CN101854630A - Method, system and user equipment for realizing card authentication - Google Patents
Method, system and user equipment for realizing card authentication Download PDFInfo
- Publication number
- CN101854630A CN101854630A CN201010186711A CN201010186711A CN101854630A CN 101854630 A CN101854630 A CN 101854630A CN 201010186711 A CN201010186711 A CN 201010186711A CN 201010186711 A CN201010186711 A CN 201010186711A CN 101854630 A CN101854630 A CN 101854630A
- Authority
- CN
- China
- Prior art keywords
- authentication
- tuple
- hss
- aka
- tlv triple
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/18—Service support devices; Network management devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method, a system and user equipment for realizing card authentication. The method comprises the following steps that: a service call session control functional entity (S-CSCF) requests a home subscriber server (HSS) to authenticate the user equipment (UE); when the UE is a user who performs authentication by using a triplet in a network, the HSS acquires the triplet of the UE, converts the triplet into a quintet and transmits the acquired triplet to the S-CSCF; when judging that the network can be logged in, the UE converts the triplet per se into a quintet and reports the acquired quintet to the S-CSCF; and the S-CSCF judges whether the authentication succeeds or not according to the quintet transmitted by the HSS and the quintet reported by the UE. In the method, a concept of converting the triplet into the quintet for multimedia subsystem (IMS) authentication is adopted to authenticate a subscriber identity module (SIM) card, and the HSS and UE of an IMS are only modified to a very small extent, so the cost is very low.
Description
Technical field
The present invention relates to IP Multimedia System, relate in particular to a kind of method, system and subscriber equipment of realizing the card authentication.
Background technology
At network interconnection agreement (Internet Protocol, IP) IP multimedia subsystem, IMS (IP Multimedia CoreNetwork Subsystem, IMS) in the system, key-course separates with operation layer, key-course does not provide concrete business, only is responsible for providing to operation layer controlled function such as necessary triggering, route, charging.The controlled function of key-course is that (Call Session Control Function CSCF) finishes by CSCF.
CSCF is divided into Proxy Call Session Control Function (Proxy Call Session Control Function, P-CSCF), query call conversation control function (Interrogating Call Session Control Function, I-CSCF) and service call conversation control function (Serving Call Session Control Function, S-CSCF) three types.Wherein, that take the main responsibility is S-CSCF, is used for accepting user's registration, carries out generic resource identifier (Universal Resource Identifier, URI) analyze and redirected route, trigger application server (Application Server, AS) and finish the control of calling and continue.P-CSCF is that (User Equipment UE) inserts the inlet of IMS system to subscriber equipment, and major function is that requests such as SIP registration that UE is sent, session are transmitted to I-CSCF or S-CSCF.I-CSCF is provided to the inlet of home network, and (Home Subscriber Server HSS) selects S-CSCF flexibly, and the SIP service message is routed to S-CSCF can to pass through home subscriber server.Operation layer is made up of a series of AS, and concrete business service can be provided, and AS can be an independent entity, also may reside among the S-CSCF.S-CSCF calls the business on the AS according to user's professional triggering of CAMEL-Subscription-Information control, realizes business function.AS and S-CSCF can be referred to as service equipment (Server Equipment, SE).
Mainly contain two kinds of processing modes in moving communicating field card authentication, tlv triple and five-tuple, the corresponding SIM of tlv triple (client identification module) card, corresponding USIM (the Universal Subscriber IdentityModule of five-tuple, whole world Subscriber Identity Module) and ISIM (IP Multimedia Service Identity Module, the IP multimedia service identification module) card, defined support among the IMS to USIM and ISIM, promptly support the five-tuple authentication, the XRES of USIM and ISIM card (Expected Response), AKA (Authenticationand Key Agreement, authentication and cipher key agreement) _ RAND (authentication random number), IK (Integrity Key), CK (security key) and AUTN (authentication-tokens) authentication, but how undefined IMS should support the tlv triple authentication, be the SRES (symbol response) of SIM card, RAND (random number) and Kc (encryption key) authentication, and 2G (second generation mobile communication technology) is with adopting the tlv triple authentication per family, therefore, if 2G user logins IMS and can't carry out authentication.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of method, system and subscriber equipment of realizing the card authentication, the user who solves in the network that uses the tlv triple authentication logins the problem that IMS can't carry out authentication, the authentication of user in IMS in the network of realization use tlv triple authentication.
For solving the problems of the technologies described above, a kind of method that realizes the card authentication of the present invention comprises:
Service call conversation control function (S-CSCF) request home subscriber server (HSS) carries out authentication to subscriber equipment (UE);
HSS during for the user in the network that uses the tlv triple authentication, obtains the tlv triple of this UE at UE, and this tlv triple is converted to five-tuple, and the five-tuple that obtains is handed down to S-CSCF;
UE is converted to five-tuple with self tlv triple after judging that network can be logined, the five-tuple that obtains is reported S-CSCF;
The five-tuple that five-tuple that S-CSCF issues according to HSS and UE report is judged whether success of authentication.
Further, HSS and UE adopt in a like fashion tlv triple are converted to five-tuple.
Further, tlv triple is converted to the method for five-tuple, comprises:
From tlv triple, select one or more parameters to generate intermediate parameters;
Adopt intermediate parameters, obtain SQN according to required figure place
AKA(sequence number
Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement KI), and generate AKA_RAND (authentication and cipher key agreement authentication random number) at random according to figure place;
Adopt SQN
AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
Further, S-CSCF asks this HSS that UE is carried out authentication by sending authentication request to HSS, and carries publicly-owned identity information and the privately owned identity information of UE in authentication request;
HSS judges that according to the publicly-owned identity information that carries in this authentication request and privately owned identity information whether UE is the user who uses in the network of tlv triple authentication, if then carry out the tlv triple of obtaining this UE after receiving authentication request.
Further, a kind of system that realizes the card authentication comprises: interconnective home subscriber server (HSS) and service call conversation control function (S-CSCF), wherein:
S-CSCF, be used to ask HSS that subscriber equipment (UE) is carried out authentication, this UE that reception UE reports is when judging that network can be logined, the five-tuple that five-tuple that self tlv triple is converted to and HSS issue, and the five-tuple that reports of the five-tuple that issues according to HSS and UE, judge whether success of authentication;
HSS is used for the request according to S-CSCF, during for the user in the network that uses the tlv triple authentication, obtains the tlv triple of this UE at UE, and this tlv triple is converted to five-tuple, and the five-tuple that obtains is handed down to S-CSCF.
Further, HSS and UE adopt in a like fashion tlv triple are converted to five-tuple.
Further, HSS and UE with the process that tlv triple is converted to five-tuple are:
From tlv triple, select one or more parameters to generate intermediate parameters;
Adopt intermediate parameters, obtain SQN according to required figure place
AKA(sequence number
Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement _ KI), and generate AKA_RAND (authentication and cipher key agreement _ authentication random number) at random according to figure place;
Adopt SQN
AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
Further, S-CSCF asks this HSS that UE is carried out authentication by sending authentication request to HSS, and carries publicly-owned identity information and the privately owned identity information of UE in authentication request;
HSS judges that according to the publicly-owned identity information that carries in this authentication request and privately owned identity information whether UE is the user who uses in the network of tlv triple authentication, if then carry out the tlv triple of obtaining this UE after receiving authentication request.
Further, a kind of subscriber equipment comprises: interconnective authentication judge module and data conversion module, wherein:
The authentication judge module is used to judge whether network can be logined, if can login, then notification data modular converter network can be logined;
Data conversion module is used for after knowing that network can be logined, and the tlv triple of this subscriber equipment is converted to five-tuple, and the five-tuple that obtains is reported service call conversation control function.
Further, data conversion module with the process that tlv triple is converted to five-tuple is:
From tlv triple, select one or more parameters to generate intermediate parameters;
Adopt intermediate parameters, obtain SQN according to required figure place
AKA(sequence number
Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement _ KI), and generate AKA_RAND (authentication and cipher key agreement _ authentication random number) at random according to figure place;
Adopt SQN
AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
In sum, the present invention adopts the thinking that tlv triple is converted to the five-tuple of IMS authentication, realization is carried out authentication to SIM card, can be only HSS and the UE of IMS be carried out very small amount of transformation, cost is very low, when in realizing IMS, the SIM card authentication being supported, can realize that 2G user produces IP safety (SEC) key in IMS, strengthened security of users.
Description of drawings
Fig. 1 realizes the flow chart of the method for card authentication for embodiment of the present invention;
Fig. 2 realizes the Organization Chart of the system of card authentication for embodiment of the present invention;
Fig. 3 is the structure chart of the subscriber equipment of embodiment of the present invention.
Embodiment
HSS is after receiving authentication request in the present embodiment, be the user in the network (as the 2G network) that adopts the tlv triple authentication if judge the UE of authentication, then obtain the tlv triple of UE from HLR (attaching position register) or AUC (AUC), the tlv triple to the SIM card authentication that gets access to is converted to five-tuple, and the five-tuple that obtains is handed down to S-CSCF, S-CSCF issues the RAND_AKA in the five-tuple, AUTN, IK and CK (authentication vector) give P-CSCF, RAND_AKA and AUTN that P-CSCF issues in the authentication vector give UE, UE adopts RAND_AKA and the AUTN authenticating network that receives, judge whether and to login, if the same method of then employing and HSS of can logining is converted to five-tuple with tlv triple, and the RES in the five-tuple reported S-CSCF, whether the RES that S-CSCF comparison UE reports is identical with the XRES that HSS issues, if identical then authentication success, the success of notice UE authentication; Otherwise, failure.
Fig. 1 is the method for present embodiment realization card authentication, comprising:
Step 101:UE initiates Register (registration) request message to the IMS core net, need carry user's publicly-owned identity and privately owned identity information in this message;
Step 102: after the P-CSCF of core net receives the Register request message, this message is sent to I-CSCF;
After step 103:I-CSCF receives the Register request message, send UAR (Userregistration status query, user registration state inquiry) message, inquire about information into the S-CSCF of UE service to HSS;
Step 104:HSS will return to I-CSCF for the information of the S-CSCF of UE service;
Step 105:I-CSCF is forwarded to this S-CSCF according to the information of S-CSCF with the Register request message;
After step 106:S-CSCF receives the Register request message, initiate authentication request, in authentication request, carry publicly-owned identity and the privately owned identity information of UE to HSS;
After step 107:HSS receives the authentication request of S-CSCF,, then obtain tlv triple to HLR or AUC if judge that according to publicly-owned identity and the privately owned identity information of UE UE is 2G user;
If HSS judges that according to publicly-owned identity and the privately owned identity information of UE UE is the user in the network that adopts the five-tuple authentication, then directly adopt existing method to carry out authentication.
Step 108:HSS or AUC return to HSS with tlv triple;
After step 109:HSS receives tlv triple, tlv triple is converted to five-tuple;
HSS can adopt following method that tlv triple is converted to five-tuple, but present embodiment does not limit conversion method, after the core of present embodiment is tlv triple is converted to five-tuple, can the IMS core net not changed the authentication that can realize 2G user on a large scale, those skilled in the art should understand, except adopting following conversion method, can also adopt arbitrarily other method to change, as long as satisfying the figure place of each parameter requires, how value all can be selected arbitrarily, as long as make an appointment with UE, adopt which kind of conversion method not influence the enforcement of present embodiment.
Key_material=SHA1(KC|SRES);
Key_material is an intermediate parameters, SHA1 is a hash function, KC and SRES are the parameter in the tlv triple, also can not adopt hash function herein, as adopting high low level to exchange or also can not carrying out computing etc., equally, the parameter of hash function also can be selected in the tlv triple one or more arbitrarily.
SQN
AKA(sequence number
Authentication and cipher key agreement)=SQN
HSS| the most-significant byte of Key_material;
SQN
HSSAuthentication authentication serial number for signatory among the HSS, is not defined as SQN herein equally by totally 40
HSS, other sequence of 40 also can, and do not limit the most-significant byte of Key_material, any 8 all can, as long as satisfy SQN
AKA48 figure place requires to get final product.
16 (8~23) immediately following most-significant byte of AMF (authentication management field)=Key_material;
AMF also can get any 16 of Key_material, gets 16 of closelying follow behind the most-significant byte and is based on SQN
AKAThe middle most-significant byte that adopts Key_material, this following the example of can increase fail safe.
AKA_Key (AKA_ KI)=Key_material hangs down 128;
Any 128 of the same desirable Key_material of AKA_Key.
AKA_RAND=128 position random number.
Obtain SQN
AKA, after AMF, AKA_Key and these four parameters of AKA_RAND, adopting protocol number is F1~F5 function of stipulating among the 3GPP33.401, and above-mentioned four parameters of obtaining as going into to join, are obtained five-tuple.
Perhaps adopt following rule to obtain above-mentioned four and go into ginseng:
Key_material=SHA1(KC|SRES);
SQN
AKA=SQN
HSS| the least-significant byte of Key_material;
Before the AMF=Key_material least-significant byte adjacent 16;
AKA_Key=Key_material's is high 128;
AKA_RAND=128 position random number.
Step 110:HSS is handed down to S-CSCF with the five-tuple that is converted to;
After step 111:S-CSCF received five-tuple, (RAND_AKA, AUTN, IK and CK) was transmitted to P-CSCF by I-CSCF with authentication vector;
After step 112:P-CSCF receives authentication vector, RAND_AKA in the authentication vector and AUTN are handed down to UE;
After step 113:UE receives RAND_AKA and AUTN from P-CSCF, carry out network authentication and judge whether to sign in in the network, if can login, then the same method of employing and HSS is converted to five-tuple with tlv triple;
Step 114:UE reports S-CSCF with the RES in the five-tuple by PCSCF and ICSCF;
Whether the RES that step 115:S-CSCF comparison UE reports is identical to judge whether authentication is successful with the XRES that HSS issues, if identical then authentication is successful, otherwise, failed authentication;
Step 116:S-CSCF is handed down to UE by ICSCF and PCSCF with authenticating result.
Figure 2 shows that the system of the realization card authentication of present embodiment, comprising: HSS, S-CSCF, P-CSCF, I-CSCF and HLR (or AUC), wherein, S-CSCF, P-CSCF and I-CSCF interconnect, and HSS links to each other with I-CSCF with S-CSCF, HLR respectively;
HSS, be used for after receiving the authentication request of S-CSCF UE, according to publicly-owned identity information that carries UE in the authentication request and privately owned identity information, judge that whether UE is the user who uses in the network of tlv triple authentication, when judging this UE for the user in the network that uses the tlv triple authentication, obtain the tlv triple of this UE from HLR, and this tlv triple is converted to five-tuple, the five-tuple that obtains is handed down to S-CSCF.
S-CSCF is used to receive UE when judging that network can be logined, and the five-tuple that self tlv triple is converted to, and HSS five-tuple that issues and the five-tuple that UE reports relatively judge whether successfully authentication.
HSS and UE adopt in a like fashion tlv triple are converted to five-tuple.HSS and UE with the process that tlv triple is converted to five-tuple are: select one or more parameters to generate intermediate parameters from tlv triple; Adopt intermediate parameters, obtain SQN according to required figure place
AKA, authentication management field (AMF) and AKA_Key, and generate AKA_RAND at random according to figure place; Adopt SQN
AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
Other function that is realized of each functional unit please refer to the description of method content in the system.
As shown in Figure 3, present embodiment also provides a kind of subscriber equipment, comprising: interconnective authentication judge module and data conversion module, wherein:
The authentication judge module is used to judge whether network can be logined, if can login, then notification data modular converter network can be logined;
Data conversion module is used for after knowing that network can be logined, and the tlv triple of this subscriber equipment is converted to five-tuple, and the five-tuple that obtains is reported service call conversation control function.Data conversion module with the process that tlv triple is converted to five-tuple is: select one or more parameters to generate intermediate parameters from tlv triple; Adopt intermediate parameters, obtain SQN according to required figure place
AKA, authentication management field (AMF) and AKA_Key, and generate AKA_RAND at random according to figure place; Adopt SQN
AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art are when making various corresponding changes and distortion according to the present invention; but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention; for example the present invention also has other forms of method according to tlv triple generation five-tuple, and these are not as limitation of the present invention.
Claims (10)
1. method that realizes the card authentication comprises:
Service call conversation control function (S-CSCF) request home subscriber server (HSS) carries out authentication to subscriber equipment (UE);
Described HSS during for the user in the network that uses the tlv triple authentication, obtains the tlv triple of this UE at described UE, and this tlv triple is converted to five-tuple, and the five-tuple that obtains is handed down to described S-CSCF;
Described UE is converted to five-tuple with self tlv triple after judging that network can be logined, the five-tuple that obtains is reported described S-CSCF;
The five-tuple that five-tuple that described S-CSCF issues according to described HSS and described UE report is judged whether success of authentication.
2. the method for claim 1 is characterized in that:
Described HSS and described UE adopt in a like fashion described tlv triple are converted to five-tuple.
3. method as claimed in claim 1 or 2 is characterized in that, described tlv triple is converted to the method for five-tuple, comprising:
From described tlv triple, select one or more parameters to generate intermediate parameters;
Adopt described intermediate parameters, obtain SQN according to required figure place
AKA(sequence number
Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement KI), and generate AKA_RAND (authentication and cipher key agreement authentication random number) at random according to figure place;
Adopt described SQN
AKA, AMF, AKA_Key and AKA_RAND generate described five-tuple.
4. method as claimed in claim 1 or 2 is characterized in that:
Described S-CSCF asks this HSS that described UE is carried out authentication by sending authentication request to described HSS, and carries publicly-owned identity information and the privately owned identity information of described UE in described authentication request;
Described HSS is after receiving described authentication request, judge that according to the described publicly-owned identity information that carries in this authentication request and privately owned identity information whether described UE is the user who uses in the network of tlv triple authentication, if then carry out the described tlv triple of obtaining this UE.
5. system that realizes the card authentication comprises: interconnective home subscriber server (HSS) and service call conversation control function (S-CSCF), wherein:
Described S-CSCF, be used to ask described HSS that subscriber equipment (UE) is carried out authentication, receive this UE that described UE reports when judging that network can be logined, the five-tuple that five-tuple that self tlv triple is converted to and described HSS issue, and the five-tuple that reports of the five-tuple that issues according to described HSS and described UE, judge whether success of authentication;
Described HSS is used for the request according to described S-CSCF, during for the user in the network that uses the tlv triple authentication, obtains the tlv triple of this UE at described UE, and this tlv triple is converted to five-tuple, and the five-tuple that obtains is handed down to described S-CSCF.
6. system as claimed in claim 5 is characterized in that:
Described HSS and described UE adopt in a like fashion described tlv triple are converted to five-tuple.
7. as claim 5 or 6 described methods, it is characterized in that described HSS and described UE with the process that described tlv triple is converted to five-tuple are:
From described tlv triple, select one or more parameters to generate intermediate parameters;
Adopt described intermediate parameters, obtain SQN according to required figure place
AKA(sequence number
Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement KI), and generate AKA_RAND (authentication and cipher key agreement authentication random number) at random according to figure place;
Adopt described SQN
AKA, AMF, AKA_Key and AKA_RAND generate described five-tuple.
8. as claim 5 or 6 described systems, it is characterized in that:
Described S-CSCF asks this HSS that described UE is carried out authentication by sending authentication request to described HSS, and carries publicly-owned identity information and the privately owned identity information of described UE in described authentication request;
Described HSS is after receiving described authentication request, judge that according to the described publicly-owned identity information that carries in this authentication request and privately owned identity information whether described UE is the user who uses in the network of tlv triple authentication, if then carry out the described tlv triple of obtaining this UE.
9. subscriber equipment comprises: interconnective authentication judge module and data conversion module, wherein:
Described authentication judge module is used to judge whether network can be logined, if can login, then notifies described data conversion module network to login;
Described data conversion module is used for after knowing that network can be logined, and the tlv triple of this subscriber equipment is converted to five-tuple, and the five-tuple that obtains is reported service call conversation control function.
10. subscriber equipment as claimed in claim 9 is characterized in that, described data conversion module with the process that described tlv triple is converted to five-tuple is:
From described tlv triple, select one or more parameters to generate intermediate parameters;
Adopt described intermediate parameters, obtain SQN according to required figure place
AKA(sequence number
Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement KI), and generate AKA_RAND (authentication and cipher key agreement authentication random number) at random according to figure place;
Adopt described SQN
AKA, AMF, AKA_Key and AKA_RAND generate described five-tuple.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010186711A CN101854630A (en) | 2010-05-25 | 2010-05-25 | Method, system and user equipment for realizing card authentication |
PCT/CN2011/073957 WO2011147258A1 (en) | 2010-05-25 | 2011-05-11 | Card authenticating method, system and user equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010186711A CN101854630A (en) | 2010-05-25 | 2010-05-25 | Method, system and user equipment for realizing card authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101854630A true CN101854630A (en) | 2010-10-06 |
Family
ID=42805836
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201010186711A Pending CN101854630A (en) | 2010-05-25 | 2010-05-25 | Method, system and user equipment for realizing card authentication |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101854630A (en) |
WO (1) | WO2011147258A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011147258A1 (en) * | 2010-05-25 | 2011-12-01 | 中兴通讯股份有限公司 | Card authenticating method, system and user equipment |
CN104584477A (en) * | 2013-07-31 | 2015-04-29 | 华为技术有限公司 | Authentication method, method of generating credentials, and associated device |
CN110622572A (en) * | 2017-05-09 | 2019-12-27 | 夏普株式会社 | User device |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103179563B (en) * | 2011-12-20 | 2015-08-05 | 中国电信股份有限公司 | Access authentication method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1697373A (en) * | 2005-06-17 | 2005-11-16 | 中兴通讯股份有限公司 | Method for negotiating about cipher key shared by users and application server |
CN1756428A (en) * | 2004-09-30 | 2006-04-05 | 华为技术有限公司 | Method for carrying out authentication for terminal user identification module in IP multimedia subsystem |
CN1921378A (en) * | 2006-09-28 | 2007-02-28 | 中国移动通信集团公司 | Method and system for negotiating new discrimination key |
CN101247630A (en) * | 2007-02-14 | 2008-08-20 | 中国移动通信集团公司 | System and method for implementing multimedia broadcasting service cryptographic key negotiation |
CN101588579A (en) * | 2008-05-20 | 2009-11-25 | 华为技术有限公司 | System and method for authenticating user equipment and base station subsystem thereof |
CN101600205A (en) * | 2009-07-10 | 2009-12-09 | 华为技术有限公司 | The method and the relevant device of SIM card subscriber equipment cut-in evolution network |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101854630A (en) * | 2010-05-25 | 2010-10-06 | 中兴通讯股份有限公司 | Method, system and user equipment for realizing card authentication |
-
2010
- 2010-05-25 CN CN201010186711A patent/CN101854630A/en active Pending
-
2011
- 2011-05-11 WO PCT/CN2011/073957 patent/WO2011147258A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1756428A (en) * | 2004-09-30 | 2006-04-05 | 华为技术有限公司 | Method for carrying out authentication for terminal user identification module in IP multimedia subsystem |
CN1697373A (en) * | 2005-06-17 | 2005-11-16 | 中兴通讯股份有限公司 | Method for negotiating about cipher key shared by users and application server |
CN1921378A (en) * | 2006-09-28 | 2007-02-28 | 中国移动通信集团公司 | Method and system for negotiating new discrimination key |
CN101247630A (en) * | 2007-02-14 | 2008-08-20 | 中国移动通信集团公司 | System and method for implementing multimedia broadcasting service cryptographic key negotiation |
CN101588579A (en) * | 2008-05-20 | 2009-11-25 | 华为技术有限公司 | System and method for authenticating user equipment and base station subsystem thereof |
CN101600205A (en) * | 2009-07-10 | 2009-12-09 | 华为技术有限公司 | The method and the relevant device of SIM card subscriber equipment cut-in evolution network |
Non-Patent Citations (2)
Title |
---|
3GPP: ""Security architecture",3GPP TS 33.102,V9.2.0,2010-03", 《3GPP TS 33.102》, 6 April 2010 (2010-04-06) * |
3GPP: ""Security architecture",3GPP TS 33.401,V8.6.0,2009-12", 《3GPP TS 33.401》, 18 December 2009 (2009-12-18) * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011147258A1 (en) * | 2010-05-25 | 2011-12-01 | 中兴通讯股份有限公司 | Card authenticating method, system and user equipment |
CN104584477A (en) * | 2013-07-31 | 2015-04-29 | 华为技术有限公司 | Authentication method, method of generating credentials, and associated device |
CN104584477B (en) * | 2013-07-31 | 2017-11-17 | 华为技术有限公司 | Authentication method, the method and relevant apparatus for generating credential |
CN110622572A (en) * | 2017-05-09 | 2019-12-27 | 夏普株式会社 | User device |
Also Published As
Publication number | Publication date |
---|---|
WO2011147258A1 (en) | 2011-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2521304B1 (en) | Authentication method, system and apparatus | |
US10142305B2 (en) | Local security key generation | |
US9503890B2 (en) | Method and apparatus for delivering keying information | |
US8613058B2 (en) | Systems, methods and computer program products for providing additional authentication beyond user equipment authentication in an IMS network | |
CN102006294B (en) | IP multimedia subsystem (IMS) multimedia communication method and system as well as terminal and IMS core network | |
CN100461942C (en) | Method for selecting safety mechanism of IP multimedia subsystem acess field | |
US10708783B2 (en) | Method for performing multiple authentications within service registration procedure | |
CN1835436B (en) | General power authentication frame and method of realizing power auttientication | |
US20110276798A1 (en) | Security management method and system for wapi terminal accessing ims network | |
CN101242634A (en) | Service providing system, device and method | |
WO2008116804A1 (en) | Method for providing subscriptions to packet-switched networks | |
US9241264B2 (en) | Network access authentication for user equipment communicating in multiple networks | |
CN102196426A (en) | Method, device and system for accessing IMS (IP multimedia subsystem) network | |
US11343674B2 (en) | Apparatus, systems and methods for providing telephony services to multiple devices | |
US9326141B2 (en) | Internet protocol multimedia subsystem (IMS) authentication for non-IMS subscribers | |
CN101854630A (en) | Method, system and user equipment for realizing card authentication | |
CN106790055B (en) | Registration method and device of IMS (IP multimedia subsystem) | |
CN101198148B (en) | Information distribution method for mobile terminal | |
CN101621501B (en) | User registration control method and session functional control entity of communication system | |
Tang et al. | A study of an open source IP Multimedia Subsystem test bed | |
CN108881118B (en) | IMS (IP multimedia subsystem) cascade networking method and equipment | |
JP2012010051A (en) | Ims authentication control system and ims authentication control method | |
Sun et al. | Efficient authentication and key agreement procedure in IP multimedia subsystem for UMTS | |
Rajavelsamy et al. | Efficient registration procedure for multi-domain authentication for mission critical communication services | |
Radier et al. | A vehicle gateway to manage IP multimedia subsystem autonomous mobility |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20101006 |