CN101854630A - Method, system and user equipment for realizing card authentication - Google Patents

Method, system and user equipment for realizing card authentication Download PDF

Info

Publication number
CN101854630A
CN101854630A CN201010186711A CN201010186711A CN101854630A CN 101854630 A CN101854630 A CN 101854630A CN 201010186711 A CN201010186711 A CN 201010186711A CN 201010186711 A CN201010186711 A CN 201010186711A CN 101854630 A CN101854630 A CN 101854630A
Authority
CN
China
Prior art keywords
authentication
tuple
hss
aka
tlv triple
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201010186711A
Other languages
Chinese (zh)
Inventor
吕培元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201010186711A priority Critical patent/CN101854630A/en
Publication of CN101854630A publication Critical patent/CN101854630A/en
Priority to PCT/CN2011/073957 priority patent/WO2011147258A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/18Service support devices; Network management devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method, a system and user equipment for realizing card authentication. The method comprises the following steps that: a service call session control functional entity (S-CSCF) requests a home subscriber server (HSS) to authenticate the user equipment (UE); when the UE is a user who performs authentication by using a triplet in a network, the HSS acquires the triplet of the UE, converts the triplet into a quintet and transmits the acquired triplet to the S-CSCF; when judging that the network can be logged in, the UE converts the triplet per se into a quintet and reports the acquired quintet to the S-CSCF; and the S-CSCF judges whether the authentication succeeds or not according to the quintet transmitted by the HSS and the quintet reported by the UE. In the method, a concept of converting the triplet into the quintet for multimedia subsystem (IMS) authentication is adopted to authenticate a subscriber identity module (SIM) card, and the HSS and UE of an IMS are only modified to a very small extent, so the cost is very low.

Description

A kind of method, system and subscriber equipment of realizing the card authentication
Technical field
The present invention relates to IP Multimedia System, relate in particular to a kind of method, system and subscriber equipment of realizing the card authentication.
Background technology
At network interconnection agreement (Internet Protocol, IP) IP multimedia subsystem, IMS (IP Multimedia CoreNetwork Subsystem, IMS) in the system, key-course separates with operation layer, key-course does not provide concrete business, only is responsible for providing to operation layer controlled function such as necessary triggering, route, charging.The controlled function of key-course is that (Call Session Control Function CSCF) finishes by CSCF.
CSCF is divided into Proxy Call Session Control Function (Proxy Call Session Control Function, P-CSCF), query call conversation control function (Interrogating Call Session Control Function, I-CSCF) and service call conversation control function (Serving Call Session Control Function, S-CSCF) three types.Wherein, that take the main responsibility is S-CSCF, is used for accepting user's registration, carries out generic resource identifier (Universal Resource Identifier, URI) analyze and redirected route, trigger application server (Application Server, AS) and finish the control of calling and continue.P-CSCF is that (User Equipment UE) inserts the inlet of IMS system to subscriber equipment, and major function is that requests such as SIP registration that UE is sent, session are transmitted to I-CSCF or S-CSCF.I-CSCF is provided to the inlet of home network, and (Home Subscriber Server HSS) selects S-CSCF flexibly, and the SIP service message is routed to S-CSCF can to pass through home subscriber server.Operation layer is made up of a series of AS, and concrete business service can be provided, and AS can be an independent entity, also may reside among the S-CSCF.S-CSCF calls the business on the AS according to user's professional triggering of CAMEL-Subscription-Information control, realizes business function.AS and S-CSCF can be referred to as service equipment (Server Equipment, SE).
Mainly contain two kinds of processing modes in moving communicating field card authentication, tlv triple and five-tuple, the corresponding SIM of tlv triple (client identification module) card, corresponding USIM (the Universal Subscriber IdentityModule of five-tuple, whole world Subscriber Identity Module) and ISIM (IP Multimedia Service Identity Module, the IP multimedia service identification module) card, defined support among the IMS to USIM and ISIM, promptly support the five-tuple authentication, the XRES of USIM and ISIM card (Expected Response), AKA (Authenticationand Key Agreement, authentication and cipher key agreement) _ RAND (authentication random number), IK (Integrity Key), CK (security key) and AUTN (authentication-tokens) authentication, but how undefined IMS should support the tlv triple authentication, be the SRES (symbol response) of SIM card, RAND (random number) and Kc (encryption key) authentication, and 2G (second generation mobile communication technology) is with adopting the tlv triple authentication per family, therefore, if 2G user logins IMS and can't carry out authentication.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of method, system and subscriber equipment of realizing the card authentication, the user who solves in the network that uses the tlv triple authentication logins the problem that IMS can't carry out authentication, the authentication of user in IMS in the network of realization use tlv triple authentication.
For solving the problems of the technologies described above, a kind of method that realizes the card authentication of the present invention comprises:
Service call conversation control function (S-CSCF) request home subscriber server (HSS) carries out authentication to subscriber equipment (UE);
HSS during for the user in the network that uses the tlv triple authentication, obtains the tlv triple of this UE at UE, and this tlv triple is converted to five-tuple, and the five-tuple that obtains is handed down to S-CSCF;
UE is converted to five-tuple with self tlv triple after judging that network can be logined, the five-tuple that obtains is reported S-CSCF;
The five-tuple that five-tuple that S-CSCF issues according to HSS and UE report is judged whether success of authentication.
Further, HSS and UE adopt in a like fashion tlv triple are converted to five-tuple.
Further, tlv triple is converted to the method for five-tuple, comprises:
From tlv triple, select one or more parameters to generate intermediate parameters;
Adopt intermediate parameters, obtain SQN according to required figure place AKA(sequence number Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement KI), and generate AKA_RAND (authentication and cipher key agreement authentication random number) at random according to figure place;
Adopt SQN AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
Further, S-CSCF asks this HSS that UE is carried out authentication by sending authentication request to HSS, and carries publicly-owned identity information and the privately owned identity information of UE in authentication request;
HSS judges that according to the publicly-owned identity information that carries in this authentication request and privately owned identity information whether UE is the user who uses in the network of tlv triple authentication, if then carry out the tlv triple of obtaining this UE after receiving authentication request.
Further, a kind of system that realizes the card authentication comprises: interconnective home subscriber server (HSS) and service call conversation control function (S-CSCF), wherein:
S-CSCF, be used to ask HSS that subscriber equipment (UE) is carried out authentication, this UE that reception UE reports is when judging that network can be logined, the five-tuple that five-tuple that self tlv triple is converted to and HSS issue, and the five-tuple that reports of the five-tuple that issues according to HSS and UE, judge whether success of authentication;
HSS is used for the request according to S-CSCF, during for the user in the network that uses the tlv triple authentication, obtains the tlv triple of this UE at UE, and this tlv triple is converted to five-tuple, and the five-tuple that obtains is handed down to S-CSCF.
Further, HSS and UE adopt in a like fashion tlv triple are converted to five-tuple.
Further, HSS and UE with the process that tlv triple is converted to five-tuple are:
From tlv triple, select one or more parameters to generate intermediate parameters;
Adopt intermediate parameters, obtain SQN according to required figure place AKA(sequence number Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement _ KI), and generate AKA_RAND (authentication and cipher key agreement _ authentication random number) at random according to figure place;
Adopt SQN AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
Further, S-CSCF asks this HSS that UE is carried out authentication by sending authentication request to HSS, and carries publicly-owned identity information and the privately owned identity information of UE in authentication request;
HSS judges that according to the publicly-owned identity information that carries in this authentication request and privately owned identity information whether UE is the user who uses in the network of tlv triple authentication, if then carry out the tlv triple of obtaining this UE after receiving authentication request.
Further, a kind of subscriber equipment comprises: interconnective authentication judge module and data conversion module, wherein:
The authentication judge module is used to judge whether network can be logined, if can login, then notification data modular converter network can be logined;
Data conversion module is used for after knowing that network can be logined, and the tlv triple of this subscriber equipment is converted to five-tuple, and the five-tuple that obtains is reported service call conversation control function.
Further, data conversion module with the process that tlv triple is converted to five-tuple is:
From tlv triple, select one or more parameters to generate intermediate parameters;
Adopt intermediate parameters, obtain SQN according to required figure place AKA(sequence number Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement _ KI), and generate AKA_RAND (authentication and cipher key agreement _ authentication random number) at random according to figure place;
Adopt SQN AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
In sum, the present invention adopts the thinking that tlv triple is converted to the five-tuple of IMS authentication, realization is carried out authentication to SIM card, can be only HSS and the UE of IMS be carried out very small amount of transformation, cost is very low, when in realizing IMS, the SIM card authentication being supported, can realize that 2G user produces IP safety (SEC) key in IMS, strengthened security of users.
Description of drawings
Fig. 1 realizes the flow chart of the method for card authentication for embodiment of the present invention;
Fig. 2 realizes the Organization Chart of the system of card authentication for embodiment of the present invention;
Fig. 3 is the structure chart of the subscriber equipment of embodiment of the present invention.
Embodiment
HSS is after receiving authentication request in the present embodiment, be the user in the network (as the 2G network) that adopts the tlv triple authentication if judge the UE of authentication, then obtain the tlv triple of UE from HLR (attaching position register) or AUC (AUC), the tlv triple to the SIM card authentication that gets access to is converted to five-tuple, and the five-tuple that obtains is handed down to S-CSCF, S-CSCF issues the RAND_AKA in the five-tuple, AUTN, IK and CK (authentication vector) give P-CSCF, RAND_AKA and AUTN that P-CSCF issues in the authentication vector give UE, UE adopts RAND_AKA and the AUTN authenticating network that receives, judge whether and to login, if the same method of then employing and HSS of can logining is converted to five-tuple with tlv triple, and the RES in the five-tuple reported S-CSCF, whether the RES that S-CSCF comparison UE reports is identical with the XRES that HSS issues, if identical then authentication success, the success of notice UE authentication; Otherwise, failure.
Fig. 1 is the method for present embodiment realization card authentication, comprising:
Step 101:UE initiates Register (registration) request message to the IMS core net, need carry user's publicly-owned identity and privately owned identity information in this message;
Step 102: after the P-CSCF of core net receives the Register request message, this message is sent to I-CSCF;
After step 103:I-CSCF receives the Register request message, send UAR (Userregistration status query, user registration state inquiry) message, inquire about information into the S-CSCF of UE service to HSS;
Step 104:HSS will return to I-CSCF for the information of the S-CSCF of UE service;
Step 105:I-CSCF is forwarded to this S-CSCF according to the information of S-CSCF with the Register request message;
After step 106:S-CSCF receives the Register request message, initiate authentication request, in authentication request, carry publicly-owned identity and the privately owned identity information of UE to HSS;
After step 107:HSS receives the authentication request of S-CSCF,, then obtain tlv triple to HLR or AUC if judge that according to publicly-owned identity and the privately owned identity information of UE UE is 2G user;
If HSS judges that according to publicly-owned identity and the privately owned identity information of UE UE is the user in the network that adopts the five-tuple authentication, then directly adopt existing method to carry out authentication.
Step 108:HSS or AUC return to HSS with tlv triple;
After step 109:HSS receives tlv triple, tlv triple is converted to five-tuple;
HSS can adopt following method that tlv triple is converted to five-tuple, but present embodiment does not limit conversion method, after the core of present embodiment is tlv triple is converted to five-tuple, can the IMS core net not changed the authentication that can realize 2G user on a large scale, those skilled in the art should understand, except adopting following conversion method, can also adopt arbitrarily other method to change, as long as satisfying the figure place of each parameter requires, how value all can be selected arbitrarily, as long as make an appointment with UE, adopt which kind of conversion method not influence the enforcement of present embodiment.
Key_material=SHA1(KC|SRES);
Key_material is an intermediate parameters, SHA1 is a hash function, KC and SRES are the parameter in the tlv triple, also can not adopt hash function herein, as adopting high low level to exchange or also can not carrying out computing etc., equally, the parameter of hash function also can be selected in the tlv triple one or more arbitrarily.
SQN AKA(sequence number Authentication and cipher key agreement)=SQN HSS| the most-significant byte of Key_material;
SQN HSSAuthentication authentication serial number for signatory among the HSS, is not defined as SQN herein equally by totally 40 HSS, other sequence of 40 also can, and do not limit the most-significant byte of Key_material, any 8 all can, as long as satisfy SQN AKA48 figure place requires to get final product.
16 (8~23) immediately following most-significant byte of AMF (authentication management field)=Key_material;
AMF also can get any 16 of Key_material, gets 16 of closelying follow behind the most-significant byte and is based on SQN AKAThe middle most-significant byte that adopts Key_material, this following the example of can increase fail safe.
AKA_Key (AKA_ KI)=Key_material hangs down 128;
Any 128 of the same desirable Key_material of AKA_Key.
AKA_RAND=128 position random number.
Obtain SQN AKA, after AMF, AKA_Key and these four parameters of AKA_RAND, adopting protocol number is F1~F5 function of stipulating among the 3GPP33.401, and above-mentioned four parameters of obtaining as going into to join, are obtained five-tuple.
Perhaps adopt following rule to obtain above-mentioned four and go into ginseng:
Key_material=SHA1(KC|SRES);
SQN AKA=SQN HSS| the least-significant byte of Key_material;
Before the AMF=Key_material least-significant byte adjacent 16;
AKA_Key=Key_material's is high 128;
AKA_RAND=128 position random number.
Step 110:HSS is handed down to S-CSCF with the five-tuple that is converted to;
After step 111:S-CSCF received five-tuple, (RAND_AKA, AUTN, IK and CK) was transmitted to P-CSCF by I-CSCF with authentication vector;
After step 112:P-CSCF receives authentication vector, RAND_AKA in the authentication vector and AUTN are handed down to UE;
After step 113:UE receives RAND_AKA and AUTN from P-CSCF, carry out network authentication and judge whether to sign in in the network, if can login, then the same method of employing and HSS is converted to five-tuple with tlv triple;
Step 114:UE reports S-CSCF with the RES in the five-tuple by PCSCF and ICSCF;
Whether the RES that step 115:S-CSCF comparison UE reports is identical to judge whether authentication is successful with the XRES that HSS issues, if identical then authentication is successful, otherwise, failed authentication;
Step 116:S-CSCF is handed down to UE by ICSCF and PCSCF with authenticating result.
Figure 2 shows that the system of the realization card authentication of present embodiment, comprising: HSS, S-CSCF, P-CSCF, I-CSCF and HLR (or AUC), wherein, S-CSCF, P-CSCF and I-CSCF interconnect, and HSS links to each other with I-CSCF with S-CSCF, HLR respectively;
HSS, be used for after receiving the authentication request of S-CSCF UE, according to publicly-owned identity information that carries UE in the authentication request and privately owned identity information, judge that whether UE is the user who uses in the network of tlv triple authentication, when judging this UE for the user in the network that uses the tlv triple authentication, obtain the tlv triple of this UE from HLR, and this tlv triple is converted to five-tuple, the five-tuple that obtains is handed down to S-CSCF.
S-CSCF is used to receive UE when judging that network can be logined, and the five-tuple that self tlv triple is converted to, and HSS five-tuple that issues and the five-tuple that UE reports relatively judge whether successfully authentication.
HSS and UE adopt in a like fashion tlv triple are converted to five-tuple.HSS and UE with the process that tlv triple is converted to five-tuple are: select one or more parameters to generate intermediate parameters from tlv triple; Adopt intermediate parameters, obtain SQN according to required figure place AKA, authentication management field (AMF) and AKA_Key, and generate AKA_RAND at random according to figure place; Adopt SQN AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
Other function that is realized of each functional unit please refer to the description of method content in the system.
As shown in Figure 3, present embodiment also provides a kind of subscriber equipment, comprising: interconnective authentication judge module and data conversion module, wherein:
The authentication judge module is used to judge whether network can be logined, if can login, then notification data modular converter network can be logined;
Data conversion module is used for after knowing that network can be logined, and the tlv triple of this subscriber equipment is converted to five-tuple, and the five-tuple that obtains is reported service call conversation control function.Data conversion module with the process that tlv triple is converted to five-tuple is: select one or more parameters to generate intermediate parameters from tlv triple; Adopt intermediate parameters, obtain SQN according to required figure place AKA, authentication management field (AMF) and AKA_Key, and generate AKA_RAND at random according to figure place; Adopt SQN AKA, AMF, AKA_Key and AKA_RAND generate five-tuple.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art are when making various corresponding changes and distortion according to the present invention; but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention; for example the present invention also has other forms of method according to tlv triple generation five-tuple, and these are not as limitation of the present invention.

Claims (10)

1. method that realizes the card authentication comprises:
Service call conversation control function (S-CSCF) request home subscriber server (HSS) carries out authentication to subscriber equipment (UE);
Described HSS during for the user in the network that uses the tlv triple authentication, obtains the tlv triple of this UE at described UE, and this tlv triple is converted to five-tuple, and the five-tuple that obtains is handed down to described S-CSCF;
Described UE is converted to five-tuple with self tlv triple after judging that network can be logined, the five-tuple that obtains is reported described S-CSCF;
The five-tuple that five-tuple that described S-CSCF issues according to described HSS and described UE report is judged whether success of authentication.
2. the method for claim 1 is characterized in that:
Described HSS and described UE adopt in a like fashion described tlv triple are converted to five-tuple.
3. method as claimed in claim 1 or 2 is characterized in that, described tlv triple is converted to the method for five-tuple, comprising:
From described tlv triple, select one or more parameters to generate intermediate parameters;
Adopt described intermediate parameters, obtain SQN according to required figure place AKA(sequence number Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement KI), and generate AKA_RAND (authentication and cipher key agreement authentication random number) at random according to figure place;
Adopt described SQN AKA, AMF, AKA_Key and AKA_RAND generate described five-tuple.
4. method as claimed in claim 1 or 2 is characterized in that:
Described S-CSCF asks this HSS that described UE is carried out authentication by sending authentication request to described HSS, and carries publicly-owned identity information and the privately owned identity information of described UE in described authentication request;
Described HSS is after receiving described authentication request, judge that according to the described publicly-owned identity information that carries in this authentication request and privately owned identity information whether described UE is the user who uses in the network of tlv triple authentication, if then carry out the described tlv triple of obtaining this UE.
5. system that realizes the card authentication comprises: interconnective home subscriber server (HSS) and service call conversation control function (S-CSCF), wherein:
Described S-CSCF, be used to ask described HSS that subscriber equipment (UE) is carried out authentication, receive this UE that described UE reports when judging that network can be logined, the five-tuple that five-tuple that self tlv triple is converted to and described HSS issue, and the five-tuple that reports of the five-tuple that issues according to described HSS and described UE, judge whether success of authentication;
Described HSS is used for the request according to described S-CSCF, during for the user in the network that uses the tlv triple authentication, obtains the tlv triple of this UE at described UE, and this tlv triple is converted to five-tuple, and the five-tuple that obtains is handed down to described S-CSCF.
6. system as claimed in claim 5 is characterized in that:
Described HSS and described UE adopt in a like fashion described tlv triple are converted to five-tuple.
7. as claim 5 or 6 described methods, it is characterized in that described HSS and described UE with the process that described tlv triple is converted to five-tuple are:
From described tlv triple, select one or more parameters to generate intermediate parameters;
Adopt described intermediate parameters, obtain SQN according to required figure place AKA(sequence number Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement KI), and generate AKA_RAND (authentication and cipher key agreement authentication random number) at random according to figure place;
Adopt described SQN AKA, AMF, AKA_Key and AKA_RAND generate described five-tuple.
8. as claim 5 or 6 described systems, it is characterized in that:
Described S-CSCF asks this HSS that described UE is carried out authentication by sending authentication request to described HSS, and carries publicly-owned identity information and the privately owned identity information of described UE in described authentication request;
Described HSS is after receiving described authentication request, judge that according to the described publicly-owned identity information that carries in this authentication request and privately owned identity information whether described UE is the user who uses in the network of tlv triple authentication, if then carry out the described tlv triple of obtaining this UE.
9. subscriber equipment comprises: interconnective authentication judge module and data conversion module, wherein:
Described authentication judge module is used to judge whether network can be logined, if can login, then notifies described data conversion module network to login;
Described data conversion module is used for after knowing that network can be logined, and the tlv triple of this subscriber equipment is converted to five-tuple, and the five-tuple that obtains is reported service call conversation control function.
10. subscriber equipment as claimed in claim 9 is characterized in that, described data conversion module with the process that described tlv triple is converted to five-tuple is:
From described tlv triple, select one or more parameters to generate intermediate parameters;
Adopt described intermediate parameters, obtain SQN according to required figure place AKA(sequence number Authentication and cipher key agreement), authentication management field (AMF) and AKA_Key (authentication and cipher key agreement KI), and generate AKA_RAND (authentication and cipher key agreement authentication random number) at random according to figure place;
Adopt described SQN AKA, AMF, AKA_Key and AKA_RAND generate described five-tuple.
CN201010186711A 2010-05-25 2010-05-25 Method, system and user equipment for realizing card authentication Pending CN101854630A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201010186711A CN101854630A (en) 2010-05-25 2010-05-25 Method, system and user equipment for realizing card authentication
PCT/CN2011/073957 WO2011147258A1 (en) 2010-05-25 2011-05-11 Card authenticating method, system and user equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010186711A CN101854630A (en) 2010-05-25 2010-05-25 Method, system and user equipment for realizing card authentication

Publications (1)

Publication Number Publication Date
CN101854630A true CN101854630A (en) 2010-10-06

Family

ID=42805836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010186711A Pending CN101854630A (en) 2010-05-25 2010-05-25 Method, system and user equipment for realizing card authentication

Country Status (2)

Country Link
CN (1) CN101854630A (en)
WO (1) WO2011147258A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011147258A1 (en) * 2010-05-25 2011-12-01 中兴通讯股份有限公司 Card authenticating method, system and user equipment
CN104584477A (en) * 2013-07-31 2015-04-29 华为技术有限公司 Authentication method, method of generating credentials, and associated device
CN110622572A (en) * 2017-05-09 2019-12-27 夏普株式会社 User device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103179563B (en) * 2011-12-20 2015-08-05 中国电信股份有限公司 Access authentication method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1697373A (en) * 2005-06-17 2005-11-16 中兴通讯股份有限公司 Method for negotiating about cipher key shared by users and application server
CN1756428A (en) * 2004-09-30 2006-04-05 华为技术有限公司 Method for carrying out authentication for terminal user identification module in IP multimedia subsystem
CN1921378A (en) * 2006-09-28 2007-02-28 中国移动通信集团公司 Method and system for negotiating new discrimination key
CN101247630A (en) * 2007-02-14 2008-08-20 中国移动通信集团公司 System and method for implementing multimedia broadcasting service cryptographic key negotiation
CN101588579A (en) * 2008-05-20 2009-11-25 华为技术有限公司 System and method for authenticating user equipment and base station subsystem thereof
CN101600205A (en) * 2009-07-10 2009-12-09 华为技术有限公司 The method and the relevant device of SIM card subscriber equipment cut-in evolution network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101854630A (en) * 2010-05-25 2010-10-06 中兴通讯股份有限公司 Method, system and user equipment for realizing card authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1756428A (en) * 2004-09-30 2006-04-05 华为技术有限公司 Method for carrying out authentication for terminal user identification module in IP multimedia subsystem
CN1697373A (en) * 2005-06-17 2005-11-16 中兴通讯股份有限公司 Method for negotiating about cipher key shared by users and application server
CN1921378A (en) * 2006-09-28 2007-02-28 中国移动通信集团公司 Method and system for negotiating new discrimination key
CN101247630A (en) * 2007-02-14 2008-08-20 中国移动通信集团公司 System and method for implementing multimedia broadcasting service cryptographic key negotiation
CN101588579A (en) * 2008-05-20 2009-11-25 华为技术有限公司 System and method for authenticating user equipment and base station subsystem thereof
CN101600205A (en) * 2009-07-10 2009-12-09 华为技术有限公司 The method and the relevant device of SIM card subscriber equipment cut-in evolution network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
3GPP: ""Security architecture",3GPP TS 33.102,V9.2.0,2010-03", 《3GPP TS 33.102》, 6 April 2010 (2010-04-06) *
3GPP: ""Security architecture",3GPP TS 33.401,V8.6.0,2009-12", 《3GPP TS 33.401》, 18 December 2009 (2009-12-18) *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011147258A1 (en) * 2010-05-25 2011-12-01 中兴通讯股份有限公司 Card authenticating method, system and user equipment
CN104584477A (en) * 2013-07-31 2015-04-29 华为技术有限公司 Authentication method, method of generating credentials, and associated device
CN104584477B (en) * 2013-07-31 2017-11-17 华为技术有限公司 Authentication method, the method and relevant apparatus for generating credential
CN110622572A (en) * 2017-05-09 2019-12-27 夏普株式会社 User device

Also Published As

Publication number Publication date
WO2011147258A1 (en) 2011-12-01

Similar Documents

Publication Publication Date Title
EP2521304B1 (en) Authentication method, system and apparatus
US10142305B2 (en) Local security key generation
US9503890B2 (en) Method and apparatus for delivering keying information
US8613058B2 (en) Systems, methods and computer program products for providing additional authentication beyond user equipment authentication in an IMS network
CN102006294B (en) IP multimedia subsystem (IMS) multimedia communication method and system as well as terminal and IMS core network
CN100461942C (en) Method for selecting safety mechanism of IP multimedia subsystem acess field
US10708783B2 (en) Method for performing multiple authentications within service registration procedure
CN1835436B (en) General power authentication frame and method of realizing power auttientication
US20110276798A1 (en) Security management method and system for wapi terminal accessing ims network
CN101242634A (en) Service providing system, device and method
WO2008116804A1 (en) Method for providing subscriptions to packet-switched networks
US9241264B2 (en) Network access authentication for user equipment communicating in multiple networks
CN102196426A (en) Method, device and system for accessing IMS (IP multimedia subsystem) network
US11343674B2 (en) Apparatus, systems and methods for providing telephony services to multiple devices
US9326141B2 (en) Internet protocol multimedia subsystem (IMS) authentication for non-IMS subscribers
CN101854630A (en) Method, system and user equipment for realizing card authentication
CN106790055B (en) Registration method and device of IMS (IP multimedia subsystem)
CN101198148B (en) Information distribution method for mobile terminal
CN101621501B (en) User registration control method and session functional control entity of communication system
Tang et al. A study of an open source IP Multimedia Subsystem test bed
CN108881118B (en) IMS (IP multimedia subsystem) cascade networking method and equipment
JP2012010051A (en) Ims authentication control system and ims authentication control method
Sun et al. Efficient authentication and key agreement procedure in IP multimedia subsystem for UMTS
Rajavelsamy et al. Efficient registration procedure for multi-domain authentication for mission critical communication services
Radier et al. A vehicle gateway to manage IP multimedia subsystem autonomous mobility

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20101006