstructed out-of-date, according to described second mark and described local plmn mark and after HSS carries out authentication, the described terminal authentication context that described HSS generates is preserved; And generate described acquisition authentication information request response according to the authentication context of described terminal.

See Figure 19, be the another kind of terminal 190 that the embodiment of the present invention provides, can comprise: the 5th transmitting element 1901 and the 5th receiving element 1902, wherein,

Described 5th transmitting element 1901 for, authentication request message is sent to the 2nd ProSe functional entity, described authentication request message comprises local PLMN mark and the first mark, and described 2nd ProSe functional entity is the ProSe functional entity under described terminal local PLMN;

Described 5th receiving element 1902 for, receive the described authentication request sent by described 2nd ProSe functional entity and respond, to complete the authentication process between described terminal and described 2nd ProSe functional entity.

Exemplary, see Figure 20, described terminal 190 can also comprise:

4th acquiring unit 1903, for obtaining local plmn list from a ProSe functional entity, described local plmn list comprises the mark of the local plmn that described terminal can be supported, a described ProSe functional entity is the ProSe functional entity under described terminal HPLMN;

Accordingly, as shown in figure 20, described terminal 190 also comprises query unit 1904, for inquiring about the mark of the PLMN of described this locality in described local plmn list;

5th transmitting element 1901 also for, when the PLMN of described this locality is identified in described local plmn list, described terminal to described 2nd ProSe functional entity send authentication request message.

See Figure 21, be the system of a kind of service discovering that the embodiment of the present invention provides, can comprise: the ProSe functional entity device 150 under the HPLMN of terminal 160 and terminal 160, wherein,

A described ProSe functional entity 150 for, receive described terminal 160 send discovery business type and first mark; Identify according to described first mark acquisition second; The discovery business of type to described terminal according to described second mark and described discovery business carries out certification; After described certification is passed through, send to described terminal 160 and find service response message;

Described terminal 160 for, to a described ProSe functional entity 150 send discovery business type and first mark;

Identify after the second mark and the type of described discovery business that acquire carry out certification to described discovery business at a described ProSe functional entity 150 according to described first, receive the discovery service response message that a described ProSe functional entity 150 sends.

The specific implementation of terminal 160 can for the terminal described in previous embodiment; The specific implementation of the one ProSe functional entity 150 can for the ProSe functional entity described in previous embodiment.

Present embodiments provide a kind of system of service discovering; after one ProSe functional entity 150 obtains the second mark of terminal by the first mark of terminal 160; realize finding operation flow by the second mark of described terminal 160 again; make terminal 160 when initiation service discovering; do not need IMSI and/or MSISDN sending self; protect the privacy information of user, and not easily make mistakes.

See Figure 22, for a kind of right discriminating system that the embodiment of the present invention provides, comprise the ProSe functional entity device 180 under the HPLMN of the 2nd ProSe functional entity device 170 under the local plmn of the terminal 190 described in previous embodiment, terminal 190 and terminal 190, wherein

Described 2nd ProSe functional entity 170 for, after getting the second mark by the first mark of terminal 190, to send to a described ProSe functional entity 180 according to described second mark and obtain authentication information request;

And receive described one ProSe functional entity 180 send the request of acquisition authentication information response after, complete the authentication process between described terminal 190;

A described ProSe functional entity 180 for, obtain obtaining authentication information request response according to the acquisition authentication information request that described 2nd ProSe functional entity 170 sends, and described acquisition authentication information request response is recycled to described 2nd ProSe functional entity 170;

Described terminal 190 for, after described 2nd ProSe functional entity 170 sends authentication request, receive described 2nd ProSe functional entity 170 send authentication request response.

The specific implementation of terminal 190 can for the terminal described in previous embodiment; The specific implementation of the 2nd ProSe functional entity 170 can for the ProSe functional entity described in previous embodiment; The specific implementation of the one ProSe functional entity 180 can for the ProSe functional entity described in previous embodiment.

Present embodiments provide a kind of right discriminating system; after 2nd ProSe functional entity 170 obtains the second mark of terminal by the first mark of terminal 190; authorizing procedure is realized again by the second mark of described terminal 190; make terminal 190 when initiation authentication; do not need IMSI and/or MSISDN sending self; protect the privacy information of user, and not easily make mistakes.

Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of hardware embodiment, software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store and optical memory etc.) of computer usable program code.

The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.

Claims

1. a method for service discovering, be applied to the network side in device-to-device D2D framework, described method comprises:

2. method according to claim 1, is characterized in that, a described ProSe functional entity identifies according to described first mark acquisition second, comprising:

3. method according to claim 1, is characterized in that, a described ProSe functional entity identifies according to described first mark acquisition second, comprising:

A described ProSe functional entity sends the second mark to described terminal and obtains request;

A described ProSe functional entity receives the second mark acquisition response that described terminal sends, and described second mark obtains response and comprises described second mark.

4. method according to claim 1, is characterized in that, a described ProSe functional entity carries out certification according to the second mark to described discovery business, comprising:

5. method according to claim 1, is characterized in that, the type of described discovery business is for announcing, monitoring or coupling;

6. according to the arbitrary described method of claim 1 to 5, it is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that described MME is described terminal distribution.

7. a service discovering method, be applied to the terminal in device-to-device D2D framework, described method comprises:

8. method according to claim 7, it is characterized in that, after the type that described terminal sends discovery business to a described ProSe functional entity and the first mark, and before described terminal receives and send find service response message to described terminal, described method also comprises:

9. the method according to claim 7 or 8, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that mobile management entity MME is described terminal distribution.

10. a method for authenticating, is characterized in that, described method comprises:

11. methods according to claim 10, is characterized in that, described 2nd ProSe functional entity obtains the second mark of described terminal by the first mark of described terminal, specifically comprises:

12. methods according to claim 10 or 11, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that described MME is described terminal distribution.

13. 1 kinds of method for authenticating, is characterized in that, described method comprises:

14. methods according to claim 13, is characterized in that, a described ProSe functional entity obtains the authentication context of described terminal according to described second mark, specifically comprises:

15. methods according to claim 13 or 14, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that mobile management entity MME is described terminal distribution.

16. 1 kinds of method for authenticating, is characterized in that, described method comprises:

17. methods according to claim 16, is characterized in that, before described terminal sends authentication request message to described 2nd ProSe functional entity, described method also comprises:

18. methods according to claim 16 or 17, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that mobile management entity MME is described terminal distribution.

19. 1 kinds based on the business ProSe functional entity device of distance, comprise the first receiving element, the first acquiring unit, the first authentication ' unit and the first transmitting element, wherein,

20. equipment according to claim 19, is characterized in that, described first acquiring unit specifically for:

21. equipment according to claim 19, is characterized in that, described first acquiring unit specifically for:

Indicate described first transmitting element to send the second mark to described terminal and obtain request;

The second mark indicating described first receiving element to receive the transmission of described terminal obtains response, and described second mark acquisition response comprises described second mark.

22. equipment according to claim 19, is characterized in that, described first authentication ' unit is used for:

23. equipment according to claim 19, is characterized in that, the type of described discovery business is for announcing, monitoring or coupling; Accordingly, described first transmitting element specifically for:

24., according to claim 19 to 23 arbitrary described equipment, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that described MME is described terminal distribution.

25. 1 kinds of terminals, is characterized in that, comprising:

26. terminals according to claim 25, is characterized in that, described second receiving element also for, receive described one ProSe functional entity send second mark obtain request;

27. terminals according to claim 25 or 26, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that mobile management entity MME is described terminal distribution.

28. a kind second, based on the business ProSe functional entity device of distance, is characterized in that, described equipment comprises: second acquisition unit, the 3rd transmitting element, the 3rd receiving element, wherein,

29. equipment according to claim 28, is characterized in that, described second acquisition unit specifically for:

30. equipment according to claim 28 or 29, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that described MME is described terminal distribution.

31. 1 kinds, based on the business ProSe functional entity device of distance, is characterized in that, comprise the 4th receiving element, the 3rd acquiring unit and the 4th transmitting element, wherein,

32. equipment according to claim 31, is characterized in that, described 3rd acquiring unit specifically for:

33. equipment according to claim 31 or 32, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that mobile management entity MME is described terminal distribution.

34. 1 kinds of terminals, is characterized in that, described terminal comprises: the 5th transmitting element and the 5th receiving element, wherein,

35. terminals according to claim 34, is characterized in that, described terminal also comprises:

36. terminals according to claim 34 or 35, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that mobile management entity MME is described terminal distribution.

The system of 37. 1 kinds of service discoverings, is characterized in that, described system comprises the business ProSe functional entity device of first under the PLMN HPLMN of the ownership of terminal and described terminal based on distance, wherein,

38., according to system according to claim 37, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that described MME is described terminal distribution.

39. 1 kinds of right discriminating systems, it is characterized in that, described system comprises second under the home public land mobile network network PLMN of terminal, described terminal based on the ProSe functional entity device under the PLMN HPLMN of the ProSe functional entity device of distance, the ownership of described terminal, wherein

40., according to system according to claim 39, is characterized in that, described first is designated the whole world unique temporary user device mark GUTI that described MME is described terminal distribution.