CN101197671B - Authentication method in communication system - Google Patents
Authentication method in communication system Download PDFInfo
- Publication number
- CN101197671B CN101197671B CN200610160885A CN200610160885A CN101197671B CN 101197671 B CN101197671 B CN 101197671B CN 200610160885 A CN200610160885 A CN 200610160885A CN 200610160885 A CN200610160885 A CN 200610160885A CN 101197671 B CN101197671 B CN 101197671B
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- session control
- control server
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an authentification method of a communication system. The method comprises the following steps that: Step S102. a user sends an access request to a system through a terminal; Step S104. a call session control server on the system side receives the access request and sends an authentification request message to an HSS; Step S106. the HSS receives the authentification request message and judges whether the times of the authentification request in a presetting time period are up to the presetting times as well as sending the message including the judged result to the call session control server; Step S108. the call session control server authenticates the user according to the message. The invention can maintain the authority and security of a legal user and can have good compatibility.
Description
Technical field
The present invention relates to the communications field, and especially, relate to the method for authenticating in the communication system.
Background technology
Because the IP technology has series of advantages such as interoperability, communication system is just progressively carried to IP and is changed, and the network integration that causes has thus caused the birth of new generation network communication standard one IMS.Because the opening of IP technology, the security requirement of communication network has reached unprecedented height.Based on challenge, the bi-directional authentification mechanism of response has become the main stream approach of authentication terminal in the communication system or network.The RFC3310 standard of IETF will be that the authentication mechanism in the Traditional IP field of representative organically combines with the authentication mechanism that is the mobile field of representative with RFC2617 with 3GPP 33.102 agreements.Along with the fusion of network, after existing with following fixed terminal is introduced, with the HTTP Digest authentication mechanism of a large amount of employing RFC2617 descriptions.
International organizations such as TISPAN have considered in network to support multiple method for authenticating at present, adapting to the needs that compatible multiple terminal is inserted, and have begun to formulate corresponding standard, and this is comprising supporting HTTP Digest authentication standard (RFC2617).In HTTP Digest authentication protocol, the authentication key of possessing respectively with the terminal Network Based (or claiming password).According to the difference at terminal, this key possibly be stored in the terminal, or is imported by the user.The exploration of IP network makes the relevant signaling of authentication be easy to tackled or forge; And owing to can not expect that each terminal use uses enough strong password; The behavior of adopting Malware illegally to crack the validated user password just becomes possibility, for example common dictionary attack.
In order to solve this security threat, can adopt the measure of similar bank debits machine limit withdrawal, when continuous input password mistake surpasses certain number of times, account is locked, can only hold relevant proof by validated user and carry out release.This has just effectively prevented the behavior of illegal conjecture user cipher.This method shows as in communication network, initiates authentication request when client, and network is to its authentification failure, and in a single day this repetitive process reaches the number of times of restriction, and user's account will be locked.At this moment need validated user to carry identity document and carry out release to the business hall.A kind of being embodied as at IMS (IP Multimedia System) mobile communications network; The user initiates register requirement; HSS the authentication parameter request of the obtaining number that S-CSCF initiates that adds up to this user, if because S-CSCF finds the failed authentication refusal inserts, the user initiates register requirement more again; The authentication parameter request number that this process repeats to cause writing down among the HSS reaches the preset upper limit, and HSS is with Subscriber Locked.If the subscription authentication success, HSS receives follow-up registration notification, and then HSS counts zero clearing with the authentication parameter request of record.
In practical application; The method that locks an account through the authentication request counting has following defective: the behavior that malicious user is initiated a large amount of authentication request conjecture validated user passwords through software will cause the locking of validated user account, normally use business thereby influenced validated user; More dangerous is if a large amount of malice authentication request of use software initiation will make the existing network a large number of users be absorbed in the account lock-out state easily, to cause serious network paralysis.
Summary of the invention
In order to solve in the authentication process security threat problem of attacking user key, and solve and attack the user key illegal act user is brought the problem of interference and makes the present invention.Main purpose of the present invention is to provide a kind of method for authenticating of communication system.
To achieve these goals, according to the first embodiment of the present invention, a kind of method for authenticating of communication system is provided.
This method may further comprise the steps: step S102, and the user sends the request of access through the terminal to system; Step S104, the calling session control server of system side receives the request of access, and sends authentication request message to home subscriber server (HSS); Step S106, home subscriber server receives authentication request message, judges whether the number of times of request authentication in the predetermined period of time reaches predetermined times, will comprise that the message of judged result sends to calling session control server; And step S108, calling session control server carries out authentication according to message to the user.
Wherein, In step S106; The number of times of request authentication reaches under the situation of predetermined times in the predetermined time cycle; Home subscriber server is refused response message with authentication and is sent to calling session control server, and calling session control server generates according to the refusal response message forbids inserting message, and sends it to the terminal.
And; In step S106; The number of times of request authentication does not reach under the situation of predetermined times in the predetermined time cycle; Home subscriber server produces authentication parameter according to the signatory middle key information of user, and the authentication information that will comprise authentication parameter sends to calling session control server, and is accumulated in the number of times of request authentication in the predetermined period of time.Wherein, authentication information comprises the authentication challenge information and the first Authentication Response information at least.
In addition, step S108 comprises: step S1082, calling session control server send authentication challenge indication according to the authentication challenge information that receives from home subscriber server to the terminal; Step S1084, the terminal receives authentication challenge indication, generates the second Authentication Response information according to the key that has or according to the password of user's input, and the second Authentication Response information is sent to calling session control server; The first Authentication Response information and the second Authentication Response information that step S1086, calling session control server will receive compare; And step S1088, according to comparative result, carry out handled.
Wherein, step S1088 comprises: if the first Authentication Response information and the second Authentication Response information are inequality, then send the registration failure response message to the terminal, the user receives the registration failure response message, and selects to register again or abandon registration.
And step S1088 comprises: if the first Authentication Response information is identical with the second Authentication Response information, the renewal of registration is handled.
Wherein, receiving in the user registration/cancel request that calling session control server sends, home subscriber server is removed user's request authentication number of times.
Wherein, the request authentication number of times (inferior) with the time cycle (minute) ratio be about 1.
Through technique scheme, the present invention can safeguard the authority and the safety of validated user, and has good compatibility.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart according to the communication system method for authenticating of first embodiment of the invention;
Fig. 2 is the details flow chart according to the communication system method for authenticating of first embodiment of the invention;
Fig. 3 is the block diagram that illustrates according to the structure of the authentication device in the communication system of second embodiment of the invention;
Fig. 4 is a block diagram of using system construction instance of the present invention;
Fig. 5 is the flow chart of user's normal registration in the system shown in Figure 4;
Fig. 6 is the flow chart of illegal user from malicious registration in the system shown in Figure 4; And
Fig. 7 realizes flow chart of the present invention in system shown in Figure 3.
Embodiment
Specify the present invention below with reference to accompanying drawing.
First embodiment
At first, the description first embodiment of the present invention that will see figures.1.and.2.Fig. 1 is the flow chart according to the communication system method for authenticating of first embodiment of the invention, and Fig. 2 is the details flow chart according to the communication system method for authenticating of first embodiment of the invention.
As shown in Figure 1, may further comprise the steps according to the communication system method for authenticating of first embodiment of the invention: step S102, the user sends the request of access through the terminal to system; Step S104, the calling session control server of system side receives the request of access, and sends authentication request message to home subscriber server; Step S106, home subscriber server receives authentication request message, judges whether the number of times of request authentication in the predetermined period of time reaches predetermined times, will comprise that the message of judged result sends to calling session control server; And step S108, calling session control server carries out authentication according to message to the user.
Wherein, In step S106; The number of times of request authentication reaches under the situation of predetermined times in the predetermined time cycle; Home subscriber server is refused response message with authentication and is sent to calling session control server, and calling session control server generates according to the refusal response message forbids inserting message, and sends it to the terminal.
And; In step S106; The number of times of request authentication does not reach under the situation of predetermined times in the predetermined time cycle; Home subscriber server produces authentication parameter according to the signatory middle key information of user, and the authentication information that will comprise authentication parameter sends to calling session control server, and is accumulated in the number of times of request authentication in the predetermined period of time.Wherein, authentication information comprises the authentication challenge information and the first Authentication Response information at least.
In addition, as shown in Figure 2, step S108 may further comprise the steps: step S1082, calling session control server send authentication challenge indication according to the authentication challenge information that receives from home subscriber server to the terminal; Step S1084, the terminal receives authentication challenge indication, generates the second Authentication Response information according to the key that has or according to the password of user's input, and the second Authentication Response information is sent to calling session control server; The first Authentication Response information and the second Authentication Response information that step S1086, calling session control server will receive compare; And step S1088, according to comparative result, carry out handled.
Wherein, step S1088 comprises: if the first Authentication Response information and the second Authentication Response information are inequality, then send the registration failure response message to the terminal, the user receives the registration failure response message, and selects to register again or abandon registration.
And step S1088 comprises: if the first Authentication Response information is identical with the second Authentication Response information, the renewal of registration is handled.
Wherein, receiving in the user registration/cancel request that calling session control server sends, home subscriber server is removed user's request authentication number of times.
Wherein, the request authentication number of times (inferior) with the time cycle (minute) ratio be about 1.
Second embodiment
To the second embodiment of the present invention be described with reference to Fig. 3 below.Fig. 3 is the block diagram that illustrates according to the structure of the authentication device in the communication system of second embodiment of the invention 300.
As shown in Figure 3, comprise according to the authentication device in the communication system of second embodiment of the invention 300: request module 302 is used to make the user to pass through the terminal and sends the request of access to system; Sending module 304 is used to make the calling session control server of system side to receive the request of access, and sends authentication request message to home subscriber server; Judging treatmenting module 306 is used to make home subscriber server to receive authentication request message, judges whether the number of times of request authentication in the predetermined period of time reaches predetermined times, will comprise that the message of judged result sends to calling session control server; And authentication module 308, be used to make calling session control server the user to be carried out authentication according to message.
Wherein, The number of times of request authentication reaches under the situation of predetermined times in the predetermined time cycle; Judging treatmenting module 306 makes home subscriber server that authentication is refused response message and sends to calling session control server; Calling session control server is generated according to the refusal response message forbid inserting message, and send it to the terminal.
And; The number of times of request authentication does not reach under the situation of predetermined times in the predetermined time cycle; Judging treatmenting module 306 makes home subscriber server produce authentication parameter according to the signatory middle key information of user; The authentication information that will comprise authentication parameter sends to calling session control server, and is accumulated in the number of times of request authentication in the predetermined period of time.Wherein, authentication information comprises the authentication challenge information and the first Authentication Response information at least.
In addition, in the authentication module 308 of this device, further comprise: sub-dispensing device 310, be used to make calling session control server according to the authentication challenge information that receives from home subscriber server, send authentication challenge indication to the terminal; Generation module 312 is used to make the terminal to receive authentication challenge indication, generates the second Authentication Response information according to the key that has or according to the password of user's input, and the second Authentication Response information is sent to calling session control server; Comparison module 314, the first Authentication Response information and the second Authentication Response information that are used to calling session control server will be received compare; And processing module 316, be used for according to comparative result, carry out handled.
Wherein, if the first Authentication Response information and the second Authentication Response information are inequality, then processing module 316 is sent the registration failure response message to the terminal, and the user receives the registration failure response message, and selects to register again or abandon registration.And if the first Authentication Response information is identical with the second Authentication Response information, processing module 316 renewals of registration are handled.
Afterwards, receiving in the user registration/cancel request that calling session control server sends, home subscriber server is removed user's request authentication number of times.
Wherein, the request authentication number of times (inferior) with the time cycle (minute) ratio be about 1.
The 3rd embodiment
To the third embodiment of the present invention be described with reference to Fig. 4, Fig. 5, Fig. 6 and Fig. 7 below.Fig. 4 is a block diagram of using system construction instance of the present invention; Fig. 5 is the flow chart of user's normal registration in the system shown in Figure 4; Fig. 6 is the flow chart of illegal user from malicious registration in the system shown in Figure 4, and Fig. 7 realizes flow chart of the present invention in system shown in Figure 3.
Be that example is described embodiments of the invention with the IMS system below.
As shown in Figure 4, move or fixed terminal UE 11 access IMS (IP MutimediaSubsystem) networks, in registration (Register) process, be asked to authentication;
Insert acting server P-CSCF 12 and realize user agent function, request that it will be received and service are handled or are transmitted.In the present invention, insert the IMS register requirement that the acting server link terminal sends;
Querying server I-CSCF 13 serves as all users' of network tie point, for the user distributes available session control server (S-CSCF).In the present embodiment, it all only transmits register requirement with P-CSCF;
Calling session control server S-CSCF 14 will carry out authentication to the terminal when receiving the first register requirement that send at the terminal.If it does not preserve effective authentication parameter of this user, it will be initiated authentication request to home subscriber server and obtain available authentication parameter;
Home subscriber server HSS 15 authentication request that Control Server sends that accepts session is returned authentication parameter and is supplied session control server that the user is carried out authentication.In the present embodiment, home subscriber server possibly return the Authentication Response of failure through judging whether the authentication swindle, thus refusal disabled user's access.
Fig. 5 shows the flow chart of user's normal registration in this system, and is as shown in Figure 5, and its concrete steps are following:
(1) terminal UE inserts through IP network, initiates register requirement Register to the IMS network;
(2) after querying server I-CSCF receives the access request at terminal, send user-authorization-request UAR message to home subscriber server HSS;
(3) HSS returns subscriber authorisation response UAA, comprises server-assignment information and is used for the I-CSCF calling session control server S-CSCF suitable for the user distributes;
(4) information returned according to HSS of I-CSCF selects a S-CSCF for user's service, then register requirement is forwarded to selected S-CSCF;
(5) after S-CSCF received registration message, decision was to subscription authentication, and MAR issues HSS with authentication request message;
(6) whether authentication number has surpassed default value to the HSS judges in the time cycle of setting.Inspection finds that authentication request is legal, and then the compute authentication parameter group is sent successful Authentication Response MAA then; HSS saves as the S-CSCF name that the user distributes simultaneously;
(7) S-CSCF preserves the authentication parameter in the MAA response, and authentication parameter is assembled into authentication challenge request, in 401 unverified message, is handed down to the terminal;
(8) after authentication challenge request was received at the terminal, according to the password of the key of oneself preserving or user's input, the compute authentication response was carried the Authentication Response value then in register requirement, send it back network;
(9) after querying server I-CSCF receives the access request at terminal, send user-authorization-request UAR message to home subscriber server HSS;
(10) because HSS has write down the S-CSCF name of distributing for the user in step 206, HSS directly carries the S-CSCF name in the UAA response, and indication I-CSCF is linked into this S-CSCF;
(11): I-CSCF is forwarded to this S-CSCF according to the S-CSCF name that HSS returns with register requirement.
(12) the S-CSCF network side Authentication Response value of relatively being preserved in the Authentication Response value in the register requirement and the step 207 finds that identical explanation authentication passes through, then to HSS initiation registration notification request SAR.
(13) HSS revises user registration state, returns registration notification response SAA to S-CSCF, carries the data that the user contracts.
(14) S-CSCF receives the SAA response, returns the notification message 200OK that succeeds in registration to the terminal, and flow process finishes.
Wherein, the implication of field is with the regulation in 3GPP 29.228 agreements.
In this system, the flow process of disabled user's malicious registration is as shown in Figure 6, and its concrete steps are following:
(1) terminal UE inserts through IP network, initiates register requirement Register to the IMS network;
(2) after querying server I-CSCF receives the access request at terminal, send user-authorization-request UAR message to home subscriber server HSS;
(3) HSS returns subscriber authorisation response UAA, comprises server-assignment information and is used for the I-CSCF calling session control server S-CSCF suitable for the user distributes;
(4) information returned according to HSS of I-CSCF selects a S-CSCF for user's service, then register requirement is forwarded to selected S-CSCF;
(5) after S-CSCF received registration message, decision was to subscription authentication, and MAR issues HSS with authentication request message;
(6) whether authentication number has surpassed default value to the HSS judges in the time cycle of setting.Inspection finds that authentication request is illegal, and the Authentication Response MAA that then directly sends failure gives S-CSCF;
(7) HSS refusal authentication is found in S-CSCF inspection MAA response, then forbids inserting message and is handed down to the terminal 403, and the ends log-in reason, flow process finishes.
Wherein, the implication of field is with the regulation in 3GPP 29.228 agreements.
Fig. 7 is a kind of flow chart of in IMS system home subscriber server (HSS), realizing the anti-authentication swindle function of network side by mode of the present invention.
At first explanation: system intialization condition: default authentication AucIntervalTime blanking time>0; Maximum authentication number of times MaxAucTimes>0 that allows in the time interval;
System's initial value: the current authentication of certain user number of times CurAucTimes=0; The FirstAucTime=system start-up constantly of the first authentication of certain user constantly; Current system time CurTime=system start-up constantly;
As shown in Figure 7, realization is following according to the step of the method for authenticating of the embodiment of the invention in the IMS system:
(1) HSS receives the MAR authentication request that S-CSCF sends, beginning authentication process flow process.
(2) HSS judges that the moment receive the MAR request compares with authentication last time of this user record constantly, whether has surpassed the authentication blanking time of default.If surpass; Authentication guard time mistake then is described, is allowed authentication request, so the moment that HSS asks the current MAR of receiving saves as authentication moment last time of this user record; It is 1 that the current authentication of user number of times is set; Produce the authentication parameter group then, return the MAA Authentication Response and give S-CSCF, flow process finishes; If do not surpass the authentication blanking time of default blanking time, then continue next step and handle.
(3): HSS judges that whether the current authentication of this user number of times allows the authentication number of times more than or equal to the maximum of default; If allow the authentication number of times more than or equal to maximum; The MAA failed authentication that then returns the authentication refusal responds to S-CSCF, refuses this user and inserts, and flow process finishes; If allow the authentication number of times less than maximum, the current authentication of user that then adds up number of times, and produce the authentication parameter group, return the MAA Authentication Response and give S-CSCF.Flow process finishes.
In addition, when receiving S-CSCF to user registration/cancel request SAR that HSS sends, HSS should remove the current authentication of user number of times.This is because receive that the register requirement of success shows that the user has passed through authentication, so for fear of the interference to validated user, should allow validated user not limit access, so change this subscription authentication protected data into initial condition.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. the method for authenticating in the communication system is used to the user who inserts through the terminal authentication is provided, and it is characterized in that said method for authenticating comprises:
Step S102, said user sends the request of access through said terminal to system;
Step S104, the calling session control server of said system side receive said access request, and send authentication request message to home subscriber server;
Step S106, said home subscriber server receives said authentication request message, judges whether the number of times of described request authentication in the predetermined period of time reaches predetermined times, will comprise that the message of judged result sends to said calling session control server;
And
Step S108, said calling session control server carries out authentication according to said message to said user;
In said step S106; The number of times of described request authentication does not reach under the situation of said predetermined times in said predetermined period of time; Said home subscriber server produces authentication parameter according to the signatory middle key information of user; The authentication information that will comprise said authentication parameter sends to said calling session control server, and is accumulated in the number of times of described request authentication in the said predetermined period of time.
2. method for authenticating according to claim 1; It is characterized in that; In said step S106, the number of times of described request authentication reaches under the situation of said predetermined times in said predetermined period of time, and said home subscriber server is refused response message with authentication and sent to said calling session control server; Said calling session control server generates according to said refusal response message forbids inserting message, and sends it to said terminal.
3. method for authenticating according to claim 1 is characterized in that, said authentication information comprises the authentication challenge information and the first Authentication Response information at least.
4. method for authenticating according to claim 3 is characterized in that, said step S108 comprises:
Step S1082, said calling session control server send authentication challenge indication according to the said authentication challenge information that receives from said home subscriber server to said terminal;
Step S1084, said terminal receives said authentication challenge indication, generates the second Authentication Response information according to the key that has or according to the password of said user's input, and the said second Authentication Response information is sent to said calling session control server;
Step S1086, said first Authentication Response information and the said second Authentication Response information that said calling session control server will receive compare; And step S1088, according to comparative result, carry out handled.
5. method for authenticating according to claim 4; It is characterized in that; Said step S1088 comprises: if said first Authentication Response information and the said second Authentication Response information are inequality; Then send the registration failure response message to said terminal, said user receives said registration failure response message, and selects to register again or abandon registration.
6. method for authenticating according to claim 4 is characterized in that, said step S1088 comprises: if the said first Authentication Response information is identical with the said second Authentication Response information, the renewal of registration is handled.
7. method for authenticating according to claim 6 is characterized in that, is receiving in the user registration/cancel request that said calling session control server sends, and said home subscriber server is removed said user's described request authentication number of times.
8. according to each described method for authenticating in the claim 1 to 7, it is characterized in that the ratio of described request authentication number of times and said time cycle is about 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610160885A CN101197671B (en) | 2006-12-08 | 2006-12-08 | Authentication method in communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610160885A CN101197671B (en) | 2006-12-08 | 2006-12-08 | Authentication method in communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101197671A CN101197671A (en) | 2008-06-11 |
| CN101197671B true CN101197671B (en) | 2012-10-10 |
Family
ID=39547841
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610160885A Expired - Fee Related CN101197671B (en) | 2006-12-08 | 2006-12-08 | Authentication method in communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101197671B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102149216B (en) * | 2010-02-09 | 2013-10-09 | 华为技术有限公司 | Activation processing method and device |
| CN105228145A (en) * | 2014-06-24 | 2016-01-06 | 中兴通讯股份有限公司 | The method for authenticating of wireless access and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1617555A (en) * | 2003-11-10 | 2005-05-18 | 北京握奇数据系统有限公司 | Anti-cloning method for SIM card |
| CN1801815A (en) * | 2005-08-08 | 2006-07-12 | 华为技术有限公司 | Method for realizing initial Internet protocol multimedia subsystem registration |
| CN1852136A (en) * | 2005-07-19 | 2006-10-25 | 华为技术有限公司 | Registering/logout system and method thereof |
| CN1859093A (en) * | 2005-04-30 | 2006-11-08 | 华为技术有限公司 | Method for verifying user terminal in IP multimedia subsystem |
-
2006
- 2006-12-08 CN CN200610160885A patent/CN101197671B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1617555A (en) * | 2003-11-10 | 2005-05-18 | 北京握奇数据系统有限公司 | Anti-cloning method for SIM card |
| CN1859093A (en) * | 2005-04-30 | 2006-11-08 | 华为技术有限公司 | Method for verifying user terminal in IP multimedia subsystem |
| CN1852136A (en) * | 2005-07-19 | 2006-10-25 | 华为技术有限公司 | Registering/logout system and method thereof |
| CN1801815A (en) * | 2005-08-08 | 2006-07-12 | 华为技术有限公司 | Method for realizing initial Internet protocol multimedia subsystem registration |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101197671A (en) | 2008-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101197670A (en) | Authentication device for providing authentication to users accessing by terminal | |
| RU2286018C2 (en) | Method and system for repeated authentication in the base network system of ip-multimedia | |
| AU2003225476B2 (en) | Method and communication system for controlling security association lifetime | |
| US7366303B2 (en) | Integrity protection during initial registration of a subscriber in a telecommunications network | |
| EP2084882B1 (en) | Authentication in a communications network | |
| EP2375629B1 (en) | Method and apparatus for transmitting/receiving in emergency services | |
| CN101030854B (en) | Method and apparatus for inter-verifying network between multi-medium sub-systems | |
| EP1994707B1 (en) | Access control in a communication network | |
| EP1524816B1 (en) | Authentication of messages in a communication system | |
| KR20110065091A (en) | System for detecting toll fraud attack for internet telephone and method for the same | |
| CN103391539A (en) | Internet protocol multimedia subsystem (IMS) account opening method, device and system | |
| US20040043756A1 (en) | Method and system for authentication in IP multimedia core network system (IMS) | |
| CN101197671B (en) | Authentication method in communication system | |
| CN101488957A (en) | Authentication method, apparatus and system for network appliance and terminal based on SIP | |
| CN106790134A (en) | The access control method and Security Policy Server of a kind of video monitoring system | |
| CN101197672A (en) | Authentication device in communication system | |
| CN100571461C (en) | Communication system | |
| Huang et al. | One-pass authentication and key agreement procedure in IP multimedia subsystem for UMTS | |
| WO2005002166A2 (en) | Method for distributing passwords | |
| Wang et al. | Model-based vulnerability analysis of IMS network. | |
| CN100562019C (en) | Operation processing method in the IP Multimedia System and home signature user server | |
| CN101083838B (en) | HTTP abstract authentication method in IP multimedia subsystem | |
| Long et al. | Enhanced one-pass ip multimedia subsystem authentication protocol for umts | |
| CN114050906B (en) | Authentication system, authentication method, security management network element and client of SIP voice service | |
| Priselac et al. | Security risks of pre-IMS AKA access security solutions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121010 Termination date: 20151208 |
|
| EXPY | Termination of patent right or utility model |