CN107005913B - Verification method, user equipment and the adjacent service functional entity of adjacent service communication - Google Patents

Verification method, user equipment and the adjacent service functional entity of adjacent service communication Download PDF

Info

Publication number
CN107005913B
CN107005913B CN201580027986.4A CN201580027986A CN107005913B CN 107005913 B CN107005913 B CN 107005913B CN 201580027986 A CN201580027986 A CN 201580027986A CN 107005913 B CN107005913 B CN 107005913B
Authority
CN
China
Prior art keywords
entity
broadcast
discovery
digital certificate
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201580027986.4A
Other languages
Chinese (zh)
Other versions
CN107005913A (en
Inventor
应江威
邓强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN107005913A publication Critical patent/CN107005913A/en
Application granted granted Critical
Publication of CN107005913B publication Critical patent/CN107005913B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/24Connectivity information management, e.g. connectivity discovery or connectivity update
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/005Discovery of network devices, e.g. terminals

Abstract

The embodiment of the invention discloses a kind of verification methods of adjacent service communication, can simplify verifying process, improve verifying speed.The method comprise the steps that monitoring UE sends the first discovery request to the first PF entity, first discovery request carries the proximity application mark of broadcast UE, receive the first discovery response message of the first PF Entity feedback, first discovery response message carries the neighbouring code of broadcast UE, receive discovery message, it was found that message carries information signature value and neighbouring code, wherein, it was found that message carries the digital certificate of broadcast UE, digital certificate includes public key, alternatively, the first discovery response message carries the digital certificate of broadcast UE;If the neighbouring code for broadcasting UE is identical as the neighbouring code that discovery message carries, the legitimacy that UE determines discovery message according to public key is monitored.The invention also discloses the user equipmenies of the verification method communicated for realizing adjacent service and adjacent service functional entity.

Description

Verification method, user equipment and the adjacent service functional entity of adjacent service communication
Technical field
The present invention relates to the verification method, user equipment of wireless communication field, especially adjacent service communication and neighbouring clothes Business functional entity.
Background technique
Adjacent service (Proximity Service, ProSe) refers to for supporting geographically adjacent equipment phase intercommunication The scheme of letter.With social category apply extensive use, user can be understood in time by ProSe good friend occur around or It leaves, or finds interested service around, such as stay, restaurant, bar, Stadium etc., based on adjacent service offer Service discovering and communication function enable to people's lives and work to become very convenient.
Specifically, ProSe is communicated, also referred to as equipment communicates equipment (Device-to-Device, D2D), refers to and is used for Establish directly linking between multiple user equipmenies (User Equipment, UE) and between devices direct exchanging user data (for example, text, multi-medium data etc.) and without the communication plan of network transfer.ProSe communication is established in the prior art Fundamental mechanism is approximately as network side equipment, such as adjacent service function (Proximity Service Function, PF) entity It is distributed neighbouring code (Proximity Service Code, ProSe Code) for D2D equipment, D2D equipment can be with area by function It is divided into the message of broadcast UE and monitoring UE, broadcast UE to neighbouring UE broadcast comprising neighbouring code, the monitoring UE near broadcast UE It listens to after broadcast, the neighbouring code got from adjacent service functional entity is carried out with the neighbouring code got from broadcast UE Matching, if they are the same, then establishes the link.
Other people maliciously forge neighbouring code in order to prevent, can carry out verification operation in the prior art, approximately as: monitoring UE After the discovery message for receiving broadcast UE broadcast, time slot can be recombinated according to the timestamp in discovery message, and pass through monitoring UE's PF entity will be seen that the time slot after message and recombination is sent to the PF entity of broadcast UE, and the PF entity by broadcasting UE is verified simultaneously Feedback check is as a result, monitoring UE can determine whether neighbouring code is maliciously forged according to the check results.
But in above-mentioned verification process, the PF that the time slot after finding message or recombination is reported to monitoring UE by monitoring UE is real Body, then by monitor UE PF entity be transmitted to broadcast UE PF entity, from broadcast UE PF entity carry out verification and to monitoring UE PF Entity feedback check results, then by monitor UE PF entity will verify result notice monitor UE, monitoring UE to discovery message The process verified needs intermediate equipment repeatedly to forward the time slot after discovery message or recombination, and required time is long, signaling overheads Greatly.
Summary of the invention
In view of this, the present invention provides a kind of verification method of adjacent service communication, for reducing adjacent service communication The signaling overheads of middle verification process accelerates verifying speed.
First aspect present invention provides a kind of verification method of adjacent service communication, comprising:
It monitors UE and sends the first discovery request to the first PF entity, the first discovery request carries the neighbouring of broadcast UE Application identities, above-mentioned first PF entity are the adjacent service functional entity for monitoring the belonging area network of UE;
Above-mentioned monitoring UE receives the first discovery response message of above-mentioned first PF Entity feedback, and above-mentioned first discovery response disappears Breath carries the neighbouring code of the indicated broadcast UE of the proximity application mark;
Above-mentioned monitoring UE receives discovery message, and above-mentioned discovery message carries information signature value and neighbouring code;
Wherein, the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, or Person, the first discovery response message carry the digital certificate of the broadcast UE;
If the neighbouring code of above-mentioned broadcast UE is identical as the neighbouring code that above-mentioned discovery message carries, above-mentioned monitoring UE is according to upper Public key is stated, determines the legitimacy of above-mentioned discovery message.
With reference to first aspect, in the possible implementation of the first in first aspect present invention, above-mentioned monitoring UE is according to upper Public key is stated, determines the legitimacy of above-mentioned discovery message, comprising:
Above-mentioned monitoring UE verifies above-mentioned information signature value using above-mentioned public key, if above-mentioned information signature value is by testing Card, then above-mentioned monitoring UE determines that above-mentioned discovery message is legal, if above-mentioned information signature value is unverified, above-mentioned monitoring UE is true Fixed above-mentioned discovery message is illegal.
With reference to first aspect or the possible implementation of the first in first aspect present invention, in first aspect present invention In second of possible implementation, above-mentioned discovery message further includes first time information, and first time information is used to indicate The generation moment of information signature value is stated, then above-mentioned monitoring UE determines that the legitimacy of above-mentioned discovery message includes: according to above-mentioned public key
Above-mentioned monitoring UE determines the legitimacy of above-mentioned discovery message according to above-mentioned public key and above-mentioned first time information.
Second of possible implementation in reference to first aspect, the third possible realization side in first aspect present invention In formula, above-mentioned first discovery response message further includes allowing shift durations, and above-mentioned monitoring UE receives above-mentioned first PF Entity feedback First discovery response message after include:
Above-mentioned monitoring UE obtains the second temporal information according to local clock, and above-mentioned second temporal information is used to indicate above-mentioned prison At the time of surveying UE reception above-mentioned discovery message;
If the time difference of above-mentioned first time information and above-mentioned second time information is no more than above-mentioned permission shift durations, Execute the step of above-mentioned monitoring UE determines the legitimacy of above-mentioned discovery message using above-mentioned public key and above-mentioned first time information.
With reference to first aspect or the possible implementation of the first in first aspect present invention or first aspect present invention In the third possible implementation in second of possible implementation or first aspect present invention, first aspect present invention In in the 4th kind of possible implementation, in the monitoring UE according to the public key, determine the discovery message legitimacy it Before, the method also includes:
The monitoring UE verifies the legitimacy of the public key according to the digital certificate.
In conjunction with the 4th kind of possible implementation in first aspect present invention, in first aspect present invention the 5th kind it is possible In implementation, for above-mentioned monitoring UE according to above-mentioned digital certificate, the legitimacy for verifying above-mentioned public key includes: that above-mentioned monitoring UE passes through Online certificate status protocol OCSP judges whether above-mentioned digital certificate has been revoked;If above-mentioned digital certificate has been revoked, Determine that above-mentioned public key is illegal;If above-mentioned digital certificate is not revoked, the legitimacy of above-mentioned digital certificate is verified, if above-mentioned number Word certificate is legal, it is determined that above-mentioned public key is legal.
In conjunction with the 4th kind of possible implementation in first aspect present invention, in first aspect present invention the 6th kind it is possible In implementation, above-mentioned first discovery response message carries certificate revocation list CRL, and above-mentioned monitoring UE is demonstrate,proved according to above-mentioned number Book, the legitimacy for verifying above-mentioned public key include:
Above-mentioned monitoring UE judges whether above-mentioned digital certificate has been revoked according to above-mentioned CRL;If above-mentioned digital certificate is It is revoked, it is determined that above-mentioned public key is illegal;If above-mentioned digital certificate is not revoked, the legal of above-mentioned digital certificate is verified Property, if above-mentioned digital certificate is legal, it is determined that above-mentioned public key is legal.
Second aspect of the present invention provides a kind of verification method of adjacent service communication, comprising:
Broadcast UE sends the second discovery request of the digital certificate for carrying above-mentioned broadcast UE to the 2nd PF entity, and above-mentioned the Two PF entities are the adjacent service functional entity for broadcasting the belonging area network of UE, and above-mentioned digital certificate includes the private key with broadcast UE Corresponding public key;
Above-mentioned broadcast UE receives the second discovery response message of above-mentioned 2nd PF Entity feedback, and above-mentioned second discovery response disappears Breath carries neighbouring code;
Above-mentioned broadcast UE carries out signature to above-mentioned neighbouring code using the private key of broadcast UE and generates information signature value;
Above-mentioned broadcast UE sends discovery message to monitoring UE, and above-mentioned discovery message carries above-mentioned information signature value and above-mentioned Neighbouring code.
In conjunction with second aspect of the present invention, in the possible implementation method of the first in second aspect of the present invention, above-mentioned discovery disappears Breath includes first time information, and above-mentioned first time information is used to indicate the generation moment of the information signature value;
The broadcast UE carries out signature to the neighbouring code and generates information signature value packet according to the private key of the broadcast UE Include: the broadcast UE carries out signature generation to the neighbouring code and the first time information according to the private key of the broadcast UE Information signature value.
The verification method that third aspect present invention provides a kind of communication of adjacent service includes:
It broadcasts UE and sends the second discovery request to the 2nd PF entity, above-mentioned 2nd PF entity is the ownership place of above-mentioned broadcast UE The adjacent service functional entity of network;
Above-mentioned broadcast UE receives the second discovery response message of above-mentioned 2nd PF Entity feedback, and above-mentioned second discovery response disappears Breath carries neighbouring code;
Above-mentioned broadcast UE carries out signature to above-mentioned neighbouring code and generates information signature value according to the private key of above-mentioned broadcast UE;
Above-mentioned broadcast UE sends discovery message to monitoring UE, and above-mentioned discovery message carries above-mentioned information signature value, above-mentioned The digital certificate of neighbouring code and above-mentioned broadcast UE, above-mentioned digital certificate include public key corresponding with above-mentioned private key.
In conjunction with the third aspect, in the first possible implementation of third aspect present invention, above-mentioned discovery message is also carried There is first time information, above-mentioned first time information is used to indicate the generation moment of the information signature value;
The broadcast UE carries out signature to the neighbouring code and generates information signature value packet according to the private key of the broadcast UE Include: the broadcast UE carries out signature generation to the neighbouring code and the first time information according to the private key of the broadcast UE Information signature value.
The verification method that fourth aspect present invention provides a kind of communication of adjacent service includes:
2nd PF entity receives the monitoring request that the first PF entity is sent, and above-mentioned monitoring request carries the neighbouring of broadcast UE Application identities, above-mentioned monitoring request are that above-mentioned first PF entity is requested according to the first discovery that monitoring UE is sent, above-mentioned 2nd PF Entity is the adjacent service functional entity of the belonging area network of above-mentioned broadcast UE;
Above-mentioned 2nd PF entity is identified according to above-mentioned proximity application, determines the neighbouring code of broadcast UE and the number card of broadcast UE Book;
Above-mentioned 2nd PF entity sends the neighbouring code for carrying above-mentioned broadcast UE and above-mentioned broadcast to above-mentioned first PF entity The monitoring response message of the digital certificate of UE.
In conjunction with fourth aspect, in the first possible implementation of fourth aspect present invention, above-mentioned 2nd PF entity is received Include: before the monitoring request that first PF entity is sent
Above-mentioned 2nd PF entity receives the second discovery request that above-mentioned broadcast UE is sent, and above-mentioned second discovery request carries The digital certificate of above-mentioned broadcast UE;
Above-mentioned 2nd PF entity sends the second discovery response message to above-mentioned broadcast UE, and above-mentioned second discovery response message is taken Neighbouring code with the broadcast UE;
Above-mentioned 2nd PF entity will broadcast digital certificate, the proximity application mark of broadcast UE and the neighbour of above-mentioned broadcast UE of UE Nearly code is bound.
Fifth aspect present invention provides a kind of verification method of adjacent service communication, comprising:
First PF entity receives the first discovery request that monitoring UE is sent, and above-mentioned first discovery request carries broadcast UE's Proximity application mark, above-mentioned first PF entity are the adjacent service functional entity for monitoring the belonging area network of UE;
Above-mentioned first PF entity sends monitoring request to the 2nd PF entity, and above-mentioned monitoring request carries above-mentioned broadcast UE's Proximity application mark, so that above-mentioned 2nd PF entity identifies the neighbouring code for obtaining broadcast UE according to the proximity application of above-mentioned broadcast UE With the digital certificate of broadcast UE;
Above-mentioned first PF entity receives the monitoring response message of above-mentioned 2nd PF Entity feedback, and above-mentioned monitoring response message is taken The digital certificate of the digital certificate of neighbouring code and above-mentioned broadcast UE with broadcast UE, the broadcast UE includes public key;
Above-mentioned first PF entity sends the first discovery response message to above-mentioned monitoring UE, and above-mentioned first discovery response message is taken The neighbouring code of digital certificate and above-mentioned broadcast UE with above-mentioned broadcast UE.
In terms of the 5th, in fifth aspect present invention in the first possible implementation, above-mentioned first PF entity is connect It receives after the monitoring response message of above-mentioned 2nd PF Entity feedback and includes:
Above-mentioned first PF entity judges whether above-mentioned digital certificate has been revoked according to certificate revocation list CRL, if above-mentioned Digital certificate has been revoked, it is determined that above-mentioned public key is illegal, if above-mentioned digital certificate is not revoked, verifies above-mentioned number The legitimacy of certificate determines that above-mentioned public key is legal if above-mentioned digital certificate is legal.
In terms of the 5th, in fifth aspect present invention in second of possible implementation, above-mentioned first PF entity is connect It receives after the monitoring response message of above-mentioned 2nd PF Entity feedback and includes:
Above-mentioned first PF entity judges whether above-mentioned digital certificate has been revoked by online certificate status protocol OCSP, if Above-mentioned digital certificate has been revoked, it is determined that above-mentioned public key is illegal;If above-mentioned digital certificate is not revoked, verify above-mentioned The legitimacy of digital certificate, if above-mentioned digital certificate is legal, it is determined that above-mentioned public key is legal.
Sixth aspect present invention provides a kind of verification method of adjacent service communication, comprising:
It monitors UE and sends the first discovery request to the first PF entity, above-mentioned first discovery request carries the neighbouring of broadcast UE Application identities, above-mentioned first PF entity are the adjacent service functional entity for monitoring the belonging area network of UE;
Above-mentioned monitoring UE receives the first discovery response message of above-mentioned first PF Entity feedback, and above-mentioned first discovery response disappears Breath carries the neighbouring code of broadcast UE;
Above-mentioned monitoring UE receives discovery message, and above-mentioned discovery message carries information signature value and neighbouring code;
If the neighbouring code that above-mentioned discovery message carries is identical as the neighbouring code of above-mentioned broadcast UE, above-mentioned monitoring UE is to above-mentioned First PF entity sends above-mentioned discovery message.
Seventh aspect present invention provides a kind of verification method of adjacent service communication, comprising:
First PF entity receives the first discovery request that monitoring UE is sent, and above-mentioned first PF entity is the ownership place for monitoring UE The adjacent service functional entity of network;
Above-mentioned first PF entity sends monitoring request to the 2nd PF entity, and above-mentioned monitoring request carries the neighbouring of broadcast UE Application identities;
Above-mentioned first PF entity receives the neighbouring code for carrying broadcast UE of above-mentioned 2nd PF Entity feedback and broadcasts UE's The monitoring response message of digital certificate, the digital certificate include public key;
The first discovery response message that above-mentioned first PF entity is sent to above-mentioned monitoring UE, above-mentioned first discovery response message Carry the neighbouring code of above-mentioned broadcast UE;
Above-mentioned first PF entity receives the discovery message that above-mentioned monitoring UE is sent, and the discovery message carries information signature Value;
Above-mentioned first PF entity according in above-mentioned digital certificate public key and the information signature value, determine that above-mentioned discovery disappears The legitimacy of breath.
In conjunction with the 7th aspect, in the first possible implementation of seventh aspect present invention, the first PF entity according to The public key of the digital certificate and the information signature value determine the legitimacy of the discovery message, comprising:
The first PF entity uses the public key of the digital certificate, verifies to the information signature value;If The information signature value is by verifying, then the first PF entity determines that the discovery message is legal;If information signature value is not led to Verifying is crossed, then the first PF entity determines that the discovery message is illegal.
Eighth aspect present invention provides a kind of UE, and above-mentioned UE includes: as monitoring UE, above-mentioned UE
Sending module, for sending the first discovery request to the first PF entity, above-mentioned first discovery request carries broadcast The proximity application of UE identifies, and above-mentioned first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Receiving module, for receiving the first discovery response message of above-mentioned first PF Entity feedback, above-mentioned first discovery is rung Message is answered to carry the neighbouring code of the indicated broadcast UE of the proximity application mark;
Above-mentioned receiving module, is also used to receive discovery message, and above-mentioned discovery message carries information signature value and neighbouring code; Wherein, the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, alternatively, described the One discovery response message carries the digital certificate of the broadcast UE;
Authentication module, if the neighbouring code for above-mentioned discovery message to carry is identical as the neighbouring code of above-mentioned broadcast UE, root The legitimacy of above-mentioned discovery message is determined according to above-mentioned public key.
In conjunction with eighth aspect, in the first possible implementation of eighth aspect present invention, above-mentioned authentication module is specifically used In being verified using above-mentioned public key to above-mentioned information signature value, if above-mentioned information signature value passes through verifying, it is determined that above-mentioned hair Existing message is legal, if above-mentioned information signature value is unverified, it is determined that above-mentioned discovery message is illegal.
In conjunction with eighth aspect or eighth aspect present invention the first possible implementation, eighth aspect present invention second In the possible implementation of kind, above-mentioned authentication module is specifically used for the root when above-mentioned discovery message further includes first time information The legitimacy of above-mentioned discovery message is determined according to above-mentioned public key and above-mentioned first time information.
In conjunction with second of eighth aspect present invention possible implementation, the third possible realization of eighth aspect present invention In mode, the UE further include:
Module is obtained, is also used to obtain the second temporal information according to local clock, above-mentioned second temporal information is used to indicate At the time of above-mentioned monitoring UE receives above-mentioned discovery message;
Above-mentioned authentication module is also used to when above-mentioned first discovery response message further includes allowing shift durations, if above-mentioned The time difference of first time information and above-mentioned second temporal information is no more than above-mentioned permission shift durations, then executes above-mentioned monitoring UE The step of determining the legitimacy of the discovery message using above-mentioned public key and above-mentioned first time information.
In conjunction with eighth aspect or the first possible implementation of eighth aspect present invention or eighth aspect present invention Two kinds of possible implementations or eighth aspect present invention the third possible implementation, the 4th kind of eighth aspect present invention In possible implementation, above-mentioned authentication module is specifically used for determining above-mentioned discovery according to above-mentioned public key in above-mentioned authentication module Before the legitimacy of message, according to above-mentioned digital certificate, the legitimacy of above-mentioned public key is verified.
In conjunction with the 4th kind of possible implementation of eighth aspect present invention, the 5th kind of possible realization of eighth aspect present invention In mode, above-mentioned authentication module is specifically used for judging whether above-mentioned digital certificate is removed by online certificate status protocol OCSP Pin, if above-mentioned digital certificate has been revoked, it is determined that above-mentioned public key is illegal, if above-mentioned digital certificate is not revoked, tests The legitimacy of above-mentioned digital certificate is demonstrate,proved, if above-mentioned digital certificate is legal, above-mentioned public key is legal.
In conjunction with the 4th kind of possible implementation of eighth aspect present invention, the 5th kind of possible realization of eighth aspect present invention In mode, above-mentioned authentication module is specifically used for when above-mentioned first discovery response message further includes certificate revocation list CRL, according to Above-mentioned CRL judges whether above-mentioned digital certificate has been revoked, if above-mentioned digital certificate has been revoked, it is determined that above-mentioned public key is not It is legal, if above-mentioned digital certificate is not revoked, the legitimacy of above-mentioned digital certificate is verified, if above-mentioned digital certificate is legal, Above-mentioned public key is legal.
Ninth aspect present invention provides a kind of UE, and above-mentioned UE includes: as broadcast UE, above-mentioned UE
Sending module, for sending the second discovery request for carrying above-mentioned digital certificate to the 2nd PF entity, above-mentioned the Two PF entities are the adjacent service functional entity for broadcasting the belonging area network of UE, and the digital certificate includes and the broadcast UE The corresponding public key of private key;
Receiving module, for receiving the second discovery response message of above-mentioned 2nd PF Entity feedback, above-mentioned second discovery is rung Message is answered to carry neighbouring code;
Generation module carries out signature to above-mentioned neighbouring code for the private key using broadcast UE and generates information signature value;
Above-mentioned sending module, for sending discovery message to monitoring UE, above-mentioned discovery message carries above-mentioned information signature Value and above-mentioned neighbouring code.
In terms of the 9th, in the first possible implementation of ninth aspect present invention, above-mentioned discovery message further includes First time information, above-mentioned first time information are used to indicate the generation moment of the information signature value;The generation module tool Body is used to carry out signature according to the private key of the broadcast UE to the neighbouring code and the first time information and generate information signature Value.
Tenth aspect present invention provides a kind of UE, and above-mentioned UE includes: as broadcast UE, above-mentioned UE
Sending module, for sending the second discovery request to the 2nd PF entity, above-mentioned 2nd PF entity is above-mentioned broadcast UE Belonging area network adjacent service functional entity;
Receiving module, for receiving the second discovery response message of above-mentioned 2nd PF Entity feedback, above-mentioned second discovery is rung Message is answered to carry neighbouring code;
Generation module carries out signature to above-mentioned neighbouring code and generates information signature value for the private key according to above-mentioned broadcast UE;
Above-mentioned sending module is also used to send discovery message to monitoring UE, and above-mentioned discovery message carries above-mentioned message label The digital certificate of name value, above-mentioned neighbouring code and above-mentioned broadcast UE, above-mentioned digital certificate include public key corresponding with above-mentioned private key.
In terms of the tenth, in the first possible implementation of tenth aspect present invention, above-mentioned discovery message is also carried There is first time information, above-mentioned first time information is used to indicate the generation moment of the information signature value;The generation module Specifically for the private key according to the broadcast UE, signature is carried out to the neighbouring code and the first time information and generates message label Name value.
Tenth one side of the invention provides a kind of PF entity, and for above-mentioned PF entity as the 2nd PF entity, above-mentioned 2nd PF is real Body is the adjacent service functional entity for broadcasting the belonging area network of UE, comprising:
Receiving module, for receiving the monitoring request of the first PF entity transmission, above-mentioned monitoring request carries proximity application Mark, above-mentioned monitoring request are that above-mentioned first PF entity is requested according to the first discovery that monitoring UE is sent;
Determining module, for identifying the number of the neighbouring code and the broadcast UE that determine broadcast UE according to above-mentioned proximity application Certificate;
Sending module is also used to send the neighbouring code for carrying above-mentioned broadcast UE and above-mentioned number to above-mentioned first PF entity The monitoring response message of certificate.
On the one hand in conjunction with the tenth, in the first possible implementation of the tenth one side of the invention,
Above-mentioned receiving module is also used to receive the second discovery request that above-mentioned broadcast UE is sent, above-mentioned second discovery request Carry the digital certificate of above-mentioned broadcast UE;
Above-mentioned sending module is also used to send the second discovery response message, above-mentioned second discovery response to above-mentioned broadcast UE Message carries the neighbouring code of broadcast UE;
Above-mentioned PF entity further include: binding module, for by the digital certificate of above-mentioned broadcast UE, broadcast UE proximity application The neighbouring code of mark and above-mentioned broadcast UE are bound.
The twelfth aspect of the present invention provides a kind of PF entity, and for above-mentioned PF entity as the first PF entity, above-mentioned first PF is real Body is the adjacent service functional entity for monitoring the belonging area network of UE, and above-mentioned PF entity includes:
Receiving module, the first discovery request sent for receiving monitoring UE, the first discovery request carry broadcast The proximity application of UE identifies, and above-mentioned first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Sending module, for sending monitoring request to the 2nd PF entity, above-mentioned monitoring request carries the neighbouring of broadcast UE Application identities, so that above-mentioned 2nd PF entity identifies the number of the neighbouring code for obtaining broadcast UE and broadcast UE according to above-mentioned proximity application Word certificate;
Above-mentioned receiving module is also used to receive the monitoring response message of above-mentioned 2nd PF Entity feedback, above-mentioned monitoring response Message carries the neighbouring code of the broadcast UE and the digital certificate of the broadcast UE, and above-mentioned digital certificate includes public key;
Above-mentioned sending module is also used to send the first discovery response message, above-mentioned first discovery response to above-mentioned monitoring UE Message carries the digital certificate of above-mentioned broadcast UE and the neighbouring code of above-mentioned broadcast UE.
In terms of the 12nd, in the first possible implementation of the twelfth aspect of the present invention, above-mentioned PF entity is also wrapped It includes: the first authentication module, after the monitoring response message for receiving above-mentioned 2nd PF Entity feedback, according to certificate revocation list CRL judges whether above-mentioned digital certificate has been revoked, if above-mentioned digital certificate has been revoked, it is determined that public key is illegal, if Above-mentioned digital certificate is not revoked, then verifies the legitimacy of above-mentioned digital certificate, if above-mentioned digital certificate is legal, determines that public key closes Method.
In terms of the 12nd, in second of the twelfth aspect of the present invention possible implementation, above-mentioned PF entity is also wrapped Include: the second authentication module after the monitoring response message for receiving above-mentioned 2nd PF Entity feedback, passes through online certificate status Agreement OCSP judges whether above-mentioned digital certificate has been revoked, if above-mentioned digital certificate has been revoked, it is determined that public key does not conform to Method verifies the legitimacy of above-mentioned digital certificate if above-mentioned digital certificate is not revoked, if above-mentioned digital certificate is legal, determines Public key is legal.
The 13rd aspect of the present invention provides a kind of UE, and above-mentioned UE includes: as monitoring UE, above-mentioned UE
Sending module, for sending the first discovery request to the first PF entity, above-mentioned first discovery request carries broadcast The proximity application of UE identifies, and above-mentioned first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Receiving module, for receiving the first discovery response message of above-mentioned first PF Entity feedback, above-mentioned first discovery is rung Message is answered to carry the neighbouring code of broadcast UE;
Above-mentioned receiving module, is also used to receive discovery message, and above-mentioned discovery message carries information signature value and neighbouring code;
Above-mentioned sending module, if being also used to the neighbouring code phase of neighbouring code and above-mentioned broadcast UE that above-mentioned discovery message carries Together, then above-mentioned discovery message is sent to above-mentioned first PF entity, so that above-mentioned first PF entity determines above-mentioned hair according to public key The legitimacy of existing message.
Fourteenth aspect of the present invention provides a kind of PF entity, and for above-mentioned PF entity as the first PF entity, above-mentioned first PF is real Body is the adjacent service functional entity for monitoring the belonging area network of UE, comprising:
Receiving module, the first discovery request sent for receiving monitoring UE, above-mentioned first discovery carry broadcast UE's Proximity application mark;
Sending module, for sending monitoring request to the 2nd PF entity, above-mentioned monitoring request carries above-mentioned proximity application Mark;
Above-mentioned receiving module is also used to receive the neighbouring code for carrying broadcast UE and the broadcast of above-mentioned 2nd PF Entity feedback The monitoring response message of the digital certificate of UE, the digital certificate include public key;
Above-mentioned sending module, the first discovery response message for being also used to send to above-mentioned monitoring UE, above-mentioned first discovery are rung Message is answered to carry the neighbouring code of broadcast UE;
Above-mentioned receiving module is also used to receive the discovery message that above-mentioned monitoring UE is sent, and the discovery message, which carries, to disappear Cease signature value;
Authentication module, for according in above-mentioned digital certificate public key and the information signature value, determine that above-mentioned discovery disappears The legitimacy of breath.
In conjunction with fourteenth aspect, in the first possible implementation of fourteenth aspect of the present invention, above-mentioned authentication module tool Body is for verifying above-mentioned information signature value using the public key of above-mentioned digital certificate, if above-mentioned information signature value is by testing Card, it is determined that above-mentioned discovery message is legal, if information signature value is unverified, it is determined that above-mentioned discovery message is illegal.
The fifteenth aspect of the present invention provides a kind of UE, and above-mentioned UE includes: as monitoring UE, above-mentioned UE
Reception device, sending device, processor and memory;
Above-mentioned sending device, for sending the first discovery request to the first PF entity, above-mentioned first discovery request is carried The proximity application mark of UE is broadcasted, above-mentioned first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Above-mentioned reception device, for receiving the first discovery response message of above-mentioned first PF Entity feedback, above-mentioned first hair Existing response message carries the neighbouring code of the indicated broadcast UE of the proximity application mark;
Above-mentioned reception device, is also used to receive discovery message, and above-mentioned discovery message carries information signature value and neighbouring code; Wherein, the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, alternatively, described the One discovery response message carries the digital certificate of the broadcast UE;
Above-mentioned processor, if the neighbouring code for being also used to above-mentioned discovery message carrying is identical as the neighbouring code of above-mentioned broadcast UE, The legitimacy of above-mentioned discovery message is then determined according to above-mentioned public key;
Above-mentioned memory disappears for storing above-mentioned first discovery request, above-mentioned first discovery response message and above-mentioned discovery Breath.
In terms of the 15th, in the first possible implementation of the fifteenth aspect of the present invention, above-mentioned processing implement body For using above-mentioned public key to verify above-mentioned information signature value, if above-mentioned information signature value passes through verifying, it is determined that above-mentioned It was found that message is legal, if above-mentioned information signature value is unverified, it is determined that above-mentioned discovery message is illegal.
In conjunction with the 15th aspect or the fifteenth aspect of the present invention the first possible implementation, the 15th side of the invention In the possible implementation in second of face,
Above-mentioned processor is specifically used for the first time information when above-mentioned discovery message further includes first time information It is used to indicate the generation moment of the information signature value, according to above-mentioned public key and above-mentioned first time information, determines above-mentioned discovery The legitimacy of message.
In conjunction with second of the fifteenth aspect of the present invention possible implementation, the third is possible for the fifteenth aspect of the present invention In implementation, above-mentioned monitoring UE further include:
Above-mentioned processor is also used to obtain the second temporal information according to local clock, and above-mentioned second temporal information is for referring to At the time of showing that above-mentioned monitoring UE receives above-mentioned discovery message;
Above-mentioned processor is also used to when above-mentioned first discovery response message further includes allowing shift durations, if above-mentioned the The time difference of one temporal information and above-mentioned second temporal information is no more than above-mentioned permission shift durations, then executes above-mentioned monitoring UE root The step of determining the legitimacy of above-mentioned discovery message according to above-mentioned public key and above-mentioned first time information.
In conjunction with the 15th aspect or the fifteenth aspect of the present invention the first possible implementation, or the present invention the 15th Second of aspect possible implementation or the fifteenth aspect of the present invention the third possible implementation, the present invention the 15th In the 4th kind of possible implementation of aspect,
Above-mentioned processor, be also used to above-mentioned processor according to above-mentioned public key determine above-mentioned discovery message legitimacy it Before, according to the legitimacy of the above-mentioned public key of above-mentioned digital certificate authentication.
In conjunction with the 4th kind of possible implementation of the fifteenth aspect of the present invention, the 5th kind of the fifteenth aspect of the present invention possible In implementation,
Above-mentioned processor is also used to judge whether above-mentioned digital certificate has been removed by online certificate status protocol OCSP Pin, if above-mentioned digital certificate has been revoked, it is determined that above-mentioned public key is illegal, if above-mentioned digital certificate is not revoked, tests The legitimacy of above-mentioned digital certificate is demonstrate,proved, if above-mentioned digital certificate is legal, above-mentioned public key is legal.
In conjunction with the 4th kind of possible implementation of the fifteenth aspect of the present invention, the 6th kind of the fifteenth aspect of the present invention possible In implementation,
Above-mentioned processor is also used to when above-mentioned first discovery response message further includes certificate revocation list CRL, according to upper It states CRL and judges whether above-mentioned digital certificate has been revoked, if above-mentioned digital certificate has been revoked, it is determined that above-mentioned public key does not conform to Method verifies the legitimacy of above-mentioned digital certificate if above-mentioned digital certificate is not revoked, if above-mentioned digital certificate is legal, on It is legal to state public key.
The 16th aspect of the present invention provides a kind of UE, and above-mentioned UE includes: as broadcast UE, above-mentioned UE
Reception device, sending device, processor and memory;
Above-mentioned sending device, the second discovery for sending the digital certificate for carrying broadcast UE to the 2nd PF entity are asked It asks, above-mentioned 2nd PF entity is the adjacent service functional entity for broadcasting the belonging area network of UE;
Above-mentioned reception device, for receiving the second discovery response message of above-mentioned 2nd PF Entity feedback, above-mentioned second hair Existing response message carries neighbouring code;
Above-mentioned processor carries out signature to above-mentioned neighbouring code for the private key using broadcast UE and generates information signature value;
Above-mentioned sending device, for sending discovery message to monitoring UE, above-mentioned discovery message carries above-mentioned information signature Value and neighbouring code;
Above-mentioned memory, for store above-mentioned private key, it is above-mentioned second discovery request, it is above-mentioned second discovery response message and State discovery message.
In terms of the present invention the 16th, in terms of the present invention the 16th in the first possible implementation, the processing Implement body is used to when the discovery message further include first time information, and the first time information is used to indicate the message label The generation moment of name value is carried out signature generation to the neighbouring code and the first time information and is disappeared using the private key of broadcast UE Cease signature value.
The 17th aspect of the present invention provides a kind of UE, and above-mentioned UE is as broadcast UE, comprising:
Sending device, for sending the second discovery request to the 2nd PF entity, above-mentioned 2nd PF entity is above-mentioned broadcast UE Belonging area network adjacent service functional entity;
Reception device, for receiving the second discovery response message of above-mentioned 2nd PF Entity feedback, above-mentioned second discovery is rung Message is answered to carry neighbouring code;
Processor carries out signature to above-mentioned neighbouring code and generates information signature value for the private key according to above-mentioned broadcast UE;
Above-mentioned sending device is also used to send discovery message to monitoring UE, and above-mentioned discovery message carries above-mentioned message label The digital certificate of name value, above-mentioned neighbouring code and above-mentioned broadcast UE, above-mentioned digital certificate include public key corresponding with above-mentioned private key.
In terms of the present invention the 17th, in terms of the present invention the 17th in the first possible implementation, the processing Implement body is used to also carry first time information when above-mentioned discovery message, and above-mentioned first time information is used to indicate the message The generation moment of signature value signs to the neighbouring code and the first time information according to the private key of the broadcast UE Generate information signature value.
The 18th aspect of the present invention provides a kind of PF entity, and for above-mentioned PF entity as the 2nd PF entity, above-mentioned 2nd PF is real Body is the adjacent service functional entity for broadcasting the belonging area network of UE, and above-mentioned PF entity includes:
Reception device, sending device, processor and memory;
Above-mentioned reception device, for receiving the monitoring request of the first PF entity transmission, above-mentioned monitoring request carries broadcast The proximity application of UE identifies, and above-mentioned monitoring request is that above-mentioned first PF entity is requested according to the first discovery that monitoring UE is sent;
Above-mentioned processor determines that the number of the neighbouring code and broadcast UE of broadcast UE is demonstrate,proved for identifying according to above-mentioned proximity application Book;
Above-mentioned sending device, is also used to send to above-mentioned first PF entity and carries the neighbouring code of above-mentioned broadcast UE and above-mentioned The monitoring response message of digital certificate;
Above-mentioned memory leads nearly application identities, neighbouring code, above-mentioned monitoring request and above-mentioned monitoring response to disappear for storing Breath.
In terms of the present invention the 18th, in terms of the present invention the 18th in the first possible implementation,
Above-mentioned reception device is also used to receive the second discovery request that above-mentioned broadcast UE is sent, above-mentioned second discovery request Carry the digital certificate of above-mentioned broadcast UE;
Above-mentioned sending device is also used to send the second discovery response message, above-mentioned second discovery response to above-mentioned broadcast UE Message carries the neighbouring code of the broadcast UE;
Above-mentioned processor is also used to broadcast the digital certificate of UE, the proximity application mark for broadcasting UE and the broadcast UE Neighbouring code bound.
The 19th aspect of the present invention provides a kind of PF entity, and for above-mentioned PF entity as the first PF entity, above-mentioned first PF is real Body is the adjacent service functional entity for monitoring the belonging area network of UE, and above-mentioned PF entity includes:
Reception device, the first discovery request sent for receiving monitoring UE, the first discovery request carry broadcast The proximity application of UE identifies;
Sending device, for sending the monitoring request for carrying proximity application and identifying to the 2nd PF entity, above-mentioned monitoring is asked It asks and carries proximity application mark, so that above-mentioned 2nd PF entity obtains neighbouring code and broadcast UE according to above-mentioned proximity application mark Digital certificate;
Above-mentioned reception device is also used to receive the monitoring response message of above-mentioned 2nd PF Entity feedback, above-mentioned monitoring response Message carries the neighbouring code of broadcast UE and the digital certificate of broadcast UE, and the digital certificate of the broadcast UE includes public key;
Above-mentioned sending device is also used to send the first discovery response message, above-mentioned first discovery response to above-mentioned monitoring UE Message carries the digital certificate of above-mentioned broadcast UE and the neighbouring code of above-mentioned broadcast UE;
Above-mentioned memory, for storing above-mentioned first discovery request, above-mentioned first discovery response message, above-mentioned monitoring request With above-mentioned monitoring response message.
In terms of the present invention the 19th, in terms of the present invention the 19th in the first possible implementation,
Above-mentioned processor after the monitoring response message for being also used to receive above-mentioned 2nd PF Entity feedback, is removed according to certificate Pin list CRL judges whether above-mentioned digital certificate has been revoked, if above-mentioned digital certificate has been revoked, it is determined that above-mentioned public key It is illegal, if above-mentioned digital certificate is not revoked, the legitimacy of above-mentioned digital certificate is verified, if above-mentioned digital certificate is legal, Determine that above-mentioned public key is legal.
In terms of the present invention the 19th, in the 19th second of possible implementation of aspect of the present invention,
Above-mentioned processor, after the monitoring response message for being also used to receive above-mentioned 2nd PF Entity feedback, by demonstrate,proving online Book status protocol OCSP judges whether above-mentioned digital certificate has been revoked, if above-mentioned digital certificate has been revoked, it is determined that on It is illegal to state public key, if above-mentioned digital certificate is not revoked, verifies the legitimacy of above-mentioned digital certificate, if above-mentioned digital certificate It is legal, it is determined that above-mentioned public key is legal.
The 20th aspect of the present invention provides a kind of UE, and above-mentioned UE includes: as monitoring UE, above-mentioned UE
Reception device, sending device, processor and memory;
Above-mentioned sending device, for sending the first discovery request to the first PF entity, the first discovery request is carried The proximity application mark of UE is broadcasted, above-mentioned first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Above-mentioned reception device, for receiving the first discovery response message of above-mentioned first PF Entity feedback, above-mentioned first hair Existing response message carries the neighbouring code of broadcast UE;
Above-mentioned reception device, is also used to receive discovery message, and above-mentioned discovery message carries information signature value and neighbouring code;
Above-mentioned sending device, if being also used to the neighbouring code phase of neighbouring code and above-mentioned broadcast UE that above-mentioned discovery message carries Together, then above-mentioned discovery message is sent to above-mentioned first PF entity, so that above-mentioned first PF entity determines the hair according to public key The legitimacy of existing message;
Above-mentioned memory, for above-mentioned first discovery request, above-mentioned first discovery response message and above-mentioned discovery message.
20th one side of the invention provides a kind of PF entity, and above-mentioned PF entity is as the first PF entity, above-mentioned first PF Entity is the adjacent service functional entity for monitoring the belonging area network of UE, comprising:
Reception device, sending device, processor and memory;
Above-mentioned reception device, the first discovery request sent for receiving monitoring UE, first discovery carry broadcast The proximity application of UE identifies;
Above-mentioned sending device, for sending monitoring request to the 2nd PF entity, above-mentioned monitoring request carries proximity application Mark;
Above-mentioned reception device is also used to receive the neighbouring code for carrying broadcast UE and the broadcast of above-mentioned 2nd PF Entity feedback The monitoring response message of the digital certificate of UE, the digital certificate include public key;
Above-mentioned sending device, the first discovery response message for being also used to send to above-mentioned monitoring UE, above-mentioned first discovery are rung Message is answered to carry the neighbouring code of broadcast UE;
Above-mentioned reception device is also used to receive the discovery message that above-mentioned monitoring UE is sent, and the discovery message, which carries, to disappear Cease signature value;
Above-mentioned processor, for determining the legitimacy of above-mentioned discovery message according to the public key in above-mentioned digital certificate;
Above-mentioned memory, for storing, above-mentioned first discovery is requested, above-mentioned first finds that response message, above-mentioned monitoring are asked It asks, above-mentioned monitoring response message and above-mentioned verification result.
On the one hand in conjunction with the present invention the 20th, in the first possible implementation of the 20th one side of the invention,
Above-mentioned processor is specifically used for verifying above-mentioned information signature value using the public key of above-mentioned digital certificate, if on It states information signature value and passes through verifying, it is determined that above-mentioned discovery message is legal, if information signature value is unverified, it is determined that above-mentioned It was found that message is illegal.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
It monitors UE and sends the first discovery request to the first PF entity, the first discovery response for receiving the first PF Entity feedback disappears Breath, the first discovery response message carry the neighbouring code of broadcast UE, receive discovery message, and discovery message carries information signature value And neighbouring code, wherein the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, or Person, the first discovery response message carries the digital certificate of the broadcast UE, if the neighbouring code of broadcast UE and discovery The neighbouring code that message carries is identical, then monitors the legitimacy that UE determines discovery message according to public key, and monitoring UE disappears without will be seen that Breath is forwarded to the 2nd PF entity through the first PF entity and is verified, and obtains verification result without from the first PF entity, therefore can To reduce signaling overheads, accelerate verifying speed.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is the signaling process schematic diagram of the verification method of adjacent service communication in the prior art;
Fig. 2 is a signaling process schematic diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Fig. 3 is a flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Fig. 4 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Fig. 5 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Fig. 6 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Fig. 7 is another signaling process schematic diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Fig. 8 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Fig. 9 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Figure 10 is another signaling process schematic diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Figure 11 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Figure 12 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Figure 13 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Figure 14 is another flow diagram of the verification method of adjacent service communication in the embodiment of the present invention;
Figure 15 is the structural schematic diagram that UE is monitored in the embodiment of the present invention;
Figure 16 is the structural schematic diagram that UE is broadcasted in the embodiment of the present invention;
Figure 17 is a structural schematic diagram of the 2nd PF entity in the embodiment of the present invention;
Figure 18 is a structural schematic diagram of the first PF entity in the embodiment of the present invention;
Figure 19 is another structural schematic diagram that UE is monitored in the embodiment of the present invention;
Figure 20 is another structural schematic diagram of the first PF entity in the embodiment of the present invention;
Figure 21 is a structural schematic diagram of UE in the embodiment of the present invention;
Figure 22 is a structural schematic diagram of PF entity in the embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
The invention discloses a kind of verification method of adjacent service communication, verification method is applied to adjacent service system, adjacent Nearly services communication system includes:
UE is broadcasted, is used for broadcast discovery messages, discovery message is for finding D2D equipment nearby;
UE is monitored, for monitoring discovery message, when finding that message is legal, adjacent communication can be established with broadcast UE and connected It connects;
First PF entity is the adjacent service functional entity for monitoring the belonging area network of UE, neighbouring for providing for monitoring UE Service;
2nd PF entity is the adjacent service functional entity for broadcasting the belonging area network of UE, neighbouring for providing for broadcast UE Service.
Below in conjunction with each network element in the above adjacent service communication system to the adjacent service communication in the embodiment of the present invention Verification method is described in detail, referring to Fig. 1, a signaling process of the verification method of adjacent service communication in the prior art Schematic diagram includes:
It broadcasts UE and sends the second discovery request to the 2nd PF entity;2nd PF entity is responded to broadcast UE the second discovery of feedback Message, above-mentioned second discovery response message carry neighbouring code and key;Broadcast UE is signed using above-mentioned key pair adjacent to code Name generates message integrity verification code;It broadcasts UE and sends discovery message to monitoring UE, discovery message carries neighbouring code and message Integrity verification code;
It monitors UE and sends the first discovery request to the first PF entity, the first discovery request carries the proximity application of broadcast UE Mark;First PF entity is sent to the 2nd PF entity carries the monitoring request that above-mentioned proximity application identifies;2nd PF entity to First PF Entity feedback carries the monitoring response message of the neighbouring code of broadcast UE;First PF entity carries broadcast to monitoring UE feedback First discovery response message of the neighbouring code of UE;
If monitoring UE sends to the first PF entity and finds it was found that the neighbouring code that message carries is identical as the broadcast neighbouring code of UE Message;First PF entity sends above-mentioned discovery message to the 2nd PF entity;
2nd PF entity is verified using above-mentioned key pair message integrity verification code, if message integrity verification code is logical Cross verifying, it is determined that discovery message is by verifying, if message integrity verification code is unverified, it is determined that discovery message is not led to Cross verifying.Verification result is sent to monitoring UE through the first PF entity by the 2nd PF entity.
Wherein, broadcast UE, which sends discovery message to monitoring UE, is realized by broadcast mode, monitors UE to the first PF reality Body sends the process of the first discovery request, and the process with broadcast UE broadcast discovery messages, above-mentioned two process is self-contained process.
In the prior art, during verifying finds message, discovery message is sent to the first PF entity by monitoring UE, the One PF entity is then forwarded to the 2nd PF entity, after the 2nd PF entity verifies discovery message, by verification result through first PF entity is sent to monitoring UE, in order to simplify verification process, improves verifying speed, verifying of the embodiment of the present invention to the prior art Process is made that improvement, referring to Fig. 2, in verifying process shown in Fig. 2,
Digital certificate is sent to the 2nd PF entity by broadcast UE, the 2nd PF entity by the neighbouring code for broadcasting UE, broadcast UE's The digital certificate of proximity application mark and broadcast UE are bound;It monitors UE and sends the first discovery request to the first PF entity;The One PF entity is sent to the 2nd PF entity carries the monitoring request that proximity application identifies;2nd PF entity will broadcast the number of UE Certificate and the neighbouring code for broadcasting UE return to the first PF entity;First PF entity will broadcast the digital certificate of UE and broadcast the neighbour of UE Nearly code returns to monitoring UE;
It monitors UE and receives discovery message;If monitoring UE it was found that the neighbouring code that message carries is identical as the broadcast neighbouring code of UE According to the public key in digital certificate, the legitimacy of discovery message is determined.
In verifying process shown in Fig. 2, the monitoring that the 2nd PF entity can be sent according to the first PF entity is requested, and will be broadcasted The digital certificate of UE is sent to monitoring UE through the first PF entity, and monitoring UE can be according to the public key pair in the digital certificate of broadcast UE It was found that message is verified, without sending discovery message to the first PF entity, therefore reduces validation process steps, accelerate Verifying speed, and saved the signaling overheads of verifying.
Referring to Fig. 3, the one embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
301, monitoring UE sends the first discovery request to the first PF entity, and the first discovery request carries the neighbouring of broadcast UE Application identities;
As broadcast UE of the user using monitoring UE finding nearby, monitoring UE sends the first discovery to the first PF entity and asks It asks, the first discovery request carries the proximity application mark of broadcast UE, and the first PF entity is the neighbour for monitoring the belonging area network of UE Nearly service function entity.
302, monitoring UE receives the first discovery response message of the first PF Entity feedback, and the first discovery response message carries It broadcasts the neighbouring code of UE and broadcasts the digital certificate of UE;
When monitoring UE to after the first PF entity transmission the first discovery request, the first PF entity obtains wide from the 2nd PF entity It broadcasts the neighbouring code of UE and broadcasts the digital certificate of UE, the first discovery response that monitoring UE can receive the first PF Entity feedback disappears Breath, the first discovery response message carry the neighbouring code of broadcast UE and broadcast the digital certificate of UE.
303, monitoring UE obtains the digital certificate of broadcast UE from the first discovery response message, and digital certificate includes public key;
Wherein, the first discovery response message carries the digital certificate of broadcast UE, and digital certificate includes public key, and monitoring UE can To obtain the digital certificate of broadcast UE from the first discovery response message.
304, monitoring UE receives discovery message, and discovery message carries information signature value and neighbouring code;
If the neighbouring code that 305, discovery message carries is identical as the broadcast neighbouring code of UE, UE is monitored according to public key, is determined It was found that the legitimacy of message.
Wherein, when the neighbouring code for finding that message carries is identical as the broadcast neighbouring code of UE, show that the discovery message comes from UE is broadcasted, whether monitoring UE can legal according to the public key verifications discovery message of broadcast UE.
If monitoring UE can establish with broadcast UE it was found that the neighbouring code that message carries is identical as the broadcast neighbouring code of UE D2D link can not also establish D2D link, be not construed as limiting herein.
It should be noted that step 301 to step 303 is to monitor UE to obtain broadcast UE from the first PF entity in the present embodiment Neighbouring code and broadcast UE digital certificate process, step 304 be monitor UE from broadcast UE obtain find message process, on It states two processes and has no fixed sequencing, in some embodiments of the invention, step 304 may be first carried out, then execute step Rapid 301, to step 303, are not construed as limiting herein.
In the present embodiment, the digital certificate of the available broadcast UE of monitoring UE verifies discovery message, without that will send out Existing message is sent to the 2nd PF entity by the first PF entity and is verified, therefore can reduce signaling overheads, accelerates verifying speed Degree.Compared with prior art, monitoring UE and broadcast UE are improved without negotiating identical key encryption and decryption without transmitting key Verify the safety of process.
Optionally, on the basis of embodiment shown in Fig. 3, the verification method of adjacent service communication in the embodiment of the present invention In another embodiment, monitoring UE is according to public key, and determine that the legitimacy of discovery message can be accomplished by the following way: monitoring UE makes Information signature value is verified with public key;If information signature value passes through verifying, it is determined that discovery message is legal;If information signature It is worth unverified, it is determined that discovery message is illegal.
Specifically, monitoring UE carries out Hash operation to neighbouring code when the message content for finding that message carries is neighbouring code The first cryptographic Hash is obtained, and the second Hash is calculated to the information signature value in discovery message using the public key in digital certificate Value shows to find that message is complete, not destroyed, it is found that message is closed if the first cryptographic Hash is identical as the second cryptographic Hash Otherwise method shows to find that message is imperfect, discovery message is illegal.
It was found that the incomplete reason of message may be that information signature value is not from the UE for broadcasting the discovery message, or hair Existing message is destroyed by invader, or the lost part information in transmission process.
Optionally, on the basis of embodiment shown in Fig. 3, the verification method of adjacent service communication in the embodiment of the present invention In another embodiment, above-mentioned discovery message further includes timestamp, and above-mentioned first discovery response message further includes adjacent service function The temporal information of entity and allow shift durations, above-mentioned monitoring UE receive discovery message before include: above-mentioned monitoring UE by first It was found that the temporal information of the PF entity in response message is set as the temporal information of local clock;Above-mentioned monitoring UE is from local clock Third temporal information is obtained, obtains the 4th temporal information from time source;When above-mentioned monitoring UE judges the 4th temporal information and third Between time difference of information whether be more than permission shift durations, if being no more than allows shift durations, it is determined that above-mentioned 4th time letter It is legal to cease, then executes the step of monitoring UE determines the legitimacy of discovery message according to public key.
Specifically, above-mentioned third temporal information refers to from value at the time of local clock acquisition, this moment value and PF entity On the network moment it is consistent, since the 4th temporal information that obtains from time source of monitoring UE does not have safeguard protection, it may be possible to one The modified temporal information of rogue attacks person, it is therefore desirable to a permission shift durations are set, judge the 4th temporal information and the Whether the time difference of three temporal informations is more than permission shift durations, if being no more than allows shift durations, shows that the 4th time believed Cease it is credible, if be more than allow shift durations, show that the 4th temporal information is insincere, be not carried out monitoring UE according to public key determine It was found that the step of legitimacy of message.
Time source can pass through SIB16, network identity and time zone (Network Identity and Time by UE Zone, NITZ), Network Time Protocol (Network Time Protocol, NTP) or global positioning system (Global Positioning System, GPS) etc. modes obtain, can also for other methods obtain, be not construed as limiting herein.
Optionally, on the basis of the alternative embodiment of embodiment shown in Fig. 3, adjacent service is communicated in the embodiment of the present invention Verification method another embodiment in, above-mentioned monitoring UE receive discovery message after include:
Above-mentioned monitoring UE generates the 5th temporal information according to above-mentioned timestamp and the 4th temporal information;Above-mentioned monitoring UE benefit The discovery message for carrying the 5th temporal information is verified with the public key in the digital certificate of broadcast UE.
Specifically, first time information is at the time of timestamp can be used for that broadcast UE is marked to sign neighbouring code At the time of broadcast UE signs to neighbouring code, broadcast UE can generate timestamp according to first time information, and monitoring UE is obtained After timestamp, the 5th temporal information can be generated according to timestamp and the 4th temporal information, the 5th temporal information should be with the One temporal information is identical, if it is different, show to find that message is wrong, it may be no longer valid, or be tampered.
It should be noted that the timestamp only includes the partial information of a time, for example, when, point and second information, monitoring It needs to be recombinated using the 4th temporal information from time source after UE acquisition time stamp and can just become a full time, That is the 5th temporal information.
Optionally, on the basis of embodiment shown in Fig. 3, the verification method of adjacent service communication in the embodiment of the present invention In another embodiment, above-mentioned discovery message further includes first time information, and first time information is used to indicate information signature value The generation moment determines that the legitimacy of above-mentioned discovery message is accomplished by the following way then according to public key: above-mentioned monitoring UE utilizes number Public key and above-mentioned first time information in word certificate, determine the legitimacy of above-mentioned discovery message.
In the present embodiment, at the time of first time information is that broadcast UE signs to discovery message, monitoring UE receives adjacent After nearly code and first time information, Hash calculation is carried out to neighbouring code and first time information and obtains the first cryptographic Hash, and benefit Hash calculation is carried out to information signature value with the public key in digital certificate and obtains the second cryptographic Hash, if the first cryptographic Hash is breathed out with second Uncommon value is identical, then finds that message is legal, otherwise finds that message is illegal.
It should be noted that monitoring UE obtains first time information since first time information is a complete time After can directly to discovery message carry out signature verification without being recombinated to timestamp, reduce and test compared with prior art Step is demonstrate,proved, verifying speed is accelerated.When first time information includes, point and the second, further include year, the moon, at least one in day information It is a, it is not construed as limiting herein.
Optionally, on the basis of alternative embodiment shown in Fig. 3, the authentication of adjacent service communication in the embodiment of the present invention In another embodiment of method, above-mentioned first discovery response message further includes allowing shift durations, and monitoring UE receives above-mentioned first PF Including: above-mentioned monitoring UE after first discovery response message of Entity feedback obtains the second temporal information according to local clock, on At the time of the second temporal information is stated to monitor UE reception above-mentioned discovery message;Above-mentioned monitoring UE judge above-mentioned first time information with Whether the time difference of above-mentioned second temporal information is more than permission shift durations, if being no more than allows shift durations, executes monitoring UE determines the step of legitimacy of discovery message according to public key and first time information.
In the present embodiment, if the time difference of first time information and the second temporal information, which is no more than, allows shift durations, Show that above-mentioned first time information is legal, if the time difference of first time information and the second temporal information is more than when allowing to deviate It is long, then show that above-mentioned first time information is illegal.It should be noted that local clock is wrapped according to the first discovery response message The network moment of the adjacent communication contained is calibrated, therefore it is credible for monitoring UE using the second temporal information that local clock obtains 's.
Optionally, on the basis of embodiment or alternative embodiment shown in Fig. 3, adjacent service is communicated in the embodiment of the present invention Verification method another embodiment in, in above-mentioned monitoring UE according to above-mentioned public key, determine above-mentioned discovery message legitimacy it Before, the above method further include: above-mentioned monitoring UE verifies the legitimacy of above-mentioned public key according to above-mentioned digital certificate.
In the present embodiment, monitoring UE can be according to digital certificate, the legitimacy of verification public key.In practical applications, it monitors UE according to digital certificate, can verification public key in several ways legitimacy, specifically see following embodiment.
Optionally, on the basis of the alternative embodiment of embodiment shown in Fig. 3, adjacent service is communicated in the embodiment of the present invention Verification method another embodiment in, monitor UE according to digital certificate, the legitimacy of verification public key can be in the following manner Realize: monitoring UE is judged by online certificate status protocol (Online Certificate Status Protocol, OCSP) Whether digital certificate has been revoked, if the digital certificate has been revoked, it is determined that the public key is illegal, if the number Certificate is not revoked, then verifies the legitimacy of the digital certificate, if the digital certificate is legal, it is determined that the public key closes Method.
Specifically, monitoring UE sends the STATUS ENQUIRY message of digital certificate, OCSP server testing number to OCSP server After the state of word certificate, certificate status is back to monitoring UE, certificate status includes: effectively, to have cancelled, unknown.If certificate State be it is effective, show that the digital certificate is in validity period, if certificate status is to have cancelled or unknown, the digital certificate is illegal, Monitoring UE can determine that the public key is illegal.
When determining that digital certificate is in validity period, whether monitoring UE can detecte the digital certificate legal, i.e. number card Whether book comes from broadcast UE, since the terminal iidentification in digital certificate has uniqueness, broadcasts UE when determining that digital certificate comes from When, digital certificate be it is legal, monitoring UE can determine that the public key is legal, otherwise digital certificate is illegal, monitoring UE can determine The public key is illegal.It should be noted that in practical applications, check deterministic process that whether digital certificate has been revoked with Check that the whether legal deterministic process of digital certificate, two deterministic processes are not necessarily performed simultaneously, it is also possible to only execute wherein One process, is not construed as limiting herein.
Optionally, on the basis of the alternative embodiment of embodiment shown in Fig. 3, adjacent service is communicated in the embodiment of the present invention Verification method another embodiment in, first discovery response message further include certificate revocation list (Certificate Revocation List, CRL), UE is monitored according to digital certificate, the legitimacy of verification public key is accomplished by the following way: monitoring UE judges whether digital certificate has been revoked according to above-mentioned CRL, if so, determining that public key is illegal, if it is not, then verifying digital card The legitimacy of book, if digital certificate is legal, it is determined that public key is legal.
It, can be from CRL be wherein obtained, if number card after monitoring UE receives the first discovery response message in the present embodiment Book then shows that digital certificate has been revoked in CRL, which exceeds validity period, and the public key in the digital certificate is not It is legal, if digital certificate not in CRL, shows that digital certificate is not revoked, determine that the digital certificate is in validity period.It can be with Understand, monitoring UE directly can also obtain CRL from certificate server, can also obtain by other means from certificate server CRL is taken, is not construed as limiting herein.
When determining that digital certificate is in validity period, whether monitoring UE can detecte the digital certificate legal, i.e. number card Whether book comes from broadcast UE, since the terminal iidentification in digital certificate has uniqueness, broadcasts UE when determining that digital certificate comes from When, digital certificate be it is legal, can determine that the public key in digital certificate is legal, conversely, digital certificate is illegal, can determine public key It is illegal.
It should be noted that in practical applications, the deterministic process and check number whether digital certificate has been revoked checked The whether legal deterministic process of word certificate, two deterministic processes are not necessarily performed simultaneously, it is also possible to only execute one of mistake Journey is not construed as limiting herein.
Referring to Fig. 4, another embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
401, broadcast UE sends the second discovery request of the digital certificate for carrying broadcast UE to the 2nd PF entity;
In the present embodiment, the 2nd PF entity is the adjacent service functional entity for broadcasting the belonging area network of UE, for being wide It broadcasting UE and adjacent service is provided, broadcast UE sends the second discovery request of the digital certificate for carrying broadcast UE to the 2nd PF entity, Second discovery request detects neighbouring D2D equipment for broadcasting UE, after the 2nd PF entity receives the second discovery request, according to second It was found that request generates the second discovery response message.
402, broadcast UE receives the second discovery response message of the 2nd PF Entity feedback, and the second discovery response message carries Neighbouring code;
403, broadcast UE carries out signature to neighbouring code using the private key of broadcast UE and generates information signature value;
After broadcasting UE reception the second discovery response message, available neighbouring code, using the private key of broadcast UE to neighbouring Code carries out signature calculation and generates information signature value.
404, broadcast UE sends discovery message to monitoring UE, and discovery message carries information signature value and neighbouring code.
Wherein, the neighbouring code that discovery message carries and the neighbouring code carried in the second discovery response message are identical, broadcast UE Send discovery message to monitoring UE, discovery message carries information signature value and neighbouring code, monitoring UE can to discovery message into Row verifying.
Optionally, on the basis of the embodiment shown in fig. 4, the verification method that adjacent service communicates in the embodiment of the present invention In another embodiment, above-mentioned discovery message includes first time information, and above-mentioned first time information is used to indicate information signature value The generation moment.
In the present embodiment, broadcast UE sends discovery message to monitoring UE, and above-mentioned discovery message carries information signature value, neighbour Nearly code and first time information.First time information is a complete time, may include year, the moon, the information of day, Ke Yili Solution, in practical applications, first time information can specifically include one or more of them information, be not construed as limiting herein.
Referring to Fig. 5, another embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
501, the 2nd PF entity receives the first PF entity and sends monitoring request, and monitoring request carries the neighbouring of broadcast UE and answers With mark;
In the present embodiment, the first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE, for being prison It surveys UE and adjacent service is provided, the 2nd PF entity is the adjacent service functional entity for broadcasting the belonging area network of UE, for being broadcast UE provides adjacent service, when the first discovery request that the first PF entity is sent in response to monitoring UE, sends and supervises to the 2nd PF entity Request is surveyed, monitoring request is identical as the first discovery request that monitoring UE is sent, and the 2nd PF entity receives what the first PF entity was sent Monitoring request, monitoring request carry the proximity application mark of broadcast UE.What proximity application mark was provided for identifying broadcast UE Application program can also be other applications, be not construed as limiting herein for example, online store A or network service B.
502, the 2nd PF entity determines the neighbouring code of broadcast UE according to the proximity application mark of broadcast UE and broadcasts the number of UE Word certificate;
Wherein, in the 2nd PF entity, there are corresponding relationship, the 2nd PF with digital certificate and adjacent to code for proximity application mark Entity can determine with the digital certificate of broadcast UE and broadcast the neighbouring code of UE according to the proximity application mark of broadcast UE.
503, the 2nd PF entity sends the neighbouring code for carrying broadcast UE and the digital certificate for broadcasting UE to the first PF entity Monitoring response message.
After 2nd PF entity obtains neighbouring code and digital certificate, it can be sent to the first PF entity and carry broadcast UE's The monitoring response message of the neighbouring code of digital certificate and broadcast UE, the first PF entity can receive the digital certificate and neighbouring code.
Optionally, on the basis of embodiment shown in Fig. 5, the verification method of adjacent service communication in the embodiment of the present invention In another embodiment, it includes: that the reception of the 2nd PF entity is wide that the 2nd PF entity receives the monitoring request that the first PF entity is sent before The second discovery request of UE transmission is broadcast, the second discovery request carries the digital certificate of broadcast UE;2nd PF entity to broadcast UE The second discovery response message is sent, the second discovery response message carries the neighbouring code of broadcast UE;2nd PF entity will broadcast UE Proximity application mark, broadcast UE neighbouring code and broadcast UE digital certificate bound.
In the present embodiment, the neighbouring code and proximity application mark, the 2nd PF that broadcast UE is stored in the 2nd PF receive wide After broadcasting the digital certificate of UE, proximity application mark, the neighbouring code of broadcast UE and the number of broadcast UE of UE can will will be broadcasted Certificate is bound.It should be noted that the 2nd PF can also will be stored in the other information and number of the broadcast UE of the 2nd PF Certificate is bound, and if adjacent user identifies, is not construed as limiting herein.
Optionally, on the basis of embodiment shown in Fig. 5, the verification method of adjacent service communication in the embodiment of the present invention In another embodiment, it includes: the 2nd PF entity according to CRL that the 2nd PF entity, which receives after the second discovery that broadcast UE is sent is requested, Judge whether digital certificate has been revoked, if digital certificate has been revoked, it is determined that public key is illegal, if digital certificate not by Revocation, then verify the legitimacy of digital certificate, if digital certificate is legal, determine that public key is legal.
In the present embodiment, the 2nd PF entity judges the process whether digital certificate has been revoked according to CRL, with monitoring UE root The process for judging whether digital certificate has been revoked according to CRL is similar, the process of the legitimacy of the 2nd PF object authentication digital certificate, Similar with the monitoring UE verifying process of legitimacy of digital certificate, details are not described herein again.
Optionally, on the basis of embodiment or alternative embodiment shown in Fig. 5, adjacent service is communicated in the embodiment of the present invention Verification method another embodiment in, the 2nd PF entity receive broadcast UE send second discovery request after include: second PF entity judges whether digital certificate has been revoked by OCSP, if so, determining that digital certificate is unverified, if it is not, then Check whether digital certificate is legal, if so, determining that digital certificate passes through verifying, if not, it is determined that digital certificate is unverified.
In the present embodiment, the 2nd PF entity judges the process and monitoring UE root whether digital certificate has been revoked according to OCSP The process for judging whether digital certificate has been revoked according to OCSP is similar, the process of the legitimacy of the 2nd PF object authentication digital certificate Similar with the monitoring UE verifying process of legitimacy of digital certificate, details are not described herein again.
Referring to Fig. 6, another embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
601, the first PF entity receives the first discovery request that monitoring UE is sent, and the first discovery request carries broadcast UE's Proximity application mark;
In the present embodiment, the first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE, for being prison It surveys UE and adjacent service is provided, the first discovery request carries the proximity application mark of broadcast UE, and the first PF entity receives monitoring UE The the first discovery request sent.
602, the first PF entity sends monitoring request to the 2nd PF entity, and monitoring request carries above-mentioned proximity application mark Know;
Wherein, after the first PF entity receives the first discovery request, monitoring request, prison are generated in response to the first discovery request It is identical as the first discovery request to survey request, sends monitoring request to the 2nd PF entity.
603, the first PF entity receives the monitoring response message of the 2nd PF Entity feedback, and monitoring response message carries broadcast The neighbouring code of UE and the digital certificate of broadcast UE, above-mentioned digital certificate includes public key;
When the 2nd PF entity is requested in response to monitoring, according to the digital certificate and broadcast UE for monitoring request broadcast UE When sending adjacent to code and to the first PF entity, the first PF entity receives the monitoring response message of the 2nd PF Entity feedback.
604, the first PF entity sends the first discovery response message to monitoring UE, and the first discovery response message carries broadcast The digital certificate of UE and the neighbouring code for broadcasting UE.
After first PF entity receives monitoring response message, the first discovery response message, the first discovery are sent to monitoring UE Response message carries the digital certificate of broadcast UE and broadcasts the neighbouring code of UE, and monitoring UE can be according to the public key in digital certificate Information signature value in discovery message is verified.
Optionally, on the basis of embodiment shown in Fig. 6, the verification method of adjacent service communication in the embodiment of the present invention In another embodiment, the first discovery response message further includes CRL.
In the present embodiment, the first PF entity can send CRL to monitoring UE, and monitoring UE can broadcast UE according to crl checking Digital certificate whether be revoked.
Optionally, on the basis of embodiment or alternative embodiment shown in Fig. 6, adjacent service is communicated in the embodiment of the present invention Verification method another embodiment in, the first PF entity receive the 2nd PF Entity feedback monitoring response message after include: First PF entity judges whether digital certificate has been revoked according to CRL, if digital certificate has been revoked, it is determined that public key does not conform to Method verifies the legitimacy of digital certificate if digital certificate is not revoked, if digital certificate is legal, determines that public key is legal.
In the present embodiment, the first PF entity can obtain CRL from CRL server, and whether verify digital certificate using CRL It is revoked.First PF entity verifies the process whether digital certificate is revoked, the optional implementation of embodiment illustrated in fig. 3 by CRL The process that whether monitoring UE is revoked by CRL verifying digital certificate in example is similar, the conjunction of the first PF object authentication digital certificate The process of method, it is similar to the UE verifying process of legitimacy of digital certificate is monitored in the alternative embodiment of embodiment illustrated in fig. 3, Details are not described herein again.
Optionally, on the basis of embodiment or alternative embodiment shown in Fig. 6, adjacent service is communicated in the embodiment of the present invention Verification method another embodiment in, the first PF entity judges whether digital certificate has been revoked by OCSP, if so, really It is unverified to determine digital certificate, if it is not, then check whether digital certificate is legal, if so, determine that digital certificate passes through verifying, if It is no, it is determined that digital certificate is unverified.
In the present embodiment, the first PF entity verifies the process whether digital certificate is revoked by OCSP, implements shown in Fig. 3 The process that whether monitoring UE is revoked by OCSP verifying digital certificate in the alternative embodiment of example is similar, the first PF object authentication The legal of UE verifying digital certificate is monitored in the process of the legitimacy of digital certificate, with the alternative embodiment of embodiment illustrated in fig. 3 The process of property is similar, and details are not described herein again.
For ease of understanding, verification method adjacent service in the embodiment of the present invention communicated with a concrete application scene below It is illustrated:
In the concrete application scene of the embodiment of the present invention, broadcast UE is mobile phone 1, and monitoring UE is mobile phone 2, mobile phone 1 and hand Machine 2 is near, and PF2 is that mobile phone 1 provides adjacent service, and PF1 is that mobile phone 2 provides adjacent service, and discovery message is Message, neighbouring code are AB12, and the proximity application of mobile phone 1 is identified as APP1, and information signature value is signature1, number card Book is C1, and the first discovery request is Request1, and the second discovery request is Request2, and the first discovery response message is Response1, the second discovery response message is Response2, and private key Key1, public key Key2, Key1 is corresponding with Key2, C1 Include Key2;
Mobile phone 1 sends Request1 to PF2, and Request1 carries C1;
PF2 obtains App1 according to Request1, and C1, AB12 and APP1 are bound, and PF2 sends AB12 to mobile phone 1;
Mobile phone 1 receives Response2, carries out signature to AB12 according to Key1 and generates signature1;
Mobile phone 1 broadcasts Message, and Message carries signature1 and AB12;
Mobile phone 2 sends Request1 to PF1, and PF1 sends the monitoring request for carrying App1 to PF2, and PF2 is obtained according to App1 C1 and AB12, is sent to PF1;PF1 sends C1 and AB12 to mobile phone 2;
Mobile phone 2 monitors Message;If the neighbouring code that Message is carried is AB12, mobile phone 2 is according to Key2 pairs in C1 Signature1 carries out signature verification, if signature1 is by verifying, Message is by verifying, if signature1 is not By verifying, then Message is unverified.
Assuming that invader is mobile phone 3, if invader has intercepted and captured Message, attempt through modification Message come attacker Machine 2, the signature value that modified Message is carried will change, it is assumed that the information signature value after change is signature2, hand Machine 2 receives modified Message, and mobile phone 2 carries out signature verification to signature2 according to the Key2 in C1, due to Signature2 is different from signature1, therefore modified Message can not pass through verifying.
Optionally, mobile phone 2 can also obtain T2, and T2 is at the time of receiving Message, when obtaining offset from the first PF entity Between, it obtains from mobile phone 1 to the signature moment T1 of Message, judges whether the time difference of T1 and T2 is more than permission shift durations, If being no more than, the step of mobile phone 2 carries out signature verification to signature1 is triggered, if it is not, then Message is unverified.
Optionally, the 2nd PF entity can also check whether C1 has been revoked by CRL or OCSP, if C1 has been revoked, Then determine that whether legal Key2 is illegal, if C1 is not cancelled, verify C1, if C1 is legal, Key2 is legal, if C1 is illegal, Key2 is illegal.
The embodiment of the invention provides another methods for improving verifying process, referring to Fig. 7, verifying shown in Fig. 7 In process,
It broadcasts UE and sends the second discovery request to the 2nd PF entity, neighbouring code is returned to broadcast UE by the 2nd PF entity, extensively It broadcasts UE and signature generation information signature value is carried out to neighbouring code using private key, and broadcast and carry the information signature value, broadcast UE's The discovery message of neighbouring code and the digital certificate for broadcasting UE;
It monitors UE and sends the first discovery request to the first PF entity, the first discovery request carries the proximity application of broadcast UE Mark, the first PF entity send monitoring request to the 2nd PF entity, and neighbouring code is returned to the first PF entity by the 2nd PF entity, the The neighbouring code for broadcasting UE is returned to monitoring UE by one PF entity;
If the neighbouring code for broadcasting UE is identical as the neighbouring code that discovery message carries, UE is monitored according to the public affairs in digital certificate Key determines the legitimacy of discovery message.
In verifying process shown in Fig. 7, target digital certificate digital certificate directly can be sent to monitoring by broadcast UE UE, monitoring UE verify discovery message according to the public key in target digital certificate digital certificate, without real to the first PF Body sends discovery message, therefore reduces validation process steps, accelerates verifying speed, and has saved the signaling overheads of verifying.
In practical applications, broadcast UE and monitoring UE can send digital certificate without the PF entity of network side, specifically Referring to Fig. 8, another embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
801, monitoring UE sends the first discovery request to the first PF entity, and the first discovery request carries the neighbouring of broadcast UE Application identities;
In the present embodiment, the first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE, step 801, Similar to step 301 in embodiment illustrated in fig. 3, details are not described herein again.
802, monitoring UE receives the first discovery response message of the first PF Entity feedback, and the first discovery response message carries Broadcast the neighbouring code of UE;
803, monitoring UE receives discovery message, and discovery message carries information signature value, neighbouring code and the number for broadcasting UE Word certificate, digital certificate include public key;
In the present embodiment, monitoring UE can receive discovery message, discovery message carry information signature value, neighbouring code and The digital certificate of UE is broadcasted, digital certificate includes public key.
If the neighbouring code that 804, discovery message carries is identical as the broadcast neighbouring code of UE, UE is monitored according to public key, is determined It was found that the legitimacy of message.
Step 804 is similar to step 304 in embodiment illustrated in fig. 3, and details are not described herein again.
In the present embodiment, digital certificate is transmitted directly to monitoring UE by broadcasting UE, and broadcast UE can use the private of broadcast UE Key carries out signature to neighbouring code and generates information signature value, monitoring UE can use the public key in digital certificate to information signature value into Row signature verification.
Referring to Fig. 9, another embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
901, broadcast UE sends the second discovery request to the 2nd PF entity;
When broadcasting UE needs discovery D2D equipment nearby, the second discovery is sent to the 2nd PF entity and is requested, the 2nd PF entity For broadcast UE belonging area network adjacent service functional entity, for for broadcast UE adjacent service is provided.
It should be noted that being not necessarily to before the deadline after thering is a validity period, broadcast UE to obtain neighbouring code due to neighbouring code Discovery request is sent to the 2nd PF entity, specifically sees the prior art, details are not described herein again.
902, broadcast UE receives the second discovery response message of the 2nd PF Entity feedback, and the second discovery response message carries Neighbouring code;
903, broadcast UE carries out signature to neighbouring code according to private key and generates information signature value;
Step 902 is similar to step 403 to step 402 in embodiment illustrated in fig. 4 to step 903, and details are not described herein again.
904, broadcast UE sends discovery message to monitoring UE, and discovery message carries information signature value, neighbouring code and wide Broadcast the digital certificate of UE.
It broadcasts UE to obtain after code, sends discovery message to monitoring UE, discovery message carries information signature value, neighbour Nearly code and the digital certificate for broadcasting UE, monitor the public key in the available digital certificate of UE, and using public key to information signature Value carries out signature verification.
For ease of understanding, verification method adjacent service in the embodiment of the present invention communicated with a concrete application scene below It is illustrated:
In the concrete application scene of the embodiment of the present invention, broadcast UE is mobile phone 1, and monitoring UE is mobile phone 2, mobile phone 1 and hand Machine 2 is near, and PF2 is that mobile phone 1 provides adjacent service, and PF1 is that mobile phone 2 provides adjacent service, and discovery message is Message, neighbouring code are AB12, and proximity application is identified as App1, and the information signature value that mobile phone 1 is sent is signature1, number Word certificate is C1, and the first discovery request is Request1, and the second discovery request is Request2, and the first discovery response message is Response1, the second discovery response message is Response2, and private key key1, public key Key2, Key1 is corresponding with Key2, C1 Include Key2;
Mobile phone 1 sends Request2 to PF2;
PF2 sends Response2 to mobile phone 1 according to Request2, and above-mentioned Response2 carries AB12;
Mobile phone 1 receives Response2;
Mobile phone 1 carries out signature to AB12 using Key1 and generates signature1;
Mobile phone 1 broadcasts Message, and Message carries signature1, AB12 and C1;
Mobile phone 2 monitors Message2;
If the neighbouring code that Message is carried is AB12, mobile phone 2 signs to signature1 according to the Key2 in C1 Verifying, if signature1 is proved to be successful, Message is by verifying, if signature1 verifies unsuccessful, Message It is unverified.
Assuming that invader is mobile phone 3, if invader has intercepted and captured Message, attempt through modification Message come attacker Machine 2, the signature value that modified Message is carried will change, it is assumed that the information signature value after change is signature2, hand Machine 2 receives modified Message, and mobile phone 2 carries out signature verification to signature2 according to the Key2 in C1, due to Signature2 is different from signature1, therefore modified Message can not pass through verifying.
The embodiment of the invention provides the methods of another verifying process for improving the prior art, referring to Fig. 10, scheming In verifying process shown in 10,
It broadcasts UE and digital certificate is sent to the 2nd PF entity;2nd PF entity will broadcast neighbouring code, the proximity application of UE Mark and digital certificate are bound;It monitors UE and sends the first discovery request to the first PF entity, the first PF entity is to the 2nd PF Entity sends the monitoring request for carrying proximity application mark, and the 2nd PF entity will carry digital certificate and neighbouring code returns to Neighbouring code is returned to monitoring UE by the first PF entity, the first PF entity, and monitoring UE searches discovery message according to neighbouring code, and will hair Existing message is sent to the first PF entity, and the first PF entity determines the legitimacy of discovery message according to the public key in digital certificate.
In verifying process shown in Fig. 10, the monitoring that the 2nd PF entity can be sent according to the first PF entity is requested, by mesh Mark digital certificate digital certificate is sent to the first PF entity can after the first PF entity receives the discovery message that monitoring UE is sent To be verified according to the public key in digital certificate to discovery message, without sending discovery message to the 2nd PF entity, therefore Reduce validation process steps, accelerate verifying speed, and saves the signaling overheads of verifying.
In practical applications, after obtaining digital certificate by the first PF entity, discovery message can be verified, is specifically asked Refering to fig. 11, another embodiment of the verification method of adjacent service communication includes: in the embodiment of the present invention
1101, monitoring UE sends the first discovery request to the first PF entity, and the first discovery request carries the neighbour of broadcast UE Nearly application identities;
Wherein, the first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE.
1102, monitoring UE receives the first discovery response message of the first PF Entity feedback, and the first discovery response message carries There is the neighbouring code of broadcast UE;
1103, monitoring UE receives discovery message, and discovery message carries information signature value and neighbouring code;
If the neighbouring code that 1104, discovery message carries is identical as the broadcast neighbouring code of UE, UE is monitored to the first PF entity Discovery message is sent, so that legitimacy of the first PF entity according to the public key verifications discovery message in digital certificate.
It should be noted that step 1101 to step 1102 obtains the process of neighbouring code, discovery is obtained with step 1103 and is disappeared The process of breath, above-mentioned two process are independent processes, and the sequencing that do not fix is not construed as limiting herein.
Step 1101 is similar to the monitoring implementation process of UE in verifying discovery message in the prior art to step 1104, herein It repeats no more.
Figure 12 is please referred to, another embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
1201, broadcast UE sends the second discovery request for carrying digital certificate to the 2nd PF entity;
1202, broadcast UE receives the second discovery response message of the 2nd PF Entity feedback, and the second discovery response message carries There is neighbouring code;
1203, broadcast UE carries out signature to neighbouring code using private key and generates information signature value;
1204, broadcast UE sends discovery message to monitoring UE, and discovery message carries information signature value and neighbouring code.
Step 1201 is similar to step 404 to step 401 to step 1204, and details are not described herein again.
Figure 13 is please referred to, another embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
1301, the 2nd PF entity receives the monitoring request for carrying proximity application mark that the first PF entity is sent;
1302, the 2nd PF entity identifies the neighbouring code for determining broadcast UE and the digital certificate for broadcasting UE according to proximity application;
1303, the monitoring that the 2nd PF entity sends the neighbouring code for carrying digital certificate and broadcasting UE to the first PF entity is rung Answer message.
Step 1301 is similar to step 503 to step 501 to step 1303, and details are not described herein again.
Figure 14 is please referred to, another embodiment for the verification method that adjacent service communicates in the embodiment of the present invention includes:
1401, the first PF entity receives the first discovery request that monitoring UE is sent, and the first discovery request carries broadcast UE Proximity application mark;
1402, the first PF entity sends monitoring request to the 2nd PF entity, and monitoring request carries above-mentioned proximity application mark Know;
1403, the first PF entity receives the prison of the neighbouring code for carrying digital certificate and broadcasting UE of the 2nd PF Entity feedback Survey response message;
Step 1401 is similar to step 603 to step 601 in embodiment illustrated in fig. 6 to step 1403, and details are not described herein again.
1404, the first PF entity sends the first discovery response message to monitoring UE, and the first discovery response message carries extensively Broadcast the neighbouring code of UE;
UE is monitored after the neighbouring code that the first PF entity obtains broadcast UE, it is suitable to match by broadcasting the neighbouring code of UE Discovery message, that is, check that the neighbouring code of broadcast UE is completed to match with whether identical from finding in message the neighbouring code that obtains, If the neighbouring code for broadcasting UE is identical as the neighbouring code that discovery message carries, it is determined that find message from broadcast UE, then to First PF entity sends the discovery message.
1405, the first PF entity receives the discovery message that monitoring UE is sent;
1406, the first PF entity determines the legitimacy of discovery message according to the public key in digital certificate.
Optionally, on the basis of embodiment illustrated in fig. 14, the verification method of adjacent service communication in the embodiment of the present invention Another embodiment in, the first PF entity determines that the legitimacy of discovery message passes through with lower section according to the public key in digital certificate Formula is realized: the first PF entity verifies information signature value according to the public key in digital certificate, if information signature value is by testing Card, then the first PF entity determines that discovery message is legal, if information signature value is unverified, the first PF entity determines that discovery disappears Breath is illegal.
Specifically, carrying out Hash calculation after the first PF entity receives discovery message to the neighbouring code in discovery message and obtaining To the first cryptographic Hash, and signature calculation is carried out to information signature value according to the public key in digital certificate and obtains the second cryptographic Hash, if First cryptographic Hash is identical as the second cryptographic Hash, it is determined that discovery message is legal, otherwise finds that message is illegal.It is understood that First PF entity after the legitimacy for determining discovery message, can be transmitted verification result to according to the public key in digital certificate Monitor UE.
In the present embodiment, the first PF entity can obtain digital certificate from the 2nd PF entity, and using digital certificate to hair Existing message is verified, and is no longer needed to will be seen that message is sent to the 2nd PF entity, is verified by the 2nd PF entity, simplify neighbour The verification process closely communicated, has saved signaling overheads, accelerates verifying speed.
For ease of understanding, verification method adjacent service in the embodiment of the present invention communicated with a concrete application scene below It is illustrated:
In the concrete application scene of the embodiment of the present invention, broadcast UE is mobile phone 1, and monitoring UE is mobile phone 2, mobile phone 1 and hand Machine 2 is near, and PF2 is that mobile phone 1 provides adjacent service, and PF1 is that mobile phone 2 provides adjacent service, and discovery message is Message, neighbouring code are AB12, and proximity application is identified as APP1, and information signature value is signature1, digital certificate C1, First discovery request is Request1, and the second discovery request is Request2, and the first discovery response message is Response1, the Two discovery response messages are Response2, and private key Key1, public key Key2, Key1 is corresponding with Key2, and C1 includes Key2;
Mobile phone 1 sends Request1 to PF2, and Request1 carries C1 and App1;
PF2 obtains App1 according to Request1, and C1 and App1 are bound, and PF2 sends Response2 to mobile phone 1, Response2 includes AB12;
Mobile phone 1 receives Response2, carries out signature to AB12 according to Key1 and generates signature1;
Mobile phone 1 broadcasts Message, and Message carries signature1 and AB12;
Mobile phone 2 sends Request1 to PF1, and PF1 sends the monitoring request for carrying App1 to PF2, and PF2 is obtained according to App1 It takes C1 and is sent to PF1;
PF1 sends AB12 to mobile phone 2, and the monitoring broadcast of mobile phone 2 obtains Message;
When the neighbouring code in Message is AB12, Message is sent the first PF entity, the first PF entity by mobile phone 2 Signature verification is carried out to Message according to the Key2 in C1, if being proved to be successful, Message is closed by verifying, discovery message Method., if it is different, then Message is unverified, discovery message is illegal;
Assuming that invader is mobile phone 3, if invader has intercepted and captured Message, attempt through modification Message come attacker Machine 2, the signature value that modified Message is carried will change, it is assumed that the information signature value after change is signature2, hand Machine 2 receives modified Message, and mobile phone 2 carries out signature verification to signature2 according to the Key2 in C1, due to Signature2 is different from signature1, therefore modified Message can not pass through verifying.
It is described above from verification method of the method angle to adjacent communication in the embodiment of the present invention, below from device The monitoring UE in the embodiment of the present invention is described in detail in angle:
Figure 15 is please referred to, one embodiment that UE is monitored in the embodiment of the present invention includes:
Sending module 1501, for sending the first discovery request to the first PF entity, the first discovery request is carried The proximity application mark of UE is broadcasted, the first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Receiving module 1502, for receiving the first discovery response message of the first PF Entity feedback, the first discovery response disappears Breath carries the neighbouring code of the indicated broadcast UE of the proximity application mark;
Receiving module 1502, is also used to receive discovery message, and discovery message carries information signature value and neighbouring code;Its In, the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, alternatively, described first It was found that response message carries the digital certificate of the broadcast UE;
Authentication module 1503, for being verified using the public key in digital certificate to information signature value.
In the present embodiment, monitoring UE sends the first discovery request to the first PF entity, and the first PF entity is to monitor returning for UE The adjacent service functional entity of possession network receives the first discovery response message of the first PF Entity feedback, the first discovery response Message carries the neighbouring code of broadcast UE, receives discovery message, and discovery message carries information signature value and neighbouring code, obtains wide The digital certificate of UE is broadcast, digital certificate includes public key, the legitimacy of discovery message is determined using public key, monitoring UE is without will be seen that Message is forwarded to the 2nd PF entity through the first PF entity and is verified, and obtains verification result without from the first PF entity, therefore Signaling overheads can be reduced, verifying speed is accelerated.
Optionally, in some embodiments of the invention, authentication module 1503 is specifically used for using public key to information signature Value is verified, if information signature value passes through verifying, it is determined that and discovery message is legal, if information signature value is unverified, Determine that discovery message is illegal.
Optionally, in some embodiments of the invention, authentication module 1503 is specifically used for when discovery message further including the When one temporal information, the legitimacy of discovery message is determined according to public key and first time information.
Optionally, in some embodiments of the invention, the UE further include:
Module 1504 is obtained, is also used to obtain the second temporal information according to local clock, the second temporal information is used to indicate At the time of monitoring UE reception discovery message;
Authentication module 1503 is also used to when the first discovery response message further includes allowing shift durations, if at the first time The time difference of information and the second temporal information, which is no more than, allows shift durations, then executes monitoring UE and believe using public key and at the first time The step of breath verifies information signature value.
Optionally, in some embodiments of the invention, authentication module 1503 is also used in authentication module according to public key, really Surely before the legitimacy for finding message, according to digital certificate, the legitimacy of verification public key.
Optionally, in some embodiments of the invention, authentication module 1503 are also used to judge digital certificate by OCSP Whether it has been revoked, if digital certificate has been revoked, it is determined that public key is illegal, if digital certificate is not revoked, verifies The legitimacy of digital certificate, if digital certificate is legal, public key is legal.
Optionally, in some embodiments of the invention, authentication module 1503 are also used to find response message also when first When including CRL, judge whether digital certificate has been revoked according to CRL, if digital certificate has been revoked, it is determined that public key does not conform to Method verifies the legitimacy of digital certificate if digital certificate is not revoked, if digital certificate is legal, public key is legal.
The specific work process of each module can be refering to Fig. 3 or Fig. 8 in the embodiment or alternative embodiment of UE shown in Figure 15 The embodiment or alternative embodiment of the verification method of shown adjacent service realizes that details are not described herein again.
Figure 16 is please referred to, one embodiment that UE is broadcasted in the embodiment of the present invention includes:
Sending module 1601, for sending the second discovery request for carrying digital certificate, the 2nd PF to the 2nd PF entity Entity is the adjacent service functional entity for broadcasting the belonging area network of UE;
Receiving module 1602, for receiving the second discovery response message of the 2nd PF Entity feedback, the second discovery response disappears Breath carries neighbouring code;
Generation module 1603 carries out signature to neighbouring code for the private key according to broadcast UE and generates information signature value;
Sending module 1601, for sending discovery message to monitoring UE, discovery message carries information signature value and neighbouring Code.
The specific work process of each module can be refering to shown in Fig. 4 in the embodiment or alternative embodiment of UE in the present embodiment The embodiment or alternative embodiment of the verification method of adjacent service realizes that details are not described herein again.
Optionally, in some embodiments of the invention, discovery message further includes first time information, first time information It is used to indicate the generation moment of the information signature value;
The generation module 1603 be specifically used for according to it is described broadcast UE private key, to the neighbouring code and it is described first when Between information carry out signature generate information signature value.
Figure 16 is please referred to, another embodiment that UE is broadcasted in the embodiment of the present invention includes:
Sending module 1601, for sending the second discovery request to the 2nd PF entity, the 2nd PF entity is to broadcast returning for UE The adjacent service functional entity of possession network;
Receiving module 1602, for receiving the second discovery response message of the 2nd PF Entity feedback, the second discovery response disappears Breath carries neighbouring code;
Generation module 1603 carries out signature to neighbouring code and generates information signature value for the private key according to broadcast UE;
Sending module 1601 is also used to send discovery message to monitoring UE, and discovery message carries information signature value, neighbouring The digital certificate of code and broadcast UE, digital certificate include public key corresponding with private key.
Optionally, in some embodiments of the invention, discovery message also carries first time information, believes at the first time Breath is used to indicate the generation moment of the information signature value;
The generation module 1603 be specifically used for according to it is described broadcast UE private key, to the neighbouring code and it is described first when Between information carry out signature generate information signature value.
The specific work process of each module can be refering to shown in Fig. 9 in the embodiment or alternative embodiment of UE in the present embodiment The embodiment or alternative embodiment of the verification method of adjacent service realizes that details are not described herein again.
Figure 17 is please referred to, one embodiment of the 2nd PF entity includes: in the embodiment of the present invention
Receiving module 1701, for receiving the monitoring request of the first PF entity transmission, monitoring request carries proximity application Mark, monitoring request are that the first PF entity is requested according to the first discovery that monitoring UE is sent;
Determining module 1702 determines that the number of the neighbouring code and broadcast UE of broadcast UE is demonstrate,proved for identifying according to proximity application Book;
Sending module 1703 is also used to send the number of the neighbouring code for carrying broadcast UE and broadcast UE to the first PF entity The monitoring response message of certificate.
Optionally, in some embodiments of the invention, receiving module 1701 are also used to receive broadcast UE is sent second It was found that request, the second discovery request carries the digital certificate of broadcast UE;
Sending module 1703, is also used to send the second discovery response message to broadcast UE, and the second discovery response message carries There is the neighbouring code of broadcast UE;
2nd PF entity 1700 further include:
Binding module 1704 is also used to broadcast the number of the proximity application mark of UE, the neighbouring code of broadcast UE and broadcast UE Word certificate is bound.
The specific work process of each module can be refering to Fig. 5 institute in the embodiment or alternative embodiment of PF entity shown in Figure 17 Show embodiment or the alternative embodiment of the verification method of adjacent service to realize, details are not described herein again.
Figure 18 is please referred to, one embodiment of the first PF entity includes: in the embodiment of the present invention
Receiving module 1801, the first discovery request sent for receiving monitoring UE, the first PF entity is to monitor returning for UE The adjacent service functional entity of possession network;
Sending module 1802, for sending the monitoring request for carrying proximity application and identifying to the 2nd PF entity, monitoring is asked The proximity application mark for carrying broadcast UE is sought, so that the 2nd PF entity identifies the neighbouring code for obtaining broadcast UE according to proximity application With the digital certificate of broadcast UE;
Receiving module 1801, is also used to receive the monitoring response message of the 2nd PF Entity feedback, and monitoring response message carries There are the neighbouring code of broadcast UE and the digital certificate of broadcast UE, the digital certificate for broadcasting UE includes public key;
Sending module 1802, is also used to send the first discovery response message to monitoring UE, and the first discovery response message carries There are the neighbouring code of broadcast UE and the digital certificate of broadcast UE.
Optionally, in some embodiments of the invention, the first discovery response message further includes CRL.
Optionally, in some embodiments of the invention, the first PF entity further include:
First authentication module 1803 after the monitoring response message for receiving the 2nd PF Entity feedback, judges according to CRL Whether digital certificate has been revoked, if digital certificate has been revoked, it is determined that public key is illegal, if digital certificate is not removed Pin, then verify the legitimacy of digital certificate, if digital certificate is legal, determine that public key is legal.
Optionally, in some embodiments of the invention, the first PF entity further include:
Second authentication module 1804 after the monitoring response message for receiving the 2nd PF Entity feedback, is sentenced by OCSP Whether disconnected digital certificate has been revoked, if digital certificate has been revoked, it is determined that public key is illegal, if digital certificate is not removed Pin, then verify the legitimacy of digital certificate, if digital certificate is legal, determine that public key is legal.
The specific work process of each module can be refering to Fig. 6 institute in the embodiment or alternative embodiment of PF entity shown in Figure 18 Show embodiment or the alternative embodiment of the verification method of adjacent service to realize, details are not described herein again.
Figure 19 is please referred to, one embodiment that UE is monitored in the embodiment of the present invention includes:
Sending module 1901, for sending the first discovery request to the first PF entity, the first discovery request carries broadcast The proximity application of UE identifies, and the first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Receiving module 1902, for receiving the first discovery response message of the first PF Entity feedback, the first discovery response disappears Breath carries the neighbouring code of broadcast UE;
Receiving module 1902, is also used to receive discovery message, and discovery message carries information signature value and neighbouring code;
Sending module 1901, if being also used to find, the neighbouring code that message carries is identical as the neighbouring code of UE is broadcasted, to the One PF entity sends discovery message, so that the first PF entity determines the legal of discovery message according to the public key in digital certificate Property.
The specific work process of each module can be with refering to fig. 11 in the embodiment or alternative embodiment of monitoring UE shown in Figure 19 The embodiment or alternative embodiment of the verification method of shown adjacent service realizes that details are not described herein again.
Figure 20 is please referred to, one embodiment of the first PF entity includes: in the embodiment of the present invention
Receiving module 2001, the first discovery request sent for receiving monitoring UE, the first discovery carry broadcast UE's Proximity application mark;
Sending module 2002, for sending monitoring request to the 2nd PF entity, monitoring request carries above-mentioned proximity application Mark;
Receiving module 2001 is also used to receive the neighbouring code for carrying broadcast UE of the 2nd PF Entity feedback and broadcasts UE's The monitoring response message of digital certificate, the digital certificate include public key;
Sending module 2002, the first discovery response message for being also used to send to monitoring UE, the first discovery response message are taken Neighbouring code with broadcast UE;
Receiving module 2001, is also used to receive the discovery message that monitoring UE is sent, and the discovery message carries message label Name value;
Authentication module 2003, for according in digital certificate public key and the information signature value, determine discovery message Legitimacy.
Optionally, in some embodiments of the invention, authentication module 2003 is specifically used for the public key using digital certificate Information signature value is verified, if information signature value passes through verifying, it is determined that discovery message is legal, if information signature value is not led to Cross verifying, it is determined that discovery message is illegal.
The specific work process of each module can be with refering to fig. 14 in the embodiment or alternative embodiment of PF entity shown in Figure 20 The embodiment or alternative embodiment of the verification method of shown adjacent service realizes that details are not described herein again.
The UE in the embodiment of the present invention is described from the angle of blocking functional entity above, below from hardware UE in the embodiment of the present invention is described in the angle of reason, please refers to Figure 21, another implementation of UE2100 in the embodiment of the present invention Example include:
Reception device 2101, sending device 2102, processor 2103 and memory 2104, (the wherein processing in UE2100 The quantity of device 2103 can be one or more, in Figure 21 by taking a processor 2103 as an example).Processor 2103 and memory 2104 The information outside UE is received by reception device 2101, processor 2103 and memory 2104 pass through sending device 2102 for information It is sent to outside UE.In some embodiments of the invention, it reception device 2101, sending device 2102, processor 2103 and deposits Reservoir 2104 can be connected by bus or other means, wherein in Figure 21 for being connected by bus.
The monitoring UE in the embodiment of the present invention is described below in conjunction with hardware shown in Figure 21, please refers to Figure 21, this One embodiment of monitoring UE includes: in inventive embodiments
Sending device 2102, for sending the first discovery request to the first PF entity, the first discovery request carries broadcast The proximity application of UE identifies, and the first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Reception device 2101, for receiving the first discovery response message of the first PF Entity feedback, the first discovery response disappears Breath carries the neighbouring code of the indicated broadcast UE of the proximity application mark;
Reception device 2101, is also used to receive discovery message, and discovery message carries information signature value and neighbouring code;Its In, the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, alternatively, described first It was found that response message carries the digital certificate of the broadcast UE;
Processor 2103, if the neighbouring code for being also used to find that message carries is identical as the broadcast neighbouring code of UE, according to public affairs Key determines the legitimacy of discovery message;
Memory 2104, for storing the first discovery request, the first discovery response message and discovery message.
Wherein, processor 2103 is specifically used for verifying information signature value using public key, if information signature value passes through Verifying, it is determined that discovery message is legal, if information signature value is unverified, it is determined that discovery message is illegal.
Wherein, processor 2103 is specifically used for when finding message further includes first time information, the first time letter Breath is used to indicate the generation moment of the information signature value, determines the legal of discovery message according to public key and first time information Property.
Wherein, processor 2103 are also used to obtain the second temporal information according to local clock, and the second temporal information is for referring to At the time of showing that monitoring UE receives discovery message.
Wherein, processor 2103 are also used to when the first discovery response message further includes allowing shift durations, if when first Between time difference of information and the second temporal information be no more than and allow shift durations, then execute monitoring UE according to public key and first time Information determines the step of legitimacy of discovery message.
Wherein, processor 2103 is also used to before processor 2103 determines the legitimacy of discovery message according to public key, root According to the legitimacy of digital certificate authentication public key.
Wherein, processor 2103 is also used to judge whether digital certificate has been revoked by OCSP, if digital certificate is It is revoked, it is determined that public key is illegal, if digital certificate is not revoked, the legitimacy of digital certificate is verified, if digital certificate Legal, then public key is legal.
Wherein, processor 2103 is also used to judge number card according to CRL when the first discovery response message further includes CRL Whether book has been revoked, if digital certificate has been revoked, it is determined that public key is illegal, if digital certificate is not revoked, tests The legitimacy of digital certificate is demonstrate,proved, if digital certificate is legal, public key is legal.
The broadcast UE in the embodiment of the present invention is described below in conjunction with hardware shown in Figure 21, please refers to Figure 21, this One embodiment of broadcast UE includes: in inventive embodiments
Sending device 2102, the second discovery for sending the digital certificate for carrying broadcast UE to the 2nd PF entity are asked It asks, the 2nd PF entity is the adjacent service functional entity for broadcasting the belonging area network of UE;
Reception device 2101, for receiving the second discovery response message of the 2nd PF Entity feedback, the second discovery response disappears Breath carries neighbouring code;
Processor 2103 carries out signature to neighbouring code for the private key using broadcast UE and generates information signature value;
Sending device 2102, for sending discovery message to monitoring UE, discovery message carries information signature value and neighbouring Code;
Memory 2104, for storing private key, the second discovery request, the second discovery response message and discovery message.
Wherein, discovery message further includes first time information, and first time information is used to indicate the information signature value Generate the moment;
Processor 2103 is specifically used for the private key using broadcast UE, carries out to the neighbouring code and the first time information Signature generates information signature value.
Figure 21 is please referred to, another embodiment that UE is broadcasted in the embodiment of the present invention includes:
Sending device 2102, for sending the second discovery request to the 2nd PF entity, the 2nd PF entity is to broadcast returning for UE The adjacent service functional entity of possession network;
Reception device 2101, for receiving the second discovery response message of the 2nd PF Entity feedback, the second discovery response disappears Breath carries neighbouring code;
Processor 2103 carries out signature to neighbouring code for the private key according to broadcast UE and generates information signature value;
Sending device 2102 is also used to send discovery message to monitoring UE, and discovery message carries information signature value, neighbouring The digital certificate of code and broadcast UE, digital certificate include public key corresponding with private key.
Wherein, discovery message also carries first time information, and first time information is used to indicate the information signature value The generation moment;
The processor 2103 is specifically used for the private key according to the broadcast UE, to the neighbouring code and the first time Information carries out signature and generates information signature value.
Above from the angle of blocking functional entity in the embodiment of the present invention monitoring UE or broadcast UE be described, Adjacent service functional entity in the embodiment of the present invention is described from the angle of hardware handles below, in the embodiment of the present invention Adjacent service functional entity includes:
Reception device 2201, sending device 2202, processor 2203 and memory 2204, (wherein, in PF entity 2200 The quantity of processor can be one or more, in Figure 22 by taking a processor 2203 as an example).Processor 2203 and memory 2204 Receiving the information outside server, processor 2203 and memory 2204 by reception device 2201 will by sending device 2202 Information is sent to outside server.In some embodiments of the invention, reception device 2201, sending device 2202, processor 2203 and memory 2204 can be connected by bus or other means, wherein in Figure 22 by by bus connect for.
The 2nd PF entity in the embodiment of the present invention is described below in conjunction with hardware shown in Figure 22, please refers to Figure 22, Another embodiment of the 2nd PF entity includes: in the embodiment of the present invention
Reception device 2201, for receiving the monitoring request of the first PF entity transmission, monitoring request carries broadcast UE's Proximity application mark, monitoring request are that the first PF entity is requested according to the first discovery that monitoring UE is sent;
Processor 2203, for identifying the digital certificate of the neighbouring code and broadcast UE that determine broadcast UE according to proximity application;
Sending device 2202 is also used to send the number of the neighbouring code for carrying broadcast UE and broadcast UE to the first PF entity The monitoring response message of certificate;
Memory 2204, for storing proximity application mark, neighbouring code, monitoring request and monitoring response message.
Wherein, reception device 2101, are also used to receive the second discovery request that broadcast UE is sent, and the second discovery request carries There is the digital certificate of broadcast UE;
Sending device 2102, is also used to send the second discovery response message to broadcast UE, and the second discovery response message carries There is the neighbouring code of broadcast UE;
Processor 2103 is also used to broadcast the digital certificate of UE, the proximity application mark for broadcasting UE and the neighbour of broadcast UE Nearly code is bound.
The first PF entity in the embodiment of the present invention is described below in conjunction with hardware shown in Figure 22, please refers to Figure 22, One embodiment of the first PF entity includes: in the embodiment of the present invention
Reception device 2201, the first discovery request sent for receiving monitoring UE, the first discovery request carry Broadcast the proximity application mark of UE;
Sending device 2202, for sending the monitoring request for carrying proximity application and identifying to the 2nd PF entity, so that the Two PF entities identify the digital certificate of the neighbouring code for obtaining broadcast UE and broadcast UE according to proximity application;
Reception device 2201, is also used to receive the monitoring response message of the 2nd PF Entity feedback, and monitoring response message carries There are the neighbouring code of broadcast UE and the digital certificate of broadcast UE, the digital certificate of the broadcast UE includes public key;
Sending device 2202, is also used to send the first discovery response message to monitoring UE, and the first discovery response message carries There are the neighbouring code of broadcast UE and the digital certificate of broadcast UE;
Memory 2204 disappears for storing the first discovery request, the first discovery response message, monitoring request and monitoring response Breath.
Wherein, sending device 2202 is specifically used for sending the first discovery response message to monitoring UE, and the first discovery response disappears Breath further includes CRL.
Wherein, processor 2203 after the monitoring response message for being also used to receive the 2nd PF Entity feedback, are sentenced according to CRL Whether disconnected digital certificate has been revoked, if digital certificate has been revoked, it is determined that public key is illegal, if digital certificate is not removed Pin, then verify the legitimacy of digital certificate, if digital certificate is legal, determine that public key is legal.
Wherein, processor 2203 after the monitoring response message for being also used to receive the 2nd PF Entity feedback, are sentenced by OCSP Whether disconnected digital certificate has been revoked, if digital certificate has been revoked, it is determined that public key is illegal, if digital certificate is not removed Pin, then verify the legitimacy of digital certificate, if digital certificate is legal, it is determined that public key is legal.
The monitoring UE in the embodiment of the present invention is described below in conjunction with hardware shown in Figure 21, Figure 21 is please referred to, asks Refering to Figure 21, another embodiment that UE is monitored in the embodiment of the present invention includes:
Sending device 2102, for sending the first discovery request to the first PF entity, the first discovery request is carried The proximity application mark of UE is broadcasted, the first PF entity is the adjacent service functional entity for monitoring the belonging area network of UE;
Reception device 2101, for receiving the first discovery response message of the first PF Entity feedback, the first discovery response disappears Breath carries the neighbouring code of broadcast UE;
Reception device 2101, is also used to receive discovery message, and discovery message carries information signature value and neighbouring code;
Sending device 2102, if being also used to find, the neighbouring code that message carries is identical as the neighbouring code of UE is broadcasted, to the One PF entity sends discovery message, so that the first PF entity determines the discovery message according to the public key in digital certificate Legitimacy;
Memory 2104, for the first discovery request, the first discovery response message and discovery message.
The first PF entity in the embodiment of the present invention is described below in conjunction with hardware shown in Figure 22, please refers to Figure 22, Figure 22 is please referred to, one embodiment of the first PF entity includes: in the embodiment of the present invention
Reception device 2201, the first discovery request sent for receiving monitoring UE, first discovery carry broadcast The proximity application of UE identifies;
Sending device 2202, for sending monitoring request to the 2nd PF entity, monitoring request carries proximity application mark;
Reception device 2201 is also used to receive the neighbouring code and digital certificate for carrying broadcast UE of the 2nd PF Entity feedback Monitoring response message, digital certificate include public key;
Sending device 2202, the first discovery response message for being also used to send to monitoring UE, the first discovery response message are taken Neighbouring code with broadcast UE;
Reception device 2201, is also used to receive the discovery message that monitoring UE is sent, and the discovery message carries message label Name value;
Processor 2203, for determining the legitimacy of discovery message according to the public key and information signature value in digital certificate;
Memory 2204 disappears for storing the first discovery request, the first discovery response message, monitoring request and monitoring response Breath and verification result.
Wherein, processor 2203 is specifically used for verifying information signature value using the public key of digital certificate, if message Signature value passes through verifying, it is determined that discovery message is legal, if information signature value is unverified, it is determined that discovery message is illegal.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments Invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each implementation Technical solution documented by example is modified or equivalent replacement of some of the technical features;And these modification or Replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (57)

1. a kind of verification method of adjacent service communication characterized by comprising
It monitors user equipment (UE) and sends the first discovery request to the first adjacent service function PF entity, the first discovery request is taken Proximity application mark with broadcast UE, the first PF entity are the adjacent service function of the belonging area network of the monitoring UE Entity;
The monitoring UE receives the first discovery response message of the first PF Entity feedback, and the first discovery response message is taken Neighbouring code with the indicated broadcast UE of proximity application mark;
The monitoring UE receives discovery message, and the discovery message carries information signature value and neighbouring code;
Wherein, the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, alternatively, institute State the digital certificate that the first discovery response message carries the broadcast UE;
If the neighbouring code of the broadcast UE is identical as the neighbouring code that the discovery message carries, the monitoring UE is according to the public affairs Key determines the legitimacy of the discovery message.
2. the verification method of adjacent service communication according to claim 1, which is characterized in that the monitoring UE is according to Public key determines the legitimacy of the discovery message, comprising:
The monitoring UE uses the public key, verifies to the information signature value;
If the information signature value determines that the discovery message is legal by verifying, the monitoring UE;
If the information signature value is unverified, the monitoring UE determines that the discovery message is illegal.
3. the verification method of adjacent service according to claim 1 communication, which is characterized in that the discovery message further includes First time information, the first time information are used to indicate the generation moment of the information signature value, then the monitoring UE root According to the public key, determine that the legitimacy of the discovery message includes:
The monitoring UE determines the legitimacy of the discovery message according to the public key and the first time information.
4. the verification method of adjacent service communication according to claim 3, which is characterized in that the first discovery response disappears Breath further includes allowing shift durations, and the first discovery response message that the monitoring UE receives the first PF Entity feedback wraps later It includes:
The monitoring UE obtains the second temporal information according to local clock, and second temporal information is used to indicate the monitoring UE At the time of receiving the discovery message;
If the time difference of the first time information and second temporal information is no more than the permission shift durations, execute The step of monitoring UE uses the public key and the first time information, determines the legitimacy of the discovery message.
5. method according to any of claims 1-4, which is characterized in that in the monitoring UE according to the public key, Before the legitimacy for determining the discovery message, the method also includes:
The monitoring UE verifies the legitimacy of the public key according to the digital certificate.
6. the verification method of adjacent service communication according to claim 5, which is characterized in that the monitoring UE is according to Digital certificate, the legitimacy for verifying the public key include:
The monitoring UE judges whether the digital certificate has been revoked by online certificate status protocol OCSP;
If the digital certificate has been revoked, it is determined that the public key is illegal;
If the digital certificate is not revoked, the legitimacy of the digital certificate is verified, if the digital certificate is legal, really The fixed public key is legal.
7. the verification method of adjacent service communication according to claim 5, which is characterized in that the first discovery response disappears Breath further includes certificate revocation list CRL, and according to the digital certificate, the legitimacy for verifying the public key includes: the monitoring UE
The monitoring UE judges whether the digital certificate has been revoked according to the CRL;
If the digital certificate has been revoked, it is determined that the public key is illegal;
If the digital certificate is not revoked, the legitimacy of the digital certificate is verified, if the digital certificate is legal, really The fixed public key is legal.
8. a kind of verification method of adjacent service communication characterized by comprising
Broadcasting user equipment UE sends the of the digital certificate for carrying the broadcast UE to the second adjacent service function PF entity Two discovery requests, the 2nd PF entity are the adjacent service functional entity of the belonging area network of the broadcast UE, the number Certificate includes public key corresponding with the broadcast private key of UE;
The broadcast UE receives the second discovery response message of the 2nd PF Entity feedback, and the second discovery response message is taken With neighbouring code;
The broadcast UE signs to the neighbouring code using the private key, generates information signature value;
The broadcast UE sends discovery message to monitoring UE, and the discovery message carries the information signature value and described neighbouring Code.
9. the verification method of adjacent service according to claim 8 communication, which is characterized in that the discovery message further includes First time information, the first time information are used to indicate the generation moment of the information signature value;
According to the private key of the broadcast UE, carry out signature generation information signature value to the neighbouring code includes: the broadcast UE
The broadcast UE carries out signature generation to the neighbouring code and the first time information according to the private key of the broadcast UE Information signature value.
10. a kind of verification method of adjacent service communication characterized by comprising
Broadcasting user equipment UE sends the second discovery request to the second adjacent service function PF entity, and the 2nd PF entity is institute State the adjacent service functional entity of the belonging area network of broadcast UE;
The broadcast UE receives the second discovery response message of the 2nd PF Entity feedback, and the second discovery response message is taken With neighbouring code;
The broadcast UE carries out signature to the neighbouring code and generates information signature value according to the private key of the broadcast UE;
The broadcast UE sends discovery message to monitoring UE, and the discovery message carries the information signature value, described neighbouring The digital certificate of code and the broadcast UE, the digital certificate include public key corresponding with the private key.
11. the verification method of adjacent service communication according to claim 10, which is characterized in that the discovery message is also taken With first time information, the first time information is used to indicate the generation moment of the information signature value;
According to the private key of the broadcast UE, carry out signature generation information signature value to the neighbouring code includes: the broadcast UE
The broadcast UE carries out signature generation to the neighbouring code and the first time information according to the private key of the broadcast UE Information signature value.
12. a kind of verification method of adjacent service communication characterized by comprising
Second adjacent service function PF entity receives the monitoring request that the first PF entity is sent, and the monitoring request carries broadcast The proximity application of user equipment (UE) identifies, and the monitoring request is the first discovery request, and the 2nd PF entity is the broadcast The adjacent service functional entity of the belonging area network of UE, the first PF entity are the neighbouring of the belonging area network of the monitoring UE Service function entity;
The 2nd PF entity is identified according to the proximity application, determines the neighbouring code of the broadcast UE and the number of the broadcast UE Word certificate;
The 2nd PF entity sends the neighbouring code for carrying the broadcast UE to the first PF entity and described broadcasts UE The monitoring response message of digital certificate.
13. the verification method of adjacent service communication according to claim 12, which is characterized in that the 2nd PF entity connects Include: before receiving the monitoring request of the first PF entity transmission
The 2nd PF entity receives the second discovery request that the broadcast UE is sent, and the second discovery request carries described Broadcast the digital certificate of UE;
The 2nd PF entity sends the second discovery response message to the broadcast UE, and the second discovery response message carries The neighbouring code of the broadcast UE;
The 2nd PF entity by it is described broadcast UE digital certificate, it is described broadcast UE proximity application mark and the broadcast UE Neighbouring code bound.
14. a kind of verification method of adjacent service communication characterized by comprising
First adjacent service function PF entity receives the first discovery request that monitoring user equipment (UE) is sent, and first discovery is asked The proximity application mark for carrying broadcast UE is sought, the first PF entity is the adjacent service of the belonging area network of the monitoring UE Functional entity;
The first PF entity sends monitoring request to the 2nd PF entity, and the monitoring request carries the neighbouring of the broadcast UE Application identities, so that the 2nd PF entity obtains the neighbouring code of the broadcast UE according to the proximity application mark of the broadcast UE With the digital certificate of the broadcast UE, the 2nd PF entity is that the adjacent service function of the belonging area network of the broadcast UE is real Body;
The first PF entity receives the monitoring response message of the 2nd PF Entity feedback, and the monitoring response message carries The digital certificate of the digital certificate of the neighbouring code of the broadcast UE and the broadcast UE, the broadcast UE includes public key;
The first PF entity sends the first discovery response message to the monitoring UE, and the first discovery response message carries The neighbouring code of the digital certificate of the broadcast UE and the broadcast UE.
15. the verification method of adjacent service communication according to claim 14, it is characterised in that;The first PF entity connects After the monitoring response message for receiving the 2nd PF Entity feedback further include:
The first PF entity judges whether the digital certificate has been revoked according to certificate revocation list CRL;
If the digital certificate has been revoked, it is determined that the public key is illegal;
If the digital certificate is not revoked, the legitimacy of the digital certificate is verified, if the digital certificate is legal, is determined The public key is legal.
16. the verification method of adjacent service communication according to claim 14, which is characterized in that the first PF entity connects After the monitoring response message for receiving the 2nd PF Entity feedback further include:
The first PF entity judges whether the digital certificate has been revoked by online certificate status protocol OCSP;
If the digital certificate has been revoked, it is determined that the public key is illegal;
If the digital certificate is not revoked, the legitimacy of the digital certificate is verified, if the digital certificate is legal, really The fixed public key is legal.
17. a kind of verification method of adjacent service communication characterized by comprising
It monitors user equipment (UE) and sends the first discovery request to the first adjacent service function PF entity, the first discovery request is taken Proximity application mark with broadcast UE, the first PF entity are the adjacent service function of the belonging area network of the monitoring UE Entity;
The monitoring UE receives the first discovery response message of the first PF Entity feedback, and the first discovery response message is taken Neighbouring code with the broadcast UE;
The monitoring UE receives discovery message, and the discovery message carries information signature value and neighbouring code;
If the neighbouring code that the discovery message carries is identical as the broadcast neighbouring code of UE, the monitoring UE is to described first PF entity sends the discovery message.
18. a kind of verification method of adjacent service communication characterized by comprising
First adjacent service function PF entity receives the first discovery request that monitoring user equipment (UE) is sent, the first PF entity For the adjacent service functional entity of the belonging area network of the monitoring UE;
The first PF entity sends monitoring request to the 2nd PF entity, and the monitoring request carries the proximity application of broadcast UE Mark, the 2nd PF entity are the adjacent service functional entity of the belonging area network of the broadcast UE;
The first PF entity receive the 2nd PF Entity feedback carry it is described broadcast UE neighbouring code and the broadcast The monitoring response message of the digital certificate of UE, the digital certificate include public key;
The first PF entity sends the first discovery response message to the monitoring UE, and the first discovery response message carries The neighbouring code of the broadcast UE;
The first PF entity receives the discovery message that the monitoring UE is sent, and the discovery message carries information signature value;
The first PF entity according in the digital certificate the public key and the information signature value, determine it is described discovery disappear The legitimacy of breath.
19. the verification method of adjacent service communication according to claim 18, which is characterized in that the first PF entity root The public key and the information signature value according to the digital certificate determine the legitimacy of the discovery message, comprising:
The first PF entity uses the public key of the digital certificate, verifies to the information signature value;
If the information signature value determines that the discovery message is legal by verifying, the first PF entity;
If information signature value is unverified, the first PF entity determines that the discovery message is illegal.
20. a kind of user equipment (UE), which is characterized in that the UE, which is used as, monitors UE, and the UE includes:
Sending module, for sending the first discovery request to the first adjacent service function PF entity, the first discovery request is taken Proximity application mark with broadcast UE, the first PF entity are the adjacent service function reality for monitoring the belonging area network of UE Body;
Receiving module, for receiving the first discovery response message of the first PF Entity feedback, the first discovery response disappears Breath carries the neighbouring code of the indicated broadcast UE of the proximity application mark;
The receiving module, is also used to receive discovery message, and the discovery message carries information signature value and neighbouring code;Its In, the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, alternatively, described first It was found that response message carries the digital certificate of the broadcast UE;
Authentication module, if the neighbouring code for the broadcast UE is identical as the neighbouring code that the discovery message carries, according to institute State the legitimacy that public key determines the discovery message.
21. UE according to claim 20, which is characterized in that the authentication module is specifically used for using the public key to institute It states information signature value to be verified, if the information signature value passes through verifying, it is determined that the discovery message is legal, if described disappear It is unverified to cease signature value, it is determined that the discovery message is illegal.
22. UE according to claim 20, which is characterized in that the authentication module is specifically used for working as the discovery message also When including first time information, the first time information is used to indicate the generation moment of the information signature value, according to described Public key and the first time information determine the legitimacy of the discovery message.
23. UE according to claim 22, which is characterized in that the UE further include:
Module is obtained, is also used to obtain the second temporal information according to local clock, second temporal information is used to indicate described At the time of monitoring the UE reception discovery message;
The authentication module is also used to when the first discovery response message further includes allowing shift durations, if described first The time difference of temporal information and second temporal information is no more than the permission shift durations, then executes the monitoring UE and use The public key and the first time information, determine it is described discovery message legitimacy the step of.
24. the UE according to any one of claim 20-23, which is characterized in that the authentication module is also used to described Authentication module is according to the public key, before the legitimacy for determining the discovery message, according to public affairs described in the digital certificate authentication The legitimacy of key.
25. UE according to claim 24, which is characterized in that the authentication module is specifically used for passing through online certificate status Agreement OCSP judges whether the digital certificate has been revoked, if the digital certificate has been revoked, it is determined that the public key It is illegal, if the digital certificate is not revoked, the legitimacy of the digital certificate is verified, if the digital certificate is legal, Then the public key is legal.
26. UE according to claim 24, which is characterized in that the authentication module is specifically used for ringing when first discovery When to answer message further include certificate revocation list CRL, judge whether the digital certificate has been revoked according to the CRL, if described Digital certificate has been revoked, it is determined that the public key is illegal, if the digital certificate is not revoked, verifies the number The legitimacy of certificate, if the digital certificate is legal, the public key is legal.
27. a kind of user equipment (UE), which is characterized in that the UE, which is used as, broadcasts UE, and the UE includes:
Sending module, for sending the second discovery request for carrying digital certificate, institute to the second adjacent service function PF entity Stating the 2nd PF entity is the adjacent service functional entity for broadcasting the belonging area network of UE, and the digital certificate includes and the broadcast The corresponding public key of the private key of UE;
Receiving module, for receiving the second discovery response message of the 2nd PF Entity feedback, the second discovery response disappears Breath carries neighbouring code;
Generation module carries out signature to the neighbouring code for the private key using broadcast UE and generates information signature value;
The sending module, for monitoring UE send discovery message, the discovery message carry the information signature value and The neighbouring code.
28. UE according to claim 27, which is characterized in that the discovery message further includes first time information, described First time information is used to indicate the generation moment of the information signature value;
The generation module is specifically used for the private key according to the broadcast UE, to the neighbouring code and the first time information into Row signature generates information signature value.
29. a kind of UE, which is characterized in that the UE is as broadcast UE, comprising:
Sending module, for sending the second discovery request to the second adjacent service function PF entity, the 2nd PF entity is institute State the adjacent service functional entity of the belonging area network of broadcast UE;
Receiving module, for receiving the second discovery response message of the 2nd PF Entity feedback, the second discovery response disappears Breath carries neighbouring code;
Generation module carries out signature to the neighbouring code and generates information signature value for the private key according to the broadcast UE;
The sending module, be also used to monitoring UE send discovery message, the discovery message carry the information signature value, The digital certificate of the neighbouring code and the broadcast UE, the digital certificate include public key corresponding with the private key.
30. UE according to claim 29, which is characterized in that the discovery message also carries first time information, institute State the generation moment that first time information is used to indicate the information signature value;
The generation module is specifically used for the private key according to the broadcast UE, to the neighbouring code and the first time information into Row signature generates information signature value.
31. a kind of adjacent service function PF entity, which is characterized in that the PF entity is as the 2nd PF entity, the 2nd PF Entity is the adjacent service functional entity for broadcasting the belonging area network of UE, comprising:
Receiving module, for receiving the monitoring request of the first PF entity transmission, the monitoring request carries proximity application mark, The monitoring request is the first discovery request, and the first PF entity is the adjacent service function of the belonging area network of the monitoring UE It can entity;
Determining module determines that the neighbouring code of broadcast UE and the digital of broadcast UE are demonstrate,proved for identifying according to the proximity application Book;
Sending module is also used to send the neighbouring code and the digital certificate for carrying the broadcast UE to the first PF entity Monitoring response message.
32. PF entity according to claim 31, which is characterized in that
The receiving module, is also used to receive the second discovery request that the broadcast UE is sent, and the second discovery request carries There is the digital certificate of the broadcast UE;
The sending module is also used to send the second discovery response message, the second discovery response message to the broadcast UE Carry the neighbouring code of the broadcast UE;
The PF entity further include:
Binding module, for by it is described broadcast UE digital certificate, broadcast UE proximity application mark and it is described broadcast UE neighbour Nearly code with bound.
33. a kind of adjacent service function PF entity, which is characterized in that the PF entity is as the first PF entity, the first PF Entity is the adjacent service functional entity for monitoring the belonging area network of UE, and the PF entity includes:
Receiving module, the first discovery request sent for receiving monitoring user equipment (UE), the first discovery request carry Broadcast the proximity application mark of UE;
Sending module, for sending monitoring request to the 2nd PF entity, the monitoring request carries the proximity application of broadcast UE Mark, so that the 2nd PF entity obtains neighbouring code and the institute of the broadcast UE according to the proximity application mark of the broadcast UE The digital certificate of broadcast UE is stated, the 2nd PF entity is the adjacent service functional entity of the belonging area network of the broadcast UE;
The receiving module is also used to receive the monitoring response message of the 2nd PF Entity feedback, the monitoring response message The neighbouring code of broadcast UE and the digital certificate of broadcast UE are carried, the digital certificate of the broadcast UE includes public key;
The sending module is also used to send the first discovery response message, the first discovery response message to the monitoring UE Carry the digital certificate of the broadcast UE and the neighbouring code of the broadcast UE.
34. PF entity according to claim 33, which is characterized in that the PF entity further include:
First authentication module after the monitoring response message for receiving the 2nd PF Entity feedback, is arranged according to certificate revocation Table CRL judges whether the digital certificate has been revoked, if the digital certificate has been revoked, it is determined that public key is illegal, If the digital certificate is not revoked, the legitimacy of the digital certificate is verified, if the digital certificate is legal, determines public key It is legal.
35. PF entity according to claim 33, which is characterized in that the PF entity further include:
Second authentication module after the monitoring response message for receiving the 2nd PF Entity feedback, passes through online certificate shape State agreement OCSP judges whether the digital certificate has been revoked, if the digital certificate has been revoked, it is determined that public key is not It is legal, if the digital certificate is not revoked, the legitimacy of the digital certificate is verified, if the digital certificate is legal, really It is legal to determine public key.
36. a kind of user equipment (UE), which is characterized in that the UE, which is used as, monitors UE, and the UE includes:
Sending module, for sending the first discovery request to the first adjacent service function PF entity, the first discovery request is taken Proximity application mark with broadcast UE, the first PF entity are the adjacent service function reality for monitoring the belonging area network of UE Body;
Receiving module, for receiving the first discovery response message of the first PF Entity feedback, the first discovery response disappears Breath carries the neighbouring code of broadcast UE;
The receiving module, is also used to receive discovery message, and the discovery message carries information signature value and neighbouring code;
The sending module, if the neighbouring code for being also used to the discovery message carrying is identical as the broadcast neighbouring code of UE, The discovery message is sent to the first PF entity, so that the first PF entity determines the discovery message according to public key Legitimacy.
37. a kind of adjacent service function PF entity, which is characterized in that the PF entity is as the first PF entity, the first PF Entity is the adjacent service functional entity for monitoring the belonging area network of UE, comprising:
Receiving module, the first discovery request sent for receiving monitoring user equipment (UE), first discovery carry broadcast The proximity application of UE identifies;
Sending module, for sending monitoring request to the 2nd PF entity, the monitoring request carries the proximity application mark;
The receiving module is also used to receive the neighbouring code for carrying broadcast UE of the 2nd PF Entity feedback and broadcasts UE's The monitoring response message of digital certificate, the digital certificate include public key;
The sending module, is also used to the first discovery response message sent to the monitoring UE, and the first discovery response disappears Breath carries the neighbouring code of the broadcast UE;
The receiving module, is also used to receive the discovery message that the monitoring UE is sent, and the discovery message carries message label Name value;
Authentication module, for according in the digital certificate public key and the information signature value, determine the discovery message Legitimacy.
38. the PF entity according to claim 37, which is characterized in that the authentication module is specifically used for using the number The public key of certificate verifies the information signature value, if the information signature value passes through verifying, it is determined that the discovery disappears It is legal to cease, if information signature value is unverified, it is determined that the discovery message is illegal.
39. a kind of user equipment (UE), which is characterized in that the UE, which is used as, monitors UE, and the UE includes:
Reception device, sending device, processor and memory;
The sending device, for sending the first discovery request to the first adjacent service function PF entity, first discovery is asked The proximity application mark for carrying broadcast UE is sought, the first PF entity is the adjacent service function of monitoring the belonging area network of UE Entity;
The reception device, for receiving the first discovery response message of the first PF Entity feedback, first discovery is rung Message is answered to carry the neighbouring code of the indicated broadcast UE of the proximity application mark;
The reception device, is also used to receive discovery message, and the discovery message carries information signature value and neighbouring code;Its In, the discovery message carries the digital certificate of the broadcast UE, and the digital certificate includes public key, alternatively, described first It was found that response message carries the digital certificate of the broadcast UE;
The processor, if the neighbouring code for being also used to the discovery message carrying is identical as the broadcast neighbouring code of UE, root The legitimacy of the discovery message is determined according to the public key;
The memory, for storing the first discovery request, the first discovery response message and the discovery message.
40. UE according to claim 39, which is characterized in that the processor is specifically used for using the public key to described Information signature value is verified, if the information signature value passes through verifying, it is determined that the discovery message is legal, if the message Signature value is unverified, it is determined that the discovery message is illegal.
41. UE according to claim 39, which is characterized in that
The processor is specifically used for when the discovery message further includes first time information, and the first time information is used for The generation moment for indicating the information signature value determines the discovery message according to the public key and the first time information Legitimacy.
42. UE according to claim 41, which is characterized in that
The processor is also used to obtain the second temporal information according to local clock, and second temporal information is used to indicate institute At the time of stating the monitoring UE reception discovery message;
The processor is also used to when the first discovery response message further includes allowing shift durations, if when described first Between time difference of information and second temporal information be no more than the permission shift durations, then execute the monitoring UE according to institute The step of stating public key and the first time information, determining the legitimacy of the discovery message.
43. the UE according to any one of claim 39-42, which is characterized in that
The processor, before being also used to determine the legitimacy for finding message according to the public key in the processor, root According to the legitimacy of public key described in the digital certificate authentication.
44. UE according to claim 43, which is characterized in that
The processor is also used to judge whether the digital certificate has been revoked by online certificate status protocol OCSP, if The digital certificate has been revoked, it is determined that the public key is illegal, if the digital certificate is not revoked, described in verifying The legitimacy of digital certificate, if the digital certificate is legal, the public key is legal.
45. UE according to claim 43, which is characterized in that
The processor is also used to when the first discovery response message further includes certificate revocation list CRL, according to described CRL judges whether the digital certificate has been revoked, if the digital certificate has been revoked, it is determined that the public key does not conform to Method verifies the legitimacy of the digital certificate if the digital certificate is not revoked, if the digital certificate is legal, institute It is legal to state public key.
46. a kind of user equipment (UE), which is characterized in that the UE, which is used as, broadcasts UE, and the UE includes:
Reception device, sending device, processor and memory;
The sending device, for sending the second of the digital certificate for carrying broadcast UE to the second adjacent service function PF entity It was found that request, the 2nd PF entity is the adjacent service functional entity for broadcasting the belonging area network of UE;
The reception device, for receiving the second discovery response message of the 2nd PF Entity feedback, second discovery is rung Message is answered to carry neighbouring code;
The processor carries out signature to the neighbouring code for the private key using broadcast UE and generates information signature value;
The sending device, for sending discovery message to monitoring user equipment (UE), the discovery message carries the message Signature value and neighbouring code;
The memory, for storing the private key, the second discovery request, the second discovery response message and the hair Existing message.
47. UE according to claim 46, which is characterized in that the discovery message further includes first time information, described First time information is used to indicate the generation moment of the information signature value;
The processor is specifically used for signing to the neighbouring code and the first time information using the private key of broadcast UE Generate information signature value.
48. a kind of user equipment (UE), which is characterized in that the UE is as broadcast UE, comprising:
Sending device, for sending the second discovery request to the second adjacent service function PF entity, the 2nd PF entity is institute State the adjacent service functional entity of the belonging area network of broadcast UE;
Reception device, for receiving the second discovery response message of the 2nd PF Entity feedback, the second discovery response disappears Breath carries neighbouring code;
Processor carries out signature to the neighbouring code and generates information signature value for the private key according to the broadcast UE;
The sending device, be also used to monitoring UE send discovery message, the discovery message carry the information signature value, The digital certificate of the neighbouring code and the broadcast UE, the digital certificate include public key corresponding with the private key.
49. UE according to claim 48, which is characterized in that the discovery message also carries first time information, institute State the generation moment that first time information is used to indicate the information signature value;
The processor is specifically used for carrying out the neighbouring code and the first time information according to the private key of the broadcast UE Signature generates information signature value.
50. a kind of adjacent service function PF entity, which is characterized in that the PF entity is as the 2nd PF entity, the 2nd PF Entity is the adjacent service functional entity for broadcasting the belonging area network of UE, and the PF entity includes:
Reception device, sending device, processor and memory;
The reception device, for receiving the monitoring request of the first PF entity transmission, the monitoring request carries broadcast UE's Proximity application mark, the monitoring request are the first discovery requests;
The processor, for identifying the digital certificate of the neighbouring code and broadcast UE that determine broadcast UE according to the proximity application;
The sending device is also used to send the neighbouring code for carrying the broadcast UE and the number to the first PF entity The monitoring response message of certificate;
The memory leads nearly application identities, neighbouring code, monitoring request and the monitoring response message for storing.
51. PF entity according to claim 50, which is characterized in that
The reception device, is also used to receive the second discovery request that the broadcast UE is sent, and the second discovery request carries There is the digital certificate of the broadcast UE;
The sending device is also used to send the second discovery response message, the second discovery response message to the broadcast UE Carry the neighbouring code of the broadcast UE;
The processor is also used to broadcast the digital certificate of UE, broadcasts the proximity application mark of UE and the neighbour of the broadcast UE Nearly code is bound.
52. a kind of adjacent service function PF entity, which is characterized in that the PF entity is as the first PF entity, the first PF Entity is the adjacent service functional entity for monitoring the belonging area network of UE, and the PF entity includes:
Reception device, the first discovery request sent for receiving monitoring user equipment (UE), the first discovery request carry Broadcast the proximity application mark of UE;
Sending device, for sending monitoring request to the 2nd PF entity, the monitoring request carries the proximity application of broadcast UE Mark, so that the 2nd PF entity obtains the neighbouring code and broadcast UE of broadcast UE according to the proximity application mark of the broadcast UE Digital certificate, the 2nd PF entity be it is described broadcast UE belonging area network adjacent service functional entity;
The reception device is also used to receive the monitoring response message of the 2nd PF Entity feedback, the monitoring response message The neighbouring code of broadcast UE and the digital certificate of broadcast UE are carried, the digital certificate of the broadcast UE includes public key;
The sending device is also used to send the first discovery response message, the first discovery response message to the monitoring UE Carry the digital certificate of the broadcast UE and the neighbouring code of the broadcast UE;
Memory, for storing the first discovery request, the first discovery response message, monitoring request and the prison Survey response message.
53. PF entity according to claim 52, which is characterized in that
Processor, after the monitoring response message for being also used to receive the 2nd PF Entity feedback, according to certificate revocation list CRL Judging whether the digital certificate has been revoked, if the digital certificate has been revoked, it is determined that the public key is illegal, if The digital certificate is not revoked, then verifies the legitimacy of the digital certificate, if the digital certificate is legal, determines the public affairs Key is legal.
54. PF entity according to claim 52, which is characterized in that
Processor after the monitoring response message for being also used to receive the 2nd PF Entity feedback, is assisted by online certificate status View OCSP judges whether the digital certificate has been revoked, if the digital certificate has been revoked, it is determined that the public key is not It is legal, if the digital certificate is not revoked, the legitimacy of the digital certificate is verified, if the digital certificate is legal, Determine that the public key is legal.
55. a kind of user equipment (UE), which is characterized in that the UE, which is used as, monitors UE, and the UE includes:
Reception device, sending device, processor and memory;
The sending device, for sending the first discovery request to the first adjacent service function PF entity, first discovery is asked The proximity application mark for carrying broadcast UE is sought, the first PF entity is the adjacent service function of monitoring the belonging area network of UE Entity;
The reception device, for receiving the first discovery response message of the first PF Entity feedback, first discovery is rung Message is answered to carry the neighbouring code of broadcast UE;
The reception device, is also used to receive discovery message, and the discovery message carries information signature value and neighbouring code;
The sending device, if the neighbouring code for being also used to the discovery message carrying is identical as the broadcast neighbouring code of UE, The discovery message is sent to the first PF entity, so that the first PF entity determines the discovery message according to public key Legitimacy;
The memory, for the first discovery request, the first discovery response message and the discovery message.
56. a kind of adjacent service function PF entity, which is characterized in that the PF entity is as the first PF entity, the first PF Entity is the entity for monitoring the belonging area network of UE, comprising:
Reception device, sending device, processor and memory;
The reception device, the first discovery request sent for receiving monitoring user equipment (UE), first discovery carry Broadcast the proximity application mark of UE;
The sending device, for sending monitoring request to the 2nd PF entity, the monitoring request carries the proximity application Mark, the 2nd PF entity are the adjacent service functional entity of the belonging area network of the broadcast UE;
The reception device is also used to receive the neighbouring code for carrying broadcast UE of the 2nd PF Entity feedback and broadcasts UE's The monitoring response message of digital certificate, the digital certificate include public key;
The sending device, is also used to the first discovery response message sent to the monitoring UE, and the first discovery response disappears Breath carries the neighbouring code of the broadcast UE;
The reception device, is also used to receive the discovery message that the monitoring UE is sent, and the discovery message carries message label Name value;
The processor, for according in the digital certificate public key and the information signature value, determine the discovery message Legitimacy;
The memory, for storing the first discovery request, the first discovery response message, monitoring request, institute State monitoring response message and verification result.
57. PF entity according to claim 56, which is characterized in that
The processor is specifically used for verifying the information signature value using the public key of the digital certificate, if described disappear Breath signature value passes through verifying, it is determined that the discovery message is legal, if information signature value is unverified, it is determined that the discovery Message is illegal.
CN201580027986.4A 2015-07-13 2015-07-13 Verification method, user equipment and the adjacent service functional entity of adjacent service communication Active CN107005913B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/083866 WO2017008223A1 (en) 2015-07-13 2015-07-13 Proximity service communication authentication method, user equipment, and proximity service function entity

Publications (2)

Publication Number Publication Date
CN107005913A CN107005913A (en) 2017-08-01
CN107005913B true CN107005913B (en) 2019-11-29

Family

ID=57756703

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580027986.4A Active CN107005913B (en) 2015-07-13 2015-07-13 Verification method, user equipment and the adjacent service functional entity of adjacent service communication

Country Status (2)

Country Link
CN (1) CN107005913B (en)
WO (1) WO2017008223A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11474259B2 (en) 2017-10-12 2022-10-18 Huawei Technologies Co., Ltd. Positioning method and device
WO2020133543A1 (en) 2018-12-29 2020-07-02 华为技术有限公司 Communication method and related product
CN111447213B (en) * 2020-03-24 2022-07-05 杭州海康威视数字技术股份有限公司 Verification code determination method and device for discovery service and equipment discovery system
CN117223300A (en) * 2022-03-11 2023-12-12 北京小米移动软件有限公司 Distance measuring method and device
CN114697945B (en) * 2022-04-02 2023-10-24 中国电信股份有限公司 Method and device for generating discovery response message and method for processing discovery message

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014208035A1 (en) * 2013-06-28 2014-12-31 Nec Corporation Security for prose group communication
CN104754576A (en) * 2013-12-31 2015-07-01 华为技术有限公司 Equipment verification method, user equipment and network equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102043006B1 (en) * 2013-05-14 2019-11-13 삼성전자주식회사 METHOD FOR COMMUNICATING BETWEEN UEs IN WIRELESS COMMUNICATIN SYSTEMS
CN105210418B (en) * 2013-05-16 2019-05-31 三星电子株式会社 Scheme in communication network for discovery

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014208035A1 (en) * 2013-06-28 2014-12-31 Nec Corporation Security for prose group communication
CN104754576A (en) * 2013-12-31 2015-07-01 华为技术有限公司 Equipment verification method, user equipment and network equipment

Also Published As

Publication number Publication date
CN107005913A (en) 2017-08-01
WO2017008223A1 (en) 2017-01-19

Similar Documents

Publication Publication Date Title
CN107005913B (en) Verification method, user equipment and the adjacent service functional entity of adjacent service communication
CN107171806B (en) Mobile terminal network key negotiation method based on block chain
CN105162772B (en) A kind of internet of things equipment certifiede-mail protocol method and apparatus
CN104145465B (en) The method and apparatus of bootstrapping based on group in machine type communication
CN102577462B (en) Methods and apparatus for deriving, communicating and/or verifying ownership of expressions
JP5468137B2 (en) Entity two-way authentication method introducing online third party device
JP5370373B2 (en) Entities' bidirectional identification method based on a practical and reliable third party
CN101364876B (en) Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN108737430A (en) The encryption communication method and system of block chain node
CN101364875B (en) Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN101674182B (en) Entity public key acquisition and certificate verification and authentication method and system of introducing online trusted third party
US10742426B2 (en) Public key infrastructure and method of distribution
CN109345245A (en) Short-message verification method, equipment, network and storage medium based on block chain
CN109005033B (en) Method for realizing block chain real-name system registration based on mobile phone number
JP2013520070A (en) Discovery of credibility in communication networks
CN101667916A (en) Method of identifying user identity by digital certificate based on separating mapping network
CN109150546A (en) The method for realizing the registration of block chain system of real name based on phone number
JP5468138B2 (en) Entity authentication method for introducing online third-party devices
CN104955039B (en) A kind of method and apparatus of network authentication certification
CN104935441A (en) Authentication method and relevant devices and systems
US20170244567A1 (en) Technique for handling data in a data network
Nguyen et al. Trusted wireless monitoring based on distributed ledgers over NB-IoT connectivity
CN105471845A (en) Communication method and communication system for preventing man-in-the-middle attack
CN104283899A (en) User anonymous identity authentication protocol based on k-pseudonym set in wireless network
CN109327475B (en) Multi-layer identity authentication method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210420

Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040

Patentee after: Honor Device Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.