A short-distance communication service (Proximity Service, ProSe) technology is mainly: establishing a secure communications channel between two user terminals (User Equipment, UE) that are at a relatively short distance from each other, so that data can be securely exchanged when the two UEs perform end-to-end data transmission. The ProSe technology mainly includes two parts: ProSe Discovery and ProSe Communication. In a ProSe Discovery phase, the foregoing two UEs need to detect each other by using an evolved universal terrestrial radio access network (E-UTRAN) or another non-network node technology to implement authentication on identities of both parties. In a ProSe Communication phase, the foregoing two UEs need to establish a secure communications channel by using the E-UTRAN or another non-network node technology, and secure data communication may be performed after the secure communications channel is established. In specific application of the ProSe technology, UE may access an evolved packet core network (EPC) by using a UE-to-network relay (UE-R). In some specific application scenarios, the UE may not be covered by an EPC network signal, but the UE-R is covered by an EPC network signal. In this case, the UE may access the EPC network by using the UE-R. In the foregoing scenario, the UE may access the EPC network by using the UE-R, and there may be a security threat that unauthorized UE accesses the network during access to the EPC network by UE. Therefore, a corresponding safety measure is required to prevent the unauthorized UE from accessing the network.
In the prior art, an Authentication, Authorization and Accounting (AAA) server (a home subscriber server) and the UE-R are used to complete authentication between remote UE and a network by using an Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) authentication protocol. In the prior art, the EAP-AKA protocol is used to perform authentication on the UE, and therefore the UE needs to support evolved packet system (EPS) AKA authentication and further needs to support EAP-AKA authentication, which increases complexity and costs of a terminal (that is, the UE), and imposes relatively great impact on an existing protocol. The UE-R also requires a new protocol stack to carry the Radius protocol or the Diameter protocol, which increases complexity and costs of the UE-R. In addition, in the prior art, using the AAA server and the UE-R to complete authentication between the remote UE and the network based on the EAP-AKA authentication protocol requires a large message procedure, resulting in low efficiency in authenticating the UE and a poor user experience effect.