CN102638441A - Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network - Google Patents
Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network Download PDFInfo
- Publication number
- CN102638441A CN102638441A CN2011100385867A CN201110038586A CN102638441A CN 102638441 A CN102638441 A CN 102638441A CN 2011100385867 A CN2011100385867 A CN 2011100385867A CN 201110038586 A CN201110038586 A CN 201110038586A CN 102638441 A CN102638441 A CN 102638441A
- Authority
- CN
- China
- Prior art keywords
- terminal
- registered
- authentication
- party registration
- cscf
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method and a system for realizing single sign on (SSO) in an IP multimedia subsystem (IMS) network. The method and the system are characterized in that after terminal user equipment (UE) registers in the IMS core network by utilizing an authentication and key agreement (AKA) authentication mechanism, third-party registry is launched aiming at the terminal UE and third-party registry contents of the terminal UE are obtained; and when the terminal UE is to access an application server (AS), whether the terminal UE has registered or not is judged according to the third-party registry contents of the terminal UE and the shared key is generated according to the third-party registry contents when the condition that the terminal UE has registered is confirmed. The method and the system have the effects of realizing an SSO function, without re-authenticating the terminal UE, and effectively reducing the complexity of access flows.
Description
Technical field
The present invention relates to the communications field, be specifically related to a kind of method and system of in IMS (IP Multimedia Subsystem, IP multimedia service subsystem) network, realizing single-sign-on (SSO).
Background technology
At present; In order to realize the IMS single-sign-on; Usually can be in unified IMS utilize AKA (Authentication and Key Agreement during access application server (AS) in IMS core net outside; Authentication and Key Agreement), SIP Digest authentication mechanisms such as (SIP summaries) carries out authentication to end user device (UE), realizes final single-sign-on function.Wherein, (Relay Server RS) exists escape way as shown in Figure 1 with the architecture principle figure that realizes the IMS single-sign-on for AS and Relay Server; AS and RS exist shared key as shown in Figure 2 with the architecture principle figure that realizes the IMS single-sign-on.
Terminal UE at unified IMS realizes in the SSO function of application server, can be divided into three kinds according to the application scenarios difference and realize scene:
Have UICC (Universal Integrated Circuit Card, Universal Integrated Circuit Card) card in the 1:IMS terminal UE, and Virtual network operator has been disposed the situation of GBA (Generic Bootstrapping Architecture, general guide system); (Liberty Alliance/OpenID) combination realizes single-sign-on and realizes intercommunication with existing other SSO mechanism with Liberty Alliance/OpenID can to utilize the GBA authentication mechanism this moment.
Have the UICC card in the 2:IMS terminal UE, but operator can not dispose the situation of GBA; In such cases, can adopt the AKA/OpenID scheme that combines to realize the SSO function under this kind scene.
The situation that the 3:IMS terminal UE does not have the UICC card and operator does not dispose GBA yet.In such cases, in 3GPP SA3#60 meeting, this situation is set up the project by NSN (Nuo Xi).
Above in the application scenarios of three kinds of SSO; When the service of terminal UE visit AS; All need the function network element outside the IMS core net, to use AKA or SIP Digest authentication mechanism that terminal UE is carried out authentication; Whether in the IMS core net, do not registered and do not pay close attention to this IMS terminal, be not associated authentication registration process in the IMS core net with the single-sign-on process at IMS terminal.Along with the trend that constantly merges between IMS network and the Internet network, the SSO function of IMS terminal application server is realized to the increase of the requirements for access of various application servers in the IMS terminal, is function that needing more and more to demand realization urgently as far as the user.Prior art all is to realize the SSO function to the service of IMS network related application through a large amount of function network elements that are used for terminal UE is carried out authentication of disposing of operator in the IMS network.
Existing scheme has only been disposed the function network element of supporting authentication mechanism at Virtual network operator, through these function network elements terminal UE is carried out authentication once more, and terminal UE could realize the SSO function of visit AS.To increase the complexity of browsing process like this.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method and system of in the IMS network, realizing single-sign-on, does not need once more terminal UE to be carried out authentication and just can realize the SSO function, effectively reduces the complexity of browsing process.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method that in the IMS network, realizes single-sign-on, this method comprises:
End user device UE initiates third-party registration to terminal UE after in the IMS core net, utilizing the registration of AKA authentication mechanism, obtains the third-party registration content of this terminal UE;
When this terminal UE will be visited AS, judge according to the third-party registration content of terminal UE whether this terminal UE is registered, when confirming that terminal UE is registered, produce shared key according to said third-party registration content.
Said initiation third-party registration, the process of obtaining the third-party registration content of this terminal UE comprises:
Terminal UE at first uses AKA terminal use login mechanism to accomplish the registration in the IMS network, carries out the third-party registration process by S-CSCF notice RS to terminal UE afterwards; RS and then send the information subscribing request to S-CSCF obtains the parameter information of AKA authentication registration from S-CSCF.
This method further comprises the process of authentication AS:
AS sends to RS together with the public identification identifier of user and self identification identifier, and RS carries out authentication according to the identification identifier of AS to AS, if the AS authentification failure then RS directly return error message to terminal UE; Otherwise carry out the said whether registered processing of terminal UE of judging;
Perhaps, AS is redirected user's services request of terminal UE transmission and sends the AS authentication request to the RS address, and RS carries out authentication according to the AS identification information to AS; If AS authentification failure then RS directly returns error message to terminal UE; Otherwise carry out the said whether registered processing of terminal UE of judging.
Saidly judge whether terminal UE is registered, and produce the process of sharing key and comprise:
According to the login ID of RS in the third-party registration process from the subscription parameters information that S-CSCF obtains, know whether terminal UE is registered; When knowing that terminal UE is registered, utilize the parameter generating of knowing in the subscription procedure of third-party registration to share key.
This method comprises that further AS obtains the process of said shared key.
A kind of system that in the IMS network, realizes single-sign-on, this system comprises S-CSCF and RS; Wherein,
Said S-CSCF is used for when terminal UE is utilized the registration of AKA authentication mechanism in the IMS core net after, initiating third-party registration to terminal UE, obtains the third-party registration content of this terminal UE;
Said RS is used for when this terminal UE will be visited AS, judges according to the third-party registration content of terminal UE whether this terminal UE is registered, when confirming that terminal UE is registered, produces shared key according to said third-party registration content.
Said S-CSCF is initiating third-party registration, when obtaining the third-party registration content of this terminal UE, is used for:
After terminal UE was used the registration of AKA terminal use login mechanism completion in the IMS network, notice RS carried out the third-party registration process to terminal UE; Trigger RS and send the information subscribing request, obtain the parameter information of AKA authentication registration from S-CSCF to S-CSCF.
Said AS is further used for cooperating with RS authentication AS; Wherein,
Said AS is used for: the public identification identifier of user and self identification identifier are sent to RS together;
Said RS is used for: the identification identifier according to AS carries out authentication to AS, if the AS authentification failure then RS directly return error message to terminal UE; Otherwise carry out the said whether registered processing of terminal UE of judging;
Perhaps, said AS is used for: be redirected user's services request of terminal UE transmission and send the AS authentication request to the RS address;
Said RS is used for: according to the AS identification information AS is carried out authentication; If AS authentification failure then RS directly returns error message to terminal UE; Otherwise carry out the said whether registered processing of terminal UE of judging.
Said RS is judging whether terminal UE is registered, and produces when sharing key, is used for:
According to the login ID from the subscription parameters information that S-CSCF obtains in the third-party registration process, know whether terminal UE is registered; When knowing that terminal UE is registered, utilize the parameter generating of knowing in the subscription procedure of third-party registration to share key.
Said AS is further used for obtaining said shared key.
The present invention realizes the method and system of single-sign-on in the IMS network, do not need once more terminal UE to be carried out authentication and just can realize the SSO function, effectively reduces the complexity of browsing process.
Description of drawings
There is the integrated stand composition of escape way realization IMS single-sign-on function in Fig. 1 for AS and RS;
Fig. 2 is that AS and RS exist the integrated stand composition of sharing key realization IMS single-sign-on function;
Fig. 3 utilizes the third-party registration process of AKA authentication mechanism to realize the flow process of the SSO function of terminal UE in the IMS core net when having escape way between AS and the RS;
Fig. 4 is for not having escape way between AS and the RS but when having shared key, in the IMS core net, utilizes the third-party registration process of AKA authentication mechanism to realize the flow process of the SSO function of terminal UE;
Fig. 5 is the embodiment of the invention realizes single-sign-on in the IMS network a general flow chart.
Embodiment
In fact; Terminal UE only need be registered once in the IMS core net; Will be at S-CSCF (Serving-CSCF; Serving CSCF) produce a registered identifier register of this terminal UE of sign in, this terminal UE according to this identifier just not needs register once more, and then can carry out follow-up telephone operation.When the terminal UE access application server, can utilize this identifier equally, make terminal UE not need to utilize once more authentication mechanism between UE and authentication center, to carry out verification process, just can directly obtain required service safely.In order to realize this function, need new network element RS of design, utilize this this identifier of network element identification, and can make that key is shared in foundation between terminal UE and the application server, and then carry out safe information interaction.
Among the present invention; In the time of can utilizing terminal UE in the IMS core net, to adopt the AKA authentication mechanism to accomplish registration process; The login ID Register that in S-CSCF, produces; And the RS network element and the S-CSCF that utilize Virtual network operator to provide carry out the third-party registration process, the login ID Register that parameters for authentication IK, CK, nonce and the S-CSCF that makes RS obtain to transmit in the authentication registration process in the IMS core net produces.The RS network element knows that through this Register identifier of identification the registered authentication of this terminal UE passes through, and then produces the session key of AS and terminal UE, can carry out safe information interaction through this session key between AS and the terminal UE.Simultaneously, RS provides the application server to visit to carry out authentication, guarantees the fail safe of terminal UE identity information.
In view of this, the login ID register that can utilize the AKA authentication registration process of terminal UE in the IMS core net to produce, the SSO function structure and the flow process of realization application server in unified IMS network; Can in realizing the SSO function course, discern login ID register, and the mechanism of AS being carried out authentication is provided by RS by the function network element; Make that in IMS terminal UE only need utilize the AKA authentication mechanism to accomplish third-party registration, just can realize the required application server of visit of SSO in the IMS core net.Compare with IMS single-sign-on mechanism, do not need once more terminal UE to be carried out SIP Digest authentication and just can realize the SSO function based on SIP Digest.
Particularly; Terminal UE user utilizes the registration of AKA authentication mechanism in the IMS core net after; S-CSCF sends the third-party registration request process to the network element RS that Virtual network operator provides; RS carries out subscribe request to S-CSCF, obtains parameter I K, CK, nonce and login ID register the AKA authentication registration process from S-CSCF.When this terminal UE will be visited AS, UE sent the application service request to AS, and AS itself does not store any identity information of UE, and AS does not discern UE, and the RS network element that directly is redirected to this authentication request Virtual network operator and provides goes to discern this terminal UE; For the safety of UE user terminal, AS will go to carry out authentication to RS simultaneously.RS and AS be negotiating about cipher key shared or have escape way in advance between the two.RS carries out authentication to the AS identity; If authentication AS failure; Then directly return the AS error message, otherwise RS obtains the relevant Ciphering Key (wherein comprising the Register login ID) of this terminal UE according to the subscription procedure at third-party registration to terminal UE, whether registered to discern this terminal UE; If unregistered or the registration life cycle expired; Then need terminal UE in the IMS core net, to register earlier, otherwise RS knows that from login ID this terminal UE is registered, then RS produces and shares key A S_Ks again; Then, this information is sent to AS, also comprise shared secret key encryption AS_Ks and the nonce value of AS and UE; Terminal UE obtains nonce, produces key A S_Ks; Shared key A S_Ks is acted on UE and AS interface between the two, to guarantee the information transmission of both safety.
The present invention is that the IMS terminal utilizes AKA authentication registration process in the IMS core net, and the login ID of S-CSCF generation, and design function network element RS and S-CSCF carry out the third-party registration process and discern this identifier, to realize the SSO function of terminal UE.UE is the IMS terminal, the application server that AS will visit corresponding to the IMS terminal, the function network element that carries out third-party registration and subscription, identification login ID register and generation key that RS provides corresponding to Virtual network operator.
Below in conjunction with accompanying drawing and specific embodiment technical scheme of the present invention is further set forth in detail.
Referring to Fig. 3, when having escape way between AS and the RS, when in the IMS core net, utilizing the third-party registration process of AKA authentication mechanism to realize the SSO function of terminal UE, can carry out following steps:
Step 1: terminal UE is at first accomplished the registration in the IMS network.This process uses AKA terminal use login mechanism to realize.
Step 2:S-CSCF notice RS carries out the third-party registration process.
Step 3:RS sends the information subscribing request to S-CSCF, and the parameter information from S-CSCF obtains the AKA authentication registration comprises information such as login ID Register, IK, CK, nonce.
Step 4:UE sends the access services request to AS, in order to guarantee that IP multimedia private identity symbol IMPI is not revealed, carries user's the public identify label IMPU of user in this request, is used to represent terminal UE.
Step 5:AS sends to RS with public identification identifier IMPU of user and AS self identification identifier (AS identity) after obtaining this user's services request together.
Step 6:RS carries out authentication according to the identification identifier of AS to AS.If AS authentification failure then RS directly returns error message to terminal UE; Otherwise execution in step 8.
Step 7:RS is if authentication AS knows that this AS is illegal, and then the return authentication failure information is given terminal UE.
Step 8: according to the login ID register of RS in the third-party registration process from the subscription parameters information that S-CSCF obtains, know whether terminal UE is registered, if unregistered then directly returning lets terminal UE register earlier; Otherwise the IK that the subscription procedure of utilizing third-party registration is known, CK and nonce etc. produce and share key A S_Ks.
Step 9:RS sends the authentication response to AS, comprises AS_Ks and nonce value in this information.
Step 10:AS obtains key A S_Ks.
Step 11:AS sends the application service response message to terminal UE, carries random number nonce value in this message.
Step 12: the IK, the CK that obtain when nonce value that the terminal UE utilization obtains and IMS registration produce key A S_Ks together.This moment, UE had identical shared key with AS, can carry out the interactive operation of safe application message.
Arbitrary step failure in the above-mentioned steps, then whole process stops to carry out.
Referring to Fig. 4, there is not escape way between AS and the RS but when having shared key, when in the IMS core net, utilizing the third-party registration process of AKA authentication mechanism to realize the SSO function of terminal UE, can carry out following steps:
Step 1: terminal UE is at first accomplished the registration in the IMS network.This process uses AKA terminal use login mechanism to realize.
Step 2:S-CSCF notice RS carries out the third-party registration process.
Step 3:RS sends the information subscribing request to S-CSCF, and the parameter information from S-CSCF obtains the AKA authentication registration comprises information such as login ID Register, IK, CK, nonce.
Step 4:UE sends the access services request to AS, carries user's public identify label IMPU in this request.
Step 5:AS is redirected this user's services request and sends the RP authentication request to the RS address.Carry IMPU and RP identification information (AS identity) simultaneously.
Step 6: request is redirected to the RS address, carries IMPU and RP identification information (AS identity) simultaneously.
Step 7:RS carries out authentication according to AS identification information (AS identity) to AS; If AS authentification failure then RS directly returns error message to terminal UE; Otherwise execution in step 9.Set up in advance between AS and the RS shared key (Ka, r).
After step 8:RS carries out authentification failure to AS, directly return error message and give terminal UE.
Step 9: according to the login ID register of RS in the third-party registration process from the subscription parameters information that S-CSCF obtains, know whether terminal UE is registered, if unregistered then directly returning lets terminal UE register earlier; Otherwise the IK that the subscription procedure of utilizing third-party registration is known, CK and nonce etc. produce and share key A S_Ks.
Step 10:RS is redirected object information to AS, comprises nonce and the information EKa that encrypts AS_Ks, r (AS_Ks) in this information.
Step 11:UE receives the nonce value, and the IK and the CK that utilize terminal UE to produce when AKA registers in the IMS core net produce key A S_Ks with the nonce value of receiving.
Step 11: be redirected enciphered message to AS, comprise EKa in this information, r (AS_Ks).
The enciphered message that step 12:AS deciphering is received obtains to share key A S_Ks.This moment, UE had identical shared key with AS, can carry out the interactive operation of safe application message.
Arbitrary step failure in the above-mentioned steps, then whole process stops to continue to carry out.
When UE user capture AS, cause suspension if meet with accident, when UE does not also set up the process of sharing key between completion and the AS, then, then need restart to ask service process if UE wants access application server behind the network recovery; Accomplished the process of setting up of sharing key as UE; If recover the life cycle that key is shared in the no show of network time spent; Then can continue between UE and the AS behind the network recovery in the agreement of this shared key application on its reference point; Continue to carry out secure interactive, share key processes otherwise need to produce again with AS.Behind UE user capture AS, initiatively close special circumstances such as nullifying UE or outage if meet with the user, then the user need accomplish the whole execution flow processs such as registration in IMS again.
Can know that in conjunction with above embodiment the present invention realizes that in the IMS network operation thinking of single-sign-on can represent flow process as shown in Figure 5, flow process shown in Figure 5 may further comprise the steps:
Step 510: terminal UE is initiated third-party registration to terminal UE after in the IMS core net, utilizing the registration of AKA authentication mechanism, obtains the third-party registration content of this terminal UE.
Step 520: when this terminal UE will be visited AS, judge according to the third-party registration content of terminal UE whether this terminal UE is registered, when confirming that terminal UE is registered, produce shared key according to said third-party registration content.
Visible in sum, the present invention realizes the method and system of single-sign-on in the IMS network, do not need once more terminal UE to be carried out authentication and just can realize the SSO function, effectively reduces the complexity of browsing process.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.
Claims (10)
1. method that in the IMS network, realizes single-sign-on is characterized in that this method comprises:
End user device UE initiates third-party registration to terminal UE after in the IMS core net, utilizing the registration of AKA authentication mechanism, obtains the third-party registration content of this terminal UE;
When this terminal UE will be visited AS, judge according to the third-party registration content of terminal UE whether this terminal UE is registered, when confirming that terminal UE is registered, produce shared key according to said third-party registration content.
2. method according to claim 1 is characterized in that, said initiation third-party registration, and the process of obtaining the third-party registration content of this terminal UE comprises:
Terminal UE at first uses AKA terminal use login mechanism to accomplish the registration in the IMS network, carries out the third-party registration process by S-CSCF notice RS to terminal UE afterwards; RS and then send the information subscribing request to S-CSCF obtains the parameter information of AKA authentication registration from S-CSCF.
3. method according to claim 2 is characterized in that, this method further comprises the process of authentication AS:
AS sends to RS together with the public identification identifier of user and self identification identifier, and RS carries out authentication according to the identification identifier of AS to AS, if the AS authentification failure then RS directly return error message to terminal UE; Otherwise carry out the said whether registered processing of terminal UE of judging;
Perhaps, AS is redirected user's services request of terminal UE transmission and sends the AS authentication request to the RS address, and RS carries out authentication according to the AS identification information to AS; If AS authentification failure then RS directly returns error message to terminal UE; Otherwise carry out the said whether registered processing of terminal UE of judging.
4. according to each described method of claim 1 to 3, it is characterized in that saidly judge whether terminal UE is registered, and produce the process of sharing key and comprise:
According to the login ID of RS in the third-party registration process from the subscription parameters information that S-CSCF obtains, know whether terminal UE is registered; When knowing that terminal UE is registered, utilize the parameter generating of knowing in the subscription procedure of third-party registration to share key.
5. method according to claim 4 is characterized in that, this method comprises that further AS obtains the process of said shared key.
6. a system that in the IMS network, realizes single-sign-on is characterized in that this system comprises S-CSCF and RS; Wherein,
Said S-CSCF is used for when terminal UE is utilized the registration of AKA authentication mechanism in the IMS core net after, initiating third-party registration to terminal UE, obtains the third-party registration content of this terminal UE;
Said RS is used for when this terminal UE will be visited AS, judges according to the third-party registration content of terminal UE whether this terminal UE is registered, when confirming that terminal UE is registered, produces shared key according to said third-party registration content.
7. system according to claim 6 is characterized in that, said S-CSCF is initiating third-party registration, when obtaining the third-party registration content of this terminal UE, is used for:
After terminal UE was used the registration of AKA terminal use login mechanism completion in the IMS network, notice RS carried out the third-party registration process to terminal UE; Trigger RS and send the information subscribing request, obtain the parameter information of AKA authentication registration from S-CSCF to S-CSCF.
8. system according to claim 7 is characterized in that, said AS is further used for cooperating with RS authentication AS; Wherein,
Said AS is used for: the public identification identifier of user and self identification identifier are sent to RS together;
Said RS is used for: the identification identifier according to AS carries out authentication to AS, if the AS authentification failure then RS directly return error message to terminal UE; Otherwise carry out the said whether registered processing of terminal UE of judging;
Perhaps, said AS is used for: be redirected user's services request of terminal UE transmission and send the AS authentication request to the RS address;
Said RS is used for: according to the AS identification information AS is carried out authentication; If AS authentification failure then RS directly returns error message to terminal UE; Otherwise carry out the said whether registered processing of terminal UE of judging.
9. according to each described system of claim 6 to 8, it is characterized in that said RS is judging whether terminal UE is registered, and produce when sharing key, be used for:
According to the login ID from the subscription parameters information that S-CSCF obtains in the third-party registration process, know whether terminal UE is registered; When knowing that terminal UE is registered, utilize the parameter generating of knowing in the subscription procedure of third-party registration to share key.
10. system according to claim 9 is characterized in that, said AS is further used for obtaining said shared key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100385867A CN102638441A (en) | 2011-02-15 | 2011-02-15 | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100385867A CN102638441A (en) | 2011-02-15 | 2011-02-15 | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102638441A true CN102638441A (en) | 2012-08-15 |
Family
ID=46622687
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100385867A Pending CN102638441A (en) | 2011-02-15 | 2011-02-15 | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102638441A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105794240A (en) * | 2013-11-29 | 2016-07-20 | 瑞典爱立信有限公司 | Method, apparatus, computer program product to fallback to an alternative subscription during an eUICC subscription change |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1700640A (en) * | 2005-06-17 | 2005-11-23 | 中兴通讯股份有限公司 | Security system and method for accessing fixed network user to IP multimedia subsystem |
| CN1855814A (en) * | 2005-04-29 | 2006-11-01 | 中国科学院计算机网络信息中心 | Safety uniform certificate verification design |
| CN1946022A (en) * | 2006-10-31 | 2007-04-11 | 华为技术有限公司 | Method and system for switching third party landing and third party network and service server |
| CN101022651A (en) * | 2006-02-13 | 2007-08-22 | 华为技术有限公司 | Combined right-discriminating construction and realizing method thereof |
| CN101032142A (en) * | 2003-12-29 | 2007-09-05 | 艾利森电话股份有限公司 | Means and methods for signal sign-on access to service network through access network |
| US20080045214A1 (en) * | 2005-04-30 | 2008-02-21 | Kai Wen | Method for authenticating user terminal in IP multimedia sub-system |
| CN101207482A (en) * | 2007-12-13 | 2008-06-25 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
-
2011
- 2011-02-15 CN CN2011100385867A patent/CN102638441A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101032142A (en) * | 2003-12-29 | 2007-09-05 | 艾利森电话股份有限公司 | Means and methods for signal sign-on access to service network through access network |
| US20070208936A1 (en) * | 2003-12-29 | 2007-09-06 | Luis Ramos Robles | Means and Method for Single Sign-On Access to a Service Network Through an Access Network |
| CN1855814A (en) * | 2005-04-29 | 2006-11-01 | 中国科学院计算机网络信息中心 | Safety uniform certificate verification design |
| US20080045214A1 (en) * | 2005-04-30 | 2008-02-21 | Kai Wen | Method for authenticating user terminal in IP multimedia sub-system |
| CN1700640A (en) * | 2005-06-17 | 2005-11-23 | 中兴通讯股份有限公司 | Security system and method for accessing fixed network user to IP multimedia subsystem |
| CN101022651A (en) * | 2006-02-13 | 2007-08-22 | 华为技术有限公司 | Combined right-discriminating construction and realizing method thereof |
| CN1946022A (en) * | 2006-10-31 | 2007-04-11 | 华为技术有限公司 | Method and system for switching third party landing and third party network and service server |
| CN101207482A (en) * | 2007-12-13 | 2008-06-25 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
Non-Patent Citations (1)
| Title |
|---|
| ZTE CORPORATION: ""A solution of implementing SSO_APS"", 《3GPP TSG SA WG3 #61 S3-101329》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105794240A (en) * | 2013-11-29 | 2016-07-20 | 瑞典爱立信有限公司 | Method, apparatus, computer program product to fallback to an alternative subscription during an eUICC subscription change |
| CN105794240B (en) * | 2013-11-29 | 2019-12-24 | 瑞典爱立信有限公司 | Method, apparatus and computer program product for fallback to alternative subscription during EUICC subscription change |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2308254B1 (en) | Methods, nodes, system, computer programs and computer program products for secure user subscription or registration | |
| CN100571134C (en) | The method of authenticated user terminal in IP Multimedia System | |
| KR101461455B1 (en) | Authentication method, system and device | |
| EP2415231B1 (en) | Security key management in ims-based multimedia broadcast and multicast services (mbms) | |
| CN102006294B (en) | IP multimedia subsystem (IMS) multimedia communication method and system as well as terminal and IMS core network | |
| CN101030854B (en) | Method and apparatus for inter-verifying network between multi-medium sub-systems | |
| EP2612486B1 (en) | Downloadable isim | |
| KR101343039B1 (en) | Authentication system, method and device | |
| JP2009517937A (en) | Method and apparatus for distributing key information | |
| US8875236B2 (en) | Security in communication networks | |
| CN102196426A (en) | Method, device and system for accessing IMS (IP multimedia subsystem) network | |
| CN103906052A (en) | Mobile terminal authentication method, service access method and equipment | |
| CN100561909C (en) | A kind of IP Multimedia System access security guard method based on TLS | |
| CN109120408A (en) | For authenticating the methods, devices and systems of user identity | |
| CN102065069B (en) | Method and system for authenticating identity and device | |
| CN102638440A (en) | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network | |
| CN102694779B (en) | Combination attestation system and authentication method | |
| CN101662475A (en) | Authentication method of accessing WAPI terminal into IMS network, system thereof and terminal thereof | |
| CN101094064A (en) | Method for IP terminals to access network in security | |
| CN101990771B (en) | Service reporting | |
| CN102638441A (en) | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network | |
| US9686280B2 (en) | User consent for generic bootstrapping architecture | |
| CN101083838B (en) | HTTP abstract authentication method in IP multimedia subsystem | |
| JP4980813B2 (en) | Authentication processing apparatus, authentication processing method, and authentication processing system | |
| Kim et al. | Implementation for federated Single Sign-on based on network identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120815 |