WO2023216932A1 - Communication method and apparatus - Google Patents

Communication method and apparatus Download PDF

Info

Publication number
WO2023216932A1
WO2023216932A1 PCT/CN2023/091675 CN2023091675W WO2023216932A1 WO 2023216932 A1 WO2023216932 A1 WO 2023216932A1 CN 2023091675 W CN2023091675 W CN 2023091675W WO 2023216932 A1 WO2023216932 A1 WO 2023216932A1
Authority
WO
WIPO (PCT)
Prior art keywords
proximity service
identifier
user key
network element
relay user
Prior art date
Application number
PCT/CN2023/091675
Other languages
French (fr)
Chinese (zh)
Inventor
李�赫
吴�荣
吴义壮
雷骜
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023216932A1 publication Critical patent/WO2023216932A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user

Definitions

  • the present application relates to the field of communication technology, and in particular, to a communication method and device.
  • identifiers are often used. These identifiers are usually used to identify the user's identity, or to identify a certain network element, or to identify a certain key, or to identify a certain session. wait.
  • a network element receives an identifier, it can perform some operations based on the identifier. However, if the network element cannot recognize this identifier, it may not be able to execute the correct process based on this identifier, or in other words, it may execute the wrong process.
  • the authentication server function (AUSF) network element may be derived from the access and mobility management function (access and mobility management).
  • AMF subscriber concealed identifier
  • 5G PRUK ID fifth generation proximity service relay user key identification
  • AUSF may not be able to distinguish whether the received identification is SUCI or 5G PRUK ID. Therefore, how to identify different logos is a current issue that needs to be considered.
  • This application provides a communication method and device, which can be used to identify adjacent service relay user key identifiers.
  • the first aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited.
  • a component such as a chip or circuit
  • the following description takes execution by a remote terminal device as an example.
  • the method includes: a remote terminal device generates a proximity service relay user key identifier; the remote terminal device sends a direct connection communication request message to the relay terminal device, and the direct connection communication request message includes the proximity service relay user key logo.
  • the proximity service relay user key identifier includes first indication information, the first indication information is used to indicate one or more of the following: in the proximity service The name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
  • the first indication information can be added to the proximity service relay user key identifier. Through the first indication information, the proximity service can be distinguished. Relay user key identification and other identification.
  • a certain network element or device when a certain network element or device receives the proximity service relay user key identification, it can identify the identification based on the first indication information.
  • the remote terminal device generates a proximity service relay user key identifier, including: the remote terminal device generates the proximity service relay user key identifier according to a preset format. Key ID.
  • the preset format is associated with the proximity service relay user key ID.
  • the remote terminal device when the remote terminal device generates the proximity service relay user key identifier, it can generate the proximity service relay user key identifier based on the preset format. Therefore, through the format of the proximity service relay user key identifier , can distinguish the proximity service relay user key identification and other identifications.
  • the identification is carried in an information element, the information element is included in the direct communication request message, the information element includes second indication information, and the second indication information Used to indicate one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, the location of the proximity service relay user key identifier, Application scenarios following user key identification.
  • the remote terminal device when the remote terminal device transmits the proximity service relay user key identification, it can carry the second indication information in the information element carrying the proximity service relay user key identification. Through the first indication information, Proximity service relay user key identification and other identifications can be distinguished.
  • the message name of the direct communication request message is associated with the proximity service relay user key identifier.
  • the remote terminal device when the remote terminal device transmits the proximity service relay user key identifier, the remote terminal device can select a message with a message name associated with the proximity service relay user key identifier to transmit the proximity service relay user key identifier.
  • Service relay user key identifier The message name of the message carrying the proximity service relay user key identifier can be used to distinguish the proximity service relay user key identifier from other identifiers.
  • the second aspect provides a communication method, which can be executed by the authentication server functional network element, or can also be executed by components (such as chips or circuits) of the authentication server functional network element, which is not limited.
  • the following description takes the execution of the authentication server function network element as an example.
  • the method includes: an authentication server functional network element receives a proximity service authentication request message from a mobility management network element, where the proximity service authentication request message includes an identifier; and the authentication server functional network element determines that the identifier is a proximity service relay user secret. key identifier; the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier.
  • the authentication server function network element After the authentication server function network element obtains an identifier from the proximity service authentication request message, it can identify the identifier. When it is determined that the identifier is the proximity service relay user key identifier, the authentication server function The network element obtains the adjacent service relay user key from the service anchor function network element based on the identification.
  • the authentication server function network element when it is determined that the identity is a user hidden identity, performs an authentication process on the remote terminal device corresponding to the user hidden identity.
  • the identification includes first indication information, and the first indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, the The role of the identification and the application scenarios of the identification; the authentication server functional network element determines that the identification is a proximity service relay user key identification, including: the authentication server functional network element determines that the identification is proximity based on the first indication information Service relay user key identification.
  • the authentication server function network element can identify the identity based on the first indication information.
  • the first indication information indicates one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, the proximity service relay user key identifier Application scenarios for relaying user key identification.
  • the authentication server functional network element can determine that the identifier is the proximity service relay user key identifier. Therefore, the above solution can be used to identify the user key identifier of the adjacent service relay, or in other words, the above solution can be used to identify different identifiers.
  • the format of the identifier is the same as the format of the preset proximity service relay user key identifier; the authentication server functional network element determines that the identifier is in the proximity service
  • the subsequent user key identification includes: the authentication server function network element determines that the identification is a proximity service relay user key identification according to the format of the identification.
  • the authentication server functional network element After the authentication server functional network element obtains an identifier, it can identify the identifier according to the format of the identifier. For example, the authentication server functional network element is pre-configured with multiple different identifiers and formats corresponding to the multiple different identifiers, including proximity service relay user key identifiers and their corresponding formats. It is understandable that the formats corresponding to different logos should be different. After the authentication server functional network element obtains an identifier, if it is found that the format of the identifier is the same as the format of the preset proximity service relay user key identifier, the authentication server functional network element determines that the identifier is a proximity service relay User key ID.
  • the identification is carried in an information element, and the information element includes second indication information, and the second indication information is used to indicate one or more of the following: the identification name, the type of the identifier, the function of the identifier, and the application scenario of the identifier; the authentication server functional network element determines that the identifier is the proximity service relay user key identifier, including: the authentication server functional network element determines the identifier as the proximity service relay user key identifier, including: the authentication server functional network element determines the identifier according to the third The second indication information determines that the identifier is the proximity service relay user key identifier.
  • the authentication server function network element can identify the identifier based on the second indication information.
  • the second indication information indicates one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, the proximity service relay user key identifier Application scenarios for relaying user key identification.
  • the authentication server functional network element can determine that the identifier is the proximity service relay user key identifier. Therefore, the above solution can be used to identify the user key identifier of the adjacent service relay, or in other words, the above solution can be used to identify different identifiers.
  • the second indication information may be the name of the information element, or may be information such as the identification type included in the information element.
  • the message name of the proximity service authentication request message is associated with the proximity service relay user key identifier; the authentication server function network element determines that the identifier is The proximity service relay user key identifier includes: the authentication server functional network element determines that the identifier is the proximity service relay user key identifier based on the message name of the proximity service authentication request message and the association relationship.
  • the authentication server functional network element After the authentication server functional network element obtains an identity, it can The message name identifies this ID.
  • the authentication server functional network element is pre-configured with correspondences between multiple different identifiers and message names used to carry these identifiers, including proximity service relay user key identifiers and proximity service relay user key identifiers. The name of the message identified by the user key. It can be understood that the message names of messages corresponding to different identifiers should be different.
  • the authentication server function network element After the authentication server function network element obtains an identity, if the message name of the message carrying the identity is found to be the same as the preset message name used to carry the user key identity of the adjacent service relay, the authentication server function The network element determines that the identification is the proximity service relay user key identification.
  • the third aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited.
  • a component such as a chip or circuit
  • the following description takes execution by a remote terminal device as an example.
  • the method includes: the remote terminal device generates a proximity service relay user key identification, the proximity service relay user key identification includes first indication information, the first indication information is used to indicate one or more of the following: the proximity service relay user key identification The name of the service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, the application scenario of the proximity service relay user key identifier; the remote end The terminal device sends a direct connection communication request message to the relay terminal device, where the direct connection communication request message includes the proximity service relay user key identification.
  • the fourth aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited.
  • a component such as a chip or circuit
  • the following description takes execution by a remote terminal device as an example.
  • the method includes: the remote terminal device generates the proximity service relay user key identifier according to a preset format, and the preset format is associated with the proximity service relay user key identifier; the remote terminal device sends a message to the relay The terminal device sends a direct communication request message, and the direct communication request message includes the proximity service relay user key identification.
  • the fifth aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited.
  • a component such as a chip or circuit
  • the following description takes execution by a remote terminal device as an example.
  • the method includes: a remote terminal device generates a proximity service relay user key identifier; the remote terminal device sends a direct connection communication request message to the relay terminal device, and the direct connection communication request message includes the proximity service relay user key
  • the identification is carried in an information element.
  • the information element includes second indication information.
  • the second indication information is used to indicate one or more of the following: the name of the user key identification of the proximity service relay, the name of the proximity service relay The type of user key identifier, the role of the proximity service relay user key identifier, and the application scenarios of the proximity service relay user key identifier.
  • a sixth aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited.
  • a component such as a chip or circuit
  • the following description takes execution by a remote terminal device as an example.
  • the method includes: a remote terminal device generates a proximity service relay user key identifier; the remote terminal device sends a direct connection communication request message to the relay terminal device, and the direct connection communication request message includes the proximity service relay user key Identification, the message name of the direct communication request message is related to the user key identification of the proximity service relay.
  • the seventh aspect provides a communication method, which can be executed by the authentication server functional network element, or can also be executed by components (such as chips or circuits) of the authentication server functional network element, which is not limited.
  • the following description takes the execution of the authentication server function network element as an example.
  • the method includes: an authentication service function network element generates a proximity service relay user key and a proximity service relay user key identifier, where the proximity service relay user key identifier includes first indication information, and the first indication information is used to Instruct the following one One or more items: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the authentication service function network element uses the proximity service relay user key and the proximity service relay user key The identification is sent to the adjacent service anchor function network element.
  • the authentication server functional network element when the authentication server functional network element generates the proximity service relay user key identifier, the first indication information can be added to the proximity service relay user key identifier. Through the first indication information, it is possible to distinguish Proximity service relay user key identification and other identification.
  • a certain network element or device when a certain network element or device receives the proximity service relay user key identification, it can identify the identification based on the first indication information.
  • the eighth aspect provides a communication method, which can be executed by the authentication server functional network element, or can also be executed by components (such as chips or circuits) of the authentication server functional network element, which is not limited.
  • the following description takes the execution of the authentication server function network element as an example.
  • the method includes: the authentication service function network element generates the proximity service relay user key; the authentication service function network element generates the proximity service relay user key identifier according to a preset format; the authentication service function network element generates the proximity service relay user key identifier The service relay user key and the proximity service relay user key identification are sent to the proximity service anchor point function network element.
  • the authentication server functional network element when the authentication server functional network element generates the proximity service relay user key identification, it can generate the proximity service relay user key identification based on the preset format. Therefore, through the proximity service relay user key identification The format can distinguish the proximity service relay user key identifier and other identifiers.
  • a certain network element or device when a certain network element or device receives the proximity service relay user key identification, it can identify the identification based on the first indication information.
  • a ninth aspect provides a communication method, which may be executed by a relay terminal device, or may be executed by a component (such as a chip or circuit) of the relay terminal device, which is not limited.
  • a component such as a chip or circuit
  • the following description takes execution by the relay terminal device as an example.
  • the method includes: a relay terminal device receives a direct communication request message from a remote terminal device, the direct communication request message includes a proximity service relay user key identification; the relay terminal device sends a relay message to a mobile management network element Key request message, the relay key request message includes an information element used to carry the proximity service relay user key identification, the information element includes second indication information, the second indication information is used to indicate one or more of the following Items: the name of the logo, the type of the logo, the role of the logo, and the application scenario of the logo.
  • the relay terminal device after the relay terminal device receives the proximity service relay user key identifier from the remote terminal device, when transmitting the proximity service relay user key identifier, it can carry the proximity service relay user key identifier.
  • the information element of the identification carries second indication information. Through the first indication information, the proximity service relay user key identification and other identifications can be distinguished.
  • a tenth aspect provides a communication method, which may be executed by a mobility management network element, or may be executed by a component (such as a chip or circuit) of the mobility management network element, which is not limited.
  • a component such as a chip or circuit
  • the following description takes the execution by the mobility management network element as an example.
  • the method includes: a mobility management network element receiving a relay key request message from a relay terminal device, the relay key request message including a proximity service relay user key identification; and the mobility management network element selecting the proximity service authentication request message. Send the proximity service relay user key identifier and the message name of the proximity service authentication request message to the authentication service function network element. It is said that there is an association relationship with the user key identification of the proximity service relay.
  • the mobility management network element after the mobility management network element receives the proximity service relay user key identifier, it can select a message with a message name associated with the proximity service relay user key identifier to transmit the proximity service relay user key Identification, through the message name of the message carrying the proximity service relay user key identification, the proximity service relay user key identification and other identifications can be distinguished.
  • a communication method is provided, which method can be executed by the authentication server functional network element, or can also be executed by a component (such as a chip or circuit) of the authentication server functional network element, which is not limited. .
  • a component such as a chip or circuit
  • the following description takes the execution of the authentication server function network element as an example.
  • the method includes: the authentication server function network element receives a proximity service authentication request message from the mobility management network element, the proximity service authentication request message includes an identifier, the identifier includes first indication information, and the first indication information is used to indicate the following One or more items: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the authentication server functional network element determines that the identifier is the proximity service relay user password based on the first indication information. key identifier; the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier.
  • a communication method is provided, which method can be executed by the authentication server functional network element, or can also be executed by the components (such as chips or circuits) of the authentication server functional network element, without limitation. .
  • the following description takes the execution of the authentication server function network element as an example.
  • the method includes: an authentication server function network element receives a proximity service authentication request message from a mobility management network element.
  • the proximity service authentication request message includes an identifier, and the format of the identifier is the same as the preset proximity service relay user key identifier.
  • the format is the same; the authentication server function network element determines that the identifier is the proximity service relay user key identifier according to the format of the identifier; the authentication server function network element obtains the identifier corresponding to the proximity service anchor point function network element based on the identifier Proximity service relay user key.
  • a communication method is provided, which method can be executed by the authentication server functional network element, or can also be executed by a component (such as a chip or circuit) of the authentication server functional network element, which is not limited. .
  • a component such as a chip or circuit
  • the following description takes the execution of the authentication server function network element as an example.
  • the method includes: the authentication server function network element receives a proximity service authentication request message from the mobility management network element, the proximity service authentication request message includes an identifier, the identifier is carried in an information element, the information element includes second indication information, the The second instruction information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the authentication server function network element determines the identifier based on the second instruction information.
  • the identifier is a proximity service relay user key identifier; the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier.
  • a fourteenth aspect provides a communication method, which can be executed by the authentication server functional network element, or can also be executed by components (such as chips or circuits) of the authentication server functional network element, without limitation. .
  • the following description takes the execution of the authentication server function network element as an example.
  • the method includes: an authentication server function network element receives a proximity service authentication request message from a mobility management network element, the proximity service authentication request message includes an identifier, and the message name of the proximity service authentication request message is the same as the proximity service relay user secret. There is an association relationship between the key identifiers; the authentication server functional network element based on the adjacent service authentication request message The message name, and the association relationship, determine that the identifier is the proximity service relay user key identifier; the authentication server function network element obtains the proximity service relay user corresponding to the identifier from the proximity service anchor point function network element based on the identifier key.
  • a communication device in a fifteenth aspect, includes: a processing module for generating a proximity service relay user key identification; a transceiver module for sending a direct connection communication request message to the relay terminal device.
  • the connectivity request message includes the proximity service relay user key identification.
  • the proximity service relay user key identifier includes first indication information, the first indication information is used to indicate one or more of the following: the proximity The name of the service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
  • the processing module is specifically configured to generate the proximity service relay user key identification according to a preset format, and the preset format is consistent with the proximity service The relay user key ID is associated.
  • the identification is carried in an information element, and the information element includes second indication information, and the second indication information is used to indicate one or more of the following: the The name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
  • the message name of the direct communication request message is associated with the proximity service relay user key identifier.
  • a communication device in a sixteenth aspect, includes: a transceiver module for receiving a proximity service authentication request message from a mobility management network element, where the proximity service authentication request message includes an identifier; and a processing module for determining The identifier is the proximity service relay user key identifier; the processing module is also used to obtain the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier.
  • the identification includes first indication information, and the first indication information is used to indicate one or more of the following: the name of the identification, the type of the identification , the role of the identification, and the application scenarios of the identification; the processing module is specifically configured to determine that the identification is the proximity service relay user key identification according to the first indication information.
  • the format of the identifier is the same as the format of the preset proximity service relay user key identifier; the processing module is specifically configured to use the format of the identifier according to the format of the identifier. Confirm that this identification is the user key identification of the proximity service relay.
  • the identifier is carried in an information element, and the information element includes second indication information, and the second indication information is used to indicate one or more of the following: the The name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the processing module is specifically configured to determine that the identifier is the proximity service relay user key identifier according to the second indication information.
  • the message name of the proximity service authentication request message is associated with the proximity service relay user key identifier; the processing module is specifically configured to perform the processing according to the The message name of the proximity service authentication request message and the association determine that the identifier is the proximity service relay user key identifier.
  • a communication device in a seventeenth aspect, includes: a processing module configured to generate a proximity service relay user key identifier.
  • the proximity service relay user key identifier includes first indication information.
  • the information is used to indicate one or more of the following: the name of the proximity service relay user key identifier, the proximity service relay user key identifier type, the role of the proximity service relay user key identifier, and the application scenarios of the proximity service relay user key identifier;
  • the transceiver module is used to send a direct connection communication request message to the relay terminal device, the direct connection communication request The message includes the proximity service relay user key identification.
  • a communication device in an eighteenth aspect, includes: a processing module for generating the proximity service relay user key identification according to a preset format.
  • the preset format is consistent with the proximity service relay user key identifier.
  • the key identifier is associated; the transceiver module is configured to send a direct communication request message to the relay terminal device, where the direct communication request message includes the proximity service relay user key identifier.
  • a communication device in a nineteenth aspect, includes: a processing module for generating a proximity service relay user key identification; a transceiver module for sending a direct connection communication request message to the relay terminal device.
  • the connection request message includes the proximity service relay user key identifier, which is carried in an information element.
  • the information element includes second indication information, and the second indication information is used to indicate one or more of the following: in the proximity service The name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
  • a communication device in a twentieth aspect, includes: a processing module for generating a proximity service relay user key identification; a transceiver module for sending a direct connection communication request message to the relay terminal device.
  • the connected communication request message includes the proximity service relay user key identifier, and the message name of the direct connection communication request message is related to the proximity service relay user key identifier.
  • a communication device in a twenty-first aspect, includes: a processing module for generating a proximity service relay user key and a proximity service relay user key identifier.
  • the proximity service relay user key identifier includes: First indication information, the first indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, the role of the identification, the application scenario of the identification; the transceiver module is used to transfer the proximity service The relay user key and the proximity service relay user key identification are sent to the proximity service anchor point function network element.
  • a communication device which device includes: a processing module for generating a proximity service relay user key; and generating a proximity service relay user key identifier according to a preset format; a transceiver module, Used to send the proximity service relay user key and the proximity service relay user key identification to the proximity service anchor point function network element.
  • a communication device in a twenty-third aspect, includes: a transceiver module for receiving a direct communication request message from a remote terminal device, where the direct communication request message includes a proximity service relay user key identifier. ; The transceiver module is also used to send a relay key request message to the mobility management network element.
  • the relay key request message includes an information element used to carry the adjacent service relay user key identification, and the information element includes a second Instruction information, the second instruction information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier.
  • a communication device in a twenty-fourth aspect, includes: a transceiver module for receiving a relay key request message from a relay terminal device.
  • the relay key request message includes a nearby service relay user password. Key identifier; processing module, used to select the proximity service authentication request message and send the proximity service relay user key identifier to the authentication service function network element, the message name of the proximity service authentication request message and the proximity service relay user key The identifiers are related.
  • a communication device configured to receive a proximity service authentication request message from a mobility management network element.
  • the proximity service authentication request message includes an identifier, and the identifier includes a first Instruction information, the first instruction information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, the application scenario of the identifier; the processing module is used to indicate according to the first instruction information Make sure the logo is Pro Proximity service relay user key identification; the processing module is also used to obtain the proximity service relay user key corresponding to the identification from the proximity service anchor point function network element based on the identification.
  • a communication device in a twenty-sixth aspect, includes: a transceiver module for receiving a proximity service authentication request message from a mobility management network element.
  • the proximity service authentication request message includes an identifier, and the format of the identifier is the same as The format of the preset proximity service relay user key identification is the same; the processing module is used to determine that the identification is the proximity service relay user key identification according to the format of the identification; the processing module is also used to determine from the proximity service relay user key identification according to the identification
  • the service anchor point function network element obtains the adjacent service relay user key corresponding to the identifier.
  • a communication device in a twenty-seventh aspect, includes: a transceiver module, configured to receive a proximity service authentication request message from a mobility management network element.
  • the proximity service authentication request message includes an identifier, and the identifier is carried in the information.
  • the information element includes second indication information, the second indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, the role of the identification, the application scenario of the identification; the processing module, The processing module is configured to determine that the identifier is a proximity service relay user key identifier based on the second indication information; the processing module is also configured to obtain the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier. key.
  • a communication device configured to receive a proximity service authentication request message from a mobility management network element.
  • the proximity service authentication request message includes an identifier.
  • the proximity service authentication request message includes an identifier.
  • There is an association relationship between the message name of the message and the proximity service relay user key identifier; the processing module is configured to determine that the identifier is the proximity service relay user key according to the message name of the proximity service authentication request message and the association relationship.
  • the identification the processing module is also used to obtain the proximity service relay user key corresponding to the identification from the proximity service anchor point function network element according to the identification.
  • a twenty-ninth aspect provides a communication device, which is used to perform any of the methods provided in the first to fourteenth aspects.
  • the device may include units and/or modules for executing the methods provided in the first to fourteenth aspects, such as a processing module and/or a transceiver module (which may also become a communication module).
  • the device is a terminal device (such as a remote terminal device or a relay terminal device). Or a chip, chip system or circuit in an end device.
  • the communication module may be an input/output interface, interface circuit, output circuit, input circuit, pin or related circuit on the chip, chip system or circuit;
  • the processing module may be a processor, a processing circuit, a logic circuit, etc.
  • the device may include units and/or modules for performing the methods of the first aspect, the third aspect to the sixth aspect, and the ninth aspect, such as a processing unit and/or a communication unit.
  • the device is an authentication server functional network element, or a chip, chip system or circuit in the authentication server functional network element.
  • the device may include units and/or modules for performing the methods provided in the second, seventh, eighth, eleventh to fourteenth aspects, such as processing modules and/or transceivers. module.
  • the device is a mobility management network element, or a chip, chip system or circuit in the mobility management network element.
  • the device may include units and/or modules for performing the method provided in the tenth aspect, such as a processing module and/or a transceiver module.
  • the above-mentioned transceiver may be a transceiver circuit.
  • the above input/output interface may be an input/output circuit.
  • the above-mentioned transceiver may be a transceiver circuit.
  • the above input/output interface may be an input/output circuit.
  • a communication device in a thirtieth aspect, includes: a memory for storing programs; a processor for In order to execute the program stored in the memory, when the program stored in the memory is executed, the processor is configured to perform any one of the methods provided in the above-mentioned first to fourteenth aspects.
  • this application provides a processor for executing the methods provided in the above aspects.
  • the process of sending the above information and obtaining/receiving the above information in the above method can be understood as the process of the processor outputting the above information, and the process of the processor receiving the input above information.
  • the processor When outputting the above information, the processor outputs the above information to the transceiver for transmission by the transceiver. After the above information is output by the processor, it may also need to undergo other processing before reaching the transceiver.
  • the transceiver obtains/receives the above information and inputs it into the processor. Furthermore, after the transceiver receives the above information, the above information may need to undergo other processing before being input to the processor.
  • the receiving request message mentioned in the foregoing method can be understood as the processor receiving input information.
  • the above-mentioned processor may be a processor specifically designed to perform these methods, or may be a processor that executes computer instructions in a memory to perform these methods, such as a general-purpose processor.
  • the above-mentioned memory can be a non-transitory memory, such as a read-only memory (ROM), which can be integrated on the same chip as the processor, or can be separately provided on different chips.
  • ROM read-only memory
  • a computer-readable storage medium stores a program code for device execution.
  • the program code includes a method for executing any one of the methods provided in the above-mentioned first to fourteenth aspects. .
  • a thirty-third aspect provides a computer program product containing instructions, which when the computer program product is run on a computer, causes the computer to execute any of the methods provided in the above-mentioned first to fourteenth aspects.
  • a chip in a thirty-fourth aspect, includes a processor and a communication interface.
  • the processor reads instructions stored in the memory through the communication interface and executes any of the methods provided in the above-mentioned first to fourteenth aspects. .
  • the chip may also include a memory, in which instructions are stored, and the processor is used to execute the instructions stored in the memory.
  • the processor is used to execute the above-mentioned first step. Any method provided by the first aspect to the fourteenth aspect.
  • a communication system including the aforementioned authentication server functional network element and mobility management network element.
  • the communication system may also include the above-mentioned remote terminal device.
  • the communication system may also include the above-mentioned relay terminal equipment.
  • Figure 1 (a) and Figure 1 (b) show a schematic diagram of a network architecture applicable to the embodiment of the present application.
  • Figure 2 shows a schematic structural diagram of a user hidden identity.
  • Figure 3 shows an exemplary flowchart of the method 300 provided by the embodiment of the present application.
  • Figure 4 shows an exemplary flow chart of the method 400 provided by the embodiment of the present application.
  • Figure 5 is a schematic block diagram of a communication device provided by an embodiment of the present application.
  • Figure 6 is a schematic block diagram of a communication device provided by another embodiment of the present application.
  • Figure 7 is a schematic block diagram of a communication device provided by yet another embodiment of the present application.
  • the technical solutions provided by this application can be applied to various communication systems, such as fifth generation (5th generation, 5G) or new radio (NR) systems, long term evolution (LTE) systems, LTE frequency division Duplex (frequency division duplex, FDD) system, LTE time division duplex (TDD) system, etc.
  • the technical solution provided by this application can also be applied to future communication systems, such as the sixth generation mobile communication system.
  • the technical solution provided by this application can also be applied to device-to-device (D2D) communication, vehicle-to-everything (V2X) communication, machine-to-machine (M2M) communication, machine type Communication (machine type communication, MTC), and Internet of Things (Internet of things, IoT) communication systems or other communication systems.
  • D2D device-to-device
  • V2X vehicle-to-everything
  • M2M machine-to-machine
  • MTC machine type Communication
  • Internet of Things Internet of things, IoT
  • At least one of the following or similar expressions thereof refers to any combination of these items, including any combination of a single item (items) or a plurality of items (items).
  • at least one of a, b, or c can mean: a, b, c, ab, ac, bc, or abc, where a, b, c can be single or multiple .
  • words such as “first” and “second” are used to distinguish identical or similar items with basically the same functions and effects.
  • words such as “first” and “second” do not specify the quantity or order of execution. are limited, and the words “first”, “second”, etc. are not limited to being different.
  • words such as “exemplary” or “for example” are used to represent examples, illustrations or explanations. Any embodiment or design described as “exemplary” or “such as” in the embodiments of the present application is not to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as “exemplary” or “such as” is intended to present related concepts in a concrete manner that is easier to understand.
  • FIG. 1 is a schematic diagram of a network architecture suitable for the method provided by the embodiment of the present application.
  • the network architecture can specifically include the following network elements:
  • User equipment can be called terminal equipment, terminal, access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, wireless communication equipment , user agent or user device.
  • the terminal device may also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a device with wireless communications Functional handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, drones, wearable devices, end devices in 5G networks or evolved public land mobile networks (PLMN)
  • SIP session initiation protocol
  • WLL wireless local loop
  • PDA personal digital assistant
  • Functional handheld devices computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, drones, wearable devices, end devices in 5G networks or evolved public land mobile networks (PLMN)
  • PLMN evolved public land mobile networks
  • the UE can be connected to the next generation radio access network (NG-RAN) equipment through the Uu interface.
  • NG-RAN next generation radio access network
  • UE#A and UE#D shown in (a) of Figure 1 are connected to the NG-RAN through the Uu interface.
  • Two UEs with proximity-based services application (ProSe application) functions can also be connected through the PC5 interface.
  • UE#A and UE#B shown in (a) of Figure 1 are connected through the PC5 interface.
  • UE#B and UE#C are connected through the PC5 interface
  • UE#A and UE#D are connected through the PC5 interface.
  • Access network Provides network access functions for authorized users in a specific area, and can use transmission tunnels of different qualities according to user levels, business needs, etc.
  • the access network may be an access network using different access technologies.
  • Current access network technologies include: wireless access network technology used in 3rd generation (3G) systems, wireless access network technology used in 4G systems, or NG- as shown in Figure 1(a) RAN technology (such as the wireless access technology used in 5G systems), etc.
  • An access network that implements access network functions based on wireless communication technology can be called a radio access network (RAN).
  • the wireless access network can manage wireless resources, provide access services to terminals, and complete the forwarding of control signals and user data between the terminals and the core network.
  • the radio access network equipment may be, for example, a base station (NodeB), an evolved base station (evolved NodeB, eNB or eNodeB), or a next generation base station node (next generation Node Base station, gNB) in a 5G mobile communication system.
  • NodeB NodeB
  • eNB evolved base station
  • gNB next generation base station node
  • a mobile communication system A base station in a wireless hotspot (WiFi) system, an access point (AP), etc., or a wireless controller in a cloud radio access network (CRAN) scenario, or the wireless Access network equipment can be relay stations, access points, vehicle-mounted equipment, drones, wearable devices and 5G Network equipment in the network or network equipment in the evolved PLMN, etc.
  • WiFi wireless hotspot
  • AP access point
  • CRAN cloud radio access network
  • the embodiments of this application do not limit the specific technology and specific equipment form used by the wireless access network equipment.
  • Access management network element Mainly used for mobility management and access management, responsible for transmitting user policies between user equipment and policy control function (PCF) network elements, etc., and can be used to implement mobility management entities (mobility management entity, MME) functions other than session management. For example, lawful interception, or access authorization (or authentication) functions.
  • PCF policy control function
  • the access management network element can be an access and mobility management function (AMF) network element.
  • AMF access and mobility management function
  • the access management network element can still be an AMF network element, or it can have other names, which are not limited in this application.
  • Session management network element Mainly used for session management, Internet protocol (IP) address allocation and management of user equipment, selection of endpoints for manageable user plane functions, policy control and charging function interfaces, and downlink data Notifications etc.
  • IP Internet protocol
  • the session management network element can be a session management function (SMF) network element.
  • SMF session management function
  • the session management network element can still be an SMF network element, or it can also have other names, which is not limited in this application.
  • User plane network element used for packet routing and forwarding, quality of services (QoS) processing of user plane data, completing user plane data forwarding, session/flow level-based billing statistics, bandwidth limitation and other functions.
  • QoS quality of services
  • the user plane network element can be a user plane function (UPF) network element.
  • UPF user plane function
  • user plane network elements can still be UPF network elements, or they can have other names, which are not limited in this application.
  • Data network element used to provide a network for transmitting data.
  • the data network element may be a data network (DN) network element.
  • DN data network
  • data network elements can still be DN network elements, or they can have other names, which are not limited in this application.
  • Policy control network element A unified policy framework used to guide network behavior and provide policy rule information for control plane functional network elements (such as AMF, SMF network elements, etc.).
  • the policy control network element may be a policy and charging rules function (PCRF) network element.
  • the policy control network element may be a policy control function (PCF) network element.
  • PCF policy control function
  • future communication systems the policy control network element can still be a PCF network element, or it can also have other names, which are not limited in this application.
  • Data management network element used to process user equipment identification, access authentication, registration and mobility management, etc.
  • the data management network element can be a unified data management (UDM) network element; in the 4G communication system, the data management network element can be a home subscriber server (HSS) network element. Yuan. In future communication systems, the data management network element can still be a UDM network element, or it can also have other names, which is not limited in this application.
  • UDM unified data management
  • HSS home subscriber server
  • Data warehouse network element responsible for the access function of contract data, policy data, application data and other types of data.
  • the data warehouse network element may be a unified data warehouse (unified data repository, UDR) network element.
  • UDR unified data repository
  • the data warehouse network element can still be a UDR network element, or it can also have other names, which is not limited in this application.
  • Network exposure function (NEF) entity used to securely open to the outside the services and capabilities provided by 3GPP network functions.
  • ProSe application server It can be the application function (AF) of the DN, or it can be the AS itself that provides ProSe services.
  • AF with ProSe application server function has all the functions of AF defined in version 23.501R-15, as well as related functions for ProSe business. That is to say, in the user plane architecture, the ProSe application server and the UE communicate on the user plane through the UE-RAN-UPF-AF path.
  • the ProSe application server can also communicate with other network functions (NF) in the 5G core network (5GC) through NEF in the control plane architecture. For example, communicating with PCF through NEF.
  • NF network functions
  • the ProSe application server is the AF of the DN, and the AF is deployed by the operator of the 5GC, the ProSe application server can also directly communicate with other NFs in the 5GC in the control plane architecture, such as directly communicating with the PCF, without using NEF.
  • 5G direct discovery name management function It has the function of allocating and processing ProSe application identifiers and ProSe application codes for open ProSe discovery. The role of the mapping relationship between application code).
  • 5G DDNMF can communicate with the ProSe application server through the PC2 interface for authorization of processing discovery requests, and also has unallocated and processing application identifiers ) and the code used in the restricted proximity service, where the code used in the restricted proximity service includes the restricted proximity service code (ProSe restricted code), the proximity service request code (ProSe query code) and the proximity service Reply code (ProSe response code).
  • 5G DDNMF is PLMN granular, that is, a PLMN has only one 5G DDNMF.
  • a 5G DDNMF can be uniquely determined by the mobile country code (MCC) and mobile network code (MNC).
  • AUSF Authentication server function
  • ProSe key management function It can be responsible for generating and distributing keys for PC5 interface connection for UEs using proximity services. UE needs to interact with PKMF through the control plane to obtain PC5 interface usage. key.
  • the above network elements or functions can be network elements in hardware devices, software functions running on dedicated hardware, or virtualization functions instantiated on a platform (for example, a cloud platform).
  • the above network element or function can be implemented by one device, or can be implemented by multiple devices together, or can be a functional module in one device, which is not specifically limited in the embodiments of this application.
  • network architecture applicable to the embodiment of the present application shown in (a) of Figure 1 is only an example, and the network architecture applicable to the embodiment of the present application is not limited to this. Any network architecture that can implement the above various networks All functional network architectures are applicable to the embodiments of this application.
  • network function network element entities such as AMF, SMF network elements, PCF network elements, and UDM network elements are all called network function (NF) network elements; or, in other network architectures , AMF, SMF network elements, PCF network elements, UDM network elements and other network elements can be called control plane functional network elements.
  • AMF, SMF network elements, PCF network elements, UDM network elements and other network elements can be called control plane functional network elements.
  • network elements such as PKMF and DDNMF can be called User plane network elements.
  • FIG. 1 shows a schematic diagram of another communication system architecture according to an embodiment of the present application.
  • the remote terminal device can assist through the relay terminal device.
  • the communication between the terminal terminal equipment and the relay terminal equipment, and the communication between the relay terminal equipment and the access network equipment are implemented to realize the communication between the remote terminal equipment and the access network equipment.
  • the remote terminal device can communicate with the RAN through the relay terminal device.
  • D2D communication allows direct communication between UEs and can share spectrum resources with cell users under the control of the cell network, effectively improving the utilization of spectrum resources.
  • D2D communication has been used in 4G and 5G network systems, collectively called proximity based service communication (ProSe).
  • the remote UE can perform auxiliary communication through the relay UE (relay UE), that is, through communication between the remote UE and the relay UE, the relay UE After the UE communicates with the mobile network, the remote UE can obtain services.
  • the remote UE can obtain services.
  • the communication method from the remote UE to the relay UE to the network can be called UE-to-network relay communication.
  • SUPI is a 5G globally unique user permanent identifier assigned to each user, including four types (SUPI type): IMSI, NSI (network specific identifier), Global Line Identifier (GLI), Global Cable Identifier (GCI), among which, NSI, GLI, and GCI types of SUPI are all in NAI format.
  • SUPI in NAI format is a type of SUPI generated by a third party rather than the operator. It is a universal format and its expression is username@realm. Among them, username represents the username corresponding to SUPI, and realm represents the domain name corresponding to SUPI.
  • SUCI subscribed identifier
  • SUCI is also in NAI format.
  • SUCI is in string form, for example, as an example, SUCI can be: type0.rid678.schid1.hnkey27.eckey ⁇ ECC ephemeral public key>.cip ⁇ encryption of0999999999>.mac ⁇ MAC tag value>@5gc.mnc015. mcc234.3gppnetwork.org.
  • FIG. 2 shows a structure of SUCI.
  • SUCI mainly includes the following contents:
  • SUPI type (SUPI type): The value range is 0-7, where 0 represents IMSI; 1 represents NSI; 2 represents GLI; 3 represents GCI; 4 to 7 have not been defined yet.
  • Home Network Identifier Marks the network where the user is registered.
  • SUPI IMSI
  • its registration location identifier includes MCC and MNC
  • SUPI NAI
  • its registration location network length is a variable string representing the domain name
  • the home network identifier is the mobile country code (MCC) and mobile network code (MNC).
  • MCC mobile country code
  • MNC mobile network code
  • the Home Network Identifier is a string in the format of username@realm.
  • SUPI type is GCI
  • the format of Home Network Identifier is 5gc.mnc ⁇ MNC>.mcc ⁇ MCC>.3gppnetwork.org.
  • Routing Indicator includes 1-4 decimal data, used to identify the registered network operator and UICC;
  • Protection Scheme Id Used to identify the algorithm used to generate SUCI, including the following three types: NULL-scheme: 0, Profile ⁇ A>: 1, Profile ⁇ B>: 2. That is, when Protection Scheme Id is 0, it means that SUCI is generated using the empty algorithm NULL-scheme; when Protection Scheme Id is 1, it means that SUCI is generated using algorithm Profile ⁇ A>; when Protection Scheme Id is 2, it means that SUCI is generated using Generated by algorithm Profile ⁇ B>. Among them, Profile ⁇ A> and Profile ⁇ B> can be called non-empty algorithms.
  • Profile ⁇ A> represents the ECIES algorithm with a public key length of 256 bits
  • Profile ⁇ B> represents the ECISE algorithm with a public key length of 264 bits.
  • Home Network Public Key Id The value is 0-255.
  • the public key provided by HPLMN is used for SUPI protection; when it is not enabled (null-scheme), the value is 0.
  • Scheme Output consists of a string of variable length or hexadecimal digits, which depends on the protection scheme used. For example, for SUPI in NAI format, the parameters obtained by encrypting and calculating the username part contained in SUPI can be used as the Scheme Output part of SUCI.
  • 5G PRUK ID is a key identifier used to identify 5G PRUK, where 5G PRUK is a key generated by Kausf.
  • 5G PRUK ID is in NAI format, that is, 5G PRUK ID consists of username@relam.
  • the username includes the Routing Identifier and the KDF calculation result.
  • the KDF calculation result is calculated by putting Kausf and some input parameters into KDF. Input parameters will include the string "PRUK-ID", RSC and SUPI.
  • A-KID is the key ID used to identify Kakma, and it also uses the NAI format, that is, username@relam format.
  • username includes routing identifier Routing Identifier and KDF calculation result.
  • the KDF calculation result is calculated by AUSF using Kausf and some input parameters put into KDF. Input parameters will include the string "A-TID" and SUPI.
  • identifiers are often used. These identifiers are usually used to identify the user's identity, or to identify a certain network element, or to identify a certain key, or to identify a certain session. wait.
  • a network element receives an identifier, it can perform some operations based on the identifier. However, if the network element cannot recognize this identifier, it may not be able to execute the correct process based on this identifier, or in other words, it may execute the wrong process.
  • a specific scenario in which the above problem may exist is introduced below based on the communication process shown in Figure 3.
  • FIG. 3 shows a Prose control plane (CP) process, where the CP process refers to the process in which the remote UE obtains the key used to establish PC5 security with the relay UE through the NAS message of the relay UE.
  • AMF Remote
  • AMF Remote
  • AMF Remote
  • AMF Relay
  • the other network elements can be explained in a similar manner, and will not be explained one by one here.
  • the following is an exemplary description of the CP process in conjunction with each step in the method 300. For parts that are not explained in detail, reference can be made to existing protocols.
  • Remote UE registers with the network and performs authentication and authorization through the network.
  • Relay UE registers with the network and performs authentication and authorization through the network.
  • Remote UE sends a direct communication request (Direct Communication Request) message to Relay UE.
  • Direct Communication Request Direct Communication Request
  • the direct communication request message carries the SUCI of the Remote UE, relay service code (RSC), Nounce_1, etc.
  • RSC relay service code
  • Nounce_1 the Remote UE does not have a 5G PRUK ID saved locally.
  • the Remote UE uses SUCI to initiate a direct communication request. This SUCI is used by UDM to obtain the SUPI of the Remote UE and authenticate the remote UE.
  • the direct communication request message carries 5G PRUK ID, RSC, Nounce_1, etc.
  • the UE has already accessed the network before the process shown in method 300. When it last accessed the network, the Remote UE obtained and saved the 5G PRUK ID. In this case, the Remote UE uses the 5G PRUK ID to initiate a direct connection. Communication Requests.
  • RSC is used for Remote UE and relay UE to discover each other. It is used to indicate the service information that Relay can provide for Remote UE.
  • a RelayUE can support multiple different RSCs, but can only carry one RSC each time it is discovered.
  • RSC is issued by the network side to RelayUE and RemoteUE.
  • the network side will also issue PDU session related parameters, such as DNN or single network slice selection assistance information (single network slice selection assistance information, S-NSSAI); Nounce_1 is used for delivery Give the remote UE's home network as a key generation parameter.
  • Relay UE sends a relay key request (Relay Key Request) message to the AMF (Relay).
  • the AMF is the AMF corresponding to the Relay UE, or in other words, the AMF is the AMF that provides access services for the Relay UE.
  • the message is NAS message, which includes the identity information of the Relay UE and the information obtained from the direct communication request message from the Remote UE, such as SUCI, RSC, Nounce_1, etc.; or 5G PRUK ID, RSC, Nounce_1, etc.
  • Nounce_1 carries a random number. The probability of Nounce_1 being the same is very low and is different in most cases. Therefore, it can be understood that the Nounce_1 value in SUCI, RSC, Nounce_1 and 5G PRUK ID, RSC, Nounce_1 is different.
  • AMF authenticates Relay UE.
  • the AMF checks whether the relay UE can provide relay services, or in other words, the AF checks whether the relay UE can serve as a relay device. If so, follow the process.
  • AMF sends a Prose authentication request (Nausf_UEAuthentication_ProseAuthenticate Request) message to AUSF (Remote).
  • the AUSF corresponds to Remote UE.
  • the Prose authentication request message carries the information obtained by the AMF from the relay key request message received by the Relay UE, such as SUCI, RSC, Nounce_1, etc.; or 5G PRUK ID, RSC, Nounce_1, etc.
  • Prose authentication request message carries SUCI
  • AUSF executes the flow corresponding to case A in Figure 3. process
  • the Prose authentication request message carries the 5G PRUK ID
  • the AUSF executes the process corresponding to case B in Figure 3.
  • AUSF obtains the main authentication parameters through UDM. For example, AUSF sends a service request message to UDM to request to obtain the main authentication parameters, and UDM returns the main authentication parameters to AUSF according to the request of AUSF.
  • AUSF After AUSF obtains the main authentication parameters, it triggers the main authentication process of Remote UE.
  • Remote UE performs the main authentication process through the AUSF of relay UE and remote UE.
  • the specific process is shown in S309-S314. Please refer to the existing protocol for the detailed process and will not be repeated here.
  • Remote UE generates 5G PRUK and 5G PRUK ID.
  • the AUSF of the remote UE and the remote UE generate the key 5G PRUK and the key identifier 5G PRUK ID respectively.
  • AUSF sends a Prose key registration request (Npanf_ProSeKey_Register Request) message to PAnF.
  • the key registration request message carries SUPI, PRUK and 5G PRUK ID.
  • PAnF sends a Prose key registration response (Npanf_ProSeKey_Register Response) message to AUSF.
  • PAnF After PAnF receives the Prose key registration request message from AUSF, it saves PRUK and 5G PRUK ID, and the PRUK and 5G PRUK ID are associated with the SUPI of Remote UE. After the saving is completed, PAnF sends a Prose key registration response message to AUSF.
  • AUSF sends a Prose key acquisition request (Npanf_ProSeKey_Get Request) message to PAnF.
  • the Prose key acquisition request message includes the 5G PRUK ID, and the Prose key acquisition request message is used to request to obtain the 5G PRUK.
  • PAnF sends a Prose key acquisition response (Npanf_ProSeKey_Get Response) message to AUSF.
  • PAnF After PAnF receives the Prose key acquisition request message from the AUSF, it obtains the 5G PRUK corresponding to the 5G PRUK ID locally, and then sends the 5G PRUK to the AUSF through the Prose key acquisition response message.
  • the 5G PRUK saved locally by PAnF can be obtained and saved locally through a method similar to S316 when the Remote UE last accessed the network.
  • S320 The AUSF of the Remote UE further generates the key K NR_ProSe .
  • the AUSF sends a Prose authorization response message to the AMF of the Relay UE.
  • the Prose authorization response message includes K NR_ProSe , Nounce_2, 5G PRUK ID, etc. Among them, when AUSF generates K NR_ProSe , it uses K NR_ProSe and Nounce_1 as input parameters to generate Nounce_2.
  • the AMF sends a relay key response (Relay Key Response) message to the Relay UE.
  • the relay key response message includes K NR_ProSe , Nounce_2, 5G PRUK ID, etc.
  • the Relay UE After receiving the relay key response message, the Relay UE saves K NR_ProSe and sends a direct security mode command (Direct Security mode command) message to the Remote UE.
  • the direct security mode command message includes Nounce_2, 5G PRUK ID. wait.
  • Remote UE sends a direct security mode completion (Direct Security Complete) message to Relay UE.
  • direct security mode completion Direct Security Complete
  • Relay UE sends a Direct Communication Accept message to Remote UE.
  • the AUSF obtains the main authentication parameters from the UDM (corresponding to S308) and triggers the main authentication process for the Remote UE (corresponding to S309-S314) .
  • AUSF After the main authentication is successful, AUSF generates 5G PRUK and 5G PRUK ID (corresponding to S315a), and saves 5G PRUK and 5G PRUK ID to PAnF (corresponding to S316-S317). It is understood that in this case, AUSF does not need to perform S318-S319.
  • S307 carries a 5G PRUK ID
  • AUSF directly obtains the 5G PRUK corresponding to the 5G PRUK ID through PAnF (corresponding to S318-S319). It is understood that in this case, AUSF does not need to perform S308-S317.
  • AUSF needs to determine the next process to be performed based on whether the identifier carried in S307 is SUCI or 5G PRUK ID.
  • 5G PRUK ID and SUCI are consistent, and in some cases, AUSF may not be able to distinguish whether the received identification is SUCI or 5G PRUK ID.
  • AUSF may not be able to clearly distinguish whether it is the SUCI or the 5G PRUK ID received.
  • some of the previous fields are converted to type0.rid678, which is exactly the same as the first few fields in SUCI. At this time, AUSF cannot determine whether the received ID is SUCI is still 5G PRUK ID.
  • the embodiment of the present application provides a communication method 400, which can be used to distinguish different identifiers.
  • the method 400 provided by the embodiment of the present application will be exemplified below with reference to Figure 4 .
  • the remote terminal device generates a proximity service relay user key and a proximity service relay user key identifier.
  • the authentication server functional network element generates a proximity service relay user key and a proximity service relay user key identifier.
  • the remote terminal device and the authentication server functional network element generate the proximity service relay user key and the proximity service relay user key identifier in the same way.
  • the following explanation will be based on the remote terminal device as an example. .
  • the proximity service relay user key identifier may carry a first indication information to indicate that the proximity service relay user key identifier is What identifier, or in other words, the first indication information is used to identify the proximity service relay user key identifier.
  • the first indication information is used to indicate one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the function of the proximity service relay user key identifier, Application scenarios for proximity service relay user key identification, etc.
  • a network element After a network element receives the proximity service relay user key identifier, it can identify the proximity service relay user key identifier according to the first indication information carried in the proximity service relay user key identifier, or in other words , determine the meaning or function of the proximity service relay user key identification, and then execute subsequent processes based on the identification.
  • identification of a certain logo in the embodiment of this application refers to determining what logo the logo is, or in other words, determining the meaning or name of the logo, or determining the function or role of the logo. Or, determine the application scenarios of the logo, etc. The description will not be repeated in other similar places.
  • S401a and S401b may correspond to S315a and S315b in method 300, where In this case, the Remote UE in method 300 corresponds to the remote terminal device in method 400, and the AUSF in method 300 corresponds to the authentication service function network element in method 400.
  • the first indication information may be carried in the 5G PRUK ID.
  • the message can be a string.
  • the first indication information may indicate (or describe) the usage scenario of the 5G PRUK ID.
  • the first indication information may be the string "5G Prose"; in another implementation, The first indication information may indicate the name (or meaning) of the 5G PRUK ID.
  • the first indication information may be the character string "5G PRUKID".
  • the first indication information can be carried anywhere in the 5G PRUK ID.
  • the first indication information can be carried in the username included in the 5G PRUK ID, or in the realm included in the 5G PRUK ID.
  • the following description takes the first indication information as the string "5G PRUKID" as an example.
  • the first indication information can be carried at the beginning of username or realm.
  • the 5G PRUK ID is: "5G PRUKID”[email protected], or the 5G PRUK ID For: rid678.0123456789@"5G PRUKID".5gc.mnc015.mcc234.3gppnetwork.org.
  • the ".” in the above examples has the function of connection and distinction.
  • the double quotes in "5G PRUKID" in the above example can be omitted.
  • the 5G PRUK ID is: 5G [email protected], or the 5G PRUK ID is: rid678.0123456789@5G PRUKID.5gc.mnc015.mcc234.3gppnetwork.org.
  • the first indication information can be carried at the end of username or realm.
  • the 5G PRUK ID is: rid678.0123456789.”5G PRUKID"@5gc.mnc015.mcc234.3gppnetwork.org, or the 5G PRUK ID is: :[email protected]. "5G PRUKID”.
  • the first indication information can be carried in the middle of username or realm.
  • the 5G PRUK ID is: rid678.”5G [email protected], or the 5G PRUK ID is: :rid678.0123456789@5gc.”5G PRUKID".mnc015.mcc234.3gppnetwork.org.
  • the authentication server functional network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
  • the authentication server function network element After the authentication server function network element generates the proximity service relay user key and the proximity service relay user key identifier, it sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service relay user key.
  • Service anchor function network element Correspondingly, the proximity service anchor function network element receives the proximity service relay user key and the proximity service relay user key identification from the authentication server function network element, and then saves the proximity service relay user key and proximity service Relay user key ID.
  • S402 may correspond to S316 in method 300.
  • the PAnF in method 300 may correspond to the proximity service anchor function network element in method 400.
  • the remote terminal device sends a direct communication request message to the relay terminal device.
  • the relay terminal device receives the direct communication request message from the remote terminal device.
  • the remote terminal device carries an identifier in the direct communication request message. It can be understood that when the remote terminal device has a proximity service relay user key identifier, the identifier is the proximity service relay user key identifier; when there is no proximity service relay user key identifier in the remote terminal device In the case of key identification, the identification is the user hidden identification of the remote terminal device.
  • the relay terminal device sends a relay key request message to the mobility management network element.
  • the relay key request message package Including the identification received by the relay terminal equipment from the remote terminal equipment in S403.
  • the mobility management network element receives the relay key request message from the relay terminal device.
  • the mobility management network element sends a proximity service authentication request message to the authentication server function network element.
  • the proximity service authentication request message includes the identification received by the mobility management network element from the relay terminal device in S404.
  • the authentication server function network element receives the proximity service authentication request message from the mobility management network element.
  • the authentication server functional network element determines that the identifier is the proximity service relay user key identifier.
  • the authentication server function network element receives the proximity service authentication request message from the mobility management network element, it obtains the identity from the proximity service authentication request message. Then the authentication server functional network element recognizes the identifier, or in other words, the authentication server functional network element determines what the identifier is, or in other words, the authentication server functional network element determines the name or meaning of the identifier.
  • the authentication server function network element can identify the identifier based on the first indication information. For example, when the first indication information indicates the name of the proximity service relay user key identifier, the authentication server function network element determines that the identifier is the proximity service relay user key identifier based on the first indication information.
  • the AUSF in S307 in method 300, after receiving the Prose authentication request message from the AMF, the AUSF obtains an identity from the Prose authentication request message, if the identity includes the first indication information and is "5G PRUKID", then AMF determines that the identifier is 5G PRUKID. In this case, AUSF determines to execute the process corresponding to situation B in Figure 3. Otherwise, the AUSF determines that the identifier is SUCI. In this case, the AUSF determines to execute the process corresponding to case A in Figure 3.
  • the authentication server function network element obtains the proximity service relay user key corresponding to the identification from the proximity service anchor point function network element.
  • the specific process is not limited in this application.
  • the proximity service relay user key identifier carries the first indication information
  • the first indication information may indicate one or more of the name, type, function, and application scenario of the proximity service relay user key identification.
  • the authentication server function network element can determine that the identifier is the proximity service relay user key based on the first indication information. identification, otherwise the authentication server function network element determines that the identification is a user hidden identification. Therefore, through the above solution, the user key identification of the adjacent service relay can be identified.
  • the first indication information can be added to the identifier to distinguish different identifiers.
  • the core network element generates an identification for a personal Internet of things device (personal Internet of things, PIN)
  • the first indication information may be the PIN.
  • Terminal equipment can distinguish which business or function the stored context information corresponds to based on different identifiers; core network elements can determine subsequent processes based on different identifiers.
  • first indication information can be added to one or more of the logos to distinguish different logos, or in other words, to use a
  • the network element identifies the received identifier. For example, if a certain technology appears in the future and requires AUSF for authentication, and the generation method of the identification used is similar to the generation method of 5G PRUK ID, and this identification also comes from AMF, then when AUSF generates this identification, it can be in this Add the first indication information to the logo to distinguish this logo, 5G PRUK ID and SUCI.
  • the remote terminal device generates a proximity service relay user key and a proximity service relay user key identifier.
  • the authentication server functional network element generates a proximity service relay user key and a proximity service relay user key identifier.
  • the remote terminal device and the authentication server functional network element generate the proximity service relay user key and the proximity service relay user key identification in a similar manner.
  • the following explanation will be based on the remote terminal device as an example. .
  • the remote terminal device may generate a proximity service relay user key identification according to a preset format. That is to say, the format (or structure) of the proximity service relay user key identification can be specified, that is, an associated format is preset for the proximity service relay user key identification, and the proximity service generated by the remote terminal device The subsequent user key identification needs to meet the preset format.
  • the username part contained in 5G PRUKID starts with the routing identifier.
  • the 5G PRUK ID generated by AUSF and Remote UE is:
  • the username contained in 5G PRUKID ends with the routing identifier.
  • the 5G PRUK ID generated by AUSF and Remote UE is: [email protected].
  • the routing identifier is set at the default position of the username of 5G PRUKID. For example, it is specified that the routing identifier is set after the 4th character of the username of 5G PRUKID.
  • the 5G PRUK ID generated by AUSF and Remote UE is: [email protected].
  • the authentication server functional network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
  • the authentication server function network element After the authentication server function network element generates the proximity service relay user key and the proximity service relay user key identifier, it sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service relay user key.
  • Service anchor function network element Correspondingly, the proximity service anchor function network element receives the proximity service relay user key and the proximity service relay user key identification from the authentication server function network element, and then saves the proximity service relay user key and proximity service Relay user key ID.
  • the remote terminal device sends a direct communication request message to the relay terminal device.
  • the relay terminal device receives the direct communication request message from the remote terminal device.
  • the remote terminal device carries an identifier in the direct communication request message. It can be understood that when the remote terminal device has a proximity service relay user key identifier, the identifier is the proximity service relay user key identifier; when there is no proximity service relay user key identifier in the remote terminal device In the case of key identification, the identification is the user hidden identification of the remote terminal device.
  • the relay terminal device sends a relay key request message to the mobility management network element.
  • the relay key request message includes the identification received by the relay terminal device from the remote terminal device in S403.
  • the mobility management network element receives the relay key request message from the relay terminal device.
  • the mobility management network element sends a proximity service authentication request message to the authentication server function network element.
  • the proximity service authentication request message includes the identification received by the mobility management network element from the relay terminal device in S404.
  • the authentication server function network element receives the proximity service authentication request message from the mobility management network element.
  • the authentication server functional network element determines that the identifier is the proximity service relay user key identifier.
  • the authentication server function network element receives the proximity service authentication request message from the mobility management network element, it obtains the identity from the proximity service authentication request message. Then the authentication server functional network element recognizes the identifier, or in other words, the authentication server functional network element determines what the identifier is, or in other words, the authentication server functional network element determines the name or meaning of the identifier.
  • the authentication server function network element identifies the identifier according to the format of the identifier.
  • the authentication server functional network element determines that the identifier is the proximity service relay user key identifier; if the format of the identifier is the same as the user key identifier, When the format of the hidden identifier is the same, the authentication server functional network element determines that the identifier is the user's hidden identifier.
  • AUSF determines the format and regulations of the identifier. Whether the format of the 5G PRUKID is the same. For example, corresponding to the first example of the S401a part above, AUSF determines whether the identifier starts with a routing identifier. If so, AUSF determines that the identifier is a 5G PRUK ID. In this case AUSF determines to execute the process corresponding to case B in Figure 3. If the identifier starts with "type", the AUSF determines that the identifier is SUCI. In this case, the AUSF determines to execute the process corresponding to case A in Figure 3.
  • AUSF when the Prose authentication request message only carries two different identifiers, AUSF only needs to determine one of them to clearly execute the process. For example, AUSF may only need to determine whether the identifier starts with "type”. If so, it is determined to be SUCI, and the process corresponding to case A in Figure 3 is executed. Alternatively, AUSF may only need to determine whether the identifier starts with "rid”. If so, it is determined to be 5GPRUKID, and then the process corresponding to case B in Figure 3 is executed. When AUSF can receive more than two identities through one service, AUSF may need to determine more situations. For example, AUSF can receive SUCI, SUPI and 5GPRUKID through a service.
  • AUSF can first confirm whether the identifier starts with "type". It is not SUCI. If not, then further determine whether the identifier is 5GPRUKID or SUPI based on whether the identifier carries rid. If it carries rid, it is determined that the identifier is 5GPRUKID, otherwise it is determined that the identifier is SUPI. In other words, the way to distinguish SUCI and SUPI can also be distinguished based on whether it starts with "type".
  • the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element.
  • the specific process is not limited in this application.
  • the remote terminal device and the authentication server functional network element can generate the proximity service relay user key identification according to a preset format.
  • the authentication server function network element receives an identifier, it can determine what the identifier is based on the format of the identifier.
  • the authentication server functional network element can determine that the identifier is the proximity service relay user key identifier; if the format of the identifier is the same as the format of the proximity service relay user key identifier, When the format of the user's hidden identity is the same, the authentication server functional network element determines that the identity is the user's hidden identity. Therefore, through the above solution, the user key identification of the adjacent service relay can be identified.
  • terminal equipment and core network elements when terminal equipment and core network elements generate identifiers, they can generate identifiers according to a preset format to distinguish different identifiers. For example, when the core network element generates an identification for a personal Internet of things (PIN) device, it can be based on the preset The format set is the PIN generation identifier.
  • Terminal equipment can distinguish which business or function the stored context information corresponds to based on different identifiers; core network elements can determine subsequent processes based on different identifiers.
  • one or more logos can be generated according to a preset format, and the format of the logo can be used to distinguish different logos, or in other words,
  • the received identifier is used to identify a certain network element. For example, if a certain technology emerges in the future that requires AUSF for authentication, and the generation method of the identification used is similar to that of 5G PRUK ID, and this identification also comes from AMF, then when generating this identification, AUSF can follow the predetermined Set the format to generate this identifier to distinguish this identifier, 5G PRUK ID, and SUCI.
  • the remote terminal device generates a proximity service relay user key and a proximity service relay user key identifier.
  • the authentication server functional network element generates a proximity service relay user key and a proximity service relay user key identifier.
  • S401a and S401b in method 400 may correspond to S315a and S315b in method 300.
  • the remote terminal device and the authentication server functional network element can generate the proximity service relay user key identifier in a manner similar to S315a and S315b in method 300. This application will Not limited.
  • the authentication server functional network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
  • the authentication server function network element After the authentication server function network element generates the proximity service relay user key and the proximity service relay user key identifier, it sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service relay user key.
  • Service anchor function network element Correspondingly, the proximity service anchor function network element receives the proximity service relay user key and the proximity service relay user key identification from the authentication server function network element, and then saves the proximity service relay user key and proximity service Relay user key ID.
  • the remote terminal device sends a direct communication request message to the relay terminal device.
  • the relay terminal device receives the direct communication request message from the remote terminal device.
  • the remote terminal device carries an identifier in the direct communication request message. It can be understood that when the remote terminal device has a proximity service relay user key identifier, the identifier is the proximity service relay user key identifier; when there is no proximity service relay user key identifier in the remote terminal device In the case of key identification, the identification is the user hidden identification of the remote terminal device.
  • the remote terminal device may carry a second indication information in the information element (IE) carrying the identity to indicate what the identity is, or in other words, the second indication information is used to identify the identity.
  • the second indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, the function of the identification, the application scenario of the identification, etc.
  • the second indication information may be the name of the IE (IEname), or the identification type (ID type) information in the IE, etc., which is not limited in this application.
  • Table 1 shows one possible IE format.
  • IE includes the following elements: IE name, ID type, Sub-type, ID in NAI format.
  • IE name represents the name of the IE.
  • the IE name can be used to indicate the meaning or role of the identity carried in the IE. For example, when the identity carried in the IE is 5G PRUKID, the IE name can be set to " 5G Prose Identity IEI", AUSF can determine that the identity carried by the IE is 5G PRUKID based on the IE name.
  • the ID type can be used to distinguish different identification types. For example, when the ID type value is 0x00, it means that the identifier carried in the IE is SUCI; when the ID type value is 0x01, it means that the identifier carried in the IE is 5G PRUKID; when the ID type value If it is 0x02, it means that the identifier carried in the IE is A-KID. For another example, when the ID type value is the string "SUCI”, it means that the identifier carried in the IE is SUCI; when the ID type value is the string "5G PRUKID", it means that the identifier carried in the IE is SUCI.
  • the identifier is 5G PRUKID; when the ID type value is the string "A-KID", it means that the identifier carried in the IE is A-KID.
  • This embodiment does not limit the value method of IDtype.
  • This Sub-type is used to distinguish multiple sub-types under the same type. Each type can further indicate the role, purpose or source of the logo. For example, SUCI has NSI, GCI and GLI formats, among which NSI is used for private networks and GCI is used for fixed networks. Subtypes can be further distinguished by setting the value of Sub-type. This embodiment does not limit the Sub-type value method.
  • the ID in NAI format is the identifier carried by IE.
  • IE may only include one of IE name and ID type.
  • Sub-type can be used as an optional element, that is, Sub-type does not need to be included in IE.
  • the Remote UE when the Remote UE transmits the identity to the Relay UE in S304, it can determine whether the identity is SUCI or 5G PRUKID. Therefore, Remote UE can set IE according to the specific meaning of this logo. Assuming that the identity passed by the Remote UE to the AMF is 5G PRUKID, the Remote UE can construct an IE based on the 5G PRUKID. Table 2 shows one possible situation. For example, when relayUE sends a NAS message to AMF, it fills in IE in 5GProsecontainer and makes relevant settings for IE. After RelayAMF receives the NAS message, it sends the 5GProsecontainer to the AUSF through step S307. AUSF determines whether the logo is SUCI or 5G PRUKID based on IE.
  • the IE name is "5G Prose Identity IEI", which is used to indicate that the identifier is used in the 5G Prose scenario; the ID type is 0x01, indicating that the identifier is 5G PRUKID; Sub-type is empty; The specific identification is: [email protected].
  • the ID type is 0x02, which means the identifier is SUCI; the sub-type is NAI, which means the identifier is a SUCI in NAI format.
  • Table 3 shows another possible implementation. As shown in Table 3, Table 3 only includes the IE name and ID. If the IE name is set to "5G PRUK ID", then the IE name can be used to directly determine that the identifier carried in the IE is the 5G PRUK ID. At this time, other fields may not be needed or filled with null values.
  • the identifier carried in the IE shown in Table 4 is SUCI.
  • 0x01 indicates NAI format, or it can ID type is not required, or the ID type field is also filled with null values.
  • This embodiment does not limit the specific value method and specific IE format.
  • this embodiment only provides a method of transmitting identifiers through different IEs.
  • the specific content of the ID can be known through different IE names, or the specific content of the ID can be known based on specific fields in the IE.
  • the relay terminal device sends a relay key request message to the mobility management network element.
  • the relay key request message includes the information element received by the relay terminal device from the remote terminal device in S403.
  • the mobility management network element receives the relay key request message from the relay terminal device.
  • the mobility management network element sends a proximity service authentication request message to the authentication server function network element.
  • the proximity service authentication request message includes the information element received by the mobility management network element from the relay terminal device in S404.
  • the authentication server function network element receives the proximity service authentication request message from the mobility management network element.
  • the authentication server functional network element determines that the identifier is the proximity service relay user key identifier.
  • the authentication server function network element receives the proximity service authentication request message from the mobility management network element, it obtains the information element carrying the identity from the proximity service authentication request message. Then the authentication server functional network element recognizes the identifier, or in other words, the authentication server functional network element determines what the identifier is, or in other words, the authentication server functional network element determines the name or meaning of the identifier.
  • the authentication server function network element can identify the identifier based on the second indication information. For example, when the second indication information indicates the name of the proximity service relay user key identifier, the authentication server function network element determines that the identifier is the proximity service relay user key identifier based on the second indication information.
  • the information element can also be constructed by the relay terminal device or the mobility management network element.
  • the relay terminal device After the relay terminal device receives the identifier from the remote terminal device and determines that the identifier is the proximity service relay user key identifier, the relay terminal device carries the second indication information in the information element carrying the identifier. .
  • the Remote UE sends a direct communication request message to the Relay UE in S304.
  • the direct communication request message includes an IE used to carry the identity.
  • the UE After receiving the direct communication request message, the UE sends a relay key request message to the AMF in S305.
  • the relay key request message includes the IE.
  • the AMF sends a Prose authentication request message to the AUSF in S307, and carries the IE received from the Relay UE in the Prose authentication request message.
  • AUSF determines that the identifier is 5G PRUKID based on the IE name and/or ID type in the IE. In this case, AUSF determines to execute the process corresponding to case B in Figure 3.
  • the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element.
  • the specific process is not limited in this application.
  • the remote terminal device when it transmits the proximity service relay user key identification, it can carry the second instruction information in the information element carrying the proximity service relay user key identification.
  • the first indication information may indicate one or more of the name, type, function, and application scenario of the proximity service relay user key identifier. item.
  • the authentication server function network element when the authentication server function network element receives the information element used to carry the identifier and carries the second indication information, the authentication server function network element can determine that the identifier is a proximity service based on the second indication information. Relay user key identification, otherwise the authentication server functional network element determines that the identification is a user hidden identification. Therefore, through the above solution, the user key identification of the adjacent service relay can be identified.
  • information elements carrying the identifier can be set to distinguish different identifiers.
  • the second indication information can be added to the information element carrying the identification.
  • Terminal equipment can distinguish which business or function the stored context information corresponds to based on different identifiers; core network elements can determine subsequent processes based on different identifiers.
  • second indication information can be added to the information element carrying the identifier to distinguish different identifiers, or in other words, for a certain network element Recognize the received ID. For example, if a certain technology appears in the future and requires AUSF for authentication, and the generation method of the identifier used is similar to that of 5G PRUK ID, and this identifier also comes from AMF, then when the Remote UE transmits this identifier, it will bear the The IE of this logo carries second indication information to distinguish this logo, 5G PRUK ID and SUCI.
  • the remote terminal device generates a proximity service relay user key and a proximity service relay user key identifier.
  • the authentication server functional network element generates a proximity service relay user key and a proximity service relay user key identifier.
  • S401a and S401b in method 400 may correspond to S315a and S315b in method 300.
  • the remote terminal device and the authentication server functional network element can generate the proximity service relay user key identifier in a manner similar to S315a and S315b in method 300. This application will Not limited.
  • the authentication server functional network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
  • the remote terminal device sends a direct communication request message to the relay terminal device.
  • the relay terminal device receives the direct communication request message from the remote terminal device.
  • the remote terminal device carries an identifier in the direct communication request message. It can be understood that when the remote terminal device has a proximity service relay user key identifier, the identifier is the proximity service relay user key identifier; when there is no proximity service relay user key identifier in the remote terminal device In the case of key identification, the identification is the user hidden identification of the remote terminal device.
  • the remote terminal device can select a message whose message name corresponds to the identifier. For example, if the identifier transmitted by the remote terminal device is the proximity service relay user key identifier, the identifier is sent through the first direct communication request message; if the identifier transmitted by the remote terminal device is the user hidden identifier, the identifier is sent through the second direct communication request message. This identifier is sent in the direct communication request message. It should be noted that the first direct communication request message and the second direct communication request message here represent different message names. That is to say, there is a one-to-one correspondence between the message name used to transmit the message and the identifier.
  • the relay terminal device sends a relay key request message to the mobility management network element.
  • the relay key request message includes the identification received by the relay terminal device from the remote terminal device in S403.
  • the mobility management network element receives the relay key request message from the relay terminal device.
  • the relay terminal device may determine the message name of the message sent to the mobility management network element based on the message name of the message received from the remote terminal device. For example, if the message received by the relay terminal device is the first direct communication request message, the relay terminal device sends the identification to the mobility management network element through the first relay key request message; if the relay terminal device receives the The message is the second direct communication request message, then the relay terminal device sends the identifier to the mobility management network element through the second relay key request message. It should be noted that the first relay key request message and the second relay key request message here represent different message names.
  • the mobility management network element sends a proximity service authentication request message to the authentication server function network element.
  • the proximity service authentication request message includes the identification received by the mobility management network element from the relay terminal device in S404.
  • the authentication server function network element receives the proximity service authentication request message from the mobility management network element.
  • the mobility management network element may determine the message name of the message sent to the authentication server function network element based on the message name of the message received from the relay terminal device. For example, if the message received by the mobility management network element is the first relay key request message, the relay terminal device sends the identification to the authentication server function network element through the first proximity service authentication request message; if the mobility management network element If the received message is the second relay key request message, the mobility management network element sends the identification to the authentication server function network element through the second proximity service authentication request message. It should be noted that the first proximity service authentication request message and the second proximity service authentication request message here represent different message names.
  • the above embodiment takes as an example that the remote terminal device, the relay terminal device, and the mobility management network element respectively transmit different identifiers through messages with different message names.
  • the remote terminal device and the relay terminal device can still transmit the identifier in a manner similar to the first three implementations.
  • the mobility management network element can identify the identifier, and then select a message with a corresponding message name to send the identifier to the authentication server function network element.
  • the mobility management network element can use any of the above three possible implementation methods to identify the identifier, or it can identify the identifier based on the current process, or it can also identify the identifier based on other possible information. This application does not make a comparison. limited.
  • the authentication server functional network element determines that the identifier is the proximity service relay user key identifier.
  • the authentication server function network element receives the proximity service authentication request message from the mobility management network element, it identifies the identifier carried in the message according to the message name of the proximity service authentication request message. For example, when the message name of the message is the first proximity service authentication request message, the authentication server functional network element determines that the identifier is the proximity service relay user key identifier; when the message name of the message is the second proximity service In the case of an authentication request message, the authentication server functional network element determines that the identity is a user hidden identity. It can be understood that the authentication server functional network element can pre-configure the association between different message names and different identifiers.
  • the AMF after receiving the relay key request message from the Relay UE in S305, the AMF obtains an identity from the relay key request message.
  • AMF determines that the identifier is SUCI
  • AMF sends a UE authentication request (UEAuthentication Request) message to AUSF in S307, and carries the SUCI in the UE authentication request message, or in other words, AMF calls UE authentication ( The Nausf_UEAuthentication) service sends the SUCI to the AUSF, or in other words, the AMF uses the UE Authentication_Proximity Service Authentication (Nausf_UEAuthentication_ProseAuthentication) operation to send the SUCI to the AUSF.
  • UEAuthentication Request UEAuthentication Request
  • UEAuthentication_Proximity Service Authentication Neausf_UEAuthentication_ProseAuthentication
  • AMF determines that the identifier is 5G PRUKID
  • AMF sends a Nausf_ProseGet Request message to AUSF in S307, and carries the 5G PRUKID in the Nausf_ProseGet Request message, or in other words, AMF calls Nausf_ProseGet Request.
  • Nausf_ProseGet service sends the 5G PRUKID to AUSF
  • the AMF uses the UE authentication_proximity service acquisition (Nausf_UEAuthentication_ProseGet) operation to send the 5G PRUKID to the AUSF.
  • AMF transmits SUCI and 5G PRUK ID through different messages, or AMF calls different services to transmit SUCI and 5G PRUK ID, or AMF uses different operations to transmit SUCI and 5G PRUK ID.
  • AUSF identifies the identifier carried in the message based on the name of the received message. It can be understood that AUSF is pre-configured with the corresponding relationships between various identifiers and message names.
  • AMF can determine whether the identification is SUCI or 5G PRUK ID according to any of the above four implementation methods, which is not limited in this application.
  • the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element.
  • the specific process is not limited in this application.
  • the remote terminal device when it transmits the proximity service relay user key identifier, it can transmit the proximity service relay user key identifier through a message with a message name corresponding to the proximity service relay user key identifier.
  • Service relay user key identification that is to say, other network elements can determine based on the message name that the identifier carried in the message is the adjacent service relay user key identification. Therefore, through the above solution, the user key identification of the adjacent service relay can be identified.
  • the methods provided by the embodiments of this application can also be applied to other scenarios. That is to say, if there is a situation where a network element cannot distinguish certain identifiers in other scenarios, or there is a situation where a network element cannot identify a certain identifier, the method provided in the embodiment of this application can be used to identify.
  • the method provided by the embodiment of the present application can also be applied to certain identifications that may appear in the future. For example, if a certain technology appears in the future and requires AUSF for authentication, and the generation method of the identifier used is similar to that of 5G PRUK ID, and this identifier also comes from AMF, then AUSF can also use the method provided in the embodiment of this application. Identify different logos.
  • embodiments of the present application also provide corresponding devices, which include modules for executing corresponding modules in each of the above method embodiments.
  • the module can be software, hardware, or a combination of software and hardware. It can be understood that the technical features described in the above method embodiments are also applicable to the following device embodiments. Therefore, content that is not described in detail can be referred to the above method embodiments. For the sake of brevity, they will not be described again here.
  • FIG. 5 is a schematic block diagram of the communication device 10 provided by the embodiment of the present application.
  • the device 10 includes a transceiver module 11 and a processing module 12 .
  • the transceiver module 11 can implement corresponding communication functions, and the processing module 12 is used to perform data processing, or in other words, the transceiver module 11 is used to perform operations related to receiving and sending, and the processing module 12 is used to perform other operations besides receiving and sending.
  • the transceiver module 11 may also be called a communication interface or communication unit.
  • the device 10 may also include a storage module 13, which may be used to store instructions and/or data, and the processing module 12 may read the instructions and/or data in the storage module, so that the device implements each of the foregoing. Actions of the device or network element in the method embodiment.
  • the device 10 may correspond to the remote terminal equipment in the above method embodiment (such as the remote terminal equipment in method 400, or the Remote UE in method 300), or a general integrated circuit
  • the components of the card e.g. chip.
  • the device 10 can implement steps or processes corresponding to those performed by the remote terminal device in the above method embodiment, wherein the transceiver module 11 can be used to perform operations related to the transceiver of the remote terminal device in the above method embodiment, and the processing module 12 may be used to perform operations related to processing of the remote terminal device in the above method embodiment.
  • the processing module 12 is configured to generate a proximity service relay user key and a proximity service relay user key identifier, where the proximity service relay user key identifier includes first indication information, and the first For instruction information Used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the transceiver module 11 is used to convert the proximity service relay user key and the proximity service relay The user key identification is sent to the adjacent service anchor function network element.
  • the device 10 may correspond to the authentication server function network element in the above method embodiment (such as the authentication server function network element in method 400, or the AUSF in method 300), or A component (such as a chip) of the authentication server functional network element.
  • the device 10 can implement steps or processes corresponding to the execution of the authentication server function network element in the above method embodiment, wherein the transceiver module 11 can be used to perform the transceiver related tasks of the authentication server function network element in the above method embodiment.
  • the processing module 12 may be configured to perform operations related to processing of the authentication server function network element in the above method embodiment.
  • the transceiver module 11 is configured to receive a proximity service authentication request message from the mobility management network element.
  • the proximity service authentication request message includes an identifier, and the identifier includes first indication information.
  • the first indication information is Indicates one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the processing module 12 is configured to determine that the identifier is a nearby service relay according to the first indication information.
  • User key identification the processing module is also used to obtain the proximity service relay user key corresponding to the identification from the proximity service anchor point function network element based on the identification.
  • the device 10 may correspond to the mobility management network element in the above method embodiment (such as the mobility management network element in method 400, or the AMF in method 300), or be a mobile management network element.
  • Components such as chips).
  • the device 10 can implement steps or processes corresponding to the execution of the mobility management network element in the above method embodiment, wherein the transceiver module 11 can be used to perform operations related to the transceiver of the mobility management network element in the above method embodiment, and process Module 12 may be used to perform operations related to processing of the mobility management network element in the above method embodiment.
  • the transceiver module 11 is used to receive a direct communication request message from a remote terminal device.
  • the direct communication request message includes a proximity service relay user key identification; the transceiver module 11 is also used to Send a relay key request message to the mobility management network element.
  • the relay key request message includes an information element used to carry the proximity service relay user key identification.
  • the information element includes second indication information.
  • the second indication information Used to indicate one or more of the following: the name of the logo, the type of the logo, the role of the logo, and the application scenario of the logo.
  • module may refer to an application specific integrated circuit (ASIC), an electronic circuit, a processor (such as a shared processor, a proprietary processor, or a group of processors) used to execute one or more software or firmware programs. processor, etc.) and memory, merged logic circuitry, and/or other suitable components to support the described functionality.
  • ASIC application specific integrated circuit
  • processor such as a shared processor, a proprietary processor, or a group of processors
  • memory merged logic circuitry, and/or other suitable components to support the described functionality.
  • the device 10 can be specifically a remote terminal device in the above embodiments, and can be used to execute various processes corresponding to the remote terminal device in the above method embodiments and/or or steps; or, the device 10 can be specifically the authentication server function network element in the above embodiments, and can be used to execute various processes and/or steps corresponding to the authentication server function network element in the above method embodiments.
  • I won’t go into details here.
  • the device 10 of each of the above solutions has the function of realizing the corresponding steps performed by the equipment in the above method (such as the authentication server function network element, or the remote terminal equipment, or the mobility management network element).
  • This function can be implemented by hardware, or it can be implemented by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above functions. block; for example, the transceiver module can be replaced by a transceiver (for example, the sending unit in the transceiver module can be replaced by a transmitter, and the receiving unit in the transceiver module can be replaced by a receiver), and other units, such as processing modules, can be replaced by processors , respectively perform the sending and receiving operations and related processing operations in each method embodiment.
  • transceiver module 11 may also be a transceiver circuit (for example, it may include a receiving circuit and a transmitting circuit), and the processing module may be a processing circuit.
  • FIG. 6 is a schematic diagram of another communication device 20 according to an embodiment of the present application.
  • the device 20 includes a processor 21, which is used to execute computer programs or instructions stored in the memory 22, or read data/signaling stored in the memory 22, to perform the methods in each of the above method embodiments.
  • processors 21 there are one or more processors 21 .
  • the device 20 further includes a memory 22, which is used to store computer programs or instructions and/or data.
  • the memory 22 may be integrated with the processor 21 or may be provided separately.
  • the device 20 also includes a transceiver 23, which is used for receiving and/or transmitting signals.
  • the processor 21 is used to control the transceiver 23 to receive and/or transmit signals.
  • the device 20 is used to implement the operations performed by the remote terminal device in each of the above method embodiments.
  • the device 20 is used to implement the operations performed by the authentication server function network element in each of the above method embodiments.
  • the device 20 is used to implement the operations performed by the mobility management network element in each of the above method embodiments.
  • processors mentioned in the embodiments of this application may be a central processing unit (CPU), or other general-purpose processor, digital signal processor (DSP), or application-specific integrated circuit (ASIC).
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a general-purpose processor may be a microprocessor or the processor may be any conventional processor, etc.
  • non-volatile memory can be read-only memory (ROM), programmable ROM (PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically removable memory. Erase electrically programmable read-only memory (EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM). For example, RAM can be used as an external cache.
  • RAM includes the following forms: static random access memory (static RAM, SRAM), dynamic random access memory (dynamic RAM, DRAM), synchronous dynamic random access memory (synchronous DRAM, SDRAM), Double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (synchlink DRAM, SLDRAM) and direct Memory bus random access memory (direct rambus RAM, DR RAM).
  • the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic device, or discrete hardware component
  • the memory storage module
  • FIG. 7 is a schematic diagram of a chip system 30 provided by an embodiment of the present application.
  • the chip system 30 (or can also be called a processing system) includes a logic circuit 31 and an input/output interface 32.
  • the logic circuit 31 may be a processing circuit in the chip system 30 .
  • the logic circuit 31 can be coupled to the memory unit and call instructions in the memory unit, so that the chip system 30 can implement the methods and functions of various embodiments of the present application.
  • the input/output interface 32 can be an input/output circuit in the chip system 30, which outputs information processed by the chip system 30, or inputs data or signaling information to be processed into the chip system 30 for processing.
  • the chip system 30 is used to implement the operations performed by the remote terminal device in each of the above method embodiments.
  • the chip system 30 is used to implement the operations performed by the authentication server function network element in each of the above method embodiments.
  • the chip system 30 is used to implement the operations performed by the mobility management network element in each of the above method embodiments.
  • Embodiments of the present application also provide a computer-readable storage medium on which computer instructions for implementing the methods executed by the device in each of the above method embodiments are stored.
  • the computer when the computer program is executed by a computer, the computer can implement the method executed by the mobility management network element in each embodiment of the above method.
  • the computer when the computer program is executed by a computer, the computer can implement the method executed by the terminal device in each embodiment of the above method.
  • Embodiments of the present application also provide a computer program product, which includes instructions.
  • the instructions are executed by a computer, the methods executed by the device in each of the above method embodiments are implemented.
  • the instructions are executed by a computer, the methods executed by the device in each of the above method embodiments are implemented.
  • relevant content and beneficial effects of any of the devices provided above please refer to the corresponding method embodiments provided above, and will not be described again here.
  • the disclosed devices and methods can be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented.
  • the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device.
  • the computer may be a personal computer, a server, or a network device.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another, e.g., the computer instructions may be transferred from a website, computer, server, or data center Transmission to another website, computer, server or data center by wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) means.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more available media integrated.
  • the available media may be magnetic media media (such as floppy disk, hard disk, tape), optical media (such as DVD), or semiconductor media (such as solid state disk (SSD)).
  • the aforementioned available media include but are not limited to: U disk, mobile
  • Various media that can store program code include hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk.

Abstract

The present application provides a communication method and apparatus. The method may comprise: a remote terminal device generates a proximity service relay user key identifier, the proximity service relay user key identifier comprising first indication information, and the first indication information being used for indicating one or more of the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the function of the proximity service relay user key identifier, and the application scene of the proximity service relay user key identifier; and the remote terminal device sends a direct communication request message to a relay terminal device, the direct communication request message comprising the proximity service relay user key identifier. By means of the solution, a network element receiving the proximity service relay user key identifier can be made to accurately identify the identifier.

Description

通信方法和装置Communication methods and devices
本申请要求于2022年05月13日提交中国专利局、申请号为202210520810.4、申请名称为“通信方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to the Chinese patent application filed with the China Patent Office on May 13, 2022, with the application number 202210520810.4 and the application title "Communication Method and Device", the entire content of which is incorporated into this application by reference.
技术领域Technical field
本申请涉及通信技术领域,尤其涉及一种通信方法和装置。The present application relates to the field of communication technology, and in particular, to a communication method and device.
背景技术Background technique
在当前通信***或通信流程中,经常会使用一些标识,这些标识通常用来标识用户的身份,或者用来标识某个网元,或者用来标识某个密钥,或者用来标识某个会话等。当一个网元接收到一个标识后,可以根据这个标识执行一些操作。但是如果该网元无法识别这个标识的话,可能就无法根据这个标识符执行正确的流程,或者说,可能会执行错误的流程。例如,在临近业务(proximity based service,ProSe)控制面(control plane,CP)流程中,鉴权服务器功能(authentication server function,AUSF)网元既可能从接入和移动管理功能(access and mobility management function,AMF)网元接收到用户隐藏标识(subscription concealed identifier,SUCI),又可能从AMF接收到第五代临近业务中继用户密钥标识(5th generationproximity based service relay user key identification,5G PRUK ID),而5G PRUK ID与SUCI的格式是一致的,在一些情况下,AUSF可能无法区分接收到的标识是SUCI还是5G PRUK ID。因此,如何识别不同的标识,是当前需要考虑的问题。In current communication systems or communication processes, some identifiers are often used. These identifiers are usually used to identify the user's identity, or to identify a certain network element, or to identify a certain key, or to identify a certain session. wait. When a network element receives an identifier, it can perform some operations based on the identifier. However, if the network element cannot recognize this identifier, it may not be able to execute the correct process based on this identifier, or in other words, it may execute the wrong process. For example, in the proximity based service (ProSe) control plane (CP) process, the authentication server function (AUSF) network element may be derived from the access and mobility management function (access and mobility management). function, AMF) network element receives the subscriber concealed identifier (SUCI), and may receive the fifth generation proximity service relay user key identification (5th generation proximity based service relay user key identification, 5G PRUK ID) from the AMF , and the formats of 5G PRUK ID and SUCI are consistent. In some cases, AUSF may not be able to distinguish whether the received identification is SUCI or 5G PRUK ID. Therefore, how to identify different logos is a current issue that needs to be considered.
发明内容Contents of the invention
本申请提供了一种通信方法和装置,可以用于识别临近业务中继用户密钥标识。This application provides a communication method and device, which can be used to identify adjacent service relay user key identifiers.
第一方面,提供了一种通信方法,该方法可以由远端终端设备执行,或者,也可以由远端终端设备的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由远端终端设备执行为例进行说明。The first aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited. For convenience of description, the following description takes execution by a remote terminal device as an example.
该方法包括:远端终端设备生成临近业务中继用户密钥标识;该远端终端设备向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识。The method includes: a remote terminal device generates a proximity service relay user key identifier; the remote terminal device sends a direct connection communication request message to the relay terminal device, and the direct connection communication request message includes the proximity service relay user key logo.
结合第一方面,在第一方面的某些实现方式中,该临近业务中继用户密钥标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该临近业务中继用户密钥标识的名称、该临近业务中继用户密钥标识的类型、该临近业务中继用户密钥标识的作用、该临近业务中继用户密钥标识的应用场景。With reference to the first aspect, in some implementations of the first aspect, the proximity service relay user key identifier includes first indication information, the first indication information is used to indicate one or more of the following: in the proximity service The name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
基于上述方案,远端终端设备在生成临近业务中继用户密钥标识的时候,可以在该临近业务中继用户密钥标识中添加第一指示信息,通过该第一指示信息,可以区分临近业务中继用户密钥标识和其他标识。 Based on the above solution, when the remote terminal device generates the proximity service relay user key identifier, the first indication information can be added to the proximity service relay user key identifier. Through the first indication information, the proximity service can be distinguished. Relay user key identification and other identification.
通过上述方案,某个网元或设备在接收到该临近业务中继用户密钥标识时,可以根据第一指示信息识别该标识。Through the above solution, when a certain network element or device receives the proximity service relay user key identification, it can identify the identification based on the first indication information.
结合第一方面,在第一方面的某些实现方式中,该远端终端设备生成临近业务中继用户密钥标识,包括:该远端终端设备根据预设置的格式生成该临近业务中继用户密钥标识,该预设置的格式与该临近业务中继用户密钥标识相关联。In conjunction with the first aspect, in some implementations of the first aspect, the remote terminal device generates a proximity service relay user key identifier, including: the remote terminal device generates the proximity service relay user key identifier according to a preset format. Key ID. The preset format is associated with the proximity service relay user key ID.
基于上述方案,远端终端设备在生成临近业务中继用户密钥标识的时候,可以基于预设置的格式生成临近业务中继用户密钥标识,因此通过该临近业务中继用户密钥标识的格式,可以区分临近业务中继用户密钥标识和其他标识。Based on the above solution, when the remote terminal device generates the proximity service relay user key identifier, it can generate the proximity service relay user key identifier based on the preset format. Therefore, through the format of the proximity service relay user key identifier , can distinguish the proximity service relay user key identification and other identifications.
通过上述方案,其他网元或设备在接收到该临近业务中继用户密钥标识时,可以根据临近业务中继用户密钥标识的格式识别该标识。Through the above solution, when other network elements or devices receive the proximity service relay user key identifier, they can identify the identifier according to the format of the proximity service relay user key identifier.
结合第一方面,在第一方面的某些实现方式中,该标识承载于信息元素,该信息元素包括在该直连通信请求消息中,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该临近业务中继用户密钥标识的名称、该临近业务中继用户密钥标识的类型、该临近业务中继用户密钥标识的作用、该临近业务中继用户密钥标识的应用场景。With reference to the first aspect, in some implementations of the first aspect, the identification is carried in an information element, the information element is included in the direct communication request message, the information element includes second indication information, and the second indication information Used to indicate one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, the location of the proximity service relay user key identifier, Application scenarios following user key identification.
基于上述方案,远端终端设备在传输临近业务中继用户密钥标识的时候,可以在承载该临近业务中继用户密钥标识的信息元素中携带第二指示信息,通过该第一指示信息,可以区分临近业务中继用户密钥标识和其他标识。Based on the above solution, when the remote terminal device transmits the proximity service relay user key identification, it can carry the second indication information in the information element carrying the proximity service relay user key identification. Through the first indication information, Proximity service relay user key identification and other identifications can be distinguished.
通过上述方案,其他网元或设备在接收到该临近业务中继用户密钥标识时,可以根据承载该临近业务中继用户密钥标识的信息元素中的第二指示信息识别该标识。Through the above solution, when other network elements or devices receive the proximity service relay user key identifier, they can identify the identifier based on the second indication information in the information element carrying the proximity service relay user key identifier.
结合第一方面,在第一方面的某些实现方式中,该直连通信请求消息的消息名称与该临近业务中继用户密钥标识相关关联。With reference to the first aspect, in some implementations of the first aspect, the message name of the direct communication request message is associated with the proximity service relay user key identifier.
基于上述方案,远端终端设备在传输临近业务中继用户密钥标识的时候,远端终端设备可以选择具备与该临近业务中继用户密钥标识相关联的消息名称的消息,来传输该临近业务中继用户密钥标识,通过承载该临近业务中继用户密钥标识的消息的消息名称,可以区分临近业务中继用户密钥标识和其他标识。Based on the above solution, when the remote terminal device transmits the proximity service relay user key identifier, the remote terminal device can select a message with a message name associated with the proximity service relay user key identifier to transmit the proximity service relay user key identifier. Service relay user key identifier. The message name of the message carrying the proximity service relay user key identifier can be used to distinguish the proximity service relay user key identifier from other identifiers.
通过上述方案,其他网元或设备通过一个消息接收到该临近业务中继用户密钥标识后,可以根据该消息的消息名称识别该临近业务中继用户密钥标识。Through the above solution, after other network elements or devices receive the proximity service relay user key identifier through a message, they can identify the proximity service relay user key identifier according to the message name of the message.
第二方面,提供了一种通信方法,该方法可以由鉴权服务器功能网元执行,或者,也可以由鉴权服务器功能网元的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由鉴权服务器功能网元执行为例进行说明。The second aspect provides a communication method, which can be executed by the authentication server functional network element, or can also be executed by components (such as chips or circuits) of the authentication server functional network element, which is not limited. For the convenience of description, the following description takes the execution of the authentication server function network element as an example.
该方法包括:鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识;该鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识;该鉴权服务器功能网元根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。The method includes: an authentication server functional network element receives a proximity service authentication request message from a mobility management network element, where the proximity service authentication request message includes an identifier; and the authentication server functional network element determines that the identifier is a proximity service relay user secret. key identifier; the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier.
基于上述方案,鉴权服务器功能网元从临近业务认证请求消息中获取到一个标识之后,可以识别该标识,在确定该标识为临近业务中继用户密钥标识的情况下,该鉴权服务器功能网元根据该标识从业务锚点功能网元获取临近业务中继用户密钥。Based on the above solution, after the authentication server function network element obtains an identifier from the proximity service authentication request message, it can identify the identifier. When it is determined that the identifier is the proximity service relay user key identifier, the authentication server function The network element obtains the adjacent service relay user key from the service anchor function network element based on the identification.
可选地,在确定该标识为用户隐藏标识的情况下,鉴权服务器功能网元对该用户隐藏标识对应的远端终端设备执行鉴权流程。 Optionally, when it is determined that the identity is a user hidden identity, the authentication server function network element performs an authentication process on the remote terminal device corresponding to the user hidden identity.
结合第二方面,在第二方面的某些实现方式中,该标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;该鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识,包括:该鉴权服务器功能网元根据该第一指示信息确定该标识为临近业务中继用户密钥标识。Combined with the second aspect, in some implementations of the second aspect, the identification includes first indication information, and the first indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, the The role of the identification and the application scenarios of the identification; the authentication server functional network element determines that the identification is a proximity service relay user key identification, including: the authentication server functional network element determines that the identification is proximity based on the first indication information Service relay user key identification.
基于上述方案,如果鉴权服务器功能网元获取的标识中携带了第一指示信息,则鉴权服务器功能网元可以根据该第一指示信息识别该标识。例如,该第一指示信息指示以下一项或多项:临近业务中继用户密钥标识的名称、临近业务中继用户密钥标识的类型、临近业务中继用户密钥标识的作用、临近业务中继用户密钥标识的应用场景。在这种情况下,鉴权服务器功能网元就可以确定该标识为临近业务中继用户密钥标识。因此上述方案可以用于识别临近业务中继用户密钥标识,或者说,上述方案可以用于识别不同标识。Based on the above solution, if the identity obtained by the authentication server function network element carries the first indication information, the authentication server function network element can identify the identity based on the first indication information. For example, the first indication information indicates one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, the proximity service relay user key identifier Application scenarios for relaying user key identification. In this case, the authentication server functional network element can determine that the identifier is the proximity service relay user key identifier. Therefore, the above solution can be used to identify the user key identifier of the adjacent service relay, or in other words, the above solution can be used to identify different identifiers.
结合第二方面,在第二方面的某些实现方式中,该标识的格式与预设置的临近业务中继用户密钥标识的格式相同;该鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识,包括:该鉴权服务器功能网元根据该标识的格式确定该标识为临近业务中继用户密钥标识。Combined with the second aspect, in some implementations of the second aspect, the format of the identifier is the same as the format of the preset proximity service relay user key identifier; the authentication server functional network element determines that the identifier is in the proximity service The subsequent user key identification includes: the authentication server function network element determines that the identification is a proximity service relay user key identification according to the format of the identification.
基于上述方案,鉴权服务器功能网元获取一个标识之后,可以根据该标识的格式识别该标识。例如,鉴权服务器功能网元预先配置了多个不同标识和该多个不同标识对应的格式,其中包括临近业务中继用户密钥标识和其对应的格式。可以理解的是,不同标识对应的格式应当不同。在鉴权服务器功能网元获取一个标识之后,如果发现该标识的格式与预设置的临近业务中继用户密钥标识的格式相同的话,则鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识。Based on the above solution, after the authentication server functional network element obtains an identifier, it can identify the identifier according to the format of the identifier. For example, the authentication server functional network element is pre-configured with multiple different identifiers and formats corresponding to the multiple different identifiers, including proximity service relay user key identifiers and their corresponding formats. It is understandable that the formats corresponding to different logos should be different. After the authentication server functional network element obtains an identifier, if it is found that the format of the identifier is the same as the format of the preset proximity service relay user key identifier, the authentication server functional network element determines that the identifier is a proximity service relay User key ID.
结合第二方面,在第二方面的某些实现方式中,该标识承载于信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;该鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识,包括:该鉴权服务器功能网元根据该第二指示信息确定该标识为临近业务中继用户密钥标识。In conjunction with the second aspect, in some implementations of the second aspect, the identification is carried in an information element, and the information element includes second indication information, and the second indication information is used to indicate one or more of the following: the identification name, the type of the identifier, the function of the identifier, and the application scenario of the identifier; the authentication server functional network element determines that the identifier is the proximity service relay user key identifier, including: the authentication server functional network element determines the identifier as the proximity service relay user key identifier, including: the authentication server functional network element determines the identifier according to the third The second indication information determines that the identifier is the proximity service relay user key identifier.
基于上述方案,鉴权服务器功能网元获取一个标识后,如果承载该标识的信息元素包括第二指示信息,则鉴权服务器功能网元可以根据该第二指示信息识别该标识。例如,该第二指示信息指示以下一项或多项:临近业务中继用户密钥标识的名称、临近业务中继用户密钥标识的类型、临近业务中继用户密钥标识的作用、临近业务中继用户密钥标识的应用场景。在这种情况下,鉴权服务器功能网元就可以确定该标识为临近业务中继用户密钥标识。因此上述方案可以用于识别临近业务中继用户密钥标识,或者说,上述方案可以用于识别不同标识。Based on the above solution, after the authentication server function network element obtains an identifier, if the information element carrying the identifier includes second indication information, the authentication server function network element can identify the identifier based on the second indication information. For example, the second indication information indicates one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, the proximity service relay user key identifier Application scenarios for relaying user key identification. In this case, the authentication server functional network element can determine that the identifier is the proximity service relay user key identifier. Therefore, the above solution can be used to identify the user key identifier of the adjacent service relay, or in other words, the above solution can be used to identify different identifiers.
可选地,该第二指示信息可以是信息元素的名称,也可以是信息元素中包括的标识类型等信息。Optionally, the second indication information may be the name of the information element, or may be information such as the identification type included in the information element.
结合第二方面,在第二方面的某些实现方式中,该临近业务认证请求消息的消息名称与该临近业务中继用户密钥标识存在关联关系;该鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识,包括:该鉴权服务器功能网元根据该临近业务认证请求消息的消息名称,以及该关联关系,确定该标识为临近业务中继用户密钥标识。Combined with the second aspect, in some implementations of the second aspect, the message name of the proximity service authentication request message is associated with the proximity service relay user key identifier; the authentication server function network element determines that the identifier is The proximity service relay user key identifier includes: the authentication server functional network element determines that the identifier is the proximity service relay user key identifier based on the message name of the proximity service authentication request message and the association relationship.
基于上述方案,鉴权服务器功能网元获取一个标识之后,可以根据承载该标识的消息 的消息名称识别该标识。例如,鉴权服务器功能网元预先配置了多个不同标识和用于承载这些标识的消息的消息名称之间的对应关系,其中包括临近业务中继用户密钥标识和用于承载临近业务中继用户密钥标识的消息的名称。可以理解的是,不同标识对应的消息的消息名称应当不同。在鉴权服务器功能网元获取一个标识之后,如果发现承载该标识的消息的消息名称与预设置的用于承载临近业务中继用户密钥标识的消息的消息名称相同的话,则鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识。Based on the above solution, after the authentication server functional network element obtains an identity, it can The message name identifies this ID. For example, the authentication server functional network element is pre-configured with correspondences between multiple different identifiers and message names used to carry these identifiers, including proximity service relay user key identifiers and proximity service relay user key identifiers. The name of the message identified by the user key. It can be understood that the message names of messages corresponding to different identifiers should be different. After the authentication server function network element obtains an identity, if the message name of the message carrying the identity is found to be the same as the preset message name used to carry the user key identity of the adjacent service relay, the authentication server function The network element determines that the identification is the proximity service relay user key identification.
第三方面,提供了一种通信方法,该方法可以由远端终端设备执行,或者,也可以由远端终端设备的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由远端终端设备执行为例进行说明。The third aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited. For convenience of description, the following description takes execution by a remote terminal device as an example.
该方法包括:远端终端设备生成临近业务中继用户密钥标识,该临近业务中继用户密钥标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该临近业务中继用户密钥标识的名称、该临近业务中继用户密钥标识的类型、该临近业务中继用户密钥标识的作用、该临近业务中继用户密钥标识的应用场景;该远端终端设备向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识。The method includes: the remote terminal device generates a proximity service relay user key identification, the proximity service relay user key identification includes first indication information, the first indication information is used to indicate one or more of the following: the proximity service relay user key identification The name of the service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, the application scenario of the proximity service relay user key identifier; the remote end The terminal device sends a direct connection communication request message to the relay terminal device, where the direct connection communication request message includes the proximity service relay user key identification.
第四方面,提供了一种通信方法,该方法可以由远端终端设备执行,或者,也可以由远端终端设备的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由远端终端设备执行为例进行说明。The fourth aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited. For convenience of description, the following description takes execution by a remote terminal device as an example.
该方法包括:远端终端设备根据预设置的格式生成该临近业务中继用户密钥标识,该预设置的格式与该临近业务中继用户密钥标识相关联;该远端终端设备向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识。The method includes: the remote terminal device generates the proximity service relay user key identifier according to a preset format, and the preset format is associated with the proximity service relay user key identifier; the remote terminal device sends a message to the relay The terminal device sends a direct communication request message, and the direct communication request message includes the proximity service relay user key identification.
第五方面,提供了一种通信方法,该方法可以由远端终端设备执行,或者,也可以由远端终端设备的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由远端终端设备执行为例进行说明。The fifth aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited. For convenience of description, the following description takes execution by a remote terminal device as an example.
该方法包括:远端终端设备生成临近业务中继用户密钥标识;该远端终端设备向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识,该标识承载于信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该临近业务中继用户密钥标识的名称、该临近业务中继用户密钥标识的类型、该临近业务中继用户密钥标识的作用、该临近业务中继用户密钥标识的应用场景。The method includes: a remote terminal device generates a proximity service relay user key identifier; the remote terminal device sends a direct connection communication request message to the relay terminal device, and the direct connection communication request message includes the proximity service relay user key The identification is carried in an information element. The information element includes second indication information. The second indication information is used to indicate one or more of the following: the name of the user key identification of the proximity service relay, the name of the proximity service relay The type of user key identifier, the role of the proximity service relay user key identifier, and the application scenarios of the proximity service relay user key identifier.
第六方面,提供了一种通信方法,该方法可以由远端终端设备执行,或者,也可以由远端终端设备的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由远端终端设备执行为例进行说明。A sixth aspect provides a communication method, which can be executed by a remote terminal device, or can also be executed by a component (such as a chip or circuit) of the remote terminal device, which is not limited. For convenience of description, the following description takes execution by a remote terminal device as an example.
该方法包括:远端终端设备生成临近业务中继用户密钥标识;该远端终端设备向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识,该直连通信请求消息的消息名称与该临近业务中继用户密钥标识相关关联。The method includes: a remote terminal device generates a proximity service relay user key identifier; the remote terminal device sends a direct connection communication request message to the relay terminal device, and the direct connection communication request message includes the proximity service relay user key Identification, the message name of the direct communication request message is related to the user key identification of the proximity service relay.
第七方面,提供了一种通信方法,该方法可以由鉴权服务器功能网元执行,或者,也可以由鉴权服务器功能网元的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由鉴权服务器功能网元执行为例进行说明。The seventh aspect provides a communication method, which can be executed by the authentication server functional network element, or can also be executed by components (such as chips or circuits) of the authentication server functional network element, which is not limited. For the convenience of description, the following description takes the execution of the authentication server function network element as an example.
该方法包括:鉴权服务功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识,该临近业务中继用户密钥标识包括第一指示信息,该第一指示信息用于指示以下一 项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;该鉴权服务功能网元将该临近业务中继用户密钥和临近业务中继用户密钥标识发送给临近业务锚点功能网元。The method includes: an authentication service function network element generates a proximity service relay user key and a proximity service relay user key identifier, where the proximity service relay user key identifier includes first indication information, and the first indication information is used to Instruct the following one One or more items: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the authentication service function network element uses the proximity service relay user key and the proximity service relay user key The identification is sent to the adjacent service anchor function network element.
基于上述方案,鉴权服务器功能网元在生成临近业务中继用户密钥标识的时候,可以在该临近业务中继用户密钥标识中添加第一指示信息,通过该第一指示信息,可以区分临近业务中继用户密钥标识和其他标识。Based on the above solution, when the authentication server functional network element generates the proximity service relay user key identifier, the first indication information can be added to the proximity service relay user key identifier. Through the first indication information, it is possible to distinguish Proximity service relay user key identification and other identification.
通过上述方案,某个网元或设备在接收到该临近业务中继用户密钥标识时,可以根据第一指示信息识别该标识。Through the above solution, when a certain network element or device receives the proximity service relay user key identification, it can identify the identification based on the first indication information.
第八方面,提供了一种通信方法,该方法可以由鉴权服务器功能网元执行,或者,也可以由鉴权服务器功能网元的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由鉴权服务器功能网元执行为例进行说明。The eighth aspect provides a communication method, which can be executed by the authentication server functional network element, or can also be executed by components (such as chips or circuits) of the authentication server functional network element, which is not limited. For the convenience of description, the following description takes the execution of the authentication server function network element as an example.
该方法包括:鉴权服务功能网元生成临近业务中继用户密钥;鉴权服务功能网元根据预设置的格式生成临近业务中继用户密钥标识;该鉴权服务功能网元将该临近业务中继用户密钥和临近业务中继用户密钥标识发送给临近业务锚点功能网元。The method includes: the authentication service function network element generates the proximity service relay user key; the authentication service function network element generates the proximity service relay user key identifier according to a preset format; the authentication service function network element generates the proximity service relay user key identifier The service relay user key and the proximity service relay user key identification are sent to the proximity service anchor point function network element.
基于上述方案,鉴权服务器功能网元在生成临近业务中继用户密钥标识的时候,可以基于预设置的格式生成临近业务中继用户密钥标识,因此通过该临近业务中继用户密钥标识的格式,可以区分临近业务中继用户密钥标识和其他标识。Based on the above solution, when the authentication server functional network element generates the proximity service relay user key identification, it can generate the proximity service relay user key identification based on the preset format. Therefore, through the proximity service relay user key identification The format can distinguish the proximity service relay user key identifier and other identifiers.
通过上述方案,某个网元或设备在接收到该临近业务中继用户密钥标识时,可以根据第一指示信息识别该标识。Through the above solution, when a certain network element or device receives the proximity service relay user key identification, it can identify the identification based on the first indication information.
第九方面,提供了一种通信方法,该方法可以由中继终端设备执行,或者,也可以由中继终端设备的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由中继终端设备执行为例进行说明。A ninth aspect provides a communication method, which may be executed by a relay terminal device, or may be executed by a component (such as a chip or circuit) of the relay terminal device, which is not limited. For convenience of description, the following description takes execution by the relay terminal device as an example.
该方法包括:中继终端设备接收来自远端终端设备的直连通信请求消息,该直连通信请求消息包括临近业务中继用户密钥标识;该中继终端设备向移动管理网元发送中继密钥请求消息,该中继密钥请求消息包括用于承载临近业务中继用户密钥标识的信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景。The method includes: a relay terminal device receives a direct communication request message from a remote terminal device, the direct communication request message includes a proximity service relay user key identification; the relay terminal device sends a relay message to a mobile management network element Key request message, the relay key request message includes an information element used to carry the proximity service relay user key identification, the information element includes second indication information, the second indication information is used to indicate one or more of the following Items: the name of the logo, the type of the logo, the role of the logo, and the application scenario of the logo.
基于上述方案,中继终端设备接收来自远端终端设备的临近业务中继用户密钥标识后,在传输该临近业务中继用户密钥标识的时候,可以在承载该临近业务中继用户密钥标识的信息元素中携带第二指示信息,通过该第一指示信息,可以区分临近业务中继用户密钥标识和其他标识。Based on the above solution, after the relay terminal device receives the proximity service relay user key identifier from the remote terminal device, when transmitting the proximity service relay user key identifier, it can carry the proximity service relay user key identifier. The information element of the identification carries second indication information. Through the first indication information, the proximity service relay user key identification and other identifications can be distinguished.
通过上述方案,其他网元或设备在接收到该临近业务中继用户密钥标识时,可以根据承载该临近业务中继用户密钥标识的信息元素中的第二指示信息识别该标识。Through the above solution, when other network elements or devices receive the proximity service relay user key identifier, they can identify the identifier based on the second indication information in the information element carrying the proximity service relay user key identifier.
第十方面,提供了一种通信方法,该方法可以由移动管理网元执行,或者,也可以由移动管理网元的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由移动管理网元执行为例进行说明。A tenth aspect provides a communication method, which may be executed by a mobility management network element, or may be executed by a component (such as a chip or circuit) of the mobility management network element, which is not limited. For the convenience of description, the following description takes the execution by the mobility management network element as an example.
该方法包括:移动管理网元接收来自中继终端设备的中继密钥请求消息,该中继密钥请求消息包括临近业务中继用户密钥标识;该移动管理网元选择临近业务认证请求消息向鉴权服务功能网元发送该临近业务中继用户密钥标识,该临近业务认证请求消息的消息名 称与该临近业务中继用户密钥标识存在关联关系。The method includes: a mobility management network element receiving a relay key request message from a relay terminal device, the relay key request message including a proximity service relay user key identification; and the mobility management network element selecting the proximity service authentication request message. Send the proximity service relay user key identifier and the message name of the proximity service authentication request message to the authentication service function network element. It is said that there is an association relationship with the user key identification of the proximity service relay.
基于上述方案,移动管理网元接收临近业务中继用户密钥标识之后,可以选择具备与该临近业务中继用户密钥标识相关联的消息名称的消息,来传输该临近业务中继用户密钥标识,通过承载该临近业务中继用户密钥标识的消息的消息名称,可以区分临近业务中继用户密钥标识和其他标识。Based on the above solution, after the mobility management network element receives the proximity service relay user key identifier, it can select a message with a message name associated with the proximity service relay user key identifier to transmit the proximity service relay user key Identification, through the message name of the message carrying the proximity service relay user key identification, the proximity service relay user key identification and other identifications can be distinguished.
通过上述方案,其他网元或设备通过一个消息接收到该临近业务中继用户密钥标识后,可以根据该消息的消息名称识别该临近业务中继用户密钥标识。Through the above solution, after other network elements or devices receive the proximity service relay user key identifier through a message, they can identify the proximity service relay user key identifier according to the message name of the message.
第十一方面,提供了一种通信方法,该方法可以由鉴权服务器功能网元执行,或者,也可以由鉴权服务器功能网元的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由鉴权服务器功能网元执行为例进行说明。In an eleventh aspect, a communication method is provided, which method can be executed by the authentication server functional network element, or can also be executed by a component (such as a chip or circuit) of the authentication server functional network element, which is not limited. . For the convenience of description, the following description takes the execution of the authentication server function network element as an example.
该方法包括:鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;该鉴权服务器功能网元根据该第一指示信息确定该标识为临近业务中继用户密钥标识;该鉴权服务器功能网元根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。The method includes: the authentication server function network element receives a proximity service authentication request message from the mobility management network element, the proximity service authentication request message includes an identifier, the identifier includes first indication information, and the first indication information is used to indicate the following One or more items: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the authentication server functional network element determines that the identifier is the proximity service relay user password based on the first indication information. key identifier; the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier.
第十二方面,提供了一种通信方法,该方法可以由鉴权服务器功能网元执行,或者,也可以由鉴权服务器功能网元的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由鉴权服务器功能网元执行为例进行说明。In the twelfth aspect, a communication method is provided, which method can be executed by the authentication server functional network element, or can also be executed by the components (such as chips or circuits) of the authentication server functional network element, without limitation. . For the convenience of description, the following description takes the execution of the authentication server function network element as an example.
该方法包括:鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该标识的格式与预设置的临近业务中继用户密钥标识的格式相同;该鉴权服务器功能网元根据该标识的格式确定该标识为临近业务中继用户密钥标识;该鉴权服务器功能网元根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。The method includes: an authentication server function network element receives a proximity service authentication request message from a mobility management network element. The proximity service authentication request message includes an identifier, and the format of the identifier is the same as the preset proximity service relay user key identifier. The format is the same; the authentication server function network element determines that the identifier is the proximity service relay user key identifier according to the format of the identifier; the authentication server function network element obtains the identifier corresponding to the proximity service anchor point function network element based on the identifier Proximity service relay user key.
第十三方面,提供了一种通信方法,该方法可以由鉴权服务器功能网元执行,或者,也可以由鉴权服务器功能网元的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由鉴权服务器功能网元执行为例进行说明。In a thirteenth aspect, a communication method is provided, which method can be executed by the authentication server functional network element, or can also be executed by a component (such as a chip or circuit) of the authentication server functional network element, which is not limited. . For the convenience of description, the following description takes the execution of the authentication server function network element as an example.
该方法包括:鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该标识承载于信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;该鉴权服务器功能网元根据该第二指示信息确定该标识为临近业务中继用户密钥标识;该鉴权服务器功能网元根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。The method includes: the authentication server function network element receives a proximity service authentication request message from the mobility management network element, the proximity service authentication request message includes an identifier, the identifier is carried in an information element, the information element includes second indication information, the The second instruction information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the authentication server function network element determines the identifier based on the second instruction information. The identifier is a proximity service relay user key identifier; the authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier.
第十四方面,提供了一种通信方法,该方法可以由鉴权服务器功能网元执行,或者,也可以由鉴权服务器功能网元的组成部件(例如芯片或者电路)执行,对此不作限定。为了便于描述,下面以由鉴权服务器功能网元执行为例进行说明。A fourteenth aspect provides a communication method, which can be executed by the authentication server functional network element, or can also be executed by components (such as chips or circuits) of the authentication server functional network element, without limitation. . For the convenience of description, the following description takes the execution of the authentication server function network element as an example.
该方法包括:鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该临近业务认证请求消息的消息名称与该临近业务中继用户密钥标识存在关联关系;该鉴权服务器功能网元根据该临近业务认证请求消息 的消息名称,以及该关联关系,确定该标识为临近业务中继用户密钥标识;该鉴权服务器功能网元根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。The method includes: an authentication server function network element receives a proximity service authentication request message from a mobility management network element, the proximity service authentication request message includes an identifier, and the message name of the proximity service authentication request message is the same as the proximity service relay user secret. There is an association relationship between the key identifiers; the authentication server functional network element based on the adjacent service authentication request message The message name, and the association relationship, determine that the identifier is the proximity service relay user key identifier; the authentication server function network element obtains the proximity service relay user corresponding to the identifier from the proximity service anchor point function network element based on the identifier key.
第十五方面,提供了一种通信装置,该装置包括:处理模块,用于生成临近业务中继用户密钥标识;收发模块,用于向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识。In a fifteenth aspect, a communication device is provided. The device includes: a processing module for generating a proximity service relay user key identification; a transceiver module for sending a direct connection communication request message to the relay terminal device. The connectivity request message includes the proximity service relay user key identification.
结合第十五方面,在第十五方面的某些实现方式中,该临近业务中继用户密钥标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该临近业务中继用户密钥标识的名称、该临近业务中继用户密钥标识的类型、该临近业务中继用户密钥标识的作用、该临近业务中继用户密钥标识的应用场景。In conjunction with the fifteenth aspect, in some implementations of the fifteenth aspect, the proximity service relay user key identifier includes first indication information, the first indication information is used to indicate one or more of the following: the proximity The name of the service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
结合第十五方面,在第十五方面的某些实现方式中,该处理模块,具体用于根据预设置的格式生成该临近业务中继用户密钥标识,该预设置的格式与该临近业务中继用户密钥标识相关联。In conjunction with the fifteenth aspect, in some implementations of the fifteenth aspect, the processing module is specifically configured to generate the proximity service relay user key identification according to a preset format, and the preset format is consistent with the proximity service The relay user key ID is associated.
结合第十五方面,在第十五方面的某些实现方式中,该标识承载于信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该临近业务中继用户密钥标识的名称、该临近业务中继用户密钥标识的类型、该临近业务中继用户密钥标识的作用、该临近业务中继用户密钥标识的应用场景。In conjunction with the fifteenth aspect, in some implementations of the fifteenth aspect, the identification is carried in an information element, and the information element includes second indication information, and the second indication information is used to indicate one or more of the following: the The name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
结合第十五方面,在第十五方面的某些实现方式中,该直连通信请求消息的消息名称与该临近业务中继用户密钥标识相关关联。In conjunction with the fifteenth aspect, in some implementations of the fifteenth aspect, the message name of the direct communication request message is associated with the proximity service relay user key identifier.
第十六方面,提供了一种通信装置,该装置包括:收发模块,用于接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识;处理模块,用于确定该标识为临近业务中继用户密钥标识;处理模块,还用于根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。In a sixteenth aspect, a communication device is provided. The device includes: a transceiver module for receiving a proximity service authentication request message from a mobility management network element, where the proximity service authentication request message includes an identifier; and a processing module for determining The identifier is the proximity service relay user key identifier; the processing module is also used to obtain the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier.
结合第十六方面,在第十六方面的某些实现方式中,该标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;该处理模块,具体用于根据该第一指示信息确定该标识为临近业务中继用户密钥标识。In conjunction with the sixteenth aspect, in some implementations of the sixteenth aspect, the identification includes first indication information, and the first indication information is used to indicate one or more of the following: the name of the identification, the type of the identification , the role of the identification, and the application scenarios of the identification; the processing module is specifically configured to determine that the identification is the proximity service relay user key identification according to the first indication information.
结合第十六方面,在第十六方面的某些实现方式中,该标识的格式与预设置的临近业务中继用户密钥标识的格式相同;该处理模块,具体用于根据该标识的格式确定该标识为临近业务中继用户密钥标识。Combined with the sixteenth aspect, in some implementations of the sixteenth aspect, the format of the identifier is the same as the format of the preset proximity service relay user key identifier; the processing module is specifically configured to use the format of the identifier according to the format of the identifier. Confirm that this identification is the user key identification of the proximity service relay.
结合第十六方面,在第十六方面的某些实现方式中,该标识承载于信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;该处理模块,具体用于根据该第二指示信息确定该标识为临近业务中继用户密钥标识。In conjunction with the sixteenth aspect, in some implementations of the sixteenth aspect, the identifier is carried in an information element, and the information element includes second indication information, and the second indication information is used to indicate one or more of the following: the The name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the processing module is specifically configured to determine that the identifier is the proximity service relay user key identifier according to the second indication information.
结合第十六方面,在第十六方面的某些实现方式中,该临近业务认证请求消息的消息名称与该临近业务中继用户密钥标识存在关联关系;该处理模块,具体用于根据该临近业务认证请求消息的消息名称,以及该关联关系,确定该标识为临近业务中继用户密钥标识。Combined with the sixteenth aspect, in some implementations of the sixteenth aspect, the message name of the proximity service authentication request message is associated with the proximity service relay user key identifier; the processing module is specifically configured to perform the processing according to the The message name of the proximity service authentication request message and the association determine that the identifier is the proximity service relay user key identifier.
第十七方面,提供了一种通信装置,该装置包括:处理模块,用于生成临近业务中继用户密钥标识,该临近业务中继用户密钥标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该临近业务中继用户密钥标识的名称、该临近业务中继用户密钥标识 的类型、该临近业务中继用户密钥标识的作用、该临近业务中继用户密钥标识的应用场景;收发模块,用于向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识。In a seventeenth aspect, a communication device is provided. The device includes: a processing module configured to generate a proximity service relay user key identifier. The proximity service relay user key identifier includes first indication information. The first indication The information is used to indicate one or more of the following: the name of the proximity service relay user key identifier, the proximity service relay user key identifier type, the role of the proximity service relay user key identifier, and the application scenarios of the proximity service relay user key identifier; the transceiver module is used to send a direct connection communication request message to the relay terminal device, the direct connection communication request The message includes the proximity service relay user key identification.
第十八方面,提供了一种通信装置,该装置包括:处理模块,用于根据预设置的格式生成该临近业务中继用户密钥标识,该预设置的格式与该临近业务中继用户密钥标识相关联;收发模块,用于向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识。In an eighteenth aspect, a communication device is provided. The device includes: a processing module for generating the proximity service relay user key identification according to a preset format. The preset format is consistent with the proximity service relay user key identifier. The key identifier is associated; the transceiver module is configured to send a direct communication request message to the relay terminal device, where the direct communication request message includes the proximity service relay user key identifier.
第十九方面,提供了一种通信装置,该装置包括:处理模块,用于生成临近业务中继用户密钥标识;收发模块,用于向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识,该标识承载于信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该临近业务中继用户密钥标识的名称、该临近业务中继用户密钥标识的类型、该临近业务中继用户密钥标识的作用、该临近业务中继用户密钥标识的应用场景。In a nineteenth aspect, a communication device is provided. The device includes: a processing module for generating a proximity service relay user key identification; a transceiver module for sending a direct connection communication request message to the relay terminal device. The connection request message includes the proximity service relay user key identifier, which is carried in an information element. The information element includes second indication information, and the second indication information is used to indicate one or more of the following: in the proximity service The name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
第二十方面,提供了一种通信装置,该装置包括:处理模块,用于生成临近业务中继用户密钥标识;收发模块,用于向中继终端设备发送直连通信请求消息,该直连通信请求消息包括该临近业务中继用户密钥标识,该直连通信请求消息的消息名称与该临近业务中继用户密钥标识相关关联。In a twentieth aspect, a communication device is provided. The device includes: a processing module for generating a proximity service relay user key identification; a transceiver module for sending a direct connection communication request message to the relay terminal device. The connected communication request message includes the proximity service relay user key identifier, and the message name of the direct connection communication request message is related to the proximity service relay user key identifier.
第二十一方面,提供了一种通信装置,该装置包括:处理模块,用于生成临近业务中继用户密钥和临近业务中继用户密钥标识,该临近业务中继用户密钥标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;收发模块,用于将该临近业务中继用户密钥和临近业务中继用户密钥标识发送给临近业务锚点功能网元。In a twenty-first aspect, a communication device is provided. The device includes: a processing module for generating a proximity service relay user key and a proximity service relay user key identifier. The proximity service relay user key identifier includes: First indication information, the first indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, the role of the identification, the application scenario of the identification; the transceiver module is used to transfer the proximity service The relay user key and the proximity service relay user key identification are sent to the proximity service anchor point function network element.
第二十二方面,提供了一种通信装置,该装置包括:处理模块,用于生成临近业务中继用户密钥;以及根据预设置的格式生成临近业务中继用户密钥标识;收发模块,用于将该临近业务中继用户密钥和临近业务中继用户密钥标识发送给临近业务锚点功能网元。In a twenty-second aspect, a communication device is provided, which device includes: a processing module for generating a proximity service relay user key; and generating a proximity service relay user key identifier according to a preset format; a transceiver module, Used to send the proximity service relay user key and the proximity service relay user key identification to the proximity service anchor point function network element.
第二十三方面,提供了一种通信装置,该装置包括:收发模块,用于接收来自远端终端设备的直连通信请求消息,该直连通信请求消息包括临近业务中继用户密钥标识;该收发模块,还用于向移动管理网元发送中继密钥请求消息,该中继密钥请求消息包括用于承载临近业务中继用户密钥标识的信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景。In a twenty-third aspect, a communication device is provided. The device includes: a transceiver module for receiving a direct communication request message from a remote terminal device, where the direct communication request message includes a proximity service relay user key identifier. ; The transceiver module is also used to send a relay key request message to the mobility management network element. The relay key request message includes an information element used to carry the adjacent service relay user key identification, and the information element includes a second Instruction information, the second instruction information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier.
第二十四方面,提供了一种通信装置,该装置包括:收发模块,用于接收来自中继终端设备的中继密钥请求消息,该中继密钥请求消息包括临近业务中继用户密钥标识;处理模块,用于选择临近业务认证请求消息向鉴权服务功能网元发送该临近业务中继用户密钥标识,该临近业务认证请求消息的消息名称与该临近业务中继用户密钥标识存在关联关系。In a twenty-fourth aspect, a communication device is provided. The device includes: a transceiver module for receiving a relay key request message from a relay terminal device. The relay key request message includes a nearby service relay user password. Key identifier; processing module, used to select the proximity service authentication request message and send the proximity service relay user key identifier to the authentication service function network element, the message name of the proximity service authentication request message and the proximity service relay user key The identifiers are related.
第二十五方面,提供了一种通信装置,该装置包括:收发模块,用于接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;处理模块,用于根据该第一指示信息确定该标识为临 近业务中继用户密钥标识;该处理模块,还用于根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。In a twenty-fifth aspect, a communication device is provided. The device includes: a transceiver module, configured to receive a proximity service authentication request message from a mobility management network element. The proximity service authentication request message includes an identifier, and the identifier includes a first Instruction information, the first instruction information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, the application scenario of the identifier; the processing module is used to indicate according to the first instruction information Make sure the logo is Pro Proximity service relay user key identification; the processing module is also used to obtain the proximity service relay user key corresponding to the identification from the proximity service anchor point function network element based on the identification.
第二十六方面,提供了一种通信装置,该装置包括:收发模块,用于接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该标识的格式与预设置的临近业务中继用户密钥标识的格式相同;处理模块,用于根据该标识的格式确定该标识为临近业务中继用户密钥标识;该处理模块,还用于根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。In a twenty-sixth aspect, a communication device is provided. The device includes: a transceiver module for receiving a proximity service authentication request message from a mobility management network element. The proximity service authentication request message includes an identifier, and the format of the identifier is the same as The format of the preset proximity service relay user key identification is the same; the processing module is used to determine that the identification is the proximity service relay user key identification according to the format of the identification; the processing module is also used to determine from the proximity service relay user key identification according to the identification The service anchor point function network element obtains the adjacent service relay user key corresponding to the identifier.
第二十七方面,提供了一种通信装置,该装置包括:收发模块,用于接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该标识承载于信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;处理模块,用于根据该第二指示信息确定该标识为临近业务中继用户密钥标识;该处理模块,还用于根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。In a twenty-seventh aspect, a communication device is provided. The device includes: a transceiver module, configured to receive a proximity service authentication request message from a mobility management network element. The proximity service authentication request message includes an identifier, and the identifier is carried in the information. element, the information element includes second indication information, the second indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, the role of the identification, the application scenario of the identification; the processing module, The processing module is configured to determine that the identifier is a proximity service relay user key identifier based on the second indication information; the processing module is also configured to obtain the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element based on the identifier. key.
第二十八方面,提供了一种通信装置,该装置包括:收发模块,用于接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该临近业务认证请求消息的消息名称与该临近业务中继用户密钥标识存在关联关系;处理模块,用于根据该临近业务认证请求消息的消息名称,以及该关联关系,确定该标识为临近业务中继用户密钥标识;该处理模块,还用于根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。In a twenty-eighth aspect, a communication device is provided. The device includes: a transceiver module, configured to receive a proximity service authentication request message from a mobility management network element. The proximity service authentication request message includes an identifier. The proximity service authentication request message includes an identifier. There is an association relationship between the message name of the message and the proximity service relay user key identifier; the processing module is configured to determine that the identifier is the proximity service relay user key according to the message name of the proximity service authentication request message and the association relationship. The identification; the processing module is also used to obtain the proximity service relay user key corresponding to the identification from the proximity service anchor point function network element according to the identification.
第二十九方面,提供通信装置,该装置用于执行上述第一方面至第十四方面提供的任一方法。具体地,该装置可以包括用于执行第一方面至第十四方面提供的方法的单元和/或模块,如处理模块和/或收发模块(也可以成为通信模块)。A twenty-ninth aspect provides a communication device, which is used to perform any of the methods provided in the first to fourteenth aspects. Specifically, the device may include units and/or modules for executing the methods provided in the first to fourteenth aspects, such as a processing module and/or a transceiver module (which may also become a communication module).
在一种实现方式中,该装置为终端设备(例如远端终端设备或中继终端设备)。或者为终端设备中的芯片、芯片***或电路。当该装置为终端设备中的芯片、芯片***或电路时,通信模块可以是该芯片、芯片***或电路上的输入/输出接口、接口电路、输出电路、输入电路、管脚或相关电路等;处理模块可以是处理器、处理电路或逻辑电路等。在该情况下,该装置可以包括用于执行第一方面、第三方面至第六方面、第九方面的方法的单元和/或模块,如处理单元和/或通信单元。In one implementation, the device is a terminal device (such as a remote terminal device or a relay terminal device). Or a chip, chip system or circuit in an end device. When the device is a chip, chip system or circuit in a terminal device, the communication module may be an input/output interface, interface circuit, output circuit, input circuit, pin or related circuit on the chip, chip system or circuit; The processing module may be a processor, a processing circuit, a logic circuit, etc. In this case, the device may include units and/or modules for performing the methods of the first aspect, the third aspect to the sixth aspect, and the ninth aspect, such as a processing unit and/or a communication unit.
又一种可能情况,该装置为鉴权服务器功能网元,或者鉴权服务器功能网元中的芯片、芯片***或电路。在该情况下,该装置可以包括用于执行第二方面、第七方面、第八方面、第十一方面至第十四方面提供的方法的单元和/或模块,如处理模块和/或收发模块。In another possible situation, the device is an authentication server functional network element, or a chip, chip system or circuit in the authentication server functional network element. In this case, the device may include units and/or modules for performing the methods provided in the second, seventh, eighth, eleventh to fourteenth aspects, such as processing modules and/or transceivers. module.
又一种可能情况,该装置为移动管理网元,或者移动管理网元中的芯片、芯片***或电路。在该情况下,该装置可以包括用于执行第十方面提供的方法的单元和/或模块,如处理模块和/或收发模块。In another possible situation, the device is a mobility management network element, or a chip, chip system or circuit in the mobility management network element. In this case, the device may include units and/or modules for performing the method provided in the tenth aspect, such as a processing module and/or a transceiver module.
可选地,上述收发器可以为收发电路。可选地,上述输入/输出接口可以为输入/输出电路。Optionally, the above-mentioned transceiver may be a transceiver circuit. Optionally, the above input/output interface may be an input/output circuit.
可选地,上述收发器可以为收发电路。可选地,上述输入/输出接口可以为输入/输出电路。Optionally, the above-mentioned transceiver may be a transceiver circuit. Optionally, the above input/output interface may be an input/output circuit.
第三十方面,提供一种通信装置,该装置包括:存储器,用于存储程序;处理器,用 于执行存储器存储的程序,当存储器存储的程序被执行时,处理器用于执行上述第一方面至第十四方面提供的任一方法。In a thirtieth aspect, a communication device is provided. The device includes: a memory for storing programs; a processor for In order to execute the program stored in the memory, when the program stored in the memory is executed, the processor is configured to perform any one of the methods provided in the above-mentioned first to fourteenth aspects.
第三十一方面,本申请提供一种处理器,用于执行上述各方面提供的方法。在执行这些方法的过程中,上述方法中有关发送上述信息和获取/接收上述信息的过程,可以理解为由处理器输出上述信息的过程,以及处理器接收输入的上述信息的过程。在输出上述信息时,处理器将该上述信息输出给收发器,以便由收发器进行发射。该上述信息在由处理器输出之后,还可能需要进行其他的处理,然后再到达收发器。类似的,处理器接收输入的上述信息时,收发器获取/接收该上述信息,并将其输入处理器。更进一步的,在收发器收到该上述信息之后,该上述信息可能需要进行其他的处理,然后再输入处理器。In a thirty-first aspect, this application provides a processor for executing the methods provided in the above aspects. During the execution of these methods, the process of sending the above information and obtaining/receiving the above information in the above method can be understood as the process of the processor outputting the above information, and the process of the processor receiving the input above information. When outputting the above information, the processor outputs the above information to the transceiver for transmission by the transceiver. After the above information is output by the processor, it may also need to undergo other processing before reaching the transceiver. Similarly, when the processor receives the above information input, the transceiver obtains/receives the above information and inputs it into the processor. Furthermore, after the transceiver receives the above information, the above information may need to undergo other processing before being input to the processor.
基于上述原理,举例来说,前述方法中提及的接收请求消息可以理解为处理器接收输入的信息。Based on the above principles, for example, the receiving request message mentioned in the foregoing method can be understood as the processor receiving input information.
对于处理器所涉及的发射、发送和获取/接收等操作,如果没有特殊说明,或者,如果未与其在相关描述中的实际作用或者内在逻辑相抵触,则均可以更加一般性的理解为处理器输出和接收、输入等操作,而不是直接由射频电路和天线所进行的发射、发送和接收操作。For operations such as emission, sending, and acquisition/reception involved in the processor, if there is no special explanation, or if it does not conflict with its actual role or internal logic in the relevant description, it can be more generally understood as a processor. Output and receive, input and other operations, rather than the transmit, send and receive operations performed directly by radio frequency circuits and antennas.
在实现过程中,上述处理器可以是专门用于执行这些方法的处理器,也可以是执行存储器中的计算机指令来执行这些方法的处理器,例如通用处理器。上述存储器可以为非瞬时性(non-transitory)存储器,例如只读存储器(read only memory,ROM),其可以与处理器集成在同一块芯片上,也可以分别设置在不同的芯片上,本申请实施例对存储器的类型以及存储器与处理器的设置方式不做限定。During implementation, the above-mentioned processor may be a processor specifically designed to perform these methods, or may be a processor that executes computer instructions in a memory to perform these methods, such as a general-purpose processor. The above-mentioned memory can be a non-transitory memory, such as a read-only memory (ROM), which can be integrated on the same chip as the processor, or can be separately provided on different chips. This application The embodiment does not limit the type of memory and the arrangement of the memory and the processor.
第三十二方面,提供一种计算机可读存储介质,该计算机可读介质存储用于设备执行的程序代码,该程序代码包括用于执行上述第一方面至第十四方面提供的任一方法。In a thirty-second aspect, a computer-readable storage medium is provided. The computer-readable medium stores a program code for device execution. The program code includes a method for executing any one of the methods provided in the above-mentioned first to fourteenth aspects. .
第三十三方面,提供一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行上述第一方面至第十四方面提供的任一方法。A thirty-third aspect provides a computer program product containing instructions, which when the computer program product is run on a computer, causes the computer to execute any of the methods provided in the above-mentioned first to fourteenth aspects.
第三十四方面,提供一种芯片,该芯片包括处理器与通信接口,该处理器通过该通信接口读取存储器上存储的指令,执行上述第一方面至第十四方面提供的任一方法。In a thirty-fourth aspect, a chip is provided. The chip includes a processor and a communication interface. The processor reads instructions stored in the memory through the communication interface and executes any of the methods provided in the above-mentioned first to fourteenth aspects. .
可选地,作为一种实现方式,该芯片还可以包括存储器,该存储器中存储有指令,该处理器用于执行该存储器上存储的指令,当该指令被执行时,该处理器用于执行上述第一方面至第十四方面提供的任一方法。Optionally, as an implementation manner, the chip may also include a memory, in which instructions are stored, and the processor is used to execute the instructions stored in the memory. When the instructions are executed, the processor is used to execute the above-mentioned first step. Any method provided by the first aspect to the fourteenth aspect.
第三十五方面,提供了一种通信***,包括前述鉴权服务器功能网元和移动管理网元。In a thirty-fifth aspect, a communication system is provided, including the aforementioned authentication server functional network element and mobility management network element.
可选地,该通信***还可以包括上述远端终端设备。Optionally, the communication system may also include the above-mentioned remote terminal device.
可选地,该通信***还可以包括上述中继终端设备。Optionally, the communication system may also include the above-mentioned relay terminal equipment.
附图说明Description of the drawings
图1的(a)和图1的(b)示出了本申请实施例适用的网络架构的示意图。Figure 1 (a) and Figure 1 (b) show a schematic diagram of a network architecture applicable to the embodiment of the present application.
图2示出了一种用户隐藏标识的结构示意图。Figure 2 shows a schematic structural diagram of a user hidden identity.
图3示出了本申请实施例提供的方法300的示例性流程图。Figure 3 shows an exemplary flowchart of the method 300 provided by the embodiment of the present application.
图4示出了本申请实施例提供的方法400的示例性流程图。Figure 4 shows an exemplary flow chart of the method 400 provided by the embodiment of the present application.
图5是本申请一个实施例提供的通信装置的示意性框图。 Figure 5 is a schematic block diagram of a communication device provided by an embodiment of the present application.
图6是本申请另一个实施例提供的通信装置的示意性框图。Figure 6 is a schematic block diagram of a communication device provided by another embodiment of the present application.
图7是本申请又一个实施例提供的通信装置的示意性框图。Figure 7 is a schematic block diagram of a communication device provided by yet another embodiment of the present application.
具体实施方式Detailed ways
为了使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请作进一步地详细描述。方法实施例中的具体操作方法也可以应用于装置实施例或***实施例中。其中,在本申请的描述中,除非另有说明,“多个”的含义是两个或两个以上。In order to make the purpose, technical solutions and advantages of the present application clearer, the present application will be described in further detail below in conjunction with the accompanying drawings. The specific operation methods in the method embodiments can also be applied to the device embodiments or system embodiments. Among them, in the description of this application, unless otherwise stated, the meaning of "plurality" is two or more.
在本申请的各个实施例中,如果没有特殊说明以及逻辑冲突,不同的实施例之间的术语和/或描述具有一致性、且可以相互引用,不同的实施例中的技术特征根据其内在的逻辑关系可以组合形成新的实施例。In the various embodiments of this application, if there is no special explanation or logical conflict, the terms and/or descriptions between different embodiments are consistent and can be referenced to each other. The technical features in different embodiments are based on their inherent Logical relationships can be combined to form new embodiments.
可以理解的是,在本申请中涉及的各种数字编号仅为描述方便进行的区分,并不用来限制本申请的范围。上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定。It can be understood that the various numerical numbers involved in this application are only for convenience of description and are not used to limit the scope of this application. The size of the serial numbers of the above processes does not mean the order of execution. The execution order of each process should be determined by its function and internal logic.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”、“第四”以及其他各种术语标号等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、***、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth" and other various terminology labels (if any) in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects and not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments described herein can be practiced in sequences other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, e.g., a process, method, system, product, or apparatus that encompasses a series of steps or units and need not be limited to those explicitly listed. Those steps or elements may instead include other steps or elements not expressly listed or inherent to the process, method, product or apparatus.
本申请提供的技术方案可以应用于各种通信***,例如:第五代(5th generation,5G)或新无线(new radio,NR)***、长期演进(long term evolution,LTE)***、LTE频分双工(frequency division duplex,FDD)***、LTE时分双工(time division duplex,TDD)***等。本申请提供的技术方案还可以应用于未来的通信***,如第六代移动通信***。本申请提供的技术方案还可以应用于设备到设备(device to device,D2D)通信,车到万物(vehicle-to-everything,V2X)通信,机器到机器(machine to machine,M2M)通信,机器类型通信(machine type communication,MTC),以及物联网(internet of things,IoT)通信***或者其他通信***。The technical solutions provided by this application can be applied to various communication systems, such as fifth generation (5th generation, 5G) or new radio (NR) systems, long term evolution (LTE) systems, LTE frequency division Duplex (frequency division duplex, FDD) system, LTE time division duplex (TDD) system, etc. The technical solution provided by this application can also be applied to future communication systems, such as the sixth generation mobile communication system. The technical solution provided by this application can also be applied to device-to-device (D2D) communication, vehicle-to-everything (V2X) communication, machine-to-machine (M2M) communication, machine type Communication (machine type communication, MTC), and Internet of Things (Internet of things, IoT) communication systems or other communication systems.
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行描述。其中,在本申请的描述中,除非另有说明,“/”表示前后关联的对象是一种“或”的关系,例如,A/B可以表示A或B;本申请中的“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况,其中A,B可以是单数或者复数。并且,在本申请的描述中,除非另有说明,“多个”是指两个或多于两个。“以下至少一项(个)”或其类似表达,是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b,或c中的至少一项(个),可以表示:a,b,c,a-b,a-c,b-c,或a-b-c,其中a,b,c可以是单个,也可以是多个。另外,为了便于清楚描述本申请实施例的技术方案,在本申请的实施例中,采用了“第一”、“第二”等字样对功能和作用基本相同的相同项或相似项进行区分。本领域技术人员可以理解“第一”、“第二”等字样并不对数量和执行次序进行 限定,并且“第一”、“第二”等字样也并不限定一定不同。同时,在本申请实施例中,“示例性的”或者“例如”等词用于表示作例子、例证或说明。本申请实施例中被描述为“示例性的”或者“例如”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言,使用“示例性的”或者“例如”等词旨在以具体方式呈现相关概念,便于理解。The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. Among them, in the description of this application, unless otherwise stated, "/" means that the related objects are an "or" relationship. For example, A/B can mean A or B; "and/or" in this application "It is just an association relationship that describes related objects. It means that there can be three relationships. For example, A and/or B can mean: A exists alone, A and B exist simultaneously, and B exists alone. Among them, A ,B can be singular or plural. Furthermore, in the description of this application, unless otherwise specified, "plurality" means two or more than two. "At least one of the following" or similar expressions thereof refers to any combination of these items, including any combination of a single item (items) or a plurality of items (items). For example, at least one of a, b, or c can mean: a, b, c, ab, ac, bc, or abc, where a, b, c can be single or multiple . In addition, in order to facilitate a clear description of the technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as “first” and “second” are used to distinguish identical or similar items with basically the same functions and effects. Those skilled in the art can understand that words such as "first" and "second" do not specify the quantity or order of execution. are limited, and the words "first", "second", etc. are not limited to being different. At the same time, in the embodiments of this application, words such as "exemplary" or "for example" are used to represent examples, illustrations or explanations. Any embodiment or design described as "exemplary" or "such as" in the embodiments of the present application is not to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete manner that is easier to understand.
此外,本申请实施例描述的网络架构以及业务场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着网络架构的演变和新业务场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。In addition, the network architecture and business scenarios described in the embodiments of this application are for the purpose of explaining the technical solutions of the embodiments of this application more clearly, and do not constitute a limitation on the technical solutions provided by the embodiments of this application. Those of ordinary skill in the art will know that, With the evolution of network architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of this application are also applicable to similar technical problems.
为便于理解本申请实施例,下面结合图1的(a)详细说明本申请实施例的一个应用场景。In order to facilitate understanding of the embodiment of the present application, an application scenario of the embodiment of the present application is described in detail below with reference to (a) of Figure 1 .
图1的(a)是适用于本申请实施例提供的方法的网络架构的示意图。如图所示,该网络架构具体可以包括下列网元:(a) of Figure 1 is a schematic diagram of a network architecture suitable for the method provided by the embodiment of the present application. As shown in the figure, the network architecture can specifically include the following network elements:
1、用户设备(user equipment,UE):可以称为终端设备、终端、接入终端、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、无线通信设备、用户代理或用户装置。终端设备还可以是蜂窝电话、无绳电话、会话启动协议(session initiation protocol,SIP)电话、无线本地环路(wireless local loop,WLL)站、个人数字处理(personal digital assistant,PDA)、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、车载设备、无人机、可穿戴设备,5G网络中的终端设备或演进的公用陆地移动通信网络(public land mobile network,PLMN)中的终端设备等,本申请实施例对此并不限定。UE可以通过Uu接口与下一代无线接入网(next generation radio access network,NG-RAN)设备相连,例如图1的(a)所示的UE#A和UE#D通过Uu接口与NG-RAN相连。两个具有临近业务应用(proximity-based services application,ProSe application)功能的UE之间也可以通过PC5接口相连,例如图1的(a)所示的UE#A与UE#B通过PC5接口相连,UE#B与UE#C通过PC5接口相连,UE#A与UE#D通过PC5接口相连。1. User equipment (UE): can be called terminal equipment, terminal, access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, wireless communication equipment , user agent or user device. The terminal device may also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a device with wireless communications Functional handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, drones, wearable devices, end devices in 5G networks or evolved public land mobile networks (PLMN) The embodiments of the present application are not limited to the terminal equipment in the terminal equipment. The UE can be connected to the next generation radio access network (NG-RAN) equipment through the Uu interface. For example, UE#A and UE#D shown in (a) of Figure 1 are connected to the NG-RAN through the Uu interface. connected. Two UEs with proximity-based services application (ProSe application) functions can also be connected through the PC5 interface. For example, UE#A and UE#B shown in (a) of Figure 1 are connected through the PC5 interface. UE#B and UE#C are connected through the PC5 interface, and UE#A and UE#D are connected through the PC5 interface.
2、接入网(access network,AN):为特定区域的授权用户提供入网功能,并能够根据用户的级别,业务的需求等使用不同质量的传输隧道。接入网络可以为采用不同接入技术的接入网络。目前的接入网络技术包括:第三代(3rd generation,3G)***中采用的无线接入网技术、4G***中采用的无线接入网技术、或图1的(a)所示的NG-RAN技术(如5G***中采用的无线接入技术)等。2. Access network (AN): Provides network access functions for authorized users in a specific area, and can use transmission tunnels of different qualities according to user levels, business needs, etc. The access network may be an access network using different access technologies. Current access network technologies include: wireless access network technology used in 3rd generation (3G) systems, wireless access network technology used in 4G systems, or NG- as shown in Figure 1(a) RAN technology (such as the wireless access technology used in 5G systems), etc.
基于无线通信技术实现接入网络功能的接入网可以称为无线接入网络(radio access network,RAN)。无线接入网能够管理无线资源,为终端提供接入服务,进而完成控制信号和用户数据在终端和核心网之间的转发。An access network that implements access network functions based on wireless communication technology can be called a radio access network (RAN). The wireless access network can manage wireless resources, provide access services to terminals, and complete the forwarding of control signals and user data between the terminals and the core network.
无线接入网设备例如可以是基站(NodeB)、演进型基站(evolved NodeB,eNB或eNodeB)、5G移动通信***中的下一代基站节点(next generation Node Base station,gNB)、为例移动通信***中的基站或wifi无线热点(WiFi)***中的接入点(access point,AP)等,还可以是云无线接入网络(cloud radio access network,CRAN)场景下的无线控制器,或者该无线接入网设备可以为中继站、接入点、车载设备、无人机、可穿戴设备以及5G 网络中的网络设备或者演进的PLMN中的网络设备等。本申请实施例对无线接入网设备所采用的具体技术和具体设备形态不做限定。The radio access network equipment may be, for example, a base station (NodeB), an evolved base station (evolved NodeB, eNB or eNodeB), or a next generation base station node (next generation Node Base station, gNB) in a 5G mobile communication system. For example, a mobile communication system A base station in a wireless hotspot (WiFi) system, an access point (AP), etc., or a wireless controller in a cloud radio access network (CRAN) scenario, or the wireless Access network equipment can be relay stations, access points, vehicle-mounted equipment, drones, wearable devices and 5G Network equipment in the network or network equipment in the evolved PLMN, etc. The embodiments of this application do not limit the specific technology and specific equipment form used by the wireless access network equipment.
3、接入管理网元:主要用于移动性管理和接入管理、负责在用户设备与策略控制功能(policy control function,PCF)网元间传递用户策略等,可以用于实现移动性管理实体(mobility management entity,MME)功能中除会话管理之外的其他功能。例如,合法监听、或接入授权(或鉴权)的功能。3. Access management network element: Mainly used for mobility management and access management, responsible for transmitting user policies between user equipment and policy control function (PCF) network elements, etc., and can be used to implement mobility management entities (mobility management entity, MME) functions other than session management. For example, lawful interception, or access authorization (or authentication) functions.
在5G通信***中,接入管理网元可以是接入和移动管理功能(access and mobility management function,AMF)网元。在未来通信***中,接入管理网元仍可以是AMF网元,或者,还可以有其他的名称,本申请不做限定。In the 5G communication system, the access management network element can be an access and mobility management function (AMF) network element. In future communication systems, the access management network element can still be an AMF network element, or it can have other names, which are not limited in this application.
4、会话管理网元:主要用于会话管理、用户设备的网络互连协议(internet protocol,IP)地址分配和管理、选择可管理用户平面功能、策略控制和收费功能接口的终结点以及下行数据通知等。4. Session management network element: Mainly used for session management, Internet protocol (IP) address allocation and management of user equipment, selection of endpoints for manageable user plane functions, policy control and charging function interfaces, and downlink data Notifications etc.
在5G通信***中,会话管理网元可以会话管理功能(session management function,SMF)网元。在未来通信***中,会话管理网元仍可以是SMF网元,或者,还可以有其他的名称,本申请不做限定。In the 5G communication system, the session management network element can be a session management function (SMF) network element. In future communication systems, the session management network element can still be an SMF network element, or it can also have other names, which is not limited in this application.
5、用户面网元:用于分组路由和转发、用户面数据的服务质量(quality of services,QoS)处理、完成用户面数据转发、基于会话/流级的计费统计,带宽限制等功能等。5. User plane network element: used for packet routing and forwarding, quality of services (QoS) processing of user plane data, completing user plane data forwarding, session/flow level-based billing statistics, bandwidth limitation and other functions. .
在5G通信***中,用户面网元可以是用户面功能(user plane function,UPF)网元。在未来通信***中,用户面网元仍可以是UPF网元,或者,还可以有其他名称,本申请不做限定。In the 5G communication system, the user plane network element can be a user plane function (UPF) network element. In future communication systems, user plane network elements can still be UPF network elements, or they can have other names, which are not limited in this application.
6、数据网络网元:用于提供传输数据的网络。6. Data network element: used to provide a network for transmitting data.
在5G通信***中,数据网络网元可以是数据网络(data network,DN)网元。在未来通信***中,数据网络网元仍可以是DN网元,或者,还可以有其他名称,本申请不做限定。In the 5G communication system, the data network element may be a data network (DN) network element. In future communication systems, data network elements can still be DN network elements, or they can have other names, which are not limited in this application.
7、策略控制网元:用于指导网络行为的统一策略框架,为控制面功能网元(例如AMF,SMF网元等)提供策略规则信息等。7. Policy control network element: A unified policy framework used to guide network behavior and provide policy rule information for control plane functional network elements (such as AMF, SMF network elements, etc.).
在4G通信***中,该策略控制网元可以是策略和计费规则功能(policy and charging rules function,PCRF)网元。在5G通信***中,该策略控制网元可以是策略控制功能(policy control function,PCF)网元。在未来通信***中,该策略控制网元仍可以是PCF网元,或者,还可以有其他名称,本申请不做限定。In the 4G communication system, the policy control network element may be a policy and charging rules function (PCRF) network element. In the 5G communication system, the policy control network element may be a policy control function (PCF) network element. In future communication systems, the policy control network element can still be a PCF network element, or it can also have other names, which are not limited in this application.
8、数据管理网元:用于处理用户设备标识,接入鉴权,注册以及移动性管理等。8. Data management network element: used to process user equipment identification, access authentication, registration and mobility management, etc.
在5G通信***中,该数据管理网元可以是统一数据管理(unified data management,UDM)网元;在4G通信***中,该数据管理网元可以是归属用户服务器(home subscriber serve,HSS)网元。在未来通信***中,数据管理网元仍可以是UDM网元,或者,还可以有其他的名称,本申请不做限定。In the 5G communication system, the data management network element can be a unified data management (UDM) network element; in the 4G communication system, the data management network element can be a home subscriber server (HSS) network element. Yuan. In future communication systems, the data management network element can still be a UDM network element, or it can also have other names, which is not limited in this application.
9、数据仓库网元:用于负责签约数据、策略数据、应用数据等类型数据的存取功能。9. Data warehouse network element: responsible for the access function of contract data, policy data, application data and other types of data.
在5G通信***中,该数据仓库网元可以是统一数据仓库(unified data repository,UDR)网元。在未来通信***中,数据仓库网元仍可以是UDR网元,或者,还可以有其他的名称,本申请不做限定。 In the 5G communication system, the data warehouse network element may be a unified data warehouse (unified data repository, UDR) network element. In future communication systems, the data warehouse network element can still be a UDR network element, or it can also have other names, which is not limited in this application.
10、网络开放功能(network exposure function,NEF)实体:用于安全地向外部开放由3GPP网络功能提供的业务和能力等。10. Network exposure function (NEF) entity: used to securely open to the outside the services and capabilities provided by 3GPP network functions.
11、ProSe应用服务器(application server,AS):可以是DN的应用功能(application function,AF),也可以是提供ProSe服务的AS本身。具有ProSe应用服务器功能的AF具有23.501R-15版本中定义的AF的所有功能,以及具有用于ProSe业务的相关功能。也就是说,在用户面架构中,ProSe应用服务器与UE是通过UE-RAN-UPF-AF的路径进行用户面通信。ProSe应用服务器还可以在控制面架构中,通过NEF与5G核心网(5G core network,5GC)中的其他网络功能(network function,NF)进行通信。比如通过NEF与PCF通信。如果ProSe应用服务器是DN的AF,且该AF为5GC的运营商布置,则ProSe应用服务器还可在控制面架构中,不通过NEF与5GC中的其他NF进行直接通信,比如直接与PCF通信。11. ProSe application server (AS): It can be the application function (AF) of the DN, or it can be the AS itself that provides ProSe services. AF with ProSe application server function has all the functions of AF defined in version 23.501R-15, as well as related functions for ProSe business. That is to say, in the user plane architecture, the ProSe application server and the UE communicate on the user plane through the UE-RAN-UPF-AF path. The ProSe application server can also communicate with other network functions (NF) in the 5G core network (5GC) through NEF in the control plane architecture. For example, communicating with PCF through NEF. If the ProSe application server is the AF of the DN, and the AF is deployed by the operator of the 5GC, the ProSe application server can also directly communicate with other NFs in the 5GC in the control plane architecture, such as directly communicating with the PCF, without using NEF.
12、5G直连通信发现名称管理功能(direct discovery name management function,DDNMF):具有为开放临近业务发现(open ProSe discovery)分配和处理临近业务应用标识(ProSe application identifier)和临近业务应用代码(ProSe application code)之间映射关系的作用。在受限临近业务发现(restricted ProSe direct discovery)中,5G DDNMF可以通过PC2接口与临近业务应用服务器通信,用于处理发现请求(discovery request)的授权,也具有未分配和处理应用标识(application identifier)和受限临近业务中使用的代码之间映射关系的作用,其中受限临近业务中使用的代码包括受限临近业务代码(ProSe restricted code)、临近业务请求代码(ProSe query code)和临近业务回复代码(ProSe response code)。12. 5G direct discovery name management function (DDNMF): It has the function of allocating and processing ProSe application identifiers and ProSe application codes for open ProSe discovery. The role of the mapping relationship between application code). In restricted ProSe direct discovery, 5G DDNMF can communicate with the ProSe application server through the PC2 interface for authorization of processing discovery requests, and also has unallocated and processing application identifiers ) and the code used in the restricted proximity service, where the code used in the restricted proximity service includes the restricted proximity service code (ProSe restricted code), the proximity service request code (ProSe query code) and the proximity service Reply code (ProSe response code).
目前标准定义中,5G DDNMF是PLMN粒度的,即一个PLMN只有一个5G DDNMF。通过移动国家码(mobile country code,MCC)和移动网络码(mobile network code,MNC)可以唯一确定一个5G DDNMF。In the current standard definition, 5G DDNMF is PLMN granular, that is, a PLMN has only one 5G DDNMF. A 5G DDNMF can be uniquely determined by the mobile country code (MCC) and mobile network code (MNC).
13、鉴权服务器功能(authentication server function,AUSF):网元对用户进行鉴权和授权。13. Authentication server function (AUSF): The network element authenticates and authorizes users.
14、临近业务密钥管理功能(ProSe key management function,PKMF):可以负责为使用临近业务的UE生成和分发PC5接口连接使用的密钥,UE需要通过控制面与PKMF进行交互以获取PC5接口使用的密钥。14. ProSe key management function (PKMF): It can be responsible for generating and distributing keys for PC5 interface connection for UEs using proximity services. UE needs to interact with PKMF through the control plane to obtain PC5 interface usage. key.
可以理解的是,上述网元或者功能既可以是硬件设备中的网络元件,也可以是在专用硬件上运行软件功能,或者是平台(例如,云平台)上实例化的虚拟化功能。上述网元或者功能可以由一个设备实现,也可以由多个设备共同实现,还可以是一个设备内的一个功能模块,本申请实施例对此不作具体限定。It can be understood that the above network elements or functions can be network elements in hardware devices, software functions running on dedicated hardware, or virtualization functions instantiated on a platform (for example, a cloud platform). The above network element or function can be implemented by one device, or can be implemented by multiple devices together, or can be a functional module in one device, which is not specifically limited in the embodiments of this application.
还应理解,上述图1的(a)所示的适用于本申请实施例的网络架构仅是一种举例说明,适用本申请实施例的网络架构并不局限于此,任何能够实现上述各个网元的功能的网络架构都适用于本申请实施例。It should also be understood that the network architecture applicable to the embodiment of the present application shown in (a) of Figure 1 is only an example, and the network architecture applicable to the embodiment of the present application is not limited to this. Any network architecture that can implement the above various networks All functional network architectures are applicable to the embodiments of this application.
例如,在某些网络架构中,AMF、SMF网元、PCF网元以及UDM网元等网络功能网元实体都称为网络功能(network function,NF)网元;或者,在另一些网络架构中,AMF,SMF网元,PCF网元,UDM网元等网元的集合都可以称为控制面功能网元。因为UE需要通过用户面与PKMF和DDNMF交互,因此PKMF和DDNMF等网元可以称为 用户面网元。For example, in some network architectures, network function network element entities such as AMF, SMF network elements, PCF network elements, and UDM network elements are all called network function (NF) network elements; or, in other network architectures , AMF, SMF network elements, PCF network elements, UDM network elements and other network elements can be called control plane functional network elements. Because the UE needs to interact with PKMF and DDNMF through the user plane, network elements such as PKMF and DDNMF can be called User plane network elements.
图1的(b)示出了本申请实施例的另一种通信***架构示意图。当远端终端设备处于网络覆盖范围之外或者与接入网设备之间的信号质量不好(例如,低于预设门限)时,远端终端设备可以通过中继终端设备进行辅助,通过远端终端设备与中继终端设备之间的通信,以及中继终端设备与接入网设备之间的通信来实现远端终端设备和接入网设备之间的通信。例如,如图1的(b)所示,远端终端设备可以通过中继终端设备实现与RAN的通信。(b) of FIG. 1 shows a schematic diagram of another communication system architecture according to an embodiment of the present application. When the remote terminal device is outside the network coverage or the signal quality with the access network device is not good (for example, lower than the preset threshold), the remote terminal device can assist through the relay terminal device. The communication between the terminal terminal equipment and the relay terminal equipment, and the communication between the relay terminal equipment and the access network equipment are implemented to realize the communication between the remote terminal equipment and the access network equipment. For example, as shown in (b) of FIG. 1 , the remote terminal device can communicate with the RAN through the relay terminal device.
随着移动通信的高速发展,新业务类型,如视频业务、虚拟现实(virtual reality,VR)/增强现实(augmented reality,AR)等数据业务的普遍使用提高了用户对带宽的需求。D2D通信允许UE之间直接进行通信,可以在小区网络的控制下与小区用户共享频谱资源,有效地提高频谱资源的利用率。目前,D2D通信已经应用于4G和5G网络***中,统称为临近业务通信(proximity based service,ProSe)。With the rapid development of mobile communications, the widespread use of new business types, such as video services, virtual reality (VR)/augmented reality (AR) and other data services, has increased users' demand for bandwidth. D2D communication allows direct communication between UEs and can share spectrum resources with cell users under the control of the cell network, effectively improving the utilization of spectrum resources. At present, D2D communication has been used in 4G and 5G network systems, collectively called proximity based service communication (ProSe).
当UE处于网络覆盖之外或与RAN间通信信号不好时,远端UE(remote UE)可以通过中继UE(relay UE)进行辅助通信,即通过远端UE与中继UE间通信、中继UE与移动网络通信进而实现远端UE获得服务。通过建立远端UE到中继UE到网络的通信方式,可以扩展支持处在网络覆盖范围外UE到网络的通信。远端UE到中继UE到网络的通信方式可以称为UE至网络中继(UE-to-network relay)通信。When the UE is outside the network coverage or the communication signal with the RAN is not good, the remote UE (remote UE) can perform auxiliary communication through the relay UE (relay UE), that is, through communication between the remote UE and the relay UE, the relay UE After the UE communicates with the mobile network, the remote UE can obtain services. By establishing a communication method from the remote UE to the relay UE and the network, the communication between the UE and the network outside the network coverage can be expanded. The communication method from the remote UE to the relay UE to the network can be called UE-to-network relay communication.
为了便于理解本申请实施例的技术方案,在以5G架构为基础介绍本申请实施例的方案之前,首先对本申请实施例可能涉及到的5G中的一些术语或概念,以及本申请可能涉及但上述网络架构未示出的网元进行简单描述。In order to facilitate understanding of the technical solutions of the embodiments of the present application, before introducing the solutions of the embodiments of the present application based on the 5G architecture, first of all, some terms or concepts in 5G that may be involved in the embodiments of the present application, as well as the above-mentioned terms that may be involved in this application Network elements that are not shown in the network architecture are briefly described.
1、用户永久标识(subscription permanent identifier,SUPI)1. User permanent identifier (subscription permanent identifier, SUPI)
SUPI是分配给每个用户的5G全球唯一用户永久标识符,包括四种类型(SUPI type):IMSI,NSI(network specific identifier),Global Line Identifier(GLI)、Global Cable Identifier(GCI),其中,NSI、GLI、GCI类型的SUPI均为NAI格式。SUPI is a 5G globally unique user permanent identifier assigned to each user, including four types (SUPI type): IMSI, NSI (network specific identifier), Global Line Identifier (GLI), Global Cable Identifier (GCI), among which, NSI, GLI, and GCI types of SUPI are all in NAI format.
其中,NAI格式的SUPI是由第三方,而非运营商生成的一种SUPI的类型,它是一种通用格式,其表现形式为username@realm。其中,username表示SUPI对应的用户名,realm表示SUPI对应的域名。Among them, SUPI in NAI format is a type of SUPI generated by a third party rather than the operator. It is a universal format and its expression is username@realm. Among them, username represents the username corresponding to SUPI, and realm represents the domain name corresponding to SUPI.
2、用户隐藏标识(subscription concealed identifier,SUCI)2. Subscription concealed identifier (SUCI)
为了不在空口暴露用户的SUPI,通过对SUPI中的部分内容进行计算得到一个结果,该结果是用户隐藏标识(subscription concealed identifier,SUCI)的一部分。当SUPI是NAI格式的时候,SUCI也是NAI格式。SUCI是字符串形式,例如,作为一种示例,SUCI可以是:type0.rid678.schid1.hnkey27.ecckey<ECC ephemeral public key>.cip<encryption of0999999999>.mac<MAC tag value>@5gc.mnc015.mcc234.3gppnetwork.org。In order not to expose the user's SUPI over the air interface, a result is obtained by calculating part of the content in the SUPI, which is part of the user's hidden identifier (subscription conceaaled identifier, SUCI). When SUPI is in NAI format, SUCI is also in NAI format. SUCI is in string form, for example, as an example, SUCI can be: type0.rid678.schid1.hnkey27.eckey<ECC ephemeral public key>.cip<encryption of0999999999>.mac<MAC tag value>@5gc.mnc015. mcc234.3gppnetwork.org.
图2示出了SUCI的一种结构。如图2所示,SUCI主要包含的内容如下:Figure 2 shows a structure of SUCI. As shown in Figure 2, SUCI mainly includes the following contents:
SUPI类型(SUPI type):取值范围为0-7,其中,0代表IMSI;1代表NSI;2代表GLI;3代表GCI;4到7还没有被定义。SUPI type (SUPI type): The value range is 0-7, where 0 represents IMSI; 1 represents NSI; 2 represents GLI; 3 represents GCI; 4 to 7 have not been defined yet.
归属地网络标识符(Home Network Identifier):标注用户注册地网络。当SUPI为IMSI时,其注册地标识包括MCC和MNC;当SUPI为NAI时,其注册地网络长度不定代表域名的字符串; Home Network Identifier: Marks the network where the user is registered. When SUPI is IMSI, its registration location identifier includes MCC and MNC; when SUPI is NAI, its registration location network length is a variable string representing the domain name;
当SUPI type是IMSI的时候,归属地网络标识符为移动国家码(mobile country code,MCC)和移动网络码(mobile network code,MNC)。当SUPI类型是NSI的时候,Home Network Identifier是一个格式为username@realm的字符串。当SUPI type是GCI时,Home Network Identifier的格式为5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org。When the SUPI type is IMSI, the home network identifier is the mobile country code (MCC) and mobile network code (MNC). When the SUPI type is NSI, the Home Network Identifier is a string in the format of username@realm. When SUPI type is GCI, the format of Home Network Identifier is 5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org.
路由标识(Routing Indicator):包括1—4个十进制数据,用于标识注册网络运营商和UICC;Routing Indicator: includes 1-4 decimal data, used to identify the registered network operator and UICC;
保护方法标识(Protection Scheme Id):用于标识生成SUCI所使用的算法,包括以下三种:NULL-scheme:0,Profile<A>:1,Profile<B>:2。即Protection Scheme Id为0时,表示SUCI是使用空算法NULL-scheme生成的;Protection Scheme Id为1时,表示SUCI是使用算法Profile<A>生成的;Protection Scheme Id为2时,表示SUCI是使用算法Profile<B>生成的。其中,Profile<A>和Profile<B>可以称为非空算法。若使用空算法生成SUCI,则表示不对SUPI进行加密;若使用非空算法(Profile<A>或Profile<B>)生成SUCI,则表示需要对SUPI进行加密。Profile<A>代表256比特公钥长度的ECIES算法,Profile<B>代表264比特公钥长度的ECISE算法。Protection Scheme Id: Used to identify the algorithm used to generate SUCI, including the following three types: NULL-scheme: 0, Profile<A>: 1, Profile<B>: 2. That is, when Protection Scheme Id is 0, it means that SUCI is generated using the empty algorithm NULL-scheme; when Protection Scheme Id is 1, it means that SUCI is generated using algorithm Profile<A>; when Protection Scheme Id is 2, it means that SUCI is generated using Generated by algorithm Profile<B>. Among them, Profile<A> and Profile<B> can be called non-empty algorithms. If an empty algorithm is used to generate SUCI, it means that SUPI will not be encrypted; if a non-empty algorithm (Profile<A> or Profile<B>) is used to generate SUCI, it means that SUPI needs to be encrypted. Profile<A> represents the ECIES algorithm with a public key length of 256 bits, and Profile<B> represents the ECISE algorithm with a public key length of 264 bits.
归属网络公钥标识(Home Network Public Key Id):取值0-255由HPLMN提供公共密钥用于进行SUPI保护;当未启用(null-scheme)时,取值为0。Home Network Public Key Id: The value is 0-255. The public key provided by HPLMN is used for SUPI protection; when it is not enabled (null-scheme), the value is 0.
方案输出(Scheme Output):由长度可变或16进制数字的字符串组成,其依赖所使用保护方案。示例性地,对于NAI格式的SUPI,对SUPI包含的username部分进行加密计算得到参数可作为SUCI的Scheme Output部分。Scheme Output: consists of a string of variable length or hexadecimal digits, which depends on the protection scheme used. For example, for SUPI in NAI format, the parameters obtained by encrypting and calculating the username part contained in SUPI can be used as the Scheme Output part of SUCI.
3、5G PRUK ID3. 5G PRUK ID
5G PRUK ID是用于标识5G PRUK的密钥标识符,其中,5G PRUK是由Kausf生成的密钥。5G PRUK ID is a key identifier used to identify 5G PRUK, where 5G PRUK is a key generated by Kausf.
5G PRUK ID是NAI格式的,即5G PRUK ID由username@relam组成。username包括路由标识Routing Identifier,以及KDF计算结果。KDF计算结果是将Kausf和一些输入参数放入KDF中计算得到的。输入参数会包括字符串"PRUK-ID",RSC和SUPI。5G PRUK ID is in NAI format, that is, 5G PRUK ID consists of username@relam. The username includes the Routing Identifier and the KDF calculation result. The KDF calculation result is calculated by putting Kausf and some input parameters into KDF. Input parameters will include the string "PRUK-ID", RSC and SUPI.
4、A-KID4.A-KID
A-KID是用于标识Kakma的密钥标识,使用的也是NAI格式,即username@relam形式。username包括路由标识Routing Identifier和KDF计算结果。其中KDF计算结果是AUSF使用Kausf和一些输入参数放入KDF中计算得到的。输入参数会包括字符串"A-TID"和SUPI。A-KID is the key ID used to identify Kakma, and it also uses the NAI format, that is, username@relam format. username includes routing identifier Routing Identifier and KDF calculation result. The KDF calculation result is calculated by AUSF using Kausf and some input parameters put into KDF. Input parameters will include the string "A-TID" and SUPI.
在当前通信***或通信流程中,经常会使用一些标识,这些标识通常用来标识用户的身份,或者用来标识某个网元,或者用来标识某个密钥,或者用来标识某个会话等。当一个网元接收到一个标识后,可以根据这个标识执行一些操作。但是如果该网元无法识别这个标识的话,可能就无法根据这个标识执行正确的流程,或者说,可能会执行错误的流程。下面结合图3给出的通信流程,介绍上述问题可能存在的一种具体场景。In current communication systems or communication processes, some identifiers are often used. These identifiers are usually used to identify the user's identity, or to identify a certain network element, or to identify a certain key, or to identify a certain session. wait. When a network element receives an identifier, it can perform some operations based on the identifier. However, if the network element cannot recognize this identifier, it may not be able to execute the correct process based on this identifier, or in other words, it may execute the wrong process. A specific scenario in which the above problem may exist is introduced below based on the communication process shown in Figure 3.
图3示出了一种Prose控制面(control plane,CP)流程,其中该CP流程指的是remote UE通过relay UE的NAS消息,获得用于与relay UE建立PC5安全的密钥的过程。需要说明的是,在方法300的流程图中,AMF(Remote)指的是Remote UE对应的AMF,该 AMF也可以记作Remote AMF;类似地,AMF(Relay)指的是Relay UE的AMF,该AMF可以记作Relay AMF,其余网元可以用类似的方式解释,这里不再一一说明。下面结合方法300中的各个步骤对CP流程进行示例性说明,未详尽说明的部分可参考现有协议。Figure 3 shows a Prose control plane (CP) process, where the CP process refers to the process in which the remote UE obtains the key used to establish PC5 security with the relay UE through the NAS message of the relay UE. It should be noted that in the flow chart of method 300, AMF (Remote) refers to the AMF corresponding to the Remote UE. AMF can also be recorded as Remote AMF; similarly, AMF (Relay) refers to the AMF of the Relay UE, and the AMF can be recorded as Relay AMF. The other network elements can be explained in a similar manner, and will not be explained one by one here. The following is an exemplary description of the CP process in conjunction with each step in the method 300. For parts that are not explained in detail, reference can be made to existing protocols.
S301,Remote UE注册到网络,并通过网络进行认证和授权。S301, Remote UE registers with the network and performs authentication and authorization through the network.
S302,Relay UE注册到网络,并通过网络进行认证和授权。S302, Relay UE registers with the network and performs authentication and authorization through the network.
S303,Remote UE和Relay UE互相发现。S303, Remote UE and Relay UE discover each other.
S304,Remote UE向Relay UE发送直连通信请求(Direct Communication Request)消息。S304, Remote UE sends a direct communication request (Direct Communication Request) message to Relay UE.
在一种情况中,该直连通信请求消息中携带Remote UE的SUCI,中继服务码(relay service code,RSC),Nounce_1等。例如,Remote UE本地没有保存有5G PRUK ID,在这种情况下,Remote UE使用SUCI发起直连通信请求。该SUCI用于UDM获得Remote UE的SUPI,并对remote UE进行鉴权。In one case, the direct communication request message carries the SUCI of the Remote UE, relay service code (RSC), Nounce_1, etc. For example, the Remote UE does not have a 5G PRUK ID saved locally. In this case, the Remote UE uses SUCI to initiate a direct communication request. This SUCI is used by UDM to obtain the SUPI of the Remote UE and authenticate the remote UE.
在另一种情况中,该直连通信请求消息中携带5G PRUK ID,RSC,Nounce_1等。例如,UE在方法300所示的流程之前,已经接入过网络,在上一次入网的时候,Remote UE获得并保存了5G PRUK ID,在这种情况下,Remote UE使用5G PRUK ID发起直连通信请求。In another case, the direct communication request message carries 5G PRUK ID, RSC, Nounce_1, etc. For example, the UE has already accessed the network before the process shown in method 300. When it last accessed the network, the Remote UE obtained and saved the 5G PRUK ID. In this case, the Remote UE uses the 5G PRUK ID to initiate a direct connection. Communication Requests.
RSC用于Remote UE与relay UE互相发现,它用于指示Relay可以为RemoteUE提供的服务信息。一个RelayUE可以支持多个不同的RSC,但是在每一次发现的时候只能携带一个RSC。RSC是网络侧下发给RelayUE和RemoteUE的,同时网络侧还会下发PDU会话相关参数,比如DNN或者单网络切片选择支撑信息(single network slice selection assistance information,S-NSSAI);Nounce_1用于传递给remote UE的家乡网络以作为密钥生成参数。RSC is used for Remote UE and relay UE to discover each other. It is used to indicate the service information that Relay can provide for Remote UE. A RelayUE can support multiple different RSCs, but can only carry one RSC each time it is discovered. RSC is issued by the network side to RelayUE and RemoteUE. At the same time, the network side will also issue PDU session related parameters, such as DNN or single network slice selection assistance information (single network slice selection assistance information, S-NSSAI); Nounce_1 is used for delivery Give the remote UE's home network as a key generation parameter.
S305,Relay UE向AMF(Relay)发送中继密钥请求(Relay Key Request)消息,该AMF为Relay UE对应的AMF,或者说,该AMF是为Relay UE提供接入服务的AMF,该消息为NAS消息,该消息中包括Relay UE的身份信息,以及从来自Remote UE的直连通信请求消息中获取到的信息,例如SUCI、RSC、Nounce_1等;或者5G PRUK ID,RSC,Nounce_1等。其中Nounce_1中携带的是随机数。Nounce_1相同的概率非常低,在大多数情况是不同的。因此,可以理解为,在SUCI、RSC、Nounce_1和5G PRUK ID,RSC,Nounce_1中的Nounce_1值是不同的。S305, Relay UE sends a relay key request (Relay Key Request) message to the AMF (Relay). The AMF is the AMF corresponding to the Relay UE, or in other words, the AMF is the AMF that provides access services for the Relay UE. The message is NAS message, which includes the identity information of the Relay UE and the information obtained from the direct communication request message from the Remote UE, such as SUCI, RSC, Nounce_1, etc.; or 5G PRUK ID, RSC, Nounce_1, etc. Among them, Nounce_1 carries a random number. The probability of Nounce_1 being the same is very low and is different in most cases. Therefore, it can be understood that the Nounce_1 value in SUCI, RSC, Nounce_1 and 5G PRUK ID, RSC, Nounce_1 is different.
S306,AMF对Relay UE进行认证。S306, AMF authenticates Relay UE.
示例性地,AMF接收来自Relay的中继密钥请求消息之后,检查relay UE是否可以提供中继服务,或者说,AF检查Relay UE是否可以作为中继设备。如果是的话,则执行后续流程。For example, after receiving the relay key request message from Relay, the AMF checks whether the relay UE can provide relay services, or in other words, the AF checks whether the relay UE can serve as a relay device. If so, follow the process.
S307,AMF向AUSF(Remote)发送Prose认证请求(Nausf_UEAuthentication_ProseAuthenticate Request)消息。其中,该AUSF与Remote UE对应。该Prose认证请求消息携带有AMF从Relay UE接收到的中继密钥请求消息中获取到的信息,例如SUCI、RSC、Nounce_1等;或者5G PRUK ID,RSC,Nounce_1等。S307, AMF sends a Prose authentication request (Nausf_UEAuthentication_ProseAuthenticate Request) message to AUSF (Remote). Among them, the AUSF corresponds to Remote UE. The Prose authentication request message carries the information obtained by the AMF from the relay key request message received by the Relay UE, such as SUCI, RSC, Nounce_1, etc.; or 5G PRUK ID, RSC, Nounce_1, etc.
如果Prose认证请求消息中携带有SUCI,则AUSF执行图3中的情况A所对应的流 程;如果Prose认证请求消息中携带有5G PRUK ID,则AUSF执行图3中的情况B所对应的流程。下面分别对情况A和情况B作示例性说明。If the Prose authentication request message carries SUCI, AUSF executes the flow corresponding to case A in Figure 3. process; if the Prose authentication request message carries the 5G PRUK ID, the AUSF executes the process corresponding to case B in Figure 3. Below are illustrative descriptions of case A and case B respectively.
情况A:Case A:
S308,AUSF通过UDM获取主鉴权参数。示例性地,AUSF向UDM发送服务化请求消息,以请求获取主鉴权参数,UDM根据AUSF的请求向AUSF返回主鉴权参数。S308, AUSF obtains the main authentication parameters through UDM. For example, AUSF sends a service request message to UDM to request to obtain the main authentication parameters, and UDM returns the main authentication parameters to AUSF according to the request of AUSF.
AUSF获取主鉴权参数之后,触发Remote UE的主鉴权流程。Remote UE通过relay UE与remote UE的AUSF进行主鉴权流程。具体流程如S309-S314所示,详细过程可参考现有协议,这里不再赘述。After AUSF obtains the main authentication parameters, it triggers the main authentication process of Remote UE. Remote UE performs the main authentication process through the AUSF of relay UE and remote UE. The specific process is shown in S309-S314. Please refer to the existing protocol for the detailed process and will not be repeated here.
S315a,Remote UE生成5G PRUK和5G PRUK ID。S315a, Remote UE generates 5G PRUK and 5G PRUK ID.
S315b,AUSF生成5G PRUK和5G PRUK ID。S315b, AUSF generates 5G PRUK and 5G PRUK ID.
示例性地,主鉴权流程成功后,remote UE的AUSF和Remote UE分别各自生成密钥5G PRUK和密钥标识符5G PRUK ID。For example, after the main authentication process is successful, the AUSF of the remote UE and the remote UE generate the key 5G PRUK and the key identifier 5G PRUK ID respectively.
S316,AUSF向PAnF发送Prose密钥注册请求(Npanf_ProSeKey_Register Request)消息,该密钥注册请求消息中携带有SUPI、PRUK和5G PRUK ID。S316, AUSF sends a Prose key registration request (Npanf_ProSeKey_Register Request) message to PAnF. The key registration request message carries SUPI, PRUK and 5G PRUK ID.
S317,PAnF向AUSF发送Prose密钥注册响应(Npanf_ProSeKey_Register Response)消息。S317, PAnF sends a Prose key registration response (Npanf_ProSeKey_Register Response) message to AUSF.
示例性地,PAnF接收到来自AUSF的Prose密钥注册请求消息之后,保存PRUK和5G PRUK ID,且该PRUK和5G PRUK ID与Remote UE的SUPI相关联。保存完成之后,PAnF向AUSF发送Prose密钥注册响应消息。For example, after PAnF receives the Prose key registration request message from AUSF, it saves PRUK and 5G PRUK ID, and the PRUK and 5G PRUK ID are associated with the SUPI of Remote UE. After the saving is completed, PAnF sends a Prose key registration response message to AUSF.
情况B:Case B:
S318,AUSF向PAnF发送Prose密钥获取请求(Npanf_ProSeKey_Get Request)消息。S318, AUSF sends a Prose key acquisition request (Npanf_ProSeKey_Get Request) message to PAnF.
示例性地,该Prose密钥获取请求消息包括5G PRUK ID,该Prose密钥获取请求消息用于请求获取5G PRUK。Illustratively, the Prose key acquisition request message includes the 5G PRUK ID, and the Prose key acquisition request message is used to request to obtain the 5G PRUK.
S319,PAnF向AUSF发送Prose密钥获取响应(Npanf_ProSeKey_Get Response)消息。S319, PAnF sends a Prose key acquisition response (Npanf_ProSeKey_Get Response) message to AUSF.
示例性地,PAnF接收来自AUSF的Prose密钥获取请求消息之后,从本地获取与5G PRUK ID对应的5G PRUK,然后通过Prose密钥获取响应消息将该5G PRUK发送给AUSF。For example, after PAnF receives the Prose key acquisition request message from the AUSF, it obtains the 5G PRUK corresponding to the 5G PRUK ID locally, and then sends the 5G PRUK to the AUSF through the Prose key acquisition response message.
可以理解的是,PAnF本地保存的5G PRUK可以是在Remote UE上一次接入网络的时候,通过类似S316的方式,获取并保存到本地的。It is understandable that the 5G PRUK saved locally by PAnF can be obtained and saved locally through a method similar to S316 when the Remote UE last accessed the network.
S320,Remote UE的AUSF进一步生成密钥KNR_ProSeS320: The AUSF of the Remote UE further generates the key K NR_ProSe .
S321,AUSF向Relay UE的AMF发送Prose授权响应消息。该Prose授权响应消息包括KNR_ProSe,Nounce_2,5G PRUK ID等。其中,AUSF在生成KNR_ProSe的时候,将该KNR_ProSe和Nounce_1作为输入参数生成Nounce_2。S321. The AUSF sends a Prose authorization response message to the AMF of the Relay UE. The Prose authorization response message includes K NR_ProSe , Nounce_2, 5G PRUK ID, etc. Among them, when AUSF generates K NR_ProSe , it uses K NR_ProSe and Nounce_1 as input parameters to generate Nounce_2.
S322,AMF向Relay UE发送中继密钥响应(Relay Key Response)消息。该中继密钥响应消息包括KNR_ProSe,Nounce_2,5G PRUK ID等。S322: The AMF sends a relay key response (Relay Key Response) message to the Relay UE. The relay key response message includes K NR_ProSe , Nounce_2, 5G PRUK ID, etc.
S323,Relay UE接收到中继密钥响应消息之后,保存KNR_ProSe,并向Remote UE发送直连安全模式命令(Direct Security mode command)消息,该直连安全模式命令消息中包括Nounce_2,5G PRUK ID等。S323. After receiving the relay key response message, the Relay UE saves K NR_ProSe and sends a direct security mode command (Direct Security mode command) message to the Remote UE. The direct security mode command message includes Nounce_2, 5G PRUK ID. wait.
S324,Remote UE接收到来自Relay UE的直连安全模式命令消息之后,生成KNR_ProSeS324: After receiving the direct security mode command message from the Relay UE, the Remote UE generates K NR_ProSe .
S325,Remote UE向Relay UE发送直连安全模式完成(Direct Security Complete)消息。S325, Remote UE sends a direct security mode completion (Direct Security Complete) message to Relay UE.
S326,Relay UE向Remote UE发送直连通信接受(Direct Communication Accept)消息。S326, Relay UE sends a Direct Communication Accept message to Remote UE.
从上述方法300所示的流程可知,如果S307中携带了Remote UE的SUCI,则AUSF从UDM获取主鉴权参数(对应S308),并触发针对Remote UE的主鉴权流程(对应S309-S314)。主鉴权成功之后,AUSF生成5G PRUK和5G PRUK ID(对应S315a),并将5G PRUK和5G PRUK ID保存到PAnF(对应S316-S317)。可以理解的是,在这种情况下,AUSF不需要执行S318-S319。如果S307中携带了5G PRUK ID,则AUSF直接通过PAnF获取与该5G PRUK ID对应的5G PRUK(对应S318-S319)。可以理解的是,在这种情况下,AUSF不需要执行S308-S317。It can be seen from the process shown in the above method 300 that if S307 carries the SUCI of the Remote UE, the AUSF obtains the main authentication parameters from the UDM (corresponding to S308) and triggers the main authentication process for the Remote UE (corresponding to S309-S314) . After the main authentication is successful, AUSF generates 5G PRUK and 5G PRUK ID (corresponding to S315a), and saves 5G PRUK and 5G PRUK ID to PAnF (corresponding to S316-S317). It is understood that in this case, AUSF does not need to perform S318-S319. If S307 carries a 5G PRUK ID, AUSF directly obtains the 5G PRUK corresponding to the 5G PRUK ID through PAnF (corresponding to S318-S319). It is understood that in this case, AUSF does not need to perform S308-S317.
也就是说,AUSF需要根据S307中携带的标识是SUCI还是5G PRUK ID,确定接下来需要执行的流程。In other words, AUSF needs to determine the next process to be performed based on whether the identifier carried in S307 is SUCI or 5G PRUK ID.
然而,5G PRUK ID与SUCI的格式是一致的,在一些情况下,AUSF可能无法区分接收到的标识是SUCI还是5G PRUK ID。例如,在一种极端的场景中,若5G PRUK ID与SUCI大部分一致,那么AUSF就有可能无法明确的区分收到的是SUCI还是5G PRUK ID。具体例如,在AUSF和Remote UE在生成5G PRUK ID的时候,前面部分字段被转换为type0.rid678,恰好与SUCI中的前面几个字段完全一样,那么此时AUSF便无法确定收到的标识是SUCI还是5G PRUK ID。However, the format of 5G PRUK ID and SUCI are consistent, and in some cases, AUSF may not be able to distinguish whether the received identification is SUCI or 5G PRUK ID. For example, in an extreme scenario, if the 5G PRUK ID is mostly consistent with the SUCI, then AUSF may not be able to clearly distinguish whether it is the SUCI or the 5G PRUK ID received. For example, when AUSF and Remote UE generate 5G PRUK ID, some of the previous fields are converted to type0.rid678, which is exactly the same as the first few fields in SUCI. At this time, AUSF cannot determine whether the received ID is SUCI is still 5G PRUK ID.
基于上述问题,本申请实施例提供了一种通信方法400,可以用于区分不同的标识。下面结合图4对本申请实施例提供的方法400做示例性说明。Based on the above problems, the embodiment of the present application provides a communication method 400, which can be used to distinguish different identifiers. The method 400 provided by the embodiment of the present application will be exemplified below with reference to Figure 4 .
首先结合方法400介绍本申请实施例提供的第一种可能的实现方式。First, the first possible implementation method provided by the embodiment of the present application will be introduced in conjunction with method 400.
S401a,远端终端设备生成临近业务中继用户密钥和临近业务中继用户密钥标识。S401a: The remote terminal device generates a proximity service relay user key and a proximity service relay user key identifier.
S401b,鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识。S401b: The authentication server functional network element generates a proximity service relay user key and a proximity service relay user key identifier.
可以理解的是,远端终端设备和鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识的方式相同,为了简洁,后续以远端终端设备为例进行说明。It can be understood that the remote terminal device and the authentication server functional network element generate the proximity service relay user key and the proximity service relay user key identifier in the same way. For the sake of simplicity, the following explanation will be based on the remote terminal device as an example. .
示例性地,远端终端设备在生成临近业务中继用户密钥标识时,可以在该临近业务中继用户密钥标识中携带一个第一指示信息来指示该临近业务中继用户密钥标识是什么标识,或者说,该第一指示信息用于识别该临近业务中继用户密钥标识。例如,该第一指示信息用于指示以下一项或多项:临近业务中继用户密钥标识的名称、临近业务中继用户密钥标识的类型、临近业务中继用户密钥标识的功能、临近业务中继用户密钥标识的应用场景等。当一个网元接收到该临近业务中继用户密钥标识后,可以根据该临近业务中继用户密钥标识中携带的该第一指示信息,识别该临近业务中继用户密钥标识,或者说,确定该临近业务中继用户密钥标识的含义或作用,然后根据该标识执行后续流程。For example, when the remote terminal device generates the proximity service relay user key identifier, the proximity service relay user key identifier may carry a first indication information to indicate that the proximity service relay user key identifier is What identifier, or in other words, the first indication information is used to identify the proximity service relay user key identifier. For example, the first indication information is used to indicate one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the function of the proximity service relay user key identifier, Application scenarios for proximity service relay user key identification, etc. After a network element receives the proximity service relay user key identifier, it can identify the proximity service relay user key identifier according to the first indication information carried in the proximity service relay user key identifier, or in other words , determine the meaning or function of the proximity service relay user key identification, and then execute subsequent processes based on the identification.
这里需要说明的是,本申请实施例中所谓的识别某个标识,指的是确定该标识是什么标识,或者说,确定该标识的含义或名称,或者是,确定该标识的功能或作用,或者是,确定该标识的应用场景等。其他类似地方不再重复说明。It should be noted here that the so-called identification of a certain logo in the embodiment of this application refers to determining what logo the logo is, or in other words, determining the meaning or name of the logo, or determining the function or role of the logo. Or, determine the application scenarios of the logo, etc. The description will not be repeated in other similar places.
在一种实现方式中,S401a和S401b可以对应于方法300中的S315a和S315b,在这 种情况下,方法300中的Remote UE对应于方法400中的远端终端设备,方法300中的AUSF对应于方法400中的鉴权服务功能网元。将上述方案应用于方法300中进行示例性说明:在方法300中的S315a和S315b,AUSF和Remote UE在生成5G PRUK ID时,可以在该5G PRUK ID中携带第一指示信息,该第一指示信息可以是字符串。在一种实现方式中,该第一指示信息可以指示(或者说描述)5G PRUK ID的使用场景,例如,该第一指示信息可以是字符串“5G Prose”;在另一种实现方式中,该第一指示信息可以指示5G PRUK ID的名称(或含义),例如,该第一指示信息可以是字符串“5G PRUKID”。In one implementation, S401a and S401b may correspond to S315a and S315b in method 300, where In this case, the Remote UE in method 300 corresponds to the remote terminal device in method 400, and the AUSF in method 300 corresponds to the authentication service function network element in method 400. Apply the above solution to method 300 for illustrative explanation: in S315a and S315b in method 300, when the AUSF and Remote UE generate a 5G PRUK ID, the first indication information may be carried in the 5G PRUK ID. The message can be a string. In one implementation, the first indication information may indicate (or describe) the usage scenario of the 5G PRUK ID. For example, the first indication information may be the string "5G Prose"; in another implementation, The first indication information may indicate the name (or meaning) of the 5G PRUK ID. For example, the first indication information may be the character string "5G PRUKID".
该第一指示信息可以携带在该5G PRUK ID中的任意位置。例如,该第一指示信息可以携带于5G PRUK ID包含的username中,也可以携带于5G PRUK ID包含的realm中。下面以该第一指示信息为字符串“5G PRUKID”为例进行说明。The first indication information can be carried anywhere in the 5G PRUK ID. For example, the first indication information can be carried in the username included in the 5G PRUK ID, or in the realm included in the 5G PRUK ID. The following description takes the first indication information as the string "5G PRUKID" as an example.
具体地,该第一指示信息可以携带在username或realm的开头,例如,该5G PRUK ID为:“5G PRUKID”[email protected],或者,该5G PRUK ID为:rid678.0123456789@“5G PRUKID”.5gc.mnc015.mcc234.3gppnetwork.org。可以理解的是,上述示例中的“.”具有连接和区分的作用。还可以理解的是,上述示例中的“5G PRUKID”中的双引号可以省略。比如,该5G PRUK ID为:5G [email protected],或者,该5G PRUK ID为:rid678.0123456789@5G PRUKID.5gc.mnc015.mcc234.3gppnetwork.org。Specifically, the first indication information can be carried at the beginning of username or realm. For example, the 5G PRUK ID is: "5G PRUKID"[email protected], or the 5G PRUK ID For: rid678.0123456789@"5G PRUKID".5gc.mnc015.mcc234.3gppnetwork.org. It can be understood that the "." in the above examples has the function of connection and distinction. It is also understood that the double quotes in "5G PRUKID" in the above example can be omitted. For example, the 5G PRUK ID is: 5G [email protected], or the 5G PRUK ID is: rid678.0123456789@5G PRUKID.5gc.mnc015.mcc234.3gppnetwork.org.
或者,该第一指示信息可以携带在username或realm的结尾,例如,该5G PRUK ID为:rid678.0123456789.“5G PRUKID”@5gc.mnc015.mcc234.3gppnetwork.org,或者,该5G PRUK ID为:[email protected].“5G PRUKID”。Alternatively, the first indication information can be carried at the end of username or realm. For example, the 5G PRUK ID is: rid678.0123456789."5G PRUKID"@5gc.mnc015.mcc234.3gppnetwork.org, or the 5G PRUK ID is: :[email protected]. "5G PRUKID".
或者,该第一指示信息可以携带在username或realm的中间,例如,该5G PRUK ID为:rid678.“5G PRUKID”[email protected],或者,该5G PRUK ID为:rid678.0123456789@5gc.“5G PRUKID”.mnc015.mcc234.3gppnetwork.org。Alternatively, the first indication information can be carried in the middle of username or realm. For example, the 5G PRUK ID is: rid678."5G PRUKID"[email protected], or the 5G PRUK ID is: :rid678.0123456789@5gc."5G PRUKID".mnc015.mcc234.3gppnetwork.org.
S402,鉴权服务器功能网元向临近业务锚点功能网元发送临近业务中继用户密钥和临近业务中继用户密钥标识。S402: The authentication server functional network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
示例性地,鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识之后,将该临近业务中继用户密钥和临近业务中继用户密钥标识发送给临近业务锚点功能网元。对应地,临近业务锚点功能网元接收来自鉴权服务器功能网元的该临近业务中继用户密钥和临近业务中继用户密钥标识,然后保存该临近业务中继用户密钥和临近业务中继用户密钥标识。Exemplarily, after the authentication server function network element generates the proximity service relay user key and the proximity service relay user key identifier, it sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service relay user key. Service anchor function network element. Correspondingly, the proximity service anchor function network element receives the proximity service relay user key and the proximity service relay user key identification from the authentication server function network element, and then saves the proximity service relay user key and proximity service Relay user key ID.
在一种实现方式中,S402可对应于方法300中的S316。在这种情况下,方法300中的PAnF可对应于方法400中的临近业务锚点功能网元。In one implementation, S402 may correspond to S316 in method 300. In this case, the PAnF in method 300 may correspond to the proximity service anchor function network element in method 400.
S403,远端终端设备向中继终端设备发送直连通信请求消息。对应地,中继终端设备接收来自远端终端设备的直连通信请求消息。S403. The remote terminal device sends a direct communication request message to the relay terminal device. Correspondingly, the relay terminal device receives the direct communication request message from the remote terminal device.
示例性地,远端终端设备在该直连通信请求消息中携带了一个标识。可以理解的是,在远端终端设备存有临近业务中继用户密钥标识的情况下,该标识为该临近业务中继用户密钥标识;在远端终端设备没有存有临近业务中继用户密钥标识的情况下,该标识为该远端终端设备的用户隐藏标识。For example, the remote terminal device carries an identifier in the direct communication request message. It can be understood that when the remote terminal device has a proximity service relay user key identifier, the identifier is the proximity service relay user key identifier; when there is no proximity service relay user key identifier in the remote terminal device In the case of key identification, the identification is the user hidden identification of the remote terminal device.
S404,中继终端设备向移动管理网元发送中继密钥请求消息,该中继密钥请求消息包 括中继终端设备在S403从远端终端设备接收到的标识。对应地,移动管理网元接收来自中继终端设备的中继密钥请求消息。S404: The relay terminal device sends a relay key request message to the mobility management network element. The relay key request message package Including the identification received by the relay terminal equipment from the remote terminal equipment in S403. Correspondingly, the mobility management network element receives the relay key request message from the relay terminal device.
S405,移动管理网元向鉴权服务器功能网元发送临近业务认证请求消息,该临近业务认证请求消息包括移动管理网元在S404从中继终端设备接收到的标识。对应地,鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息。S405: The mobility management network element sends a proximity service authentication request message to the authentication server function network element. The proximity service authentication request message includes the identification received by the mobility management network element from the relay terminal device in S404. Correspondingly, the authentication server function network element receives the proximity service authentication request message from the mobility management network element.
S406,鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识。S406: The authentication server functional network element determines that the identifier is the proximity service relay user key identifier.
示例性地,鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息之后,从该临近业务认证请求消息中获取标识。然后鉴权服务器功能网元识别该标识,或者说,鉴权服务器功能网元判断该是什么标识,或者说,鉴权服务器功能网元确定该标识的名称或含义。Exemplarily, after the authentication server function network element receives the proximity service authentication request message from the mobility management network element, it obtains the identity from the proximity service authentication request message. Then the authentication server functional network element recognizes the identifier, or in other words, the authentication server functional network element determines what the identifier is, or in other words, the authentication server functional network element determines the name or meaning of the identifier.
在该标识携带了第一指示信息的情况下,鉴权服务器功能网元可以根据该第一指示信息识别该标识。例如,在第一指示信息指示了临近业务中继用户密钥标识的名称的情况下,鉴权服务器功能网元根据该第一指示信息确定该标识为临近业务中继用户密钥标识。In the case where the identifier carries the first indication information, the authentication server function network element can identify the identifier based on the first indication information. For example, when the first indication information indicates the name of the proximity service relay user key identifier, the authentication server function network element determines that the identifier is the proximity service relay user key identifier based on the first indication information.
将上述方案应用于方法300中进行示例性说明:在方法300中的S307,AUSF接收到来自AMF的Prose认证请求消息之后,从该Prose认证请求消息获取一个标识,如果该标识包括第一指示信息且为“5G PRUKID”,则AMF确定该标识为5G PRUKID,在这种情况下AUSF确定执行图3中的情况B所对应的流程。否则AUSF确定该标识为SUCI,在这种情况下AUSF确定执行图3中的情况A所对应的流程。Apply the above solution to method 300 for an exemplary explanation: in S307 in method 300, after receiving the Prose authentication request message from the AMF, the AUSF obtains an identity from the Prose authentication request message, if the identity includes the first indication information and is "5G PRUKID", then AMF determines that the identifier is 5G PRUKID. In this case, AUSF determines to execute the process corresponding to situation B in Figure 3. Otherwise, the AUSF determines that the identifier is SUCI. In this case, the AUSF determines to execute the process corresponding to case A in Figure 3.
S407,鉴权服务器功能网元从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。具体过程本申请不作限定。S407: The authentication server function network element obtains the proximity service relay user key corresponding to the identification from the proximity service anchor point function network element. The specific process is not limited in this application.
基于上述第一种可能的实现方式,远端终端设备和鉴权服务器功能网元在生成临近业务中继用户密钥标识时,在该临近业务中继用户密钥标识中携带第一指示信息,该第一指示信息可以指示该临近业务中继用户密钥标识的名称、类型、功能、应用场景中的一项或多项。在这种情况下,当鉴权服务器功能网元接收到一个携带了第一指示信息的标识时,鉴权服务器功能网元可以根据该第一指示信息确定该标识为临近业务中继用户密钥标识,否则鉴权服务器功能网元确定该标识为用户隐藏标识。因此,通过上述方案,可以识别临近业务中继用户密钥标识。Based on the above first possible implementation manner, when the remote terminal device and the authentication server functional network element generate the proximity service relay user key identifier, the proximity service relay user key identifier carries the first indication information, The first indication information may indicate one or more of the name, type, function, and application scenario of the proximity service relay user key identification. In this case, when the authentication server function network element receives an identifier carrying the first indication information, the authentication server function network element can determine that the identifier is the proximity service relay user key based on the first indication information. identification, otherwise the authentication server function network element determines that the identification is a user hidden identification. Therefore, through the above solution, the user key identification of the adjacent service relay can be identified.
可以理解,上述方案也可以应用于其他场景。例如,在终端设备和核心网网元在生成标识的时候,可以在标识中加入第一指示信息,用于区分不同的标识。比如,在核心网网元为个人物联网设备(personalInternet of things,PIN)生成标识的情况下,第一指示信息可以是PIN。终端设备可以根据不同的标识区分存储的上下文信息对应哪种业务或功能;核心网网元则可以根据不同的标识确定后续流程。又例如,在未来某个场景中,为了避免无法区分某几个标识的情况,可以在其中一个或多个标识中加入第一指示信息,用来区分不同的标识,或者说,用来某个网元识别接收到的标识。具体例如,在未来出现某种技术需要AUSF进行鉴权,并且使用的标识的生成方式与5G PRUK ID的生成方式类似,并且这个标识也来自AMF,那么AUSF在生成这个标识的时候,可以在这个标识中添加第一指示信息,以区分这个标识、5G PRUK ID以及SUCI。It is understandable that the above solution can also be applied to other scenarios. For example, when the terminal device and the core network element generate the identifier, the first indication information can be added to the identifier to distinguish different identifiers. For example, in the case where the core network element generates an identification for a personal Internet of things device (personal Internet of things, PIN), the first indication information may be the PIN. Terminal equipment can distinguish which business or function the stored context information corresponds to based on different identifiers; core network elements can determine subsequent processes based on different identifiers. For another example, in a future scenario, in order to avoid being unable to distinguish certain logos, first indication information can be added to one or more of the logos to distinguish different logos, or in other words, to use a The network element identifies the received identifier. For example, if a certain technology appears in the future and requires AUSF for authentication, and the generation method of the identification used is similar to the generation method of 5G PRUK ID, and this identification also comes from AMF, then when AUSF generates this identification, it can be in this Add the first indication information to the logo to distinguish this logo, 5G PRUK ID and SUCI.
下面结合方法400介绍本申请实施例提供的第二种可能的实现方式。The second possible implementation method provided by the embodiment of the present application is introduced below in conjunction with method 400.
S401a,远端终端设备生成临近业务中继用户密钥和临近业务中继用户密钥标识。 S401a: The remote terminal device generates a proximity service relay user key and a proximity service relay user key identifier.
S401b,鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识。S401b: The authentication server functional network element generates a proximity service relay user key and a proximity service relay user key identifier.
可以理解的是,远端终端设备和鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识的方式类似,为了简洁,后续以远端终端设备为例进行说明。It can be understood that the remote terminal device and the authentication server functional network element generate the proximity service relay user key and the proximity service relay user key identification in a similar manner. For the sake of simplicity, the following explanation will be based on the remote terminal device as an example. .
示例性地,远端终端设备可以按照预设置的格式生成临近业务中继用户密钥标识。也就是说,可以规定临近业务中继用户密钥标识的格式(或者说构造),即为临近业务中继用户密钥标识预设置一种相关联的格式,远端终端设备生成的临近业务中继用户密钥标识需要满足预设置的格式。For example, the remote terminal device may generate a proximity service relay user key identification according to a preset format. That is to say, the format (or structure) of the proximity service relay user key identification can be specified, that is, an associated format is preset for the proximity service relay user key identification, and the proximity service generated by the remote terminal device The subsequent user key identification needs to meet the preset format.
将上述方案应用于方法300中进行示例性说明:规定5G PRUKID包含的username部分以路由标识作为开头。例如,在方法300中的S315a和S315b,AUSF和Remote UE生成的5G PRUK ID为:Apply the above solution to method 300 for exemplary explanation: it is specified that the username part contained in 5G PRUKID starts with the routing identifier. For example, in S315a and S315b in method 300, the 5G PRUK ID generated by AUSF and Remote UE is:
[email protected],其中rid678为路由标识部分,0123456789为KDF计算结果。[email protected], where rid678 is the route identification part and 0123456789 is the KDF calculation result.
又例如,规定5G PRUKID包含的username以路由标识作为结尾。例如,在方法300中的S315a和S315b,AUSF和Remote UE生成的5G PRUK ID为:[email protected]For another example, it is stipulated that the username contained in 5G PRUKID ends with the routing identifier. For example, in S315a and S315b in method 300, the 5G PRUK ID generated by AUSF and Remote UE is: [email protected].
又例如,规定路由标识在5G PRUKID的username的预设位置,具体例如,规定路由标识设置在5G PRUKID的username的第4个字符之后。例如,在方法300中的S315a和S315b,AUSF和Remote UE生成的5G PRUK ID为:[email protected]Another example is to specify that the routing identifier is set at the default position of the username of 5G PRUKID. For example, it is specified that the routing identifier is set after the 4th character of the username of 5G PRUKID. For example, in S315a and S315b in method 300, the 5G PRUK ID generated by AUSF and Remote UE is: [email protected].
S402,鉴权服务器功能网元向临近业务锚点功能网元发送临近业务中继用户密钥和临近业务中继用户密钥标识。S402: The authentication server functional network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
示例性地,鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识之后,将该临近业务中继用户密钥和临近业务中继用户密钥标识发送给临近业务锚点功能网元。对应地,临近业务锚点功能网元接收来自鉴权服务器功能网元的该临近业务中继用户密钥和临近业务中继用户密钥标识,然后保存该临近业务中继用户密钥和临近业务中继用户密钥标识。Exemplarily, after the authentication server function network element generates the proximity service relay user key and the proximity service relay user key identifier, it sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service relay user key. Service anchor function network element. Correspondingly, the proximity service anchor function network element receives the proximity service relay user key and the proximity service relay user key identification from the authentication server function network element, and then saves the proximity service relay user key and proximity service Relay user key ID.
S403,远端终端设备向中继终端设备发送直连通信请求消息。对应地,中继终端设备接收来自远端终端设备的直连通信请求消息。S403. The remote terminal device sends a direct communication request message to the relay terminal device. Correspondingly, the relay terminal device receives the direct communication request message from the remote terminal device.
示例性地,远端终端设备在该直连通信请求消息中携带了一个标识。可以理解的是,在远端终端设备存有临近业务中继用户密钥标识的情况下,该标识为该临近业务中继用户密钥标识;在远端终端设备没有存有临近业务中继用户密钥标识的情况下,该标识为该远端终端设备的用户隐藏标识。For example, the remote terminal device carries an identifier in the direct communication request message. It can be understood that when the remote terminal device has a proximity service relay user key identifier, the identifier is the proximity service relay user key identifier; when there is no proximity service relay user key identifier in the remote terminal device In the case of key identification, the identification is the user hidden identification of the remote terminal device.
S404,中继终端设备向移动管理网元发送中继密钥请求消息,该中继密钥请求消息包括中继终端设备在S403从远端终端设备接收到的标识。对应地,移动管理网元接收来自中继终端设备的中继密钥请求消息。S404: The relay terminal device sends a relay key request message to the mobility management network element. The relay key request message includes the identification received by the relay terminal device from the remote terminal device in S403. Correspondingly, the mobility management network element receives the relay key request message from the relay terminal device.
S405,移动管理网元向鉴权服务器功能网元发送临近业务认证请求消息,该临近业务认证请求消息包括移动管理网元在S404从中继终端设备接收到的标识。对应地,鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息。 S405: The mobility management network element sends a proximity service authentication request message to the authentication server function network element. The proximity service authentication request message includes the identification received by the mobility management network element from the relay terminal device in S404. Correspondingly, the authentication server function network element receives the proximity service authentication request message from the mobility management network element.
S406,鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识。S406: The authentication server functional network element determines that the identifier is the proximity service relay user key identifier.
示例性地,鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息之后,从该临近业务认证请求消息中获取标识。然后鉴权服务器功能网元识别该标识,或者说,鉴权服务器功能网元判断该是什么标识,或者说,鉴权服务器功能网元确定该标识的名称或含义。Exemplarily, after the authentication server function network element receives the proximity service authentication request message from the mobility management network element, it obtains the identity from the proximity service authentication request message. Then the authentication server functional network element recognizes the identifier, or in other words, the authentication server functional network element determines what the identifier is, or in other words, the authentication server functional network element determines the name or meaning of the identifier.
鉴权服务器功能网元根据该标识的格式来识别该标识。在该标识的格式与临近业务中继用户密钥标识的预设置的格式相同的情况下,鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识;在该标识的格式与用户隐藏标识的格式相同的情况下,鉴权服务器功能网元确定该标识为用户隐藏标识。The authentication server function network element identifies the identifier according to the format of the identifier. When the format of the identifier is the same as the preset format of the proximity service relay user key identifier, the authentication server functional network element determines that the identifier is the proximity service relay user key identifier; if the format of the identifier is the same as the user key identifier, When the format of the hidden identifier is the same, the authentication server functional network element determines that the identifier is the user's hidden identifier.
将上述方案应用于方法300中进行示例性说明:在方法300中的S307,AUSF接收到来自AMF是Prose认证请求消息之后,从该Prose认证请求消息获取一个标识,AUSF判断该标识的格式与规定的5G PRUKID的格式是否相同,例如,对应上述S401a部分第一个示例,AUSF判断该标识是否是以路由标识作为开头,如果是的话,则AUSF确定该标识为5G PRUK ID,在这种情况下AUSF确定执行图3中的情况B所对应的流程。如果该标识是以“type”开头,则AUSF确定该标识为SUCI,在这种情况下AUSF确定执行图3中的情况A所对应的流程。Apply the above solution to method 300 for an exemplary explanation: In S307 of method 300, after AUSF receives the Prose authentication request message from AMF, it obtains an identifier from the Prose authentication request message, and AUSF determines the format and regulations of the identifier. Whether the format of the 5G PRUKID is the same. For example, corresponding to the first example of the S401a part above, AUSF determines whether the identifier starts with a routing identifier. If so, AUSF determines that the identifier is a 5G PRUK ID. In this case AUSF determines to execute the process corresponding to case B in Figure 3. If the identifier starts with "type", the AUSF determines that the identifier is SUCI. In this case, the AUSF determines to execute the process corresponding to case A in Figure 3.
可以理解的是,当Prose认证请求消息只会携带2种不同的标识的情况下,AUSF只需确定其中一种,就可以明确执行流程。比如,AUSF可能只需要确定标识是不是以“type”开头,如果是,则确定是SUCI,则执行图3中的情况A所对应的流程。或者,AUSF可能只需要确定标识是不是以“rid”开头,如果是,则确定是5GPRUKID,则执行图3中的情况B所对应的流程。当AUSF可以通过一种服务中收到2种以上的标识的时候,则AUSF可能需要判断更多种情况。比如,AUSF可以通过一种服务收到SUCI、SUPI和5GPRUKID,则当AUSF接收到一个标识时,一种可能的判断方法为:AUSF可以先根据该标识是不是以“type”开头确实该标识是不是SUCI,如果不是,则进一步再根据该标识是否携带rid判断该标识是5GPRUKID还是SUPI。如果携带rid,则确定该标识是5GPRUKID,否则确定该标识是SUPI。也就是说,SUCI和SUPI的区分方法也可以根据是不是以“type”开头进行区分。It is understandable that when the Prose authentication request message only carries two different identifiers, AUSF only needs to determine one of them to clearly execute the process. For example, AUSF may only need to determine whether the identifier starts with "type". If so, it is determined to be SUCI, and the process corresponding to case A in Figure 3 is executed. Alternatively, AUSF may only need to determine whether the identifier starts with "rid". If so, it is determined to be 5GPRUKID, and then the process corresponding to case B in Figure 3 is executed. When AUSF can receive more than two identities through one service, AUSF may need to determine more situations. For example, AUSF can receive SUCI, SUPI and 5GPRUKID through a service. When AUSF receives an identifier, a possible judgment method is: AUSF can first confirm whether the identifier starts with "type". It is not SUCI. If not, then further determine whether the identifier is 5GPRUKID or SUPI based on whether the identifier carries rid. If it carries rid, it is determined that the identifier is 5GPRUKID, otherwise it is determined that the identifier is SUPI. In other words, the way to distinguish SUCI and SUPI can also be distinguished based on whether it starts with "type".
S407,鉴权服务器功能网元从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。具体过程本申请不作限定。S407: The authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element. The specific process is not limited in this application.
基于上述第二种可能的实现方式,远端终端设备和鉴权服务器功能网元可以按照预设置的格式生成临近业务中继用户密钥标识。在这种情况下,当鉴权服务器功能网元接收到一个标识后,可以根据该标识的格式判断该标识是什么标识。在该标识的格式与预设置的临近业务中继用户密钥标识的格式相同的情况下,鉴权服务器功能网元可以确定该标识为临近业务中继用户密钥标识;在该标识的格式与用户隐藏标识的格式相同的情况下,鉴权服务器功能网元确定该标识为用户隐藏标识。因此,通过上述方案,可以识别临近业务中继用户密钥标识。Based on the second possible implementation method mentioned above, the remote terminal device and the authentication server functional network element can generate the proximity service relay user key identification according to a preset format. In this case, when the authentication server function network element receives an identifier, it can determine what the identifier is based on the format of the identifier. When the format of the identifier is the same as the format of the preset proximity service relay user key identifier, the authentication server functional network element can determine that the identifier is the proximity service relay user key identifier; if the format of the identifier is the same as the format of the proximity service relay user key identifier, When the format of the user's hidden identity is the same, the authentication server functional network element determines that the identity is the user's hidden identity. Therefore, through the above solution, the user key identification of the adjacent service relay can be identified.
可以理解,上述方案也可以应用于其他场景。例如,在终端设备和核心网网元在生成标识的时候,可以根据预设置的格式来生成标识,用于区分不同的标识。比如,在核心网网元为个人物联网设备(personalInternet of things,PIN)生成标识的情况下,可以根据预 设置的格式为PIN生成标识。终端设备可以根据不同的标识区分存储的上下文信息对应哪种业务或功能;核心网网元则可以根据不同的标识确定后续流程。又例如,在未来某个场景中,为了避免无法区分某几个标识的情况,可以按照预设置的格式来生成其中一个或多个标识,用来标识的格式来区分不同的标识,或者说,用来某个网元识别接收到的标识。具体例如,在未来出现某种技术需要AUSF进行鉴权,并且使用的标识的生成方式与5G PRUK ID的生成方式类似,并且这个标识也来自AMF,那么AUSF在生成这个标识的时候,可以按照预设置的格式来生成这个标识,以区分这个标识、5G PRUK ID以及SUCI。It is understandable that the above solution can also be applied to other scenarios. For example, when terminal equipment and core network elements generate identifiers, they can generate identifiers according to a preset format to distinguish different identifiers. For example, when the core network element generates an identification for a personal Internet of things (PIN) device, it can be based on the preset The format set is the PIN generation identifier. Terminal equipment can distinguish which business or function the stored context information corresponds to based on different identifiers; core network elements can determine subsequent processes based on different identifiers. For another example, in a future scenario, in order to avoid being unable to distinguish certain logos, one or more logos can be generated according to a preset format, and the format of the logo can be used to distinguish different logos, or in other words, The received identifier is used to identify a certain network element. For example, if a certain technology emerges in the future that requires AUSF for authentication, and the generation method of the identification used is similar to that of 5G PRUK ID, and this identification also comes from AMF, then when generating this identification, AUSF can follow the predetermined Set the format to generate this identifier to distinguish this identifier, 5G PRUK ID, and SUCI.
下面结合方法400介绍本申请实施例提供的第三种可能的实现方式。The third possible implementation method provided by the embodiment of the present application is introduced below in conjunction with method 400.
S401a,远端终端设备生成临近业务中继用户密钥和临近业务中继用户密钥标识。S401a: The remote terminal device generates a proximity service relay user key and a proximity service relay user key identifier.
S401b,鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识。S401b: The authentication server functional network element generates a proximity service relay user key and a proximity service relay user key identifier.
可以理解的是,方法400中的S401a和S401b可以与方法300中的S315a和S315b对应。在该第三种可能的实现方式中,远端终端设备和鉴权服务器功能网元可以采用与方法300中的S315a和S315b中类似的方式生成临近业务中继用户密钥标识,本申请对此不作限定。It can be understood that S401a and S401b in method 400 may correspond to S315a and S315b in method 300. In this third possible implementation manner, the remote terminal device and the authentication server functional network element can generate the proximity service relay user key identifier in a manner similar to S315a and S315b in method 300. This application will Not limited.
S402,鉴权服务器功能网元向临近业务锚点功能网元发送临近业务中继用户密钥和临近业务中继用户密钥标识。S402: The authentication server functional network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
示例性地,鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识之后,将该临近业务中继用户密钥和临近业务中继用户密钥标识发送给临近业务锚点功能网元。对应地,临近业务锚点功能网元接收来自鉴权服务器功能网元的该临近业务中继用户密钥和临近业务中继用户密钥标识,然后保存该临近业务中继用户密钥和临近业务中继用户密钥标识。Exemplarily, after the authentication server function network element generates the proximity service relay user key and the proximity service relay user key identifier, it sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service relay user key. Service anchor function network element. Correspondingly, the proximity service anchor function network element receives the proximity service relay user key and the proximity service relay user key identification from the authentication server function network element, and then saves the proximity service relay user key and proximity service Relay user key ID.
S403,远端终端设备向中继终端设备发送直连通信请求消息。对应地,中继终端设备接收来自远端终端设备的直连通信请求消息。S403. The remote terminal device sends a direct communication request message to the relay terminal device. Correspondingly, the relay terminal device receives the direct communication request message from the remote terminal device.
示例性地,远端终端设备在该直连通信请求消息中携带了一个标识。可以理解的是,在远端终端设备存有临近业务中继用户密钥标识的情况下,该标识为该临近业务中继用户密钥标识;在远端终端设备没有存有临近业务中继用户密钥标识的情况下,该标识为该远端终端设备的用户隐藏标识。For example, the remote terminal device carries an identifier in the direct communication request message. It can be understood that when the remote terminal device has a proximity service relay user key identifier, the identifier is the proximity service relay user key identifier; when there is no proximity service relay user key identifier in the remote terminal device In the case of key identification, the identification is the user hidden identification of the remote terminal device.
远端终端设备可以在在承载该标识的信息元素(IE)中携带一个第二指示信息来指示该标识是什么标识,或者说,该第二指示信息用于识别该标识。该第二指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的功能、该标识的应用场景等。The remote terminal device may carry a second indication information in the information element (IE) carrying the identity to indicate what the identity is, or in other words, the second indication information is used to identify the identity. The second indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, the function of the identification, the application scenario of the identification, etc.
下面将上述方案应用于上述方法300为例进行说明。第二指示信息可以是该IE的名称(IEname),也可以是该IE中的标识类型(ID type)信息等,本申请不作限定。表1示出了一种可能的IE格式。The following is an example of applying the above solution to the above method 300 for description. The second indication information may be the name of the IE (IEname), or the identification type (ID type) information in the IE, etc., which is not limited in this application. Table 1 shows one possible IE format.
表1
Table 1
从表1中可以看出,IE中包括以下元素:IE name、ID type、Sub-type、ID in NAI format。其中,IE name表示该IE的名称,该IE名称可以用于指示该IE中承载的标识的含义或作用,例如,当该IE中承载的标识为5G PRUKID时,可以将该IE name设置为“5G Prose Identity IEI”,AUSF可以根据该IE name确定该IE承载的标识为5G PRUKID。As can be seen from Table 1, IE includes the following elements: IE name, ID type, Sub-type, ID in NAI format. Among them, IE name represents the name of the IE. The IE name can be used to indicate the meaning or role of the identity carried in the IE. For example, when the identity carried in the IE is 5G PRUKID, the IE name can be set to " 5G Prose Identity IEI", AUSF can determine that the identity carried by the IE is 5G PRUKID based on the IE name.
该ID type可以用于区分不同的标识类型。例如,在ID type取值为0x00的情况下,表示该IE中承载的标识为SUCI;在ID type取值为0x01的情况下,表示该IE中承载的标识是5G PRUKID;在ID type取值为0x02的情况下,表示该IE中承载的标识为A-KID。又例如,在ID type取值为字符串“SUCI”的情况下,表示该IE中承载的标识为SUCI;在ID type取值为字符串“5G PRUKID”的情况下,表示该IE中承载的标识是5G PRUKID;在ID type取值为字符串“A-KID”的情况下,表示该IE中承载的标识为A-KID。本实施例不限制IDtype的取值方法。该Sub-type用于区分同一个类型下的多种子类型,每种类型可以进一步指示标识的作用、目的或者来源。比如SUCI有NSI,GCI和GLI格式,其中,NSI用于私网,GCI用于固网。可以通过设置Sub-type的取值进一步区分子类型。本实施例不限制Sub-type的取值方法。该ID in NAI format为该IE承载的标识。The ID type can be used to distinguish different identification types. For example, when the ID type value is 0x00, it means that the identifier carried in the IE is SUCI; when the ID type value is 0x01, it means that the identifier carried in the IE is 5G PRUKID; when the ID type value If it is 0x02, it means that the identifier carried in the IE is A-KID. For another example, when the ID type value is the string "SUCI", it means that the identifier carried in the IE is SUCI; when the ID type value is the string "5G PRUKID", it means that the identifier carried in the IE is SUCI. The identifier is 5G PRUKID; when the ID type value is the string "A-KID", it means that the identifier carried in the IE is A-KID. This embodiment does not limit the value method of IDtype. This Sub-type is used to distinguish multiple sub-types under the same type. Each type can further indicate the role, purpose or source of the logo. For example, SUCI has NSI, GCI and GLI formats, among which NSI is used for private networks and GCI is used for fixed networks. Subtypes can be further distinguished by setting the value of Sub-type. This embodiment does not limit the Sub-type value method. The ID in NAI format is the identifier carried by IE.
可以理解的是,IE包括的元素中可以仅包括IE name和ID type中的其中一个。另外,Sub-type可以作为可选的元素,即IE中也可以不包括Sub-type。It can be understood that the elements included in IE may only include one of IE name and ID type. In addition, Sub-type can be used as an optional element, that is, Sub-type does not need to be included in IE.
以图3中的方法300为例,Remote UE在S304向Relay UE传递标识的时候,是能够确定该标识是SUCI还是5G PRUKID。因此,Remote UE可以根据该标识的具体含义设置IE。假设Remote UE向AMF传递的标识是5G PRUKID,则Remote UE可以根据5G PRUKID构造IE。表2示出了一种可能的情况。比如,relayUE在向AMF发送NAS消息时,在5GProsecontainer中填入IE,并对IE进行相关设置。在RelayAMF收到NAS消息后,将5GProsecontainer通过步骤S307发送给AUSF。AUSF则根据IE确定标识是SUCI还是5G PRUKID。Taking the method 300 in Figure 3 as an example, when the Remote UE transmits the identity to the Relay UE in S304, it can determine whether the identity is SUCI or 5G PRUKID. Therefore, Remote UE can set IE according to the specific meaning of this logo. Assuming that the identity passed by the Remote UE to the AMF is 5G PRUKID, the Remote UE can construct an IE based on the 5G PRUKID. Table 2 shows one possible situation. For example, when relayUE sends a NAS message to AMF, it fills in IE in 5GProsecontainer and makes relevant settings for IE. After RelayAMF receives the NAS message, it sends the 5GProsecontainer to the AUSF through step S307. AUSF determines whether the logo is SUCI or 5G PRUKID based on IE.
表2
Table 2
从表2中可以看出,IE name为“5G Prose Identity IEI”,该IE name用于指示该标识用于5G Prose场景;ID type为0x01,表示该标识为5G PRUKID;Sub-type为空;该标识具体为:[email protected]。该ID type为0x02,表示该标识为SUCI;sub-type为NAI,则表示该标识是一个NAI格式的SUCI。As can be seen from Table 2, the IE name is "5G Prose Identity IEI", which is used to indicate that the identifier is used in the 5G Prose scenario; the ID type is 0x01, indicating that the identifier is 5G PRUKID; Sub-type is empty; The specific identification is: [email protected]. The ID type is 0x02, which means the identifier is SUCI; the sub-type is NAI, which means the identifier is a SUCI in NAI format.
表3示出了另一种可能的实现方法。如表3所示,表3中仅包括IE name和ID,IE name设置为“5G PRUK ID”,则通过IEname可以直接判断出该IE中承载的标识是5G PRUK ID。此时,其他字段可以不需要,或者填充为空值。Table 3 shows another possible implementation. As shown in Table 3, Table 3 only includes the IE name and ID. If the IE name is set to "5G PRUK ID", then the IE name can be used to directly determine that the identifier carried in the IE is the 5G PRUK ID. At this time, other fields may not be needed or filled with null values.
表3
table 3
相应地,表4所示的IE中承载的标识为SUCI。此时0x01表示NAI格式,或者可以 不需要ID type,或者ID type字段也填充为空值。本实施例不限制具体的取值方式和具体的IE格式。Correspondingly, the identifier carried in the IE shown in Table 4 is SUCI. At this time 0x01 indicates NAI format, or it can ID type is not required, or the ID type field is also filled with null values. This embodiment does not limit the specific value method and specific IE format.
表4
Table 4
可以理解的是,本实施例只是给出一种通过不同IE传递标识的方法。具体地,可以通过IE名称不同知晓ID具体内容,或者根据IE中的具体字段知晓ID的具体内容。It can be understood that this embodiment only provides a method of transmitting identifiers through different IEs. Specifically, the specific content of the ID can be known through different IE names, or the specific content of the ID can be known based on specific fields in the IE.
S404,中继终端设备向移动管理网元发送中继密钥请求消息,该中继密钥请求消息包括中继终端设备在S403从远端终端设备接收到的信息元素。对应地,移动管理网元接收来自中继终端设备的中继密钥请求消息。S404: The relay terminal device sends a relay key request message to the mobility management network element. The relay key request message includes the information element received by the relay terminal device from the remote terminal device in S403. Correspondingly, the mobility management network element receives the relay key request message from the relay terminal device.
S405,移动管理网元向鉴权服务器功能网元发送临近业务认证请求消息,该临近业务认证请求消息包括移动管理网元在S404从中继终端设备接收到的信息元素。对应地,鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息。S405: The mobility management network element sends a proximity service authentication request message to the authentication server function network element. The proximity service authentication request message includes the information element received by the mobility management network element from the relay terminal device in S404. Correspondingly, the authentication server function network element receives the proximity service authentication request message from the mobility management network element.
S406,鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识。S406: The authentication server functional network element determines that the identifier is the proximity service relay user key identifier.
示例性地,鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息之后,从该临近业务认证请求消息中获取承载该标识的信息元素。然后鉴权服务器功能网元识别该标识,或者说,鉴权服务器功能网元判断该是什么标识,或者说,鉴权服务器功能网元确定该标识的名称或含义。Exemplarily, after the authentication server function network element receives the proximity service authentication request message from the mobility management network element, it obtains the information element carrying the identity from the proximity service authentication request message. Then the authentication server functional network element recognizes the identifier, or in other words, the authentication server functional network element determines what the identifier is, or in other words, the authentication server functional network element determines the name or meaning of the identifier.
在该信息元素携带了第二指示信息的情况下,鉴权服务器功能网元可以根据该第二指示信息识别该标识。例如,在第二指示信息指示了临近业务中继用户密钥标识的名称的情况下,鉴权服务器功能网元根据该第二指示信息确定该标识为临近业务中继用户密钥标识。In the case where the information element carries the second indication information, the authentication server function network element can identify the identifier based on the second indication information. For example, when the second indication information indicates the name of the proximity service relay user key identifier, the authentication server function network element determines that the identifier is the proximity service relay user key identifier based on the second indication information.
可以理解的是,上述方案是以远端终端设备构造信息元素为例进行说明的,但在其他实现方式还可以由中继终端设备或移动管理网元构造该信息元素。例如,中继终端设备接收来自远端终端设备的标识之后,在确定该标识为临近业务中继用户密钥标识的情况下,中继终端设备在携带该标识的信息元素中携带第二指示信息。It can be understood that the above solution is explained by taking the remote terminal device to construct the information element as an example, but in other implementations, the information element can also be constructed by the relay terminal device or the mobility management network element. For example, after the relay terminal device receives the identifier from the remote terminal device and determines that the identifier is the proximity service relay user key identifier, the relay terminal device carries the second indication information in the information element carrying the identifier. .
将上述方案应用于方法300中进行示例性说明:Remote UE在S304向Relay UE发送直连通信请求消息,该直连通信请求消息包括用于承载标识的IE。Relay UE接收该直连通信请求消息后,在S305向AMF发送中继密钥请求消息,该中继密钥请求消息中包括该IE。AMF在S307向AUSF发送Prose认证请求消息,并在该Prose认证请求消息中携带从Relay UE接收到的该IE。AUSF根据该IE中的IE name和/或ID type,确定该标识为5G PRUKID。在这种情况下AUSF确定执行图3中的情况B所对应的流程。Apply the above solution to the method 300 for an exemplary explanation: the Remote UE sends a direct communication request message to the Relay UE in S304. The direct communication request message includes an IE used to carry the identity. Relay After receiving the direct communication request message, the UE sends a relay key request message to the AMF in S305. The relay key request message includes the IE. The AMF sends a Prose authentication request message to the AUSF in S307, and carries the IE received from the Relay UE in the Prose authentication request message. AUSF determines that the identifier is 5G PRUKID based on the IE name and/or ID type in the IE. In this case, AUSF determines to execute the process corresponding to case B in Figure 3.
S407,鉴权服务器功能网元从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。具体过程本申请不作限定。S407: The authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element. The specific process is not limited in this application.
基于上述第三种可能的实现方式,远端终端设备在传输临近业务中继用户密钥标识时,可以在承载该临近业务中继用户密钥标识的信息元素中携带第二指示信信息,该第一指示信息可以指示该临近业务中继用户密钥标识的名称、类型、功能、应用场景中的一项或多 项。在这种情况下,当鉴权服务器功能网元接收用于承载标识,且携带了第二指示信息的信息元素时,鉴权服务器功能网元可以根据该第二指示信息确定该标识为临近业务中继用户密钥标识,否则鉴权服务器功能网元确定该标识为用户隐藏标识。因此,通过上述方案,可以识别临近业务中继用户密钥标识。Based on the above third possible implementation manner, when the remote terminal device transmits the proximity service relay user key identification, it can carry the second instruction information in the information element carrying the proximity service relay user key identification. The first indication information may indicate one or more of the name, type, function, and application scenario of the proximity service relay user key identifier. item. In this case, when the authentication server function network element receives the information element used to carry the identifier and carries the second indication information, the authentication server function network element can determine that the identifier is a proximity service based on the second indication information. Relay user key identification, otherwise the authentication server functional network element determines that the identification is a user hidden identification. Therefore, through the above solution, the user key identification of the adjacent service relay can be identified.
可以理解,上述方案也可以应用于其他场景。例如,在终端设备和核心网网元在生成标识的时候,可以设置承载该标识的信息元素,用于区分不同的标识。比如,在核心网网元为个人物联网设备(personalInternet of things,PIN)生成标识之后,可以在承载该标识的信息元素中添加第二指示信息。终端设备可以根据不同的标识区分存储的上下文信息对应哪种业务或功能;核心网网元则可以根据不同的标识确定后续流程。又例如,在未来某个场景中,为了避免无法区分某几个标识的情况,可以在承载标识的信息元素中添加第二指示信息,以区分不同的标识,或者说,用于某个网元识别接收到的标识。具体例如,在未来出现某种技术需要AUSF进行鉴权,并且使用的标识的生成方式与5G PRUK ID的生成方式类似,并且这个标识也来自AMF,那么Remote UE在传输这个标识的时候,在承载这个标识的IE中携带第二指示信息,以区分这个标识、5G PRUK ID以及SUCI。It is understandable that the above solution can also be applied to other scenarios. For example, when terminal equipment and core network elements generate identifiers, information elements carrying the identifier can be set to distinguish different identifiers. For example, after the core network element generates an identification for a personal Internet of things (PIN) device, the second indication information can be added to the information element carrying the identification. Terminal equipment can distinguish which business or function the stored context information corresponds to based on different identifiers; core network elements can determine subsequent processes based on different identifiers. For another example, in a future scenario, in order to avoid being unable to distinguish certain identifiers, second indication information can be added to the information element carrying the identifier to distinguish different identifiers, or in other words, for a certain network element Recognize the received ID. For example, if a certain technology appears in the future and requires AUSF for authentication, and the generation method of the identifier used is similar to that of 5G PRUK ID, and this identifier also comes from AMF, then when the Remote UE transmits this identifier, it will bear the The IE of this logo carries second indication information to distinguish this logo, 5G PRUK ID and SUCI.
下面结合方法400介绍本申请实施例提供的第四种可能的实现方式。The fourth possible implementation method provided by the embodiment of the present application is introduced below in conjunction with method 400.
S401a,远端终端设备生成临近业务中继用户密钥和临近业务中继用户密钥标识。S401a: The remote terminal device generates a proximity service relay user key and a proximity service relay user key identifier.
S401b,鉴权服务器功能网元生成临近业务中继用户密钥和临近业务中继用户密钥标识。S401b: The authentication server functional network element generates a proximity service relay user key and a proximity service relay user key identifier.
可以理解的是,方法400中的S401a和S401b可以与方法300中的S315a和S315b对应。在该第三种可能的实现方式中,远端终端设备和鉴权服务器功能网元可以采用与方法300中的S315a和S315b中类似的方式生成临近业务中继用户密钥标识,本申请对此不作限定。It can be understood that S401a and S401b in method 400 may correspond to S315a and S315b in method 300. In this third possible implementation manner, the remote terminal device and the authentication server functional network element can generate the proximity service relay user key identifier in a manner similar to S315a and S315b in method 300. This application will Not limited.
S402,鉴权服务器功能网元向临近业务锚点功能网元发送临近业务中继用户密钥和临近业务中继用户密钥标识。S402: The authentication server functional network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
S403,远端终端设备向中继终端设备发送直连通信请求消息。对应地,中继终端设备接收来自远端终端设备的直连通信请求消息。S403. The remote terminal device sends a direct communication request message to the relay terminal device. Correspondingly, the relay terminal device receives the direct communication request message from the remote terminal device.
示例性地,远端终端设备在该直连通信请求消息中携带了一个标识。可以理解的是,在远端终端设备存有临近业务中继用户密钥标识的情况下,该标识为该临近业务中继用户密钥标识;在远端终端设备没有存有临近业务中继用户密钥标识的情况下,该标识为该远端终端设备的用户隐藏标识。For example, the remote terminal device carries an identifier in the direct communication request message. It can be understood that when the remote terminal device has a proximity service relay user key identifier, the identifier is the proximity service relay user key identifier; when there is no proximity service relay user key identifier in the remote terminal device In the case of key identification, the identification is the user hidden identification of the remote terminal device.
远端终端设备在传输该标识的时候,可以选择消息名称与该标识对应的消息。例如,如果远端终端设备传输的标识为临近业务中继用户密钥标识,则通过第一直连通信请求消息发送该标识;如果远端终端设备传输的标识为用户隐藏标识,则通过第二直连通信请求消息发送该标识。需要说明的是,这里的第一直连通信请求消息和第二直连通信请求消息代表的是不同的消息名称。也就是说,用于传输该消息的消息名称与该标识存在一一对应的关系。When transmitting the identifier, the remote terminal device can select a message whose message name corresponds to the identifier. For example, if the identifier transmitted by the remote terminal device is the proximity service relay user key identifier, the identifier is sent through the first direct communication request message; if the identifier transmitted by the remote terminal device is the user hidden identifier, the identifier is sent through the second direct communication request message. This identifier is sent in the direct communication request message. It should be noted that the first direct communication request message and the second direct communication request message here represent different message names. That is to say, there is a one-to-one correspondence between the message name used to transmit the message and the identifier.
S404,中继终端设备向移动管理网元发送中继密钥请求消息,该中继密钥请求消息包括中继终端设备在S403从远端终端设备接收到的标识。对应地,移动管理网元接收来自中继终端设备的中继密钥请求消息。 S404: The relay terminal device sends a relay key request message to the mobility management network element. The relay key request message includes the identification received by the relay terminal device from the remote terminal device in S403. Correspondingly, the mobility management network element receives the relay key request message from the relay terminal device.
需要说明的是,中继终端设备可以根据从远端终端设备接收到的消息的消息名称,确定向移动管理网元发送的消息的消息名称。例如,如果中继终端设备接收到的消息为第一直连通信请求消息,则中继终端设备通过第一中继密钥请求消息向移动管理网元发送该标识;如果中继终端设备接收到的消息为第二直连通信请求消息,则中继终端设备通过第二中继密钥请求消息向移动管理网元发送该标识。需要说明的是,这里的第一中继密钥请求消息和第二中继密钥请求消息代表的是不同的消息名称。It should be noted that the relay terminal device may determine the message name of the message sent to the mobility management network element based on the message name of the message received from the remote terminal device. For example, if the message received by the relay terminal device is the first direct communication request message, the relay terminal device sends the identification to the mobility management network element through the first relay key request message; if the relay terminal device receives the The message is the second direct communication request message, then the relay terminal device sends the identifier to the mobility management network element through the second relay key request message. It should be noted that the first relay key request message and the second relay key request message here represent different message names.
S405,移动管理网元向鉴权服务器功能网元发送临近业务认证请求消息,该临近业务认证请求消息包括移动管理网元在S404从中继终端设备接收到的标识。对应地,鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息。S405: The mobility management network element sends a proximity service authentication request message to the authentication server function network element. The proximity service authentication request message includes the identification received by the mobility management network element from the relay terminal device in S404. Correspondingly, the authentication server function network element receives the proximity service authentication request message from the mobility management network element.
需要说明的是,移动管理网元可以根据从中继终端设备接收到的消息的消息名称,确定向鉴权服务器功能网元发送的消息的消息名称。例如,如果移动管理网元接收到的消息为第一中继密钥请求消息,则中继终端设备通过第一临近业务认证请求消息向鉴权服务器功能网元发送该标识;如果移动管理网元接收到的消息为第二中继密钥请求消息,则移动管理网元通过第二临近业务认证请求消息向鉴权服务器功能网元发送该标识。需要说明的是,这里的第一临近业务认证请求消息和第二临近业务认证请求消息代表的是不同的消息名称。It should be noted that the mobility management network element may determine the message name of the message sent to the authentication server function network element based on the message name of the message received from the relay terminal device. For example, if the message received by the mobility management network element is the first relay key request message, the relay terminal device sends the identification to the authentication server function network element through the first proximity service authentication request message; if the mobility management network element If the received message is the second relay key request message, the mobility management network element sends the identification to the authentication server function network element through the second proximity service authentication request message. It should be noted that the first proximity service authentication request message and the second proximity service authentication request message here represent different message names.
上述实施例是以远端终端设备、中继终端设备、移动管理网元分别通过具有不同的消息名称的消息来传输不同的标识为例进行说明的。但可以理解的是,在一种实现方式中,远端终端设备和中继终端设备仍然可以采用与前三种实现方式类似的方式传输该标识。移动管理网元接收来自中继终端设备的中继密钥请求消息之后,可以识别该标识,然后选择具有对应的消息名称的消息向鉴权服务器功能网元发送该标识。其中,移动管理网元可以采用上述三种可能的实现方式中的任一种来识别该标识,也可以根据当前流程识别该标识,还可以根据其他可能的信息来识别该标识,本申请对比不作限定。The above embodiment takes as an example that the remote terminal device, the relay terminal device, and the mobility management network element respectively transmit different identifiers through messages with different message names. However, it can be understood that in one implementation, the remote terminal device and the relay terminal device can still transmit the identifier in a manner similar to the first three implementations. After receiving the relay key request message from the relay terminal device, the mobility management network element can identify the identifier, and then select a message with a corresponding message name to send the identifier to the authentication server function network element. Among them, the mobility management network element can use any of the above three possible implementation methods to identify the identifier, or it can identify the identifier based on the current process, or it can also identify the identifier based on other possible information. This application does not make a comparison. limited.
S406,鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识。S406: The authentication server functional network element determines that the identifier is the proximity service relay user key identifier.
示例性地,鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息之后,根据该临近业务认证请求消息的消息名称识别该消息中携带的标识。例如,在该消息的消息名称为第一临近业务认证请求消息的情况下,鉴权服务器功能网元确定该标识为临近业务中继用户密钥标识;在该消息的消息名称为第二临近业务认证请求消息的情况下,鉴权服务器功能网元确定该标识为用户隐藏标识。可以理解的是,鉴权服务器功能网元可以预先配置不同消息名称与不同标识之间的关联关系。Exemplarily, after the authentication server function network element receives the proximity service authentication request message from the mobility management network element, it identifies the identifier carried in the message according to the message name of the proximity service authentication request message. For example, when the message name of the message is the first proximity service authentication request message, the authentication server functional network element determines that the identifier is the proximity service relay user key identifier; when the message name of the message is the second proximity service In the case of an authentication request message, the authentication server functional network element determines that the identity is a user hidden identity. It can be understood that the authentication server functional network element can pre-configure the association between different message names and different identifiers.
将上述方案应用于方法300中进行示例性说明:AMF在S305接收来自Relay UE的中继密钥请求消息之后,从该中继密钥请求消息中获取一个标识。一种示例,在AMF确定该标识为SUCI的情况下,AMF在S307向AUSF发送UE认证请求(UEAuthentication Request)消息,并在该UE认证请求消息中携带该SUCI,或者说,AMF调用UE认证(Nausf_UEAuthentication)服务向AUSF发送该SUCI,或者说,AMF使用UE认证_临近业务认证(Nausf_UEAuthentication_ProseAuthentication)操作向AUSF发送该SUCI。在AMF确定该标识为5G PRUKID的情况下,AMF在S307向AUSF发送临近业务获取请求(Nausf_ProseGet Request)消息,并在该临近业务获取请求消息中携带该5G PRUKID,或者说,AMF调用临近业务获取(Nausf_ProseGet)服务向AUSF发送该5G PRUKID, 或者说,AMF使用UE认证_临近业务获取(Nausf_UEAuthentication_ProseGet)操作向AUSF发送该5G PRUKID。也就是说,AMF通过不同的消息传输SUCI和5G PRUK ID,或者说,AMF调用不同的服务传输SUCI和5G PRUK ID,或者说AMF使用不同的操作传输SUCI和5G PRUK ID。AUSF根据接收到的消息的名称,识别该消息中携带的标识。可以理解的是,AUSF预先配置了各种标识和消息名称的对应关系。The above solution is applied to method 300 for exemplary explanation: after receiving the relay key request message from the Relay UE in S305, the AMF obtains an identity from the relay key request message. In one example, when AMF determines that the identifier is SUCI, AMF sends a UE authentication request (UEAuthentication Request) message to AUSF in S307, and carries the SUCI in the UE authentication request message, or in other words, AMF calls UE authentication ( The Nausf_UEAuthentication) service sends the SUCI to the AUSF, or in other words, the AMF uses the UE Authentication_Proximity Service Authentication (Nausf_UEAuthentication_ProseAuthentication) operation to send the SUCI to the AUSF. When AMF determines that the identifier is 5G PRUKID, AMF sends a Nausf_ProseGet Request message to AUSF in S307, and carries the 5G PRUKID in the Nausf_ProseGet Request message, or in other words, AMF calls Nausf_ProseGet Request. (Nausf_ProseGet) service sends the 5G PRUKID to AUSF, In other words, the AMF uses the UE authentication_proximity service acquisition (Nausf_UEAuthentication_ProseGet) operation to send the 5G PRUKID to the AUSF. In other words, AMF transmits SUCI and 5G PRUK ID through different messages, or AMF calls different services to transmit SUCI and 5G PRUK ID, or AMF uses different operations to transmit SUCI and 5G PRUK ID. AUSF identifies the identifier carried in the message based on the name of the received message. It can be understood that AUSF is pre-configured with the corresponding relationships between various identifiers and message names.
可以理解的是,AMF可以根据上述四种实现方式中的任意一种方式确定该标识为SUCI还是5G PRUK ID,本申请不作限定。It can be understood that AMF can determine whether the identification is SUCI or 5G PRUK ID according to any of the above four implementation methods, which is not limited in this application.
S407,鉴权服务器功能网元从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。具体过程本申请不作限定。S407: The authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element. The specific process is not limited in this application.
基于上述第四种可能的实现方式,远端终端设备在传输临近业务中继用户密钥标识时,可以通过具备与该临近业务中继用户密钥标识相对应的消息名称的消息来传输该临近业务中继用户密钥标识,也就是说,其他网元可以根据消息名称确定该消息中携带的标识为临近业务中继用户密钥标识。因此,通过上述方案,可以识别临近业务中继用户密钥标识。Based on the fourth possible implementation method mentioned above, when the remote terminal device transmits the proximity service relay user key identifier, it can transmit the proximity service relay user key identifier through a message with a message name corresponding to the proximity service relay user key identifier. Service relay user key identification, that is to say, other network elements can determine based on the message name that the identifier carried in the message is the adjacent service relay user key identification. Therefore, through the above solution, the user key identification of the adjacent service relay can be identified.
可以理解的是,本申请实施例提供的方法还可以适用于其他场景。也就是说,如果在其他场景下存在一个网元无法区分某几个标识的情况,或者存在一个网元无法识别某个标识的情况,可以采用本申请实施例提供的方法来识别。It can be understood that the methods provided by the embodiments of this application can also be applied to other scenarios. That is to say, if there is a situation where a network element cannot distinguish certain identifiers in other scenarios, or there is a situation where a network element cannot identify a certain identifier, the method provided in the embodiment of this application can be used to identify.
还可以理解的是,本申请实施例提供的方法还可以适用于未来可能出现的某种标识。例如,在未来出现某种技术需要AUSF进行鉴权,并且使用的标识的生成方式与5G PRUK ID的生成方式类似,并且这个标识也来自AMF,那么AUSF也可以采用本申请实施例提供的方法来识别不同的标识。It can also be understood that the method provided by the embodiment of the present application can also be applied to certain identifications that may appear in the future. For example, if a certain technology appears in the future and requires AUSF for authentication, and the generation method of the identifier used is similar to that of 5G PRUK ID, and this identifier also comes from AMF, then AUSF can also use the method provided in the embodiment of this application. Identify different logos.
相应于上述各方法实施例给出的方法,本申请实施例还提供了相应的装置,该装置包括用于执行上述各个方法实施例相应的模块。该模块可以是软件,也可以是硬件,或者是软件和硬件结合。可以理解的是,上述各方法实施例所描述的技术特征同样适用于以下装置实施例,因此,未详细描述的内容可以参见上文方法实施例,为了简洁,这里不再赘述。Corresponding to the methods provided in each of the above method embodiments, embodiments of the present application also provide corresponding devices, which include modules for executing corresponding modules in each of the above method embodiments. The module can be software, hardware, or a combination of software and hardware. It can be understood that the technical features described in the above method embodiments are also applicable to the following device embodiments. Therefore, content that is not described in detail can be referred to the above method embodiments. For the sake of brevity, they will not be described again here.
图5是本申请实施例提供的通信装置10的示意性框图。该装置10包括收发模块11和处理模块12。收发模块11可以实现相应的通信功能,处理模块12用于进行数据处理,或者说该收发模块11用于执行接收和发送相关的操作,该处理模块12用于执行除了接收和发送以外的其他操作。收发模块11还可以称为通信接口或通信单元。FIG. 5 is a schematic block diagram of the communication device 10 provided by the embodiment of the present application. The device 10 includes a transceiver module 11 and a processing module 12 . The transceiver module 11 can implement corresponding communication functions, and the processing module 12 is used to perform data processing, or in other words, the transceiver module 11 is used to perform operations related to receiving and sending, and the processing module 12 is used to perform other operations besides receiving and sending. . The transceiver module 11 may also be called a communication interface or communication unit.
可选地,该装置10还可以包括存储模块13,该存储模块13可以用于存储指令和/或数据,处理模块12可以读取存储模块中的指令和/或数据,以使得装置实现前述各个方法实施例中设备或网元的动作。Optionally, the device 10 may also include a storage module 13, which may be used to store instructions and/or data, and the processing module 12 may read the instructions and/or data in the storage module, so that the device implements each of the foregoing. Actions of the device or network element in the method embodiment.
在第一种设计中,该装置10可对应于上文方法实施例中的远端终端设备(如方法400中的远端终端设备,或者是方法300中的Remote UE),或者是通用集成电路卡的组成部件(如芯片)。In the first design, the device 10 may correspond to the remote terminal equipment in the above method embodiment (such as the remote terminal equipment in method 400, or the Remote UE in method 300), or a general integrated circuit The components of the card (e.g. chip).
该装置10可实现对应于上文方法实施例中的远端终端设备执行的步骤或者流程,其中,收发模块11可用于执行上文方法实施例中远端终端设备的收发相关的操作,处理模块12可用于执行上文方法实施例中远端终端设备的处理相关的操作。The device 10 can implement steps or processes corresponding to those performed by the remote terminal device in the above method embodiment, wherein the transceiver module 11 can be used to perform operations related to the transceiver of the remote terminal device in the above method embodiment, and the processing module 12 may be used to perform operations related to processing of the remote terminal device in the above method embodiment.
在一种可能的实现方式,处理模块12,用于生成临近业务中继用户密钥和临近业务中继用户密钥标识,该临近业务中继用户密钥标识包括第一指示信息,该第一指示信息用 于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;收发模块11,用于将该临近业务中继用户密钥和临近业务中继用户密钥标识发送给临近业务锚点功能网元。In a possible implementation, the processing module 12 is configured to generate a proximity service relay user key and a proximity service relay user key identifier, where the proximity service relay user key identifier includes first indication information, and the first For instruction information Used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the transceiver module 11 is used to convert the proximity service relay user key and the proximity service relay The user key identification is sent to the adjacent service anchor function network element.
在第二种设计中,该装置10可对应于上文方法实施例中的鉴权服务器功能网元(如方法400中的鉴权服务器功能网元,或者是方法300中的AUSF),或者是鉴权服务器功能网元的组成部件(如芯片)。In the second design, the device 10 may correspond to the authentication server function network element in the above method embodiment (such as the authentication server function network element in method 400, or the AUSF in method 300), or A component (such as a chip) of the authentication server functional network element.
该装置10可实现对应于上文方法实施例中的鉴权服务器功能网元执行的步骤或者流程,其中,收发模块11可用于执行上文方法实施例中鉴权服务器功能网元的收发相关的操作,处理模块12可用于执行上文方法实施例中鉴权服务器功能网元的处理相关的操作。The device 10 can implement steps or processes corresponding to the execution of the authentication server function network element in the above method embodiment, wherein the transceiver module 11 can be used to perform the transceiver related tasks of the authentication server function network element in the above method embodiment. In operation, the processing module 12 may be configured to perform operations related to processing of the authentication server function network element in the above method embodiment.
一种可能的实现方式,收发模块11,用于接收来自移动管理网元的临近业务认证请求消息,该临近业务认证请求消息包括一个标识,该标识包括第一指示信息,该第一指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景;处理模块12,用于根据该第一指示信息确定该标识为临近业务中继用户密钥标识;该处理模块,还用于根据该标识从临近业务锚点功能网元获取该标识对应的临近业务中继用户密钥。In one possible implementation, the transceiver module 11 is configured to receive a proximity service authentication request message from the mobility management network element. The proximity service authentication request message includes an identifier, and the identifier includes first indication information. The first indication information is Indicates one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier; the processing module 12 is configured to determine that the identifier is a nearby service relay according to the first indication information. User key identification; the processing module is also used to obtain the proximity service relay user key corresponding to the identification from the proximity service anchor point function network element based on the identification.
第三种设计中,该装置10可对应于上文方法实施例中的移动管理网元(如方法400中的移动管理网元,或者是方法300中的AMF),或者是移动管理网元的组成部件(如芯片)。In the third design, the device 10 may correspond to the mobility management network element in the above method embodiment (such as the mobility management network element in method 400, or the AMF in method 300), or be a mobile management network element. Components (such as chips).
该装置10可实现对应于上文方法实施例中的移动管理网元执行的步骤或者流程,其中,收发模块11可用于执行上文方法实施例中的移动管理网元的收发相关的操作,处理模块12可用于执行上文方法实施例中移动管理网元的处理相关的操作。The device 10 can implement steps or processes corresponding to the execution of the mobility management network element in the above method embodiment, wherein the transceiver module 11 can be used to perform operations related to the transceiver of the mobility management network element in the above method embodiment, and process Module 12 may be used to perform operations related to processing of the mobility management network element in the above method embodiment.
一种可能的实现方式,收发模块11,用于接收来自远端终端设备的直连通信请求消息,该直连通信请求消息包括临近业务中继用户密钥标识;该收发模块11,还用于向移动管理网元发送中继密钥请求消息,该中继密钥请求消息包括用于承载临近业务中继用户密钥标识的信息元素,该信息元素包括第二指示信息,该第二指示信息用于指示以下一项或多项:该标识的名称、该标识的类型、该标识的作用、该标识的应用场景。In one possible implementation, the transceiver module 11 is used to receive a direct communication request message from a remote terminal device. The direct communication request message includes a proximity service relay user key identification; the transceiver module 11 is also used to Send a relay key request message to the mobility management network element. The relay key request message includes an information element used to carry the proximity service relay user key identification. The information element includes second indication information. The second indication information Used to indicate one or more of the following: the name of the logo, the type of the logo, the role of the logo, and the application scenario of the logo.
应理解,各模块执行上述相应步骤的具体过程在上述各方法实施例中已经详细说明,为了简洁,在此不再赘述。It should be understood that the specific process of each module performing the above corresponding steps has been described in detail in each of the above method embodiments, and will not be described again for the sake of brevity.
还应理解,这里的装置10以功能模块的形式体现。这里的术语“模块”可以指应用特有集成电路(application specific integrated circuit,ASIC)、电子电路、用于执行一个或多个软件或固件程序的处理器(例如共享处理器、专有处理器或组处理器等)和存储器、合并逻辑电路和/或其它支持所描述的功能的合适组件。在一个可选例子中,本领域技术人员可以理解,装置10可以具体为上述实施例中的远端终端设备,可以用于执行上述各方法实施例中与远端终端设备对应的各个流程和/或步骤;或者,装置10可以具体为上述实施例中的鉴权服务器功能网元,可以用于执行上述各方法实施例中与鉴权服务器功能网元对应的各个流程和/或步骤,为避免重复,在此不再赘述。It should also be understood that the device 10 here is embodied in the form of a functional module. The term "module" as used herein may refer to an application specific integrated circuit (ASIC), an electronic circuit, a processor (such as a shared processor, a proprietary processor, or a group of processors) used to execute one or more software or firmware programs. processor, etc.) and memory, merged logic circuitry, and/or other suitable components to support the described functionality. In an optional example, those skilled in the art can understand that the device 10 can be specifically a remote terminal device in the above embodiments, and can be used to execute various processes corresponding to the remote terminal device in the above method embodiments and/or or steps; or, the device 10 can be specifically the authentication server function network element in the above embodiments, and can be used to execute various processes and/or steps corresponding to the authentication server function network element in the above method embodiments. In order to avoid Repeat, I won’t go into details here.
上述各个方案的装置10具有实现上述方法中的设备(如鉴权服务器功能网元,或远端终端设备,或移动管理网元)所执行的相应步骤的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模 块;例如收发模块可以由收发机替代(例如,收发模块中的发送单元可以由发送机替代,收发模块中的接收单元可以由接收机替代),其它单元,如处理模块等可以由处理器替代,分别执行各个方法实施例中的收发操作以及相关的处理操作。The device 10 of each of the above solutions has the function of realizing the corresponding steps performed by the equipment in the above method (such as the authentication server function network element, or the remote terminal equipment, or the mobility management network element). This function can be implemented by hardware, or it can be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions. block; for example, the transceiver module can be replaced by a transceiver (for example, the sending unit in the transceiver module can be replaced by a transmitter, and the receiving unit in the transceiver module can be replaced by a receiver), and other units, such as processing modules, can be replaced by processors , respectively perform the sending and receiving operations and related processing operations in each method embodiment.
此外,上述收发模块11还可以是收发电路(例如可以包括接收电路和发送电路),处理模块可以是处理电路。In addition, the above-mentioned transceiver module 11 may also be a transceiver circuit (for example, it may include a receiving circuit and a transmitting circuit), and the processing module may be a processing circuit.
图6是本申请实施例提供另一种通信装置20的示意图。该装置20包括处理器21,处理器21用于执行存储器22存储的计算机程序或指令,或读取存储器22存储的数据/信令,以执行上文各方法实施例中的方法。可选地,处理器21为一个或多个。FIG. 6 is a schematic diagram of another communication device 20 according to an embodiment of the present application. The device 20 includes a processor 21, which is used to execute computer programs or instructions stored in the memory 22, or read data/signaling stored in the memory 22, to perform the methods in each of the above method embodiments. Optionally, there are one or more processors 21 .
可选地,如图6所示,该装置20还包括存储器22,存储器22用于存储计算机程序或指令和/或数据。该存储器22可以与处理器21集成在一起,或者也可以分离设置。可选地,存储器22为一个或多个。Optionally, as shown in Figure 6, the device 20 further includes a memory 22, which is used to store computer programs or instructions and/or data. The memory 22 may be integrated with the processor 21 or may be provided separately. Optionally, there are one or more memories 22 .
可选地,如图6所示,该装置20还包括收发器23,收发器23用于信号的接收和/或发送。例如,处理器21用于控制收发器23进行信号的接收和/或发送。Optionally, as shown in Figure 6, the device 20 also includes a transceiver 23, which is used for receiving and/or transmitting signals. For example, the processor 21 is used to control the transceiver 23 to receive and/or transmit signals.
作为一种方案,该装置20用于实现上文各个方法实施例中由远端终端设备执行的操作。As a solution, the device 20 is used to implement the operations performed by the remote terminal device in each of the above method embodiments.
作为另一种方案,该装置20用于实现上文各个方法实施例中由鉴权服务器功能网元执行的操作。As another solution, the device 20 is used to implement the operations performed by the authentication server function network element in each of the above method embodiments.
作为另一种方案,该装置20用于实现上文各个方法实施例中由移动管理网元执行的操作。As another solution, the device 20 is used to implement the operations performed by the mobility management network element in each of the above method embodiments.
应理解,本申请实施例中提及的处理器可以是中央处理单元(central processing unit,CPU),还可以是其他通用处理器、数字信号处理器(digital signal processor,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现成可编程门阵列(field programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that the processor mentioned in the embodiments of this application may be a central processing unit (CPU), or other general-purpose processor, digital signal processor (DSP), or application-specific integrated circuit (ASIC). application specific integrated circuit (ASIC), off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may be any conventional processor, etc.
还应理解,本申请实施例中提及的存储器可以是易失性存储器和/或非易失性存储器。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,RAM)。例如,RAM可以用作外部高速缓存。作为示例而非限定,RAM包括如下多种形式:静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(dynamic RAM,DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。It should also be understood that the memory mentioned in the embodiments of the present application may be a volatile memory and/or a non-volatile memory. Among them, non-volatile memory can be read-only memory (ROM), programmable ROM (PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically removable memory. Erase electrically programmable read-only memory (EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM). For example, RAM can be used as an external cache. By way of example and not limitation, RAM includes the following forms: static random access memory (static RAM, SRAM), dynamic random access memory (dynamic RAM, DRAM), synchronous dynamic random access memory (synchronous DRAM, SDRAM), Double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (synchlink DRAM, SLDRAM) and direct Memory bus random access memory (direct rambus RAM, DR RAM).
需要说明的是,当处理器为通用处理器、DSP、ASIC、FPGA或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件时,存储器(存储模块)可以集成在处理器中。It should be noted that when the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic device, or discrete hardware component, the memory (storage module) can be integrated in the processor.
还需要说明的是,本文描述的存储器旨在包括但不限于这些和任意其它适合类型的存 储器。It should also be noted that the memories described herein are intended to include, but are not limited to, these and any other suitable types of memories. storage.
图7是本申请实施例提供一种芯片***30的示意图。该芯片***30(或者也可以称为处理***)包括逻辑电路31以及输入/输出接口(input/output interface)32。FIG. 7 is a schematic diagram of a chip system 30 provided by an embodiment of the present application. The chip system 30 (or can also be called a processing system) includes a logic circuit 31 and an input/output interface 32.
其中,逻辑电路31可以为芯片***30中的处理电路。逻辑电路31可以耦合连接存储单元,调用存储单元中的指令,使得芯片***30可以实现本申请各实施例的方法和功能。输入/输出接口32,可以为芯片***30中的输入输出电路,将芯片***30处理好的信息输出,或将待处理的数据或信令信息输入芯片***30进行处理。The logic circuit 31 may be a processing circuit in the chip system 30 . The logic circuit 31 can be coupled to the memory unit and call instructions in the memory unit, so that the chip system 30 can implement the methods and functions of various embodiments of the present application. The input/output interface 32 can be an input/output circuit in the chip system 30, which outputs information processed by the chip system 30, or inputs data or signaling information to be processed into the chip system 30 for processing.
作为另一种方案,该芯片***30用于实现上文各个方法实施例中由远端终端设备执行的操作。As another solution, the chip system 30 is used to implement the operations performed by the remote terminal device in each of the above method embodiments.
作为另一种方案,该芯片***30用于实现上文各个方法实施例中由鉴权服务器功能网元执行的操作。As another solution, the chip system 30 is used to implement the operations performed by the authentication server function network element in each of the above method embodiments.
作为另一种方案,该芯片***30用于实现上文各个方法实施例中由移动管理网元执行的操作。As another solution, the chip system 30 is used to implement the operations performed by the mobility management network element in each of the above method embodiments.
本申请实施例还提供一种计算机可读存储介质,其上存储有用于实现上述各方法实施例中由设备执行的方法的计算机指令。Embodiments of the present application also provide a computer-readable storage medium on which computer instructions for implementing the methods executed by the device in each of the above method embodiments are stored.
例如,该计算机程序被计算机执行时,使得该计算机可以实现上述方法各实施例中由移动管理网元执行的方法。For example, when the computer program is executed by a computer, the computer can implement the method executed by the mobility management network element in each embodiment of the above method.
又如,该计算机程序被计算机执行时,使得该计算机可以实现上述方法各实施例中由终端设备执行的方法。For another example, when the computer program is executed by a computer, the computer can implement the method executed by the terminal device in each embodiment of the above method.
本申请实施例还提供一种计算机程序产品,包含指令,该指令被计算机执行时以实现上述各方法实施例中由设备执行的方法。上述提供的任一种装置中相关内容的解释及有益效果均可参考上文提供的对应的方法实施例,此处不再赘述。Embodiments of the present application also provide a computer program product, which includes instructions. When the instructions are executed by a computer, the methods executed by the device in each of the above method embodiments are implemented. For explanations of relevant content and beneficial effects of any of the devices provided above, please refer to the corresponding method embodiments provided above, and will not be described again here.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个***,或一些特征可以忽略,或不执行。此外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented. In addition, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。例如,所述计算机可以是个人计算机,服务器,或者网络设备等。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介 质(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD)等。例如,前述的可用介质包括但不限于:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in the embodiments of the present application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. For example, the computer may be a personal computer, a server, or a network device. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, e.g., the computer instructions may be transferred from a website, computer, server, or data center Transmission to another website, computer, server or data center by wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more available media integrated. The available media may be magnetic media media (such as floppy disk, hard disk, tape), optical media (such as DVD), or semiconductor media (such as solid state disk (SSD)). For example, the aforementioned available media include but are not limited to: U disk, mobile Various media that can store program code include hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。 The above are only specific embodiments of the present application, but the protection scope of the present application is not limited thereto. Any person familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present application. should be covered by the protection scope of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (21)

  1. 一种通信方法,其特征在于,包括:A communication method, characterized by including:
    通信装置生成临近业务中继用户密钥标识;The communication device generates a proximity service relay user key identification;
    所述通信装置向中继终端设备发送直连通信请求消息,所述直连通信请求消息包括所述临近业务中继用户密钥标识。The communication device sends a direct communication request message to the relay terminal device, where the direct communication request message includes the proximity service relay user key identification.
  2. 根据权利要求1所述的方法,其特征在于,所述临近业务中继用户密钥标识包括第一指示信息,所述第一指示信息用于指示以下一项或多项:所述临近业务中继用户密钥标识的名称、所述临近业务中继用户密钥标识的类型、所述临近业务中继用户密钥标识的作用、所述临近业务中继用户密钥标识的应用场景。The method according to claim 1, characterized in that the proximity service relay user key identification includes first indication information, and the first indication information is used to indicate one or more of the following: in the proximity service The name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the role of the proximity service relay user key identifier, and the application scenario of the proximity service relay user key identifier.
  3. 根据权利要求1或2所述的方法,其特征在于,所述通信装置生成临近业务中继用户密钥标识,包括:The method according to claim 1 or 2, characterized in that the communication device generates a proximity service relay user key identification, including:
    所述通信装置根据预设置的格式生成所述临近业务中继用户密钥标识,所述预设置的格式与所述临近业务中继用户密钥标识相关联。The communication device generates the proximity service relay user key identifier according to a preset format, and the preset format is associated with the proximity service relay user key identifier.
  4. 根据权利要求1至3中任一项所述的方法,其特征在于,所述标识承载于信息元素,所述信息元素包括在所述直连通信请求消息中,所述信息元素包括第二指示信息,所述第二指示信息用于指示以下一项或多项:所述临近业务中继用户密钥标识的名称、所述临近业务中继用户密钥标识的类型、所述临近业务中继用户密钥标识的作用、所述临近业务中继用户密钥标识的应用场景。The method according to any one of claims 1 to 3, characterized in that the identification is carried in an information element, the information element is included in the direct communication request message, and the information element includes a second indication Information, the second indication information is used to indicate one or more of the following: the name of the proximity service relay user key identifier, the type of the proximity service relay user key identifier, the proximity service relay The role of the user key identifier and the application scenarios of the proximity service relay user key identifier.
  5. 根据权利要求1至4中任一项所述的方法,其特征在于,所述直连通信请求消息的消息名称与所述临近业务中继用户密钥标识相关关联。The method according to any one of claims 1 to 4, characterized in that the message name of the direct communication request message is associated with the proximity service relay user key identification.
  6. 根据权利要求1至4中任一项所述的方法,其特征在于,所述通信装置为远端终端设备或远端终端设备的组成部件。The method according to any one of claims 1 to 4, characterized in that the communication device is a remote terminal equipment or a component of a remote terminal equipment.
  7. 一种通信方法,其特征在于,包括:A communication method, characterized by including:
    鉴权服务器功能网元接收来自移动管理网元的临近业务认证请求消息,所述临近业务认证请求消息包括一个标识;The authentication server function network element receives a proximity service authentication request message from the mobility management network element, where the proximity service authentication request message includes an identifier;
    所述鉴权服务器功能网元确定所述标识为临近业务中继用户密钥标识;The authentication server function network element determines that the identification is the proximity service relay user key identification;
    所述鉴权服务器功能网元根据所述标识从临近业务锚点功能网元获取所述标识对应的临近业务中继用户密钥。The authentication server function network element obtains the proximity service relay user key corresponding to the identifier from the proximity service anchor point function network element according to the identifier.
  8. 根据权利要求7所述的方法,其特征在于,所述标识包括第一指示信息,所述第一指示信息用于指示以下一项或多项:所述标识的名称、所述标识的类型、所述标识的作用、所述标识的应用场景;The method according to claim 7, characterized in that the identification includes first indication information, and the first indication information is used to indicate one or more of the following: the name of the identification, the type of the identification, The function of the identification and the application scenarios of the identification;
    所述鉴权服务器功能网元确定所述标识为临近业务中继用户密钥标识,包括:The authentication server function network element determines that the identification is the proximity service relay user key identification, including:
    所述鉴权服务器功能网元根据所述第一指示信息确定所述标识为临近业务中继用户密钥标识。The authentication server function network element determines that the identification is a proximity service relay user key identification according to the first indication information.
  9. 根据权利要求7或8所述的方法,其特征在于,所述标识的格式与预设置的临近业务中继用户密钥标识的格式相同;The method according to claim 7 or 8, characterized in that the format of the identification is the same as the format of the preset proximity service relay user key identification;
    所述鉴权服务器功能网元确定所述标识为临近业务中继用户密钥标识,包括: The authentication server function network element determines that the identification is the proximity service relay user key identification, including:
    所述鉴权服务器功能网元根据所述标识的格式确定所述标识为临近业务中继用户密钥标识。The authentication server function network element determines that the identifier is the proximity service relay user key identifier according to the format of the identifier.
  10. 根据权利要求7至9中任一项所述的方法,其特征在于,所述标识承载于信息元素,所述信息元素包括第二指示信息,所述第二指示信息用于指示以下一项或多项:所述标识的名称、所述标识的类型、所述标识的作用、所述标识的应用场景;The method according to any one of claims 7 to 9, characterized in that the identification is carried in an information element, the information element includes second indication information, and the second indication information is used to indicate one of the following or Multiple items: the name of the identifier, the type of the identifier, the function of the identifier, and the application scenario of the identifier;
    所述鉴权服务器功能网元确定所述标识为临近业务中继用户密钥标识,包括:The authentication server function network element determines that the identification is the proximity service relay user key identification, including:
    所述鉴权服务器功能网元根据所述第二指示信息确定所述标识为临近业务中继用户密钥标识。The authentication server function network element determines that the identification is a proximity service relay user key identification according to the second indication information.
  11. 根据权利要求7至10中任一项所述的方法,其特征在于,所述临近业务认证请求消息的消息名称与所述临近业务中继用户密钥标识存在关联关系;The method according to any one of claims 7 to 10, characterized in that there is an association relationship between the message name of the proximity service authentication request message and the proximity service relay user key identification;
    所述鉴权服务器功能网元确定所述标识为临近业务中继用户密钥标识,包括:The authentication server function network element determines that the identification is the proximity service relay user key identification, including:
    所述鉴权服务器功能网元根据所述临近业务认证请求消息的消息名称,以及所述关联关系,确定所述标识为临近业务中继用户密钥标识。The authentication server function network element determines that the identification is the proximity service relay user key identification based on the message name of the proximity service authentication request message and the association relationship.
  12. 一种通信方法,其特征在于,包括:A communication method, characterized by including:
    鉴权服务功能网元生成临近业务中继用户密钥;The authentication service function network element generates the user key of the adjacent service relay;
    所述鉴权服务功能网元根据预设置的格式生成临近业务中继用户密钥标识;The authentication service function network element generates a proximity service relay user key identification according to a preset format;
    所述鉴权服务功能网元将所述临近业务中继用户密钥和所述临近业务中继用户密钥标识发送给临近业务锚点功能网元。The authentication service function network element sends the proximity service relay user key and the proximity service relay user key identifier to the proximity service anchor point function network element.
  13. 一种通信方法,其特征在于,包括:A communication method, characterized by including:
    中继终端设备接收来自远端终端设备的直连通信请求消息,所述直连通信请求消息包括临近业务中继用户密钥标识;The relay terminal device receives a direct connection communication request message from the remote terminal device, where the direct connection communication request message includes a proximity service relay user key identification;
    所述中继终端设备向移动管理网元发送中继密钥请求消息,所述中继密钥请求消息包括用于承载临近业务中继用户密钥标识的信息元素,所述信息元素包括第二指示信息,所述第二指示信息用于指示以下一项或多项:所述标识的名称、所述标识的类型、所述标识的作用、所述标识的应用场景。The relay terminal device sends a relay key request message to the mobility management network element. The relay key request message includes an information element used to carry the proximity service relay user key identification, and the information element includes a second Instruction information, the second indication information is used to indicate one or more of the following: the name of the identifier, the type of the identifier, the role of the identifier, and the application scenario of the identifier.
  14. 一种通信方法,其特征在于,包括:A communication method, characterized by including:
    移动管理网元接收来自中继终端设备的中继密钥请求消息,所述中继密钥请求消息包括临近业务中继用户密钥标识;The mobility management network element receives a relay key request message from the relay terminal device, where the relay key request message includes a proximity service relay user key identification;
    所述移动管理网元选择临近业务认证请求消息向鉴权服务功能网元发送所述临近业务中继用户密钥标识,所述临近业务认证请求消息的消息名称与所述临近业务中继用户密钥标识存在关联关系。The mobility management network element selects a proximity service authentication request message and sends the proximity service relay user key identifier to the authentication service function network element. The message name of the proximity service authentication request message is the same as the proximity service relay user key identifier. There is an association between key identifiers.
  15. 一种通信装置,其特征在于,所述装置包括:用于执行如权利要求1至6中任一项所述的方法的模块,或者用于执行如权利要求7至11中任一项所述的方法的模块,或者用于执行如权利要求12至14中任一项所述的方法的模块。A communication device, characterized in that the device includes: a module for performing the method as described in any one of claims 1 to 6, or a module for performing the method as described in any one of claims 7 to 11 A module for a method, or a module for performing a method as claimed in any one of claims 12 to 14.
  16. 一种通信装置,其特征在于,包括:A communication device, characterized by including:
    处理器,用于执行存储器中存储的计算机程序,以使得所述装置执行如权利要求1至6中任一项所述的方法,或者以使得所述装置执行如权利要求7至11中任一项所述的方法,或者以使得所述装置执行如权利要求12至14中任一项所述的方法的模块。Processor, configured to execute a computer program stored in the memory, so that the device performs the method as claimed in any one of claims 1 to 6, or so that the device performs the method as claimed in any one of claims 7 to 11 The method described in claim 12, or a module that causes the device to perform the method described in any one of claims 12 to 14.
  17. 一种计算机程序产品,其特征在于,所述计算机程序产品包括用于执行如权利要 求1至6中任一项所述的方法的指令,或者所述计算机程序产品包括用于执行如权利要求7至11中任一项所述的方法的指令,所述计算机程序产品包括用于执行如权利要求12至14中任一项所述的方法的指令。A computer program product, characterized in that the computer program product includes a computer program for executing the Instructions for the method of any one of claims 1 to 6, or the computer program product includes instructions for performing the method of any one of claims 7 to 11, the computer program product includes instructions for Instructions to perform a method as claimed in any one of claims 12 to 14.
  18. 一种计算机可读存储介质,其特征在于,包括:所述计算机可读存储介质存储有计算机程序;所述计算机程序在计算机上运行时,使得所述计算机执行如权利要求1至6中任一项所述的方法,或者使得所述计算机执行如权利要求7至11中任一项所述的方法,或者使得所述计算机执行如权利要求12至14中任一项所述的方法。A computer-readable storage medium, characterized by comprising: the computer-readable storage medium stores a computer program; when the computer program is run on a computer, it causes the computer to execute any one of claims 1 to 6 The method described in the item, either causes the computer to perform the method as described in any one of claims 7 to 11, or causes the computer to perform the method as described in any one of claims 12 to 14.
  19. 一种通信***,其特征在于,包括通信装置和鉴权服务器功能网元,A communication system, characterized by including a communication device and an authentication server functional network element,
    其中,所述通信装置用于执行如权利要求1至6中任一项所述的方法,所述鉴权服务器功能网元用于执行如权利要求7至11中任一项所述的方法,或所述鉴权服务功能网元用于执行如权利要求12所述的方法。Wherein, the communication device is used to perform the method as described in any one of claims 1 to 6, and the authentication server function network element is used to perform the method as described in any one of claims 7 to 11, Or the authentication service function network element is used to perform the method according to claim 12.
  20. 根据权利要求19所述的通信***,其特征在于,所述通信***还包括中继终端设备,所述中继终端设备用于执行如权利要求13所述的方法。The communication system according to claim 19, characterized in that the communication system further includes a relay terminal device, and the relay terminal device is used to perform the method according to claim 13.
  21. 根据权利要求19或20所述的通信***,其特征在于,所述通信***还包括移动管理网元,所述移动管理网元用于执行如权利要求14所述的方法。 The communication system according to claim 19 or 20, characterized in that the communication system further includes a mobility management network element, and the mobility management network element is used to perform the method according to claim 14.
PCT/CN2023/091675 2022-05-13 2023-04-28 Communication method and apparatus WO2023216932A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210520810.4A CN117098129A (en) 2022-05-13 2022-05-13 Communication method and device
CN202210520810.4 2022-05-13

Publications (1)

Publication Number Publication Date
WO2023216932A1 true WO2023216932A1 (en) 2023-11-16

Family

ID=88729654

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/091675 WO2023216932A1 (en) 2022-05-13 2023-04-28 Communication method and apparatus

Country Status (2)

Country Link
CN (1) CN117098129A (en)
WO (1) WO2023216932A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021115637A1 (en) * 2019-12-11 2021-06-17 Telefonaktiebolaget Lm Ericsson (Publ) Connecting a remote user equipment to a cellular network
US20210345104A1 (en) * 2020-05-01 2021-11-04 Qualcomm Incorporated Relay sidelink communications for secure link establishment
WO2022088029A1 (en) * 2020-10-30 2022-05-05 华为技术有限公司 Key acquisition method and communication apparatus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021115637A1 (en) * 2019-12-11 2021-06-17 Telefonaktiebolaget Lm Ericsson (Publ) Connecting a remote user equipment to a cellular network
US20210345104A1 (en) * 2020-05-01 2021-11-04 Qualcomm Incorporated Relay sidelink communications for secure link establishment
WO2022088029A1 (en) * 2020-10-30 2022-05-05 华为技术有限公司 Key acquisition method and communication apparatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ERICSSON: "Alternative solution to handle PRUK and PRUK ID", 3GPP TSG-SA3 MEETING #106-E . DRAFT_S3-220371-R7 (MERGER OF S3-220288 AND S3-22037), no. e-meeting, 14 - 25 February 2022, 25 February 2022 (2022-02-25), XP093107747 *

Also Published As

Publication number Publication date
CN117098129A (en) 2023-11-21

Similar Documents

Publication Publication Date Title
EP3893575A1 (en) Communication method and apparatus
US11844142B2 (en) Communications method and apparatus
US20230023571A1 (en) Service processing method for proximity service, device, and system
CN110519826B (en) Network access method, related device and system
EP3869857A1 (en) Resource information sending method, device, and system
CN111586642B (en) Communication method and device
US20230319556A1 (en) Key obtaining method and communication apparatus
US20230029714A1 (en) Authorization method, policy control function device, and access and mobility management function device
EP4106480A1 (en) Communication method and apparatus
CN114071510A (en) Communication method and device
WO2019242525A1 (en) Data transmission method, related device and system
US20230239938A1 (en) Determining a default network slice
US20240107417A1 (en) Communication method and apparatus
CN115134875A (en) Method and device for session switching
WO2019223557A1 (en) Network access method, related device, and system
EP4354948A1 (en) Communication method, device and system
WO2023016160A1 (en) Session establishment method and related apparatus
WO2023216932A1 (en) Communication method and apparatus
US20230388909A1 (en) Ensuring network control of simultaneous access to network slices with application awareness
WO2022147804A1 (en) Key identifier generation method, and related apparatus
WO2023202337A1 (en) Communication method and apparatus
US11881961B2 (en) Communication method and related apparatus
WO2023160390A1 (en) Communication method and apparatus
WO2023040732A1 (en) Method for determining key acquisition mode, communication method, and communication apparatus
TWI820874B (en) Transmission method and apparatus applied to channel direct link establishment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23802704

Country of ref document: EP

Kind code of ref document: A1