CN103001935A - Authentication method and authentication system for UE (user equipment) of ILS (identity location separation) network in IMS (IP (internet protocol) multimedia subsystem) network - Google Patents

Authentication method and authentication system for UE (user equipment) of ILS (identity location separation) network in IMS (IP (internet protocol) multimedia subsystem) network Download PDF

Info

Publication number
CN103001935A
CN103001935A CN2011102753628A CN201110275362A CN103001935A CN 103001935 A CN103001935 A CN 103001935A CN 2011102753628 A CN2011102753628 A CN 2011102753628A CN 201110275362 A CN201110275362 A CN 201110275362A CN 103001935 A CN103001935 A CN 103001935A
Authority
CN
China
Prior art keywords
aid
cscf
network
request message
login request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011102753628A
Other languages
Chinese (zh)
Other versions
CN103001935B (en
Inventor
徐绍华
郝振武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Zhongxing Software Co Ltd
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110275362.8A priority Critical patent/CN103001935B/en
Priority to PCT/CN2012/079707 priority patent/WO2013037251A1/en
Publication of CN103001935A publication Critical patent/CN103001935A/en
Application granted granted Critical
Publication of CN103001935B publication Critical patent/CN103001935B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides an authentication method, an authentication system, a proxy-call session control entity (P-CSCE) and a service-call session control entity (S-CSCE) for UE (user equipment) of an ILS (identity location separation) network in an IMS (IP (internet protocol) multimedia subsystem) network. The authentication method includes that the P-CSCE obtains an access identity (AID) of the UE, adds the AID into registration request information coming from the UE and sends the registration request information to the S-CSCE. The authentication method and the authentication system use the AID to authenticate, so that authentication process of the UE of the ILS network in the IMS network is simplified or optimized.

Description

Authentication method and the system of the UE of ILS network in the IMS network
Technical field
The present invention relates to data communication technology field, relate in particular to authentication method, the system of subscriber equipment (UE) in the IP Multimedia System network that separate (ILS) network in a kind of identity position, act on behalf of conference call controlled entity and service conference call controlled entity.
Background technology
It is a kind of novel internet technique that (ILS) network is separated in the identity position, introduce the thought that separate the identity position, support mobile access terminal mobility and continuity, especially each user has unique permanent identification in the ILS network, network all needed identity is verified when the user accessed at every turn, therefore, network can guarantee authenticity and the reliability of this identify label.Based on this unique reliable identify label, can set up the Identity Management system, carry out the business based on user identity management, improve network security.
The basic principle of ILS network is to be the fixing identify label of user equipment allocation, use identify label to replace Internet protocol of the prior art (Internet Protocol between the subscriber equipment, abbreviation IP) address communicates, and by the station location marker of the access service distributing user that is positioned at the edge, the Internet, the use location sign is carried out route, and the mapping between completing user identify label and the station location marker and conversion.
IP Multimedia System (IP Multimedia Core Network Subsystem, be called for short IMS) be by third generation partner program (3rd Generation Partnership Project, abbreviation 3GPP) a kind of IP-based network architecture that proposes, made up an opening and service environment flexibly, support multimedia application, can provide abundant multimedia service for the user.In the IMS business system, key-course separates with operation layer, and key-course does not provide concrete business, and the functions such as necessary triggering, route, charging only are provided to operation layer.IMS network support plurality of access modes, making the ILS network user access the IMS network becomes possibility.
Fig. 1 and Fig. 2 show the framework of ILS network and IMS network network interworking, for being described as follows of each entity among Fig. 1 and Fig. 2:
Subscriber equipment (User Equipment, be called for short UE) 101, be to support the subscriber equipment of Internet protocol access, comprise that mobile grouping field accesses terminal, supports wireless local function terminal, fixedly accesses terminal etc., comprise further that also the business such as application server provides equipment.UE user access identity sign (Access Identity is called for short AID) replaces the IP address, provides and communicates with other subscriber equipmenies of network, business.
Access service router one 02 (Access Service Router, be called for short ASR), the access network at UE 101 places and the interface equipment between the Internet, be responsible for authentication, customer location sign (the Routing Identity of UE 101, be called for short RID) management, AID and RID mapping and conversion, and the functions such as the encapsulation/deblocking of user data, forwarding.
Generic router 103 (Common Router is called for short CR) is finished the calculating of Routing Protocol, and according to RID forwarding data bag.
Location register 104 (Location Register is called for short LR) is preserved the mapping relations between AID and the RID, query function is provided, and the package forward function can be provided.
Professional triggering and control function are that CSCF (CallSession Control Function is called for short CSCF) is finished in the IMS network central control preparative layer.CSCF is divided into three types: Proxy Call Session Control Function (Proxy-CSCF, be called for short P-CSCF) 105, query call conversation control function (Interrogating-CSCF, be called for short I-CSCF) 106, service call conversation control function (Serving-CSCF, be called for short S-CSCF) 107, CAMEL-Subscription-Information service control according to the user triggers, call the business on the AS, realize business function.
IMS subscription managed network element (HSS) 108 is responsible for preserving the corresponding relation of AID and privately owned identify label (IMPI), wherein can be that an IMPI can be to there being one or more AID.
ILS network and IMS network can have multiple networking mode, and Fig. 1 and Fig. 2 provide two kinds of typical modes.Fig. 1 is that ILS network and IMS network are separately disposed, and the mode that the access service router by the ILS network links to each other with the P-CSCF of IMS network makes two net connections together; Fig. 2 is that the IMS network is disposed as a sub-network of ILS network internal.
Fig. 3 shows a business procedure in the ILS network, supposes that UE-A is client, and UE-B is service end, may further comprise the steps:
Step 301, UE-A successfully are registered to the ASR-A in access zone, comprising adhere to, authentication, authentication, and AID assigning process, detailed process depends on Access Network.Wherein AID also can be based on terminal static configuration mode and realizes;
Step 302, ASR-A are that UE-A distributes RID, and send address mapping circular message to LR, the mapping relations of wherein carrying RID and AID, and LR preserves the identity position mapping relations (AID-A, RID-A) of UE-A;
RID is generally the routing address of ASR.
Step 303, ASR-A also preserve the identity position mapping relations (AID-A, RID-A) of this end subscriber UE-A in this locality;
Step 304~306, UE-B are linked into ASR-B, ASR-B is to the RID of LR circular UE-B and the mapping relations of AID, LR preserves identity position mapping relations (AID-B corresponding to UE-B, RID-B), ASR-B also preserves the identity position mapping relations (AID-B, RID-B) of this end subscriber UE-B in this locality;
UE-A and UE-B can not be the same access technologies.
If step 307 UE-A needs and UE-B communicates, then the identify label take own identify label AID-A as source address, opposite end is as destination address, and structure IP packet sends to ASR-A;
{ source address=AID-A, destination address=AID-B, data load }
Step 308, ASR-A are according to the inquiry of the purpose AID-B in packet identity position, opposite end mapping relations cache table, and whether inquiry exists mapping relations corresponding to AID-B, if execution in step 309, otherwise execution in step 314 are not hit in inquiry;
If the user that UE-A or ASR-A access then may have the buffer memory of (AID-B, RID-B) mapping relations communicating by letter with UE-B in the recent period among the ASR-A.
Step 309, ASR-A send the position enquiring request to LR, positional information corresponding to inquiry opposite end identity AID-B;
The AID-RID mapping relations table that step 310, LR inquiry are preserved obtains RID-B corresponding to AID-B;
Step 311, LR return inquiry response to ASR-A, carry Query Result RID-B;
Step 312, ASR-A encapsulated data packet also send to ASR-B by generic router;
Packaged type be with UE-A station location marker RID-A as source address, the station location marker RID-B of UE-B is as destination address, and will contain the raw data packets such as AID-A and AID-B and data load as the new data load that make up packets;
{ source address=RID-A, destination address=RID-B, data load { AID-A, AID-B, initial data load } }
The identity position mapping relations (AID-B, RID-B) of step 313, ASR-A buffer memory opposite end, the follow-up like this UE-B data that send to, ASR-B does not just need the inquiry to LR, just can directly encapsulate and send to ASR-B;
After ASR-B receives packet, execution in step 315.
If there are the mapping relations to end subscriber AID-B and RID-B among step 314 ASR, then to hit during the mapping relations buffer memory of step 308 inquiry identity position, opposite end, the ASR-A encapsulated data packet also sends to ASR-B by generic router;
Step 315, ASR-B deblocking packet are reduced into the initial packet that UE-A sends, and obtain the mapping relations of AID-B and AID-A and RID-A, then according to AID-B with Packet Generation to UE-B;
{ AID-A, AID-B, data load }
The identity position mapping relations (AID-A, RID-A) of step 316, ASR-B buffer memory opposite end UE-A, the follow-up like this packet that sends to UE-A, ASR-B just do not need the inquiry to LR, can directly encapsulate and send to ASR-A.
The processing procedure of packet that UE-B sends to UE-A is identical.
Can find out from said process, use AID identifying user identity in the ILS network, separating of identity and position realized in the position that the RID identifying user is current.Only have AID information in user equipment side, do not have RID information, namely user equipment side only has identity information, and does not have positional information; The existing subscriber identity information of network side also has the information of position, and safeguards mapping relations between the two, finishes translation function.
The ILS network comes respectively identity and the position of identifying user with AID and RID, if the ILS network will be united deployment with IMS, perhaps the ILS network user will use the service of IMS network, needs to carry out in the IMS network first authentication registration.The user can pass through IMS authentication and key agreement (Authenticationand key agreement, AKA) mode authenticates, prerequisite is to have international mobile subscriber identity (ISIM) or global Subscriber Identity Module (USIM), its verification process more complicated.
Summary of the invention
The invention provides a kind of authentication method, system, P-CSCF and the S-CSCF of UE in the IMS network of ILS network, to solve the problem of ILS network user's verification process more complicated in the IMS network.
The invention provides a kind of identity position and separate the authentication method of subscriber equipment (UE) in IP Multimedia System (IMS) network of (ILS) network, the method comprises:
Act on behalf of the access identity sign (AID) that conference call controlled entity (P-CSCF) obtains described UE;
Described P-CSCF adds described AID in the login request message from described UE to, and sends described login request message to service conversation controlling call entity (S-CSCF).
Preferably, the described P-CSCF AID that obtains described UE comprises:
Described P-CSCF obtains the AID of described UE from described login request message; Or
The network element that described P-CSCF inquires about described ILS network according to described login request message obtains the AID of described UE.
Preferably, described P-CSCF sends described login request message to S-CSCF and comprises:
Described P-CSCF sends described login request message to inquiry conference call controlled entity (I-CSCF), the described login request message that described I-CSCF sends and receives to the selected S-CSCF of described I-CSCF.
Preferably, the described P-CSCF network element of inquiring about described ILS network according to the described login request message AID that obtains described UE comprises:
Described P-CSCF preserves the network element of the ILS network of described AID and described address information corresponding relation according to the address information inquiry of carrying in the described login request message, obtain the AID of described UE.
Preferably, described P-CSCF is after S-CSCF sends described login request message, and described method also comprises:
Described P-CSCF receives the business request information that described UE sends after described UE is registered to the IMS network;
Described P-CSCF obtains the AID of described UE, and the AID of the described UE that carries in the described business request information and the described AID of acquisition are compared, if the two is consistent, then by authentication.
Preferably, the described P-CSCF AID that obtains described UE comprises:
Described P-CSCF obtains the AID of described UE from described login request message;
The network element that described P-CSCF inquires about described ILS network obtains the AID of described UE; Or
The AID of described UE is inquired about or subscribed to the IMS network element that described P-CSCF is registered to described UE.
Preferably, the described P-CSCF network element of the inquiring about described ILS network AID that obtains described UE comprises:
Described P-CSCF preserves the network element of the ILS network of described AID and described address information corresponding relation according to the address information inquiry of carrying in described login request message or the business request information, obtain the AID of described UE.
The present invention also provides a kind of identity position to separate the authentication method of subscriber equipment (UE) in IP Multimedia System (IMS) network of (ILS) network, and the method comprises:
The login request message of the access identity sign (AID) of carrying described UE that service conversation controlling call entity (S-CSCF) Receiving Agent conference call controlled entity (P-CSCF) sends;
Described S-CSCF inquiry IMS subscription managed network element (HSS) obtains the AID of described UE, and the AID that carries in the described login request message and the AID of acquisition are compared, and finishes the authentication to UE.
Preferably, described S-CSCF compares the AID that carries in the described login request message and the AID of acquisition, finishes the authentication to UE, comprising:
Described S-CSCF compares the AID of one or more described UE of the AID that carries in the described login request message and acquisition, if among the described AID of the AID that carries in the described login request message and acquisition is consistent, then described UE is by authentication.
The present invention also provides a kind of conference call controlled entity (P-CSCF) of acting on behalf of, and this P-CSCF comprises:
Obtain module, be used for obtaining the access identity sign (AID) that the subscriber equipment (UE) of (ILS) network is separated in the identity position;
Sending module is used for adding described AID to from described UE login request message, and sends described login request message to service conversation controlling call entity (S-CSCF).
Preferably, described acquisition module is for the AID that obtains described UE from described login request message; Perhaps, the network element of inquiring about described ILS network according to described login request message obtains the AID of described UE.
Preferably, described sending module, be for: send described login request message to inquiry conference call controlled entity (I-CSCF), so that the described login request message that described I-CSCF sends and receives to the selected S-CSCF of described I-CSCF.
Preferably, described acquisition module, be for: the network element of the ILS network of described AID and described address information corresponding relation is preserved in the address information inquiry of carrying according to described login request message, obtains the AID of described UE.
Preferably, described P-CSCF also comprises:
Receiver module is used for described sending module and sends described login request message to S-CSCF, and described UE is registered to after IP Multimedia System (IMS) network, receives the business request information that described UE sends;
Authentication module is used for obtaining the AID of described UE, and the AID of the described UE that carries in the described business request information and the described AID of acquisition are compared, if the two is consistent, then by authentication.
Preferably, described authentication module is for the AID that obtains described UE from described login request message; Perhaps, the network element of inquiring about described ILS network obtains the AID of described UE; Perhaps, the AID of described UE is inquired about or subscribed to the IMS network element that is registered to described UE.
Preferably, the network element that described authentication module is inquired about described ILS network obtains the AID of described UE, be for:
Preserve the network element of the ILS network of described AID and described address information corresponding relation according to the address information inquiry of carrying in described login request message or the business request information, obtain the AID of described UE.
The present invention also provides a kind of service conversation controlling call entity (S-CSCF), and this S-CSCF comprises:
Receiver module, the access identity that carries the subscriber equipment (UE) that separates (ILS) network in the identity position that is used for Receiving Agent conference call controlled entity (P-CSCF) transmission identifies the login request message of (AID);
Authentication module is used for the AID that the signatory managed network element (HSS) of inquiry IP Multimedia System obtains described UE, and the AID that carries in the described login request message and the AID of acquisition are compared, and finishes the authentication to UE.
Preferably, described authentication module, be that AID for one or more described UE of the AID that described login request message is carried and acquisition compares, if among the described AID of the AID that carries in the described login request message and acquisition is consistent, then described UE is by authentication.
The present invention also provides a kind of identity position to separate the Verification System of subscriber equipment (UE) in the IP Multimedia System network of (ILS) network, and this system comprises above-mentioned conference call controlled entity (P-CSCF) and the above-mentioned service conversation controlling call entity (S-CSCF) acted on behalf of.
Above-mentioned authentication method and system use AID to authenticate, and have simplified or optimized the UE of ILS network at the verification process of IMS network.
Description of drawings
Fig. 1 is a kind of deployment schematic diagram of existing ILS network and IMS network.
Fig. 2 is another deployment schematic diagram of existing ILS network and IMS network;
Fig. 3 carries out once professional signaling process figure in the existing ILS network;
Fig. 4 is the signaling process figure of the embodiment of the method one that authenticates in the IMS network of the ILS network user of the present invention;
Fig. 5 is the signaling process figure of the embodiment of the method two that authenticates in the IMS network of the ILS network user of the present invention;
Fig. 6 is the signaling process figure that P-CSCF of the present invention obtains AID embodiment;
Fig. 7 is IMS network of the present invention authenticates embodiment to the ILS network user who is registered to the IMS network signaling process figure;
Fig. 8 is the structural representation of P-CSCF embodiment of the present invention;
Fig. 9 is the structural representation of S-CSCF embodiment of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, hereinafter in connection with accompanying drawing embodiments of the invention are elaborated.Need to prove, in the situation that do not conflict, the embodiment among the application and the feature among the embodiment be combination in any mutually.
In the embodiment of the invention, the UE of ILS network initiates the authentication registration process to the IMS network; The P-CSCF of IMS network obtains the AID of this UE after receiving the registration request of UE, and AID is joined in the login request message, is transmitted to S-CSCF; The AID that S-CSCF sends according to P-CSCF reaches the AID that inquires from HSS UE is authenticated, and finishes the authentication of the ILS network user in the IMS network.
When the ILS user who is registered to the IMS network sent a request message to the IMS network, P-CSCF authenticated request message by AID.This verification process replaces the IPsec authentication.
The embodiment of the invention provides a kind of identity position to separate the authentication method of subscriber equipment (UE) in the IP Multimedia System network of (ILS) network, and the method is described from the angle of P-CSCF, and the method comprises:
Step 11, act on behalf of the access identity sign (AID) that conference call controlled entity (P-CSCF) obtains described UE;
Step 12, described P-CSCF are added described AID in the login request message from described UE to, and send described login request message to service conversation controlling call entity (S-CSCF).
After step 12, described method can also comprise:
Described P-CSCF receives the business request information that described UE sends after described UE is registered to the IMS network; Described P-CSCF obtains the AID of described UE, and the AID of the described UE that carries in the described business request information and the described AID of acquisition are compared, if the two is consistent, then by authentication.
The embodiment of the invention provides a kind of identity position to separate the authentication method of subscriber equipment (UE) in the IP Multimedia System network of (ILS) network, and the method is described from the angle of S-CSCF, and the method comprises:
The login request message of the access identity sign (AID) of carrying described UE that step 21, service conversation controlling call entity (S-CSCF) Receiving Agent conference call controlled entity (P-CSCF) send;
Step 22, described S-CSCF inquiry IMS subscription managed network element (HSS) obtains the AID of described UE, and the AID that carries in the described login request message and the AID of acquisition are compared, and finishes the authentication to UE.
Following examples are described from P-CSCF and the mutual angle of S-CSCF:
Embodiment one
Fig. 4 is the signaling process figure of the embodiment of the method one that authenticates in the IMS network of the ILS network user of the present invention, in this embodiment, the IMS network is a sub-network of ILS network internal, the process that the ILS network user authenticates in the IMS network is: P-CSCF joins AID in the login request message after receiving the registration request of UE, is transmitted to S-CSCF; S-CSCF obtains AID from login request message, in addition, S-CSCF inquires the AID that HSS preserves from HSS, and the AID note that this HSS preserves is AID HSSIf, AID and AID HSSUnanimously, then by the authentication to UE.This process comprises the steps:
Step 401, UE are linked into the ILS network, become the user of ILS network;
This is the prior art of ILS network, is not repeated herein;
Step 402, UE send login request message to P-CSCF, such as sending SIP registration (Register) message;
P-CSCF can be regarded as a network element in the ILS network, so the source address in the IP message of this message is exactly the AID of UE;
Step 403, P-CSCF receive login request message, obtain AID from the IP message of login request message, i.e. source address in the IP message; AID is inserted in the login request message.In reception (received) parameter such as the via header field that is inserted into SIP Register message;
Step 404, P-CSCF will carry the login request message of AID information and issue I-CSCF;
Step 405, I-CSCF send user-authorization-request (UAR) message to HSS;
Step 406, HSS return user-authorization-answer (UAA) message;
Step 407, I-CSCF select corresponding S-CSCF according to the UAA message of returning from HSS, namely select which S-CSCF to process this registration request by; The login request message that I-CSCF sends P-CSCF sends to selected S-CSCF;
Step 408, S-CSCF obtain the AID information that P-CSCF sends from login request message.S-CSCF sends multimedia authentication request (MAR) message to HSS, request user's authorization data;
Be provided with the private user identity (IMPI) of UE and the corresponding relation of authorization data on step 409, the HSS in advance, the authorization data here comprises AID information at least, and this AID information note is AID HSSThe IMPI of UE can be to there being one or more AID HSS
HSS sends multimedia authentication responses (MAA) message to S-CSCF, wherein carries the authorization data of UE, comprises this time all AID corresponding to IMPI of registration of this UE HSS
Step 410, S-CSCF are relatively from the P-CSCF AID that transmits and the AID that inquires from HSS HSSIf both are consistent, perhaps AID and a plurality of AID HSSOne of them is consistent, and authentication success then is described, execution in step 413 and subsequent step thereof namely send the message of authentication success to UE.If inconsistent, then send the message of authentification failure; For easy, the present embodiment only provides the message flow of authentication success;
Step 411~step 412, S-CSCF send service assignment request (SAR) message to HSS, and notifying this S-CSCF is the S-CSCF that serves for UE; The HSS return service distributes replys (SAA) message;
Step 413, S-CSCF return response message to I-CSCF, show authentication success; Such as sending SIP 200OK message;
Step 414, I-CSCF will show that the response message of authentication success is transmitted to P-CSCF;
Step 415, P-CSCF send response message to UE, show authentication success.Such as sending SIP 200OK message.
So far, UE finishes at the verification process of IMS network.
Embodiment two
As shown in Figure 5, the signaling process figure of the embodiment of the method two that in the IMS network, authenticates of the ILS network user of the present invention, in this embodiment, ILS network and IMS network are separately disposed, UE at the main process of IMS network authentication is: P-CSCF is receiving behind the registration request of UE the network element inquiry AID to the ILS network, then AID is joined in the login request message, be transmitted to S-CSCF; S-CSCF obtains AID from login request message, in addition, S-CSCF inquires AID from HSS HSSIf, AID and AID HSSUnanimously, then by the authentication to UE.
The network element of described ILS network is for preserving AID and IP ILSThe network element of the ILS network of corresponding relation.IP ILSIt is the address that the ILS network distributes to UE.
This process comprises the steps:
Step 501, UE are linked into the ILS network, become the user of ILS network;
This is the prior art of ILS network, is not repeated herein;
Step 502, UE send login request message to P-CSCF, such as sending SIP Register message; Because this message sends from the ILS network, so IP is in this note in the address that the source address in the IP message at this message place is exactly the ILS network distributes to UE ILS
After step 503, P-CSCF receive login request message, from the IP message of this login request message, obtain the source address in the IP message, i.e. IP ILSP-CSCF is according to IP ILSTo the AID of ILS network inquiry UE, detailed process obtains the flow process of AID referring to P-CSCF among the embodiment three;
Step 504~step 515: with being step 404~step 415 among the embodiment one, herein repeat no more.
Embodiment three
As shown in Figure 6, be the flow chart that P-CSCF of the present invention obtains AID embodiment, embodiment three has provided the flow process of the AID of P-CSCF inquiry ILS network element acquisition UE, and this process comprises:
Step 601, UE are linked into the ILS network, become the user of ILS network;
This is the prior art of ILS network, is not repeated herein;
Step 602, UE send login request message to P-CSCF, such as sending SIP Register message.This login request message is sent by UE, is linked into the ILS network through ASR-A, is then sent out from the ILS network by ASR-B.Source address in the IP message at this login request message place is that ASR-B distributes, and is IP in this note ILS
After step 603, P-CSCF receive login request message, can know that this request message comes from the ILS network from the information such as IP address of IP message.Such as, configuration of IP tabulation on P-CSCF, the IP that belongs to certain network segment comes from the ILS network;
Step 603 is optional step.
Following step 604~step 605 and step 606~step 607 provide respectively the method that two kinds of P-CSCF inquiry ILS networks obtain AID, can choose any one kind of them during actual enforcement;
Step 604, P-CSCF send message to ASR-B, the AID of inquiry UE.Such as can be according to the source address of the IP message at the login request message place of receiving in the step 602 and port numbers as the inquiry foundation, namely according to IP ILSWith the AID information of port information to ASR-B inquiry UE.Such as, send TCP/UDP message and inquire about, carry IP ILSWith port information; The application layer messages that perhaps sends on the TCP/UDP is inquired about, and carries IP ILSWith port information;
After step 605, ASR-B receive 604 message of sending, send response message to P-CSCF, carry the AID of UE.Such as, ASR-B preserves IP ILSAnd the corresponding relation between the AID of UE.ASR-B is according to the IP in the message ILSObtain the AID of UE.In issuing the response message of P-CSCF, carry the AID of UE;
Step 606, P-CSCF send message to LR, the AID of inquiry UE.Such as can be according to the source address of the IP message at the login request message place of receiving in the step 602 and port numbers as the inquiry foundation, namely according to IP ILSWith the AID information of port information to LR inquiry UE.Such as, send TCP/UDP message and inquire about, carry IP ILSWith port information; Perhaps, the application layer messages that sends on the TCP/UDP is inquired about, and carries IP ILSWith port information;
In the time of implementation, the address of LR can be configured at P-CSCF in advance, also can pass through IP ILSInfer and draw;
After step 607, LR receive 606 message of sending, send response message to P-CSCF, carry the AID of UE.Such as, LR preserves IP ILSAnd the corresponding relation between the AID of UE.This corresponding relation can report to LR by ASR-B and obtain.LR carries the AID of UE at the response message that sends to P-CSCF;
Step 608, the follow-up registration process that continues.Can be step 404~step 415 among the embodiment one such as, this process.
Embodiment four
As shown in Figure 7, when having provided a kind of ILS network user's initiating business request of the IMS of being registered to network, the IMS network is to its process that authenticates.Particularly, P-CSCF obtains the AID that UE carries from request message, then according to IP ILSInquiry obtains AID, both compared, if consistent, then by the authentication to this request message; This process comprises the steps:
Step 701, UE are linked into the ILS network, and have carried out authentication registration at the IMS network;
The verification process of IMS network can reference example one and embodiment two in process;
Step 702, UE send business request information to P-CSCF, and the IMS business is set up in request; Carry the AID of UE in business request information, note is AID UESuch as, UE sends SIP request (INVITE) message to P-CSCF, carries AID information in the contact header field;
After step 703, P-CSCF receive business request information, obtain the AID that carries in the message UE
P-CSCF obtains the AID of UE from network, note is AID NWIf P-CSCF is a network element of ILS network, P-CSCF can be as shown in embodiment one so, and the source address in the IP message at request message place is exactly the AID of UE; If P-CSCF is the outer network element of ILS network, P-CSCF can inquire about and the AID of acquisition UE in the ILS network as shown in embodiment three so; P-CSCF can also inquire about or subscribe to the IMS network element that UE is registered to the AID of UE, such as the AID information to HSS or S-CSCF inquiry or subscription UE.
The AID that P-CSCF will obtain from request message UEWith the AID that obtains from network NWCompare, if both are consistent, then authentication is passed through, and carries out follow-up step 705 and step 706; If both are inconsistent, authentification failure then, execution in step 704;
If P-CSCF is to the request message authentification failure in step 704 step 703, P-CSCF sends the response message of authentification failure to UE; Finish;
If P-CSCF is to the request message authentication success in step 705 step 703, P-CSCF is to S-CSCF Forward-reques message;
Step 706, continuation subsequent step are finished the IMS business.
As shown in Figure 8, be the structural representation of P-CSCF embodiment of the present invention, this P-CSCF comprises acquisition module 81 and sending module 82, wherein:
Obtain module, be used for obtaining the access identity sign (AID) that the subscriber equipment (UE) of (ILS) network is separated in the identity position;
Sending module is used for adding described AID to from described UE login request message, and sends described login request message to service conversation controlling call entity (S-CSCF).
Wherein, described acquisition module is for the AID that obtains described UE from described login request message; Perhaps, the network element of inquiring about described ILS network according to described login request message obtains the AID of described UE.Particularly, described acquisition module, be for: the network element of the ILS network of described AID and described address information corresponding relation is preserved in the address information inquiry of carrying according to described login request message, obtains the AID of described UE.Described sending module, be for: send described login request message to inquiry conference call controlled entity (I-CSCF), so that the described login request message that described I-CSCF sends and receives to the selected S-CSCF of described I-CSCF.
In addition, described P-CSCF also comprises: receiver module 83 is used for described sending module and sends described login request message to S-CSCF, and after described UE is registered to the IMS network, receives the business request information that described UE sends; Authentication module 84 is used for obtaining the AID of described UE, and the AID of the described UE that carries in the described business request information and the described AID of acquisition are compared, if the two is consistent, then by authentication.Particularly, described authentication module is for the AID that obtains described UE from described login request message; Perhaps, the network element of inquiring about described ILS network obtains the AID of described UE; Perhaps, for example HSS or S-CSCF inquiry or subscribe to the AID of described UE of the IMS network element that is registered to described UE.
Further, the network element that described authentication module is inquired about described ILS network obtains the AID of described UE, be for: the network element of the ILS network of described AID and described address information corresponding relation is preserved in the address information inquiry of carrying according to described login request message or business request information, obtains the AID of described UE.Wherein, the network element of described ILS network can be access service router or location register.
Above-mentioned P-CSCF sends to S-CSCF with the login request message that carries the AID of UE, so that S-CSCF can simplify the authentication registration to this UE; In addition, finish business authentication to UE according to this AID, realize simple.
As shown in Figure 9, be the structural representation of S-CSCF embodiment of the present invention, this S-CSCF comprises receiver module 91 and authentication module 92, wherein:
Receiver module, the access identity that carries the subscriber equipment (UE) that separates (ILS) network in the identity position that is used for Receiving Agent conference call controlled entity (P-CSCF) transmission identifies the login request message of (AID);
Authentication module is used for the AID that the signatory managed network element (HSS) of inquiry IP Multimedia System obtains described UE, and the AID that carries in the described login request message and the AID of acquisition are compared, and finishes the authentication to UE.
Wherein, described authentication module, be that AID for one or more described UE of the AID that described login request message is carried and acquisition compares, if among the described AID of the AID that carries in the described login request message and acquisition is consistent, then described UE is by authentication.
The AID of the UE that carries in the login request message of this S-CSCF according to the P-CSCF transmission authenticates this UE, has simplified the verification process to this UE.
The present invention also provides a kind of Verification System of UE in the IMS network of ILS network, this system comprises P-CSCF shown in Figure 8 and S-CSCF shown in Figure 9, and this system can authenticate this UE by the AID of UE, simplified the verification process to this UE, concrete verification process can referring to Fig. 4-Fig. 7, repeat no more herein.
One of ordinary skill in the art will appreciate that all or part of step in the said method can come the instruction related hardware to finish by program, said procedure can be stored in the computer-readable recording medium, such as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, each the module/unit in above-described embodiment can adopt the form of hardware to realize, also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
Above embodiment is only unrestricted in order to technical scheme of the present invention to be described, only with reference to preferred embodiment the present invention is had been described in detail.Those of ordinary skill in the art should be appreciated that and can make amendment or be equal to replacement technical scheme of the present invention, and do not break away from the spirit and scope of technical solution of the present invention, all should be encompassed in the middle of the claim scope of the present invention.

Claims (19)

1. the authentication method of subscriber equipment (UE) in IP Multimedia System (IMS) network of (ILS) network separated in an identity position, and the method comprises:
Act on behalf of the access identity sign (AID) that conference call controlled entity (P-CSCF) obtains described UE;
Described P-CSCF adds described AID in the login request message from described UE to, and sends described login request message to service conversation controlling call entity (S-CSCF).
2. method according to claim 1 is characterized in that:
The AID that described P-CSCF obtains described UE comprises:
Described P-CSCF obtains the AID of described UE from described login request message; Or
The network element that described P-CSCF inquires about described ILS network according to described login request message obtains the AID of described UE.
3. method according to claim 1 is characterized in that:
Described P-CSCF sends described login request message to S-CSCF and comprises:
Described P-CSCF sends described login request message to inquiry conference call controlled entity (I-CSCF), the described login request message that described I-CSCF sends and receives to the selected S-CSCF of described I-CSCF.
4. method according to claim 2 is characterized in that:
The AID that the network element that described P-CSCF inquires about described ILS network according to described login request message obtains described UE comprises:
Described P-CSCF preserves the network element of the ILS network of described AID and described address information corresponding relation according to the address information inquiry of carrying in the described login request message, obtain the AID of described UE.
5. the described method of arbitrary claim according to claim 1-4 is characterized in that:
Described P-CSCF is after S-CSCF sends described login request message, and described method also comprises:
Described P-CSCF receives the business request information that described UE sends after described UE is registered to the IMS network;
Described P-CSCF obtains the AID of described UE, and the AID of the described UE that carries in the described business request information and the described AID of acquisition are compared, if the two is consistent, then by authentication.
6. method according to claim 5 is characterized in that:
The AID that described P-CSCF obtains described UE comprises:
Described P-CSCF obtains the AID of described UE from described login request message;
The network element that described P-CSCF inquires about described ILS network obtains the AID of described UE; Or
The AID of described UE is inquired about or subscribed to the IMS network element that described P-CSCF is registered to described UE.
7. method according to claim 6 is characterized in that:
The AID that the network element that described P-CSCF inquires about described ILS network obtains described UE comprises:
Described P-CSCF preserves the network element of the ILS network of described AID and described address information corresponding relation according to the address information inquiry of carrying in described login request message or the business request information, obtain the AID of described UE.
8. the authentication method of subscriber equipment (UE) in IP Multimedia System (IMS) network of (ILS) network separated in an identity position, and the method comprises:
The login request message of the access identity sign (AID) of carrying described UE that service conversation controlling call entity (S-CSCF) Receiving Agent conference call controlled entity (P-CSCF) sends;
Described S-CSCF inquiry IMS subscription managed network element (HSS) obtains the AID of described UE, and the AID that carries in the described login request message and the AID of acquisition are compared, and finishes the authentication to UE.
9. method according to claim 8 is characterized in that:
Described S-CSCF compares the AID that carries in the described login request message and the AID of acquisition, finishes the authentication to UE, comprising:
Described S-CSCF compares the AID of one or more described UE of the AID that carries in the described login request message and acquisition, if among the described AID of the AID that carries in the described login request message and acquisition is consistent, then described UE is by authentication.
10. act on behalf of conference call controlled entity (P-CSCF) for one kind, this P-CSCF comprises:
Obtain module, be used for obtaining the access identity sign (AID) that the subscriber equipment (UE) of (ILS) network is separated in the identity position;
Sending module is used for adding described AID to from described UE login request message, and sends described login request message to service conversation controlling call entity (S-CSCF).
11. P-CSCF according to claim 10 is characterized in that:
Described acquisition module is for the AID that obtains described UE from described login request message; Perhaps, the network element of inquiring about described ILS network according to described login request message obtains the AID of described UE.
12. P-CSCF according to claim 10 is characterized in that:
Described sending module, be for: send described login request message to inquiry conference call controlled entity (I-CSCF), so that the described login request message that described I-CSCF sends and receives to the selected S-CSCF of described I-CSCF.
13. P-CSCF according to claim 11 is characterized in that:
Described acquisition module, be for: the network element of the ILS network of described AID and described address information corresponding relation is preserved in the address information inquiry of carrying according to described login request message, obtains the AID of described UE.
14. the described P-CSCF of arbitrary claim is characterized in that according to claim 10-13, described P-CSCF also comprises:
Receiver module is used for described sending module and sends described login request message to S-CSCF, and described UE is registered to after IP Multimedia System (IMS) network, receives the business request information that described UE sends;
Authentication module is used for obtaining the AID of described UE, and the AID of the described UE that carries in the described business request information and the described AID of acquisition are compared, if the two is consistent, then by authentication.
15. P-CSCF according to claim 14 is characterized in that:
Described authentication module is for the AID that obtains described UE from described login request message; Perhaps, the network element of inquiring about described ILS network obtains the AID of described UE; Perhaps, the AID of described UE is inquired about or subscribed to the IMS network element that is registered to described UE.
16. P-CSCF according to claim 15 is characterized in that:
The network element that described authentication module is inquired about described ILS network obtains the AID of described UE, be for:
Preserve the network element of the ILS network of described AID and described address information corresponding relation according to the address information inquiry of carrying in described login request message or the business request information, obtain the AID of described UE.
17. a service conversation controlling call entity (S-CSCF), this S-CSCF comprises:
Receiver module, the access identity that carries the subscriber equipment (UE) that separates (ILS) network in the identity position that is used for Receiving Agent conference call controlled entity (P-CSCF) transmission identifies the login request message of (AID);
Authentication module is used for the AID that the signatory managed network element (HSS) of inquiry IP Multimedia System obtains described UE, and the AID that carries in the described login request message and the AID of acquisition are compared, and finishes the authentication to UE.
18. S-CSCF according to claim 17 is characterized in that:
Described authentication module, that AID for one or more described UE of the AID that described login request message is carried and acquisition compares, if among the described AID of the AID that carries in the described login request message and acquisition is consistent, then described UE is by authentication.
19. the Verification System of subscriber equipment (UE) in the IP Multimedia System network of (ILS) network separated in an identity position, this system comprises as the arbitrary claim of claim 10-16 is described acts on behalf of conference call controlled entity (P-CSCF) and such as the described service conversation controlling call entity of the arbitrary claim of claim 17-18 (S-CSCF).
CN201110275362.8A 2011-09-16 2011-09-16 The UE of ILS networks authentication methods and system in the ims network Expired - Fee Related CN103001935B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110275362.8A CN103001935B (en) 2011-09-16 2011-09-16 The UE of ILS networks authentication methods and system in the ims network
PCT/CN2012/079707 WO2013037251A1 (en) 2011-09-16 2012-08-06 Authentication method and system for ue in ils network in ims network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110275362.8A CN103001935B (en) 2011-09-16 2011-09-16 The UE of ILS networks authentication methods and system in the ims network

Publications (2)

Publication Number Publication Date
CN103001935A true CN103001935A (en) 2013-03-27
CN103001935B CN103001935B (en) 2017-06-30

Family

ID=47882595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110275362.8A Expired - Fee Related CN103001935B (en) 2011-09-16 2011-09-16 The UE of ILS networks authentication methods and system in the ims network

Country Status (2)

Country Link
CN (1) CN103001935B (en)
WO (1) WO2013037251A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017092229A1 (en) * 2015-11-30 2017-06-08 宇龙计算机通信科技(深圳)有限公司 Multiservice-based ims registration method and ims registration system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103702329A (en) * 2013-11-15 2014-04-02 北京创毅讯联科技股份有限公司 Communication terminal identity authentication method, communication terminal and base station

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010074512A2 (en) * 2008-12-23 2010-07-01 Kt Corporation System and method for supporting network mobility based on identifier-locator separation
CN102026164A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Method and system for acquiring ID (Identity) of terminal user
CN102025702A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Network based on identity and position separation frame, and backbone network and network element thereof
WO2011079650A1 (en) * 2009-12-28 2011-07-07 中兴通讯股份有限公司 Method and system for implementing instant messaging control

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120106335A1 (en) * 2009-06-30 2012-05-03 France Telecom Method and device for acknowledging a periodic signaling request in a telecommunication network
CN102025599B (en) * 2009-09-17 2014-10-22 中兴通讯股份有限公司 Method and system of initiating communication, forwarding information and data message and route configuration
CN102045705A (en) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 Method for anonymous communication as well as registering method and access node adopted in same

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010074512A2 (en) * 2008-12-23 2010-07-01 Kt Corporation System and method for supporting network mobility based on identifier-locator separation
WO2010074512A3 (en) * 2008-12-23 2010-08-26 Kt Corporation System and method for supporting network mobility based on identifier-locator separation
CN102026164A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Method and system for acquiring ID (Identity) of terminal user
CN102025702A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Network based on identity and position separation frame, and backbone network and network element thereof
WO2011079650A1 (en) * 2009-12-28 2011-07-07 中兴通讯股份有限公司 Method and system for implementing instant messaging control

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017092229A1 (en) * 2015-11-30 2017-06-08 宇龙计算机通信科技(深圳)有限公司 Multiservice-based ims registration method and ims registration system

Also Published As

Publication number Publication date
CN103001935B (en) 2017-06-30
WO2013037251A1 (en) 2013-03-21

Similar Documents

Publication Publication Date Title
US7574735B2 (en) Method and network element for providing secure access to a packet data network
JP4549393B2 (en) User registration in communication systems
JP4922397B2 (en) Method for multiple registration of multimode communication terminal devices
US9538361B2 (en) Methods and apparatuses for registering a terminal in the IMS over a circuit-switched access domain
EP3262816B1 (en) Realm translation in an ims network
CN101401476B (en) Access control in a communication network
US20070055874A1 (en) Bundled subscriber authentication in next generation communication networks
CN102177698A (en) Correlating communication sessions
CN101971592A (en) Local session controller, ip multimedia subsystem and session registration method
WO2008116804A1 (en) Method for providing subscriptions to packet-switched networks
CN105429988A (en) IMS (Internet Protocol Multimedia Subsystem) registration method and IMS registration system based on multiple services
KR20130024953A (en) Transmitting authentication information
CN103338213A (en) Method, system and access gateway for intercommunication between local equipment and IMS (IP Multimedia Subsystem) network
KR20060113284A (en) Ip multimedia subsystem for supprting voice service and call setup method thereof
US8345596B2 (en) Call control method for seamless mobility service
US9692835B2 (en) Method and apparatuses for the provision of network services offered through a set of servers in an IMS network
US9060005B2 (en) Method, apparatus, system and related computer program product for handover management
CN101997828B (en) Method, device and network for network re-registration of Internet protocol multimedia subsystem (IMS)
KR20070025271A (en) Method and apparatus for sending and receiving call unregistered user in a ip multimedia subsystem network
CN101325759A (en) Method and system for accessing IMS early authentication for subscriber terminal
CN110446277B (en) VoWiFi service access method for dual-card terminal and terminal
JP5173865B2 (en) Location registration method and system for connecting SIP client compatible device to IP subsystem network
CN103001935A (en) Authentication method and authentication system for UE (user equipment) of ILS (identity location separation) network in IMS (IP (internet protocol) multimedia subsystem) network
EP1944945B1 (en) Communication system with transparent subscriber mobility based on group registration
KR101360151B1 (en) Method of sip message transmission between gruu users in ims network, and device of the same

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20170531

Address after: Yuhuatai District of Nanjing City, Jiangsu province 210012 Bauhinia Road No. 68

Applicant after: Nanjing Zhongxing New Software Co., Ltd.

Address before: 518057 Nanshan District Guangdong high tech Industrial Park, South Road, science and technology, ZTE building, Ministry of Justice

Applicant before: ZTE Corporation

GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170630

Termination date: 20190916

CF01 Termination of patent right due to non-payment of annual fee