WO2022265165A1

WO2022265165A1 - Method and apparatus for performing device-to-device communication in wireless communication system

Info

Publication number: WO2022265165A1
Application number: PCT/KR2021/014387
Authority: WO
Inventors: 김동주; 김현숙
Original assignee: 엘지전자 주식회사
Priority date: 2021-06-18
Filing date: 2021-10-15
Publication date: 2022-12-22

Abstract

The present disclosure can provide a method for operating a terminal in a wireless communication system. Here, the method for operating a terminal may comprise steps in which: a first terminal transmits, on the basis of a first application, a discovery request message including a first ID; the first terminal receives a discovery response message on the basis of the discovery request message; and the first terminal performs device-to-device communication with a second terminal with respect to the first application on the basis of the role of the first terminal.

Description

Method and apparatus for performing direct communication between terminals in a wireless communication system

The following description relates to a wireless communication system and to a method and apparatus for performing direct communication between terminals. Specifically, it relates to a method for a terminal supporting ProSe (Proximity-based Service) to search for another terminal.

A wireless access system is widely deployed to provide various types of communication services such as voice and data. In general, a wireless access system is a multiple access system capable of supporting communication with multiple users by sharing available system resources (bandwidth, transmission power, etc.). Examples of the multiple access system include a code division multiple access (CDMA) system, a frequency division multiple access (FDMA) system, a time division multiple access (TDMA) system, an orthogonal frequency division multiple access (OFDMA) system, and a single carrier frequency (SC-FDMA) system. division multiple access) system.

In particular, as many communication devices require large communication capacity, an enhanced mobile broadband (eMBB) communication technology compared to existing radio access technology (RAT) has been proposed. In addition, a communication system considering reliability and latency-sensitive services/UE (user equipment) as well as mMTC (massive machine type communications) providing various services anytime and anywhere by connecting multiple devices and objects has been proposed. . Various technical configurations for this have been proposed.

The present disclosure may provide a method and apparatus for performing direct communication between terminals in a wireless communication system.

The present disclosure may provide a method and apparatus for performing a search for direct communication between terminals in a wireless communication system.

The present disclosure may provide a method and apparatus for performing message security between searched terminals when a plurality of searched terminals exist in a wireless communication system.

The present disclosure may provide a method and apparatus for differently configuring information included in a search response message in consideration of a role of a terminal in a wireless communication system.

The technical objects to be achieved in the present disclosure are not limited to the above-mentioned matters, and other technical problems not mentioned above are common knowledge in the art to which the technical configuration of the present disclosure is applied from the embodiments of the present disclosure to be described below. can be considered by those who have

As an example of the present disclosure, in a method of operating a terminal in a wireless communication system, a first terminal transmits a search request message including a first ID based on a first application, the first terminal based on the search request message Based on the step of receiving the search response message and the role of the first terminal, the first terminal may perform direct communication between the second terminal and the terminal for the first application.

In addition, as an example of the present disclosure, in a terminal operating in a wireless communication system, at least one transceiver, at least one processor, and operatively connected to at least one processor, and when executed, at least one processor performs a specific operation. and at least one memory for storing instructions to be performed, and the specific operation controls the transceiver to transmit a search request message including first ID information based on a first application, and the search request message It is possible to control the transceiver to receive a search response message based on, and to perform direct communication between another terminal and a terminal for the first application based on the role of the terminal.

In addition, as an example of the present disclosure, in a method of operating a server in a wireless communication system, including receiving an authentication request message based on a first application and transmitting an authentication response message based on the authentication request message, , the authentication response message may include different information based on the role of the terminal.

In addition, as an example of the present disclosure, in a server operating in a wireless communication system, at least one transceiver, at least one processor, and operatively connected to at least one processor, and when executed, at least one processor performs a specific operation. and at least one memory storing instructions to be performed, and the specific operation controls the transceiver to receive an authentication request message based on the first application, and transmits an authentication response message based on the authentication request message. However, the authentication response message may include different information based on the role of the terminal.

In addition, as an example of the present disclosure, in a method of operating a network operating in a wireless communication system, receiving a search request message including a first ID based on a first application from a terminal, based on the search request message It may include performing authentication with the ProSe application server and transmitting a search response message to the terminal based on the authentication with the ProSe application server.

In addition, as an example of the present disclosure, in a network operating in a wireless communication system, at least one transceiver, at least one processor, and at least one processor are operatively connected to the at least one processor, and when executed, the at least one processor performs a specific operation. It includes at least one memory for storing instructions to be performed, and the specific operation is: controlling the transceiver to receive a search request message including a first ID based on a first application from the terminal, and requesting a search The transmitter/receiver may be controlled to perform authentication with the ProSe application server based on the message and transmit a search response message to the terminal based on the authentication with the ProSe application server.

In addition, as an example of the present disclosure, in an apparatus including at least one memory and at least one processor functionally connected to the at least one memory, the at least one processor is a device configured to: based on a first application Transmits a search request message including the first ID information, receives a search response message based on the search request message, and performs direct communication between terminals for the first application with another terminal based on the role of the terminal. there is.

In addition, as an example of the present disclosure, in a non-transitory computer-readable medium storing at least one instruction, at least one executable by a processor Includes instructions of, wherein at least one instruction includes, at least one processor transmits a search request message including first ID information based on a first application, receives a search response message based on the search request message, And based on the role of the terminal, direct communication between other terminals and the terminal for the first application may be performed.

The present specification has an effect of providing a method for performing direct communication between terminals in a wireless communication system.

The present disclosure has an effect of providing a method for performing a search for direct communication between terminals in a wireless communication system.

The present disclosure has an effect of providing a method for performing message security between searched terminals when a plurality of searched terminals exist in a wireless communication system.

The present disclosure has an effect of providing a method of differently configuring information included in a search response message in consideration of a role of a terminal in a wireless communication system.

Effects obtainable in the embodiments of the present disclosure are not limited to the above-mentioned effects, and other effects not mentioned are technical fields to which the technical configuration of the present disclosure is applied from the description of the following embodiments of the present disclosure. can be clearly derived and understood by those skilled in the art. That is, unintended effects according to implementing the configuration described in the present disclosure may also be derived by those skilled in the art from the embodiments of the present disclosure.

The accompanying drawings are provided to aid understanding of the present disclosure, and may provide embodiments of the present disclosure together with a detailed description. However, the technical features of the present disclosure are not limited to specific drawings, and features disclosed in each drawing may be combined with each other to form a new embodiment. Reference numerals in each drawing may mean structural elements.

1 is a diagram illustrating various reference points.

2 is a diagram illustrating an example of a network structure of an evolved universal terrestrial radio access network (E-UTRAN) applicable to the present disclosure.

3 is a diagram illustrating an example of an architecture of a general E-UTRAN and an evolved packet core (EPC).

4 is a diagram illustrating an example of a structure of a radio interface protocol in a control plane between a user equipment (UE) and an evolved node B (eNB).

5 is a diagram illustrating an example of a structure of an air interface protocol in a user plane between a UE and an eNB.

6 is a diagram illustrating an example of an architecture of a general new radio (NR)-radio access network (RAN).

7 is a diagram illustrating an example of functional separation between a general NG-RAN and a 5th generation core (5GC).

8 is a diagram illustrating an example of a general architecture of a 5th generation (5G) system.

9 is a diagram illustrating an example of a wireless device applicable to the present disclosure.

10 is a diagram illustrating another example of a wireless device applied to the present disclosure.

11 is a diagram illustrating an example of a portable device applied to the present disclosure.

12 is a diagram illustrating a structural model of proximity-based services (ProSe) applied to the present disclosure.

13 is a diagram illustrating a security procedure of open search applied to the present disclosure.

14 is a diagram illustrating a method of performing a ProSe search applied to the present disclosure.

15 is a diagram illustrating a method of performing a ProSe search applied to the present disclosure.

16 is a diagram illustrating a ProSe model B constrained search scheme applied to the present disclosure.

17 may be an improved ProSe model B constrained search scheme applied to the present disclosure.

18 is a diagram illustrating the operation of a ProSe application server based on a role of a terminal applied to the present disclosure.

19 is a flowchart illustrating a terminal operation method applied to the present disclosure.

The following embodiments are those that combine elements and features of the present disclosure in a predetermined form. Each component or feature may be considered optional unless explicitly stated otherwise. Each component or feature may be implemented in a form not combined with other components or features. In addition, an embodiment of the present disclosure may be configured by combining some elements and/or features. The order of operations described in the embodiments of the present disclosure may be changed. Some components or features of one embodiment may be included in another embodiment, or may be replaced with corresponding components or features of another embodiment.

In the description of the drawings, procedures or steps that may obscure the gist of the present disclosure have not been described, and procedures or steps that can be understood by those skilled in the art have not been described.

Throughout the specification, when a part is said to "comprising" or "including" a certain element, it means that it may further include other elements, not excluding other elements, unless otherwise stated. do. In addition, terms such as “… unit”, “… unit”, and “module” described in the specification mean a unit that processes at least one function or operation, which is hardware or software or a combination of hardware and software. can be implemented as Also, "a or an", "one", "the" and similar related words in the context of describing the present disclosure (particularly in the context of the claims below) Unless indicated or otherwise clearly contradicted by context, both the singular and the plural can be used.

In this specification, the embodiments of the present disclosure have been described with a focus on a data transmission/reception relationship between a base station and a mobile station. Here, a base station has meaning as a terminal node of a network that directly communicates with a mobile station. A specific operation described as being performed by a base station in this document may be performed by an upper node of the base station in some cases.

That is, in a network composed of a plurality of network nodes including a base station, various operations performed for communication with a mobile station may be performed by the base station or network nodes other than the base station. At this time, the 'base station' is a term such as a fixed station, Node B, eNode B, gNode B, ng-eNB, advanced base station (ABS), or access point. can be replaced by

In addition, in the embodiments of the present disclosure, a terminal includes a user equipment (UE), a mobile station (MS), a subscriber station (SS), a mobile subscriber station (MSS), It may be replaced with terms such as mobile terminal or advanced mobile station (AMS).

In addition, the transmitting end refers to a fixed and/or mobile node providing data service or voice service, and the receiving end refers to a fixed and/or mobile node receiving data service or voice service. Therefore, in the case of uplink, the mobile station can be a transmitter and the base station can be a receiver. Similarly, in the case of downlink, the mobile station may be a receiving end and the base station may be a transmitting end.

Embodiments of the present disclosure are wireless access systems, such as an IEEE 802.xx system, a 3rd Generation Partnership Project (3GPP) system, a 3GPP Long Term Evolution (LTE) system, a 3GPP 5G (5th generation) NR (New Radio) system, and a 3GPP2 system. It may be supported by at least one disclosed standard document, and in particular, the embodiments of the present disclosure are supported by 3GPP technical specification (TS) 38.211, 3GPP TS 38.212, 3GPP TS 38.213, 3GPP TS 38.321 and 3GPP TS 38.331 documents It can be.

In addition, embodiments of the present disclosure may be applied to other wireless access systems, and are not limited to the above-described systems. For example, it may also be applicable to a system applied after the 3GPP 5G NR system, and is not limited to a specific system.

That is, obvious steps or parts not described in the embodiments of the present disclosure may be described with reference to the above documents. In addition, all terms disclosed in this document can be explained by the standard document.

Hereinafter, preferred embodiments according to the present disclosure will be described in detail with reference to the accompanying drawings. The detailed description set forth below in conjunction with the accompanying drawings is intended to describe exemplary embodiments of the present disclosure, and is not intended to represent the only embodiments in which the technical configurations of the present disclosure may be practiced.

In addition, specific terms used in the embodiments of the present disclosure are provided to aid understanding of the present disclosure, and the use of these specific terms may be changed in other forms without departing from the technical spirit of the present disclosure.

The following technologies include code division multiple access (CDMA), frequency division multiple access (FDMA), time division multiple access (TDMA), orthogonal frequency division multiple access (OFDMA), single carrier frequency division multiple access (SC-FDMA), and the like. It can be applied to various wireless access systems.

For clarity, the following description is based on a 3GPP communication system (eg, LTE, NR, etc.), but the technical spirit of the present invention is not limited thereto. LTE may refer to technology after 3GPP TS 36.xxx Release 8. In detail, LTE technology after 3GPP TS 36.xxx Release 10 may be referred to as LTE-A, and LTE technology after 3GPP TS 36.xxx Release 13 may be referred to as LTE-A pro. 3GPP NR may mean technology after TS 38.xxx Release 15. 3GPP 6G may mean technology after TS Release 17 and/or Release 18. "xxx" means standard document detail number. LTE/NR/6G may be collectively referred to as a 3GPP system.

For background art, terms, abbreviations, etc. used in the present disclosure, reference may be made to matters described in standard documents published prior to the present invention. As an example, 36.xxx and 38.xxx standard documents may be referred to.

Terms that can be used in this document are defined as follows.

- IMS (IP Multimedia Subsystem or IP Multimedia Core Network Subsystem): An architectural framework for providing standardization for delivering voice or other multimedia services over IP.

- UMTS (Universal Mobile Telecommunications System): GSM (Global System for Mobile Communication)-based 3rd generation mobile communication technology developed by 3GPP

- EPS (Evolved Packet System): A network system composed of an Evolved Packet Core (EPC), which is a packet switched core network based on IP (Internet Protocol), and access networks such as LTE and UTRAN. UMTS is an evolved form of network.

- NodeB: A base station of a UMTS network. It is installed outdoors and the coverage is macro cell scale.

- eNodeB: Base station of EPS network. It is installed outdoors and the coverage is macro cell scale.

- Home NodeB: Base station of UMTS network, installed indoors, coverage is micro cell scale

- Home eNodeB: Base station of EPS network, installed indoors, coverage is micro cell scale

- Terminal (User Equipment): User equipment. A terminal may be referred to by terms such as a terminal, a mobile equipment (ME), and a mobile station (MS). In addition, the terminal may be a portable device such as a laptop computer, a mobile phone, a personal digital assistant (PDA), a smart phone, and a multimedia device, or may be a non-portable device such as a personal computer (PC) and a vehicle-mounted device. In MTC-related content, the term terminal or terminal may refer to an MTC terminal.

- MTC (Machine Type Communication): Communication performed by a machine without human intervention. It may also be referred to as machine to machine (M2M) communication.

- MTC terminal (MTC UE or MTC device or MTC device): A terminal (eg, vending machine, meters, etc.).

- RAN (Radio Access Network): A unit including a Node B, a Radio Network Controller (RNC) that controls it, and an eNodeB in a 3GPP network. It exists at the terminal end and provides connection to the core network.

- HLR (Home Location Register)/HSS (Home Subscriber Server): A database containing subscriber information within the 3GPP network. The HSS may perform functions such as configuration storage, identity management, and user state storage.

- PLMN (Public Land Mobile Network): A network constructed for the purpose of providing mobile communication services to individuals. It may be configured by being classified for each operator.

-NAS (Non-Access Stratum): A functional layer for exchanging signaling and traffic messages between the terminal and the core network in the UMTS and EPS protocol stacks. Its main function is to support the mobility of the terminal and to support the session management procedure for establishing and maintaining the IP connection between the terminal and the PDN GW.

- SCEF (Service Capability Exposure Function): An entity within the 3GPP architecture for service capability exposure that provides a means for securely exposing services and capabilities provided by 3GPP network interfaces.

- MME (Mobility Management Entity): Network node of EPS network that performs mobility management and session management functions

- PDN-GW (Packet Data Network Gateway): Network node of EPS network that performs UE IP address allocation, packet screening and filtering, and charging data collection functions

- Serving GW (Serving Gateway): A network node of the EPS network that performs functions such as mobility anchor, packet routing, idle mode packet buffering, and triggering paging for the UE of the MME.

- PCRF (Policy and Charging Rule Function): EPS network node that makes policy decisions to dynamically apply differentiated QoS and charging policies for each service flow

- OMA DM (Open Mobile Alliance Device Management): A protocol designed to manage mobile devices such as mobile phones, PDAs, portable computers, etc., such as device configuration, firmware upgrade, error report, etc. performs the function of

- OAM (Operation Administration and Maintenance): A network management function group that provides network fault display, performance information, and data and diagnostic functions.

- PDN (Packet Data Network): A network where servers supporting specific services (eg, MMS server, WAP server, etc.) are located.

- PDN connection: Connection from the terminal to the PDN, that is, association (connection) between the terminal represented by the ip address and the PDN represented by the APN

- EMM (EPS Mobility Management): As a sub-layer of the NAS layer, depending on whether the UE is network attached or detached, EMM is in either "EMM-Registered" or "EMM-Deregistered" state. There may be.

-ECM (EMM Connection Management) connection: a signaling connection for exchange of NAS messages established between the UE and the MME. The ECM connection is a logical connection composed of an RRC connection between the UE and the eNB and an S1 signaling connection between the eNB and the MME. When the ECM connection is established / terminated, the RRC and S1 signaling connections are established / terminated as well. The established ECM connection means having an RRC connection established with the eNB to the UE, and means having an S1 signaling connection established with the eNB to the MME. Depending on whether the NAS signaling connection, that is, the ECM connection is established, the ECM may have a state of "ECM-Connected" or "ECM-Idle".

- AS (Access-Stratum): It includes a protocol stack between the UE and the wireless (or access) network, and is responsible for transmitting data and network control signals.

- NAS configuration (configuration) MO (Management Object): MO (Management object) used in the process of setting parameters (parameters) related to NAS functionality (Functionality) to the UE.

- PDN (Packet Data Network): A network in which servers supporting specific services (eg, MMS (Multimedia Messaging Service) server, WAP (Wireless Application Protocol) server, etc.) are located.

- PDN connection: a logical connection between the UE and the PDN, represented by one IP address (one IPv4 address and/or one IPv6 prefix).

- APN (Access Point Name): A string that indicates or identifies a PDN. In order to access the requested service or network, a specific P-GW is passed through. This means a predefined name (string) within the network to find this P-GW. (e.g. internet.mnc012.mcc345.gprs)

- ANDSF (Access Network Discovery and Selection Function): Provides a policy that allows the UE to discover and select available access in units of operators as a network entity.

- EPC path (or infrastructure data path): User plane communication path through EPC

- E-RAB (E-UTRAN Radio Access Bearer): refers to the concatenation of the S1 bearer and the corresponding data radio bearer. If an E-RAB exists, there is a one-to-one mapping between the E-RAB and the EPS bearer of the NAS.

- GPRS Tunneling Protocol (GTP): A group of IP-based communications protocols used to carry the general packet radio service (GPRS) within GSM, UMTS and LTE networks. Within the 3GPP architecture, GTP and proxy mobile IPv6 based interfaces are specified on various interface points. GTP can be decomposed into several protocols (eg GTP-C, GTP-U and GTP'). GTP-C is used within a GPRS core network for signaling between Gateway GPRS Support Nodes (GGSN) and Serving GPRS Support Nodes (SGSN). GTP-C allows the SGSN to activate a session for a user (eg, activate a PDN context), deactivate the same session, and adjust the quality of service parameters. ), or renewing a session for a subscriber that has just started operating from another SGSN. GTP-U is used to carry user data within the GPRS core network and between the radio access network and the core network.

Hereinafter, the present specification will be described based on the terms defined above.

The three main requirement areas for 5G are (1) Enhanced Mobile Broadband (eMBB) area, (2) Massive Machine Type Communication (mMTC) area, and (3) Hyper-reliability and It includes the Ultra-reliable and Low Latency Communications (URLLC) area.

Some use cases may require multiple areas for optimization, while other use cases may focus on just one key performance indicator (KPI). 5G supports these diverse use cases in a flexible and reliable way.

본 개시에 적용될 수 있는 5G 시스템 아키텍처5G system architecture that can be applied to the present disclosure

The 5G system is an advanced technology from the 4th generation LTE mobile communication technology, and new radio access technology (RAT: Radio Access Technology), LTE (Long As an extended technology of Term Evolution, eLTE (extended LTE) and non-3GPP (eg, WLAN) access are supported.

The 5G system is defined as service-based, and the interaction between network functions (NFs) in the architecture for the 5G system can be represented in two ways as follows.

- Reference point representation: Interaction between NF services within NFs described by a point-to-point reference point (eg, N11) between two NFs (eg, AMF and SMF) indicate

- Service-based representation: Network functions (eg, AMF) in the Control Plane (CP) allow other authorized network functions to access their services. This representation also includes a point-to-point reference point where necessary.

3GPP 시스템 일반3GPP System General

1 shows various reference points.

Although the example of the network structure of FIG. 1 shows that the SGW and the PDN GW are configured as separate gateways, the two gateways may be implemented according to a single gateway configuration option.

The MME is an element that performs signaling and control functions for supporting access to a network connection of a UE, allocation of network resources, tracking, paging, roaming, and handover. The MME controls control plane functions related to subscriber and session management. The MME manages numerous eNBs and performs signaling for selection of a conventional gateway for handover to other 2G/3G networks. In addition, the MME performs functions such as security procedures, terminal-to-network session handling, and idle terminal location management.

The SGSN handles all packet data such as user mobility management and authentication to other 3GPP networks (eg, GPRS networks).

The ePDG acts as a secure node for untrusted non-3GPP networks (eg, I-WLAN, WiFi hotspots, etc.).

As described with reference to FIG. 1, a UE having IP capability can access IP provided by an operator (ie, an operator) via various elements in the EPC, not only based on 3GPP access but also on non-3GPP access. A service network (eg, IMS) may be accessed.

Also, reference points such as, for example, S1-U, S1-MME, etc. may connect two functions residing in different functional entities. In the 3GPP system, a conceptual link connecting two functions existing in different functional entities of E-UTRAN and EPC is defined as a reference point. Table 1 below summarizes reference points shown in FIG. 1 . In addition to the examples in [Table 1], various reference points may exist according to the network structure.

Among the reference points shown in FIG. 1, S2a and S2b correspond to non-3GPP interfaces. S2a is a reference point that provides the user plane with related control and mobility support between trusted non-3GPP access and PDN GWs. S2b is a reference point that provides the user plane with related control and mobility support between ePDG and PDN GW.

The E-UTRAN system is a system evolved from the existing UTRAN system, and may be, for example, a 3GPP LTE/LTE-A system. Communication networks are widely deployed to provide various communication services such as voice (eg, Voice over Internet Protocol (VoIP)) over IMS and packet data.

Referring to Figure 2, the E-UMTS network includes an E-UTRAN, EPC and one or more UEs. The E-UTRAN is composed of eNBs that provide control plane and user plane protocols to the UE, and the eNBs are connected through an X2 interface.

An X2 user plane interface (X2-U) is defined between eNBs. The X2-U interface provides non-guaranteed delivery of user plane packet data units (PDUs). An X2 control plane interface (X2-CP) is defined between two neighboring eNBs. The X2-CP performs functions such as transfer of context between eNBs, control of a user plane tunnel between a source eNB and a target eNB, transfer of handover-related messages, and uplink load management.

The eNB is connected to the terminal through a radio interface and connected to an evolved packet core (EPC) through an S1 interface.

The S1 user plane interface (S1-U) is defined between the eNB and the serving gateway (S-GW). An S1 control plane interface (S1-MME) is defined between an eNB and a mobility management entity (MME). The S1 interface performs an evolved packet system (EPS) bearer service management function, a non-access stratum (NAS) signaling transport function, a network sharing function, and an MME load balancing function. The S1 interface supports a many-to-many-relation between the eNB and the MME/S-GW.

MME is NAS signaling security (security), AS (Access Stratum) security (security) control, CN (Core Network) inter-node (Inter-CN) signaling to support mobility between 3GPP access networks, (perform and control paging retransmission Including) IDLE mode UE reachability, Tracking Area Identity (TAI) management (for idle and active mode UEs), PDN GW and SGW selection, MME for handover in which MME is changed Selection, SGSN selection for handover to 2G or 3G 3GPP access networks, roaming, authentication, bearer management functions including dedicated bearer establishment, Public Warning System (PWS) System) (including the Earthquake and Tsunami Warning System (ETWS) and Commercial Mobile Alert System (CMAS)) message transmission.

As shown in FIG. 3, the eNB performs routing to the gateway, scheduling and transmission of paging messages, scheduling and transmission of broadcast channels (BCH), uplink and downlink while a Radio Resource Control (RRC) connection is active. It is possible to perform functions for dynamic allocation of resources to the UE, configuration and provision for eNB measurement, radio bearer control, radio admission control, and connection mobility control. Within the EPC, paging situations, LTE_IDLE state management, user plane encryption, SAE bearer control, NAS signaling encryption and integrity protection functions can be performed.

Annex J of 3GPP TR 23.799 shows various architectures combining 5G and 4G. In addition, 3GPP TS 23.501 shows an architecture using NR and NGC.

4 is a diagram illustrating an example of a structure of a radio interface protocol in a control plane between a user equipment (UE) and an evolved node B (eNB), and FIG. It is a diagram showing an example of the structure of the air interface protocol of

The air interface protocol is based on the 3GPP radio access network standard. The air interface protocol consists of a physical layer, a data link layer, and a network layer horizontally, and a user plane for data information transmission and control vertically. It is divided into a control plane for signaling transmission.

The protocol layers are L1 (layer 1), L2 (layer 2), and L3 (layer 3) based on the lower 3 layers of the Open System Interconnection (OSI) standard model widely known in communication systems. ) can be distinguished.

Hereinafter, each layer of the radio protocol in the control plane shown in FIG. 4 and the radio protocol in the user plane shown in FIG. 6 will be described.

The first layer, the physical layer, provides an information transfer service using a physical channel. The physical layer is connected to an upper medium access control layer through a transport channel, and data is transferred between the medium access control layer and the physical layer through the transport channel. Also, data is transferred between different physical layers, that is, between physical layers of a transmitting side and a receiving side through a physical channel.

A physical channel is composed of several subframes on the time axis and several subcarriers on the frequency axis. Here, one subframe is composed of a plurality of OFDM symbols and a plurality of subcarriers on the time axis. One subframe consists of a plurality of resource blocks, and one resource block consists of a plurality of OFDM symbols and a plurality of subcarriers. A transmission time interval (TTI), which is a unit time in which data is transmitted, is 1 ms corresponding to one subframe.

According to 3GPP LTE, the physical channels existing in the physical layer of the transmitting side and the receiving side are data channels PDSCH (Physical Downlink Shared Channel) and PUSCH (Physical Uplink Shared Channel) and control channel PDCCH (Physical Downlink Control Channel), It can be divided into Physical Control Format Indicator Channel (PCFICH), Physical Hybrid-ARQ Indicator Channel (PHICH), and Physical Uplink Control Channel (PUCCH).

There are several layers in the second layer. First, the medium access control (MAC) layer of the second layer plays a role of mapping various logical channels to various transport channels, and also a logical channel that maps several logical channels to one transport channel. It plays a role of multiplexing. The MAC layer is connected to the RLC layer, which is the upper layer, through a logical channel. It is divided into traffic channels that transmit user plane information.

The Radio Link Control (RLC) layer of the second layer segments and concatenates the data received from the upper layer to adjust the data size so that the lower layer is suitable for transmitting data over the radio section. play a role

The Packet Data Convergence Protocol (PDCP) layer of the second layer is relatively large in size and contains unnecessary control information in order to efficiently transmit IP packets such as IPv4 or IPv6 in a radio section with a small bandwidth. It performs a header compression (Header Compression) function that reduces the packet header size. In addition, in the LTE system, the PDCP layer also performs a security function, which consists of ciphering to prevent data interception by a third party and integrity protection to prevent data manipulation by a third party.

The Radio Resource Control (RRC) layer located at the top of the third layer is defined only in the control plane, and configures and resets radio bearers (Radio Bearer; abbreviated as RB). In relation to -configuration and release, it is responsible for controlling logical channels, transport channels, and physical channels. In this case, RB means a service provided by the second layer for data transmission between the UE and the E-UTRAN.

If an RRC connection is established between the RRC of the UE and the RRC layer of the wireless network, the UE is in RRC Connected Mode, otherwise it is in RRC Idle Mode. .

Hereinafter, the RRC state of the UE and the RRC connection method will be described. The RRC state indicates whether or not the RRC of the UE has a logical connection with the RRC of the E-UTRAN. When connected, it is called RRC_CONNECTED state, and when not connected, it is called RRC_IDLE state. Since the UE in the RRC_CONNECTED state has an RRC connection, the E-UTRAN can determine the existence of the corresponding UE in units of cells, and thus can effectively control the UE. On the other hand, the UE in the RRC_IDLE state cannot be detected by the E-UTRAN, and is managed by the core network in TA (Tracking Area) units, which are larger than cells. That is, the UE in the RRC_IDLE state is only aware of the existence of the UE in a larger area unit than the cell, and the UE must transition to the RRC_CONNECTED state to receive normal mobile communication services such as voice and data. Each TA is identified through a tracking area identity (TAI). The UE may configure a TAI through a tracking area code (TAC), which is information broadcasted in a cell.

When the user first turns on the power of the UE, the UE first searches for an appropriate cell, establishes an RRC connection in the cell, and registers UE information in the core network. After this, the UE stays in RRC_IDLE state. The UE staying in the RRC_IDLE state (re)selects a cell as needed and examines system information or paging information. This is referred to as camp on the cell. When the UE remaining in the RRC_IDLE state needs to establish an RRC connection, it establishes an RRC connection with the RRC of the E-UTRAN through an RRC connection procedure and transitions to the RRC_CONNECTED state. There are several cases in which the UE in the RRC_IDLE state needs to establish an RRC connection. For example, sending a response message.

A non-access stratum (NAS) layer located above the RRC layer performs functions such as session management and mobility management.

The NAS layer shown in FIG. 4 will be described in detail below.

Evolved Session Management (ESM) belonging to the NAS layer performs functions such as default bearer management and dedicated bearer management, and is in charge of controlling the UE to use the PS service from the network. The default bearer resource has the characteristic of being allocated from the network when connecting to a specific Packet Data Network (PDN) for the first time. At this time, the network allocates an IP address that the UE can use so that the UE can use the data service, and also allocates the QoS of the default bearer. LTE supports two types of bearers, a bearer with guaranteed bit rate (GBR) QoS characteristics that guarantees a specific bandwidth for data transmission/reception, and a non-GBR bearer with best effort QoS characteristics without guaranteeing bandwidth. In the case of a default bearer, a non-GBR bearer is assigned. In the case of a dedicated bearer, a bearer having QoS characteristics of GBR or Non-GBR may be allocated.

A bearer allocated to the UE by the network is called an evolved packet service (EPS) bearer, and when the EPS bearer is allocated, the network allocates one ID. This is called the EPS Bearer ID. One EPS bearer has QoS characteristics of maximum bit rate (MBR) and/or guaranteed bit rate (GBR).

6 is a diagram illustrating an example of an architecture of a general new radio (NR)-radio access network (RAN). Referring to FIG. 6, an NG-RAN node may be one of the following.

- gNB providing NR user plane and control plane protocols towards the UE; or

- ng-eNB providing E-UTRA user plane and control plane protocols towards the UE.

The gNB and ng-eNB are connected to each other through the Xn interface. In addition, gNB and ng-eNB provide access and mobility management function (AMF: Access and Mobility Management Function) through NG interface for 5GC, more specifically through NG-C interface, user plane function through NG-U interface ( Connected to UPF: User Plane Function (refer to 3GPP TS 23.501 [3]).

For reference, the architecture for functional separation and the F1 interface are defined in 3GPP TS 38.401 [4].

7 is a diagram illustrating an example of functional separation between a general NG-RAN and a 5th generation core (5GC). Referring to FIG. 7 , yellow boxes represent logical nodes and white boxes represent main functions.

gNB and ng-eNB host the following functions:

- Radio resource management function: radio bearer control in both uplink and downlink (scheduling), radio admission control, access mobility control, dynamic resource allocation to UE

- IP header compression, encryption and data integrity protection;

- Select AMF from IMT-2000 3GPP-UE attachments if routing for AMF cannot be determined from information provided by the UE;

- user plane data routing with UPF;

- transfer of control plane information to AMF;

- establishment and release of connections;

- Scheduling and sending paging messages

- Scheduling and transmission of system broadcasting information (provided by AMF or OAM)

- Configuration of measurement and measurement reporting for mobility and scheduling

- Indicating transport-level packets on the uplink

- session management;

- Network slicing support;

- QoS flow management and mapping for data radio bearers

- Support of UE in RRC_INACTIVE state

- NAS message distribution function;

- share a wireless access network;

- double connection;

- Close interworking between NR and E-UTRA

AMF hosts the following key functions (see 3GPP TS 23.501 [3]).

- NAS signal termination;

- NAS signal security;

- AS security control;

- Signal transmission between CN nodes for movement between 3GPP access networks;

- Idle mode UE connectivity (including paging retransmission control and enforcement)

- registration area management;

- Supports mobility within and between systems

- authentication of access;

- Authorization of access, including checking roaming rights;

- Mobility management control (subscription and policy)

- Network slicing support;

- Select SMF

UPF hosts the following key functions (see 3GPP TS 23.501 [3]).

- Anchor points for Intra-/Inter-RAT mobility (if applicable)

- External PDU session points interconnected to the data network

- packet routing and forwarding;

- Packet inspection and user plane parts of policy rule enforcement

- report traffic usage;

- Uplink classifier to support traffic flow into the data network

- Branching point for multi-homed PDU session support;

- QoS handling for the user plane (e.g. packet filtering, gates, UL/DL rate enforcement)

- Uplink traffic verification (SDF and QoS flow mapping)

- Downlink packet buffering and downlink data notification triggering

The Session Management Function (SMF) hosts the following key functions (see 3GPP TS 23.501 [3]).

- session management;

- UE IP address allocation and management

- UP function selection and control;

- Configure traffic steering to route traffic to appropriate destinations in UPF

- Some control of policy enforcement and QoS

- Downlink Data Notification

8 is a diagram illustrating an example of a general architecture of a 5th generation (5G) system. The following is a description of each reference interface and node in FIG. 8 .

Access and Mobility Management Function (AMF) is signaling between CN nodes for mobility between 3GPP access networks, termination of Radio Access Network (RAN) CP interface (N2), NAS It supports functions such as termination of signaling (N1), registration management (registration area management), idle mode UE reachability, network slicing support, and SMF selection.

Some or all functions of AMF may be supported within a single instance of one AMF.

A data network (DN) means, for example, an operator service, Internet access, or a third party service. The DN transmits a downlink protocol data unit (PDU) to the UPF or receives a PDU transmitted from the UE from the UPF.

A policy control function (PCF) provides a function of receiving packet flow information from an application server and determining policies such as mobility management and session management.

A session management function (SMF) provides a session management function, and when a UE has multiple sessions, each session may be managed by a different SMF.

Some or all functions of SMF may be supported within a single instance of one SMF.

Unified Data Management (UDM: Unified Data Management) stores user subscription data and policy data.

User plane function (UPF: User plane function) forwards the downlink PDU received from the DN to the UE via (R) AN, and forwards the uplink PDU received from the UE to the DN via (R) AN. .

Application Function (AF) provides services (e.g., supports functions such as application impact on traffic routing, network capability exposure access, interaction with policy framework for policy control, etc.) interoperates with the 3GPP core network for

(Radio) Access Network ((R)AN) is an evolved E-UTRA (evolved E-UTRA), which is an evolved version of 4G radio access technology, and a new radio access technology (NR: New Radio) ( For example, it is a generic term for a new radio access network supporting all gNBs).

The gNB provides functions for radio resource management (i.e., Radio Bearer Control, Radio Admission Control, Connection Mobility Control), and dynamic resource dynamics for the UE in uplink/downlink. Functions such as dynamic allocation of resources (i.e., scheduling) are supported.

A user equipment (UE) means a user equipment.

In the 3GPP system, a conceptual link connecting NFs in the 5G system is defined as a reference point.

N1 is a reference point between UE and AMF, N2 is a reference point between (R)AN and AMF, N3 is a reference point between (R)AN and UPF, N4 is a reference point between SMF and UPF, and N6 is a reference point between UPF and data network. , N9 is a reference point between two core UPFs, N5 is a reference point between PCF and AF, N7 is a reference point between SMF and PCF, and N24 is a reference point between PCF in a visited network and PCF in a home network. Reference point, N8 is the reference point between UDM and AMF, N10 is the reference point between UDM and SMF, N11 is the reference point between AMF and SMF, N12 is the reference point between AMF and Authentication Server function (AUSF: Authentication Server function), N13 is Reference point between UDM and AUSF, N14 is reference point between two AMFs, N15 is reference point between PCF and AMF in case of non-roaming scenario, and reference point between PCF and AMF in visited network in case of roaming scenario , N16 is the reference point between the two SMFs (in roaming scenarios, the reference point between the SMF in the visited network and the SMF between the home network), N17 is the reference point between AMF and 5G-EIR (Equipment Identity Register), N18 is the AMF and UDSF (Unstructured Data Storage Function), N22 is the reference point between AMF and Network Slice Selection Function (NSSF), N23 is the reference point between PCF and Network Data Analytics Function (NWDAF), N24 is the reference point between NSSF and NWDAF, and N27 is the visit Reference point between NRF (Network Repository Function) in network and NRF in home network, N31 is N in visited network Reference point between SSF and NSSF in home network, N32 is reference point between SEPP (Security Protection Proxy) in visited network and SEPP in home network, N33 is reference point between NEF (Network Exposure Function) and AF, N40 is SMF and CHF ( charging function), N50 means a reference point between AMF and Circuit Bearer Control Function (CBCF).

Meanwhile, in FIG. 8, for convenience of description, a reference model for a case where a UE accesses one DN using one PDU session is illustrated, but is not limited thereto.

In the above, for convenience of description, the EPS system has been described using eNB, but eNB is gNB, MM (mobility management) function of MME is AMF, and SM function of S/P-GW is SMF, S/P-GW GW's user plane related functions can be replaced with 5G systems using UPF, etc.

In the above, this specification has been described based on EPS, but the corresponding content can be supported through similar operations through processes/messages/information, etc. for similar purposes in the 5G system.

본 개시에 적용 가능한 통신 시스템Communication systems applicable to the present disclosure

Although not limited thereto, various descriptions, functions, procedures, proposals, methods and / or operational flowcharts of the present disclosure disclosed in this document may be applied to various fields requiring wireless communication / connection (eg, 5G) between devices. there is.

Hereinafter, it will be exemplified in more detail with reference to the drawings. In the following drawings/description, the same reference numerals may represent the same or corresponding hardware blocks, software blocks or functional blocks unless otherwise specified.

본 개시에 적용 가능한 무선 기기Wireless devices applicable to the present disclosure

Referring to FIG. 9 , a first wireless device 900a and a second wireless device 900b may transmit and receive wireless signals through various wireless access technologies (eg, LTE and NR). Here, {the first wireless device 900a, the second wireless device 900b} denotes the {wireless device 100x and the base station 120} of FIG. 1 and/or the {wireless device 100x and the wireless device 100x. } can correspond.

The first wireless device 900a includes one or more processors 902a and one or more memories 904a, and may further include one or more transceivers 906a and/or one or more antennas 908a. The processor 902a controls the memory 904a and/or the transceiver 906a and may be configured to implement the descriptions, functions, procedures, suggestions, methods and/or flowcharts of operations disclosed herein. For example, the processor 902a may process information in the memory 904a to generate first information/signal and transmit a radio signal including the first information/signal through the transceiver 906a. In addition, the processor 902a may receive a radio signal including the second information/signal through the transceiver 906a and store information obtained from signal processing of the second information/signal in the memory 904a. The memory 904a may be connected to the processor 902a and may store various information related to the operation of the processor 902a.

The second wireless device 900b includes one or more processors 902b, one or more memories 904b, and may further include one or more transceivers 906b and/or one or more antennas 908b. The processor 902b controls the memory 904b and/or the transceiver 906b and may be configured to implement the descriptions, functions, procedures, suggestions, methods and/or operational flow diagrams disclosed herein. For example, the processor 902b may process information in the memory 904b to generate third information/signal, and transmit a radio signal including the third information/signal through the transceiver 906b. In addition, the processor 902b may receive a radio signal including the fourth information/signal through the transceiver 906b and store information obtained from signal processing of the fourth information/signal in the memory 904b. The memory 904b may be connected to the processor 902b and may store various information related to the operation of the processor 902b. For example, memory 904b may perform some or all of the processes controlled by processor 902b, or instructions for performing the descriptions, functions, procedures, suggestions, methods, and/or flowcharts of operations disclosed herein. It may store software codes including them. Here, the processor 902b and the memory 904b may be part of a communication modem/circuit/chip designed to implement a wireless communication technology (eg, LTE, NR). The transceiver 906b may be coupled to the processor 902b and may transmit and/or receive wireless signals through one or more antennas 908b. The transceiver 906b may include a transmitter and/or a receiver. The transceiver 906b may be used interchangeably with an RF unit. In the present disclosure, a wireless device may mean a communication modem/circuit/chip.

본 개시에 적용 가능한 무선 기기 구조Wireless device structure applicable to the present disclosure

Referring to FIG. 10, a wireless device 1300 corresponds to the

wireless devices

900a and 900b of FIG. 9, and includes various elements, components, units/units, and/or modules. ) can be configured. For example, the wireless device 1000 may include a communication unit 1010, a control unit 1020, a memory unit 1030, and an additional element 1040. The communication unit may include communication circuitry 1012 and transceiver(s) 1014 . For example, communication circuitry 1012 may include one or

more processors

902a, 902b of FIG. 9 and/or one or

more memories

904a, 904b. For example, transceiver(s) 1014 may include one or

more transceivers

906a, 906b of FIG. 9 and/or one or

more antennas

908a, 908b. The control unit 1020 is electrically connected to the communication unit 101010, the memory unit 1030, and the additional element 1040 and controls overall operations of the wireless device. For example, the control unit 1020 may control electrical/mechanical operations of the wireless device based on programs/codes/commands/information stored in the memory unit 1030. In addition, the control unit 1020 transmits the information stored in the memory unit 1030 to the outside (eg, another communication device) through the communication unit 1010 through a wireless/wired interface, or to the outside (eg, another communication device) through the communication unit 1010. Information received through a wireless/wired interface from other communication devices) may be stored in the memory unit 1030 .

The additional element 1040 may be configured in various ways according to the type of wireless device. For example, the additional element 1040 may include at least one of a power unit/battery, an input/output unit, a driving unit, and a computing unit. Although not limited thereto, the wireless device 1000 may be a robot, vehicle, XR device, portable device, home appliance, IoT device, digital broadcasting terminal, hologram device, public safety device, MTC device, medical device, fintech device (or financial device). devices), security devices, climate/environment devices, AI servers/devices, base stations, network nodes, and the like. Wireless devices can be mobile or used in a fixed location depending on the use-case/service.

In FIG. 10 , various elements, components, units/units, and/or modules in the wireless device 1000 may be entirely interconnected through a wired interface, or at least some of them may be wirelessly connected through the communication unit 1010. For example, in the wireless device 1000, the control unit 1020 and the communication unit 1010 are connected by wire, and the control unit 1020 and other components may be wirelessly connected through the communication unit 1010. Additionally, each element, component, unit/unit, and/or module within the wireless device 1000 may further include one or more elements. For example, the control unit 1020 may be composed of one or more processor sets. For example, the control unit 1020 may include a set of a communication control processor, an application processor, an electronic control unit (ECU), a graphic processing processor, a memory control processor, and the like. As another example, the memory unit 1030 may include RAM, dynamic RAM (DRAM), ROM, flash memory, volatile memory, non-volatile memory, and/or combinations thereof. can be configured.

본 개시가 적용 가능한 휴대 기기Mobile device to which the present disclosure is applicable

11 illustrates a portable device applied to the present disclosure. A portable device may include a smart phone, a smart pad, a wearable device (eg, a smart watch, a smart glass), and a portable computer (eg, a laptop computer). A mobile device may be referred to as a mobile station (MS), a user terminal (UT), a mobile subscriber station (MSS), a subscriber station (SS), an advanced mobile station (AMS), or a wireless terminal (WT).

Referring to FIG. 11, a portable device 1100 includes an antenna unit 1108, a communication unit 1110, a control unit 1120, a memory unit 1130, a power supply unit 1140a, an interface unit 1140b, and an input/output unit 1140c. ) may be included. The antenna unit 1108 may be configured as part of the communication unit 1110. Blocks 1110 to 1130/1140a to 1140c respectively correspond to blocks 1010 to 1030/1040 of FIG. 10 .

The communication unit 1110 may transmit/receive signals (eg, data, control signals, etc.) with other wireless devices and base stations. The controller 1120 may perform various operations by controlling components of the portable device 1100 . The controller 1120 may include an application processor (AP). The memory unit 1130 may store data/parameters/programs/codes/commands necessary for driving the portable device 1100 . Also, the memory unit 1130 may store input/output data/information and the like. The power supply unit 1140a supplies power to the portable device 1100 and may include a wired/wireless charging circuit, a battery, and the like. The interface unit 1140b may support connection between the portable device 1100 and other external devices. The interface unit 1140b may include various ports (eg, audio input/output ports and video input/output ports) for connection with external devices. The input/output unit 1140c may receive or output image information/signal, audio information/signal, data, and/or information input from a user. The input/output unit 1140c may include a camera, a microphone, a user input unit, a display unit 1140d, a speaker, and/or a haptic module.

For example, in the case of data communication, the input/output unit 1140c acquires information/signals (eg, touch, text, voice, image, video) input from the user, and the acquired information/signals are stored in the memory unit 1130. can be stored The communication unit 1110 may convert the information/signal stored in the memory into a wireless signal, and directly transmit the converted wireless signal to another wireless device or to a base station. In addition, the communication unit 1110 may receive a radio signal from another wireless device or base station and then restore the received radio signal to original information/signal. After the restored information/signal is stored in the memory unit 1130, it may be output in various forms (eg, text, voice, image, video, or haptic) through the input/output unit 1140c.

12 is a diagram illustrating a structural model of proximity-based services (ProSe) applied to the present disclosure. For example, the terminal may support ProSe service. In this case, ProSe may be a service supporting direct communication between terminals in close proximity. The UE may support direct discovery, direct communication, and UE-to-Network Relay functions based on the ProSe service.

As an example, FIG. 12 may be a PC5-based V2X structure model (architecture reference model). Referring to FIG. 12 , a PC5 interface may exist between the respective terminals, and a Uu interface may exist between the terminal and the base station. In addition, there may be a V5 interface between V2X applications. Here, the V2X service may be supported based on the above-described 5th generation core (5GC). At this time, the ProSe service may also operate based on the structural model of FIG. 12 . For example, even in the case of “ProSe” instead of “V2X” in FIG. 12, the service may be supported based on the same interface, and may not be limited to a specific form. As an example, in the following, ProSe is described as a standard for convenience of explanation, but the same may be applied to V2X, and may not be limited to the following embodiment.

For example, as a function supported based on the ProSe service, ProSe direct discovery may be a process in which a terminal searches for and recognizes other nearby terminals based on NR, E-UTRA, or WLAN. In this case, two types of ProSe direct search may exist: an open method and a restricted method. As an example, the open method may be a method in which a search is performed directly without explicit permission for a terminal being searched for. On the other hand, the restricted method may be a method in which direct search is performed only when there is an explicit permission for the searched terminal.

For example, ProSe direct search may be a service provided solely to use information of a specific application of a terminal to be searched for. The terminal may perform an additional operation through information acquired based on the ProSe direct search, and through this, a service may be provided. Also, as an example, non-public safety terminals equipped with a ProSe function and having authority for ProSe direct search may perform ProSe direct search based on NR or E-UTRA in the serving PLMN. In this case, as an example, if the non-public safety terminal loses NR or E-UTRA coverage, the ProSe direct search function may not be supported, but may not be limited thereto.

Also, as an example, ProSe direct search may operate based on Model A or Model B, but may not be limited thereto. For example, in model A, a terminal with the ProSe function enabled may perform at least one role of an announcing terminal and a monitoring terminal. For example, the announcing terminal may be a terminal announcing specific information usable in another terminal in the vicinity of which search is permitted. The monitoring terminal may be a terminal that monitors specific information announced by the announcing terminal. Here, the announcing terminal broadcasts a discovery message during a preset search period, and the monitoring terminal can operate by confirming a message of interest among broadcast messages and performing subsequent processes. That is, model A may be a model in which an announcing terminal transmits its existence and related information to nearby terminals by itself through broadcasting, and a search is performed when a nearby monitoring terminal is interested in the corresponding information. .

On the other hand, model B is a restricted search type and may be a model in which ProSe direct discovery is performed by transmitting a limited discovery message from a discoverer UE to a discoveree UE. More specifically, the search terminal may transmit a request including specific information to be searched to the search target terminal. At this time, the searched terminal may deliver a response message including related information to the search terminal based on the request message received from the search terminal. That is, in model B, a search terminal transmits a search request message for specific information to a specific searched terminal, and receives a response to perform ProSe direct search. For example, public safety search is a limited search, and the above-described model A monitoring terminal and model B search terminal may require authorization to perform a search in relation to a specific service. Based on this, ProSe direct search may be performed. can be done

When the terminal performs ProSe direct search based on the above, the terminal uses the ProSe function within HPLMN (Home Public Land Mobile Network) to obtain authorization to use direct search from various PLMNs. can access That is, based on the ProSe function of the HPLMN, the UE can perform ProSe direct search with UEs of other PLMNs. As an example, in the above-described model A, when the terminal obtains permission for the ProSe function in the HPLMN, the announcing terminal or the monitoring terminal receives configuration information including code information for announcing or monitoring in a specific PLMN. ) can be obtained. As a specific example, the configuration information may include a ProSe application code for announcing. As another example, configuration information may include discovery filter information for monitoring. That is, the announcing terminal can obtain a ProSe application code from the HPLMN of the announcing terminal, and the monitoring terminal can obtain a search filter from the HPLMN of the monitoring terminal. Thereafter, the announcing terminal may announce the ProSe application code, and the monitoring terminal may monitor the ProSe application code through a search filter. At this time, the monitoring terminal can check the network by checking the ProSe application code. For example, in the above procedure, the network may provide a ProSe application ID name to the terminal. In this case, the ProSe application ID name may be meta data and code information corresponding to the ProSe application ID name. Also, as an example, the above-described procedure may be equally applied to model B, and may not be limited to a specific form.

Here, security requirements may be required in the procedure for direct ProSe search described above. For example, in the case of ProSe restricted discovery, a UE may perform a search only for other UEs for which discovery is currently permitted. That is, there is a need to block identification information announced for currently unauthorized terminals. Therefore, there is a need to be protected against impersonation attacks or an attack that changes a search message in relation to ProSe direct search. That is, the system needs to support integrity protection and confidentiality protection in relation to ProSe direct discovery.

Considering the above points, when the UE performs direct ProSe search, a security procedure may be required. At this time, a procedure for protecting the message of PC3, which is an interface between the terminal and the ProSe function, may be required.

13 is a diagram illustrating a security procedure of open search applied to the present disclosure. Terminals may perform ProSe direct search based on open search. For example, each terminal in FIG. 13 may be in a roaming state or a state located in the HPLMN, and is not limited to a specific embodiment.

Here, as an example, integrity protection through message integrity check (MIC) is that the announcing terminal is allowed to announce the ProSe application code at that time, and the ProSe function It can be a confirmation action. As an example, a Universal Time Coordinated (UTC) based counter associated with a discovery slot may be used to calculate and verify the MIC. Here, in order to ensure that the announcing terminal and the monitoring terminal use the same UTC-based counter, a counter value may be included in four least significant bits (LSB) of the search message. Therefore, the monitoring terminal can check the UTC-based counter through the search message, and can perform configuration based on this.

For example, referring to FIG. 13 , the announcing terminal 1310 may transmit a search request message to the HPLMN 1320 of the announcing terminal. At this time, the search request message may include the ProSe application ID for the ProSe function in HPLMN. Through this, the announcing terminal 1310 can be authorized to announce the ProSe application code to the serving PLMN. Here, the serving PLMN may be HPLMN or VPLMN. For example, when the announcing terminal 1310 is located in the VPLMN 1330 (that is, in case of roaming) and broadcasts an announcement, the announcing terminal 1310 is located in the VPLMN 1330 of the announcing terminal. ) is required. Accordingly, the ProSe function of the HPLMN 1320 may transmit an announce grant message including a permission request for an announcement transmission to the ProSe function of the VPLMN 1330 . Then, when the announcement is granted, the ProSe function of the HPLMN 1320 may receive a response message from the ProSe function of the VPLMN 1330. Here, as an example, if the announcing terminal 1310 is not roaming, the above-described procedure may not be required.

Next, the ProSe function of the HPLMN 1320 may transmit a search response message to the announcing terminal 1310. In this case, the search response message may include at least one of information about a search key, a ProSe application code, a current time, a maximum offset, and an effective timer. At this time, the announcing terminal 1310 may announce the ProSe application code. As an example, the ProSe application code may be associated with a 128-bit search key. Here, the ProSe function of the HPLMN 1320 may store a search key associated with the ProSe application code. In addition, the search response message may include current time information, which is UTC-based time information of the ProSe function of the HPLMN 1320. The announcing terminal 1310 may set an effective time for ProSe direct search based on current time information, a maximum offset, and an effective timer, and may not be limited to a specific embodiment.

Next, if the difference between the UTC-based counter provided by the system associated with the discovery slot and the ProSe clock of the terminal is not greater than the maximum offset (MAX_OFFSET) and the validity timer has not expired, The announcing terminal 1310 may start announcing. At this time, for each discovery slot used for announcing, the announcing terminal 1310 may calculate a 32-bit Message Integrity Check (MIC) including the ProSe application code in the discovery message. Then, 4LSB of UTC-based counters can be sent along with the discovery message. Here, the MIC can be calculated using a UTC based counter associated with the retrieval key and retrieval slot.

Next, the monitoring terminal 1340 may transmit a search request message including a ProSe application ID to the ProSe function of the HPLMN 1350 of the monitoring terminal in order to obtain a discovery filter to be listened to. At this time, the ProSe function of the HPLMN 1350 of the monitoring terminal may exchange a monitoring request message and a monitoring response message with the ProSe function of the HPLMN 1320 of the announcing terminal. At this time, the monitoring request message and the monitoring response message may not have any changes for the purpose of protecting the code transmitted for public search.

Next, the ProSe function of the HPLMN 1350 of the monitoring terminal includes a search filter including at least one of the ProSe application code and the ProSe application mask along with the current time (CURRENT_TIME) and maximum offset (MAX_OFFSET) parameters in the search response message. and can be transmitted to the monitoring terminal 1340. After that, the monitoring terminal 1340 may set the ProSe clock to the current time (CURRENT_TIME) and store the maximum offset (MAX_OFFSET) parameter to overwrite the previous value. After that, the monitoring terminal 1340 may obtain a value for a UTC-based counter associated with the search slot based on the UTC time. For example, the counter may be set to a UTC time value in seconds, and the terminal may obtain UTC time from all available sources, and is not limited to a specific form.

Then, when the difference between the UTC-based counter associated with the discovery slot and the ProSe clock of the terminal is not greater than the maximum offset (MAX_OFFSET) of the ProSe clock of the monitoring terminal 1340, the monitoring terminal 1340 sends a search message that satisfies the search filter. can receive

Then, when the monitoring terminal 1340 does not check the MIC for the previously searched ProSe application code based on the search message or when the MIC associated with the ProSe application code is checked but the match report refresh timer expires, the monitoring terminal ( 1340) may transmit a Match Report message to the ProSe function of the HPLMN 1350 of the monitoring terminal. In this case, the match report message may include a UTC-based counter value, ProSe application code, and search message parameters including MIC.

The ProSe function of the HPLMN 1350 of the monitoring terminal transmits search message parameters including the ProSe application code, MIC, and counter parameters related to the ProSe function of the HPLMN 1320 of the announcing terminal to the HPLMN 1320 of the announcing terminal. It can be delivered to the ProSe function.

After that, the ProSe function of the HPLMN 1320 of the announcing terminal can check whether the MIC is valid. After that, the ProSe function of the HPLMN 1320 of the announcing terminal may retrieve the search key through the ProSe application code. Then, the HPLMN (1320) match report confirmation message of the announcing terminal may be transmitted to the ProSe function of the HPLMN (1350) of the monitoring terminal. Here, the match report confirmation message may include a match report refresh timer. For example, the match report refresh timer may refer to a waiting time before the terminal sends a new match report for the ProSe application code.

Then, the ProSe function of the HPLMN 1350 of the monitoring terminal may transmit a match response to the monitoring terminal 1340. At this time, the match response may be confirmation of the integrity check, and the ProSe function of the terminal may return the ProSe application ID to the terminal. Also, as an example, the terminal may provide a current time (CURRENT_TIME) parameter for (re)configuring the ProSe clock. At this time, the ProSe function of the HPLMN of the monitoring terminal may selectively modify the refresh timer of the match report received according to the local policy, and the match report refresh timer may be included in the match response.

Also, as an example, security procedures of model A and model B based on limited search may be similar to the open search described above. As an example, both models can perform limited retrieval message protection on the PC5 interface using UTC-based counters. Here, the current time (CURRENT_TIME) and maximum offset (MAX_OFFSET) parameters may be provided to the terminal in the ProSe function of HPLMN. At this time, the terminal can make the UTC-based counter obtained based on the above parameters sufficiently close to the actual time.

However, as an example, limited search may require confidentiality protection of a search message. For example, a terminal may not be searched for or tracked by other unauthorized terminals. In this case, the terminal can prevent being searched for or tracked by other unauthorized terminals by using the same ProSe restriction/response code. In addition, when the ProSe function allows, MIC check may be performed by the receiving terminal.

Also, as an example, a terminal transmitting a discovery message may require a security parameter to protect the discovery message. For example, a security parameter may be required for an announcing terminal of model A. In addition, a security parameter may be required for a search terminal that transmits a ProSe query code of model B and a search terminal that transmits a ProSe response code. In addition, a terminal receiving a search message may also require a security parameter. For example, a security parameter may be required for a monitoring terminal of model A, a search terminal receiving a model B ProSe response code, and a search terminal receiving a ProSe query code.

As a specific example, message transmission may be performed in consideration of security in a restricted search based on model A. For example, in relation to message transmission considering security, both the announcing terminal and the monitoring terminal may be applied when both are roaming or are in the HPLMN.

For example, referring to FIG. 14 , the announcing terminal 1420 may perform a search request procedure. At this time, the announcing terminal 1420 may transmit a search request message including the RPAUID to the ProSe function in the HPLMN 1450 of the announcing terminal. For example, the announcing terminal 1420 may transmit a search request message to the ProSe function in the HPLMN 1450 of the announcing terminal in order to obtain a ProSe code and security-related information in consideration of the announcement.

Next, the ProSe function of the HPLMN 1450 of the announcing terminal may check the announcement authority through the ProSe Application Server 1460 based on the configuration of the ProSe function.

Thereafter, the ProSe function of the HPLMN 1450 of the announcing terminal may exchange announce authentication related messages (Announce Auth. Messages) with the ProSe function of the VPLMN 1440 of the announcing terminal. For example, when the announcing terminal is not roaming, the above-described procedure may not be performed.

Then, the ProSe function of the HPLMN 1450 of the announcing terminal may deliver (or return) the search response message to the announcing terminal 1420 . At this time, the response message may include a ProSe code and a corresponding code transmission security parameter together with the current time (CURRENT_TIME) and maximum offset (MAX_OFFSET) parameters. In this case, the code transmission security parameters may provide information necessary for protecting the ProSe code transmission of the announcing terminal 1420 . At this time, the code transmission security parameter may be stored together with the ProSe code.

In addition, the monitoring terminal 1410 may transmit a search request message including the RPAUID to the ProSe function of the HPLMN 1430 of the monitoring terminal. For example, the monitoring terminal may transmit a search request message including an RPAUID to monitor one or more restricted ProSe Application IDs. Then, the ProSe function of the HPLMN 1430 of the monitoring terminal may transmit a permission request to the ProSe application server 1460. Then, when the RPAUID is allowed to search for at least one target RPAUID included in the application level container based on the permission setting, the ProSe application server 1460 transmits the permission response to the HPLMN 1430 of the monitoring terminal. can be passed (or returned) to the ProSe function of

If the search request is approved based on the above and the PLMN ID of the target RPAUID indicates another PLMN, the ProSe function of the HPLMN 1430 of the monitoring terminal may transmit a monitoring request message to the ProSe function of the indicated PLMN. That is, the ProSe function of the HPLMN 1430 of the monitoring terminal may transmit a monitoring request message to the ProSe function of the HPLMN 1450 of the announcing terminal. Then, the ProSe function of the HPLMN 1450 of the announcing terminal may exchange an authentication message with the ProSe application server 1460 and transmit a monitoring response to the ProSe function of the HPLMN 1430 of the monitoring terminal.

Here, the monitoring response may include a ProSe code and a corresponding code reception security parameter. Also, as an example, the monitoring response may further include a Discovery User Integrity Key (DUIK), and is not limited to the above-described embodiment.

Also, as an example, the code reception security parameter may include information necessary for the monitoring terminal 1410 to cancel protection applied by the announcing terminal 1420 . Also, as an example, when the code reception security parameter indicates that the monitoring terminal 1410 should use a match report for MIC check, DUIK may include the code reception security parameter as a separate parameter.

Next, the ProSe function of the HPLMN 1430 of the monitoring terminal may transmit a search response message to the monitoring terminal 1410. At this time, the search response message may include a search filter and code reception security parameters along with current time (CURRENT_TIME) and maximum offset (MAX_OFFSET) parameters.

After that, the announcing terminal 1420 may transmit an announcement code through the PC5 interface, and the monitoring terminal 1410 may receive the corresponding code. At this time, as an example, when the UTC-based counter provided by the system related to the discovery slot is within the maximum offset of the ProSe clock of the announcing terminal 1420 and the validity timer has not expired, the case has not expired. The announcing terminal 1420 may transmit an announcement code. Also, as an example, 4LSBs of the UTC-based counter may be transmitted together with the protected discovery message, as described above.

Then, when the UTC-based counter associated with the corresponding search slot is within the maximum offset of the ProSe clock of the monitoring terminal 1410, the monitoring terminal 1410 may receive a search message that satisfies the search filter. Here, the monitoring terminal 1410 may be requested to send a matching report for MIC confirmation. At this time, the monitoring terminal 1410 may transmit the coincidence report to the ProSe function of the HPLMN of the monitoring terminal.

At this time, the match report may include a UTC-based counter value having the same 4LSB as the 4LSB received with the search message. Also, as an example, the matching report may include a ProSe code and MIC, and the ProSe function of the HPLMN 1430 of the monitoring terminal may check this.

Also, for example, if necessary, the ProSe function of the HPLMN 1430 of the monitoring terminal may exchange authentication related messages (Auth Req/Auth Resp) with the ProSe application server. Through this, it is possible to check whether the monitoring terminal 1410 has the authority to search for the announcing terminal 1420. After that, the ProSe function of the HPLMN 1430 of the monitoring terminal may deliver (or return) information about confirmation that the integrity check has passed to the monitoring terminal 1410 .

Here, the match report response returned to the monitoring terminal 1410 may include a match report refresh timer in a message sent to the monitoring terminal 1410 . In this case, the match report refresh timer may indicate a waiting time before the terminal sends a new match report for the ProSe code. The ProSe function of the HPLMN 1430 of the monitoring terminal may transfer the match report information message to the ProSe function of the HPLMN 1450 of the announcing terminal.

Also, as an example, even when a limited search is performed based on model B, a procedure considering security may be performed. For example, the following procedure may be applied when both the search terminal and the search terminal of model B are roaming or located in at least one HPLM, and may not be limited to a specific embodiment.

For example, referring to FIG. 15 , a Discoveree UE 1520 may perform a search request procedure. At this time, the searched terminal 1520 may transmit a search request message including the RPAUID to the ProSe function in the HPLMN 1550 of the searched terminal. For example, the searched terminal 1520 may transmit a search request message to the ProSe function in the HPLMN 1550 of the searched terminal in order to obtain a ProSe code and security-related information in consideration of the announcement.

Next, the ProSe function of the HPLMN (1550) of the terminal to be searched can check the announcement authority through the ProSe Application Server (1560) based on the configuration of the ProSe function.

Thereafter, the ProSe function of the HPLMN 1550 of the terminal to be searched may exchange announce authentication-related messages (Announce Auth. Messages) with the ProSe function of the VPLMN 1540 of the terminal to be searched. For example, when the terminal to be searched is not roaming, the above-described procedure may not be performed.

Thereafter, the ProSe function of the HPLMN 1550 of the terminal to be searched may transfer (or return) the search response message to the terminal to be searched 1520. At this time, the response message may include a ProSe code and a corresponding code transmission security parameter together with the current time (CURRENT_TIME) and maximum offset (MAX_OFFSET) parameters. In this case, the code transmission security parameters may provide information necessary for protecting the transmission of the ProSe code of the terminal 1520 to be searched. At this time, the code transmission security parameter may be stored together with the ProSe code.

In addition, the search terminal 1510 may transmit a search request message including the RPAUID to the ProSe function of the HPLMN 1530 of the search terminal. For example, a search terminal may transmit a search request message including an RPAUID to monitor one or more restricted ProSe Application IDs. Then, the ProSe function of the HPLMN 1530 of the search terminal may transmit a permission request to the ProSe application server 1560. Then, when the RPAUID is allowed to search for at least one target RPAUID included in the application level container based on the permission setting, the ProSe application server 1560 transmits the permission response to the HPLMN 1530 of the search terminal. can be passed (or returned) to the ProSe function of

If the search request is approved based on the above and the PLMN ID of the target RPAUID indicates another PLMN, the ProSe function of the HPLMN 1530 of the search terminal may transmit a search request message to the ProSe function of the indicated PLMN. That is, the ProSe function of the HPLMN 1530 of the search terminal may transmit a search request message to the ProSe function of the HPLMN 1550 of the search terminal. Thereafter, the ProSe function of the HPLMN 1550 of the terminal to be searched exchanges an authentication message with the ProSe application server 1560, and may transmit a search response to the ProSe function of the HPLMN 1530 of the terminal to be searched.

Here, the search response may include a ProSe code and a corresponding code reception security parameter. Also, as an example, the search response may further include a Discovery User Integrity Key (DUIK), and is not limited to the above-described embodiment.

Also, as an example, the code reception security parameter may include information necessary for the search terminal 1510 to cancel protection applied by the search target terminal 1520 . Also, as an example, when the code reception security parameter indicates that the search terminal 1510 should use the matching report for MIC check, the DUIK code reception security parameter may be included as a separate parameter.

Next, the ProSe function of the HPLMN 1530 of the search terminal may transmit a search response message to the search terminal 1510. At this time, the search response message may include a search filter and code reception security parameters along with current time (CURRENT_TIME) and maximum offset (MAX_OFFSET) parameters.

Thereafter, the search terminal 1510 transmits a process query code through the PC5 interface, and the search terminal 1520 may receive and process the corresponding code. After that, the search terminal 1510 may receive a response code from the search target terminal 1520 and process the response code.

At this time, as an example, if the UTC-based counter provided by the system related to the discovery slot is within the maximum offset of the ProSe clock of the discovery terminal 1510 and the validity timer has not expired, the discovery terminal 1510 has not expired. Step 1510 may transmit the query code to the terminal 1520 to be searched for. Also, as an example, the least significant 4 bits of the UTC-based counter may be transmitted together with the protected discovery message, as described above. Then, when the UTC-based counter associated with the search slot is within the maximum offset of the ProSe clock of the terminal to be searched for 1520, the terminal to be searched for 1520 can receive a search message that satisfies the search filter. Thereafter, the searched terminal 1520 may transmit a ProSe response code associated with the ProSe query code to the search terminal 1510. At this time, the searched terminal 1520 may transmit the ProSe response code to the search terminal 1510 based on the search message. Thereafter, the search terminal may receive the search message and check whether the search message satisfies the search filter. Here, the search terminal 1510 may be requested to send a match report for MIC confirmation. At this time, the search terminal 1510 may transmit the matching report to the ProSe function of the HPLMN 1530 of the search terminal. At this time, the match report may include a UTC-based counter value having the same 4LSB as the 4LSB received with the search message. Also, as an example, the matching report may include a ProSe code and MIC, and the ProSe function of the HPLMN 1530 of the search terminal may check this.

Also, for example, if necessary, the ProSe function of the HPLMN 1530 of the search terminal may exchange authentication related messages (Auth Req/Auth Resp) with the ProSe application server 1560. Through this, it is possible to check whether the search terminal 1510 has the authority to search the search target terminal 1520 or not. After that, the ProSe function of the HPLMN 1530 of the search terminal may deliver (or return) information about confirmation that the integrity check has passed to the search terminal 1510.

Here, the match report response returned to the search terminal 1510 may include a match report refresh timer in a message sent to the search terminal 1510 . In this case, the match report refresh timer may indicate a waiting time before the terminal sends a new match report for the ProSe code. The ProSe function of the HPLMN 1530 of the monitoring terminal may transfer the matching report information message to the ProSe function of the HPLMN 1550 of the searched terminal.

Also, for example, when a limited search message is transmitted through a PC5 interface between terminals, protection of the limited search message may be required. For example, integrity protection may be performed to protect restricted retrieval messages. In this case, integrity protection may be additionally provided by MIC like open search. For example, the transmitting terminal may calculate the MIC using the received DUIK (Discovery User Integrity Key). In addition, the receiving terminal may check the MIC calculated through the provided DUIK. As another example, the ProSe function may check the MIC calculated using DUIK, and through this, integrity protection may be performed, as described above.

Also, for example, scrambling protection may be performed. In this case, scrambling protection may be protection for ensuring that there is no relationship between search messages transmitted by a specific terminal. Through this, it is possible to prevent the terminal from being tracked after a lapse of time. For example, the scrambling key stream may be calculated through a discovery user scrambling key (DUSK) and a UTC-based counter related to a discovery slot.

As another example, confidentiality protection may be performed for each message. At this time, confidentiality protection may provide confidentiality for a part of the search message. For example, it can be used when a plurality of terminals use the same DUSK or obfuscate a part of a search message from a terminal permitted to search. In addition, the key stream may be calculated based on a Discovery User Confidentiality Key (DUCK), message content, and a UTC-based counter associated with the discovery slot.

As described above, security procedures applied to the transmitting terminal and the receiving terminal may be controlled by the ProSe function transmitting at least one of the code transmission security parameter and the code reception security parameter to the target terminal. For example, the target terminal may be a terminal supporting integrity protection, scrambling protection, and message-specific confidentiality protection. As an example, DUSK or DUIK may be provided to achieve integrity protection for ProSe restricted search messages.

Also, as an example, a terminal transmitting a search message may receive a code transmission security parameter from the ProSe function. At this time, code transmission security parameters may include DUSK and DUIK. Also, as an example, code transmission security parameters may further include DUCK and encrypted bits_mask along with DUSK and DUIK.

Here, when the terminal transmits the search message, the terminal may configure the search message. At this time, if the DUIK is provided to the terminal, the terminal may calculate the MIC. On the other hand, if the DUIK is not provided to the terminal, the terminal may set all MICs to 0. Next, when the terminal receives the DUCK, the terminal may add message-specific confidentiality to the message. After that, the terminal may add a MIC to the message to which message specific confidentiality is added. In addition, when the terminal receives the DUSK, the terminal may perform scrambling protection on the message to which the MIC is added.

Also, as an example, the terminal may receive a code reception security parameter from the ProSe function. In this case, the code reception security parameter may be used to indicate how the terminal protects the received message. For example, the code reception security parameter may include DUSK. As another example, the code reception security parameter may include a DUIK or information indicating whether to use a match report for MIC check. At this time, the matching report option may not be allowed for the ProSe query code. In addition, the code reception security parameter may include both DUCK and corresponding encrypted bits_mask (Encrypted_bits_mask), and is not limited to a specific embodiment.

Here, as an example, when the terminal receives the search message, the terminal may release scrambling when the DUSK is received. In addition, the terminal may check whether unencrypted message bits match using message specific confidentiality. Also, for example, when the terminal receives the DUCK, the terminal may release message specific confidentiality. If it is determined that the bits of the unencrypted message match, the terminal can confirm the overall match. In addition, when MIC confirmation is required, the terminal may directly check the MIC (when DUIK exists in the search filter security parameters) or check the MIC through a matching report based on the search filter security parameters.

Also, as an example, when a transmitting terminal performs integrity protection, the terminal may calculate an output bit sequence from the DUIK and pass a UTC-based counter to the MIC calculating function. Then, based on the MIC calculation function, a 4-byte output can be derived and set as the MIC value of the corresponding message. The receiving terminal or ProSe function may perform the above-described operation and compare the received MIC with the calculated MIC.

Also, as an example, when the UE performs scrambling protection, the UE may set 4LSB of the UTC counter to 0 for scrambling calculation. Next, we can calculate the time-hash bit sequence from the DUSK and UTC based counters and pass the hash function. Then, an XOR operation of the entire search message including the MIC and the time-hash bit sequence can be performed.

In the following, as a case of performing direct search between terminals based on the ProSe system based on the above description, a method of performing direct search between terminals in consideration of security when a plurality of searched terminals exists will be described.

For example, when performing direct communication between devices based on the ProSe system, device-to-device search may be required. Here, different methods may be applied to discovery between devices based on service requirements, and discovery between devices may be performed based on the above-described open discovery method and restricted discovery, which are described above. same as bar

At this time, the limited search can be operated only when a terminal desiring to use the corresponding ProSe service obtains permission from the network in advance. That is, the limited search may be a method in which only authorized terminals can be searched, as described above. At this time, it may be necessary to search for direct communication between a plurality of terminals that have obtained permission from the network. Here, when each of a plurality of terminals performs a terminal-to-device search based on the same information, information of another terminal may be recognized, which may cause a security problem. A method for this will be described below.

In addition, as an example, the following description is based on the model B described above as a limited search method, but may not be limited thereto, and may be applied to the model A in a similar form.

As a specific example, referring to FIG. 16 , a Discoveree UE 1620 may request information necessary for discovery from the Direct Discovery Name Management Function (DDNMF) of the HPLMN 1650 of a registered Discovered UE. . For example, the searched terminal 1620 may transmit a discovery request message to the HPLMN 1650 of the searched terminal to request information necessary for the searched terminal. Here, the information required for search may include at least one or more of a discovery query filter, a ProSe response code, and security materials. Also, as an example, the terminal may obtain a Restricted ProSe Application User ID (RPAUID) through prior service authentication. That is, the terminal may acquire pre-authentication for a service based on the limited ProSe application and acquire an RPAUID, which is an ID for this. Here, the above-described search request message may include the RPAUID of the terminal. After that, the DDNMF of the HPLMN 1650 of the terminal to be searched can check whether or not the terminal has an operating authority as a terminal to be searched for the service based on the RPAUID of the terminal through subscriber information. In addition, the DDNMF of the HPLMN 1650 of the terminal to be searched may additionally verify whether or not there is a right to use the corresponding service based on the RPAUID of the terminal to be searched 1620 with the ProSe application server 1660. At this time, when the authority of the terminal to be searched 1620 is verified based on the ProSe application server, the DDNMF of the HPLMN 1650 of the terminal to be searched provides discovery materials that can search for the RPAUID of the terminal to be searched for 1620. ) can be created. In this case, the search material may include at least one of a ProSe query code, a discovery query filter, a ProSe response code, a code transmission security parameter, and a code reception security parameter. there is.

Here, the ProSe query code may be a code transmitted when the search terminal 1610 performs a search based on the RPAUID of a search target terminal. Also, the discovery query filter may be a filter used when the search terminal 1620 matches and receives the ProSe query code transmitted by the search terminal 1610. Also, the ProSe response code may be a code that the search target terminal 1620 responds to the search terminal after receiving the ProSe query code. Also, the code-sending security parameters may be a security key used for code encryption when the searched terminal responds with a ProSe response code. For example, the code transmission security parameter may include at least one or more of the aforementioned discovery user integrity key (DUIK), discovery user confidentiality key (DUCK), and discovery user scrambling key (DUSK). Also, as an example, the code-receiving security parameters may be parameters used when the terminal to be searched receives an encrypted ProSe query code and decrypts it. For example, the code reception security parameter may include at least one or more of the aforementioned discovery user integrity key (DUIK), discovery user confidentiality key (DUCK), and discovery user scrambling key (DUSK). For example, when the searched terminal 1620 is in a roaming situation, the DDNMF of the HPLMN 1650 of the searched terminal may transfer authentication information to the DDNM of the VPLMN 1640 of the searched terminal, as described above.

After the DDNMF of the HPLMN 1650 of the terminal to be searched creates the search material, the DDNMF of the HPLMN 1650 of the terminal to be searched provides information necessary to operate as the terminal to be searched from among the created search materials to the terminal to be searched for 1620. can be conveyed For example, the DDNMF of the HPLMN 1650 of the terminal to be searched may transmit a search response message to the terminal to be searched for 1620, and the search response message may include information required to operate as the terminal to be searched for. For example, information required to operate as a searched terminal may include at least one or more of a search query filter, a ProSe response code, a code transmission security parameter, and a code reception security parameter, but may not be limited thereto. Here, as an example, the search response message may further include validity of the search material and additional information for preventing a replay attack. That is, the DDNMF of the HPLMN 1650 of the terminal to be searched may include additional information in the search response message in consideration of the response attack and transmit it to the terminal to be searched for 1620. For example, the additional information may include at least one of a validity timer, a current time, and a max offset. For example, the validity timer may indicate the validity time of the above-described search material. Also, the current time may indicate the current time for providing search materials to DDNMF. For example, the searched terminal 1620 may set a ProSe clock within the terminal and recognize the current time based on this. Also, the maximum offset may be a value set to determine validity of a search message. For example, the search message may be valid only when the time slot for transmitting the search message between terminals is smaller than the value obtained by adding the maximum offset value to the current time, and if the maximum offset value is exceeded, the search message may be determined to be invalid. Through this, defense against response attacks can be performed.

Next, the search terminal 1610 may also receive search material from the network in order to search for the search target terminal 1620 . For example, the discoverer UE 1610 may also request information necessary for discovery (e.g. discovery query code, ProSe response filter, security materials) from the DDNMF of the registered HPLMN through a discovery request message. At this time, the search terminal 1610 may also acquire the RPAUID based on prior service authentication, and the RPAUID of the search terminal 1610 may be included in the search request message.

That is, the search terminal 1610 may transmit a search request message including the RPAUID to the DDNMF 1630 of the HPLMN of the search terminal to request information necessary for search. After that, the DDNMF 1630 of the HPLMN of the search terminal can check whether the search terminal 1610 has an operating authority as a search terminal of the service based on the RPAUID of the search terminal 1610 through subscriber information. In addition, as an example, the DDNMF (1630) of the HPLMN of the search terminal may additionally request verification to the ProSe application server (1660) to determine whether the search terminal 1610 has the right to use the corresponding service. can At this time, if the verification is completed based on the ProSe application server 1660, the ProSe application server 1660 converts the target RPAUID(s) of the search terminal(s) that the search terminal 1610 can search to the HPLMN of the search terminal. It can be delivered to the DDNMF (1630) of.

Here, as an example, if the PLMN ID included in the target RPAUID of the search terminal to be searched is not the PLMN to which the DDNMF of the search terminal belongs, the DDNMF 1630 of the HPLMN of the search terminal receives the search material from the corresponding PLMN. For this purpose, a search request message may be transmitted to the DDNMF 1650 of the HPLMN of the terminal to be searched. On the other hand, if the PLMN ID included in the target RPAUID of the terminal to be searched is the same as the PLMN to which the DDNMF of the terminal belongs, the DDNMF 1630 of the HPLMN of the terminal determines the RPAUID of the terminal to be searched based on the above description. Based on this, it is possible to read search material information created and stored.

After that, the DDNMF of the HPLMN 1650 of the terminal to be searched may proceed with verification of the service use authority of the search terminal 1610 together with the ProSe application server 1660. At this time, when verification is completed based on the ProSe application server 1660, the DDNMF of the HPLMN 1650 of the terminal to be searched may deliver a search response message to the HPLMN 1630 of the terminal to be searched. At this time, the search response message may include search materials necessary for ProSe search. In this case, the search material required for the ProSe search may include at least one or more of a search query filter, a ProSe response code, a code transmission security parameter, and a code reception security parameter, but may not be limited thereto. Also, as an example, the search material required for ProSe search may further include a discovery response filter so that the search terminal 1610 can receive a response message by matching the ProSe response code based on the ProSe response code. And, it is not limited to the above-described embodiment.

Also, for example, when the search terminal 1610 is in a roaming state, the DDNMF of the HPLMN 1630 of the search terminal may transfer authentication information to the DDNMF of the VPLMN 1640 of the search terminal. On the other hand, when the search terminal 1610 is not in a roaming state, the above-described operation may be omitted. After that, the DDNMF of the HPLMN 1630 of the search terminal may deliver a search response message to the search terminal 1610 to deliver information necessary for operating as a search terminal. In this case, the search response message may include at least one or more of the aforementioned search query filter, ProSe response code, code transmission security parameter, and code reception security parameter, but may not be limited thereto.

In addition, the search response message may further include the above-described search response filter. Also, as an example, the search response message may further include the aforementioned additional information. In this case, the additional information may include at least one of a validity timer, a current time, and a max offset. For example, the validity timer may indicate the validity time of the above-described search material. Also, the current time may indicate the current time for providing search materials to DDNMF. For example, the search terminal 1610 may set a ProSe clock within the terminal and recognize the current time based on this. Also, the maximum offset may be a value set to determine validity of a search message. For example, the search message may be valid only when the time slot for transmitting the search message between terminals is smaller than the value obtained by adding the maximum offset value to the current time, and if the maximum offset value is exceeded, the search message may be determined to be invalid. Through this, defense against response attacks can be performed, as described above.

Next, the search terminal 1610 may transmit the ProSe query code to the search target terminal 1620 through the PC5 interface based on the information necessary for the search as described above. In this case, the search terminal 1610 may transmit the ProSe query code to the search target terminal 1620 if the validity timer does not exceed and the search time slot does not exceed the maximum offset sum of the ProSe clock (current time). In this case, the query code may be encrypted with a code transmission security key (e.g. DUIK, DUCK, DUSK) of the search terminal. At this time, the searched terminal 1620 may receive a message matching the search filter within a search time slot within the sum of the ProSe clock and the maximum offset, and perform decryption using the code reception security key of the searched terminal 1620. there is. After that, the searched terminal 1620 may encrypt the ProSe response code with the code transmission security key of the searched terminal 1620 and transmit the encrypted ProSe response code to the searched terminal 1610 . Thereafter, the search terminal 1610 may receive the encrypted ProSe response code and decrypt it using the code reception security keys of the search terminal 1610 to complete the search.

As described above, based on the ProSe system, a search terminal may search for a search target terminal and perform direct communication.

As a specific example, a service may be provided based on a ProSe restricted search scheme. However, this is only one example and may not be limited to the above-described embodiment. For example, a commercial service that connects a delivery restaurant and a delivery man may be provided based on the ProSe system. For example, based on the ProSe system, each terminal of a delivery restaurant and several deliverymen may perform paid subscription to the corresponding service. At this time, each subject may pay a fee or membership fee. Through this, information on each subject can be included in subscriber information, and the corresponding service can be provided. Here, the corresponding service may grant authority as a searcher to a delivery restaurant and provide information necessary for searching for a person to be searched. In addition, the corresponding service may authorize a registered delivery person as a person to be searched and provide information necessary for responding to a searcher's request. For example, when a customer order from a delivery restaurant is received, the delivery restaurant may transmit a ProSe search request message to a plurality of unspecified terminals to be searched (ie, delivery workers) in a nearby area based on the received information as a search terminal. As a specific example, the ProSe search request message may include a delivery address or other information, and may not be limited to a specific form. At this time, nearby delivery men may acquire information for being searched as a searched terminal, and receive and decode a ProSe search request message transmitted by the searched terminal based on this. Through this, the delivery men can recognize the delivery request information and deliver the ProSe response message to the search terminal (delivery restaurant) when they want to perform delivery. For example, the ProSe response message may further include information such as delivery cost or expected arrival time, and is not limited to a specific embodiment.

At this time, as an example, the search terminal (ie, delivery restaurant) may receive response messages from a plurality of search target terminals, select a specific search target terminal (ie, specific delivery person) and request delivery. As a specific example, the search terminal may select a search terminal based on information provided by the search terminal (e.g. delivery cost or estimated arrival time information).

Here, as an example, as described above, a search terminal needs to simultaneously search a plurality of search target terminals based on a security function. However, when a search terminal performs a search for a search target terminal based on the ProSe system as shown in FIG. 16, the search terminals may need to receive the same search request at the same time. Accordingly, searched terminals may be provided with the same discovery material and security parameters in advance.

However, the existing system may generate search information and security information in DDNMF based on a Restricted ProSe Application User ID (RPAUID) and transmit them to the terminal. Accordingly, when a search is performed based on FIG. 16 , search target terminals having different RPAUIDs may not receive the same search information.

Considering the above points, terminals having different RPAUIDs may be provided with the same search information and security information. However, when terminals having different RPAUIDs are provided with the same search information and security information, the same security information may be shared between searched terminals having different RPAUIDs. That is, since different terminals to be searched share the same security information, when a specific terminal to be searched transmits a response to a search request, other terminals to be searched can receive and decrypt the corresponding information, so security is not maintained. may not be

As a specific example, when a delivery service is provided as described above, another searched terminal (delivery man) may obtain information by receiving a delivery cost and arrival time suggested by a specific searched terminal (ie, delivery man). In this case, the terminal to be searched may abuse the received information to provide a lower price or false arrival information for selection from the search terminal (delivery restaurant). Also, as an example, the terminal to be searched should perform a role only as a terminal to be searched, but since all transmission/reception security information is known, the terminal to be searched may arbitrarily perform the role of the terminal to be searched. That is, a terminal to be searched generates and transmits an erroneous search request, which may cause confusion in other terminals to be searched, which may become a security threat by increasing costs or wasting resources of other terminals to be searched.

For example, Table 2 below may be a method for setting a key as security information between a search terminal and a plurality of search target terminals based on the aforementioned ProSe system. For example, referring to Table 2, the search terminal may encrypt and transmit the ProSe query code with Key1. At this time, the terminal to be searched may receive the ProSe query code transmitted by the search terminal through the ProSe query filter, decode it using Key1, and recognize the information. Conversely, when the search terminal encrypts the ProSe response code with Key2 and returns it to the search terminal, the search terminal receives the ProSe response code based on the ProSe response filter and performs decryption using Key2 to obtain response information. can

At this time, based on the foregoing, the terminals to be searched may need to decrypt the received message only with code-receiving security keys and encrypt the response code with code-sending security keys. there is. However, since the searched terminal knows that other searched terminals also encrypt the response code through the same code transmission security key, Key2, there is a possibility of eavesdropping on the response message of other searched terminals through Key2. In addition, similarly, since the search terminal recognizes that the query code is transmitted using Key1, the searched terminal may transmit a search message to other searched terminals by encrypting a false request message using Key1, causing confusion.

As described above, security may not be maintained when a plurality of search terminals having different RPAUIDs hold both search information and security information for the same search request. A procedure for performing ProSe direct communication by searching for a terminal to be searched for and selecting a specific terminal to be searched for is described.

As an example, FIG. 17 may be an improved ProSe Model B restricted search scheme. Referring to FIG. 17 , Discoveree UE A 1720 may transmit a search request message including an RPAUID to the DDNMF of the network (or HPLMN) of the discovered UE A. At this time, the terminal to be searched may acquire the RPAUID through pre-authentication of the corresponding service, as described above. After that, the DDNMF (hereinafter referred to as DDNMF A, 1750) of the terminal A to be searched may transfer the RPAUID of the terminal A to be searched to the ProSe application server 1770 and request permission confirmation. Here, as an example, when requesting permission confirmation, information that the terminal A to be searched performs the role of the terminal to be searched and information about the requesting application may also be included. Then, the ProSe application server 1770 may verify whether the RPAUID of the terminal A to be searched has the authority to operate as the terminal to be searched for in the target application. Also, as an example, the ProSe application server 1770 may determine whether or not a target application needs to search for a plurality of terminals to be searched at the same time. That is, the ProSe application server 1770 may check whether the target application is an application requiring multiple discovery.

At this time, if the target application is an application requiring a plurality of searches, the ProSe application server 1770 may check whether a searched terminal already registered in the target application exists. At this time, as an example, when the above-mentioned terminal A 1720 first requests permission for the target application, the ProSe application server 1770 sends the DDNMF A 1750 the permission verification result, and the target application searches multiple times ( An indication indicating that the application requires multiple discovery may be transmitted. That is, the ProSe application server 1770 may transmit information on whether to search multiple target applications to the DDNMF A 1750. Then, when the authority of the terminal A 1720 to be searched is verified, the DDNMF A 1750 may generate information necessary for the search target based on the RPAUID of the terminal A 1720 to be searched for. Here, information required for search may include discovery materials information and security information required for search. In this case, the search material may include at least one of a ProSe query code, a discovery query filter, a ProSe response code, a current time, a maximum offset, and valid timer information. , which may be as described above. Also, the security information may be key information based on a code transmission security parameter and a code reception security parameter. At this time, the DDNMF A 1750 may transmit the search response message to the search target terminal A 1720 including search material information and security information necessary for the search target described above.

At this time, as an example, the existing DDNMF can generate a security key (ie, DUIK, DUCK, DUSK) related to the code transmission security parameter and the code reception security parameter as a symmetric key, and deliver the generated security key to the search terminal and the DDNMF. On the other hand, as shown in FIG. 17, when DDNMF A 1750 receives multiple discovery indications for a target application, DDNMF A 1750 uses asymmetric public and private keys for security between searched terminals. key can be generated. At this time, DDNMF A (1750) may provide only the public key to searched terminal A (1720). That is, when the target application supports multiple searches and the searched terminal A 1720 is the searched terminal that initially requested authority, the DDNMF A 1750 generates an asymmetric key in the form of a public key/private key and only uses the public key. It can be provided to the terminal A 1720 to be searched for.

At this time, as an example, the DDNMF A 1750 may transmit the search response message to the searched terminal A 1720 by further including information on whether or not the target application is searched multiple times. Through this, the search target terminal A 1720 can recognize that multiple searches are performed in relation to the target application. As another example, even if searched terminal A 1720 does not receive a separate instruction from DDNMF A 1750, it may be implicitly instructed that multiple searches for a target application will be performed when public key information in the form of an asymmetric key is obtained. there is.

That is, when the terminal receives key information in the form of a symmetric key, the terminal can recognize that multiple searches are not performed on the target application, but only the target terminal is searched. On the other hand, when the terminal receives public key information in the form of an asymmetric key, the terminal can recognize that multiple searches are performed for the target application, and is not limited to the above-described embodiment.

Next, the Discoverer UE 1710 may also transmit a search request message including the RPAUID to the DDNMF of the network (ie, HPLMN) of the Discoverer UE as described above. At this time, the search terminal may acquire the RPAUID by performing authentication in advance on the target application or target service. At this time, the DDNMF 1740 of the search terminal may transfer the RPAUID of the search terminal 1710 to the ProSe application server 1770 and request permission confirmation. Here, the DDNMF 1740 may perform a permission confirmation request including information indicating that the corresponding terminal serves as a search terminal and information on a target application. The ProSe application server 1770 may verify whether it can operate as a search terminal of a target application based on the RPAUID of the search terminal. In addition, the ProSe application server 1770 may determine whether a target RPAUID(s), which is a search target of a target application, is registered. For example, if the target RPAUID(s) is not registered as a search target of the target application, the ProSe application server 1770 may return a none response and terminate the procedure. Conversely, when the target RPAUID(s) is registered as a search target of a target application, the ProSe application server 1770 may return the initially registered target RPAUID to the DDNMF 1740 of the search terminal.

At this time, if the searched terminal A 1720 described above is the searched terminal registered for the first time, the ProSe application server 1770 may transfer the RPAUID of the searched terminal A 1720 to the DDNMF 1740 of the searched terminal. The DDNMF 1740 of the search terminal may check whether the PLMN ID of the received target RPAUID is the same PLMN. If the PLMN ID of the DDNMF 1740 of the search terminal is different from the PLMN ID of the received target RPAUID, the DDNMF 1740 of the search terminal forwards the RPAUID to the DDNMF of the corresponding PLMN based on the PLMN ID of the target RPAUID, and sends a search request message can transmit. That is, the DDNMF 1740 of the search terminal may transmit a search request message to the DDNMF A 1750, which is the DDNMF of the searched terminal A 1720, to request security information for searching the searched terminal. At this time, the DDNMF A 1750 may request authorization verification of the requested RPAUID from the ProSe application server 1770. At this time, the ProSe application server 1770 may check whether the RPAUID has already been registered by checking the authority and context of the requested RPAUID. If the ProSe application server 1770 has already registered the RPAUID, it may return information that the corresponding terminal serves as a search terminal, through which the DDNMF A 1750 can confirm the role of the search terminal.

After the DDNMF A 1750 confirms the role of the search terminal, it may deliver search material information and security information generated based on the above to the DDNMF 1740 of the search terminal. Here, the DDNMF A 1750 may transmit only the private key among the public key and the private key as the security key generated in relation to the code transmission security parameter and the code reception security parameter to the DDNMF 1740 of the search terminal. After that, the DDNMF 1740 of the search terminal may transfer the search material information and the security key to the search terminal 1710 .

At this time, as an example, the DDNMF 1740 of the search terminal may transmit the search response message to the search terminal A 1710 by further including information on whether or not the target application is searched multiple times. Through this, the search terminal 1710 can recognize that multiple searches are performed in relation to the target application. As another example, even if the search terminal 1710 does not receive a separate instruction from the DDNMF A 1740, it may be implicitly instructed that multiple searches for target applications will be performed when secret key information in the form of an asymmetric key is obtained.

That is, when the terminal receives key information in the form of a symmetric key, the terminal can recognize that multiple searches are not performed on the target application, but only the target terminal is searched. On the other hand, when the terminal receives secret key information in the form of an asymmetric key, the terminal can recognize that multiple searches are performed for the target application, and is not limited to the above-described embodiment.

Next, in FIG. 17 , the target application may be an application for which multiple searches are performed, and other searched terminals other than the searched terminal A 1720 may exist. For example, when a searched terminal B 1730 exists, the searched terminal B 1730 includes the RPAUID of the searched terminal B 1730 to the DDNMF of the corresponding network (ie, HPLMN) of the searched terminal B. A search request message can be sent. At this time, the terminal B 1730 to be searched may obtain the RPAUID through pre-authentication of the target application.

After that, the DDNMF (hereinafter referred to as DDNMF B, 1760) of the searched terminal B 1730 may transfer the RPAUID of the searched terminal B to the ProSe application server 1770 and perform a permission confirmation request. At this time, the DDNMF B 1760 may transmit information on the corresponding terminal serving as a search target terminal and target application information to the ProSe application server 1770 together.

At this time, the ProSe application server 1770 can verify whether or not it has the authority to operate as the terminal to be searched for in the target application based on the RPAUID of terminal B to be searched for. Also, the ProSe application server 1770 may check whether the target application requires multiple searches. Here, when the target application requires multiple searches and there is a terminal to be searched already registered, the ProSe application server 1770 may return the first RPAUID to the DDNMF B 1760. At this time, the initial RPAUID may be composed of the PLMN ID and unique ID information. Accordingly, DDNMF B 1760 may recognize the PLMN of the first RPAUID. That is, DDNMF B 1760 can recognize the PLMN of the first-registered terminal A 1720 to be searched for.

As a specific example, when the above-described terminal A 1720 to be searched for is a terminal to be searched for initially registered with a target application, the ProSe application server 1770 may transmit the RPAUID of terminal A 1720 to be searched for to DDNMF B 1760. there is. DDNMF B 1760 may check the PLMN ID through the received first RPAUID. At this time, if the PLMN is different based on the PLMN ID of the DDNMF B 1760, the DDNMF B 1760 may transfer the RPAUID to the DDNMF of the corresponding PLMN to transmit a search request message. That is, DDNMF B (1760) may transmit a search request message to DDNMF A (1750). At this time, the DDNMF A 1750 may request the ProSe application server 1770 to verify the requested RPAUID authority. ProSe application server 1770 can check the authority and context of the requested RPAUID. At this time, if the RPAUID has already been registered, the ProSe application server 1770 may return the search role (Discoveree) of the corresponding terminal to the DDNMF A 1750. That is, the ProSe application server 1770 may transmit information indicating that the corresponding terminal may serve as a search target terminal to the DDNMF A 1750.

After that, DDNMF A 1750 may deliver information necessary for the terminal to be searched among search material information to DDNMF B 1760. At this time, as an example, DDNMF A (1750) transmits to DDNMF B (1760) only the public key among the public key and private key as the security key generated based on the code transmission security parameter and the code reception security parameter. can After that, DDNMF B 1760 may transfer the information obtained from DDNMF A 1750 to the searched terminal B 1730.

At this time, as an example, the DDNMF B 1760 may transmit the search response message to the searched terminal B 1730 by further including information on whether or not the target application is searched multiple times. Through this, the search target terminal A 1720 can recognize that multiple searches are performed in relation to the target application. As another example, even if the searched terminal B 1730 does not receive a separate instruction from the DDNMF B 1760, it may be implicitly instructed that multiple searches for the target application will be performed when public key information in the form of an asymmetric key is obtained. there is.

Based on the foregoing, the search terminal may obtain secret key information, and search target terminal A 1720 and search target terminal B 1730 may obtain public key information.

Next, the search terminal 1710 may encrypt the ProSe query code with a private key and transmit it through the PC5 interface. At this time, the searched terminal A 1720 and the searched terminal B 1730 may receive a ProSe query code matched with a ProSe query filter, decrypt it with a public key, and receive a message.

In addition, each of the searched terminal A 1720 and the searched terminal B 1730 may encrypt the ProSe response code with a public key and transmit it to the search terminal 1710. At this time, since the searched terminal A 1720 and the searched terminal B 1730 do not possess a private key that matches the corresponding public key, they cannot decrypt the response code encrypted and returned by another searched terminal. Security can be maintained. At this time, the search terminal 1710 may receive the ProSe response code matched with the ProSe response filter, perform decryption with the private key, and complete the search.

Referring to FIG. 18 based on the above, the ProSe application server may receive a search request from a search terminal or a search target terminal (S1801). At this time, when the ProSe application server receives a search request message including the RPAUID, The ProSe application server can check the context of the RPAUID to determine whether it is the terminal that previously made the request (S1802). At this time, in the case of the terminal that previously made the request, the ProSe application server has already obtained the role information of the corresponding terminal. Since it is recognized, the role information value can be returned as a search response (S1803). Here, the ProSe application server determines the role of the terminal based on the existing request (S1804), and if the terminal is the terminal to be searched for, the terminal to be searched for. Related information may be transmitted (S1805). On the other hand, the ProSe application server determines the role of the corresponding terminal based on the existing request (S1804), and if the corresponding terminal is a search terminal, it may transmit search terminal related information (S1806). That is, the ProSe application server can transmit related information by confirming the role of the existing requesting terminal.

On the other hand, if the information on the RPAUID included in the search request does not exist in the ProSe application server (S1802), the ProSe application server may check whether the role of the terminal is a search terminal or a search target terminal (S1807). , If the role of the terminal is a terminal to be searched for, the ProSe application server may check whether the corresponding terminal to be searched is an initially registered terminal (S1808). More specifically, as described above, the target application requires multiple searches. If it is an application and the target terminal is the initial registered terminal, the ProSe application server may transmit information indicating multiple searches to DDNMF. (S1809) At this time, DDNMF may generate information necessary for search, which is as described above. same. On the other hand, if the terminal performing the role of the terminal to be searched is not the initially registered terminal, the ProSe application server may transfer the RPAUID of the terminal to be searched initially registered to DDNMF, as described above (S1810).

On the other hand, if the terminal is a search terminal (S1807), the ProSe application server may check whether the target RPAUID exists based on the target application (S1811). At this time, if the target RPAUID exists, the ProSe application server searches the terminal The RPAUID initially registered with the DDNMF of can be delivered, as described above (S1812). On the other hand, if the target RPAUID does not exist, the ProSe application server may return a None value, which is as described above. ( S1813)

19 is a flowchart illustrating a terminal operation method according to an embodiment of the present disclosure.

Referring to FIG. 19, a first terminal may transmit a search request message including a first ID based on a first application (S1910). At this time, as described above with reference to FIGS. 1 to 18, the first application is specific The application may be an application that operates based on the ProSe service. Also, the first ID may be an ID used to perform a ProSe restricted search with the aforementioned RPAUID. Here, the first terminal may transmit the search request message to the network of the first terminal. In this case, the network of the first terminal may be the above-described DDNMF, and is not limited to a specific form. Thereafter, the first terminal may receive a search response message based on the search request message (S1920). In addition, the first terminal may include a second terminal and a terminal for the first application based on the role of the first terminal. (S1930) That is, the first terminal and the second terminal perform direct communication by operating as a search terminal and a search target terminal based on the search condition set through the above based on the PC5 interface. It can be, and is not limited to a specific embodiment.

In this case, for example, information included in the search response message may be different based on the role of the first terminal. More specifically, the ProSe application server may check whether the context of the first terminal exists in the ProSe application server based on the authentication request performed by the network of the first terminal based on the first ID.

Here, a case in which the context of the first terminal exists in the ProSe application server may be considered. In this case, based on the context of the first terminal, when the first terminal has a role of a search terminal, the ProSe application server returns search terminal related information, and the search response message may include the search terminal related information. Also, for example, based on the context of the first terminal existing in the ProSe application server, when the first terminal serves as a terminal to be searched for, the ProSe application server returns information related to the terminal to be searched for, and the search response message Information related to the terminal to be searched may be included.

As another example, a case in which the context of the first terminal does not exist in the ProSe application server based on the first ID may be considered. At this time, the first terminal may receive a search response message based on the role of the first terminal. In this case, when the role of the first terminal is a search terminal and a target ID based on the first application exists, the first terminal may receive a secret key based on the first application. In this case, the first terminal may encrypt a search message for direct communication between terminals based on the first application through a secret key and transmit the encrypted search message to at least one searched terminal.

In this case, for example, when a target ID exists based on the first application, the network of the first terminal may receive target ID information from the ProSe application server based on the target ID. At this time, the network of the first terminal may identify the network of the initially registered terminal to be searched based on the target ID information, and transmit search request information to the network of the identified terminal to be searched for first registered. Thereafter, the network of the first terminal may receive search response information including the secret key from the network of the initially registered terminal to be searched, and transmit the secret key to the first terminal. That is, the network of terminals to be searched initially registered in the ProSe application server can generate a public key and a private key as an asymmetric key for search, and transmit information on the private key to the network of terminals to be searched. Then, the search terminal may receive secret key information from the network of the search terminal, and encrypt the search message using the secret key based on the received secret key information.

On the other hand, a case in which the role of the first terminal is a terminal to be searched and multiple searches are permitted based on the first application may be considered. In this case, when the first terminal is a terminal to be searched initially registered in the ProSe application server, the first terminal may receive a public key based on the first application.

In this case, the first terminal may decrypt the search message transmitted by the search terminal based on the first application through the public key. More specifically, the network of the first terminal may request authentication from the ProSe application server based on the first application. When the first terminal is a terminal to be searched for first registration based on the first application and multiple searches are permitted, the ProSe application server may transmit an authentication response including multiple search permission information to the network of the first terminal. Thereafter, the network of the first terminal may generate a public key and a private key in the form of an asymmetric key based on the first application, and transmit the public key to the first terminal.

On the other hand, a case in which the role of the first terminal is a terminal to be searched but a terminal to be searched previously registered in the ProSe application server exists may be considered. At this time, the first terminal may receive the public key based on the first application and decrypt the search message transmitted by the search terminal, as described above.

Here, the network of the first terminal may request authentication from the ProSe application server based on the first application. When multiple searches are allowed based on the first application and the pre-registered search target terminal exists in the ProSe application server, the ProSe application server may transmit ID information of the previously registered search target terminal to the network of the first terminal. there is. At this time, the network of the first terminal may request information related to the searched terminal from the network of the searched terminal based on the previously registered ID information of the searched terminal. Thereafter, the network of the first terminal may receive the public key from the network of the search target terminal and deliver the public key to the first terminal.

That is, when a plurality of terminals to be searched exist through the above description, the terminal to be searched encrypts a message with a private key, and each terminal to be searched decrypts a message encrypted with a public key to maintain message security between terminals to be searched for. may be, as described above.

It is obvious that examples of the proposed schemes described above may also be included as one of the implementation methods of the present disclosure, and thus may be regarded as a kind of proposed schemes. In addition, the above-described proposed schemes may be implemented independently, but may also be implemented in a combination (or merged) form of some proposed schemes. Information on whether the proposed methods are applied (or information on the rules of the proposed methods) may be defined so that the base station informs the terminal through a predefined signal (eg, a physical layer signal or a higher layer signal). .

The present disclosure may be embodied in other specific forms without departing from the technical ideas and essential characteristics described in the present disclosure. Accordingly, the above detailed description should not be construed as limiting in all respects and should be considered illustrative. The scope of the present disclosure should be determined by reasonable interpretation of the appended claims, and all changes within the equivalent range of the present disclosure are included in the scope of the present disclosure. In addition, claims that do not have an explicit citation relationship in the claims may be combined to form an embodiment or may be included as new claims by amendment after filing.

Embodiments of the present disclosure may be applied to various wireless access systems. As an example of various wireless access systems, there is a 3rd Generation Partnership Project (3GPP) or 3GPP2 system.

Embodiments of the present disclosure may be applied not only to the various wireless access systems, but also to all technical fields to which the various wireless access systems are applied. Furthermore, the proposed method can be applied to mmWave and THz communication systems using ultra-high frequency bands.

Additionally, embodiments of the present disclosure may be applied to various applications such as free-running vehicles and drones.

Claims

In a terminal operating method in a wireless communication system,

Transmitting, by a first terminal, a search request message including a first ID based on a first application;

receiving, by the first terminal, a search response message based on the search request message; and

wherein the first terminal performs direct communication between a second terminal and a terminal for the first application based on a role of the first terminal.
According to claim 1,

When the context of the first terminal exists in a ProSe (Proximity-based Service) application server based on the first ID, the first terminal receives the search response message including role information of the first terminal, Terminal operation method.
According to claim 2,

Based on the context of the first terminal existing in the ProSe application server, when the first terminal has a role of a search terminal, the search response message further includes search terminal related information;

Based on the context of the first terminal existing in the ProSe application server, when the first terminal has a role of a searched terminal, the search response message further includes searched terminal related information.
According to claim 1,

If the context of the first terminal does not exist in the ProSe application server based on the first ID, receiving the search response message based on the role of the first terminal.
According to claim 4,

When the role of the first terminal is a search terminal and a target ID based on the first application exists, the first terminal receives a secret key based on the first application.
According to claim 5,

wherein the first terminal encrypts a search message for direct communication between terminals based on the first application through the secret key and transmits the message to at least one searched terminal.
According to claim 5,

When a target ID exists based on the first application, the network of the first terminal receives target ID information from the ProSe application server based on the target ID,

The network of the first terminal checks the network of the initially registered terminal to be searched based on the target ID information;

Delivering search request information to the network of the first registered terminal to be searched,

wherein the network of the first terminal receives search response information including the secret key from the network of the initially registered terminal to be searched, and transmits the secret key to the first terminal.
According to claim 4,

When the role of the first terminal is a terminal to be searched, multiple searches are permitted based on the first application, and the first terminal is a terminal to be searched for first registering in the ProSe application server, the first terminal A terminal operating method for receiving a public key based on a first application.
According to claim 8,

The first terminal decrypts a search message transmitted by a search terminal based on the first application through the public key.
According to claim 8,

Based on the first application, the network of the first terminal requests authentication to the ProSe application server, and the ProSe application server is a search target terminal initially registered by the first terminal based on the first application. When multiple searches are allowed, transmit an authentication response including multiple search permission information to the network of the first terminal;

The network of the first terminal generates the public key and the private key in the form of an asymmetric key based on the first application, and transmits the public key to the first terminal.
According to claim 4,

When the role of the first terminal is a terminal to be searched, multiple searches are allowed based on the first application, and there is a terminal to be searched pre-registered in the ProSe application server, the first terminal selects the first application A terminal operating method for receiving a public key based on.
According to claim 11,

The first terminal decrypts a search message transmitted by a search terminal based on the first application through the public key.
According to claim 11,

Based on the first application, the network of the first terminal requests authentication to the ProSe application server, the ProSe application server allows the multiple searches based on the first application, and sends the ProSe application server the If there is a registered terminal to be searched for, transmitting ID information of the pre-registered terminal to be searched to the network of the first terminal;

The network of the first terminal requests information related to a search target from the network of the search target terminal based on the ID information of the previously registered terminal to be searched;

wherein the network of the first terminal receives the public key from the network of the searched terminal and transmits the public key to the first terminal.
In a terminal operating in a wireless communication system,

at least one transceiver;

at least one processor; and

at least one memory operatively connected to the at least one processor and storing instructions that, when executed, cause the at least one processor to perform a specific operation;

The specific action is:

Controlling the transceiver to transmit a search request message including first ID information based on a first application;

Control the transceiver to receive a search response message based on the search request message, and

A terminal that controls to perform direct communication between another terminal and a terminal for the first application based on a role of the terminal.
In the method of operating a server in a wireless communication system,

Receiving an authentication request message based on a first application; and

Transmitting an authentication response message based on the authentication request message; including,

The authentication response message includes different information based on the role of the terminal, the operating method of the server.
In a server operating in a wireless communication system,

at least one transceiver;

at least one processor; and

at least one memory operatively connected to the at least one processor and storing instructions that, when executed, cause the at least one processor to perform a specific operation;

The specific action is:

Control the transceiver to receive an authentication request message based on a first application;

Controlling the transceiver to transmit an authentication response message based on the authentication request message;

The authentication response message includes different information based on the role of the terminal.
In the method of operating a network operating in a wireless communication system,

Receiving a search request message including a first ID based on a first application from a terminal;

performing authentication with a ProSe application server based on the search request message; and

and transmitting a search response message to the terminal based on the authentication with the ProSe application server.
In a network operating in a wireless communication system,

at least one transceiver;

at least one processor; and

at least one memory operatively connected to the at least one processor and storing instructions that, when executed, cause the at least one processor to perform a specific operation;

The specific action is:

Controlling the transceiver to receive a search request message including a first ID based on a first application from a terminal;

Perform authentication with the ProSe application server based on the search request message, and

and controlling the transceiver to transmit a search response message to the terminal based on the authentication with the ProSe application server.
An apparatus comprising at least one memory and at least one processor functionally connected to the at least one memory, comprising:

The at least one processor is the device,

Transmitting a search request message including first ID information based on a first application;

Receiving a search response message based on the search request message, and

An apparatus for performing direct communication between another terminal and a terminal for the first application based on a role of the terminal.
In a non-transitory computer-readable medium storing at least one instruction,

comprising the at least one instruction executable by a processor;

The at least one command,

the at least one processor

Transmitting a search request message including first ID information based on a first application;

Receiving a search response message based on the search request message, and

A computer readable medium that performs direct communication between another terminal and a terminal for the first application based on a role of the terminal.