CN117098129A

CN117098129A - Communication method and device

Info

Publication number: CN117098129A
Application number: CN202210520810.4A
Authority: CN
Inventors: 李�赫; 吴�荣; 吴义壮; 雷骜
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2022-05-13
Filing date: 2022-05-13
Publication date: 2023-11-21
Also published as: WO2023216932A1

Abstract

The application provides a communication method and a device, wherein the method can comprise the following steps: the remote terminal equipment generates a nearby service relay user key identifier, wherein the nearby service relay user key identifier comprises first indication information, and the first indication information is used for indicating one or more of the following: the name of the key identification of the adjacent service relay user, the type of the key identification of the adjacent service relay user, the function of the key identification of the adjacent service relay user and the application scene of the key identification of the adjacent service relay user; the remote terminal device sends a direct communication request message to the relay terminal device, wherein the direct communication request message comprises the key identifier of the adjacent service relay user. By the scheme, the network element which receives the key identification of the adjacent service relay user can accurately identify the identification.

Description

Communication method and device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a communications method and apparatus.

Background

In current communication systems or communication flows, often identifications are used, which are usually used to identify the identity of a user, or to identify a certain network element, or to identify a certain key, or to identify a certain session, etc. When a network element receives an identity, operations may be performed based on the identity. But if the network element cannot recognize the identity, it may not be able to perform the correct procedure based on the identifier, or may perform the wrong procedure. For example, in a Control Plane (CP) flow of the proximity service (proximity based service, proSe), the authentication server function (authentication server function, AUSF) network element may receive both the user hidden identity (subscription concealed identifier, sui) from the access and mobility management function (access and mobility management function, AMF) network element and the fifth generation proximity service relay user key identity (5th generationproximity based service relay user key identification,5G PRUK ID) from the AMF, and the 5G PRUK ID is consistent with the format of the sui, in some cases the AUSF may not be able to distinguish whether the received identity is the sui or the 5G PRUK ID. Thus, how to identify different identifications is a current consideration.

Disclosure of Invention

The application provides a communication method and a communication device, which can be used for identifying key identifiers of adjacent service relay users.

In a first aspect, a communication method is provided, which may be performed by a remote terminal device, or may also be performed by a component (e.g., a chip or a circuit) of the remote terminal device, which is not limited thereto. For convenience of description, an example will be described below as being performed by a remote terminal device.

The method comprises the following steps: the remote terminal equipment generates a key identifier of a relay user of the adjacent service; the remote terminal device sends a direct communication request message to the relay terminal device, wherein the direct communication request message comprises the key identifier of the adjacent service relay user.

With reference to the first aspect, in certain implementation manners of the first aspect, the proximity service relay user key identifier includes first indication information, where the first indication information is used to indicate one or more of the following: the name of the adjacent service relay user key identification, the type of the adjacent service relay user key identification, the function of the adjacent service relay user key identification and the application scene of the adjacent service relay user key identification.

Based on the above scheme, when the remote terminal device generates the key identifier of the adjacent service relay user, the remote terminal device can add the first indication information into the key identifier of the adjacent service relay user, and can distinguish the key identifier of the adjacent service relay user from other identifiers through the first indication information.

By the scheme, when a network element or equipment receives the key identification of the adjacent service relay user, the identification can be identified according to the first indication information.

With reference to the first aspect, in certain implementation manners of the first aspect, the generating, by the remote terminal device, a proximity service relay user key identifier includes: the remote terminal device generates the adjacent service relay user key identification according to a preset format, wherein the preset format is associated with the adjacent service relay user key identification.

Based on the scheme, when the remote terminal equipment generates the adjacent service relay user key identification, the adjacent service relay user key identification can be generated based on the preset format, so that the adjacent service relay user key identification and other identifications can be distinguished through the format of the adjacent service relay user key identification.

By the scheme, when receiving the key identification of the adjacent service relay user, other network elements or equipment can identify the identification according to the format of the key identification of the adjacent service relay user.

With reference to the first aspect, in certain implementations of the first aspect, the identification is carried on an information element included in the direct communication request message, the information element including second indication information for indicating one or more of: the name of the adjacent service relay user key identification, the type of the adjacent service relay user key identification, the function of the adjacent service relay user key identification and the application scene of the adjacent service relay user key identification.

Based on the above scheme, when the remote terminal device transmits the key identifier of the adjacent service relay user, the remote terminal device can carry the second indication information in the information element carrying the key identifier of the adjacent service relay user, and can distinguish the key identifier of the adjacent service relay user from other identifiers through the first indication information.

By the scheme, when receiving the key identification of the adjacent service relay user, other network elements or equipment can identify the identification according to the second indication information in the information element carrying the key identification of the adjacent service relay user.

With reference to the first aspect, in certain implementations of the first aspect, a message name of the direct communication request message is associated with the proximity service relay user key identification.

Based on the above scheme, when the remote terminal device transmits the key identification of the adjacent service relay user, the remote terminal device can select the message with the message name associated with the key identification of the adjacent service relay user to transmit the key identification of the adjacent service relay user, and the key identification of the adjacent service relay user and other identifications can be distinguished by bearing the message name of the message of the key identification of the adjacent service relay user.

Through the scheme, after other network elements or equipment receive the key identification of the adjacent service relay user through a message, the key identification of the adjacent service relay user can be identified according to the message name of the message.

In a second aspect, a communication method is provided, which may be performed by an authentication server function network element, or may also be performed by a component (e.g. a chip or a circuit) of the authentication server function network element, which is not limited thereto. For ease of description, the following description will be given by way of example as being performed by an authentication server function network element.

The method comprises the following steps: the authentication server functional network element receives a proximity service authentication request message from the mobile management network element, wherein the proximity service authentication request message comprises an identifier; the authentication server functional network element determines the identity as a key identity of a relay user close to the service; the authentication server functional network element obtains the adjacent service relay user key corresponding to the identifier from the adjacent service anchor functional network element according to the identifier.

Based on the above scheme, after the authentication server functional network element obtains an identifier from the adjacent service authentication request message, the identifier can be identified, and under the condition that the identifier is determined to be the adjacent service relay user key identifier, the authentication server functional network element obtains the adjacent service relay user key from the service anchor functional network element according to the identifier.

Optionally, under the condition that the identifier is determined to be the user hidden identifier, the authentication server functional network element executes an authentication procedure on the remote terminal device corresponding to the user hidden identifier.

With reference to the second aspect, in certain implementations of the second aspect, the identification includes first indication information, where the first indication information is used to indicate one or more of: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the authentication server function network element determines the identifier as a nearby service relay user key identifier, and comprises the following steps: the authentication server functional network element determines the identity as the adjacent service relay user key identity according to the first indication information.

Based on the above scheme, if the identifier acquired by the authentication server functional network element carries the first indication information, the authentication server functional network element can identify the identifier according to the first indication information. For example, the first indication information indicates one or more of: the name of the key identifier of the adjacent service relay user, the type of the key identifier of the adjacent service relay user, the function of the key identifier of the adjacent service relay user and the application scene of the key identifier of the adjacent service relay user. In this case the authentication server function network element can determine that the identity is a neighbouring service relay user key identity. The above scheme may be used to identify nearby traffic relay user key identities or, alternatively, the above scheme may be used to identify different identities.

With reference to the second aspect, in some implementations of the second aspect, the format of the identifier is the same as a preset format of an identifier of a relay user key of an adjacent service; the authentication server function network element determines the identifier as a nearby service relay user key identifier, and comprises the following steps: the authentication server functional network element determines the identity as a key identity of the adjacent service relay user according to the format of the identity.

Based on the above scheme, after the authentication server functional network element obtains an identifier, the identifier can be identified according to the format of the identifier. For example, the authentication server functional network element is preconfigured with a plurality of different identities and formats corresponding to the different identities, including the adjacent service relay user key identity and the format corresponding thereto. It will be appreciated that the format to which the different identifiers correspond should be different. After the authentication server functional network element obtains an identifier, if the format of the identifier is found to be the same as the format of the preset adjacent service relay user key identifier, the authentication server functional network element determines that the identifier is the adjacent service relay user key identifier.

With reference to the second aspect, in certain implementations of the second aspect, the identification is carried on an information element, the information element including second indication information for indicating one or more of: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the authentication server function network element determines the identifier as a nearby service relay user key identifier, and comprises the following steps: the authentication server functional network element determines the identity as the adjacent service relay user key identity according to the second indication information.

Based on the above scheme, after the authentication server functional network element obtains an identifier, if the information element carrying the identifier includes second indication information, the authentication server functional network element may identify the identifier according to the second indication information. For example, the second indication information indicates one or more of: the name of the key identifier of the adjacent service relay user, the type of the key identifier of the adjacent service relay user, the function of the key identifier of the adjacent service relay user and the application scene of the key identifier of the adjacent service relay user. In this case the authentication server function network element can determine that the identity is a neighbouring service relay user key identity. The above scheme may be used to identify nearby traffic relay user key identities or, alternatively, the above scheme may be used to identify different identities.

Alternatively, the second indication information may be a name of the information element, or may be information such as an identification type included in the information element.

With reference to the second aspect, in some implementations of the second aspect, a message name of the proximity service authentication request message has an association relationship with the proximity service relay user key identifier; the authentication server function network element determines the identifier as a nearby service relay user key identifier, and comprises the following steps: the authentication server functional network element determines the identifier as the adjacent service relay user key identifier according to the message name of the adjacent service authentication request message and the association relation.

Based on the above scheme, after the authentication server functional network element obtains an identifier, the identifier can be identified according to the message name of the message carrying the identifier. For example, the authentication server function network element is preconfigured with a correspondence between a plurality of different identities and message names of messages for carrying the identities, including a close-by service relay user key identity and a name of a message for carrying the close-by service relay user key identity. It will be appreciated that the message names of the messages corresponding to the different identities should be different. After the authentication server functional network element obtains an identifier, if the message name of the message carrying the identifier is found to be the same as the preset message name of the message carrying the adjacent service relay user key identifier, the authentication server functional network element determines that the identifier is the adjacent service relay user key identifier.

In a third aspect, a communication method is provided, which may be performed by a remote terminal device, or may also be performed by a component (e.g., a chip or a circuit) of the remote terminal device, which is not limited thereto. For convenience of description, an example will be described below as being performed by a remote terminal device.

The method comprises the following steps: the remote terminal equipment generates a nearby service relay user key identifier, wherein the nearby service relay user key identifier comprises first indication information, and the first indication information is used for indicating one or more of the following: the name of the key identification of the adjacent service relay user, the type of the key identification of the adjacent service relay user, the function of the key identification of the adjacent service relay user and the application scene of the key identification of the adjacent service relay user; the remote terminal device sends a direct communication request message to the relay terminal device, wherein the direct communication request message comprises the key identifier of the adjacent service relay user.

In a fourth aspect, a communication method is provided, which may be performed by a remote terminal device, or may also be performed by a component (e.g., a chip or a circuit) of the remote terminal device, which is not limited thereto. For convenience of description, an example will be described below as being performed by a remote terminal device.

The method comprises the following steps: the remote terminal equipment generates the key identification of the adjacent service relay user according to a preset format, wherein the preset format is associated with the key identification of the adjacent service relay user; the remote terminal device sends a direct communication request message to the relay terminal device, wherein the direct communication request message comprises the key identifier of the adjacent service relay user.

In a fifth aspect, a communication method is provided, which may be performed by a remote terminal device, or may also be performed by a component (e.g., a chip or a circuit) of the remote terminal device, which is not limited thereto. For convenience of description, an example will be described below as being performed by a remote terminal device.

The method comprises the following steps: the remote terminal equipment generates a key identifier of a relay user of the adjacent service; the remote terminal device sends a direct communication request message to the relay terminal device, wherein the direct communication request message comprises a key identifier of the relay user of the adjacent service, the identifier is carried in an information element, the information element comprises second indication information, and the second indication information is used for indicating one or more of the following: the name of the adjacent service relay user key identification, the type of the adjacent service relay user key identification, the function of the adjacent service relay user key identification and the application scene of the adjacent service relay user key identification.

In a sixth aspect, a communication method is provided, which may be performed by a remote terminal device, or may also be performed by a component (e.g., a chip or a circuit) of the remote terminal device, which is not limited thereto. For convenience of description, an example will be described below as being performed by a remote terminal device.

The method comprises the following steps: the remote terminal equipment generates a key identifier of a relay user of the adjacent service; the remote terminal device sends a direct communication request message to the relay terminal device, wherein the direct communication request message comprises the key identification of the adjacent service relay user, and the message name of the direct communication request message is related to the key identification of the adjacent service relay user.

In a seventh aspect, a communication method is provided, which may be performed by the authentication server function network element, or may also be performed by a component (e.g. a chip or a circuit) of the authentication server function network element, which is not limited thereto. For ease of description, the following description will be given by way of example as being performed by an authentication server function network element.

The method comprises the following steps: the authentication service function network element generates a nearby service relay user key and a nearby service relay user key identifier, wherein the nearby service relay user key identifier comprises first indication information, and the first indication information is used for indicating one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the authentication service function network element sends the adjacent service relay user key and the adjacent service relay user key identification to the adjacent service anchor function network element.

Based on the above scheme, when the authentication server functional network element generates the key identifier of the adjacent service relay user, the first indication information can be added in the key identifier of the adjacent service relay user, and the key identifier of the adjacent service relay user and other identifiers can be distinguished through the first indication information.

In an eighth aspect, a communication method is provided, which may be performed by an authentication server function network element, or may also be performed by a component (such as a chip or a circuit) of the authentication server function network element, which is not limited thereto. For ease of description, the following description will be given by way of example as being performed by an authentication server function network element.

The method comprises the following steps: the authentication service function network element generates a key of a relay user adjacent to the service; the authentication service function network element generates a key identifier of the adjacent service relay user according to a preset format; the authentication service function network element sends the adjacent service relay user key and the adjacent service relay user key identification to the adjacent service anchor function network element.

Based on the scheme, when the authentication server functional network element generates the key identification of the adjacent service relay user, the key identification of the adjacent service relay user can be generated based on a preset format, so that the key identification of the adjacent service relay user and other identifications can be distinguished through the format of the key identification of the adjacent service relay user.

In a ninth aspect, there is provided a communication method, which may be performed by a relay terminal device or may also be performed by a component (e.g., a chip or a circuit) of the relay terminal device, which is not limited. For convenience of description, an example will be described below in which it is executed by the relay terminal device.

The method comprises the following steps: the relay terminal equipment receives a direct communication request message from the remote terminal equipment, wherein the direct communication request message comprises a key identifier of a relay user of adjacent service; the relay terminal device sends a relay key request message to the mobile management network element, wherein the relay key request message comprises an information element for bearing the key identification of the relay user of the adjacent service, and the information element comprises second indication information for indicating one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier.

Based on the above scheme, after the relay terminal device receives the key identifier of the adjacent service relay user from the remote terminal device, when the key identifier of the adjacent service relay user is transmitted, the information element carrying the key identifier of the adjacent service relay user can carry second indication information, and the key identifier of the adjacent service relay user can be distinguished from other identifiers through the first indication information.

In a tenth aspect, a communication method is provided, which may be performed by a mobility management element, or may also be performed by a component (e.g. a chip or a circuit) of the mobility management element, which is not limited. For ease of description, the following description will be given by taking an example of execution by a mobility management network element.

The method comprises the following steps: the mobile management network element receives a relay key request message from a relay terminal device, wherein the relay key request message comprises a key identifier of a relay user close to a service; the mobile management network element selects the adjacent service authentication request message to send the adjacent service relay user key identification to the authentication service function network element, and the message name of the adjacent service authentication request message and the adjacent service relay user key identification have an association relation.

Based on the above scheme, after receiving the key identifier of the adjacent service relay user, the mobile management network element can select a message with a message name associated with the key identifier of the adjacent service relay user to transmit the key identifier of the adjacent service relay user, and can distinguish the key identifier of the adjacent service relay user from other identifiers by bearing the message name of the message of the key identifier of the adjacent service relay user.

In an eleventh aspect, a communication method is provided, which may be performed by the authentication server function network element, or may also be performed by a component (such as a chip or a circuit) of the authentication server function network element, which is not limited thereto. For ease of description, the following description will be given by way of example as being performed by an authentication server function network element.

The method comprises the following steps: the authentication server function network element receives a proximity service authentication request message from the mobility management network element, the proximity service authentication request message comprising an identity, the identity comprising first indication information, the first indication information being for indicating one or more of: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the authentication server functional network element determines the identity as the key identity of the adjacent service relay user according to the first indication information; the authentication server functional network element obtains the adjacent service relay user key corresponding to the identifier from the adjacent service anchor functional network element according to the identifier.

In a twelfth aspect, a communication method is provided, which may be performed by an authentication server function network element, or may also be performed by a component (such as a chip or a circuit) of the authentication server function network element, which is not limited thereto. For ease of description, the following description will be given by way of example as being performed by an authentication server function network element.

The method comprises the following steps: the authentication server functional network element receives a nearby service authentication request message from the mobile management network element, wherein the nearby service authentication request message comprises an identifier, and the format of the identifier is the same as that of a preset nearby service relay user key identifier; the authentication server functional network element determines the identifier as a key identifier of a relay user of the adjacent service according to the format of the identifier; the authentication server functional network element obtains the adjacent service relay user key corresponding to the identifier from the adjacent service anchor functional network element according to the identifier.

In a thirteenth aspect, a communication method is provided, which may be performed by the authentication server function network element, or may also be performed by a component (e.g. a chip or a circuit) of the authentication server function network element, which is not limited thereto. For ease of description, the following description will be given by way of example as being performed by an authentication server function network element.

The method comprises the following steps: the authentication server function network element receives a proximity service authentication request message from the mobility management network element, the proximity service authentication request message comprising an identity carried by an information element comprising second indication information for indicating one or more of: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the authentication server functional network element determines the identity as the key identity of the adjacent service relay user according to the second indication information; the authentication server functional network element obtains the adjacent service relay user key corresponding to the identifier from the adjacent service anchor functional network element according to the identifier.

In a fourteenth aspect, a communication method is provided, which may be performed by an authentication server function network element, or may also be performed by a component (e.g. a chip or a circuit) of the authentication server function network element, which is not limited thereto. For ease of description, the following description will be given by way of example as being performed by an authentication server function network element.

The method comprises the following steps: the authentication server functional network element receives a nearby service authentication request message from the mobile management network element, wherein the nearby service authentication request message comprises an identifier, and the message name of the nearby service authentication request message has an association relationship with the nearby service relay user key identifier; the authentication server functional network element determines the identification as the adjacent service relay user key identification according to the message name of the adjacent service authentication request message and the association relation; the authentication server functional network element obtains the adjacent service relay user key corresponding to the identifier from the adjacent service anchor functional network element according to the identifier.

In a fifteenth aspect, there is provided a communication apparatus comprising: the processing module is used for generating a key identifier of the adjacent service relay user; and the receiving and transmitting module is used for sending a direct communication request message to the relay terminal equipment, wherein the direct communication request message comprises the key identification of the adjacent service relay user.

With reference to the fifteenth aspect, in certain implementations of the fifteenth aspect, the proximity service relay user key identification includes first indication information, where the first indication information is used to indicate one or more of: the name of the adjacent service relay user key identification, the type of the adjacent service relay user key identification, the function of the adjacent service relay user key identification and the application scene of the adjacent service relay user key identification.

With reference to the fifteenth aspect, in certain implementation manners of the fifteenth aspect, the processing module is specifically configured to generate the adjacent service relay user key identifier according to a preset format, where the preset format is associated with the adjacent service relay user key identifier.

With reference to the fifteenth aspect, in certain implementations of the fifteenth aspect, the identification is carried on an information element that includes second indication information for indicating one or more of: the name of the adjacent service relay user key identification, the type of the adjacent service relay user key identification, the function of the adjacent service relay user key identification and the application scene of the adjacent service relay user key identification.

With reference to the fifteenth aspect, in some implementations of the fifteenth aspect, a message name of the direct communication request message is associated with the proximity service relay user key identification.

In a sixteenth aspect, there is provided a communication device comprising: the receiving and transmitting module is used for receiving a nearby service authentication request message from the mobile management network element, wherein the nearby service authentication request message comprises an identifier; the processing module is used for determining that the identifier is an adjacent service relay user key identifier; and the processing module is also used for acquiring the adjacent service relay user key corresponding to the identifier from the adjacent service anchor point functional network element according to the identifier.

With reference to the sixteenth aspect, in certain implementations of the sixteenth aspect, the identification includes first indication information, the first indication information being used to indicate one or more of: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the processing module is specifically configured to determine, according to the first indication information, that the identifier is an identifier of a key of a relay user adjacent to the service.

With reference to the sixteenth aspect, in certain implementations of the sixteenth aspect, the format of the identifier is the same as a format of a preset adjacent service relay user key identifier; the processing module is specifically configured to determine, according to the format of the identifier, that the identifier is a key identifier of a relay user adjacent to the service.

With reference to the sixteenth aspect, in certain implementations of the sixteenth aspect, the identification is carried on an information element that includes second indication information for indicating one or more of: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the processing module is specifically configured to determine, according to the second indication information, that the identifier is a key identifier of a relay user adjacent to the service.

With reference to the sixteenth aspect, in certain implementations of the sixteenth aspect, the message name of the proximity service authentication request message has an association with the proximity service relay user key identification; the processing module is specifically configured to determine that the identifier is a key identifier of the adjacent service relay user according to the message name of the adjacent service authentication request message and the association relationship.

In a seventeenth aspect, there is provided a communication apparatus comprising: the processing module is used for generating a nearby service relay user key identifier, wherein the nearby service relay user key identifier comprises first indication information, and the first indication information is used for indicating one or more of the following: the name of the key identification of the adjacent service relay user, the type of the key identification of the adjacent service relay user, the function of the key identification of the adjacent service relay user and the application scene of the key identification of the adjacent service relay user; and the receiving and transmitting module is used for sending a direct communication request message to the relay terminal equipment, wherein the direct communication request message comprises the key identification of the adjacent service relay user.

In an eighteenth aspect, there is provided a communication apparatus comprising: the processing module is used for generating the adjacent service relay user key identification according to a preset format, wherein the preset format is associated with the adjacent service relay user key identification; and the receiving and transmitting module is used for sending a direct communication request message to the relay terminal equipment, wherein the direct communication request message comprises the key identification of the adjacent service relay user.

In a nineteenth aspect, there is provided a communication apparatus comprising: the processing module is used for generating a key identifier of the adjacent service relay user; the receiving and transmitting module is used for sending a direct communication request message to the relay terminal equipment, the direct communication request message comprises the key identifier of the adjacent service relay user, the identifier is carried in an information element, the information element comprises second indication information, and the second indication information is used for indicating one or more of the following: the name of the adjacent service relay user key identification, the type of the adjacent service relay user key identification, the function of the adjacent service relay user key identification and the application scene of the adjacent service relay user key identification.

In a twentieth aspect, there is provided a communication device comprising: the processing module is used for generating a key identifier of the adjacent service relay user; and the receiving and transmitting module is used for sending a direct communication request message to the relay terminal equipment, wherein the direct communication request message comprises the key identification of the adjacent service relay user, and the message name of the direct communication request message is related to the key identification of the adjacent service relay user.

In a twenty-first aspect, there is provided a communication device comprising: the processing module is used for generating a nearby service relay user key and a nearby service relay user key identifier, wherein the nearby service relay user key identifier comprises first indication information, and the first indication information is used for indicating one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; and the receiving and transmitting module is used for transmitting the adjacent service relay user key and the adjacent service relay user key identification to the adjacent service anchor point functional network element.

In a twenty-second aspect, there is provided a communication apparatus comprising: the processing module is used for generating a key of the adjacent service relay user; generating a key identifier of the adjacent service relay user according to a preset format; and the receiving and transmitting module is used for transmitting the adjacent service relay user key and the adjacent service relay user key identification to the adjacent service anchor point functional network element.

In a twenty-third aspect, there is provided a communication apparatus comprising: the receiving and transmitting module is used for receiving a direct communication request message from the remote terminal equipment, wherein the direct communication request message comprises a key identifier of a nearby service relay user; the transceiver module is further configured to send a relay key request message to the mobility management network element, where the relay key request message includes an information element for carrying a relay user key identifier of an adjacent service, and the information element includes second indication information, where the second indication information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier.

In a twenty-fourth aspect, there is provided a communication apparatus comprising: the receiving and transmitting module is used for receiving a relay key request message from the relay terminal equipment, wherein the relay key request message comprises a key identifier of a relay user close to the service; and the processing module is used for selecting the adjacent service authentication request message to send the adjacent service relay user key identification to the authentication service function network element, and the message name of the adjacent service authentication request message and the adjacent service relay user key identification have an association relation.

In a twenty-fifth aspect, there is provided a communication apparatus comprising: a transceiver module, configured to receive a proximity service authentication request message from a mobility management network element, where the proximity service authentication request message includes an identifier, and the identifier includes first indication information, where the first indication information is used to indicate one or more of: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the processing module is used for determining the identification as the key identification of the adjacent service relay user according to the first indication information; the processing module is further configured to obtain, from the adjacent service anchor functional network element according to the identifier, an adjacent service relay user key corresponding to the identifier.

In a twenty-sixth aspect, there is provided a communication apparatus comprising: the receiving and transmitting module is used for receiving a nearby service authentication request message from the mobile management network element, wherein the nearby service authentication request message comprises an identifier, and the format of the identifier is the same as the format of a preset nearby service relay user key identifier; the processing module is used for determining the identifier as the key identifier of the adjacent service relay user according to the format of the identifier; the processing module is further configured to obtain, from the adjacent service anchor functional network element according to the identifier, an adjacent service relay user key corresponding to the identifier.

In a twenty-seventh aspect, there is provided a communication apparatus comprising: a transceiver module, configured to receive a proximity service authentication request message from a mobility management network element, where the proximity service authentication request message includes an identifier, where the identifier is carried by an information element, and the information element includes second indication information, where the second indication information is used to indicate one or more of: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; the processing module is used for determining the key identifier which is adjacent to the service relay user key identifier according to the second indication information; the processing module is further configured to obtain, from the adjacent service anchor functional network element according to the identifier, an adjacent service relay user key corresponding to the identifier.

In a twenty-eighth aspect, there is provided a communication apparatus comprising: the receiving and transmitting module is used for receiving a nearby service authentication request message from the mobile management network element, wherein the nearby service authentication request message comprises an identifier, and the message name of the nearby service authentication request message has an association relationship with the nearby service relay user key identifier; the processing module is used for determining the identifier as the adjacent service relay user key identifier according to the message name of the adjacent service authentication request message and the association relation; the processing module is further configured to obtain, from the adjacent service anchor functional network element according to the identifier, an adjacent service relay user key corresponding to the identifier.

A twenty-ninth aspect provides a communication device for performing any of the methods provided in the first to fourteenth aspects above. In particular, the apparatus may comprise means and/or modules, such as processing modules and/or transceiver modules (which may also be referred to as communication modules), for performing the methods provided in the first to fourteenth aspects.

In one implementation, the apparatus is a terminal device (e.g., a remote terminal device or a relay terminal device). Or a chip, a system of chips or a circuit in the terminal device. When the device is a chip, a chip system or a circuit in the terminal equipment, the communication module can be an input/output interface, an interface circuit, an output circuit, an input circuit, a pin or a related circuit and the like on the chip, the chip system or the circuit; the processing module may be a processor, a processing circuit, a logic circuit, or the like. In this case, the apparatus may comprise means and/or modules, such as a processing unit and/or a communication unit, for performing the methods of the first, third to sixth and ninth aspects.

In a further possibility, the device is an authentication server function network element, or a chip, a system of chips or a circuit in an authentication server function network element. In this case, the apparatus may comprise means and/or modules, such as a processing module and/or a transceiver module, for performing the methods provided in the second, seventh, eighth, eleventh to fourteenth aspects.

In yet another possibility, the device is a mobility management element, or a chip, a system-on-chip or a circuit in a mobility management element. In this case, the apparatus may comprise means and/or modules, such as a processing module and/or a transceiver module, for performing the method provided in the tenth aspect.

Alternatively, the transceiver may be a transceiver circuit. Alternatively, the input/output interface may be an input/output circuit.

In a thirty-third aspect, there is provided a communication device comprising: a memory for storing a program; a processor for executing a memory-stored program, the processor being for performing any one of the methods provided in the first to fourteenth aspects above, when the memory-stored program is executed.

In a thirty-first aspect, the present application provides a processor for performing the method provided in the above aspects. In executing these methods, the process of transmitting the above information and acquiring/receiving the above information in the above methods can be understood as a process of outputting the above information by a processor and a process of receiving the above information inputted by the processor. When outputting the information, the processor outputs the information to the transceiver for transmission by the transceiver. This information, after being output by the processor, may also require additional processing before reaching the transceiver. Similarly, when the processor receives the input of the above information, the transceiver acquires/receives the above information and inputs it to the processor. Further, after the transceiver receives the information, the information may need to be further processed and then input to the processor.

Based on the above principle, for example, the reception request message mentioned in the foregoing method may be understood as information that the processor receives input.

With respect to operations such as transmitting, transmitting and acquiring/receiving, etc., which are referred to by a processor, unless otherwise specified, or if not contradicted by actual or inherent logic in the relevant description, operations such as outputting and receiving, inputting, etc., by the processor are more generally understood as being operations such as transmitting, transmitting and receiving, etc., rather than directly by radio frequency circuitry and antennas.

In implementation, the processor may be a processor dedicated to performing the methods, or may be a processor that executes computer instructions in a memory to perform the methods, e.g., a general purpose processor. The memory may be a non-transitory (non-transitory) memory, such as a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately provided on different chips, and the type of the memory and the manner in which the memory and the processor are provided are not limited in the embodiments of the present application.

In a thirty-second aspect, there is provided a computer-readable storage medium storing program code for execution by a device, the program code comprising instructions for performing any one of the methods provided in the first to fourteenth aspects above.

In a thirty-third aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform any of the methods provided in the first to fourteenth aspects above.

In a thirty-fourth aspect, there is provided a chip comprising a processor and a communication interface through which the processor reads instructions stored on a memory, performing any of the methods provided in the first to fourteenth aspects above.

Optionally, as an implementation manner, the chip may further include a memory, where the memory stores instructions, and the processor is configured to execute the instructions stored on the memory, where the instructions, when executed, are configured to perform any of the methods provided in the first aspect to the fourteenth aspect.

In a thirty-fifth aspect, a communication system is provided comprising the aforementioned authentication server function network element and a mobility management network element.

Optionally, the communication system may further comprise the above-mentioned remote terminal device.

Optionally, the communication system may further include the above-mentioned relay terminal device.

Drawings

Fig. 1 (a) and fig. 1 (b) are schematic diagrams illustrating a network architecture to which an embodiment of the present application is applied.

Fig. 2 shows a schematic diagram of a configuration of a user hidden identifier.

Fig. 3 illustrates an exemplary flow chart of a method 300 provided by an embodiment of the application.

Fig. 4 illustrates an exemplary flow chart of a method 400 provided by an embodiment of the application.

Fig. 5 is a schematic block diagram of a communication apparatus provided in one embodiment of the present application.

Fig. 6 is a schematic block diagram of a communication device provided in another embodiment of the present application.

Fig. 7 is a schematic block diagram of a communication apparatus provided in accordance with yet another embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings. The specific method of operation in the method embodiment may also be applied to the device embodiment or the system embodiment. In the description of the present application, unless otherwise indicated, the meaning of "a plurality" is two or more.

In various embodiments of the application, where no special description or logic conflict exists, terms and/or descriptions between the various embodiments are consistent and may reference each other, and features of the various embodiments may be combined to form new embodiments based on their inherent logic.

It will be appreciated that the various numerical numbers referred to in this disclosure are merely for ease of description and are not intended to limit the scope of the present application. The sequence number of each process does not mean the sequence of the execution sequence, and the execution sequence of each process should be determined according to the function and the internal logic.

The terms first, second, third, fourth and the like in the description and in the claims and in the above-described figures, and the like, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

The technical scheme provided by the application can be applied to various communication systems, such as: fifth generation (5th generation,5G) or New Radio (NR) systems, long term evolution (long term evolution, LTE) systems, LTE frequency division duplex (frequency division duplex, FDD) systems, LTE time division duplex (time division duplex, TDD) systems, and the like. The technical scheme provided by the application can also be applied to future communication systems, such as a sixth generation mobile communication system. The technical solution provided by the present application may also be applied to device-to-device (D2D) communication, vehicle-to-everything (V2X) communication, machine-to-machine (machine to machine, M2M) communication, machine type communication (machine type communication, MTC), and internet of things (internet of things, ioT) communication systems or other communication systems.

The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. Wherein, in the description of the present application, "/" means that the related objects are in a "or" relationship, unless otherwise specified, for example, a/B may mean a or B; the "and/or" in the present application is merely an association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B may indicate: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. Also, in the description of the present application, unless otherwise indicated, "a plurality" means two or more than two. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural. In addition, in order to facilitate the clear description of the technical solution of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ. Meanwhile, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion that may be readily understood.

In addition, the network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and as a person of ordinary skill in the art can know, with evolution of the network architecture and appearance of a new service scenario, the technical solution provided by the embodiments of the present application is also applicable to similar technical problems.

In order to facilitate understanding of the embodiments of the present application, an application scenario of the embodiments of the present application will be described in detail below with reference to fig. 1 (a).

Fig. 1 (a) is a schematic diagram of a network architecture suitable for the method provided in the embodiment of the present application. As shown, the network architecture may specifically include the following network elements:

1. user Equipment (UE): may be referred to as a terminal device, terminal, access terminal, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user equipment. The terminal device may also be a cellular telephone, a cordless telephone, a session initiation protocol (session initiation protocol, SIP) phone, a wireless local loop (wireless local loop, WLL) station, a personal digital assistant (personal digital assistant, PDA), a handheld device with wireless communication capabilities, a computing device or other processing device connected to a wireless modem, an in-vehicle device, a drone, a wearable device, a terminal device in a 5G network or a terminal device in an evolved public land mobile network (public land mobile network, PLMN), etc., as embodiments of the present application are not limited in this respect. The UE may be connected to next generation radio access network (next generation radio access network, NG-RAN) devices via a Uu interface, e.g., ue#a and ue#d shown in fig. 1 (a) may be connected to NG-RAN via a Uu interface. Two UEs having proximity service application (proximity-based services application, proSe application) functions may also be connected through a PC5 interface, for example, ue#a shown in fig. 1 (a) is connected to ue#b through a PC5 interface, ue#b is connected to ue#c through a PC5 interface, and ue#a is connected to ue#d through a PC5 interface.

2. Access Network (AN): the network access function is provided for authorized users in a specific area, and transmission tunnels with different qualities can be used according to the level of the users, the requirements of services and the like. The access network may be an access network employing different access technologies. Current access network technologies include: radio access network technology used in the third generation (3rd generation,3G) system, radio access network technology used in the 4G system, NG-RAN technology shown in fig. 1 (a) (e.g., radio access technology used in the 5G system), or the like.

An access network implementing access network functions based on wireless communication technology may be referred to as a radio access network (radio access network, RAN). The radio access network can manage radio resources, provide access service for the terminal, and further complete the forwarding of control signals and user data between the terminal and the core network.

The radio access network device may be, for example, a base station (NodeB), an evolved NodeB (eNB or eNodeB), a next generation base station node (next generation Node Base station, gNB) in a 5G mobile communication system, a base station in a mobile communication system or an Access Point (AP) in a WiFi wireless hotspot (WiFi) system, etc., or may be a radio controller in a cloud radio access network (cloud radio access network, CRAN) scenario, or may be a relay station, an access point, a vehicle-mounted device, a drone, a wearable device, a network device in a 5G network, or a network device in an evolved PLMN, etc. The embodiment of the application does not limit the specific technology and the specific equipment form adopted by the wireless access network equipment.

3. Access management network element: the method is mainly used for mobility management and access management, is responsible for transferring user policies between user equipment and policy control function (policy control function, PCF) network elements, and the like, and can be used for realizing other functions except session management in the functions of a mobility management entity (mobility management entity, MME). Such as lawful interception, or access authorization (or authentication).

In a 5G communication system, the access management network element may be an access and mobility management function (access and mobility management function, AMF) network element. In future communication systems, the access management network element may still be an AMF network element, or may have other names, which is not limited by the present application.

4. Session management network element: the method is mainly used for session management, network interconnection protocol (internet protocol, IP) address allocation and management of user equipment, terminal node of selecting manageable user plane functions, strategy control and charging function interfaces, downlink data notification and the like.

In a 5G communication system, a session management network element may be a session management function (session management function, SMF) network element. In future communication systems, the session management network element may still be an SMF network element, or may have other names, which is not limited by the present application.

5. User plane network element: for packet routing and forwarding, quality of service (quality of services, qoS) handling of user plane data, completion of user plane data forwarding, session/flow level based charging statistics, bandwidth limitation, etc.

In a 5G communication system, the user plane network element may be a user plane function (user plane function, UPF) network element. In future communication systems, the user plane network element may still be a UPF network element, or may have other names, which is not limited by the present application.

6. Data network element: for providing a network for transmitting data.

In a 5G communication system, the data network element may be a Data Network (DN) element. In future communication systems, the data network element may still be a DN network element, or may have other names, which is not limited by the present application.

7. Policy control network element: a unified policy framework for guiding network behavior, providing policy rule information for control plane function network elements (e.g., AMF, SMF network elements, etc.), and the like.

In a 4G communication system, the policy control network element may be a policy and charging rules function (policy and charging rules function, PCRF) network element. In a 5G communication system, the policy control network element may be a policy control function (policy control function, PCF) network element. In future communication systems, the policy control network element may still be a PCF network element, or may have other names, which is not limited by the present application.

8. Data management network element: for handling user equipment identities, access authentication, registration, mobility management etc.

In a 5G communication system, the data management network element may be a unified data management (unified data management, UDM) network element; in a 4G communication system, the data management network element may be a home subscriber server (home subscriber serve, HSS) network element. In future communication systems, the data management network element may still be a UDM network element, or may have other names, which is not limited by the present application.

9. Data warehouse network element: and the access function is used for being responsible for subscription data, policy data, application data and other types of data.

In a 5G communication system, the data warehouse network element may be a unified data warehouse (unified data repository, UDR) network element. In future communication systems, the data warehouse network element may still be a UDR network element, or may have other names, which is not limited by the present application.

10. Network open function (network exposure function, NEF) entity: for securely opening services and capabilities provided by 3GPP network functions, etc., to the outside.

11. ProSe application server (application server, AS): the application function (application function, AF) may be DN, or the AS itself providing ProSe services. The AF with ProSe application server function has all the functions of the AF defined in version 23.501R-15 and has the related functions for ProSe traffic. That is, in the user plane architecture, the ProSe application server communicates with the UE via the path of the UE-RAN-UPF-AF. The ProSe application server may also communicate in the control plane architecture with other Network Functions (NF) in the 5G core network (5G core network,5GC) through the NEF. Such as communicating with the PCF via the NEF. If the ProSe application server is an AF of DN and the AF is a 5GC operator arrangement, the ProSe application server may also communicate directly with other NFs in 5GC, such as PCF, in the control plane architecture, without NEF.

12. 5G direct communication discovery name management function (direct discovery name management function, DDNMF): has the effect of allocating and handling the mapping relationship between the proximity service application identification (ProSe application identifier) and the proximity service application code (ProSe application code) for open proximity service discovery (open ProSe discovery). In limited proximity service discovery (restricted ProSe direct discovery), the 5G DDNMF may communicate with a proximity service application server through a PC2 interface for processing authorization of discovery request (discovery request), and also has the effect of unassigned and processed mapping relation between application identity (application identifier) and codes used in limited proximity services including limited proximity service code (ProSe restricted code), proximity service request code (ProSe query code) and proximity service reply code (ProSe response code).

In the current standard definition, 5G DDNMF is PLMN-granularity, i.e. one PLMN has only one 5G DDNMF. A 5G DDNMF can be uniquely determined by a mobile country code (mobile country code, MCC) and a mobile network code (mobile network code, MNC).

13. Authentication server function (authentication server function, AUSF): the network element authenticates and authorizes the user.

14. Adjacent to the service key management function (ProSe key management function, PKMF): it may be responsible for generating and distributing keys for the PC5 interface connection for UEs using nearby services, which need to interact with the PKMF through the control plane to obtain the keys used by the PC5 interface.

It will be appreciated that the network elements or functions described above may be either network elements in a hardware device, software functions running on dedicated hardware, or virtualized functions instantiated on a platform (e.g., a cloud platform). The network element or the function may be implemented by one device, or may be implemented by a plurality of devices together, or may be a functional module in one device, which is not specifically limited in the embodiment of the present application.

It should also be understood that the network architecture shown in fig. 1 (a) and applicable to the embodiment of the present application is merely an example, and the network architecture applicable to the embodiment of the present application is not limited thereto, and any network architecture capable of implementing the functions of the respective network elements is applicable to the embodiment of the present application.

For example, in some network architectures, network function network element entities such as AMF, SMF, PCF, and UDM are all called Network Function (NF) network elements; alternatively, in other network architectures, the set of AMF, SMF, PCF, UDM, etc. network elements may be referred to as control plane function network elements. Because the UE needs to interact with PKMF and DDNMF through the user plane, network elements such as PKMF and DDNMF may be referred to as user plane network elements.

Fig. 1 (b) shows another communication system architecture diagram of an embodiment of the present application. When the remote terminal device is out of network coverage or has poor signal quality (for example, lower than a preset threshold) with the access network device, the remote terminal device can assist through the relay terminal device, and communication between the remote terminal device and the relay terminal device and communication between the relay terminal device and the access network device are realized. For example, as shown in fig. 1 (b), the remote terminal device may implement communication with the RAN through the relay terminal device.

With the rapid development of mobile communication, the general use of new service types, such as video services, virtual Reality (VR)/augmented reality (augmented reality, AR), and the like, for data services increases the demand of users for bandwidth. The D2D communication allows the UE to directly communicate, so that spectrum resources can be shared with cell users under the control of a cell network, and the utilization rate of the spectrum resources is effectively improved. Currently, D2D communication has been applied in 4G and 5G network systems, collectively referred to as proximity traffic communication (proximity based service, proSe).

When the UE is out of network coverage or has poor communication signals with the RAN, the remote UE (remote UE) may perform auxiliary communication through the relay UE (relay UE), that is, through communication between the remote UE and the relay UE, and communication between the relay UE and the mobile network, so as to achieve that the remote UE obtains a service. By establishing a remote UE-to-relay UE-to-network communication manner, support for UE-to-network communication outside the network coverage can be extended. The manner in which a remote UE communicates to a relay UE to a network may be referred to as UE-to-network relay (UE-to-network relay) communications.

In order to facilitate understanding of the technical solution of the embodiment of the present application, before describing the solution of the embodiment of the present application based on the 5G architecture, some terms or concepts in the 5G to which the embodiment of the present application may relate and network elements to which the present application may relate but are not shown in the network architecture are first described briefly.

1. User permanent identification (subscription permanent identifier SUPI)

SUPI is a 5G globally unique user permanent identifier assigned to each user, comprising four types (SUPI type): IMSI, NSI (network specific identifier), global Line Identifier (GLI), global Cable Identifier (GCI), wherein SUPI of type NSI, GLI, GCI is in NAI format.

Among these, the SUPI in NAI format is a type of SUPI generated by a third party, not an operator, and is a general format expressed in the form of username@realm. Wherein username represents a user name corresponding to SUPI, and realm represents a domain name corresponding to SUPI.

2. User hidden mark (subscription concealed identifier SUCI)

In order not to expose the user's SUPI on the air interface, a result is obtained by computing part of the content in the SUPI, which is part of the user hidden identity (subscription concealed identifier, sui). When the SUPI is in the NAI format, the SUPI is also in the NAI format. The SUCI is in the form of a string, for example, as one example, the SUCI may be: type0.rid678.schidi1.hnkey 27.ecckey < ECC ephemeral public key >. Cip < encryption of0999999999>. MAC tag value > @5gc, mnc015.mcc234.3gpp network org.

Fig. 2 shows one structure of the sui. As shown in fig. 2, the sui mainly contains the following:

SUPI type (SUPI type): the value range is 0-7, wherein 0 represents IMSI;1 represents NSI;2 represents GLI;3 represents GCI;4 to 7 have not been defined.

Home network identifier (Home Network Identifier): labeling the user's registered network. When the SUPI is IMSI, its registration identifier includes MCC and MNC; when SUPI is NAI, the registered network length is variable and represents the character string of the domain name;

When the SUPI type is IMSI, the home network identifier is a mobile country code (mobile country code, MCC) and a mobile network code (mobile network code, MNC). When the SUPI type is NSI, home Network Identifier is a string in the format username@realm. When SUPI type is GCI, home Network Identifier is in the format 5 gc.nc < mnc >. MCC < MCC >.3gpp network org.

Route identification (Routing Indicator): comprises 1-4 decimal data for identifying registered network operators and UICC;

protection method identification (Protection Scheme Id): the algorithm used to identify the SUCI generation includes the following three: NULL-scheme:0, profile < a >:1, profile :2. i.e., protection Scheme Id is 0, indicating that the sui was generated using the NULL-scheme algorithm; protection Scheme Id is 1, indicating that the SUCI was generated using the algorithm Profile < A >; protection Scheme Id is 2, indicating that the SUCI was generated using the algorithm Profile . Wherein Profile < a > and Profile may be referred to as non-null algorithms. If the SUCI is generated by using a null algorithm, the SUPI is not encrypted; if a non-null algorithm (Profile < a > or Profile ) is used to generate the sui, it indicates that the SUPI needs to be encrypted. Profile < a > represents the ECIES algorithm for 256 bits of public key length and Profile represents the ECIES algorithm for 264 bits of public key length.

Home network public key identification (Home Network Public Key Id) where the values 0-255 are provided by the HPLMN with the public key for SUPI protection; when not enabled (null-scheme), the value is 0.

Scheme Output (Scheme Output): consists of a string of variable length or 16 digits, depending on the protection scheme used. Illustratively, for the SUPI in the NAI format, the user name part included in the SUPI is encrypted to obtain the parameter as the schema Output part of the SUPI.

3、5G PRUK ID

The 5G PRUK ID is a key identifier for identifying the 5G PRUK, where the 5G PRUK is a key generated by Kausf.

The 5G PRUK ID is in NAI format, i.e., the 5G PRUK ID consists of username@relam. username includes a route identification Routing Identifier and a KDF computation. The KDF calculation result is obtained by putting Kausf and some input parameters into the KDF for calculation. The input parameters would include the string "PRUK-ID", RSC and SUPI.

4、A-KID

A-KID is a key identification used to identify Kakma, also in NAI format, i.e., username@relay format. username includes a route identification Routing Identifier and a KDF computation. Wherein the KDF calculation result is calculated by putting the AUSF and some input parameters into the KDF by using Kausf. The input parameters would include the string "A-TID" and SUPI.

In current communication systems or communication flows, often identifications are used, which are usually used to identify the identity of a user, or to identify a certain network element, or to identify a certain key, or to identify a certain session, etc. When a network element receives an identity, operations may be performed based on the identity. But if the network element cannot recognize the identity, it may not be able to perform the correct procedure based on the identity, or may perform the wrong procedure. A specific scenario in which the above problem may exist is described below in connection with the communication flow presented in fig. 3.

Fig. 3 shows a Control Plane (CP) procedure, where the CP procedure refers to a procedure in which a remote UE obtains a key for establishing PC5 security with a relay UE through a NAS message of the relay UE. In the flowchart of the method 300, the AMF (Remote) refers to an AMF corresponding to the Remote UE, and the AMF may also be referred to as a Remote AMF; similarly, the AMF (Relay) refers to an AMF of a Relay UE, which may be denoted as a Relay AMF, and the remaining network elements may be interpreted in a similar manner, which is not described here. The CP flow is illustrated below in connection with various steps in method 300, and reference is made to existing protocols for portions that are not described in detail.

S301, the Remote UE registers with the network and performs authentication and authorization through the network.

S302, the Relay UE registers to the network and performs authentication and authorization through the network.

S303, the Remote UE and the Relay UE mutually discover each other.

S304, the Remote UE sends a direct communication request (Direct Communication Request) message to the Relay UE.

In one case, the direct communication request message carries the Remote UE's sui, relay service code (relay service code, RSC), node_1, etc. For example, the Remote UE does not have a 5G PRUK ID stored locally, in which case the Remote UE initiates a direct communication request using the sui. The SUCI is used by the UDM to obtain the SUPI of the Remote UE and authenticate the Remote UE.

In another case, 5G PRUK ID,RSC,Nounce_1 and the like are carried in the direct communication request message. For example, the UE has accessed the network prior to the flow shown in method 300, and the Remote UE obtains and saves the 5G PRUK ID at the last time the network was accessed, in which case the Remote UE initiates a direct communication request using the 5G PRUK ID.

RSC is used for Remote UE and Relay UE to discover each other, and it is used to indicate service information that the Relay can provide for the Remote UE. One relay ue may support multiple different RSCs, but can only carry one RSC at a time of discovery. RSC is issued by the network side to the relay ue and the RemoteUE, and meanwhile, the network side also issues PDU session related parameters, such as DNN or single network slice selection support information (single network slice selection assistance information, S-NSSAI); nounce_1 is used to communicate to the home network of the remote UE as a key generation parameter.

S305, the Relay UE sends a Relay key request (Relay Key Request) message to an AMF (Relay), wherein the AMF is an AMF corresponding to the Relay UE, or the AMF is an AMF for providing access service for the Relay UE, the message is a NAS message, and the message comprises identity information of the Relay UE and information obtained from a direct communication request message from the Remote UE, such as SUCI, RSC, nounce _1; or 5G PRUK ID,RSC,Nounce_1, etc. Wherein the nonce is carried in Nounce_1. The probability of nounce_1 being the same is very low and in most cases different. Thus, it can be appreciated that the Nounce_1 values in SUCI, RSC, nounce _1 and 5G PRUK ID,RSC,Nounce_1 are different.

S306, the AMF authenticates the Relay UE.

Illustratively, after the AMF receives the Relay key request message from the Relay, it checks whether the Relay UE can provide a Relay service, or, alternatively, the AF checks whether the Relay UE can act as a Relay device. If so, a subsequent flow is performed.

S307, the AMF sends a Prose authentication request (nausf_ueauthentication_ ProseAuthenticate Request) message to the AUSF (Remote). Wherein the AUSF corresponds to Remote UE. The Prose authentication request message carries information obtained by the AMF from a Relay key request message received by the Relay UE, for example SUCI, RSC, nounce _1; or 5G PRUK ID,RSC,Nounce_1, etc.

If the Prose authentication request message carries the sui, the AUSF executes the flow corresponding to the case a in fig. 3; if the Prose authentication request message carries a 5G PRUK ID, the AUSF executes the procedure corresponding to case B in fig. 3. The case a and the case B are respectively exemplified below.

Case a:

s308, the AUSF obtains the master authentication parameters through the UDM. Illustratively, the AUSF sends a service request message to the UDM requesting to obtain the primary authentication parameters, and the UDM returns the primary authentication parameters to the AUSF according to the request of the AUSF.

After the AUSF obtains the main authentication parameters, the main authentication flow of the Remote UE is triggered. And the Remote UE performs a main authentication flow through the relay UE and the AUSF of the Remote UE. The specific flow is shown in S309-S314, and the detailed process may refer to the existing protocol, which is not described herein.

S315a, remote UE generates 5G PRUK and 5G PRUK ID.

S315b, AUSF generates a 5G PRUK and a 5G PRUK ID.

Illustratively, after the primary authentication procedure is successful, the AUSF of the Remote UE and the Remote UE each generate a key 5G PRUK and a key identifier 5G PRUK ID, respectively.

S316, the AUSF sends a Prose key registration Request (npinf_prosekey_register Request) message to the PAnF, where the key registration Request message carries the SUPI, PRUK, and 5G PRUK ID.

S317, PAnF sends a Prose key registration response (npinfprosekey Register Response) message to AUSF.

Illustratively, after the PAnF receives the Prose key registration request message from the AUSF, the PRUK and 5G PRUK IDs are saved and associated with the SUPI of the Remote UE. After the save is completed, PAnF sends Prose key registration response message to AUSF.

Case B:

s318, the AUSF sends a Prose key acquisition Request (npinfprosekey_get Request) message to PAnF.

Illustratively, the Prose key acquisition request message includes a 5G PRUK ID, and is used to request acquisition of the 5G PRUK.

S319, PAnF sends a Prose key acquisition Response (npinf_prosekey_get Response) message to AUSF.

Illustratively, after the PAnF receives the Prose key acquisition request message from the AUSF, the 5G PRUK corresponding to the 5GPRUK ID is acquired locally, and then the 5G PRUK is transmitted to the AUSF through a Prose key acquisition response message.

It will be appreciated that the 5G PRUK stored locally by PAnF may be obtained and stored locally in a manner similar to S316 when the Remote UE last accessed the network.

S320, AUSF of Remote UE further generates key K _{NR_ProSe} 。

S321, the AUSF sends a Prose authorization response message to the AMF of the Relay UE. The Prose authorization response message includes K _{NR_ProSe} Nounce_2,5G PRUK ID, etc. Wherein AUSF is generating K _{NR_ProSe} At the time of (1), the K _{NR_ProSe} And Nounce_1 as input parameters to generate Nounce_2.

S322, the AMF sends a Relay key response (Relay Key Response) message to the Relay UE. The relay key response message includes K _{NR_ProSe} Nounce_2,5G PRUK ID, etc.

S323, after receiving the Relay key response message, the Relay UE stores K _{NR_ProSe} And sends a direct security mode command (Direct Security mode command) message to the Remote UE, where the direct security mode command message includes a nonce_2, a 5g PRUK ID, etc.

S324, after the Remote UE receives the direct connection security mode command message from the Relay UE, K is generated _{NR_ProSe} 。

S325, the Remote UE sends a direct connection security mode complete (Direct Security Complete) message to the Relay UE.

S326, the Relay UE sends a direct communication accept (Direct Communication Accept) message to the Remote UE.

As can be seen from the flow shown in the above method 300, if S307 carries the sui of the Remote UE, the AUSF obtains the primary authentication parameter from the UDM (corresponding to S308), and triggers the primary authentication flow for the Remote UE (corresponding to S309-S314). After the primary authentication is successful, the AUSF generates 5G PRUK and 5G PRUK IDs (corresponding to S315 a), and saves the 5G PRUK and 5G PRUK IDs to PAnF (corresponding to S316-S317). It will be appreciated that in this case, the AUSF need not perform S318-S319. If a 5G PRUK ID is carried in S307, the AUSF obtains the 5G PRUK corresponding to the 5G PRUK ID directly through PAnF (corresponding S318-S319). It will be appreciated that in this case the AUSF need not perform S308-S317.

That is, the AUSF needs to determine the flow to be executed next according to whether the identification carried in S307 is the sui or 5G PRUK ID.

However, the 5G PRUK ID is in conformity with the format of the sui, and in some cases, the AUSF may not be able to distinguish whether the received identification is the sui or the 5G PRUK ID. For example, in an extreme scenario, if the 5G PRUK ID is mostly consistent with the sui, the AUSF may not be able to clearly distinguish whether the sui or 5G PRUK ID is received. Specifically, for example, when the AUSF and Remote UE are generating the 5G PRUK ID, the previous part field is converted to type0.rid678 just as the previous several fields in the sui, and at this time the AUSF cannot determine whether the received identifier is the sui or the 5G PRUK ID.

Based on the above, embodiments of the present application provide a communication method 400 that can be used to distinguish between different identifications. The method 400 provided by the embodiment of the present application is described in the following with reference to fig. 4.

A first possible implementation provided by an embodiment of the present application is first described in connection with method 400.

S401a, the remote terminal equipment generates a nearby service relay user key and a nearby service relay user key identifier.

S401b, the authentication server functional network element generates a nearby service relay user key and a nearby service relay user key identifier.

It will be appreciated that the manner in which the remote terminal device and the authentication server function network element generate the adjacent service relay user key and the adjacent service relay user key identifier is the same, and for brevity, the remote terminal device will be described later as an example.

For example, when the remote terminal device generates the adjacent service relay user key identifier, a first indication message may be carried in the adjacent service relay user key identifier to indicate what identifier the adjacent service relay user key identifier is, or the first indication message is used to identify the adjacent service relay user key identifier. For example, the first indication information is used to indicate one or more of the following: the name of the adjacent service relay user key identification, the type of the adjacent service relay user key identification, the function of the adjacent service relay user key identification, the application scenario of the adjacent service relay user key identification, and the like. When a network element receives the key identifier of the adjacent service relay user, the key identifier of the adjacent service relay user can be identified according to the first indication information carried in the key identifier of the adjacent service relay user, or the meaning or effect of the key identifier of the adjacent service relay user is determined, and then the subsequent flow is executed according to the identifier.

It should be noted that, in the embodiment of the present application, identifying a certain identifier refers to determining what identifier is the identifier, or determining the meaning or name of the identifier, or determining the function or function of the identifier, or determining the application scenario of the identifier, or the like. Other similar parts will not be repeated.

In one implementation, S401a and S401b may correspond to S315a and S315b in method 300, in which case the Remote UE in method 300 corresponds to the Remote terminal device in method 400, and the AUSF in method 300 corresponds to the authentication service function element in method 400. The above scheme is applied to the method 300 for exemplary illustration: in S315a and S315b in method 300, the AUSF and Remote UE may carry first indication information, which may be a character string, in the 5G PRUK ID when generating the 5G PRUK ID. In one implementation, the first indication information may indicate (or describe) a usage scenario of the 5G PRUK ID, for example, the first indication information may be a string "5G Prose"; in another implementation, the first indication information may indicate a name (or meaning) of the 5G ruk ID, for example, the first indication information may be a string "5G PRUKID".

The first indication information may be carried at any position in the 5G PRUK ID. For example, the first instruction information may be carried in a username included in the 5G PRUK ID, or may be carried in a realm included in the 5G PRUK ID. The following description will take the first indication information as a character string "5G PRUKID" as an example.

Specifically, the first indication information may be carried at the beginning of the username or realm, for example, the 5G PRUK ID is: "5G PRUKID". Rid678.0123456789@5 gc.mc015.mcc234.3gpp network.org, or alternatively, the 5GPRUK ID is: rid678.0123456789@5G PRUKID ". 5gc.mc015.mcc234.3gpp network.org. It will be appreciated that the "." in the above examples has a connective and differentiating effect. It will also be appreciated that the double prime in "5 gpp ukid" in the above example may be omitted. For example, the 5G PRUK ID is: 5G PRUK ID of either 5G RUKID.rid678.01234556789@5 gc.mnc015.mcc234.3G network.org: rid678.0123456789@5g prukid.5gc.mc015.mcc234.3gpp network.

Alternatively, the first indication information may be carried at the end of the username or realm, for example, the 5G PRUK ID is: rid678.0123456789, "5G PRUKID" @5 gc.mc015.mcc234.3gpp network.org, or the 5G ruk ID is: rid678.0123456789@5 gc.mc015.mcc234.3 gpp network.org. "5G PRUKID".

Alternatively, the first indication information may be carried in the middle of the username or realm, for example, the 5G PRUK ID is: rid678, "5G PRUKID"[email protected], alternatively, the 5GPRUK ID is: rid678.0123456789@5gc. "5G PRUKID". Mc015.mcc234.3 gpp network.

And S402, the authentication server functional network element sends the adjacent service relay user key and the adjacent service relay user key identification to the adjacent service anchor functional network element.

The authentication server functional network element generates a near service relay user key and a near service relay user key identification, and then sends the near service relay user key and the near service relay user key identification to the near service anchor functional network element. Correspondingly, the adjacent service anchor functional network element receives the adjacent service relay user key and the adjacent service relay user key identification from the authentication server functional network element, and then stores the adjacent service relay user key and the adjacent service relay user key identification.

In one implementation, S402 may correspond to S316 in method 300. In this case, PAnF in method 300 may correspond to a nearby traffic anchor functional network element in method 400.

S403, the remote terminal equipment sends a direct communication request message to the relay terminal equipment. Correspondingly, the relay terminal equipment receives the direct communication request message from the far-end terminal equipment.

Illustratively, the remote terminal device carries an identification in the direct communication request message. It can be understood that, in the case that the remote terminal device stores the key identifier of the adjacent service relay user, the identifier is the key identifier of the adjacent service relay user; in the case that the remote terminal device does not store the key identifier of the adjacent service relay user, the identifier is hidden for the user of the remote terminal device.

S404, the relay terminal device sends a relay key request message to the mobility management network element, where the relay key request message includes the identifier received by the relay terminal device from the remote terminal device in S403. Correspondingly, the mobile management network element receives a relay key request message from the relay terminal device.

S405, the mobility management network element sends a proximity service authentication request message to the authentication server function network element, where the proximity service authentication request message includes the identifier received by the mobility management network element from the relay terminal device in S404. Correspondingly, the authentication server function network element receives a proximity service authentication request message from the mobility management network element.

And S406, the authentication server functional network element determines the identification as the key identification of the adjacent service relay user.

Illustratively, the authentication server function network element receives a proximity service authentication request message from the mobility management network element, and then obtains the identification from the proximity service authentication request message. The authentication server function network element then recognizes the identity, or, the authentication server function network element determines what the identity is, or, the authentication server function network element determines the name or meaning of the identity.

In case the identifier carries the first indication information, the authentication server function network element may identify the identifier according to the first indication information. For example, in case the first indication information indicates the name of the neighbouring service relay user key identity, the authentication server function network element determines that the identity is the neighbouring service relay user key identity according to the first indication information.

The above scheme is applied to the method 300 for exemplary illustration: after the AUSF receives the Prose authentication request message from the AMF, the AUSF obtains an identifier from the Prose authentication request message in S307 of the method 300, and if the identifier includes the first indication information and is "5G PRUKID", the AMF determines that the identifier is 5G PRUKID, in which case the AUSF determines to execute the procedure corresponding to case B in fig. 3. Otherwise the AUSF determines that the flag is sui, in which case the AUSF determines to execute the flow corresponding to case a in fig. 3.

S407, the authentication server functional network element obtains the adjacent service relay user key corresponding to the identifier from the adjacent service anchor functional network element. Specific procedures the application is not limited.

Based on the first possible implementation manner, when the remote terminal device and the authentication server function network element generate the adjacent service relay user key identifier, the adjacent service relay user key identifier carries first indication information, and the first indication information can indicate one or more of a name, a type, a function and an application scenario of the adjacent service relay user key identifier. In this case, when the authentication server functional network element receives an identifier carrying first indication information, the authentication server functional network element may determine that the identifier is a key identifier of a nearby service relay user according to the first indication information, otherwise the authentication server functional network element determines that the identifier is a hidden identifier of the user. Therefore, through the scheme, the key identification of the adjacent service relay user can be identified.

It will be appreciated that the above scheme may also be applied to other scenarios. For example, when the terminal device and the core network element generate the identifier, first indication information may be added to the identifier to distinguish different identifiers. For example, in case the core network element generates an identity for a personal internet of things device (personalInternet of things, PIN), the first indication information may be the PIN. The terminal equipment can distinguish which service or function the stored context information corresponds to according to different identifiers; the core network element may then determine the subsequent flows according to the different identities. For another example, in some future scenario, to avoid a situation that some identifications cannot be distinguished, first indication information may be added to one or more identifications to distinguish different identifications, or to identify a received identification by a network element. Specifically, for example, when a technology needs to authenticate by using AUSF in the future, and the generation manner of the used identifier is similar to that of the 5G PRUK ID, and the identifier is also from AMF, the AUSF may add first indication information to the identifier when generating the identifier, so as to distinguish the identifier, the 5G PRUK ID and the sui.

A second possible implementation provided by an embodiment of the present application is described below in conjunction with method 400.

It will be appreciated that the manner in which the remote terminal device and the authentication server function network element generate the proximity service relay user key and the proximity service relay user key identification is similar, and for brevity, the remote terminal device will be described as an example.

Illustratively, the remote terminal device may generate the proximity service relay user key identification in a preset format. That is, the format (or construction) of the adjacent service relay user key identifier may be specified, that is, an associated format is preset for the adjacent service relay user key identifier, and the adjacent service relay user key identifier generated by the remote terminal device needs to satisfy the preset format.

The above scheme is applied to the method 300 for exemplary illustration: the username portion contained in the 5G PRUKID is specified to begin with a route identification. For example, in S315a and S315b in method 300, the 5G PRUK ID generated by the AUSF and Remote UE is:

rid678.0123456789 @5 gc.mc015.mcc234.3gpp network.org, where rid678 is the route identification portion and 0123456789 is the KDF calculation result.

For another example, the usernames contained in the 5G PRUKID are specified to be terminated with a route identification. For example, in S315a and S315b in method 300, the 5G PRUK ID generated by the AUSF and Remote UE is: 0123456789.Rid678 @5 gc.mc015.mcc234.3 gpp network.

For another example, the specified route identification is at a preset location of the usernames of the 5G PRUKID, and specifically, for example, the specified route identification is set after the 4 th character of the usernames of the 5G PRUKID. For example, in S315a and S315b in method 300, the 5G PRUK ID generated by the AUSF and Remote UE is: 0123.Rid678.456789 @5gc. Mnc015.Mcc234.3gpp network.

The authentication server function network element recognizes the identity according to the format of the identity. Under the condition that the format of the identifier is the same as the preset format of the adjacent service relay user key identifier, the authentication server functional network element determines the identifier as the adjacent service relay user key identifier; in case the format of the identity is the same as the format of the user hidden identity, the authentication server function network element determines the identity as the user hidden identity.

The above scheme is applied to the method 300 for exemplary illustration: in S307 of method 300, after the AUSF receives the Prose authentication request message from the AMF, the AUSF obtains an identifier from the Prose authentication request message, and the AUSF determines whether the format of the identifier is the same as the format of the prescribed 5G PRUKID, for example, corresponding to the first example of S401a above, the AUSF determines whether the identifier starts with a route identifier, and if so, the AUSF determines that the identifier is the 5G PRUK ID, in which case the AUSF determines to execute the procedure corresponding to case B in fig. 3. If the flag is "type" at the beginning, the AUSF determines that the flag is sui, in which case the AUSF determines to execute the flow corresponding to case a in fig. 3.

It can be understood that when the Prose authentication request message only carries 2 different identifiers, the AUSF only needs to determine one of them to explicitly execute the procedure. For example, the AUSF may only need to determine whether the flag starts with "type", and if so, determine that it is a sui, then execute the flow corresponding to case a in fig. 3. Alternatively, the AUSF may simply determine whether the identifier starts with "rid", and if so, determine that it is 5GPRUKID, and execute the flow corresponding to case B in fig. 3. When the AUSF can receive more than 2 kinds of identifiers through one service, the AUSF may need to judge more situations. For example, if the AUSF receives the sui, SUPI and 5GPRUKID through a service, when the AUSF receives an identifier, one possible determination method is: the AUSF may determine whether the identifier is 5 gpp ukid or SUPI based on whether the identifier starts with "type" or not, if not, further based on whether the identifier carries rid. If rid is carried, then the identity is determined to be 5GPRUKID, otherwise the identity is determined to be SUPI. That is, the distinction method of sui and SUPI may also distinguish according to whether or not to start with "type".

Based on the second possible implementation manner, the remote terminal device and the authentication server function network element may generate the key identifier of the adjacent service relay user according to a preset format. In this case, when the authentication server function network element receives an identifier, it can determine what the identifier is according to the format of the identifier. Under the condition that the format of the identifier is the same as that of a preset adjacent service relay user key identifier, the authentication server functional network element can determine that the identifier is the adjacent service relay user key identifier; in case the format of the identity is the same as the format of the user hidden identity, the authentication server function network element determines the identity as the user hidden identity. Therefore, through the scheme, the key identification of the adjacent service relay user can be identified.

It will be appreciated that the above scheme may also be applied to other scenarios. For example, when the terminal device and the core network element generate the identifier, the identifier may be generated according to a preset format, so as to distinguish different identifiers. For example, in the case where the core network element generates an identifier for a personal internet of things device (personalInternet of things, PIN), the identifier may be generated for the PIN according to a preset format. The terminal equipment can distinguish which service or function the stored context information corresponds to according to different identifiers; the core network element may then determine the subsequent flows according to the different identities. For another example, in some future scenario, to avoid the situation that some identifiers cannot be distinguished, one or more identifiers may be generated according to a preset format, where the format of the identifiers is used to distinguish different identifiers, or used for some network element to identify the received identifiers. Specifically, for example, when a technology needs to authenticate by the AUSF in the future, and the generation manner of the used identifier is similar to that of the 5G ruk ID, and the identifier is also from the AMF, the AUSF may generate the identifier according to a preset format to distinguish the identifier, the 5G PRUK ID and the sui when generating the identifier.

A third possible implementation provided by an embodiment of the present application is described below in conjunction with method 400.

It is understood that S401a and S401b in method 400 may correspond to S315a and S315b in method 300. In this third possible implementation, the remote terminal device and the authentication server function network element may generate the proximity service relay user key identity in a similar manner as in S315a and S315b in method 300, which is not limited by the present application.

The remote terminal device may carry a second indication information in an Information Element (IE) carrying the identity to indicate what the identity is, or the second indication information is used to identify the identity. The second indication information is used for indicating one or more of the following: the name of the identifier, the type of the identifier, the function of the identifier, the application scenario of the identifier, etc.

The following description will exemplify the application of the above scheme to the above method 300. The second indication information may be a name (IEname) of the IE, or identification type (ID type) information in the IE, etc., which is not limited by the present application. Table 1 shows one possible IE format.

TABLE 1

As can be seen from table 1, the following elements are included in the IE: IE name, ID type, sub-type, ID in NAI format. Where the IE name indicates the name of the IE, the IE name may be used to indicate the meaning or effect of the identity carried in the IE, e.g., when the identity carried in the IE is 5G PRUKID, the IE name may be set to "5G Prose Identity IEI", and the AUSF may determine that the identity carried by the IE is 5G PRUKID based on the IE name.

The ID type may be used to distinguish between different identification types. For example, in the case where the ID type value is 0x00, it indicates that the identifier carried in the IE is sui; under the condition that the ID type value is 0x01, the identifier carried in the IE is 5G PRUKID; in the case where the ID type value is 0x02, it indicates that the identifier carried in the IE is a-KID. For another example, in the case where the ID type value is the string "sui", it indicates that the identifier carried in the IE is sui; in the case that the ID type value is the string "5G PRUKID", it indicates that the identifier carried in the IE is 5G PRUKID; in the case where the ID type value is the string "a-KID", it indicates that the identifier carried in the IE is a-KID. The present embodiment does not limit the method of the IDtype value. The Sub-type is used to distinguish between multiple Sub-types under the same type, each of which may further indicate the role, purpose or source of the identity. For example, the SUCI has NSI, GCI and GLI formats, where NSI is used for private networks and GCI is used for fixed networks. The subtypes can be further distinguished by setting the value of Sub-type. The present embodiment does not limit the Sub-type value method. The ID in NAI format is the identity carried by the IE.

It is understood that only one of the IE name and ID type may be included in the element included in the IE. In addition, sub-type may be an optional element, i.e., sub-type may not be included in the IE.

Taking the method 300 in fig. 3 as an example, when the Remote UE delivers the identity to the Relay UE at S304, it can be determined whether the identity is a sui or a 5G PRUKID. Thus, the Remote UE may set the IE according to the specific meaning of the identity. Assuming that the identity conveyed by the Remote UE to the AMF is 5G PRUKID, the Remote UE may construct the IE from 5G PRUKID. Table 2 shows one possible scenario. For example, when the relay ue sends a NAS message to the AMF, the 5 gpp second container fills in the IE, and sets the IE in association with the IE. After the delayamf receives the NAS message, the 5 gproseontainer is sent to the AUSF through step S307. The AUSF then determines whether the identity is a sui or a 5G PRUKID based on the IE.

TABLE 2

As can be seen from table 2, the IE name is "5G Prose Identity IEI" which is used to indicate that the identity is for a 5G Prose scene; ID type is 0x01, indicating that the tag is 5G PRUKID; sub-type is null; the mark specifically comprises the following steps: rid678.0123456789 @5 gc.mc015.mcc234.3gpp network.org. The ID type is 0x02, indicating that the identifier is sui; the sub-type is NAI, which indicates that the identifier is a sui in NAI format.

Table 3 shows another possible implementation. As shown in table 3, table 3 only includes an IE name and an ID, where the IE name is set to "5G PRUK ID", and the identity carried in the IE can be directly determined to be the 5G PRUK ID by the IE name. At this point, other fields may not be needed or filled with null values.

TABLE 3 Table 3

5G PRUKID
	[email protected]

Accordingly, the identity carried in the IE shown in table 4 is sui. At this time 0x01 indicates the NAI format, or ID type may not be required, or the ID type field is also filled with a null value. The embodiment is not limited to a specific value-taking manner and a specific IE format.

TABLE 4 Table 4

/>

It is to be understood that this embodiment only shows one method of transferring the identity through different IEs. Specifically, the ID details may be known differently by IE name or from specific fields in the IE.

S404, the relay terminal device sends a relay key request message to the mobility management network element, the relay key request message including the information element received by the relay terminal device from the remote terminal device in S403. Correspondingly, the mobile management network element receives a relay key request message from the relay terminal device.

S405, the mobility management network element sends a proximity service authentication request message to the authentication server function network element, where the proximity service authentication request message includes an information element received by the mobility management network element from the relay terminal device in S404. Correspondingly, the authentication server function network element receives a proximity service authentication request message from the mobility management network element.

Illustratively, after receiving the proximity service authentication request message from the mobility management network element, the authentication server function network element obtains an information element carrying the identity from the proximity service authentication request message. The authentication server function network element then recognizes the identity, or, the authentication server function network element determines what the identity is, or, the authentication server function network element determines the name or meaning of the identity.

In case the information element carries second indication information, the authentication server function network element may identify the identity based on the second indication information. For example, in the case that the second indication information indicates the name of the adjacent service relay user key identification, the authentication server function network element determines that the identification is the adjacent service relay user key identification according to the second indication information.

It will be appreciated that the above scenario is described by taking the remote terminal device as an example to construct the information element, but in other implementations the information element may also be constructed by a relay terminal device or a mobility management network element. For example, after the relay terminal device receives the identifier from the remote terminal device, in the case that the identifier is determined to be the identifier of the service relay user key, the relay terminal device carries the second indication information in the information element carrying the identifier.

The above scheme is applied to the method 300 for exemplary illustration: the Remote UE sends a direct communication request message to the Relay UE at S304, the direct communication request message including an IE for bearer identification. After receiving the direct communication request message, the Relay UE sends a Relay key request message to the AMF in S305, where the Relay key request message includes the IE. The AMF sends a Prose authentication request message to the AUSF at S307, and carries the IE received from the Relay UE in the Prose authentication request message. The AUSF determines the identity as 5G PRUKID based on the IE name and/or ID type in the IE. In this case the AUSF determines to execute the flow corresponding to case B in fig. 3.

Based on the third possible implementation manner, when the remote terminal device transmits the key identifier of the adjacent service relay user, the remote terminal device may carry second indication information in an information element carrying the key identifier of the adjacent service relay user, where the first indication information may indicate one or more of a name, a type, a function, and an application scenario of the key identifier of the adjacent service relay user. In this case, when the authentication server functional network element receives the information element for carrying the identifier and carrying the second indication information, the authentication server functional network element may determine that the identifier is a key identifier of a service relay subscriber nearby according to the second indication information, otherwise the authentication server functional network element determines that the identifier is a hidden identifier of the subscriber. Therefore, through the scheme, the key identification of the adjacent service relay user can be identified.

It will be appreciated that the above scheme may also be applied to other scenarios. For example, when the terminal device and the core network element generate the identifier, an information element carrying the identifier may be set to distinguish between different identifiers. For example, after the core network element generates an identifier for the personal internet of things device (personalInternet of things, PIN), the second indication information may be added to the information element carrying the identifier. The terminal equipment can distinguish which service or function the stored context information corresponds to according to different identifiers; the core network element may then determine the subsequent flows according to the different identities. For another example, in some future scenario, to avoid a situation that some identifications cannot be distinguished, second indication information may be added in an information element carrying an identification, so as to distinguish different identifications, or be used for a network element to identify a received identification. Specifically, for example, when a technology needs to authenticate AUSF in the future, and the generation manner of the used identifier is similar to that of the 5G PRUK ID, and the identifier is also from AMF, the Remote UE carries second indication information in the IE carrying the identifier when transmitting the identifier, so as to distinguish the identifier, the 5G PRUK ID and the sui.

A fourth possible implementation provided by an embodiment of the present application is described below in conjunction with method 400.

When the remote terminal device transmits the identifier, the remote terminal device can select a message with a message name corresponding to the identifier. For example, if the identifier transmitted by the remote terminal device is the key identifier of the adjacent service relay user, the identifier is sent through a first direct communication request message; if the identifier transmitted by the remote terminal equipment is the user hidden identifier, the identifier is sent through a second direct communication request message. Here, the first direct communication request message and the second direct communication request message represent different message names. That is, there is a one-to-one correspondence of message names used to transmit the message with the identity.

It should be noted that the relay terminal device may determine the message name of the message sent to the mobility management network element according to the message name of the message received from the remote terminal device. For example, if the message received by the relay terminal device is a first direct communication request message, the relay terminal device sends the identifier to the mobility management network element through the first relay key request message; if the message received by the relay terminal equipment is the second direct communication request message, the relay terminal equipment sends the identification to the mobile management network element through the second relay key request message. Here, the first relay key request message and the second relay key request message represent different message names.

It should be noted that the mobility management element may determine the message name of the message sent to the authentication server function element according to the message name of the message received from the relay terminal device. For example, if the message received by the mobility management network element is a first relay key request message, the relay terminal device sends the identifier to the authentication server function network element through the first proximity service authentication request message; if the message received by the mobile management network element is the second relay key request message, the mobile management network element sends the identification to the authentication server functional network element through the second adjacent service authentication request message. Here, the first proximity service authentication request message and the second proximity service authentication request message represent different message names.

The above embodiments are described taking as an example that the remote terminal device, the relay terminal device, and the mobility management element transmit different identities through messages having different message names, respectively. It will be appreciated that in one implementation, the remote terminal device and the relay terminal device may still transmit the identification in a similar manner to the first three implementations. After receiving the relay key request message from the relay terminal device, the mobility management network element may identify the identity and then select a message with a corresponding message name to send the identity to the authentication server function network element. The mobility management network element may use any one of the above three possible implementations to identify the identifier, may identify the identifier according to the current flow, and may identify the identifier according to other possible information.

Illustratively, after receiving the proximity service authentication request message from the mobility management network element, the authentication server function network element identifies the identifier carried in the proximity service authentication request message according to the message name of the message. For example, in case the message name of the message is a first proximity service authentication request message, the authentication server function network element determines the identity as a proximity service relay user key identity; in case the message name of the message is a second proximity service authentication request message, the authentication server function network element determines the identity as a user hidden identity. It can be appreciated that the authentication server function network element may be preconfigured with association relationships between different message names and different identifications.

The above scheme is applied to the method 300 for exemplary illustration: after receiving the Relay key request message from the Relay UE, the AMF acquires an identification from the Relay key request message at S305. In an example, in case the AMF determines that the identity is a sui, the AMF sends a UE authentication request (UEAuthenticationRequest) message to the AUSF at S307 and carries the sui in the UE authentication request message, or the AMF invokes a UE authentication service to send the sui to the AUSF, or the AMF sends the sui to the AUSF using a UE authentication proximity service authentication (nausf_authentication_establishment) operation. In case the AMF determines that the identifier is 5G PRUKID, the AMF sends a proximity service acquisition Request (nausf_proseget Request) message to the AUSF at S307 and carries the 5G PRUKID in the proximity service acquisition Request message, or the AMF invokes a proximity service acquisition (nausf_proseget) service to send the 5G PRUKID to the AUSF, or the AMF sends the 5G PRUKID to the AUSF using a UE authentication_proximity service acquisition (nausf_proseget) operation. That is, the AMF transmits the sui and 5G PRUK IDs through different messages, or the AMF invokes different service transmissions of the sui and 5G PRUK IDs, or the AMF transmits the sui and 5G PRUK IDs using different operations. The AUSF identifies the identification carried in the message according to the name of the received message. It will be appreciated that the AUSF is preconfigured with various correspondence of identifications and message names.

It will be appreciated that the AMF may determine whether the identifier is a sui or 5G PRUK ID according to any of the four implementations described above, and the application is not limited.

Based on the fourth possible implementation manner, when the remote terminal device transmits the adjacent service relay user key identifier, the remote terminal device may transmit the adjacent service relay user key identifier through a message with a message name corresponding to the adjacent service relay user key identifier, that is, other network elements may determine that the identifier carried in the message is the adjacent service relay user key identifier according to the message name. Therefore, through the scheme, the key identification of the adjacent service relay user can be identified.

It can be appreciated that the method provided by the embodiment of the application can be applied to other scenes. That is, if there is a situation that one network element cannot distinguish some identifiers in other scenarios, or there is a situation that one network element cannot identify some identifier, the method provided by the embodiment of the present application may be used for identification.

It is further understood that the method provided by the embodiment of the application can also be applied to some kind of identification which may occur in the future. For example, when a technology needs to authenticate the AUSF in the future, and the generation manner of the used identifier is similar to that of the 5G PRUK ID, and the identifier is also from the AMF, the AUSF may also use the method provided by the embodiment of the present application to identify a different identifier.

Corresponding to the methods given by the above method embodiments, the embodiment of the present application further provides a corresponding apparatus, where the apparatus includes a corresponding module for executing the above method embodiments. The module may be software, hardware, or a combination of software and hardware. It will be appreciated that the technical features described in the above method embodiments are equally applicable to the following device embodiments, and thus, details not described in detail may refer to the above method embodiments, and for brevity, will not be described in detail herein.

Fig. 5 is a schematic block diagram of a communication device 10 provided in an embodiment of the present application. The device 10 comprises a transceiver module 11 and a processing module 12. The transceiver module 11 may implement a corresponding communication function, the processing module 12 is configured to perform data processing, or the transceiver module 11 is configured to perform operations related to reception and transmission, and the processing module 12 is configured to perform operations other than reception and transmission. The transceiver module 11 may also be referred to as a communication interface or a communication unit.

Optionally, the apparatus 10 may further include a storage module 13, where the storage module 13 may be configured to store instructions and/or data, and the processing module 12 may read the instructions and/or data in the storage module, so that the apparatus implements the actions of the device or network element in the foregoing method embodiments.

In a first design, the apparatus 10 may correspond to a Remote terminal device in the above method embodiments (e.g., the Remote terminal device in method 400 or the Remote UE in method 300), or a component (e.g., a chip) of a universal integrated circuit card.

The apparatus 10 may implement steps or processes performed by a remote terminal device in the above method embodiment, where the transceiver module 11 may be configured to perform operations related to the transceiver of the remote terminal device in the above method embodiment, and the processing module 12 may be configured to perform operations related to the processing of the remote terminal device in the above method embodiment.

In a possible implementation manner, the processing module 12 is configured to generate a proximity service relay user key and a proximity service relay user key identifier, where the proximity service relay user key identifier includes first indication information, and the first indication information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; and the transceiver module 11 is configured to send the adjacent service relay user key and the adjacent service relay user key identifier to an adjacent service anchor functional network element.

In a second design, the apparatus 10 may correspond to the authentication server function element in the above method embodiment (e.g., the authentication server function element in the method 400, or the AUSF in the method 300), or a component (e.g., a chip) of the authentication server function element.

The apparatus 10 may implement steps or procedures performed by the authentication server function network element in the above method embodiment, where the transceiver module 11 may be configured to perform operations related to the transceiver of the authentication server function network element in the above method embodiment, and the processing module 12 may be configured to perform operations related to the processing of the authentication server function network element in the above method embodiment.

A possible implementation manner, the transceiver module 11 is configured to receive a proximity service authentication request message from a mobility management network element, where the proximity service authentication request message includes an identifier, and the identifier includes first indication information, where the first indication information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scene of the identifier; a processing module 12, configured to determine, according to the first indication information, that the identifier is a neighboring service relay user key identifier; the processing module is further configured to obtain, from the adjacent service anchor functional network element according to the identifier, an adjacent service relay user key corresponding to the identifier.

In a third design, the apparatus 10 may correspond to a mobility management element (e.g., a mobility management element in the method 400 or an AMF in the method 300) or a component (e.g., a chip) of a mobility management element in the above method embodiments.

The apparatus 10 may implement steps or procedures performed by the mobility management network element in the above method embodiment, where the transceiver module 11 may be configured to perform operations related to the transceiver of the mobility management network element in the above method embodiment, and the processing module 12 may be configured to perform operations related to the processing of the mobility management network element in the above method embodiment.

A possible implementation manner, the transceiver module 11 is configured to receive a direct communication request message from a remote terminal device, where the direct communication request message includes a key identifier of a nearby service relay user; the transceiver module 11 is further configured to send a relay key request message to the mobility management network element, where the relay key request message includes an information element for carrying a relay user key identifier of an adjacent service, and the information element includes second indication information, where the second indication information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier.

It should be understood that the specific process of each module performing the corresponding steps is described in detail in the above method embodiments, and for brevity, will not be described in detail herein.

It should also be appreciated that the apparatus 10 herein is embodied in the form of functional modules. The term module herein may refer to an application specific integrated circuit (application specific integrated circuit, ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor, etc.) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an alternative example, it will be understood by those skilled in the art that the apparatus 10 may be embodied as a remote terminal device in the above embodiments, and may be configured to perform each of the processes and/or steps corresponding to the remote terminal device in the above method embodiments; alternatively, the apparatus 10 may be specifically an authentication server function network element in the foregoing embodiments, and may be configured to execute each flow and/or step corresponding to the authentication server function network element in the foregoing method embodiments, which is not described herein for avoiding repetition.

The apparatus 10 of each of the above embodiments has a function of implementing the corresponding steps performed by the device in the above method (such as an authentication server function network element, or a remote terminal device, or a mobility management network element). The functions can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software comprises one or more modules corresponding to the functions; for example, the transceiver module may be replaced by a transceiver (e.g., a transmitting unit in the transceiver module may be replaced by a transmitter, a receiving unit in the transceiver module may be replaced by a receiver), and other units, such as a processing module, etc., may be replaced by a processor, to perform the transceiver operations and associated processing operations, respectively, in various method embodiments.

The transceiver module 11 may be a transceiver circuit (for example, may include a receiving circuit and a transmitting circuit), and the processing module may be a processing circuit.

Fig. 6 is a schematic diagram of another communication device 20 according to an embodiment of the present application. The apparatus 20 comprises a processor 21, the processor 21 being arranged to execute computer programs or instructions stored in a memory 22 or to read data/signalling stored in the memory 22 for performing the methods of the method embodiments above. Optionally, the processor 21 is one or more.

Optionally, as shown in fig. 6, the apparatus 20 further comprises a memory 22, the memory 22 being for storing computer programs or instructions and/or data. The memory 22 may be integrated with the processor 21 or may be provided separately. Optionally, the memory 22 is one or more.

Optionally, as shown in fig. 6, the apparatus 20 further comprises a transceiver 23, the transceiver 23 being used for receiving and/or transmitting signals. For example, the processor 21 is configured to control the transceiver 23 to receive and/or transmit signals.

As an alternative, the apparatus 20 is configured to implement the operations performed by the remote terminal device in the above method embodiments.

Alternatively, the apparatus 20 is configured to implement the operations performed by the authentication server functional network element in the method embodiments above.

Alternatively, the apparatus 20 is configured to implement the operations performed by the mobility management network element in the method embodiments above.

It should be appreciated that the processors referred to in embodiments of the present application may be central processing units (central processing unit, CPU), but may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

It should also be understood that the memory referred to in embodiments of the present application may be volatile memory and/or nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM). For example, RAM may be used as an external cache. By way of example, and not limitation, RAM includes the following forms: static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and direct memory bus RAM (DR RAM).

It should be noted that when the processor is a general purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, the memory (storage module) may be integrated into the processor.

It should also be noted that the memory described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

Fig. 7 is a schematic diagram of a chip system 30 according to an embodiment of the present application. The system-on-chip 30 (or may also be referred to as a processing system) includes logic circuitry 31 and an input/output interface 32.

The logic circuit 31 may be a processing circuit in the chip system 30. Logic circuitry 31 may be coupled to the memory unit to invoke instructions in the memory unit so that system-on-chip 30 may implement the methods and functions of embodiments of the present application. The input/output interface 32 may be an input/output circuit in the chip system 30, and outputs information processed by the chip system 30, or inputs data or signaling information to be processed into the chip system 30 for processing.

Alternatively, the chip system 30 is configured to implement the operations performed by the remote terminal device in the various method embodiments above.

Alternatively, the system-on-chip 30 is configured to implement the operations performed by the authentication server functional network element in the method embodiments above.

Alternatively, the system-on-chip 30 is configured to implement the operations performed by the mobility management network element in the various method embodiments above.

The embodiments of the present application also provide a computer readable storage medium having stored thereon computer instructions for implementing the method performed by the apparatus in the method embodiments described above.

For example, the computer program, when executed by a computer, enables the computer to implement the method performed by the mobility management element in the embodiments of the method described above.

As another example, the computer program when executed by a computer may enable the computer to implement the method performed by the terminal device in the embodiments of the method described above.

Embodiments of the present application also provide a computer program product containing instructions which, when executed by a computer, implement the method performed by the apparatus in the method embodiments described above. The explanation and beneficial effects of the related content in any of the above-mentioned devices can refer to the corresponding method embodiments provided above, and are not repeated here.

In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Furthermore, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. For example, the computer may be a personal computer, a server, or a network device, etc. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. For example, the aforementioned usable media include, but are not limited to, U disk, removable hard disk, read-only memory (ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other various media that can store program code.

The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method of communication, comprising:

the remote terminal equipment generates a key identifier of a relay user of the adjacent service;

and the remote terminal equipment sends a direct communication request message to the relay terminal equipment, wherein the direct communication request message comprises the key identifier of the adjacent service relay user.

2. The method of claim 1, wherein the proximity service relay user key identification includes first indication information, the first indication information being used to indicate one or more of: the name of the key identification of the adjacent service relay user, the type of the key identification of the adjacent service relay user, the function of the key identification of the adjacent service relay user and the application scene of the key identification of the adjacent service relay user.

3. The method according to claim 1 or 2, wherein the remote terminal device generating a proximity service relay user key identification comprises:

and the remote terminal equipment generates the adjacent service relay user key identification according to a preset format, wherein the preset format is associated with the adjacent service relay user key identification.

4. A method according to any one of claims 1 to 3, wherein the identity is carried on an information element included in the direct communication request message, the information element including second indication information for indicating one or more of: the name of the key identification of the adjacent service relay user, the type of the key identification of the adjacent service relay user, the function of the key identification of the adjacent service relay user and the application scene of the key identification of the adjacent service relay user.

5. The method according to any of claims 1 to 4, wherein a message name of the direct communication request message is associated with the proximity service relay user key identity.

6. A method of communication, comprising:

The authentication server functional network element receives a nearby service authentication request message from the mobile management network element, wherein the nearby service authentication request message comprises an identifier;

the authentication server functional network element determines the identification as the key identification of the adjacent service relay user;

and the authentication server functional network element acquires the adjacent service relay user key corresponding to the identifier from the adjacent service anchor functional network element according to the identifier.

7. The method of claim 6, wherein the identification comprises first indication information indicating one or more of: the name of the identifier, the type of the identifier, the role of the identifier and the application scene of the identifier;

the authentication server function network element determines the identifier as a key identifier of a nearby service relay user, and comprises the following steps:

and the authentication server functional network element determines the identification as the key identification of the adjacent service relay user according to the first indication information.

8. The method according to claim 6 or 7, wherein the format of the identification is the same as the format of a preset adjacent service relay user key identification;

and the authentication server functional network element determines the identifier as the key identifier of the adjacent service relay user according to the format of the identifier.

9. The method according to any one of claims 6 to 8, wherein the identification is carried on an information element comprising second indication information for indicating one or more of: the name of the identifier, the type of the identifier, the role of the identifier and the application scene of the identifier;

and the authentication server functional network element determines the identification as the key identification of the adjacent service relay user according to the second indication information.

10. The method according to any one of claims 6 to 9, wherein a message name of the proximity service authentication request message has an association with the proximity service relay user key identification;

And the authentication server functional network element determines the identification as the adjacent service relay user key identification according to the message name of the adjacent service authentication request message and the association relation.

11. A communication device, the device comprising: means for performing the method of any one of claims 1 to 5 or means for performing the method of any one of claims 6 to 10.

12. A communication device, comprising:

a processor for executing a computer program stored in a memory to cause the apparatus to perform the method of any one of claims 1 to 5 or to cause the apparatus to perform the method of any one of claims 6 to 10.

13. A computer program product, characterized in that the computer program product comprises instructions for performing the method of any one of claims 1 to 5 or the computer program product comprises instructions for performing the method of any one of claims 6 to 10.

14. A computer-readable storage medium, comprising: the computer readable storage medium stores a computer program; the computer program, when run on a computer, causes the computer to perform the method of any one of claims 1 to 5 or causes the computer to perform the method of any one of claims 6 to 10.

15. A communication system is characterized by comprising a remote terminal device and an authentication server function network element,

wherein the remote terminal device is configured to perform the method of any of claims 1 to 5 and the authentication server function network element is configured to perform the method of any of claims 6 to 10.