WO2015135278A1

WO2015135278A1 - Authentication method and system, prose functional entity, and ue

Info

Publication number: WO2015135278A1
Application number: PCT/CN2014/083049
Authority: WO
Inventors: 游世林; 梁爽; 蔡继燕; 林兆骥; 彭锦; 李阳; 朱李
Original assignee: 中兴通讯股份有限公司
Priority date: 2014-03-12
Filing date: 2014-07-25
Publication date: 2015-09-17
Also published as: CN104918246A

Abstract

Disclosed is an authentication method. The method comprises: a first proximity-based service (ProSe) functional entity delivering a configuration parameter to a user equipment (UE); and the UE initiating an authentication process to the first ProSe functional entity according to the configuration parameter, and after the first ProSe functional entity successfully authenticates the UE, the first ProSe functional entity allocating a D2D service temporary identifier to the UE. Also disclosed are an authentication system, the UE, and the ProSe functional entity.

Description

Authentication authentication method and system, ProSe functional entity and UE technical field

The present invention relates to the field of mobile communications, and specifically relates to a method and system for authenticating authentication, a functional entity based on distance (ProSe), and a user equipment (UE, User Equipment). Background technique

In order to maintain the competitiveness of the third generation mobile communication system in the field of communication, and to provide users with faster, less delayed, more personalized mobile communication services, and at the same time, in order to reduce the operator's operating costs, the third generation The 3GPP, 3rd Generation Partnership Project (Standard Working Group) is working on the Evolved Packet System (EPS). The entire EPS includes an E-UTRAN (Evolved Universal Terrestrial Radio Access Network) and an Evolved Packet Core Networking (EPC), where the EPC includes a Home Subscriber Server (HSS), mobility. Management entity (MME, Mobility Management Entity), Serving GPRS Support Node (SGSN), Policy and Charging Rule Function (PCRF, Policy and Charging Rule Function), S-GW, Serving Gateway , Packet Data Gateway (P-GW, PDN Gateway) and Packet Data Network (PDN).

When two UEs communicate through the EPS, the two UEs need to establish bearers with the EPS respectively. However, considering the rapid development of the UE and various mobile Internet services, many services hope to discover neighboring UEs and communicate with each other, thus spawning a device-to-device (D2D) service, which is also called ProSe. In the D2D service, when the two UEs are relatively close, they can communicate directly, and the connected data path can be bypassed to the core. Network, in this way, on the one hand can reduce the detour of data routing, on the other hand can also reduce the network data load. Therefore, D2D services have received the attention of many operators.

At present, the commonly used D2D service has a D2D discovery service, and the communication architecture of the D2D discovery service is as shown in FIG. 1. The two UEs accessed by the D2D can only access the EPC through the E-UTRAN, and both UEs can belong to one public land mobile. The network (PLMN, Public Land Mobile Network) is divided into two PLMNs; for one UE, the PLMN can be divided into the belonging PLMNs.

(HPLMN, Home PLMN) and visited PLMN (VPLMN, Visited PLMN) when the UE accesses from other PLMNs; PLMNs for the region in which the UE is currently located may be collectively referred to as local public land mobile networks (LPLMN, Local PLMN) ), whether the local PLMN is HPLMN or VPLMN. In order to implement the D2D discovery service, not only the EPS is deployed on the carrier side, but also the ProSe application server that deploys the D2D discovery service.

(Application Server), the ProSe application server can be provided by the service provider that operates the D2D service, or can be provided by the network operator that operates the EPS, and the ProSe Function Entity (ProSe Function) is also deployed in different PLMNs.

In the D2D discovery service communication architecture, since the UE provides the related ProSe application (APP, Application), the interface with the ProSe application server is a PC1 interface, and the related authentication function is provided. The interface between the UE and the UE is PC5, which is used for mutual direct discovery and communication between the UEs, and the interface between the UE and the ProSe functional entity is PC3, which is used for discovery and authentication through the network.

The interface between the ProSe functional entity and the existing EPC is PC4, which includes a user plane interface with the P-GW and a control plane interface with the HSS for D2D discovery service discovery authentication. The interface between the ProSe functional entity and the ProSe application server is PC2, which is used for application implementation of the D2D discovery service. ProSe p _r0 Se functional entity functional entities respectively PC6 and PC7 interfaces, respectively, for both cases the UE roaming and non-roaming, the UE is roaming interfaces PC7, the UE is not roaming PC6 interfaces, two interfaces The information interaction between two ProSe functional entities is performed when the UE performs the D2D discovery service. 2 is a flowchart of a D2D discovery service implemented by a UE in the prior art, including the following steps: Step 201: When a UE needs to initiate a D2D discovery service to another one or more discovered UEs, the UE first needs to go to its own HPLMN. The ProSe function entity performs the D2D discovery service authentication. Specifically, after the UE and the ProSe functional entity under the HPLMN establish a secure connection, the UE sends a discovery service request message to the ProSe functional entity under the HPLMN, where the discovery service request message includes the discovery service type and the user. The user identifier is an International Mobile Subscriber Identification Number (IMSI) or a Mobile Station International ISDN Number (MSISDN), where the ISDN is an Integrated Services Digital Network. ;

The discovery service type includes: an announce, that is, a discovery request initiated by the UE; a monitor, that is, a discovery request initiated by the UE; a match, that is, the UE is found to be sent to the discoverable ProSe functional entity. Match the report.

Step 202: The ProSe function entity in the HPLMN performs a discovery service authentication process on the UE. Here, the discovery service authentication of the UE is performed according to the existing technical solution. After the discovery request of the UE is obtained, the process proceeds to step 203 by using the ProSe under the HPLMN. The function entity initiates a corresponding discovery service process for the UE to the other one or more discovered UEs;

Step 203: The ProSe functional entity in the HPLMN initiates a corresponding discovery service flow to the ProSe functional entity in the local PLMN of the one or more discovered UEs according to the corresponding service type.

When the service type is published, the ProSe function entity under the HPLMN sends a publish request message to the ProSe function entity in the local PLMN of the discovered UE, and the ProSe function entity in the local PLMN of the UE is found to be the ProSe function under the HPLMN. The echo response advertisement message corresponding to the entity; the same; when the service type is the interception, the ProSe functional entity under the HPLMN sends a snoop request message to the ProSe functional entity under the local PLMN of the discovered UE, and the local PLMN of the UE is found. ProSe function entity under the ProSe function under HPLMN The entity sends back the interception response message. Similarly, when the service type is matched, the ProSe function entity in the HPLMN sends a match request message to the ProSe function entity in the local PLMN of the discovered UE. The match is successful, and the UE is found locally. The ProSe functional entity under the PLMN sends a matching response message to the ProSe functional entity under the HPLMN.

Step 204: After the D2D discovery service is processed, the ProSe function entity in the HPLMN sends a corresponding discovery service request response message to the UE that initiates the discovery service, and the UE completes the related radio resource allocation.

In the prior art, the MSISDN parameter is only signed by the HSS and can be downloaded to the control network element of the EPC. The UE generally does not have the signed MSISDN parameter, but the MSISDN parameter in the UE can be arbitrarily configured by the user. In this case, if configured The wrong MSISDN will cause an error in the discovery service request. In addition, if the IMSI is used for authentication authentication, the IMSI will be exposed in the discovery service request message, which will expose the user's private information and increase the user's attack by the attacker. risks of. Summary of the invention

In order to solve the problems in the prior art, embodiments of the present invention are expected to provide a method and system for authentication authentication, a ProSe functional entity, and a UE.

The technical solution of the embodiment of the present invention is implemented as follows:

An authentication authentication method provided by an embodiment of the present invention includes:

The first ProSe function entity sends a configuration parameter to the UE; the UE initiates an authentication and authentication process to the first ProSe function entity according to the configuration parameter, and the first ProSe function entity successfully authenticates the UE after the authentication is successful. And allocating a D2D service temporary identifier to the UE.

In the above solution, the configuration parameter includes a PLMN identifier list supported by the UE and a D2D service temporary identifier allocated by the first ProSe function entity to the UE, or the configuration parameter includes only the PLMN identifier supported by the UE. List.

In the above solution, before the first ProSe functional entity authenticates the UE, the The method also includes:

The UE determines that the local PLMN identity initiates an authentication authentication request to the second ProSe functional entity in the received PLMN identity list.

In the above solution, when the configuration parameters received by the UE include the PLMN identifier list supported by the UE and the D2D service temporary identifier allocated by the first ProSe function entity to the UE, the UE is configured according to the configuration parameter. Initiating an authentication and authentication process to the first ProSe functional entity, including:

The UE sends an authentication request to the second ProSe function entity, where the authentication authentication request carries the local PLMN identifier and the D2D service temporary identifier received by the UE;

Transmitting, by the second ProSe functional entity, the authentication authentication request to the first ProSe functional entity;

The first ProSe functional entity searches for a UE context corresponding to the UE according to the D2D service temporary identifier;

When the UE context corresponding to the UE is found, the first ProSe functional entity successfully authenticates the UE, and returns an allocated D2D service temporary identifier to the UE.

When the context corresponding to the UE is not found, the first ProSe function entity initiates a UE context acquisition process of the UE to the HSS, and after the UE context is successfully obtained, the first ProSe function entity is used by the UE. The authentication succeeds, and the allocated D2D service temporary identifier is returned to the UE.

In the above solution, when the configuration parameter received by the UE includes only the PLMN identifier list supported by the UE, the UE initiates an authentication process to the first ProSe function entity according to the configuration parameter, including:

Sending, by the UE, an authentication authentication request to the second ProSe functional entity, where the authentication authentication request carries an international mobile subscriber identity code IMSI or a D2D service temporary identifier;

Transmitting, by the second ProSe functional entity, the authentication authentication request to the first ProSe Functional entity

The first ProSe functional entity performs a UE authentication and authentication process according to the IMSI or D2D service temporary identifier.

In the above solution, the first ProSe functional entity performs a UE authentication and authentication process according to the IMSI or D2D service temporary identifier, and includes:

The first ProSe functional entity searches for a UE context corresponding to the UE according to the IMSI or D2D service temporary identifier;

When the context corresponding to the UE is not found, the first ProSe functional entity initiates a UE context acquisition process to the HSS, and after the UE context is successfully obtained, the first ProSe functional entity successfully authenticates the UE, to the The UE returns the assigned D2D service temporary identifier.

In the foregoing solution, after the first ProSe function entity allocates the D2D service temporary identifier to the UE, the method further includes:

The UE sends a discovery service request message to the first ProSe function entity; the discovery service request message includes: a discovery service type and a D2D service temporary identifier;

The first ProSe functional entity authenticates the discovery request of the UE;

After the discovery request is authenticated, the first ProSe functional entity initiates a corresponding discovery service process according to the corresponding service type;

After the service processing is completed, the first ProSe function entity sends a discovery service request response message to the UE, where the message carries the D2D service temporary identifier allocated by the first ProSe function entity to the UE.

In the foregoing solution, the first ProSe function entity that authenticates the discovery request of the UE includes:

The first ProSe functional entity searches for the UE according to the D2D service temporary identifier search UE context, when the UE context corresponding to the UE is found, the UE finds that the request is obtained for authentication;

When the UE context corresponding to the UE is not found, the first ProSe functional entity initiates an acquisition of an IMSI request to the UE; the UE sends back an IMSI response to the first ProSe functional entity, and carries the UE. Corresponding IMSI; the first ProSe function entity queries whether there is a UE context corresponding to the UE according to the IMSI, and when the UE exists, the UE finds that the request is obtained by the UE;

If not present, the first ProSe functional entity performs discovery service authentication authentication to the HSS, the HSS establishes a new UE context for the UE, and the UE finds that the request is obtained.

The first ProSe function entity sends a configuration parameter to the UE; after the first ProSe function entity successfully authenticates the UE, the D2D service temporary identifier is allocated to the UE.

In the foregoing solution, the first ProSe function entity, the authentication, and the first ProSe function entity receive an authentication authentication request sent by the second ProSe function entity, where the authentication authentication request carries the local PLMN. And the identifier and the temporary identifier of the D2D service received by the UE;

When the context corresponding to the UE is found, the first ProSe functional entity successfully authenticates the UE, and returns a D2D service temporary identifier to the UE.

When the context corresponding to the UE is not found, the first ProSe function entity initiates a UE context acquisition process to the HSS, and after the UE context is successfully obtained, the first ProSe function The energy entity successfully authenticates the UE, and returns an allocated D2D service temporary identifier to the UE. In the foregoing solution, the first ProSe functional entity, the authentication, the authentication, the first ProSe functional entity, the authentication request sent by the second ProSe functional entity, where the authentication authentication request carries the IMSI or Temporary identification of D2D services;

The first ProSe performs a UE authentication and authentication process according to the IMSI or D2D service temporary identifier.

In the foregoing solution, the performing the UE authentication and authentication process includes:

Determining, by the first ProSe, a UE context corresponding to the UE according to the IMSI or D2D service temporary identifier;

When the context corresponding to the UE is not found, the first ProSe functional entity initiates a UE context acquisition process to the HSS. After the UE context is successfully obtained, the first ProSe functional entity successfully authenticates the UE. The UE returns an allocated D2D service temporary identifier.

In the above solution, after the first ProSe functional entity allocates the D2D service temporary identifier to the UE, the method further includes:

The first ProSe function entity receives the discovery service request message sent by the UE; the discovery service request message includes: a discovery service type and a D2D service temporary identifier;

In the above solution, the first ProSe functional entity authenticates the discovery request of the UE, include:

The first ProSe function entity searches for a UE context related to the UE according to the D2D service temporary identifier, and when the context corresponding to the UE is found, the UE finds that the request is obtained for authentication;

When the context corresponding to the UE is not found, the first ProSe functional entity initiates an acquisition of an IMSI request to the UE; after the IMSI is successfully obtained, the first ProSe functional entity queries whether the UE exists according to the IMSI. Corresponding UE context, when present, the UE finds that the request is obtained by the authentication;

Receiving, by the UE, a configuration parameter that is sent by the first ProSe function entity; the UE initiating an authentication and authentication process to the first ProSe function entity according to the configuration parameter, and receiving the first ProSe function after the authentication and authentication succeeds The temporary ID of the D2D service assigned by the entity.

In the above solution, before the UE authenticates the first ProSe functional entity, the method further includes:

The UE determines that the local PLMN identity is in the received PLMN identity list, and the UE initiates an authentication authentication request to the second ProSe functional entity.

In the above solution, when the configuration parameters received by the UE include the PLMN identifier list supported by the UE and the D2D service temporary identifier allocated by the first ProSe function entity to the UE, the UE is configured according to the configuration parameter. Initiating an authentication and authentication process to the first ProSe functional entity, including: Sending, by the UE, an authentication authentication request to the first ProSe functional entity, where the authentication authentication request carries a local PLMN identifier and a D2D service temporary identifier received by the UE;

When the authentication is successful, the UE receives the D2D service temporary identifier allocated by the first ProSe functional entity to the UE.

The UE sends an authentication authentication request to the first ProSe functional entity, where the authentication authentication request carries an IMSI or D2D service temporary identifier.

In the foregoing solution, after the UE receives the D2D service temporary identifier that is allocated by the first ProSe function entity, the method further includes:

When the first ProSe functional entity does not find the UE context corresponding to the UE according to the D2D service temporary identifier, the UE receives the acquiring IMSI request sent by the first ProSe functional entity, and obtains the IMSI according to the foregoing. Requesting to return an IMSI response to the first ProSe functional entity, where the acquiring IMSI response carries an IMSI corresponding to the UE;

After the service processing is completed, the UE receives the D2D service temporary identifier allocated by the first ProSe functional entity to the UE.

A ProSe functional entity is provided by the embodiment of the present invention, where the ProSe functional entity includes: a configuration parameter sending module, an authentication authentication module, and a temporary identifier assigning module;

The configuration parameter sending module is configured to send configuration parameters to the UE;

The authentication authentication module is configured to perform authentication authentication on the UE, and trigger the temporary identifier allocation module when the authentication authentication succeeds;

The temporary identifier allocation module is configured to be triggered by the authentication authentication module, to the The UE sends a temporary identifier of the D2D service.

In the foregoing solution, the configuration parameter that is sent by the configuration parameter sending module to the UE includes a PLMN identifier list supported by the UE, and a D2D service temporary identifier allocated by the temporary identifier allocation module to the UE, or the The configuration parameters include only the list of PLMN identifiers supported by the UE.

In the above solution, the ProSe functional entity further includes: a discovery request authentication module and a discovery service processing module;

The discovery request authentication module is configured to receive the discovery service request of the UE, and perform authentication on the discovery service request of the UE, where the discovery service request includes: a discovery service type and a D2D service temporary identifier; After the discovery service request of the UE is successfully authenticated, the discovery service processing module is triggered;

The discovery service processing module is configured to perform discovery service processing for the UE when triggered by the discovery request authentication module, and return a discovery service response message to the UE after the discovery service processing is completed, the discovery service The response message carries the D2D service temporary identifier allocated by the temporary identifier allocation module to the UE.

A UE is provided by the embodiment of the present invention, where the UE includes: a configuration parameter receiving module and a authentication authentication request sending module;

The configuration parameter receiving module is configured to receive a configuration parameter delivered by the first ProSe functional entity;

The authentication authentication request sending module is configured to initiate an authentication authentication process to the first ProSe functional entity;

The configuration parameter receiving module is further configured to: after the authentication of the first ProSe functional entity is successful, receive the D2D service temporary identifier allocated by the first ProSe functional entity.

In the above solution, the configuration parameter includes a PLMN identifier list supported by the UE, and a D2D service temporary identifier allocated by the first ProSe function entity to the UE, or the The set parameters only include the list of PLMN identities supported by the UE.

In the foregoing solution, the UE further includes a determining module, where the determining module is configured to determine a local PLMN of the UE before the authentication authentication request sending module initiates an authentication and authentication process to the first ProSe functional entity. When the identifier is in the received PLMN identifier list, the authentication authentication request sending module is triggered to send an authentication authentication request to the second ProSe functional entity.

In the above solution, the UE further includes: a discovery service request module and a request processing module;

The discovery service requesting module is configured to send a discovery service request message to the first ProSe functional entity; the discovery service request message includes: a discovery service type and a D2D service temporary identifier;

The request processing module is configured to: when the first ProSe functional entity does not find the UE context corresponding to the UE according to the D2D service temporary identifier, receive the IMSI request sent by the first ProSe functional entity, and according to the Obtaining an IMSI request to return an IMSI response to the first ProSe, where the acquiring IMSI response carries an IMSI corresponding to the UE;

The configuration parameter receiving module is further configured to: after the discovery service processing is completed, receive the D2D service temporary identifier allocated by the first ProSe functional entity to the UE.

An authentication authentication system is provided by the embodiment of the present invention, where the system includes: a first ProSe functional entity and a UE;

The first ProSe functional entity is configured to send configuration parameters to the UE; and configured to allocate a D2D service temporary identifier to the UE after the UE is successfully authenticated by the UE;

The UE is configured to initiate an authentication process to the first ProSe functional entity according to the configuration parameter.

In the foregoing solution, the first ProSe function entity sends configuration parameters to the UE, including: the first ProSe function entity, the PLMN identifier list supported by the UE, and the first ProSe function entity being the UE Assigned D2D service temporary identifier, or supported by the UE The PLMN identifier list is sent to the UE as a configuration parameter.

In the foregoing solution, the UE is further configured to: when determining that the local PLMN identifier is in the received PLMN identifier list, initiate an authentication authentication request to the first ProSe functional entity.

In the foregoing solution, the UE is further configured to send a discovery service request message to the first ProSe function entity, where the discovery service request message includes: a discovery service type and a D2D service temporary identifier;

The first ProSe functional entity is further configured to: perform authentication on the discovery request of the UE; after the discovery request is authenticated, initiate a corresponding discovery service process according to the corresponding service type; and after the discovery service processing is completed, the first A ProSe function entity sends a discovery service response message to the UE, where the discovery service response message carries a D2D service temporary identifier allocated by the first ProSe function entity to the UE.

A computer storage medium according to an embodiment of the present invention, the computer storage medium includes a set of instructions, when executed, causing at least one processor to execute the authentication authentication method.

The method and system for authentication authentication provided by the embodiment of the present invention, the ProSe functional entity, and the UE, the first ProSe functional entity sends configuration parameters to the UE; the UE initiates authentication to the first ProSe functional entity according to the configuration parameter. The authentication process, and after the authentication is successful, the first ProSe functional entity allocates a D2D service temporary identifier to the UE; in this way, before the D2D discovery service of the UE, in the authentication and authentication process for the UE, The UE allocates a D2D service temporary identifier, and the D2D service temporary identifier can be used for authentication authentication when the UE initiates the discovery service. When the D2D service temporary identifier is used to perform authentication authentication, the MSISDN parameter can be avoided when performing authentication authentication. Errors that are prone to occur and the disadvantages of exposing user privacy to discovery services when performing authentication with IMSI. DRAWINGS

In the drawings, which are not necessarily to scale, like reference numerals may Similar parts are described in the view. Like reference numerals with different letter suffixes may indicate different examples of similar components. The drawings generally illustrate the various embodiments discussed herein by way of example and not limitation.

Figure 1 is a diagram of a D2D discovery service communication architecture;

2 is a flowchart of implementing a D2D discovery service in the prior art;

FIG. 3 is a flowchart 1 of an authentication authentication method according to at least one embodiment of the present invention; FIG. 4 is a flowchart 2 of an authentication authentication method according to at least one embodiment of the present invention; FIG. FIG. 6 is a flowchart of an authentication authentication method according to at least one embodiment of the present invention; FIG. 7 is a flowchart 5 of an authentication authentication method according to at least one embodiment of the present invention; FIG. 9 is a basic structural diagram of a ProSe functional entity according to at least one embodiment of the present invention; FIG. 10 is a basic structural diagram of a user equipment UE according to at least one embodiment of the present invention; FIG. 11 is a basic structural diagram of an authentication authentication system according to at least one embodiment of the present invention. detailed description

In the embodiment of the present invention, the first ProSe functional entity sends a configuration parameter to the UE; the UE initiates an authentication and authentication process to the first ProSe functional entity according to the configuration parameter, and after the authentication is successful, the first A ProSe functional entity allocates a D2D service temporary identifier to the UE.

Further details of the present invention will be further described below with reference to the accompanying drawings and specific embodiments.

Embodiment 1

The first embodiment of the present invention provides an authentication authentication method. As shown in FIG. 3, the method includes the following steps:

Step 301: The first ProSe function entity sends configuration parameters to the UE.

Here, the first ProSe functional entity refers to a ProSe functional entity under the HPLMN of the UE, and after the UE and the first ProSe functional entity establish a secure connection, the UE Sending a discovery service request message to the first ProSe functional entity;

The first ProSe function entity sends a configuration parameter to the UE, where the configuration parameter includes: a PLMN identifier list supported by the UE, and a D2D service temporary identifier allocated by the first ProSe function entity to the UE, or The configuration parameter includes only a list of PLMN identifiers supported by the UE;

When the configuration parameters that are delivered to the UE include: the PLMN identifier list supported by the UE and the D2D service temporary identifier allocated by the first ProSe function entity to the UE, the first ProSe function entity will save the location Corresponding relationship between the D2D service temporary identifier sent by the UE and the IMSI of the UE.

Specifically, the D2D service temporary identifier is a temporary identifier that can be used for the D2D discovery service of the UE, and the D2D service temporary identifier may be a ProSe functional entity identifier or may be a parameter corresponding to the UE uniquely. The parameter may use any representation that can be used to uniquely identify a UE. Specifically, in the actual allocation of the D2D service temporary identifier, the D2D service temporary identifier may be allocated to the UE in sequence or the D2D service temporary may be randomly allocated to the UE by a mathematical function. Logo.

Step 302: The UE initiates an authentication and authentication process to the first ProSe functional entity according to the configuration parameter, and after the first ProSe functional entity successfully authenticates the UE, allocates a D2D service to the UE. Identification

In this step, after the UE obtains the configuration parameter, it first determines whether the local PLMN identifier is in the received PLMN identifier list, and if not, does not perform any operation, and ends the current processing flow;

When the local PLMN identity of the UE is in the received PLMN identity list, the UE will initiate an authentication authentication request to the second ProSe functional entity. Specifically, the second ProSe functional entity refers to the UE. a ProSe functional entity under the LPLMN, where there are different authentication authentication procedures for the UEs that receive different configuration parameters in step 301; The following describes the authentication and authentication process of the UE in the above two cases by using FIG. 4 and FIG. 5;

4 is a flow chart of the authentication authentication process performed by the UE when the received configuration parameters include: the PLMN identity list supported by the UE and the D2D service temporary identity allocated by the first ProSe function entity to the UE, such as As shown in FIG. 4, the authentication and authentication process includes the following steps: Step 401: The UE sends an authentication request to a second ProSe functional entity. Specifically, the UE directly sends a packet to the second ProSe functional entity. a right authentication request, where the authentication authentication request carries the local PLMN identifier and the received D2D service temporary identifier; Step 402: The second ProSe functional entity forwards the authentication authentication request to the first ProSe functional entity;

Specifically, the second ProSe functional entity forwards the authentication authentication request to the first ProSe functional entity, where the authentication authentication request carries a D2D service temporary identifier and a local PLMN identifier.

Step 403: The first ProSe function entity determines whether the UE context exists. If yes, continue to perform according to steps 404a to 406a. If not, perform according to steps 404b and 404b. In this step, the first ProSe function entity The UE context corresponding to the UE is searched according to the D2D service temporary identifier, where the UE context includes the IMSI of the UE and the service parameter. Specifically, the first ProSe functional entity has saved the D2D service temporary identifier when the UE sends the temporary identifier to the UE. Corresponding relationship between the D2D service temporary identifier and the IMSI of the UE. Therefore, the first ProSe function entity may find a corresponding IMSI according to the received D2D service temporary identifier, and then search and locate according to the IMSI. The UE context corresponding to the IMSI; when the UE context corresponding to the UE is found, the authentication authentication is passed. At this time, the execution is continued according to steps 404a to 406a; if not, the steps are performed according to steps 404b and 404b.

Step 404a: The first ProSe functional entity allocates a D2D service temporary identifier to the UE. In this step, the UE uses the D2D service temporary identifier allocated for the UE to perform the identification. After the right authentication succeeds, the first ProSe functional entity may re-allocate the D2D service temporary identifier for the UE, and the re-allocated D2D service temporary identifier may be used for authentication authentication when the UE performs the discovery service next time; After the authentication is successful, the D2D service temporary identifier is re-assigned to the UE. This prevents the UE from using the same D2D service temporary identifier to perform multiple authentication authentication. This is because if the UE uses the same long-term. If a D2D service temporary identifier is used, the D2D service temporary identifier is easily acquired and used by an attacker or other users by using an illegal means. Therefore, in the solution according to the first embodiment of the present invention, the UE's D2D service temporary identifier is used each time. After use, it will be dynamically updated, so that the D2D service temporary identifier used each time is different, which can ensure the security of the UE;

Step 405a: The first ProSe functional entity sends back an authentication authentication response to the second ProSe functional entity.

Specifically, the authentication authentication response carries a D2D service temporary identifier allocated by the first ProSe functional entity to the UE and a UE context corresponding to the UE, where the UE context includes an authentication vector parameter group.

Step 406a: The second ProSe functional entity sends back an authentication authentication request response message to the UE.

Specifically, the authentication authentication request response message carries a D2D service temporary identifier and an authentication authentication parameter that are re-allocated by the first ProSe functional entity to the UE, and the UE saves the D2D service temporary identifier; the D2D The service temporary identifier may be used for authentication authentication of the D2D discovery service of the subsequent UE; ending the current process;

404b: The first ProSe function entity sends a context acquisition request message to the HSS; specifically, the context acquisition request carries the IMSI of the UE;

405b: After the HSS finds the corresponding UE context, sends a context acquisition response message to the first ProSe function entity.

Specifically, the HSS searches for a UE corresponding to the UE according to an IMSI of the UE. After the context, the context retrieval response message is sent back to the first ProSe function entity, where the context acquisition response message carries the UE context corresponding to the UE, and the UE context includes a UE authentication vector group; the first ProSe functional entity After obtaining the UE context, returning to step 403, the first ProSe functional entity passes the UE authentication and authentication according to the UE context, and is performed according to steps 404a to 405a;

When the configuration parameters received by the UE include only the PLMN identifier list supported by the UE, the authentication authentication process between the UE and the first ProSe functional entity includes two cases: in the first case, the The UE is a UE that has not been assigned a temporary identifier of the D2D service. In the second case, the UE is a UE that has been assigned a temporary identifier of the D2D service.

Step 501: The UE determines whether there is an allocated D2D service temporary identifier, if not, step 502a, if yes, step 502c;

The UE may determine whether it has an allocated D2D service temporary identifier by detecting the value of the D2D service temporary identifier field; specifically, if the UE detects that the D2D service temporary identifier field is empty or is not a D2D service temporary If the identified field (such as the case of all bits 1 or 0), it may be determined that there is no allocated D2D service temporary identifier, and at this time, the processing is performed according to the first case; if the UE detects its own D2D service If the temporary identifier field is not empty and is a normal D2D service temporary identifier, it may be determined that the existing D2D service temporary identifier exists. At this time, the processing is performed according to the second case;

The following describes the processing performed in the first case:

Step 502a: The UE sends an authentication authentication request to the second ProSe functional entity. Specifically, the authentication authentication request carries a local PLMN identifier and an IMSI, and the D2D service temporary identifier in the authentication authentication request is Empty or a field temporarily identified by a non-D2D service (such as when all bits are 1 or 0);

Step 503a: The second ProSe functional entity forwards the authentication authentication request to the first ProSe functional entity. Step 504a: The first ProSe functional entity determines whether the UE context exists, if yes, step 505a, if not, step 505b;

Specifically, the first ProSe function entity searches for a corresponding UE context according to the IMSI, and the UE context includes a service parameter corresponding to the UE, and searching for a corresponding UE context according to the IMSI of the UE belongs to the prior art, where the If the corresponding UE context is found, step 505a-step 507a is performed; if not found, step 505b, 506b is performed;

Step 505b: The first ProSe function entity sends a UE context acquisition request message to the HSS, where the UE context acquisition request message carries the IMSI of the UE;

Step 506b: After the HSS authenticates the UE successfully, the HSS sends an authentication authentication response to the first ProSe functional entity.

Here, after the HSS finds the UE context corresponding to the UE, it sends a context acquisition response message to the first ProSe function entity, where the context acquisition response message carries the authentication vector parameter group corresponding to the user; After the context, the process returns to step 503b, the first ProSe functional entity passes the authentication authentication of the UE according to the UE context, and is performed according to steps 504a-505a;

Step 505a: The first ProSe functional entity allocates a D2D service temporary identifier to the UE.

In this step, after the UE authentication and authentication succeeds, the first ProSe functional entity allocates a D2D service temporary identifier to the UE, and the allocated D2D service temporary identifier may be used by the UE to perform D2D discovery for the next time. Authentication at the time of business;

Step 506a: The first ProSe functional entity sends back an authentication authentication response to the second ProSe functional entity.

Specifically, the authentication authentication response carries a D2D service temporary identifier allocated by the first ProSe functional entity to the UE, and a UE context corresponding to the UE, where the UE The context includes an authentication vector parameter set.

Step 507a: The second ProSe function entity sends an authentication authentication response message to the UE, where the authentication authentication response message carries the D2D service temporary identifier and the authentication authentication parameter that are re-allocated by the first ProSe functional entity to the UE. The UE saves the D2D service temporary identifier; the D2D service temporary identifier may be used for authentication authentication when the UE performs the D2D discovery service next time; and ends the current process.

The following describes the processing performed in the second case:

Step 502c: The UE sends an authentication authentication request to the second ProSe functional entity, where the authentication authentication request carries a local PLMN identifier and a D2D service temporary identifier.

It should be noted that, before the step, the configuration parameter delivered by the first ProSe functional entity to the UE does not include the D2D service temporary identifier, and the D2D service temporary identifier herein is actually the UE. The D2D service temporary identifier allocated by the first ProSe functional entity to the UE after the last authentication authentication process is performed, and the D2D service temporary identifier itself may be used for the next authentication and authentication process of the UE; That is, before the process according to the first embodiment of the present invention starts, the allocated D2D service temporary identifier may already exist in the UE; therefore, the first ProSe functional entity is in the current process flow to the UE. The configuration parameter that is delivered does not include the temporary ID of the D2D service allocated to the UE. It is also considered that for the UE that has obtained the temporary identifier of the D2D service in the last authentication and authentication process, if it is in this authentication, It is not necessary to directly allocate new D2D service temporary identifiers, and it will cause waste of resources;

Step 503c: The second ProSe functional entity sends the authentication authentication request to the first ProSe functional entity, where the authentication authentication request carries a local PLMN identifier and a D2D service temporary identifier.

Step 504c: The first ProSe function entity searches for a corresponding UE context according to the D2D service temporary identifier, where the UE context includes a service parameter corresponding to the UE, and if found, the implementation Step 505c, if not found, step 505d;

Specifically, the first ProSe functional entity has saved the correspondence between the temporary identifier of the D2D service and the IMSI of the UE, and the first ProSe is configured to obtain the D2D service temporary identifier. The function entity may find the corresponding IMSI according to the received D2D service temporary identifier, and then search for the UE context corresponding to the IMSI according to the IMSI; if the corresponding UE context is found, perform steps 505c-507c; If not found, follow steps 505d, 506d;

Step 505d: The first ProSe function entity sends a context acquisition request message to the HSS.

Specifically, the context acquisition request message carries an IMSI of the UE;

Step 506d: After the HSS successfully authenticates the UE, the HSS sends an authentication authentication response to the first ProSe functional entity.

Specifically, after the HSS finds the UE context corresponding to the UE, it sends a context acquisition response message to the first ProSe function entity, where the context acquisition response message carries the authentication vector parameter group corresponding to the user; After the UE context, the process returns to step 504c, where the first ProSe function entity passes the authentication authentication of the UE according to the UE context, and then executes according to steps 505c-507c;

Step 505c: The first ProSe functional entity allocates a D2D service temporary identifier to the UE.

Step 506c: The first ProSe functional entity sends back an authentication authentication response to the second ProSe functional entity.

Specifically, the authentication authentication response carries a D2D service temporary identifier allocated by the first ProSe functional entity for the UE and a UE context corresponding to the UE, where the UE context includes an authentication vector parameter group.

Step 507c: The second ProSe functional entity sends back an authentication request to the UE. Message

Specifically, the authentication authentication request response message carries a D2D service temporary identifier and an authentication authentication parameter that are re-allocated by the first ProSe function entity to the UE, where the UE saves the D2D service temporary identifier; Identifying authentication authentication that can be used for subsequent D2D discovery services of the UE; ending the current process.

After the D2D service temporary identifier is obtained by the authentication and authentication method provided in the first embodiment of the present invention, the D2D discovery service may be initiated according to the acquired D2D service temporary identifier, and the D2D discovery service processing flowchart is as shown in FIG. 6 The method includes the following steps:

Step 601: When the UE needs to initiate the D2D discovery service to the other one or more discovered UEs, the UE first needs to perform D2D discovery service authentication to the ProSe functional entity under the HPLMN, that is, the first ProSe functional entity; After the first ProSe functional entity establishes a secure connection, the first ProSe functional entity sends a discovery service request message, where the discovery service request message includes: a discovery service type and a D2D service temporary identifier.

The discovery service type includes: an announce, that is, a discovery request initiated by the UE; a monitor, that is, a discovery request initiated by the UE; a match, that is, the UE is found to be sent to the discoverable ProSe functional entity. The matching report is as follows: the UE is found to be the UE that initiates the discovery service, and the discovered UE refers to the discovery object requested by the UE. Step 602: The first ProSe functional entity searches and describes the D2D service temporary identifier according to the D2D service temporary identifier. UE-related UE context; if the relevant UE context is found, the service request is found to be authenticated, and the process proceeds to step 607 to perform the discovery service process; if the relevant UE context is not found, the process is completed according to steps 603-606, and then Follow step 607;

Step 603: The first ProSe functional entity initiates an acquisition of an IMSI request to the UE. Step 604: The UE sends back an IMSI response to the first ProSe functional entity, where the acquired IMSI response carries the UE Corresponding IMSI;

Step 605: The first ProSe functional entity queries whether the UE exists in the upper or lower according to the IMSI. If yes, the service is authenticated. If yes, go directly to step 608 to perform discovery service processing. If not, follow steps 606 and 607 to complete the process.

Step 606: The first ProSe functional entity performs authentication service authentication with the HSS, and the HSS establishes a new UE context for the UE, where the UE context includes a subscription parameter of the UE.

Step 607: If the request is found to be authenticated, the first ProSe functional entity initiates a corresponding discovery service flow to the ProSe functional entity in the local PLMN of the discovered UE according to the corresponding service type.

When the service type is advertised, the first ProSe function entity sends a publish request message to the ProSe function entity under the local PLMN of the discovered UE, and the ProSe function entity under the local PLMN of the UE is found to be the first The ProSe function entity corresponds to the loopback advertisement request message. Similarly, when the service type is the interception, the first ProSe function entity sends a snoop request message to the ProSe function entity in the local PLMN of the discovered UE, and the UE is found. The ProSe function entity in the local PLMN sends a listen request response message to the first ProSe function entity. Similarly, when the service type is matched, the first ProSe function entity is sent to the local PLMN of the discovered UE. The ProSe function entity sends a match request message, and the match is successful. The ProSe function entity in the local PLMN of the UE is found to send a match request response message to the first ProSe function entity.

Step 608: After the service processing is found to be complete, the first ProSe function entity sends a discovery service request response message to the UE, where the message carries the D2D service temporary identifier allocated by the first ProSe function entity to the UE. After receiving the response, the UE completes the related radio resource allocation.

The D2D service temporary identifier may be: a ProSe functional entity identifier or a 32-bit (bit) unique parameter corresponding to one UE, and the parameters may be allocated in order or through a mathematical function. Discretely obtained;

Here, after the discovery service is completed, the UE is again assigned a new D2D service temporary identifier, which is also an insecure factor that is easy to occur when the UE performs multiple authentication authentication using the same D2D service temporary identifier. In a solution, the D2D service temporary identifier of the UE is dynamically updated after each use, so that the D2D service temporary identifier used each time is different, and the security of the UE can be ensured.

Embodiment 2

The second embodiment of the present invention provides an authentication authentication method. The method is shown in flowchart 7. The method includes the following steps:

Step 701: The first ProSe function entity sends configuration parameters to the UE.

Specifically, the configuration parameter that is sent by the first ProSe function entity to the UE may include a PLMN identifier list supported by the UE and a D2D service temporary identifier allocated by the first ProSe function entity to the UE, or The configuration parameter includes only a list of PLMN identifiers supported by the UE;

The D2D service temporary identifier may be a ProSe function entity identifier or a parameter corresponding to the UE, and the parameter may use any representation that can be used to uniquely identify a UE. Specifically, the D2D service temporary identifier is actually In the allocation, parameters may be allocated to the UE in order or randomly assigned to the UE by a mathematical function.

Step 702: After the first ProSe functional entity successfully authenticates the UE, the D2D service temporary identifier is allocated to the UE.

Specifically, the first ProSe functional entity authenticates the UE, including:

The first ProSe function entity receives the authentication request sent by the second ProSe function entity, where the authentication authentication request carries the D2D service temporary identifier sent by the first ProSe function entity to the UE in step 601. The first ProSe function entity searches for the UE context corresponding to the UE according to the D2D service temporary identifier; when the context corresponding to the UE is found, the The first ProSe function entity successfully authenticates the UE, and allocates a new D2D service temporary identifier to the UE, where the D2D service temporary identifier is used for authentication authentication when the UE initiates the next service discovery; When the context corresponding to the UE is found, the first ProSe function entity initiates a UE context acquisition process to the HSS. After the UE context is successfully obtained, the first ProSe function entity successfully authenticates the UE and allocates the UE to the UE. New D2D business temporary identification.

Specifically, the first ProSe function entity that authenticates the UE, further includes: the first ProSe function entity receiving an authentication authentication request sent by the second ProSe function entity, where the authentication authentication request is sent When carrying the IMSI or D2D service temporary identifier, the first ProSe performs a UE authentication and authentication process according to the IMSI or D2D service temporary identifier;

Here, the D2D service temporary identifier in the authentication authentication request is different from the D2D service temporary identifier carried in the configuration parameter sent by the first ProSe function entity to the UE in step 601; The configuration parameter that is sent by the first ProSe function entity to the UE does not carry the D2D service temporary identifier allocated to the UE. Therefore, the D2D service temporary identifier is actually the authentication authentication process before the UE. The D2D service temporary identifier that has been obtained; correspondingly, if the UE does not obtain the D2D service temporary identifier before, the UE will initiate an authentication authentication request to the second ProSe functional entity through the IMSI, in this case, When the second ProSe functional entity forwards the authentication authentication request to the ProSe functional entity under the HPLMN, only the IMSI of the UE is carried;

Specifically, the performing, by the first ProSe, the UE authentication and authentication process according to the IMSI or the D2D service temporary identifier includes:

When the context corresponding to the UE is found, the first ProSe functional entity successfully authenticates the UE, and allocates a new D2D service temporary identifier to the UE; In the corresponding context, the first ProSe function entity initiates a UE context acquisition process to the HSS. After the UE context is successfully obtained, the first ProSe function entity successfully authenticates the UE, and returns an allocation to the UE. Temporary identification of D2D services;

Specifically, the first ProSe functional entity encapsulates the D2D service temporary identifier in an authentication authentication response and returns the second ProSe functional entity, and the second ProSe functional entity forwards the authentication authentication response to the Said UE.

After the first ProSe function entity allocates the D2D service temporary identifier to the UE, the method further includes:

The first ProSe function entity receives the discovery service request message sent by the UE; the discovery service request of the UE may be a discovery service request for one discovered UE, or may be a discovery service request for multiple discovered UEs. The discovery service request message includes: a discovery service type and a D2D service temporary identifier; the first ProSe function entity authenticates the discovery request of the UE; if the request is found to obtain the authentication, the first ProSe function entity according to the corresponding The service type sends a corresponding discovery service flow to the ProSe of the local PLMN of the discovered UE. After the service processing is found, the first ProSe function entity sends a discovery service request response message to the UE, where the discovery service is sent. The request response message carries the D2D service temporary identifier allocated by the first ProSe functional entity to the UE.

Specifically, the first ProSe functional entity authenticates the discovery request of the UE, and includes:

The first ProSe function entity searches for a UE context related to the UE according to the D2D service temporary identifier, and when the context corresponding to the UE is found, the UE finds that the request is obtained for authentication; when the context corresponding to the UE is not found, the The first ProSe functional entity initiates an acquisition of an IMSI request to the UE; the UE sends back an IMSI response to the first ProSe functional entity, and carries an IMSI corresponding to the UE; the first ProSe functional entity queries according to the IMSI Whether there is a UE context, and when present, the UE finds that the request is obtained by the authentication; If not, the first ProSe functional entity performs discovery service authentication and authentication to the HSS, and establishes a new UE context, and the UE finds that the request is obtained.

Embodiment 3

The third embodiment of the present invention provides an authentication authentication method. The method is shown in Figure 8. The method includes the following steps:

Step 801: The UE receives the configuration parameter delivered by the first ProSe functional entity.

Specifically, the configuration parameter includes a PLMN identifier list supported by the UE and a D2D service temporary identifier allocated by the ProSe function entity to the UE, or the configuration parameter includes only the PLMN identifier list supported by the UE;

Step 802: The UE initiates an authentication and authentication process to the first ProSe functional entity according to the configuration parameter, and after receiving the authentication, the D2D service temporary identifier allocated by the first ProSe functional entity is received;

Specifically, before the UE authenticates the first ProSe functional entity, the method further includes: determining, by the UE, whether the local PLMN identifier is in the received PLMN identifier list, if yes, the UE is in the first The second ProSe functional entity initiates an authentication authentication request.

When the configuration parameters received by the UE include the PLMN identifier list supported by the UE and the D2D service temporary identifier allocated by the ProSe function entity to the UE, the UE initiates authentication to the first ProSe function entity. Certification request, including:

Sending, by the UE, an authentication authentication request to the first ProSe functional entity, where the authentication authentication request carries a local PLMN identifier and a D2D service temporary identifier received by the UE; when the authentication authentication is successful, the UE receives The D2D allocated by the first ProSe functional entity to the UE Business temporary identification;

When the configuration parameter received by the UE includes only the PLMN identifier list supported by the UE, the UE initiates an authentication authentication request to the first ProSe functional entity, including:

Sending, by the UE, an authentication authentication request to the second ProSe functional entity, where the authentication authentication request carries an IMSI or D2D service temporary identifier;

After the UE receives the D2D service temporary identifier that is allocated by the first ProSe function entity, the method further includes:

When the UE wishes to initiate a discovery request to one or more discovered UEs, the UE sends a discovery service request message to the first ProSe functional entity; the discovery service request message includes: a discovery service type and a D2D service temporary Identification

When the first ProSe functional entity does not find the UE context corresponding to the UE according to the D2D service temporary identifier, the UE receives the acquiring IMSI request sent by the first ProSe functional entity, and according to the acquiring the IMSI request, The first ProSe functional entity returns an IMSI response, and the acquiring IMSI response carries an IMSI corresponding to the UE;

Embodiment 4

The fourth embodiment of the present invention provides a ProSe functional entity, which is a ProSe functional entity located under the HPLMN of the UE. The basic structure is as shown in FIG. 9. The ProSe functional entity includes: a configuration parameter delivery module. 91. An authentication module 92 and a temporary identifier allocation module 93; wherein The configuration parameter sending module 91 is configured to send configuration parameters to the UE. The authentication authentication module 92 is configured to perform authentication authentication on the UE, and trigger the temporary identifier allocation module 93 when the authentication authentication is successful. ;

The temporary identifier allocation module 93, when configured to be triggered by the authentication and authentication module 92, delivers a D2D service temporary identifier to the UE.

Specifically, the configuration parameter that is sent by the configuration parameter sending module to the UE may include a PLMN identifier list supported by the UE and a temporary identifier of the D2D service allocated by the temporary identifier allocation module 93 to the UE, or The configuration parameter includes only the PLMN identifier list supported by the UE. Therefore, the temporary identifier allocation module 93 is further configured to allocate the configuration parameter to the UE when the configuration parameter sending module 91 sends the configuration parameter to the UE. a D2D service temporary identifier, where the D2D service temporary identifier may be a ProSe functional entity identifier or a parameter corresponding to the UE uniquely, and the parameter may use any representation form that can be used to uniquely identify a UE; specifically, In the actual allocation of the D2D service temporary identifier, the parameters may be allocated to the UE in order or randomly allocated to the UE by a mathematical function.

Specifically, the authentication and authentication module 92 performs authentication authentication on the UE, including:

The authentication authentication module 92 receives the authentication authentication request sent by the other ProSe functional entity, and the authentication authentication request carries the temporary identification of the D2D service delivered by the temporary identifier allocation module 93 to the UE. The right authentication module 92 searches for the UE context corresponding to the UE according to the D2D service temporary identifier. When the context corresponding to the UE is found, the authentication authentication module 92 successfully authenticates the UE, and triggers the temporary identifier allocation module. And assigning a new D2D service temporary identifier to the UE, where the D2D service temporary identifier is used for authentication authentication when the UE initiates the next service discovery; when the context corresponding to the UE is not found, the authentication authentication module 92 The UE context acquisition process is initiated to the HSS. After the UE context is successfully obtained, the authentication and authentication module 92 successfully authenticates the UE, and triggers the temporary identifier allocation module 93 to allocate a new D2D service temporary identifier to the UE. Here, the other ProSe functional entities may Refers to the ProSe functional entity under the LPLMN of the UE;

Specifically, the authentication and authentication module 92, the authentication authentication of the UE, further includes: the authentication authentication module 92 receives an authentication authentication request sent by the other ProSe functional entity, when the authentication authentication request is When the IMSI or the D2D service temporary identifier is carried, the authentication and authentication module 92 performs the UE authentication and authentication process according to the IMSI or the D2D service temporary identifier. Here, the D2D service temporary identifier and the configuration in the authentication authentication request are performed. When the parameter sending module 91 sends the configuration parameter to the UE, the temporary identifier assigning module 93 allocates the D2D service temporary identifier to the UE, and the configuration parameter is sent to the UE. The configuration parameter does not carry the D2D service temporary identifier allocated to the UE. Therefore, the D2D service temporary identifier is actually the temporary identifier of the D2D service that has been obtained in the authentication authentication process before the UE; The UE does not obtain the D2D service temporary identifier before, and the UE will initiate authentication to the ProSe functional entity under other PLMNs through the IMSI. The request, in this case, when the other ProSe functional entity forwards the authentication and authentication request to the authentication and authentication module 92, only the IMSI of the UE is carried;

Specifically, the authentication and authentication module 92 performs the UE authentication and authentication process according to the IMSI or the D2D service temporary identifier, and includes:

The authentication and authentication module 92 searches for a UE context corresponding to the UE according to the IMSI or D2D service temporary identifier.

When the context corresponding to the UE is found, the authentication and authentication module 92 successfully authenticates the UE, and triggers the temporary identifier allocation module 93 to allocate a new D2D service temporary identifier to the UE; In the corresponding context, the authentication and authentication module 92 initiates a UE context acquisition process to the HSS. After the UE context is successfully obtained, the authentication and authentication module 92 successfully authenticates the UE, and triggers the temporary identifier allocation module 93. Allocating a new D2D service temporary identifier to the UE;

Specifically, the authentication and authentication module 92 encapsulates the D2D service temporary identifier in the authentication. The authentication response is returned to the other ProSe functional entity, and the authentication authentication response is forwarded by the other ProSe functional entity to the UE.

Further, the ProSe functional entity further includes: a discovery request authentication module 94 and a discovery service processing module 95;

The discovery request authentication module 94 is configured to receive the discovery service request of the UE, and perform authentication on the discovery service request of the UE, where the discovery service request includes: a discovery service type and a D2D service temporary identifier; After the discovery service request of the UE is successfully authenticated, the discovery service processing module 65 is triggered;

The discovery service processing module 95 is configured to perform discovery service processing for the UE when triggered by the discovery request authentication module 94, and return a discovery service response message to the UE after the discovery service processing is completed, the discovery service The response message carries the D2D service temporary identifier allocated by the temporary identifier allocation module 93 for the UE.

The discovery request authentication module 94 authenticates the discovery service request of the UE, including: the discovery request authentication module 94 searches for a UE context related to the UE according to the D2D service temporary identifier, and when the context corresponding to the UE is found, , requesting that the UE finds that the authentication is successful;

When the context corresponding to the UE is not found, the discovery request authentication module 94 initiates an acquisition of the IMSI request to the UE. The discovery request authentication module 94 queries whether the UE exists according to the IMSI carried in the IMSI response returned by the UE. Context, when present, the request for the UE to discover that the authentication is successful;

If not, the discovery request authentication module 94 performs discovery service authentication and authentication on the HSS, and establishes a new UE context, and the UE is found to request authentication success.

In actual application, the configuration parameter sending module may be implemented by a transmitter in the ProSe functional entity; the authentication authentication module, the discovery request authentication module, the temporary identifier allocation module, and the discovery service processing module Central processor in the ProSe functional entity (CPU, Central Processing Unit), Digital Signal Processor (DSP) or Field-Programmable Gate Array (FPGA) are implemented in combination with transceivers.

Embodiment 5

The sixth embodiment of the present invention provides a UE. As shown in FIG. 10, the UE includes: a configuration parameter receiving module 101 and an authentication authentication request sending module 102.

The configuration parameter receiving module 101 is configured to receive a configuration parameter that is sent by the first ProSe functional entity; the authentication authentication request sending module 102 is configured to initiate an authentication authentication process to the first ProSe functional entity; The receiving module 101 is further configured to: after the authentication of the first ProSe functional entity is successful, receive the D2D service temporary identifier allocated by the first ProSe functional entity.

Specifically, the configuration parameter includes a PLMN identifier list supported by the UE and a D2D service temporary identifier allocated by the first ProSe function entity to the UE, or the configuration parameter includes only a list of PLMN identifiers supported by the UE. .

Further, the UE further includes a determining module 103, where the determining module 103 is configured to determine, before the authentication authentication request sending module 102 initiates an authentication and authentication process to the first ProSe functional entity, Whether the local PLMN identifier exists in the received PLMN identifier list, the trigger authentication authentication request sending module 102 sends an authentication authentication request to the second ProSe functional entity.

When the configuration parameter received by the configuration parameter receiving module 101 includes the PLMN identifier list supported by the UE and the D2D service temporary identifier allocated by the first ProSe function entity to the UE, the authentication authentication request sending module The initiating an authentication process for the first ProSe functional entity, including:

The authentication authentication request sending module 102 sends an authentication authentication request to the first ProSe functional entity, where the authentication authentication request carries a local PLMN identifier and the configuration parameter receiving module The D2D service temporary identifier received by the block 101. When the authentication authentication is successful, the configuration parameter receiving module 101 receives the D2D service temporary identifier allocated by the first ProSe functional entity to the UE.

When the configuration parameter received by the configuration parameter receiving module 101 includes only the PLMN identity list supported by the UE, the authentication authentication request sending module 102 initiates an authentication authentication request to the first ProSe functional entity, including:

The authentication authentication request sending module 102 sends an authentication authentication request to the second ProSe functional entity, where the authentication authentication request carries an IMSI or D2D service temporary identifier;

Specifically, when the configuration parameter received by the configuration parameter receiving module 101 includes only the PLMN identity list supported by the UE, the authentication authentication request sending module 102 initiates an authentication authentication request to the first ProSe functional entity. The authentication authentication request sending module 102 first determines whether the existing D2D service temporary identifier exists, and determines the authentication initiated by the first ProSe functional entity according to the specific situation of whether the D2D service temporary identifier exists. The parameter carried in the authentication request; specifically, if the existing D2D service temporary identifier does not exist, the authentication request initiated by the first ProSe functional entity carries only the IMSI; if the existing D2D service exists Transmitting the D2D service temporary identifier in the authentication authentication request and sending the identifier to the first ProSe functional entity;

The UE further includes: a discovery service requesting module 104 and a request processing module 105. The discovery service requesting module 104 is configured to send a discovery service request message to the first ProSe functional entity; the discovery service request message includes : discovering the service type and the D2D service temporary identifier; the discovery service request message may be a D2D discovery service for one UE. The request may also be a D2D discovery service request for multiple UEs;

When the first ProSe functional entity does not find the UE context corresponding to the UE according to the D2D service temporary identifier, the request processing module 105 is configured to receive the IMSI request sent by the first ProSe functional entity, and according to The acquiring an IMSI request returns an IMSI response to the first ProSe, where the acquiring an IMSI response carries an IMSI corresponding to the UE;

After the service processing is completed, the configuration parameter receiving module 101 receives the D2D service temporary identifier allocated by the first ProSe functional entity to the UE.

In actual application, the configuration parameter receiving module may be implemented by a receiver in the UE; the authentication authentication request sending module and the request processing module may be implemented by a CPU, a DSP or an FPGA in the UE in combination with the transceiver; the determining module may be implemented by the UE. CPU, DSP or FPGA implementation; the discovery service request module can be implemented by a transmitter in the UE.

Embodiment 6

The fifth embodiment of the present invention provides an authentication and authentication system, and the system structure diagram is as shown in FIG. 11. The system includes: a first ProSe functional entity 111 and a user equipment UE 112;

The first ProSe functional entity 111 is configured to send configuration parameters to the UE, and is configured to allocate a D2D service temporary identifier to the UE after the UE is successfully authenticated by the UE;

The UE 112 is configured to send an authentication authentication process to the first ProSe functional entity 111 according to the configuration parameter.

Specifically, the first ProSe function entity 111 sends configuration parameters to the UE 112, including: the first ProSe function entity 111, the PLMN identifier list supported by the UE 112, and the first ProSe function 111 entity. The D2D service temporary identifier allocated to the UE 112 or the PLMN identifier list supported by the UE 112 is sent to the UE 112 as a configuration parameter.

Further, the UE 112 is further configured to: before determining whether the local PLMN identifier exists in the received PLMN identifier list, before the authentication authentication process is initiated to the first ProSe functional entity 111 according to the configuration parameter, Sending to the first ProSe functional entity 111 The authentication request is initiated.

When the configuration parameters received by the UE 112 include the PLMN identifier list supported by the UE 112 and the D2D service temporary identifier allocated by the first ProSe function entity 111 to the UE 112, the UE 112 goes to the A ProSe functional entity 111 initiates an authentication process, including:

The UE 112 sends an authentication request to the second ProSe functional entity, where the authentication authentication request carries the local PLMN identifier and the D2D service temporary identifier received by the UE 112; the second ProSe functional entity goes to the first The ProSel ll functional entity forwards the authentication authentication request;

The first ProSe functional entity 111 searches for a UE context corresponding to the UE 112 according to the D2D service temporary identifier.

When the context corresponding to the UE 112 is found, the first ProSe functional entity 111 successfully authenticates the UE 112, and returns an allocated D2D service temporary identifier to the UE 112.

When the context corresponding to the UE 112 is not found, the first ProSe function entity 111 initiates a UE context acquisition process to the HSS. After the UE context is successfully obtained, the first ProSe function entity 111 successfully authenticates the UE 112. And returning the allocated D2D service temporary identifier to the UE 112.

When the configuration parameter received by the UE 112 includes only the PLMN identity list supported by the UE 112, the UE 112 initiates an authentication process to the first ProS function entity el 11 , including:

The UE 112 sends an authentication authentication request to the second ProSe functional entity, where the authentication authentication request carries an IMSI or D2D service temporary identifier;

The second ProSe functional entity forwards the authentication authentication request to the first ProSe functional entity 111; The first ProSel functional entity performs a UE authentication and authentication process according to the IMSI or D2D service temporary identifier.

Specifically, when the configuration parameter received by the UE 112 includes only the PLMN identity list supported by the UE 112, before the UE 112 initiates an authentication authentication request to the first ProSe functional entity 111, the UE 112 First, it is determined whether the existing D2D service temporary identifier exists, and the parameter carried in the authentication authentication request initiated by the first ProSe functional entity 111 is determined according to the specific situation of whether the D2D service temporary identifier exists. If the existing D2D service temporary identifier is not present, the authentication request sent to the first ProSe functional entity 111 carries only the IMSI; if the existing D2D service temporary identifier exists, the The D2D service temporary identifier is carried in the authentication authentication request and sent to the first ProSe functional entity 111;

Specifically, the first ProSe functional entity 111 performs a UE authentication and authentication process according to the IMSI or D2D service temporary identifier, and includes:

The first ProSe functional entity 111 searches for a UE context corresponding to the UE 112 according to the IMSI or D2D service temporary identifier;

When the context corresponding to the UE 112 is found, the first ProSe functional entity successfully authenticates the UE 112, and returns an allocated D2D service temporary identifier to the UE 112; In the context, the first ProSe function entity 111 initiates a UE context acquisition process to the HSS. After the UE context is successfully obtained, the first ProSe function entity 111 successfully authenticates the UE 112 and returns an allocation to the UE 112. D2D business temporary identifier.

Further, after the first ProSe functional entity 111 allocates the D2D service temporary identifier to the UE 112, the UE 112 is further configured to send a discovery service request message to the first ProSe functional entity 111; The message may be a D2D discovery service request for one UE, or may be a D2D discovery service request for multiple UEs; the discovery service The request message includes: a discovery service type and a temporary identifier of the D2D service;

The first ProSe functional entity 111 is further configured to authenticate the discovery request of the UE 112; if it is found that the authentication is requested, the first ProSe functional entity 111 according to the corresponding service type to the ProSe under the local PLMN of the discovered UE. Initiating a corresponding discovery service process; the first ProSe function entity 111 sends a discovery service response message to the UE 112, and the message carries the first ProSe function entity 111 as the UE 112. The assigned D2D service temporary identifier.

Specifically, the first ProSe functional entity 111 authenticates the discovery request of the UE 112, including:

The first ProSe functional entity 111 searches for a UE context related to the UE 112 according to the D2D service temporary identifier, and when the context corresponding to the UE 112 is found, the UE 112 finds that the request is obtained for authentication;

When the context corresponding to the UE 112 is not found, the first ProSe functional entity 111 initiates an acquisition of an IMSI request to the UE 112; the UE 112 returns an acquisition IMSI response to the first ProSe functional entity 111, and obtains an IMSI response. Carrying the IMSI corresponding to the UE 112; the first ProSe function entity 111 queries whether the UE context exists according to the IMSI, and when present, the UE 112 finds that the request is obtained for authentication;

If not present, the first ProSe functional entity 111 performs discovery service authentication authentication to the HSS, and establishes a new UE context, and the UE 112 finds that the request is obtained for authentication.

Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment of a combination of software and hardware. Moreover, the invention can be embodied in the form of a computer program product embodied on one or more computer usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.

The present invention is directed to a method, apparatus (system), and computer program in accordance with an embodiment of the present invention. The flow chart and/or block diagram of the product is described. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device processor to produce a machine such that a flow or a block diagram of a flow or a block diagram or A device that has multiple functions specified in the box.

The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

claims

1. An authentication method, the method includes:

The first distance-based service ProSe functional entity delivers configuration parameters to the user equipment UE; the UE initiates an authentication process to the first ProSe functional entity according to the configuration parameters, and the first ProSe functional entity After the UE authentication is successful, allocate to the UE

D2D business temporary identification.

2. The method according to claim 1, wherein the configuration parameters include a list of PLMN identities supported by the UE and a D2D service temporary identity allocated by the first ProSe functional entity to the UE, or the configuration parameters Only the list of PLMN identities supported by the UE is included.

3. The method according to claim 2, wherein before the first ProSe functional entity authenticates the UE, the method further includes:

The UE determines that the local PLMN identity is in the received PLMN identity list, and initiates an authentication request to the second ProSe functional entity.

4. The method according to claim 2, wherein when the configuration parameters received by the UE include a list of PLMN identities supported by the UE and a D2D service temporary identity allocated by the first ProSe functional entity to the UE , the UE initiates an authentication and authentication process to the first ProSe functional entity according to the configuration parameters, including:

The UE sends an authentication and authentication request to the second ProSe functional entity, where the authentication and authentication request carries the local PLMN identity and the D2D service temporary identity received by the UE;

The second ProSe functional entity forwards the authentication request to the first ProSe functional entity;

The first ProSe functional entity searches the UE context corresponding to the UE according to the D2D service temporary identifier;

When the UE context corresponding to the UE is found, the first ProSe functional entity successfully authenticates the UE and returns the assigned D2D service temporary identifier to the UE; When the context corresponding to the UE is not found, the first ProSe functional entity initiates the UE context acquisition process of the UE to the home user server HSS. After the UE context acquisition is successful, the first ProSe functional entity If the UE authentication is successful, the assigned D2D service temporary identifier is returned to the UE.

5. The method according to claim 2, wherein when the configuration parameters received by the UE only include a PLMN identity list supported by the UE, the UE sends a request to the first ProSe functional entity according to the configuration parameters. Initiate the authentication process, including:

The UE sends an authentication and authentication request to the second ProSe functional entity, and the authentication and authentication request carries the International Mobile Subscriber Identity IMSI or the D2D service temporary identifier;

The first ProSe functional entity performs the UE authentication process according to the IMSI or D2D service temporary identifier.

6. The method according to claim 5, wherein the first ProSe functional entity performs a UE authentication process based on the IMSI or D2D service temporary identity, including:

The first ProSe functional entity searches for the UE context corresponding to the UE according to the IMSI or D2D service temporary identifier;

When the UE context corresponding to the UE is found, the first ProSe functional entity successfully authenticates the UE and returns the allocated D2D service temporary identity to the UE;

When the context corresponding to the UE is not found, the first ProSe functional entity initiates a UE context acquisition process to the HSS. After the UE context acquisition is successful, the first ProSe functional entity successfully authenticates the UE and reports to the HSS. The UE returns the assigned D2D service temporary identifier.

7. The method according to any one of claims 1 to 6, wherein after the first ProSe functional entity allocates the D2D service temporary identity to the UE, the method further includes:

The UE sends a discovery service request message to the first ProSe functional entity; the discovery The service request message includes: discovered service type and D2D service temporary identifier;

After the discovery request is authenticated, the first ProSe functional entity initiates the corresponding discovery service process according to the corresponding service type;

After the discovery service processing is completed, the first ProSe functional entity returns a discovery service request response message to the UE, and the message carries the D2D service temporary identity assigned by the first ProSe functional entity to the UE.

8. The method according to claim 7, wherein the first ProSe functional entity authenticates the discovery request of the UE, including:

The first ProSe functional entity searches for the UE context related to the UE according to the D2D service temporary identifier. When the UE context corresponding to the UE is found, the UE discovery request is authenticated;

When the UE context corresponding to the UE is not found, the first ProSe functional entity initiates an IMSI acquisition request to the UE; the UE sends back an IMSI acquisition response to the first ProSe functional entity and carries the UE Corresponding IMSI; The first ProSe functional entity queries whether there is a UE context corresponding to the UE according to the IMSI. If it exists, the UE discovers and requests to obtain authentication;

If it does not exist, the first ProSe functional entity performs discovery service authentication and authentication on the HSS, the HSS establishes a new UE context for the UE, and the UE discovery request is authenticated.

9. An authentication method, the method includes:

The first ProSe functional entity delivers configuration parameters to the UE;

After the first ProSe functional entity successfully authenticates the UE, it allocates a D2D service temporary identifier to the UE.

10. The method according to claim 9, wherein the configuration parameters include a PLMN identity list supported by the UE and a D2D D2D identifier allocated by the first ProSe functional entity to the UE. The service temporary identifier, or the configuration parameter only includes a list of PLMN identifiers supported by the UE.

11. The method according to claim 10, wherein the first ProSe functional entity authenticates and authenticates the UE, including:

The first ProSe functional entity receives an authentication and authentication request sent by the second ProSe functional entity, and the authentication and authentication request carries the local PLMN identifier and the D2D service temporary identifier received by the UE;

When the context corresponding to the UE is found, the first ProSe functional entity successfully authenticates the UE and returns the allocated D2D service temporary identity to the UE;

When the context corresponding to the UE is not found, the first ProSe functional entity initiates a UE context acquisition process to the HSS. After the UE context acquisition is successful, the first ProSe functional entity successfully authenticates the UE and sends a request to the HSS. The UE returns the assigned D2D service temporary identifier.

12. The method according to claim 10, wherein the first ProSe functional entity authenticates and authenticates the UE, including:

The first ProSe functional entity receives an authentication and authentication request sent by the second ProSe functional entity, and the authentication and authentication request carries IMSI or D2D service temporary identifier;

The first ProSe performs a UE authentication process based on the IMSI or D2D service temporary identifier.

13. The method according to claim 12, wherein the performing the UE authentication process includes:

The first ProSe searches for the UE context corresponding to the UE according to the IMSI or D2D service temporary identifier;

When the context corresponding to the UE is found, the first ProSe functional entity successfully authenticates the UE and returns the assigned D2D service temporary identifier to the UE; When the context corresponding to the UE is not found, the first ProSe functional entity initiates a UE context acquisition process to the HSS. After the UE context acquisition is successful, the first ProSe functional entity successfully authenticates the UE and reports to the HSS. The UE returns and allocates a D2D service temporary identifier.

14. The method according to any one of claims 9 to 13, wherein after the first ProSe functional entity allocates the D2D service temporary identity to the UE, the method further includes:

The first ProSe functional entity receives the discovery service request message sent by the UE; the discovery service request message includes: discovery service type and D2D service temporary identifier;

After the discovery service processing is completed, the first ProSe functional entity returns a discovery service request response message to the UE, and the message carries the D2D service temporary identifier allocated by the first ProSe functional entity to the UE.

15. The method according to claim 14, wherein the first ProSe functional entity authenticates the discovery request of the UE, including:

The first ProSe functional entity searches for the UE context related to the UE according to the D2D service temporary identifier. When the context corresponding to the UE is found, the UE discovery request is authenticated;

When the context corresponding to the UE is not found, the first ProSe functional entity initiates an IMSI acquisition request to the UE; after the IMSI is successfully obtained, the first ProSe functional entity queries whether the UE exists according to the IMSI. When the corresponding UE context exists, the UE discovers that the request is authenticated;

16. An authentication method, the method includes: The UE receives the configuration parameters issued by the first ProSe functional entity; the UE initiates an authentication and authentication process to the first ProSe functional entity according to the configuration parameters, and after the authentication and authentication is successful, receives the first ProSe function D2D service temporary ID assigned by the entity.

17. The method according to claim 16, wherein the configuration parameters include a list of PLMN identities supported by the UE and a D2D service temporary identity allocated by the first ProSe functional entity to the UE, or the configuration parameters Only the list of PLMN identities supported by the UE is included.

18. The method according to claim 17, wherein before the UE authenticates to the first ProSe functional entity, the method further includes:

The UE determines that the local PLMN identity is in the received PLMN identity list, and the UE initiates an authentication request to the second ProSe functional entity.

19. The method according to claim 16, wherein when the configuration parameters received by the UE include a list of PLMN identities supported by the UE and a D2D service temporary identity allocated by the first ProSe functional entity to the UE , the UE initiates an authentication and authentication process to the first ProSe functional entity according to the configuration parameters, including:

The UE sends an authentication and authentication request to the first ProSe functional entity, and the authentication and authentication request carries the local PLMN identity and the D2D service temporary identity received by the UE;

When the authentication is successful, the UE receives the D2D service temporary identity allocated by the first ProSe functional entity to the UE.

20. The method according to claim 16, wherein when the configuration parameters received by the UE only include a PLMN identity list supported by the UE, the UE sends a request to the first ProSe functional entity according to the configuration parameters. Initiate the authentication process, including:

The UE sends an authentication and authentication request to the first ProSe functional entity, and the authentication and authentication request carries IMSI or D2D service temporary identification.

21. The method according to any one of claims 16 to 20, wherein, after the UE receives the D2D service temporary identity allocated by the first ProSe functional entity, the method further include:

The UE sends a discovery service request message to the first ProSe functional entity; the discovery service request message includes: discovery service type and D2D service temporary identifier;

When the first ProSe functional entity does not find the UE context corresponding to the UE according to the D2D service temporary identifier, the UE receives the obtain IMSI request sent by the first ProSe functional entity, and obtains the IMSI according to the Request to return an obtain IMSI response to the first ProSe functional entity, where the obtain IMSI response carries the IMSI corresponding to the UE;

After the discovery service processing is completed, the UE receives the D2D service temporary identity assigned to the UE by the first ProSe functional entity.

22. A ProSe functional entity, the ProSe functional entity includes: a configuration parameter delivery module, an authentication and authentication module, and a temporary identity allocation module; wherein,

The configuration parameter delivery module is configured to deliver configuration parameters to the UE;

The authentication and authentication module is configured to perform authentication and authentication on the UE, and trigger the temporary identity allocation module when the authentication and authentication is successful;

The temporary identity allocation module is configured to send a message to the authentication module when triggered by the authentication and authentication module.

The UE delivers the D2D service temporary identifier.

23. The ProSe functional entity according to claim 22, wherein the configuration parameters delivered by the configuration parameter delivery module to the UE include a PLMN identity list supported by the UE and the temporary identity allocation module is the The D2D service temporary identity allocated by the UE, or the configuration parameters only include a list of PLMN identities supported by the UE.

24. The ProSe functional entity according to claim 23, wherein the ProSe functional entity further includes: a discovery request authentication module and a discovery service processing module; wherein,

The discovery request authentication module is configured to receive the discovery service request of the UE and authenticate the discovery service request of the UE, wherein the discovery service request includes: a discovery service type and a D2D service temporary identifier; and is also configured to After the discovery service request authentication for the UE is successful, Trigger the discovery service processing module;

The discovery service processing module is configured to perform discovery service processing for the UE when triggered by the discovery request authentication module, and after the discovery service processing is completed, return a discovery service response message to the UE, the discovery service The response message carries the D2D service temporary identity allocated by the temporary identity allocation module to the UE.

25. A UE, the UE includes: a configuration parameter receiving module and an authentication and authentication request sending module; wherein,

The configuration parameter receiving module is configured to receive the configuration parameters issued by the first ProSe functional entity;

The authentication and authentication request sending module is configured to initiate an authentication and authentication process to the first ProSe functional entity;

The configuration parameter receiving module is further configured to receive the D2D service temporary identity assigned by the first ProSe functional entity after the authentication to the first ProSe functional entity is successful.

26. The UE according to claim 25, wherein the configuration parameters include a list of PLMN identities supported by the UE and a D2D service temporary identity allocated by the first ProSe functional entity to the UE, or the configuration parameters Only the list of PLMN identities supported by the UE is included.

27. The UE according to claim 26, wherein the UE further includes a judgment module; the judgment module is configured to initiate an authentication and authentication process to the first ProSe functional entity in the authentication and authentication request sending module. Previously, when it is determined that the local PLMN identity of the UE is in the received PLMN identity list, the authentication and authentication request sending module is triggered to send an authentication and authentication request to the second ProSe functional entity.

28. The UE according to any one of claims 25 to 27, wherein the UE further includes: a discovery service request module and a request processing module; wherein,

The discovery service request module is configured to send a discovery service request message to the first ProSe functional entity; the discovery service request message includes: discovery service type and D2D service temporary logo;

The request processing module is configured to receive an IMSI acquisition request sent by the first ProSe functional entity when the first ProSe functional entity does not find the UE context corresponding to the UE according to the D2D service temporary identifier, and based on the The Get IMSI request returns an Get IMSI response to the first ProSe, and the Get IMSI response carries the IMSI corresponding to the UE;

The configuration parameter receiving module is further configured to receive the D2D service temporary identifier allocated by the first ProSe functional entity to the UE after the discovery service processing is completed.

29. An authentication and authentication system, the system includes: a first ProSe functional entity and a UE; the first ProSe functional entity is configured to deliver configuration parameters to the UE; and is also configured to authenticate the UE. After successful authentication, allocate a D2D service temporary identifier to the UE;

The UE is configured to initiate an authentication and authentication process to the first ProSe functional entity according to the configuration parameters.

30. The system according to claim 29, wherein the first ProSe functional entity delivers configuration parameters to the UE, including: the first ProSe functional entity combines the PLMN identification list supported by the UE and the The D2D service temporary identity allocated by the first ProSe functional entity to the UE or the PLMN identity list supported by the UE is delivered to the UE as a configuration parameter.

31. The system according to claim 30, wherein the UE is further configured to initiate an authentication request to the first ProSe functional entity when it is determined that the local PLMN identity is in the received PLMN identity list.

32. The system according to claim 30, wherein the UE is further configured to send a discovery service request message to the first ProSe functional entity; the discovery service request message includes: a discovery service type and a D2D service temporary identifier. ;

The first ProSe functional entity is also configured to authenticate the discovery request of the UE; after the discovery request is authenticated, initiate a corresponding discovery service process according to the corresponding service type; and after the discovery service processing is completed, The UE sends back a discovery service response message. The discovery service The response message carries the D2D service temporary identity allocated by the first ProSe functional entity to the UE.

33. A computer storage medium, the computer storage medium includes a set of instructions that, when executed, cause at least one processor to execute the authentication method according to any one of claims 1 to 8, or execute The authentication and authentication method as described in any one of claims 9 to 15, or the authentication and authentication method as described in any one of claims 16 to 21.