CN110809892B

CN110809892B - Authentication method, terminal and network equipment

Info

Publication number: CN110809892B
Application number: CN201780092233.0A
Authority: CN
Inventors: 衣强; 龙水平
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2017-06-30
Filing date: 2017-06-30
Publication date: 2021-12-14
Anticipated expiration: 2037-06-30
Also published as: CN110809892A; WO2019000405A1

Abstract

The embodiment of the application provides an authentication method, and through interaction among a first terminal, a second terminal serving as relay equipment and network equipment, a network can directly authenticate the first terminal which uses the second terminal as the relay equipment for communication, so that the safety is improved.

Description

Authentication method, terminal and network equipment

Technical Field

The present application relates to the field of communications, and in particular, to an authentication method, a terminal, and a network device.

Background

With the popularization of wearable devices, it is becoming a trend that the wearable devices are directly connected to a network. The wearable device accesses the network by using other terminals, such as a mobile phone, as relay terminals, so that the electric quantity of the wearable device can be saved, and the data transmission efficiency of the wearable device can be improved.

Currently, in the process that the wearable device accesses the network through other terminals as relay terminals, a direct authentication process of an operator network for the wearable device is lacked.

Content of application

The application provides an authentication method, a terminal and network equipment, and aims to solve the problem of how to realize direct authentication of an operator network on wearable equipment to improve safety under the condition that the wearable equipment uses the terminal as a relay access network.

In order to achieve the above object, the present application provides the following technical solutions:

a first aspect of the present application provides an authentication method, including: the first terminal discovers a second terminal, and the second terminal is a relay terminal. And the first terminal sends a direct communication request message to the second terminal, wherein the direct communication request message comprises the identifier of the first terminal. The first terminal receives a direct security mode command message sent by the second terminal, wherein the direct security mode command message includes a random number RAND, and the RAND is obtained by the second terminal from a mobility management entity to which the second terminal belongs. The first terminal generates a response value RES according to the RAND. And the first terminal sends a direct security mode completion message to the second terminal, wherein the direct security mode completion message comprises the RES, so that the second terminal sends the RES to a mobility management entity to which the second terminal belongs, and the first terminal is authenticated by the mobility management entity to which the second terminal belongs. It can be seen that, through interaction with the second terminal, the first terminal can enable the mobility management entity to which the second terminal belongs to authenticate the first terminal. Therefore, the network equipment directly authenticates the first terminal accessed through the relay equipment, and the safety can be improved.

A second aspect of the present application provides a terminal, which is a first terminal, including: a processor, a transmitter, and a receiver. The processor is configured to discover a second terminal, which is a relay terminal. The transmitter is configured to send a direct communication request message to the second terminal, where the direct communication request message includes an identifier of the first terminal. The receiver is configured to receive a direct security mode command message sent by the second terminal, where the direct security mode command message includes a random number RAND, and the RAND is obtained by the second terminal from a mobility management entity to which the second terminal belongs. The processor is further configured to generate a response value RES in dependence on the RAND. The sender is further configured to send a direct security mode complete message to the second terminal, where the direct security mode complete message includes the RES, so that the second terminal sends the RES to which the second terminal belongs, and the first terminal is authenticated by the home of the second terminal.

In one implementation, after the first terminal sends a direct security mode complete message to the second terminal, the method further includes: the first terminal sends an attach request to a mobility management entity to which the first terminal belongs through the second terminal, where the attach request includes the RAND, and the RAND is used to instruct the mobility management entity to which the second terminal belongs to that the first terminal uses a key in an authentication vector corresponding to the RAND as a root key to perform communication. In the process of attaching the remote UE to the network, the root key Kasme between the remote UE and the MME may be determined by using the authentication vector obtained in the process of establishing the near field communication link, without performing the AKA procedure between the remote UE and the MME in the related art to authenticate and negotiate to generate the root key.

In one implementation, after the first terminal sends a direct security mode complete message to the second terminal, the method further includes: the first terminal sends an attach request to a mobility management entity to which the second terminal belongs through the second terminal, where the attach request includes the RAND and the RES, the RES is used for authenticating the first terminal by the mobility management entity to which the second terminal belongs, and the RAND is used for indicating that the first terminal uses a key in an authentication vector corresponding to the RAND as a root key to perform communication when the mobility management entity to which the second terminal belongs passes authentication of the first terminal. In the process of attaching the remote UE to the network, the root key Kasme between the remote UE and the MME may be determined by using the authentication vector obtained in the process of establishing the near field communication link, without performing the AKA procedure between the remote UE and the MME in the related art to authenticate and negotiate to generate the root key.

In one implementation, the direct security mode command message further includes: and accessing a security management entity key AUTN. The method further comprises the following steps: and the first terminal generates a second secret key according to the RAND and the AUTN, and generates a first secret key based on the second secret key, wherein the first secret key is a root secret key for communication between the first terminal and the second terminal. It can be seen that in addition to authenticating the first terminal, a root key may be generated for the first terminal to communicate with the second terminal.

A third aspect of the present application provides an authentication method, including: the second terminal receives a direct communication request message sent by the first terminal, wherein the direct communication request message comprises the identifier of the first terminal. And the second terminal sends the identifier of the first terminal to a mobility management entity to which the second terminal belongs. And the second terminal receives a random number RAND sent by a mobility management entity to which the second terminal belongs, wherein the RAND is acquired by the mobility management entity to which the second terminal belongs according to the identifier of the first terminal. The second terminal sends a direct security mode command message to the first terminal, the direct security mode command message including the RAND. And the second terminal receives a direct security mode completion message sent by the first terminal, wherein the direct security mode completion message comprises a response value RES, and the RES is generated by the first terminal according to the RAND. And the second terminal sends the RES to a mobility management entity to which the second terminal belongs, so that the mobility management entity to which the second terminal belongs authenticates the first terminal. Therefore, the second terminal serving as the relay device can directly authenticate the first terminal accessed through the relay device through the interaction with the first terminal and the mobility management entity to which the second terminal belongs, and the security can be improved.

A fourth aspect of the present application provides a terminal, which is a second terminal, comprising a receiver and a transmitter. The receiver is configured to receive a direct communication request message sent by a first terminal, where the direct communication request message includes an identifier of the first terminal. The sender is configured to send the identifier of the first terminal to a mobility management entity to which the second terminal belongs. The receiver is further configured to receive a random number RAND sent by a mobility management entity to which the second terminal belongs, where the RAND is obtained by the mobility management entity to which the second terminal belongs according to the identifier of the first terminal. The transmitter is further configured to send a direct security mode command message to the first terminal, the direct security mode command message including the RAND. The receiver is further configured to receive a direct security mode complete message sent by the first terminal, where the direct security mode complete message includes a response value RES, and the RES is generated by the first terminal according to the RAND. The sender is further configured to send the RES to a mobility management entity to which the second terminal belongs, so that the mobility management entity to which the second terminal belongs authenticates the first terminal.

In one implementation, before the second terminal sends the direct security mode command message to the first terminal, the method further includes: the second terminal receives the AUTN and a first key sent by a mobility management entity to which the second terminal belongs, wherein the first key is a root key for communication between the first terminal and the second terminal. The direct secure mode command message further includes: the AUTN is configured to enable the first terminal to generate a second key according to the RAND and the AUTN, and generate a third key based on the second key, where the third key is a symmetric key of the first key, and the first key is a root key for communication between the first terminal and the second terminal.

A fifth aspect of the present application provides an authentication method, including: and the mobility management entity to which the second terminal belongs receives the identifier of the first terminal sent by the second terminal. And the mobility management entity to which the second terminal belongs acquires the authentication vector of the first terminal according to the identifier of the first terminal, wherein the authentication vector of the first terminal comprises a random number RAND and an expected response value XRES. A mobility management entity to which the second terminal belongs sends the RAND to the second terminal, so that the second terminal sends the RAND to the first terminal; the RAND is used for the first terminal to generate a response value RES. And the mobile management entity to which the second terminal belongs receives the RES sent by the first terminal through the second terminal. And the mobile management entity to which the second terminal belongs compares the RES with the XRES, and if the RES is the same as the XRES, the first terminal is determined to pass authentication. Therefore, the mobility management entity to which the second terminal belongs can directly authenticate the first terminal which is accessed by taking the second terminal as the relay equipment, so that the security is improved.

A sixth aspect of the present application provides a mobility management entity, where the mobility management entity is a mobility management entity to which a second terminal belongs, and the mobility management entity includes: a receiver, a processor, and a transmitter. The receiver is used for receiving the identification of the first terminal sent by the second terminal. The processor is configured to obtain an authentication vector of the first terminal according to the identifier of the first terminal, where the authentication vector of the first terminal includes a random number RAND and an expected response value XRES. A transmitter for transmitting the RAND to the second terminal, such that the second terminal transmits the RAND to the first terminal; the RAND is used for the first terminal to generate a response value RES. The receiver is further configured to receive the RES sent by the first terminal through the second terminal. The processor is further configured to compare the RES with the XRES, and determine that the first terminal is authenticated if the RES is the same as the XRES.

In one implementation manner, before the receiving, by the mobility management entity to which the second terminal belongs, the RES sent by the first terminal through the second terminal, the method further includes: and the mobility management entity to which the second terminal belongs generates a first key according to the authentication vector and sends the first key to the second terminal, wherein the first key is a root key for communication between the first terminal and the second terminal.

In one implementation, the authentication vector further includes a second key. The acquiring, by the mobility management entity to which the second terminal belongs, the authentication vector and the first key of the first terminal according to the identifier of the first terminal includes: the mobility management entity to which the second terminal belongs requests to acquire an authentication vector of the first terminal from a Home Subscriber Server (HSS) of the first terminal according to the identifier of the first terminal; and the mobility management entity to which the second terminal belongs generates the first key based on the second key.

In one implementation manner, the acquiring, by the mobility management entity, the authentication vector and the first key of the first terminal according to the identifier of the first terminal includes: and the mobility management entity to which the second terminal belongs determines the mobility management entity to which the first terminal belongs according to the identifier of the first terminal. And the mobility management entity to which the second terminal belongs sends a first message to the mobility management entity to which the first terminal belongs, wherein the first message is used for requesting to acquire security information of near field communication with the first terminal and the first secret key. The mobility management entity to which the second terminal belongs receives a second message sent by the mobility management entity to which the first terminal belongs, wherein the second message comprises the authentication vector and the first key, and the first key is generated by the mobility management entity to which the first terminal belongs; or the second message includes the authentication vector, the authentication vector further includes a second key, and the mobility management entity to which the second terminal belongs generates the first key according to the second key.

In one implementation, the authentication vector of the first terminal further includes a second key. Comparing the RES and the XRES at the mobility management entity to which the second terminal belongs, and if the RES is the same as the XRES, determining that the first terminal passes authentication, further including: the mobility management entity to which the second terminal belongs receives an attach request of the first terminal, where the attach request includes the RAND, and the mobility management entity to which the second terminal belongs determines, according to the RAND, that a root key communicated by the first terminal is the second key in an authentication vector corresponding to the RAND.

In one implementation, the authentication vector of the first terminal further comprises a second key and an expected response value XRES. Comparing the RES and the XRES at the mobility management entity to which the second terminal belongs, and if the RES is the same as the XRES, determining that the first terminal passes authentication, further including: and the mobility management entity to which the second terminal belongs receives an attach request of the first terminal, wherein the attach request comprises the RAND and the RES. And the mobility management entity to which the second terminal belongs determines the authentication vector of the first terminal according to the RAND. And the mobility management entity to which the second terminal belongs compares whether the RES is the same as the XRES in the authentication vector of the first terminal, and if so, the mobility management entity to which the second terminal belongs takes the second key as a root key for communication of the first terminal.

In one implementation, the authentication vector further comprises: AUTN. The method further comprises the following steps: and the mobility management entity to which the second terminal belongs sends the AUTN to the second terminal so that the second terminal sends the AUTN to the first terminal, the first terminal generates a second key according to the RAND and the AUTN, and generates a third key based on the second key, wherein the third key is a symmetric key of the first key, and the first key is a root key for communication between the first terminal and the second terminal.

A seventh aspect of the present application provides an authentication method, including: the first terminal discovers a second terminal, and the second terminal is a relay terminal. The first terminal sends a first message to the second terminal, where the first message is used to request to acquire a random number RAND in an authentication vector of the first terminal, and the first message includes an identifier of the first terminal. The first terminal receives a second message sent by the second terminal, wherein the second message comprises the RAND in the authentication vector of the first terminal; and the authentication vector is obtained by the second terminal from a proximity service function entity (proxy function) or a proximity key management function entity (PKMF) to which the second terminal belongs. The first terminal sends a direct communication request message to the second terminal, wherein the direct communication request message comprises a response value RES and the RAND, the RES is generated by the first terminal according to the RAND, so that the second terminal sends the RES and the RAND to a mobility management entity, and the mobility management entity authenticates the first terminal.

An eighth aspect of the present application provides a terminal, which is a first terminal, including: a processor, a transmitter, and a receiver. The processor is configured to discover a second terminal, which is a relay terminal. The transmitter is configured to send a first message to the second terminal, where the first message is used to request to acquire a random number RAND in an authentication vector of the first terminal, and the first message includes an identifier of the first terminal. The receiver is configured to receive a second message sent by the second terminal, where the second message includes the RAND in the authentication vector of the first terminal; and the authentication vector is obtained by the second terminal from a proximity service function entity (proxy function) or a proximity key management function entity (PKMF) to which the second terminal belongs. The transmitter is further configured to send a direct communication request message to the second terminal, where the direct communication request message includes a response value RES and the RAND, and the RES is generated by the first terminal according to the RAND, so that the second terminal sends the RES and the RAND to a mobility management entity, and the mobility management entity authenticates the first terminal.

In one implementation, the first message is a binding request message, where the binding request message includes indication information for acquiring a random number RAND in an authentication vector of the first terminal. The second message is a binding acknowledgement message.

In one implementation, the second message further includes: AUTN in the authentication vector. After the first terminal sends a direct communication request message to the second terminal, the method further includes: and the first terminal generates a second secret key according to the RAND and the AUTN, and generates a first secret key according to the second secret key, wherein the first secret key is a root secret key for communication between the first terminal and the second terminal.

A ninth aspect of the present application provides an authentication method, including: a second terminal receives a first message sent by a first terminal, where the first message is used to request to acquire a random number RAND in an authentication vector of the first terminal, and the first message includes an identifier of the first terminal. The second terminal obtains an authentication vector of the first terminal from a proximity service function entity (prose function) or a proximity key management function entity (PKMF) to which the second terminal belongs, wherein the authentication vector comprises a random number (RAND). And the second terminal sends a second message to the first terminal, wherein the second message comprises the RAND in the authentication vector of the first terminal. And the second terminal receives a direct communication request message sent by the first terminal, wherein the direct communication request message comprises a response value RES and the RAND, and the RES is generated by the first terminal according to the RAND. The second terminal sends the RES and the RAND to a mobility management entity so that the mobility management entity authenticates the first terminal.

A tenth aspect of the present application provides a terminal, which is a second terminal, comprising: a receiver, a processor, and a transmitter. The receiver is configured to receive a first message sent by a first terminal, where the first message is used to request to acquire a random number RAND in an authentication vector of the first terminal, and the first message includes an identifier of the first terminal. The processor is configured to obtain an authentication vector of the first terminal from a proximity service function entity (prose function) or a proximity key management function entity (PKMF) to which the second terminal belongs, where the authentication vector includes a random number RAND. The transmitter is configured to send a second message to the first terminal, where the second message includes the RAND in the authentication vector of the first terminal. The receiver is further configured to receive a direct communication request message sent by the first terminal, where the direct communication request message includes a response value RES and the RAND, and the RES is generated by the first terminal according to the RAND. The transmitter is further configured to transmit the RES and the RAND to a mobility management entity, so that the mobility management entity authenticates the first terminal.

In one implementation, after the second terminal sends the RES and the RAND to a mobility management entity, so that the mobility management entity authenticates the first terminal, the method further includes: and after the first terminal passes the authentication, the second terminal receives a first key sent by the mobility management entity, wherein the first key is a root key for communication between the first terminal and the second terminal.

In one implementation, the authentication vector further includes an AUTN, so that the first terminal generates a second key based on the RAND and the AUTN, and generates a third key based on the second key, where the third key is a symmetric key of the first key, and the first key is a root key of communication between the first terminal and the second terminal.

An eleventh aspect of the present application provides an authentication method, including: and receiving a first terminal authentication vector acquisition request sent by a second terminal by a proximity service function entity (proximity function) or a proximity key management function entity (PKMF) to which the second terminal belongs, wherein the authentication vector acquisition request comprises an identifier of the first terminal. And acquiring an authentication vector of the first terminal by the aid of the prose function or PKMF to which the second terminal belongs, wherein the authentication vector comprises a random number RAND. And the prose function or PKMF attributed to the second terminal sends the RAND in the authentication vector to the second terminal, so that the second terminal sends the RAND in the authentication vector to the first terminal.

A twelfth aspect of the present application provides a proximity service function entity (prose) function or a proximity key management function entity (PKMF), where the prose function or the PKMF is a prose function or a PKMF attributed to a second terminal, and the prose function or the PKMF includes: a receiver, a processor, and a transmitter. The receiver is configured to receive a first terminal authentication vector acquisition request sent by the second terminal, where the authentication vector acquisition request includes an identifier of the first terminal. The processor is configured to obtain an authentication vector for the first terminal, the authentication vector comprising a random number, RAND. The transmitter is configured to send the RAND of the authentication vector to the second terminal, so that the second terminal sends the RAND of the authentication vector to the first terminal.

In a first implementation manner, the acquiring, by the prose function or the PKMF attributed to the second terminal, the authentication vector of the first terminal includes: and the home proxy function or PKMF of the second terminal acquires the authentication vector of the first terminal from a Home Subscriber Server (HSS) according to the authentication vector acquisition request. Or the home network function or the PKMF of the second terminal determines the home network function of the first terminal according to the identifier of the first terminal, the home network function or the PKMF of the second terminal sends a first message to the home network function of the first terminal, the first message is used for requesting an authentication vector of the first terminal and enabling the home network function of the first terminal to acquire the authentication vector of the first terminal from the HSS, the home network function or the PKMF of the second terminal receives a second message sent by the home network function of the first terminal, and the second message includes the authentication vector of the first terminal.

In a first implementation manner, after the acquiring, by the prose function or the PKMF attributed to the second terminal, the authentication vector of the first terminal, the method further includes: and the prose function or PKMF attributed to the second terminal sends the authentication vector of the first terminal to the mobility management entity attributed to the second terminal. Or, the home proxy function or the PKMF attributed to the second terminal sends the authentication vector to a home subscriber server HSS, so that the HSS sends the authentication vector of the first terminal to a mobility management entity to which the second terminal is attributed.

In a first implementation, the authentication vector further includes AUTN. The method further comprises the following steps: and the program function or PKMF attributed to the second terminal sends the AUTN to the second terminal, so that the second terminal sends the AUTN to the first terminal.

A thirteenth aspect of the present application provides an authentication method, including: a mobility management entity to which a second terminal belongs receives an authentication request message sent by the second terminal, wherein the authentication request message includes an identifier of the first terminal, a random number RAND of the first terminal and a response value RES, the RES is generated by the first terminal according to the RAND, and the identifier of the first terminal, the RAND and the RES are sent to the second terminal by the first terminal. And the mobility management entity to which the second terminal belongs acquires XRES in an authentication vector corresponding to the RAND of the first terminal. And the mobility management entity to which the second terminal belongs authenticates the first terminal by comparing the RES with the XRES.

A fourteenth aspect of the present application provides a mobility management entity, where the mobility management entity is a mobility management entity to which the second terminal belongs, and the mobility management entity includes: a receiver and a processor. The receiver is configured to receive an authentication request message sent by the second terminal, where the authentication request message includes an identifier of the first terminal, a random number RAND of the first terminal, and a response value RES, the RES is generated by the first terminal according to the RAND, and the identifier of the first terminal, the RAND, and the RES are sent by the first terminal to the second terminal. The processor is configured to obtain an XRES in an authentication vector corresponding to the RAND of the first terminal, and authenticate the first terminal by comparing the RES with the XRES.

In one implementation, the acquiring, by the mobility management entity to which the second terminal belongs, XRES in the authentication vector corresponding to the RAND includes: and the mobile management entity acquires XRES in an authentication vector corresponding to the RAND from the local. Or, obtaining XRES in the authentication vector corresponding to the RAND from a home subscriber server HSS; or acquiring XRES in the authentication vector corresponding to the RAND from a mobility management entity to which the first terminal belongs.

In one implementation, the authentication vector corresponding to the RAND further includes a second key. After the mobility management entity to which the second terminal belongs authenticates the first terminal by comparing the RES with the XRES, the method further includes: after the mobility management entity to which the second terminal belongs authenticates the first terminal, the mobility management entity to which the second terminal belongs generates a first key based on a second key in the acquired authentication vector, wherein the first key is a root key for communication between the first terminal and the second terminal, and the mobility management entity to which the second terminal belongs sends the first key to the second terminal.

A fifteenth aspect of the present application provides an authentication method comprising: the first terminal discovers a second terminal, and the second terminal is a relay terminal. The first terminal sends a direct communication request message to the second terminal, wherein the direct communication request message comprises time information and integrity protection information, the time information is the time information of the direct communication request message sent by the first terminal, the integrity protection information is obtained by the first terminal at least performing integrity protection on the time information by using a first secret key, so that the second terminal sends the time information and the integrity protection information to a Prose function or a PKMF, and the Prose function or the PKMF authenticates the first terminal according to the time information and the integrity protection information.

A sixteenth aspect of the present application provides a terminal, the first terminal being a first terminal, comprising: a processor and a transmitter. The processor is configured to discover a second terminal, which is a relay terminal. The sender is configured to send a direct communication request message to the second terminal, where the direct communication request message includes time information and integrity protection information, the time information is time information of the direct communication request message sent by the first terminal, and the integrity protection information is obtained by integrity protection of at least the time information by using a first key by the first terminal, so that the second terminal sends the time information and the integrity protection information to a process function or a PKMF, and the process function or the PKMF authenticates the first terminal according to the time information and the integrity protection information.

In one implementation, the first key is: the first terminal is used for relaying a root key of communication. The direct communication request message further includes: the first terminal is used for relaying the identification of the root key of the communication.

In one implementation, the first key is: and the third key is established by the first terminal in a General Bootstrapping Architecture (GBA) mode and is used for ensuring the communication security between the first terminal and the application server. The direct communication request message further includes: an identification of the third key.

In one implementation, the first key is: and the first terminal uses the time information and a key generated by a key stored in an SIM card in the first terminal.

In one implementation, after the first terminal sends the direct communication request message to the second terminal, the method further includes: the first terminal generates a second key by using the first key, wherein the second key is used for communication between the first terminal and the second terminal.

A seventeenth aspect of the present application provides an authentication method, comprising: the second terminal receives a direct communication request message sent by a first terminal, wherein the direct communication request message comprises time information and integrity protection information generated by the first terminal, the time information is the time information sent by the first terminal to the direct communication request message, and the integrity protection information is obtained by at least performing integrity protection on the time information by the first terminal. And the second terminal sends a first message to a process function or a PKMF, wherein the first message comprises the identifier of the first terminal, the time information in the direct communication request message and the integrity protection information, so that the process function or the PKMF authenticates the first terminal according to the time information and the integrity protection information.

An eighteenth aspect of the present application provides a terminal, which is a second terminal, including: a receiver and a transmitter. The receiver is configured to receive a direct communication request message sent by a first terminal, where the direct communication request message includes time information and integrity protection information generated by the first terminal, the time information is time information of the direct communication request message sent by the first terminal, and the integrity protection information is obtained by integrity protection of at least the time information by the first terminal. The sender is configured to send a first message to a process function or a PKMF, where the first message includes an identifier of the first terminal, the time information in the direct communication request message, and the integrity protection information, so that the process function or the PKMF authenticates the first terminal according to the time information and the integrity protection information.

In one implementation, the sending, by the second terminal, the first message to the process function or the PKMF includes: and under the condition that the second terminal judges that the difference value between the time information of the received direct communication request message and the time information in the direct communication request message is within a preset range, sending the first message to the process function or the PKMF.

In one implementation manner, after the second terminal sends the first message to the process function or the PKMF, the method further includes: and the second terminal receives a response message of a first message sent by the process function or the PKMF, wherein the response message of the first message comprises a second key, the second key is generated by using the first key after the first terminal is authenticated by the process function or the PKMF, and the second key is used for communication between the first terminal and the second terminal.

A nineteenth aspect of the present application provides an authentication method comprising: and receiving a first message sent by the second terminal through the program function or the PKMF, wherein the first message comprises an identifier of the first terminal, time information and integrity protection information, the time information is the time information of a direct communication request message sent by the first terminal to the second terminal, and the integrity protection information is obtained by at least performing integrity protection on the time information by using a first key through the first terminal and is sent to the second terminal through the direct communication request message. And the process function or the PKMF acquires the first key, and verifies the integrity protection information by using the first key so as to authenticate the first terminal.

A twentieth aspect of the present application provides a process function or PKMF, comprising: a receiver and a processor. The receiver is used for receiving a first message sent by the second terminal, the first message comprises an identifier of the first terminal, time information and integrity protection information, the time information is the time information of the first terminal sending the direct communication request message to the second terminal, the integrity protection information is obtained by the first terminal at least using a first secret key to carry out integrity protection on the time information, and the time information is sent to the second terminal through the direct communication request message. The processor is configured to obtain the first key, verify the integrity protection information using the first key, and authenticate the first terminal.

In one implementation, the first message further includes an identification of the first key. The acquiring the first key by the program function or the PKMF comprises: and the program function or the PKMF acquires the first key according to the identifier of the first key.

In one implementation, the first key is: the first terminal carries out a root key of relay communication; or the first terminal establishes a key for ensuring the communication security between the first terminal and the application server in a General Bootstrapping Architecture (GBA) mode.

In one implementation, the acquiring the first key by the prose function or the PKMF includes: and the program function or the PKMF sends the identification of the first terminal and the time information to the HSS. And the prose function or the PKMF receives the first key sent by the HSS, and the first key is generated by the HSS by using the time information and a key stored in an SIM card in the first terminal.

In one implementation, the obtaining the first key by the prose function or the PKMF, and before verifying the integrity protection information by using the first key, further includes: and the process function or the PKMF judges that the difference value between the time information of the received first message and the time information contained in the first message is within a preset range.

In one implementation, after authenticating the first terminal, the method further includes: and if the first terminal is authenticated to be legal by the aid of the pro function or the PKMF, the pro function or the PKMF uses the first key to generate a second key, and the second key is used for communication between the first terminal and the second terminal. And the sequence function or the PKMF sends a response message of a first message to the second terminal, wherein the response message of the first message comprises the second key.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a basic architecture diagram of a first terminal accessing a network with a second terminal as a relay terminal;

fig. 2 is a flowchart of a method for passing authentication disclosed in an embodiment of the present application;

FIG. 3 is a flow chart of yet another authentication method disclosed in an embodiment of the present application;

FIG. 4 is a flow chart of yet another authentication method disclosed in an embodiment of the present application;

FIG. 5 is a flow chart of yet another authentication method disclosed in an embodiment of the present application;

FIG. 6 is a flow chart of yet another authentication method disclosed in embodiments of the present application;

FIG. 7 is a flowchart of another authentication method disclosed in an embodiment of the present application;

FIG. 8 is a flow chart of yet another authentication method disclosed in an embodiment of the present application;

FIG. 9 is a flow chart of yet another authentication method disclosed in an embodiment of the present application;

fig. 10 is a schematic structural diagram of a terminal disclosed in an embodiment of the present application;

fig. 11 is a schematic structural diagram of a network device disclosed in an embodiment of the present application.

Detailed Description

Fig. 1 is a basic architecture of a first terminal accessing a network by using a second terminal as a relay terminal, where the first terminal may be an enhanced remote terminal, and the second terminal may be an enhanced relay terminal, and for convenience of description, the first terminal is hereinafter referred to as a remote UE, and the second terminal is referred to as a relay UE. In fig. 1:

the first terminal may be a wearable device, such as a smart watch, a smart bracelet, or smart glasses. The first terminal may comprise a terminal in LTE as well as 5G scenarios.

The second terminal may comprise a terminal in LTE as well as 5G scenarios, such as a smartphone.

A mobility Management Entity (Mobile Management Entity) and a Home Subscriber Server (Home Subscriber Server) are core network devices, where the mobility Management Entity may also refer to a device in which a 5G core network is responsible for mobility Management, and the Home Subscriber Server may also be a core network device in which a 5G core network is responsible for storing subscription data and calculating authentication information, and in the embodiment, a mobility Management Entity MME in a 4G network and a Home Subscriber Server HSS in the 4G network are taken as examples for description.

The base station is an access network device and may include base stations in LTE and 5G scenarios.

Typically, both core network equipment and access network equipment are deployed by an operator.

The term "pro-function/PKMF" refers to a server that an operator implements a pro (proximity service), and refers to a pro-function or a PKMF, or a functional entity that the pro-function and the PKMF are combined.

Fig. 2 is a method for accessing a network through a relay terminal according to an embodiment of the present application, including the following steps:

s201: the remote UE and the relay UE discover each other.

S202: and the remote UE sends a direct communication request message to the relay UE, wherein the direct communication request message comprises the identifier of the remote UE.

Optionally, the identity of the remote UE may be an International Mobile Subscriber Identity (IMSI) of the remote UE, and the identity of the remote UE may also use other forms.

S203: and after receiving the direct communication request message, the relay UE sends the identity of the remote UE to the MME to which the relay UE belongs.

Specifically, the relay UE may send an authentication request message, where the authentication request message includes an identifier of the remote UE, the relay UE may also send a service request, where the service request message includes the identifier of the remote UE, or the relay UE sends a location update request message, where the location update request message includes the identifier of the remote UE, or sends a key request message to an MME of the relay UE, where the message is used for the MME to authenticate the remote UE.

S204: and the MME to which the relay UE belongs acquires an authentication vector AV (optional item) of the relay UE from the HSS according to the identifier of the relay UE.

Optionally, if the identifier of the remote UE is the IMSI of the remote UE, the MME to which the remote UE belongs directly obtains the authentication vector of the remote UE from the HSS according to the IMSI of the remote UE, and if the identifier of the remote UE is in another form, the MME to which the remote UE belongs determines the IMSI of the remote UE according to the identifier of the remote UE, and obtains the authentication vector of the remote UE from the HSS according to the IMSI of the remote UE.

Optionally, the MME of the relay UE may send an authentication data request message to the HSS, and receive an authentication data response message sent by the HSS, where the authentication data response message carries the authentication vector AV. The authentication data request message and the authentication data response message both carry the IMSI of the remote UE.

The Authentication vector includes an access security management entity key (Kasme), a random number RAND, an expected response value (XRES), and an Authentication token (AUTN).

Or, in this step, the MME to which the relay UE belongs obtains Kasme in the security context of the remote UE NAS (Non Access Stratum) according to the identity information of the remote UE.

S205: and the MME to which the relay UE belongs generates a root key (hereinafter referred to as the root key for short-distance communication) for short-distance communication between the remote UE and the relay UE according to the obtained Kasme.

The detailed method for generating the root key for the short-range communication according to the Kasme can be referred to in the prior art, and is not described in detail herein. S205 is an optional step.

S206: and the MME belonging to the relay UE sends the generated root key, RAND and AUTN for the short-range communication to the relay UE.

In this step, the MME to which the relay UE belongs may send an authentication response message to the relay UE, where the authentication response message includes a root key, RAND, and AUTN for near field communication, and may further include an identifier of the remote UE. If MME to which relay UE belongs already obtains Kasme of remote UE, RAND and AUTN information do not need to be transmitted.

Optionally, in S203, the relay UE may send a Non-access Stratum (NAS) message to an MME to which the relay UE belongs, instead of the authentication request message, in this step, the relay UE may send an authentication request message, where the authentication request message includes a root key, RAND, and AUTN of the near field communication, and may further include an identifier of the remote UE, where the authentication request message is used to initiate authentication of the remote UE, and distribute the root key of the near field communication between the remote UE and the relay UE. That is, the messages sent by S203 and S206 are not corresponding request and response messages.

S207: the relay UE sends a direct security mode command (direct SMC) message to the remote UE, wherein the direct SMC message comprises RAND and AUTN.

Optionally, the integrity protection key may be used to integrity protect the direct SMC message.

Specifically, the method for acquiring the integrity protection key comprises the following steps: the relay UE generates a session key for the near field communication based on the obtained root key for the near field communication, and generates an encryption and integrity protection key for the near field communication based on the session key.

Optionally, other parameters may also be included in the direct SMC message, which is not listed in this application.

Optionally, the relay UE may also send RAND and AUTN (possibly including other parameters) to the remote UE through other messages (other messages may also perform integrity protection), for example, through a direct update key request in a direct key update procedure or a direct communication keep-alive request message in a direct communication link keep-alive procedure.

S208: the remote UE generates a key for the short range communication ciphering and integrity protection in the same manner as step 207.

Optionally, when receiving the RAND and the AUTN, the remote UE may further generate Kasme according to the received RAND and the AUTN, and generate a root key for near field communication between the remote UE and the relay UE in the same manner as in S205. Specifically, the remote UE executes the AKA procedure, and uses the key K, RAND and AUTN in the USIM of the remote UE together as the basis for generating the Kasme. And further generates a secret key for encryption and integrity protection of the near field communication using the root key of the near field communication in a manner of step 207.

Alternatively, the remote UE generates a root key for near field communication between the remote UE and the relay UE based on the saved Kasme in the same manner as in S205, and generates a key for encryption and integrity protection of near field communication using the root key for near field communication in step 207.

S209: the remote UE transmits a direct security mode complete message to the relay UE, and the direct security mode complete message performs encryption and integrity protection using the nfc encryption and integrity protection key generated in S208. Wherein, encryption is an optional step, and only integrity protection can be carried out.

S210: the relay UE authenticates the remote UE by using the ciphering and integrity protection key for near field communication generated in S207 and by using the ciphering and integrity protection key for authentication direct security mode to complete the ciphering and integrity protection of the message.

S211: if the authentication is successful, the relay UE sends a direct communication acceptance accept message to the remote UE and stores the key for the short-distance communication, otherwise, the relay UE sends a direct communication rejection message to the remote UE and deletes the key for the short-distance communication.

In the above steps, the message between the remote UE and the relay UE may be implemented through a control plane message interface of the short-range communication between the remote UE and the relay UE.

S212: and the relay UE sends the authentication result to the MME to which the relay UE belongs.

Optionally, the relay UE may send an authentication acknowledgement message corresponding to the authentication response message in step 206, or an authentication response message corresponding to the authentication request, to the MME to which the relay UE belongs, where the authentication acknowledgement message or the authentication response message carries the authentication result.

S213: and if the authentication result indicates that the authentication is successful, the MME to which the relay UE belongs stores the identity of the relay UE, and indicates that the relay UE is allowed to access the network through the relay UE. The MME to which the Relay UE belongs may further store the acquired authentication vector of the remote UE, and certainly, the acquired authentication vector may also be deleted on the premise that the authentication is successful, which is not limited herein. And if the authentication result indicates that the authentication fails, the MME to which the relay UE belongs deletes the identity of the remote UE and the obtained authentication vector of the remote UE.

Thus, the authentication of the remote UE is completed, before or after the remote UE is authenticated, the MME to which the remote UE belongs also authenticates the remote UE to access the network through the remote UE, and distributes a secret key for near field communication after the authentication is passed.

In this embodiment, if the remote UE does not attach to the network, after the short-range communication link with the relay UE is established, the remote UE may initiate an attach request to the network, and in the process of attaching the remote UE to the network, the root key Kasme between the remote UE and the MME may be determined by using the authentication vector obtained in the process of establishing the short-range communication link, without performing an AKA process between the remote UE and the MME in the prior art to authenticate and negotiate to generate the root key.

In this embodiment, the process of the remote UE attaching to the network is as follows:

s214: and the remote UE sends an attachment request message to the relay UE, wherein the attachment request message comprises the identification and the RAND of the remote UE.

Optionally, the attach request message further includes a response value (response RES), where the RES is generated from the RAND obtained in step 207, and generating the RES is prior art, and is not described in detail herein.

S215: and the relay UE sends the attach request message to the MME to which the relay UE belongs.

Because the remote UE has not attached to the network, the base station to which the remote UE belongs can learn that the remote UE accesses the network through the remote UE in the process of selecting the MME, and send the attach request message to the MME to which the remote UE belongs through the S1 interface. Since the remote UE does not attach to the network, the MME to which the relay UE belongs may be used as the MME of the remote UE.

The method for the base station to which the Relay UE belongs to learn that the remote UE accesses the network through the Relay UE may be: after step 213, the MME to which the relay UE belongs may send the identities of the relay UE and the relay UE to the base station to which the relay UE is currently attached, so that when the relay UE sends a signaling to the network through the relay UE, the obtained identity is used to authenticate that the relay UE is allowed to access the network through the relay UE; it can also be known through the underlying protocol stack identity that the remote UE accesses the network through the relay UE, or in step 214, the S-Temporary Mobile subscription identity (S-Temporary Mobile Subscriber identity, S-TMSI) of the relay UE is included,

s216: after the MME to which the relay UE belongs receives the attachment request message, the MME to which the relay UE belongs determines the authentication vector corresponding to the received RAND, and determines that Kasme in the authentication vector corresponding to the RAND is the root key of the remote UE. The authentication vectors corresponding to the RANDs refer to authentication vectors including the same RAND.

If the attach request message also contains RES, the MME compares the RES with XRES in the authentication vectors corresponding to the RAND, if the RES and the XRES are the same, the remote UE passes the authentication, and the MME of the relay UE determines that Kasme in the authentication vectors corresponding to the RAND is the root key of the remote UE. If not, the authentication of the remote UE fails, and the process is terminated.

After S216, other steps of the network attach procedure may be performed, for example, the MME of the relay UE sends an attach confirm (in case of same XRES and RES) or a failure (in case of different XRES and RES) message to the relay UE. Details can be found in the prior art and are not described herein.

As can be seen from fig. 2, in the embodiment, in the process of establishing the near field communication link, the MME generates a key for near field communication, and completes authentication on relay UE, so that security that the remote UE accesses the network with the relay UE as a terminal can be improved. Moreover, the Kasme acquired by the MME during the authentication process may be used as a root key after the subsequent remote UE accesses the network.

Fig. 3 is a further method for accessing a network through a relay terminal according to an embodiment of the present disclosure, which is different from the method shown in fig. 2 in that an MME to which a relay UE belongs authenticates the remote UE by comparing RES fed back by the remote UE with XRES in an authentication vector AV of the remote UE.

In fig. 3, S204-S213 in fig. 2 are replaced with the following steps:

s204: and the MME to which the relay UE belongs acquires the authentication vector AV of the relay UE from the HSS according to the identifier of the relay UE.

The Authentication vector includes Kasme, a random number RAND, an expected response value XRES, and an Authentication token (AUTN).

S205: and the MME to which the relay UE belongs generates a root key (hereinafter referred to as the root key for short-distance communication) for short-distance communication between the remote UE and the relay UE according to the Kasme in the authentication vector.

S206: the MME to which the relay UE belongs sends the generated root key (optional) for short-range communication and RAND to the relay UE.

In this step, the MME to which the relay UE belongs may send an authentication response message to the relay UE, where the authentication response message includes a root key and RAND for near field communication, and may further include an identifier of the remote UE.

Optionally, in S203, the relay UE may send a Non-access Stratum (NAS) message to the MME to which the relay UE belongs, instead of the authentication request message. In this step, the relay UE may send an authentication request message, where the authentication request message includes a root key and RAND for near field communication, and may further include an identifier of the remote UE, and is used to initiate authentication of the remote UE and distribute the root key for near field communication between the remote UE and the relay UE. That is, the messages sent by S203 and S206 are not corresponding request and response messages.

Optionally, in this step, the MME to which the relay UE belongs may also send the AUTN to the relay UE.

S207: the relay UE sends a direct security mode command (direct SMC) message to the remote UE, where the direct SMC message includes the RAND.

Optionally, the direct SMC message may further include AUTN and/or other parameters, which are not listed in this application.

Optionally, the relay UE may also send RAND (which may also include AUTN and/or other parameters) to the remote UE through other messages (which may also perform integrity protection), for example, through a direct update key request in a direct key update procedure or a direct communication keep-alive request in a direct communication link keep-alive procedure.

S208: the remote UE generates RES according to the RAND.

Optionally, when receiving the AUTN, the remote UE may further generate Kasme according to the RAND and the AUTN, and generate a root key for short-distance communication between the remote UE and the relay UE in the same manner as in S205.

S209: and returning a direct security mode completion message to the relay UE by the remote UE, wherein the direct security mode completion message comprises RES and RAND.

S210: and the relay UE sends the RES and the RAND to the MME to which the relay UE belongs.

Optionally, the relay UE may send an authentication acknowledgement message corresponding to the authentication response in step 206, or an authentication response message corresponding to the authentication request, to the MME to which the relay UE belongs, where the authentication acknowledgement message or the authentication response message carries the RES and the RAND.

S211: the MME to which the relay UE belongs determines an authentication vector corresponding to the received RAND, and compares whether the RES is the same as the XRES in the authentication vector, if so, the relay UE passes the authentication, before or after the authentication, the MME to which the relay UE belongs also needs to authenticate that the relay UE can access the network through the relay UE, and if so, the MME to which the relay UE belongs stores the identifier of the relay UE, which indicates that the relay UE is allowed to access the network through the relay UE. The MME to which the Relay UE belongs may further store the acquired authentication vector of the remote UE, and certainly, the acquired authentication vector may also be deleted on the premise that the authentication is successful, which is not limited herein; and if not, the remote UE fails to be authenticated, and the MME to which the relay UE belongs deletes the identity of the remote UE and the obtained authentication vector of the remote UE.

The other steps in fig. 3 are the same as those in fig. 2, and details can be seen in fig. 3, which are not described herein again.

In fig. 3, the MME to which the relay UE belongs can authenticate the relay UE without depending on the authentication result of the relay UE for the relay UE, and thus the security of communication can be further improved.

The authentication method for the remote UE to obtain the authentication vector shown in fig. 2 or fig. 3 is suitable for a scenario where the remote UE does not attach to the network, and may also be suitable for a scenario where the remote UE attaches to the network.

In a scenario that a remote UE is attached to a network, the difference from fig. 2 or fig. 3 is that the remote UE is attached to the network, and therefore to implement authentication of the remote UE, interaction between an MME to which the remote UE belongs and an MME to which the remote UE belongs is further required to obtain an authentication vector of the remote UE, that is, the MME to which the remote UE belongs obtains the authentication vector, and sends the authentication vector to the MME to which the remote UE belongs.

Specifically, the MME to which the relay UE belongs confirms the MME to which the relay UE belongs according to the identity of the relay UE, and sends a first message to the MME to which the relay UE belongs, wherein the first message is used for requesting to acquire security information of near field communication with the first terminal and the first key. Specifically, the first message may be an authentication request message, which includes an identity of the remote UE. And after receiving the first message, the MME to which the remote UE belongs acquires an authentication vector AV of the remote UE from the HSS, and generates a root key for near field communication between the remote UE and the relay UE according to the Kasme in the authentication vector. And the MME to which the remote UE belongs sends a second message to the MME to which the remote UE belongs, wherein the second message comprises the generated root key of the short-range communication and the RAND in the authentication vector. Optionally, AUTN in the authentication vector may also be included. Specifically, the second message may be an authentication response message.

After the authentication of the remote UE shown in fig. 2 or fig. 3 is completed, the MME to which the remote UE belongs sends the authentication result to the MME to which the remote UE belongs. If the authentication is successful, the MME to which the remote UE belongs stores the identity of the remote UE, which indicates that the remote UE is allowed to access the network through the relay UE, and can also store the acquired authentication vector of the remote UE, and certainly, the acquired authentication vector can be deleted on the premise of successful authentication, and the authentication is not limited herein; and if the authentication result indicates that the authentication fails, the MME of the remote UE deletes the identity of the remote UE and the obtained authentication vector of the remote UE.

In a scenario where a remote UE is attached to a network, a specific procedure corresponding to the procedure shown in fig. 2 is shown in fig. 4, and a specific procedure corresponding to the procedure shown in fig. 3 is shown in fig. 5.

Fig. 6 is a further authentication method disclosed in the embodiment of the present application, which is different from the above method in that an authentication vector of a remote UE is obtained from a proximity service function entity (proximity service management function, PKMF) or a proximity key management function entity (PKMF) to which the remote UE belongs (for convenience of description, the proximity service function or PKMF will be referred to as "proximity function/PKMF" hereinafter). Specifically, the method comprises the following steps:

s601: the remote UE and the relay UE discover each other.

S602: the remote UE sends a first message to the relay UE, wherein the first message is used for requesting to acquire a random number RAND in an authentication vector of the remote UE, and the first message comprises an identifier of the remote UE.

Specifically, the first message may be a binding request message, where the binding request message includes indication information for acquiring a RAND in an authentication vector of the remote UE, and the specific form of the indication information and the implementation form of the first message are not limited in the present invention.

S603: and the relay UE sends a remote UE authentication vector acquisition request to the home function/PKMF of the relay UE. The remote UE authentication vector acquisition request comprises the identity of the remote UE.

In a specific implementation, the authentication vector acquisition request message may also be implemented by other messages sent between the relay UE and the process function/PKMF, which carry authentication vector acquisition indication information, for example, the request for establishing the trust relationship includes the authentication vector acquisition indication information.

S604: and acquiring the authentication vector of the remote UE by the aid of the prose function/PKMF to which the relay UE belongs.

The authentication vector of the remote UE comprises Kasme, a random number RAND, an expected response value XRES and AUTN.

Specifically, the prose function/PKMF attributed to the relay UE acquires the authentication vector of the remote UE from the HSS.

Optionally, the prose function/PKMF to which the relay UE belongs may also directly send the authentication vector to the MME to which the relay UE belongs, or send the authentication vector to the HSS, where the HSS sends the authentication vector to the MME to which the relay UE belongs.

S605: and the base function/PKMF of the relay UE sends RAND in the authentication vector of the remote UE to the relay UE. Optionally, the AUTN in the authentication vector may also be sent to the relay UE together.

The Relay function to which the Relay UE belongs is transmitted to the Relay UE in a request response message including RAND and AUTN (if both are transmitted) in step 603.

S606: the relay UE sends a second message to the remote UE, where the second message includes the RAND, and optionally may also include the AUTN.

Specifically, the second message is a response message of the first message, and the second message may be a binding acknowledgement message.

S607: the remote UE generates RES according to RAND, and optionally, Kasme can also be generated according to RAND and AUTN.

S608: the remote UE sends a direct communication request message to the relay UE, wherein the direct communication request message comprises response values RES and RAND.

S609: the relay UE sends an authentication request message to an MME to which the relay UE belongs, wherein the authentication request message comprises an identifier of the remote UE, RES and RAND.

For example, the relay UE may also send a service request, where the service request includes an identifier, RES, and RAND of the relay UE, or the relay UE sends a location update request message, where the location update request message includes the identifier, RES, and RAND of the relay UE, or sends a key request message to the MME of the relay UE, where the key request message includes the identifier, RES, and RAND of the relay UE, and the message is used for the MME to authenticate the relay UE.

S610: and the MME to which the relay UE belongs acquires XRES in the authentication vector of the remote UE corresponding to the RAND, compares the XRES with the RES, if the XRES and the RES are the same, the authentication is successful, and otherwise, the authentication fails.

Specifically, the MME to which the relay UE belongs obtains an authentication vector corresponding to the RAND, and further compares XRES in the authentication vector with the received RES, and the MME to which the relay UE belongs may locally obtain the authentication vector corresponding to the RAND; or, an authentication vector corresponding to the RAND is acquired from a home subscriber server HSS. Specifically, in step S604, the obtained authentication vector is sent to the MME to which the relay UE belongs or sent to the MME to which the relay UE belongs through the HSS by the proxy function/PKMF to which the relay UE belongs, and the MME to which the relay UE belongs may locally obtain the authentication vector corresponding to the RAND.

Before or after the remote UE is authenticated, the MME to which the remote UE belongs should also authenticate the remote UE accessing the network through the remote UE.

And if the authentication is successful, the MME to which the relay UE belongs stores the identity of the relay UE, which indicates that the relay UE is allowed to access the network through the relay UE. The MME to which the Relay UE belongs may further store the acquired authentication vector of the remote UE, and certainly, the acquired authentication vector may also be deleted on the premise that the authentication is successful, which is not limited herein. And if the authentication fails, the MME to which the relay UE belongs deletes the identity of the remote UE and the obtained authentication vector of the remote UE.

If the authentication is successful and the authentication is passed, the MME to which the relay UE belongs can generate a root key for near field communication between the relay UE and the relay UE according to the acquired Kasme of the authentication vector of the relay UE.

S611: the MME to which the relay UE belongs returns the response message of the authentication request message in step S609 to the relay UE.

If the authentication is successful, the response message of the authentication request message in S611 includes the root key for near field communication between the remote UE and the relay UE, which is generated by the MME to which the relay UE belongs.

S612: and the relay UE sends a direct SMC message to the remote UE, wherein the direct SMC message is used for the secure negotiation between the relay UE and the remote UE to generate a session key.

After receiving the message, the Remote UE generates a root key for near field communication between the Remote UE and the relay UE based on the Kasme generated in step S607, and performs session key negotiation with the relay UE based on the root key for near field communication

S613: and the remote UE returns a direct security mode completion message to the relay UE.

The specific session key negotiation process in step S612 and step S613 may refer to the prior art, and is not described herein again.

S614: when the communication connection between the remote UE and the relay UE is successfully established, the relay UE may return a direct communication accept (direct communication accept) message to the remote UE.

After the authentication is completed, a process of network attachment of the remote UE may also be included, such as S214-S216 in fig. 2, which is not described herein again.

When the remote UE is attached and registered to the process function/PKMF, the specific implementation manner of S604 is as follows:

if the remote UE and the relay UE belong to the same pro function/PKMF, executing the scheme, if the pro function/PKMF to which the remote UE belongs is different from the pro function/PKMF to which the relay UE belongs:

determining the home network function/PKMF of the remote UE according to the identity of the remote UE, sending a message for requesting the authentication vector of the remote UE to the home network function/PKMF of the remote UE, acquiring the authentication vector of the remote UE from the HSS by the home network function/PKMF of the remote UE, and sending the message including the authentication vector of the remote UE to the home network function/PKMF of the remote UE.

In step S604, the obtained authentication vector is sent to the MME to which the remote UE belongs or sent to the MME to which the remote UE belongs through the HSS by the proxy function/PKMF to which the remote UE belongs, so that the MME to which the remote UE belongs may locally obtain the authentication vector corresponding to the RAND.

The specific implementation manner of S610 is:

1) the MME to which the relay UE belongs acquires XRES in the authentication vector corresponding to the RAND from the MME to which the relay UE belongs, and performs comparison between RES and XRES, further, the MME to which the relay UE belongs can generate a root key for short-distance communication according to the Kasme in the authentication vector and return the root key to the MME to which the relay UE belongs, and the MME to which the relay UE belongs can also generate the root key for short-distance communication after acquiring the Kasme in the authentication vector from the MME to which the relay UE belongs.

2) The MME to which the relay UE belongs sends RES sent by the relay UE to the MME to which the relay UE belongs, the MME to which the relay UE belongs obtains XRES in the authentication vector, RES and XRES are compared to authenticate the relay UE, a root key of near field communication is generated based on Kasme in the corresponding authentication vector, and the authentication result and the generated root key of the near field communication (generated after the authentication is passed) are further returned to the MME to which the relay UE belongs.

Fig. 7 is a further authentication method disclosed in the embodiment of the present application, which is different from the above method in that when the network entity (the proxy function/PKMF) establishes the near field communication between the remote UE and the relay UE, the proxy function/PKMF authenticates the remote UE based on the time information. The method specifically comprises the following steps:

s701: the remote UE and the relay UE discover each other.

S702: the remote UE sends a direct communication request message to the relay UE, wherein the direct communication request message comprises time information and integrity protection information MIC.

Wherein the time information is time information when the remote UE transmits the direct communication request message. For example, the format of the time information may be a time-encoded binary form in seconds or N-bit information therein. The integrity protection information is obtained by the remote UE integrity protecting at least the time information using the first key. In a specific implementation, the time information included in the Direct communication request may be in the same form as the time information for generating the MIC information, or may be only a part of bits (e.g., N lower bits) in the time information for generating the MIC, or conversely, the time information for generating the MIC may be a part of bits (e.g., N lower bits) after encoding the time information included in the Direct communication request, which is not limited in the present invention.

Optionally, several specific forms of the first key are as follows:

1. the root key that the remote UE uses for near field communication, in this case, the identification of the root key that the remote UE uses for near field communication is also included in the direct communication request message.

2. A secret key established by the remote UE in a Generic Bootstrapping Architecture (GBA) manner, the secret key of the secret key being used to secure communication between the first terminal and the application server. In this case, the direct communication request message also includes an identifier associated with the key, by which the key can be obtained. The remote UE may have previously established the key, which it would have established prior to S702 if it had not and conditions for establishing the key.

3. The remote UE generates a key IK' using the time information and a key K stored in the SIM card in the remote UE. Alternatively, the remote UE may first search or establish the first key in the two forms, and use IK' in case of not finding or successfully establishing.

Optionally, the time information may be replaced with a counter value stored and maintained in the UE, MIC information is generated based on the counter value, the direct communication request includes the counter value and the MIC information generated based on the counter value, and when the direct communication request is successfully sent, the counter value is incremented by 1.

S703: after receiving the direct communication request message, the Relay UE compares whether the difference value between the time information of the received direct communication request message and the time information in the direct communication request message is within an allowed range, and if so, sends a key request message to the home network function/PKMF of the Relay UE.

The key request message includes an identifier of the remote UE, time information in the direct communication request message, and integrity protection information MIC. Optionally, in the case that the first key is 1 or 2, the key request message may further include an identifier of the first key.

Comparing whether the difference value between the time information of the received direct communication request message and the time information in the direct communication request message is within the allowed range is an optional step, or directly sending a key request message to the proxy function/PKMF to which the Relay UE belongs without comparison (for example, verification is not needed when verification is performed by the proxy function/PKMF or a MIC is generated by adopting a counter value mode), or adopting other methods of verifying time synchronization, and the method is not developed herein.

S704: and after receiving the key request message, the prose function/PKMF to which the Relay UE belongs acquires a first key, and verifies the integrity protection information by using the first key, thereby authenticating the remote UE.

The specific implementation manner of acquiring the first key by the release function/PKMF attributed to the Relay UE is as follows:

1. and acquiring the first key according to the identifier of the first key in the key request message (in the case that the first key is 1 or 2).

2. And the Relay function/PKMF attributed to the Relay UE sends the identity of the remote UE and the received time information to the HSS/Auc. The HSS/Auc obtains the key K of the remote UE, and generates a symmetric key of IK ' (collectively referred to as the first key IK ' with IK ') in the same manner as the remote UE according to the received time information and K. And the HSS/Auc returns IK' to the prose function/PKMF which the Relay UE belongs to.

Optionally, the HSS/Auc may also authenticate the remote UE, that is, scheme 2 may also be replaced with: after receiving the key request message, the Relay function or PKMF attributed to the Relay UE sends the identity of the remote UE, the received time information and integrity protection information to the HSS/Auc, the HSS/Auc obtains the key K of the remote UE, the received time information and the K are used for generating IK ', the HSS/Auc generates IK ' by using the same method as the UE side, the integrity protection information is verified by using the IK ', the remote UE is authenticated, and the authentication result is fed back to the Relay function/PKMF attributed to the Relay UE.

Verifying integrity protection information in this step means that the process function/PKMF calculates a MIC ' using a first key for information at least including time information or a counter value, and compares the calculated MIC ' with a received MIC value, if the calculated MIC ' is the same as the received MIC value, the verification is passed, otherwise, the verification fails, and in this document, the process function/PKMF needs to obtain and calculate a MIC using the same form of time information or the used counter value as used when the remote UE sends a direct communication request in order to verify MIC information, and a specific implementation method is not limited herein.

Optionally, before verifying the integrity protection information, the Prose function/PKMF may verify that a difference between the received time information and a time when the Prose receives the key request message is within an allowable range, or verify that the received counter value information is greater than a counter value maintained in the Prose function/PKMF.

Optionally, the home network function/PKMF of the Relay UE may also authenticate to allow the remote UE to access the network through the Relay UE, where the authentication process may be performed before or after the authentication step.

S705: and if the remote UE is authenticated to be legal and the remote UE passes the authentication, the prose function/PKMF to which the Relay UE belongs generates a second key by using the first key and sends a key response message to the Relay UE, wherein the key response message comprises the second key, and the second key is used for communication between the remote UE and the Relay UE.

S706: and the remote UE and the relay UE generate a session key based on the second key, and establish communication connection between the remote UE and the relay UE.

And the remote UE also generates a second key by using the first key, and the second key is used for communication between the remote UE and the Relay UE.

In the above step, when the remote UE has attached and registered to the proxy function/PKMF, if the relay UE and the remote UE belong to the same proxy function/PKMF, the procedure is consistent with the above procedure. If the relay UE and the remote UE belong to different process functions/PKMF, after the key request message is received by the process function/PKMF to which the relay UE belongs, the process function/PKMF to which the relay UE belongs sends a key request to the process function/PKMF of the remote UE, wherein the key request includes the acquired time information and integrity protection information, so that the process function/PKMF of the remote UE authenticates the remote UE through verification of MIC, generates a communication key between the remote UE and the remote UE, and feeds back the communication key to the relay UE through the process function/PKMF of the remote UE.

Optionally, the key request message and the key response message are only one specific implementation manner of the message, and other messages may also be used.

Fig. 8 is a diagram of another authentication method disclosed in an embodiment of the present application, which is different from the foregoing method in that when the MME establishes near field communication between the remote UE and the relay UE, the MME authenticates the remote UE based on time information. The method specifically comprises the following steps:

s801: the remote UE and the relay UE discover each other.

S802: the remote UE sends a direct communication request message to the relay UE, wherein the direct communication request message comprises time information and integrity protection information MIC.

Optionally, several specific forms of the first key are as follows:

1. kasme in NAS security context in remote UE.

2. The remote UE generates a key IK' using the time information and a key K stored in the SIM card in the remote UE. Alternatively, the remote UE may first search or establish the first key in the above form, and use IK' in case no key is found or successfully established.

S803: after receiving the direct communication request message, the Relay UE compares whether the difference value between the time information of the received direct communication request message and the time information in the direct communication request message is within an allowed range, and if the difference value is within the allowed range, the Relay UE sends a key request message to an MME to which the Relay UE belongs.

The key request message includes an identifier of the remote UE, time information in the direct communication request message, and integrity protection information MIC. Optionally, in the case that the first key is 1, the key request message may further include an identifier of the first key.

Comparing whether the difference value between the time information of the received direct communication request message and the time information in the direct communication request message is within the allowed range is an optional step, or directly sending the key request message to the MME to which the Relay UE belongs without comparison (for example, verification is not needed when verification is performed by the process function/PKMF or the MIC is generated by adopting a counter value mode), or adopting other methods of verifying time synchronization, and the method is not developed herein.

S804: and after receiving the key request message, the MME to which the Relay UE belongs acquires a first key, and verifies the integrity protection information by using the first key, thereby authenticating the remote UE.

The specific implementation manner of acquiring the first key by the MME to which the Relay UE belongs is as follows:

1. and acquiring the first key according to the identifier of the first key in the key request message (in the case that the first key is 1).

2. And the MME to which the Relay UE belongs sends the identity of the remote UE and the received time information to the HSS/Auc. The HSS/Auc obtains the key K of the remote UE, and generates a symmetric key of IK ' (collectively referred to as the first key IK ' with IK ') in the same manner as the remote UE according to the received time information and K. The HS/Auc S returns IK' to the MME to which the Relay UE belongs.

Optionally, the HSS/Auc may also authenticate the remote UE, that is, scheme 2 may also be replaced with: after receiving the key request message, the MME to which the Relay UE belongs sends the identity of the Relay UE, the received time information and integrity protection information to the HSS/Auc, the HSS/Auc obtains the key K of the Relay UE, the received time information and the K are used for generating IK ', the HSS/Auc generates IK ' by using the same method as the UE side, the integrity protection information is verified by using the IK ', the Relay UE is authenticated, and the authentication result is fed back to the MME to which the Relay UE belongs.

Verifying integrity protection information in this step means that the MME calculates a MIC ' using a first key for information at least including time or counter value information, and compares the calculated MIC ' with a received MIC value, if the calculated MIC ' is the same as the received MIC value, the verification is passed, otherwise, the verification fails, where in this document, in order to verify the MIC information, the MME needs to obtain time information in the same form as that used when the remote UE sends a direct communication request or calculate the MIC using the counter value, and a specific implementation method is not limited herein.

Optionally, before verifying the integrity protection information, the MME to which the Relay UE belongs may verify that a difference between the received time information and the time when the MME itself receives the key request message is within an allowable range, or verify that the received counter value information is greater than a counter value maintained in the process function/PKMF.

Optionally, the MME to which the Relay UE belongs may further authenticate to allow the remote UE to access the network through the Relay UE, where the authentication process may be performed before or after the authentication step.

S805: and if the first terminal is authenticated to be legal and the remote UE passes the authentication, the MME to which the remote UE belongs generates a second key by using the first key and sends a key response message to the remote UE, wherein the key response message comprises the second key, and the second key is used for communication between the remote UE and the remote UE.

S806: and the remote UE and the relay UE generate a session key based on the second key, and establish communication connection between the remote UE and the relay UE.

In the above step, if the remote UE is already attached to the network, the remote UE already establishes a context in the network, and if the relay UE and the remote UE belong to the same MME, the procedure is consistent with the above procedure. When relay UE and relay UE belong to different MME, after the MME to which the relay UE belongs receives the key request message, the MME to which the relay UE belongs sends a key request to the MME to which the relay UE belongs, wherein the key request comprises the obtained time information and integrity protection information, so that the MME to which the relay UE belongs authenticates the relay UE by verifying MIC, generates a communication key between the relay UE and the relay UE, and feeds back the communication key to the relay UE through the MME of the relay UE.

Fig. 9 is a diagram of another authentication method disclosed in an embodiment of the present application, which is different from the foregoing method in that, in a case where a remote UE and a relay UE are established to communicate with each other in a short distance by using a proxy function/PKMF, the remote UE is authenticated by the proxy function/PKMF based on an authentication vector. The method specifically comprises the following steps:

s901: the remote UE and the relay UE discover each other.

S902: and the remote UE sends a direct communication request message to the relay UE, wherein the direct communication request message comprises the identifier of the remote UE and the identifier of the relay UE.

S903: after receiving the direct communication request message, the relay UE sends a key request message to the proxy function or the PKMF, wherein the key request message comprises the received identity of the relay UE and the identity of the relay UE.

S904: after receiving the key request message, the proxy function/PKMF obtains the IMSI of the remote UE, initiates an authentication process for the remote UE, and sends an authentication data request message to the HSS, wherein the authentication data request comprises the IMSI of the remote UE.

S905: and the HSS returns the authentication vector of the remote UE to the proxy function/PKMF.

S906: and the sequence function/PKMF sends a message requiring authentication request to the relay UE, wherein the message comprises the identity of the relay UE, and RAND and AUTN in an authentication vector of the relay UE, which are obtained from the HSS, and the AUTN is an optional item.

S907: the Relay UE receives the message needing the authentication request, analyzes the identifier of the remote UE, and triggers the Relay UE to send a direct authentication request to the remote UE, wherein the direct authentication request comprises the RAND received by the Relay UE, and optionally the AUTN.

S908: after the Remote UE receives the direct authentication request message, if the message includes the AUTN, the relay UE first verifies the AUTN based on the key K included in the SIM card of the UE, so as to verify the validity of the network. The Remote UE generates RES using RAND and key K.

S909: and the Remote UE returns a direct authentication response message, wherein the direct authentication response message comprises the RES generated by the Remote UE and the identity of the Remote UE.

S910: the Relay UE returns a message of requiring authentication response, wherein the message comprises the received RES and the identity of the remote UE.

S911: and comparing the RES with the XRES in the acquired authentication vector by the aid of the program function/PKMF, and if the RES and the XRES are the same, indicating that the authentication passes, otherwise, failing to authenticate.

Before or after the proxy function/PKMF authenticates the remote UE, the proxy function/PKMF also needs to authenticate to allow the remote UE to access the network through the relay UE.

S912: if the remote UE passes the authentication and the authentication passes, the process function/PKMF generates a key for communication between the remote UE and the relay UE, wherein the process function can use a key Kasme in an authentication remote UE authentication vector as a root key to generate the key for communication between the remote UE and the relay UE.

And the sequence function/PKMF returns a key response message to the relay UE, and the generated key for communication between the remote UE and the relay UE is included in the key response message.

S913: and the remote UE and the relay UE generate a session key based on the key of communication, and establish communication connection between the remote UE and the relay UE.

Wherein, the remote UE also generates Kasme by using the obtained RAND and AUTN, and generates a key for communication between the remote UE and the relay UE by using the Kasme as a root key.

In the above step, when the remote UE has been attached to and registered with the proxy function, if the remote UE and the remote UE belong to the same proxy function/PKMF, the step is still performed as described above, and if the remote UE and the remote UE belong to different proxy functions, and the proxy function to which the remote UE belongs receives the key request message, the proxy function to which the remote UE belongs sends the key request to the proxy function of the remote UE, where the key request includes an identifier of the remote UE, so that the proxy function of the remote UE initiates an authentication process for the remote UE, generates a communication key between the remote UE and the remote UE, and feeds back the communication key to the remote UE through the proxy function of the remote UE. The authentication process is consistent with the procedure function execution process attributed to the relay UE.

Fig. 10 is a terminal including a processor, a memory, a transmitter, and a receiver according to an embodiment of the disclosure. The processor, memory, transmitter and receiver communicate over a bus.

The memory is used for storing the application program and data generated in the running process of the application program.

The processor is configured to run an application in the memory to implement the steps of the first terminal and/or the second terminal of fig. 2-9 except for the sending and receiving steps, e.g. to implement the step of discovering the second terminal or generating the response value RES in dependence of said RAND.

The transmitter is configured to implement the steps of the first terminal and/or the second terminal transmission in fig. 2-9 under the control of the processor.

The receiver is configured to implement the steps of the first terminal and/or the second terminal receiving in fig. 2-9 under the control of the processor.

Fig. 11 is a network device according to an embodiment of the disclosure, which includes a processor, a memory, a transmitter, and a receiver. The processor, memory, transmitter and receiver communicate over a bus.

The network device may be any one of the MME and the pro function/PKMF shown in fig. 2 to 9.

The processor is configured to execute the application program in the memory to perform the steps of any of the network devices of fig. 2-9, except for the steps of transmitting and receiving.

The transmitter is used for realizing the steps transmitted by any one of the network devices in fig. 2-9 under the control of the processor.

The receiver is configured to implement the steps received by any one of the network devices of fig. 2-9 under the control of the processor.

The terminal shown in fig. 10 and the network device shown in fig. 11 can interactively realize the direct authentication of the network device for the terminal accessing the network through the relay device.

Claims

1. An authentication method, comprising:

a first terminal discovers a second terminal, wherein the second terminal is a relay terminal;

the first terminal sends a direct communication request message to the second terminal, wherein the direct communication request message comprises time information and integrity protection information, the time information is the time information of the direct communication request message sent by the first terminal, the integrity protection information is obtained by the first terminal at least performing integrity protection on the time information by using a first secret key, so that the second terminal sends the time information and the integrity protection information to a process function or a PKMF, and the process function or the PKMF authenticates the first terminal according to the time information and the integrity protection information.

2. The method of claim 1, wherein the first key is:

the first terminal is used for relaying a root key of communication;

the direct communication request message further includes: the first terminal is used for relaying the identification of the root key of the communication.

3. The method of claim 1, wherein the first key is:

a third key established by the first terminal in a Generic Bootstrapping Architecture (GBA) mode, wherein the third key is used for ensuring the communication security between the first terminal and an application server;

the direct communication request message further includes: an identification of the third key.

4. The method of claim 1, wherein the first key is:

and the first terminal uses the time information and a key generated by a key stored in an SIM card in the first terminal.

5. The method according to any of claims 1-4, further comprising, after the first terminal sends the direct communication request message to the second terminal:

the first terminal generates a second key by using the first key, wherein the second key is used for communication between the first terminal and the second terminal.

6. An authentication method, comprising:

a second terminal receives a direct communication request message sent by a first terminal, wherein the direct communication request message comprises time information and integrity protection information generated by the first terminal, the time information is the time information of the direct communication request message sent by the first terminal, and the integrity protection information is obtained by at least performing integrity protection on the time information by the first terminal;

and the second terminal sends a first message to a process function or a PKMF, wherein the first message comprises the identifier of the first terminal, the time information in the direct communication request message and the integrity protection information, so that the process function or the PKMF authenticates the first terminal according to the time information and the integrity protection information.

7. The method of claim 6, wherein sending the first message to the pro-function or PKMF by the second terminal comprises:

and under the condition that the second terminal judges that the difference value between the time information of the received direct communication request message and the time information in the direct communication request message is within a preset range, sending the first message to the process function or the PKMF.

8. The method of claim 6, wherein after the second terminal sends the first message to the program function or the PKMF, the method further comprises:

and the second terminal receives a response message of a first message sent by the process function or the PKMF, wherein the response message of the first message comprises a second key, the second key is generated by using a first key after the first terminal is authenticated by the process function or the PKMF, and the second key is used for communication between the first terminal and the second terminal.

9. An authentication method, comprising:

receiving a first message sent by the second terminal through a proxy function or a PKMF, wherein the first message comprises an identifier of the first terminal, time information and integrity protection information, the time information is the time information of a direct communication request message sent by the first terminal to the second terminal, and the integrity protection information is obtained by at least performing integrity protection on the time information by using a first key through the first terminal and is sent to the second terminal through the direct communication request message;

and the process function or the PKMF acquires the first key, and verifies the integrity protection information by using the first key so as to authenticate the first terminal.

10. The method of claim 9, wherein the first message further includes an identification of the first key;

the acquiring the first key by the program function or the PKMF comprises: and the program function or the PKMF acquires the first key according to the identifier of the first key.

11. The method of claim 10, wherein the first key is:

the first terminal carries out a root key of relay communication; or the first terminal establishes a key for ensuring the communication security with the application server in a General Bootstrapping Architecture (GBA) mode.

12. The method of claim 9, wherein the retrieving the first key by the prose function or PKMF comprises:

the program function or PKMF sends the identifier of the first terminal and the time information to an HSS;

and the prose function or the PKMF receives the first key sent by the HSS, and the first key is generated by the HSS by using the time information and a key stored in an SIM card in the first terminal.

13. The method according to any of claims 9-12, wherein the retrieving the first key by the prose function or PKMF further comprises, before verifying the integrity protection information using the first key:

and the process function or the PKMF judges that the difference value between the time information of the received first message and the time information contained in the first message is within a preset range.

14. The method according to any of claims 9-12, further comprising, after said authenticating the first terminal:

if the first terminal is authenticated to be legal by the aid of the pro function or the PKMF, the pro function or the PKMF uses the first key to generate a second key, and the second key is used for communication between the first terminal and the second terminal;

and the sequence function or the PKMF sends a response message of a first message to the second terminal, wherein the response message of the first message comprises the second key.

15. A terminal, applied to a first terminal, comprising:

the processor is used for discovering a second terminal, and the second terminal is a relay terminal;

a sender, configured to send a direct communication request message to the second terminal, where the direct communication request message includes time information and integrity protection information, the time information is time information of the direct communication request message sent by the first terminal, and the integrity protection information is obtained by integrity protection of at least the time information by using a first key by the first terminal, so that the second terminal sends the time information and the integrity protection information to a process function or a PKMF, and the process function or the PKMF authenticates the first terminal according to the time information and the integrity protection information.

16. The terminal of claim 15, wherein the first key is:

the first terminal is used for relaying a root key of communication;

17. The terminal of claim 15, wherein the first key is:

a third key established by the processor in a Generic Bootstrapping Architecture (GBA) mode, wherein the third key is used for ensuring the communication security between the first terminal and the application server;

18. The terminal of claim 15, wherein the first key is:

the processor uses the time information and a key generated by a key stored in a SIM card in the first terminal.

19. The terminal of any of claims 15-18, wherein the processor is further configured to:

generating a second key using the first key after the transmitter transmits a direct communication request message to the second terminal, the second key being used for communication between the first terminal and the second terminal.

20. A terminal, wherein the terminal is a second terminal, comprising:

a receiver, configured to receive a direct communication request message sent by a first terminal, where the direct communication request message includes time information and integrity protection information generated by the first terminal, the time information is time information of the direct communication request message sent by the first terminal, and the integrity protection information is obtained by integrity protection of at least the time information by the first terminal;

a sender, configured to send a first message to a process function or a PKMF, where the first message includes an identifier of the first terminal, the time information in the direct communication request message, and the integrity protection information, so that the process function or the PKMF authenticates the first terminal according to the time information and the integrity protection information.

21. The terminal of claim 20, wherein the transmitter is configured to transmit the first message to a pro-function or PKMF and comprises:

and under the condition that the difference value between the time information of the received direct communication request message and the time information in the direct communication request message is judged to be within a preset range, sending the first message to the process function or the PKMF.

22. The terminal of claim 20, wherein the receiver is further configured to:

after the sender sends a first message to the process function or the PKMF, receiving a response message of the first message sent by the process function or the PKMF, wherein the response message of the first message comprises a second key, the second key is generated by using the first key after the first terminal is authenticated by the process function or the PKMF, and the second key is used for communication between the first terminal and the second terminal.

23. A process function, comprising:

a receiver, configured to receive a first message sent by a second terminal, where the first message includes an identifier of the first terminal, time information, and integrity protection information, the time information is time information of a direct communication request message sent by the first terminal to the second terminal, and the integrity protection information is obtained by the first terminal performing integrity protection on at least the time information by using a first key, and is sent to the second terminal through the direct communication request message;

and the processor is used for acquiring the first key, verifying the integrity protection information by using the first key and authenticating the first terminal.

24. The pro function of claim 23, wherein the first message further comprises an identification of the first key;

the processor configured to obtain the first key comprises: the processor is specifically configured to obtain the first key according to the identifier of the first key.

25. The process function of claim 24, wherein the first key is:

26. The process function of claim 23, wherein the processor configured to obtain the first key comprises:

the processor is specifically configured to send the identifier of the first terminal and the time information to the HSS; and receiving the first key sent by the HSS, wherein the first key is generated by the HSS by using the time information and a key stored in an SIM card in the first terminal.

27. The pro se function of any of claims 23-26, wherein the processor is further configured to:

before the first key is acquired and the integrity protection information is verified by using the first key, it is determined that a difference value between the time information of the received first message and the time information included in the first message is within a preset range.

28. The pro se function of any of claims 23-26, wherein the processor is further configured to:

after the first terminal is authenticated, if the first terminal is authenticated to be legal, a second key is generated by using the first key, and the second key is used for communication between the first terminal and the second terminal; and sending a response message of a first message to the second terminal, wherein the response message of the first message comprises the second key.

29. A PKMF, comprising:

30. The PKMF according to claim 29, wherein an identification of the first key is also included in the first message;

31. The PKMF according to claim 30, wherein the first key is:

32. The PKMF of claim 29, wherein the processor configured to obtain the first key comprises:

33. The PKMF according to any of claims 29-32, wherein the processor is further configured to:

34. The PKMF according to any of claims 29-32, wherein the processor is further configured to: