In order to maintain competitive capability of the third generation mobile communication system in the field of communication, provide users with faster speed, shorter delay, and more personalized mobile services, and meanwhile reduce the operator's operating costs, the 3rd Generation Partnership Project (3GPP for short) standards working group is working on the Evolved Packet system (EPS for short) research. The entire EPS includes an Evolved Universal Terrestrial Radio Access Network (E-UTRAN for short) and an Evolved Packet Core Networking (EPC for short), herein, the EPC includes a Home Subscriber Server (HSS for short), a Mobility Management Entity (MME for short), a Serving GPRS Support Node (SGSN for short), a Policy and Charging Rule Function (PCRF for short), a Serving Gateway (S-GW for short), a PDN Gateway (P-GW for short) and a Packet Data Network (PDN for short).
When two User Equipments (UE for short) communicate via an EPS, the two UEs need to establish bearer with the EPS, respectively. However, in view of the rapid development of the UE and various mobile Internet services, many services desire to find adjacent UEs and communicate, thus generating device-to-device (D2D) services, which are also referred to as Proximity-based Service (ProSe for short). In the D2D service, when the two UEs are relatively close, the two UEs may directly communicate with each other, a data path with which the two UEs are connected may not go back to a core network, thus, on one hand, an indirect data routing may be reduced, on the other hand, the network data load may also be reduced. Therefore, the D2D service has gotten attention of many operators.
At present, the conventional D2D services include a D2D discovery service, the communication architecture of which is shown in FIG. 1, two UEs which are accessed in D2D can only access an EPC via an E-UTRAN, both of the two UEs may belong to a Public Land Mobile Network (referred to as PLMN), or the two UEs may belong to two PLMNs separately; for one UE, the PLMN may be classified as a home PLMN (referred to as Home PLMN) or a Visited PLMN (referred to as VPLMN) which is visited by the UE when accessing from another PLMN, the PLMN in a region where the UE is located may be collectively referred to as the local PLMN (referred to as Local PLMN), no matter the local PLMN is HPLMN or VPLMN. In order to achieve the D2D discovery service, not only the EPS, but also a ProSe application server for the D2D discovery service are deployed at the operator side, and the ProSe application server can be provided by a service provider that operates the D2D service, or by a network operator that operates the EPS, and ProSe function entities are also deployed in different PLMNs. For two UEs for a ProSe service, one UE thereof acquires a service code for broadcast from the ProSe function entity after obtaining a service identifier from the ProSe function entity, and the UE is referred to as Announcing UE (A-UE for short). The other UE receives broadcast of the A-UE and then matches with the ProSe function entity of the UE, and performs the ProSe service with the A-UE if the matching is successful. This unannounced UE is referred to as a Monitoring UE (M-UE).
In a communication architecture of the D2D discovery service, because the UE provides a related ProSe application (APP for short), and an interface of the related ProSe APP with the ProSe application server is PC1 interface, a related authentication function is provided. The interface between the UEs is PC5 for direct discovery and communication with each other between the UEs, and the interfaces between the UEs and the ProSe function entities are PC3 for discovery authentication via the network. The interfaces between the ProSe function entities and the existing EPC are PC4s, which include a user plane interface with the P-GW and a control plane interface with the HSS, for discovery authentication for the D2D discovery service. The interface of the ProSe function entity with the ProSe application server is PC2, which is configured for implementation of the application of D2D discovery service. There are PC6 and PC7 interfaces between the ProSe function entities, respectively, which are configured for the case of roaming and the case of non-roaming, respectively, and the PC7 interface is used when the UE roams, and the PC6 interface is used for when the UE does not roam. The two interfaces are configured for performing information exchange between the two ProSe function entities when the UE performs the D2D discovery service.
The D2D discovery service may be classified into two modes, mode A and mode B. A discovery service of mode B includes four processes, which are a passive terminal process, an active terminal process, a query process and a matching process. In the four processes, integrity protection is not performed on a discovery response message of a passive terminal, a discovery response message of an active terminal, a query request message sent by the active terminal to the passive terminal, a query response message sent by the passive terminal to the active terminal, and the matching report message of the active terminal, and there exists a threat of replay attack by an attacker.