In order to keep a competitive power of a third generation mobile communication system in the field of communications and to provide mobile communication services with higher rate, lower delay and more personalization for users, and meanwhile to reduce operating cost of operators, the 3rd Generation Partnership Project (3GPP) standard group is committed to a study of an Evolved Packet System (EPS). The whole EPS includes an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and an Evolved Packet Core Networking (EPC), in which the EPC includes a Home Subscriber Server (HSS), a Mobility Management Entity (MME), a Serving GPRS Support Node (SGSN), a Policy and Charging Rule Function (PCRF), a Serving Gateway (S-GW), a PDN Gateway (P-GW) and a Packet Data Network (PDN).
When two User Equipments (UEs) communicate through the EPS, the two UEs respectively need to establish a bearer with the EPS. However, in consideration of rapid development of UEs and various mobile Internet services, many services expect to be able to discover and communicate with near UEs, therefore, a Device to Device (D2D) service is created, the D2D service is also called a Proximity-based Service (ProSe). In the D2D service, two UEs may directly communicate when located close to each other, and the data path connected between the two UEs may not be roundabout to a core network; in this way, a detour of data router may be reduced on one hand, and network data load may be reduced on the other hand; therefore, the D2D service has received attention of many operators.
At present, common D2D services include D2D discovery services, whose communication architecture is as shown in FIG. 1; FIG. 1 is a architecture diagram of a D2D service according to the related art; as shown in FIG. 1, two UEs of D2D can only access an EPC through an E-UTRAN, the two UEs may belong to one same Public Land Mobile Network (PLMN) or separately belong to two PLMNs; for one UE, the PLMN may be divided into a Home PLMN (HPLMN) and a Visited PLMN (VPLMN) which the UE access from other PLMNs; a PLMN of a current area where the UE is located may be collectively called a Local PLMN (LPLMN), no matter the Local PLMN is a HPLMN or a VPLMN. In order to realize D2D discovery services, not only the EPS is deployed at an operator side, but also at least one ProSe application server of the D2D discovery services is deployed; the at least oneProSe application server may be provided by a service provider operating the D2D service, also may be provided by a network operator operating the EPS; ProSe function entities are also deployed at different PLMNs. For the two UEs of ProSe services, one UE acquires a service code that can be announced from a ProSe function entity after the UE acquires a service ID from the ProSe function entity, this UE is called an Announcing UE (A-UE), while another UE accepts announcement of the A-UE, performs match with a ProSe function entity of the other UE and performs ProSe services with the A-UE if the match is successful; this non-announcing UE becomes a Monitoring-UE (M-UE).
In the communication architecture of the D2D discovery service, since the UE provides a relevant ProSe Application (APP), an interface between the UE and a ProSe APP server is a PC1 interface, which provides relevant authentication functions. An interface between one UE and another UE is PC5, which is used for mutual direct discovery and communication between these two UEs; an interface between the UE and the ProSe function entity is PC3, which is used for passing a discovery authentication of a network. Moreover, an interface between the ProSe function entity and an existing EPC is PC4, which includes a user plane interface connected with a P-GW and a control plane interface connected with an HSS and is used for the discovery authentication of the D2D discovery service. In addition, an interface between the ProSe function entity and the ProSe APP server is PC2, which is used for an application implementation of the D2D discovery service. Between a ProSe function entity and a ProSe function entity there is a PC6 and a PC7 respectively, which are used for the roaming and non-roaming conditions of UEs respectively; when the UE is roamed, the PC7 interface is used; when the UE is not roamed, the PC6 interface is used; these two interfaces are used for executing the information interaction between two ProSe function entities when the UE performs the D2D discovery service.
The D2D discovery service may be divided into an open discovery mode and a limited discovery mode.
FIG. 2 is a flowchart of implementing open discovery in the related art; this process includes the following steps:
At S201: an A-UE configures a ProSe Application ID (ProSe APP ID) in an offline mode. The ProSe APP ID is associated with an HPLMN, and the ProSe APP ID contains a PLMN ID of the HPLMN. After the A-UE establishes a safe connection with a ProSe function entity under the HPLMN, the A-UE sends a discovery service request message containing the discovery ProSe APP ID, a discovery service type and a user ID to the ProSe function entity under the HPLMN.
At S202: if the ProSe function entity has no associated context, the ProSe function entity performs discovery service authentication authorization with an HSS and establishes a new UE context containing a subscription parameter of the UE. If the discovery request acquires authentication, the ProSe function entity sends an announcing authentication request to a ProSe function entity of a VPLMN, in which the announcing authentication request carries the ProSe APP ID, the user ID and a ProSe service code allocated by the ProSe function entity under the HPLMN of the A-UE, the ProSe service code being an A-UE announcing code.
At S203: after authenticating the announcing request, the ProSe function entity of the VPLMN of the A-UE returns an announcing authentication request response message to the ProSe function entity under the HPLMN of the A-UE.
At S204: the ProSe function entity of the HPLMN returns a discovery service request response message to the A-UE. The discovery service request response message carries the ProSe service code, a discovery key, a current time and a maximum duration. The ProSe service code is an announcing service code allocated for the A-UE by the ProSe function entity of the HPLMN of the A-UE, the discovery key totally has 128 bits, the current time is Greenwich time, that is, the world unified clock, the A-UE sets the ProSe time of the A-UE according to the current time, that is, synchronizing with time of a network, the maximum duration together with the current time forms the discovery timeslot of the current discovery, that is, a life cycle of the ProSe service code, which is invalid if exceeding the maximum duration.
At S205: the A-UE calculates a 32-bit MIC and then the A-UE announces to air through a broadcast channel, and the announcing message carries the MIC, the ProSe service code and the last 4 bits of the time parameter.
The MIC is obtained using a signature algorithm HMAC(Hash-based Message Authentication Code)-SHA (Secure Hash Algorithm)-256, that is, MIC=HMAC−SHA-256 (discovery key, character string S),
in which, the character string S=FC∥P0∥L0∥P1∥L1, FC indicates an algorithm type with fixed length, P0 indicates announcing time, L0 indicates a time length, P1 indicates the ProSe service code, and L1 indicates a length of the service code.
At S206: an M-UE configures a ProSe Application ID (ProSe APP ID) in an offline mode. The ProSe APP ID is associated with an HPLMN, and the ProSe APP ID contains a PLMN ID of the HPLMN. After the M-UE is interested in monitoring at least one ProSe APP ID and establishes a safe connection with a ProSe function entity under the HPLMN of the M-UE, the M-UE sends a discovery service request message containing a list of discovery ProSe APP IDs, a discovery service type and a user ID to the ProSe function entity under the HPLMN.
At S207: if the ProSe function entity has no associated context, the ProSe function entity performs discovery service authentication authorization with the HSS and establishes a new UE context, in which the UE context contains a subscription parameter of the UE. If the discovery request acquires authentication, the ProSe function entity sends a monitoring authentication request to the ProSe function entity under a corresponding HPLMN of the A-UE, in which the announcing authentication request carries the ProSe APP ID and the user ID.
At S208: if the ProSe function entity under the corresponding HPLMN of the A-UE saves the ProSe service code corresponding to the ProSe APP ID, the ProSe function entity under the corresponding HPLMN of the A-UE authenticates the monitoring authentication request message and returns a monitoring authentication request response message to the ProSe function entity under the HPLMN of the M-UE, in which the monitoring authentication request response message carries a mask corresponding to the ProSe service code and a life cycle corresponding to the ProSe service code.
At S209: the ProSe function entity of the HPLMN of the M-UE composes a ProSe service code and a discovery template according to the mask in the monitoring authentication request response message and returns a discovery service request response message to the M-UE. The discovery service request response message carries the discovery template, the current time and the maximum duration. The current time and the maximum duration are the current time and maximum duration of the ProSe function entity of the HPLMN of the M-UE. in The M-UE sets the ProSe clock according to the current time.
At S210: the M-UE receives the announcing information from the A-UE, in which the announcing information includes the MIC, the ProSe service code and the last 4 bits of the time parameter.
At S211: if the M-UE finds that the ProSe service code announced by the A-UE exists in the discovery template and the ProSe service code is within the life cycle of the discovery template, the M-UE sends a match report message to the ProSe function entity of the HPLMN of the M-UE, in which the match report message carries the MIC and the ProSe service code. The M-UE corrects the ProSe time using the last 4 bits of the received time parameter; the match report message also carries the corrected ProSe time corresponding to the M-UE.
At S212: the ProSe function entity of the HPLMN of the M-UE forwards the match report message to the ProSe function entity of the HPLMN of the A-UE.
At S213: the ProSe function entity of the HPLMN of the A-UE acquires the ProSe discovery key according to the ProSe service code parameter carried in the received match report, and calculates an MIC′ based on S205 according to the ProSe discovery key and the ProSe time and ProSe service code in the match report; if MIC=MIC′, the integrity checking of the received ProSe announcing message is passed; otherwise, it is failed, that is, the ProSe service code of the M-UE is not integrated.
At S214: after successful integrity checking, the ProSe function entity of the HPLMN of the A-UE returns a match report response message to the ProSe function entity of the HPLMN of the M-UE.
At S215: the ProSe function entity of the HPLMN of the M-UE returns a match report response message to the M-UE, in which the match report response message carries the current time of the ProSe function entity of the HPLMN of the M-UE, and the M-UE sets the ProSe time. After the match is successful, the M-UE can perform ProSe communication services with the A-UE.
In the above process, the ProSe function entity of the HPLMN of the M-UE needs to send the received service code to the ProSe function entity of the HPLMN of the A-UE so as to acquire a corresponding APP ID. Meanwhile, the MIC is transmitted to the ProSe function entity of the HPLMN of the A-UE, for the ProSe function entity of the HPLMN of the A-UE to check the message integrity.
However, in the limited discovery mode, the ProSe function entity of the HPLMN of the M-UE parses the application layer user ID according to the service code, without interacting with the ProSe function entity of the HPLMN of the A-UE; therefore, if following an original open discovery process, the integrity checking of messages cannot be completed.
In view of a problem of incapability of completing integrity checking of messages in the limited discovery mode in the related art, no effective solution has been proposed so far.