CN104735664B - A kind of method for authenticating and device - Google Patents

A kind of method for authenticating and device Download PDF

Info

Publication number
CN104735664B
CN104735664B CN201510110072.6A CN201510110072A CN104735664B CN 104735664 B CN104735664 B CN 104735664B CN 201510110072 A CN201510110072 A CN 201510110072A CN 104735664 B CN104735664 B CN 104735664B
Authority
CN
China
Prior art keywords
response
register
authentication
registration request
cscf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510110072.6A
Other languages
Chinese (zh)
Other versions
CN104735664A (en
Inventor
侯青敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201510110072.6A priority Critical patent/CN104735664B/en
Publication of CN104735664A publication Critical patent/CN104735664A/en
Application granted granted Critical
Publication of CN104735664B publication Critical patent/CN104735664B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides a kind of method for authenticating and device, the method includes:S CSCF receive the registration request that UE is sent, and register and authentication is carried out with HSS;If register and authentication success, S CSCF preserve authentication vector;S CSCF receive the re-register or de-registration request that UE is sent, and judge whether preserve authentication vector in S CSCF, if preserving authentication vector, carry out re-register or nullify to authenticate to UE according to authentication vector.Method and device disclosed by the invention, S CSCF receive the registration request that UE is sent, if register and authentication success, S CSCF preserve authentication vector and user data;When S CSCF receive the re-register or de-registration request that UE is sent, if S CSCF preserve authentication vector, then UE is carried out re-register or nullified to authenticate according to authentication vector, acquisition authentication vector need not be interacted with HSS again, to improve re-register or nullify the efficiency of authentication.

Description

A kind of method for authenticating and device
Technical field
The present invention relates to the communications fields, more particularly to a kind of method for authenticating and device.
Background technology
IMS (IP Multimedia Subsystem, IP multimedia subsystem) can provide completely new multimedia service shape Formula can meet user to multimedia service more novelization and more diversified demand.
The network element entity of IMS includes:UE (User Equipment, user terminal), S-CSCF (Serving Call Session Control Function, service call conversation control function) and HSS (Home Subscriber Server, return Possession user service).Wherein, S-CSCF is the core in IMS, be responsible for the registration of user terminal, authentication, business triggering and Conversation control function, HSS are the servers that user and server relevant information are stored in IMS.In order to ensure the peace of user account Entirely, user terminal is before running multimedia service, and IMS needs to authenticate user terminal requests, including to user terminal Registration, re-register and nullify behavior authenticated.If being carried in REGISTER (registration) requests that user terminal is sent Authorization header fields, and the integrity-protected parameters in header field be tls-pending, tls-yes, Ip-assoc-pending, ip-assoc-yes or auth-done;Or it is carried in REGISTER message Authorization header fields, but integrity-protected parameters are not carried in header field, and the user of HSS allocation is whole The authentication pattern at end is Digest patterns, then the authentication pattern of user terminal is Digest patterns.
Currently, IMS be based on 3GPPTS24.229 agreements (the IP multimedia calls control protocol based on SIP and SDP) to Registration, re-register or the de-registration request that family terminal is sent carry out Digest pattern authentications, interactive process such as Fig. 1 institutes of the authentication Show, the interactive process of the authentication includes:
First, S-CSCF receives first registration, re-register or the de-registration request that user terminal is sent, and sends MAR (Multimedia authorization request, multimedia authentication request) arrives HSS;Then, HSS receives MAR, to S- CSCF replys MAA (Multimedia authorization answer, multimedia authentication response), and S-CSCF receives MAA, and Authentication vector is obtained, sends 401 (unauthorized) response messages to user terminal;Finally, S-CSCF receives subsequent registration, re-register Or de-registration request, it is authenticated according to the response of the Authorization header fields in subsequent request, after authenticating successfully, S-CSCF sends server assignment request to HSS, and receives the server assignment response of HSS feedbacks, is then sent out to user terminal 200OK is sent, to complete registration, re-register or the log off procedure of user terminal.
Since agreement provides, when authentication mode is Digest modes, one group of authentication vector can only be downloaded, so user is whole When end needs authentication every time during using multimedia service, S-CSCF will be interacted with HSS, to obtain authentication vector progress Authentication causes to authenticate inefficiency.
Invention content
The present invention provides a kind of method for authenticating and device, authentication efficiency when improving re-register and nullify.
On the one hand, the present invention provides a kind of method for authenticating, including:
Service call conversation control function S-CSCF receives the registration request that user terminal UE is sent, and is taken with ownership place user Business HSS carries out register and authentication;If register and authentication success, S-CSCF preserve authentication vector;
S-CSCF receives the re-register or de-registration request that UE is sent, judge whether to preserve in S-CSCF it is described authenticate to Amount carries out re-register or nullifies to authenticate according to the authentication vector if preserving the authentication vector to UE.
On the other hand, the present invention provides a kind of authentication devices, including:
Register and authentication module, the registration request sent for receiving user terminal UE, carries out with ownership place user service HSS Register and authentication;If register and authentication success, preserves authentication vector;
Re-register or de-registration request authentication module, re-register or de-registration request for receiving UE transmissions, judge whether to protect There is the authentication vector, if preserving the authentication vector, re-register or cancellation are carried out to UE according to the authentication vector Authentication.
Compared with prior art, technical solution provided by the invention has the following advantages:
Service call conversation control function S-CSCF receives the registration request that user terminal UE is sent, and is taken with ownership place user Business HSS carries out register and authentication;If register and authentication success, S-CSCF preserve authentication vector and user data;When S-CSCF is received The re-register or de-registration request that UE is sent carry out re-register according to authentication vector if S-CSCF preserves authentication vector to UE Or authentication is nullified, acquisition authentication vector need not be interacted with HSS again, to improve re-register or nullify the effect of authentication Rate.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is the interactive process schematic diagram authenticated in the prior art;
Fig. 2 is a kind of flow diagram of method for authenticating provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another method for authenticating provided in an embodiment of the present invention;
Fig. 4 is the flow diagram of another method for authenticating provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of authentication device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of another authentication device provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Embodiment one
An embodiment of the present invention provides a kind of method for authenticating, be suitable for UE (User Equipment, user terminal) into In the case of row service authentication, as shown in Fig. 2, the method for authenticating includes the following steps S201-S202.
Step S201, S-CSCF (Serving Call Session Control Function, service call session control Function processed) registration request that UE is sent is received, it is carried out with HSS (Home Subscriber Server, ownership place user service) Register and authentication;If register and authentication success, S-CSCF preserve authentication vector.
In this step, after S-CSCF receives UE transmission registration requests, MAR (Multimedia are carried out with HSS Authorization request, multimedia authentication request) and/MAA (Multimedia authorization answer, it is more Media authentication response) interaction, authentication vector H (A1) is obtained from the MAA that HSS is fed back.The authentication vector can be HSS foundations PVI (Private user identity, private user identity), key and realm values, which calculate, to be obtained, and is filled into MAA anti- Feed S-CSCF.If register and authentication success, preserves authentication vector, to carry out follow-up process in the free memory of S-CSCF In need not carry out MAR/MAA with HSS again and interact and be obtained with authentication vector.Authentication vector generally only 32 bytes, occupy Amount of ram is seldom, therefore need not extend existing S-CSCF amount of ram.If authentication is unsuccessful, authentication vector is not preserved.
The re-register or de-registration request that step S202, S-CSCF reception UE is sent, judge mirror whether is preserved in S-CSCF Weight vector carries out re-register or nullifies to authenticate according to authentication vector if preserving authentication vector to UE.
In this step, S-CSCF receive UE send re-register or de-registration request, if preserved in S-CSCF authentication to Amount then need not carry out MAR/MAA interactions with HSS, directly can carry out re-register or nullify to authenticate to UE;If not protected in S-CSCF Authentication vector is deposited, then S-CSCF need to be interacted with HSS progress MAR/MAA to obtain MAA, and authentication vector is obtained from MAA, then right UE carries out re-register or nullifies authentication.
A kind of method for authenticating provided through the embodiment of the present invention, service call conversation control function S-CSCF receive user The registration request that terminal UE is sent carries out register and authentication with ownership place user service HSS;If register and authentication success, S-CSCF Preserve authentication vector and user data;When the re-register or de-registration request that S-CSCF receptions UE is sent, if S-CSCF preserves mirror Weight vector then carries out re-register or nullifies to authenticate according to authentication vector to UE, need not interact and obtain with HSS progress MAR/MAA again Authentication vector is taken, to improve re-register or nullify the efficiency of authentication.
Embodiment two
An embodiment of the present invention provides a kind of method for authenticating, are applicable to the feelings that S-CSCF carries out UE registration service authentication Under condition, as shown in figure 3, specifically including following steps S301-S306:
Step S301, S-CSCF receive first registration request that UE is sent, and multimedia authentication request MAR is sent to HSS, And receive the multimedia authentication response MAA of HSS feedbacks.
In this step, HSS is obtained after the MAR for receiving S-CSCF transmissions according to PVI, key and the calculating of realm values Authentication vector is obtained, and authentication vector is filled into MAA and feeds back to S-CSCF.
Step S302, S-CSCF obtain authentication vector from MAA, and include the response message of authentication vector to UE feedbacks.
In this step, S-CSCF extracts the authentication vector in MAA, and generates random field value (nonce), will authenticate to Amount and random field value are filled into response message, and will include that the response message of authentication vector and random field value is sent to UE, the response message can be 401 response messages.
Step S303, S-CSCF receive the Article 2 registration request that UE is sent, wherein are carried in Article 2 registration request Response, random field value, private user identity and cipher key calculation in the header field that response passes through response message obtain.
In this step, it after UE receives the response message including authentication vector that S-CSCF is sent, is sent out to S-CSCF Send Article 2 registration request.S-CSCF receives the Article 2 registration request that UE is sent, specifically, Article 2 registration request Authorization header field response fields include response, response be UE according to random field value, private user identity and The response that cipher key calculation goes out, random field value be include authentication vector response message in www-authenticate heads The random field value in domain.
Step S304, S-CSCF calculate response according to random field value and authentication vector, and compare the sound for calculating and obtaining It should be worth whether consistent with the response carried in Article 2 registration request;Determine that S-CSCF is registered with UE according to comparison result Whether authentication succeeds.
In this step, S-CSCF can calculate response according to Message Digest Algorithm 5 MD5 algorithms, and compare Calculate the response in the response and Article 2 registration request obtained;If consistent, register and authentication success, and execute step S305.If inconsistent, register and authentication failure executes step S306.
Step S305, S-CSCF send server assignment request to HSS, and receive the server assignment response of HSS feedbacks, Wherein, user data is carried in server assignment response;S-CSCF preserves user data and authentication vector, sends and registers to UE Success response.
In this step, response of succeeding in registration can be 200OK responses.
Step S306, S-CSCF send failed authentication response message to UE.
In this step, failed authentication message can be 403 response messages.
A kind of method for authenticating provided through the embodiment of the present invention, after S-CSCF receives first login request message, In order to ensure that the safety of registration process, S-CSCF are initiated MAR to HSS for the user, after the MAA for receiving HSS replies, obtained The authentication vector in MAA is taken, and authentication vector is filled into 401 responses, then sends 401 responses to UE.UE is according to 401 sound Random field value, private user identity and the cipher key calculation response values of www-authenticate header fields in answering, and will The response fields of the authorization header fields of the response filling Article 2 registration request of calculating, after S-CSCF is received The response that response and terminal are sent can be calculated according to MD5 algorithms to be compared.If compared successfully, authenticate successfully into Row subsequent server distribution request/server assignment response flow preserves the authentication vector in user data and MAA to locally; If comparing failure, failed authentication sends 403 responses to registration failure, to UE.
Embodiment three
An embodiment of the present invention provides a kind of method for authenticating, are applicable to S-CSCF and carry out re-register or logout service to UE In the case of authentication, as shown in figure 4, specifically including following steps S401-S411:
Step S401, S-CSCF receive first re-register or de-registration request that UE is sent.
Step S402 judges whether preserve authentication vector in S-CSCF;If not preserving authentication vector, then follow the steps S403;If preserving authentication vector, S404 is thened follow the steps.
Step S403, S-CSCF and HSS carry out MAR/MAA and interact to obtain authentication vector.
Step S404, S-CSCF to UE feedback include authentication vector response message.
Step S405, S-CSCF receive the Article 2 re-register or de-registration request that UE is sent, wherein Article 2 re-register or Response is carried in de-registration request, random field value, private user identity in the header field that response passes through response message and Cipher key calculation obtains.
In this step, S-CSCF receives the Article 2 re-register or de-registration request that UE is sent, Article 2 re-register or note The authorization header field response fields of pin request include response, and response is UE according to random field value, privately owned use Family identify and cipher key calculation response, random field value be include authentication vector response message in www- The random field value of authenticate header fields, the response message can be 401 response messages.
Step S406, S-CSCF calculate response according to random field value and authentication vector, will calculate the response obtained It is compared with the response carried in Article 2 re-register or de-registration request, if unanimously, re-register or cancellation are sent to UE Authentication successful message.
In this step, S-CSCF can according to random field value, authentication vector, NonceCount, CNonce, Qop, Method, URI (Uniform Resource Identifier, uniform resource identifier) calculate response with MD5 algorithms, and The response obtained will be calculated to be compared with the response carried in Article 2 re-register or de-registration request, if inconsistent, Execute step S407;If consistent, send re-register to UE or nullify authentication successful message, and execute step S408;.
Step S407, S-CSCF deletes authentication vector, and sends authentication errored response to UE.
In this step, S-CSCF sends re-register to US or nullifies failed authentication message, the re-register or cancellation authentication Failed message can be 403 message.
Step S408, S-CSCF send server assignment request to HSS, and receive the server assignment response of HSS feedbacks, Wherein, user data is carried in server assignment response.
In this step, user data can be the data such as contact address, public user identity and private user identity.
Step S409, S-CSCF judge whether first re-register received or de-registration request attach most importance to registration request, if It is to then follow the steps S410;If it is not, thening follow the steps S411.
Step S410, S-CSCF preserves user data, and sends re-register to UE and respond success message.
In this step, if not preserving authentication vector in S-CSCF, authentication vector can also be preserved, so as in subsequent authentication In the process, it need not be interacted with HSS progress MAR/MAA and be obtained with authentication vector.If preserving authentication vector in S-CSCF, It need not then repeat to preserve.It can be re-register 200OK message that S-CSCF sends re-register response success message to UE.
Step S411, S-CSCF delete user data, are sent to UE and nullify response success message.
In this step, it can be to nullify 200OK message that S-CSCF, which sends to UE and nullifies response success message,.
A kind of method for authenticating provided through the embodiment of the present invention, S-CSCF receive first re-register or de-registration request After message, if local have authentication vector, authentication vector is obtained from local, MAR/MAA interactions need not be carried out with HSS again Obtain authentication vector;Otherwise, S-CSCF sends MAR requests to HSS, after the MAA responses for receiving HSS transmissions, obtains authentication vector, And authentication vector is filled into 401 response messages, then sends 401 response messages to UE.UE is according in 401 responses The random field values of www-authenticate header fields calculates response, and by the response of calculating insert Article 2 re-register or The response value field of the authorization header fields of de-registration request, S-CSCF can calculate response after receiving according to MD5 algorithms, It is compared with the UE responses sent.If compared successfully, success is authenticated, carries out follow-up SAR/SAA flows.When business is When re-register, the authentication vector in user data and MAA message is preserved to locally, the 200OK of re-register is sent to UE, works as business When to nullify, user data is deleted, the 200OK nullified is sent to terminal;If comparing failure, failed authentication, before deletion The authentication vector locally preserved sends 403 response messages to terminal
Example IV
An embodiment of the present invention provides a kind of authentication device, in the case of being suitable for carrying out service authentication to UE, such as Fig. 5 institutes Show, which specifically includes:Register and authentication module 51 and re-register or de-registration request authentication module 52.Wherein, registration mirror Module 51 is weighed, the registration request sent for receiving user terminal UE carries out register and authentication with ownership place user service HSS;If Register and authentication success, then preserve authentication vector;Re-register or de-registration request authentication module 52, the re-register for receiving UE transmissions Or de-registration request, judge it is no preserve authentication vector, if preserving authentication vector, according to authentication vector to UE carry out re-register Or nullify authentication.
In register and authentication module 51, after receiving UE transmission registration requests, MAR/MAA interactions are carried out with HSS, in HSS Authentication vector is obtained in the MAA of feedback.The authentication vector can be that HSS calculates acquisition according to PVI, key and realm values.If note Volume authenticates successfully, then authentication vector is preserved in free memory, to carry out that MAR/ need not be carried out with HSS again in follow-up process MAA interactions are obtained with authentication vector.Authentication vector generally only 32 bytes, committed memory amount is seldom, therefore need not expand Showing has amount of ram.If authentication is unsuccessful, authentication vector is not preserved.
In re-register or de-registration request authentication module 52, re-register or de-registration request that UE is sent are received, if preserving Authentication vector then need not carry out MAR/MAA interactions with HSS, directly carry out re-register or nullify to authenticate to UE;If not preserving authentication Vector then needs to interact to obtain MAA with HSS progress MAR/MAA, and obtains authentication vector from MAA, then carries out re-register to UE Or nullify authentication.
A kind of authentication device provided through the embodiment of the present invention receives the registration request that UE is sent, with ownership place user It services HSS and carries out register and authentication;If register and authentication success, preserves authentication vector and user data;When the weight for receiving UE transmissions Registration or de-registration request carry out re-register or nullify to authenticate, not need according to authentication vector if preserving authentication vector to UE MAR/MAA is carried out with HSS again and interacts acquisition authentication vector, to improve re-register or nullify the efficiency of authentication.
Embodiment five
An embodiment of the present invention provides a kind of authentication device, it is applicable to register UE, re-register and logout service In the case of authentication, as shown in fig. 6, the authentication device includes:Register and authentication module 61, re-register or de-registration request authentication module 62, server distribution module 63, re-register request judgment module 64 and authentication vector removing module 65.Register and authentication module 61 is wrapped It includes:First registration request receiving unit 611, Article 2 registration request receiving unit 612 and response comparing unit 613.Weight Registration or de-registration request authentication module 62 include:First re-register or de-registration request receiving unit 621, Article 2 re-register or De-registration request receiving unit 622 and response computing unit 623.
Preferably, first registration request receiving unit 611, first registration request for receiving UE transmissions, and to UE feeds back the response message for including authentication vector;Article 2 registration request receiving unit 612, the Article 2 for receiving UE transmissions Registration request carries response in Article 2 registration request, random field value in the header field that response passes through response message, Private user identity and cipher key calculation obtain;Response comparing unit 613, for being calculated according to random field value and authentication vector Response, and compare the response for calculating the response obtained and being carried in Article 2 registration request, if unanimously, register and authentication Success.
First re-register or de-registration request receiving unit 621, first re-register for receiving UE transmissions or cancellation Request, and judge whether to preserve authentication vector, include the response of authentication vector to UE feedbacks if preserving authentication vector Message;Article 2 re-register or de-registration request receiving unit 622, Article 2 re-register or cancellation for receiving UE transmissions are asked It asks, response is carried in Article 2 re-register or de-registration request, the random field in the header field that response passes through response message Value, private user identity and cipher key calculation obtain;Response computing unit 623, for according to random field value and authentication vector Response is calculated, the response obtained will be calculated and be compared with the response carried in Article 2 re-register or de-registration request, If consistent, send re-register to UE or nullify authentication successful message.
Server distribution module 63, for sending user data requests to HSS, and the user data for receiving HSS feedbacks is rung It answers, user data is carried in user data response;
Re-register asks judgment module 64, and whether Article 2 re-register or registration request for judging to receive are re-injection Volume request if so, preserving user data and authentication vector, and sends re-register response message to UE;If it is not, then deleting user Data send to UE and nullify response message.
Authentication vector removing module 65, if being taken with Article 2 re-register or de-registration request for calculating the response obtained The response of band is inconsistent, then deletes authentication vector, and send authentication errored response to UE.
In first registration request receiving unit 611, HSS is after receiving MAR, according to PVI, key and realm Value calculates acquisition authentication vector, and HSS and feedback include the MAA of authentication vector.First registration request receiving unit 611 extracts Authentication vector in MAA, authentication vector is filled into response message, and will include that the response message of authentication vector is sent to UE.Wherein, response message can be 401 response messages.
In Article 2 registration request receiving unit 612, after UE receives the response message including authentication vector, send Article 2 registration request.Article 2 registration request receiving unit 612 receives the Article 2 registration request that UE is sent, specifically, the The authorization header field response fields of two registration requests include response, response be UE according to random field value, The response that private user identity and cipher key calculation go out, random field value be include authentication vector response message in www- The random field value of authenticate header fields.
In response comparing unit 613, response is calculated according to random field value and authentication vector, and compare calculating and obtain Whether the response carried in the response and Article 2 registration request that obtain is consistent;It is determined according to comparison result and is registered with UE Whether authentication succeeds.
In first re-register or de-registration request receiving unit 621, if not preserving authentication vector, carried out with HSS MAR/MAA is interacted to obtain authentication vector;If preserving authentication vector, disappear to the response that UE feedbacks include authentication vector Breath.
In Article 2 re-register or de-registration request receiving unit 622, the Article 2 re-register or cancellation that UE is sent are received The authorization header field response fields of request, Article 2 re-register or de-registration request include response, response UE According to random field value, private user identity and cipher key calculation response, random field value is the response for including authentication vector The random field value of www-authenticate header fields in message, the response message can be 401 response messages.
In response computing unit 623, can according to random field value, authentication vector, NonceCount, CNonce, Qop, method, URI (Uniform Resource Identifier, uniform resource identifier) are calculated with MD5 algorithms and are responded Value, and be compared the response obtained is calculated with the response carried in Article 2 re-register or de-registration request, if unanimously, Then re-register is sent to UE or nullify authentication successful message, if inconsistent, send re-register to UE or cancellation failed authentication disappears Breath, the re-register or cancellation failed authentication message can be 403 message.
In server distribution module 63, user data can be contact address, public user identity and privately owned user mark The data such as knowledge.
A kind of authentication device provided through the embodiment of the present invention receives the registration request that UE is sent, with ownership place user It services HSS and carries out register and authentication;If register and authentication success, preserves authentication vector and user data;When the weight for receiving UE transmissions Registration or de-registration request carry out re-register or nullify to authenticate, not need according to authentication vector if preserving authentication vector to UE MAR/MAA is carried out with HSS again and interacts acquisition authentication vector, to improve re-register or nullify the efficiency of authentication.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with The difference of other embodiment, the same or similar parts between the embodiments can be referred to each other.For system embodiment For, since it is basically similar to the method embodiment, so description is fairly simple, referring to the portion of embodiment of the method in place of correlation It defends oneself bright.
It above to a kind of method for authenticating provided by the present invention and device, is described in detail, tool used herein Principle and implementation of the present invention are described for body example, and the explanation of above example is only intended to help to understand this hair Bright method and its core concept;Meanwhile for those of ordinary skill in the art, according to the thought of the present invention, specific real There will be changes in mode and application range are applied, to sum up, the content of the present specification should not be construed as limiting the invention.

Claims (8)

1. a kind of method for authenticating, which is characterized in that including:
Service call conversation control function S-CSCF receives the registration request that user terminal UE is sent, with ownership place user service HSS carries out register and authentication;If register and authentication success, S-CSCF preserve authentication vector;
S-CSCF receives first re-register or de-registration request that UE is sent, judge whether to preserve in S-CSCF it is described authenticate to Amount includes the response message of the authentication vector to UE feedbacks if preserving the authentication vector;
S-CSCF receives the Article 2 re-register or de-registration request that UE is sent, wherein the Article 2 re-register or de-registration request In carry response, random field value, private user identity in the header field that the response passes through the response message and Cipher key calculation obtains;
S-CSCF calculates response according to random field value and the authentication vector, will calculate the response and described second obtained The response carried in re-register or de-registration request is compared, if unanimously, send re-register to UE or nullify authentication at Work(message.
2. according to the method described in claim 1, it is characterized in that, the response obtained and the Article 2 will be calculated described After the response carried in re-register or de-registration request is compared, further include:
S-CSCF sends server assignment request to HSS, and receives the server assignment response of HSS feedbacks, wherein the service User data is carried in device assignment response;
S-CSCF judges whether first re-register for receiving or de-registration request attach most importance to registration request, if so, preserving The user data and the authentication vector, and send re-register to UE and respond success message;
If it is not, then deleting the user data, is sent to UE and nullify response success message.
3. according to the method described in claim 1, it is characterized in that, further including:
If calculating the response obtained and the response carried in the Article 2 re-register or de-registration request being inconsistent, S- CSCF deletes the authentication vector, and sends authentication errored response to UE.
4. according to the method described in claim 1, it is characterized in that, the service call conversation control function S-CSCF receives use The registration request that family terminal UE is sent, carrying out register and authentication with ownership place user service HSS includes:
S-CSCF receives first registration request that UE is sent, and multimedia authentication request MAR is sent to HSS, and receives HSS feedbacks Multimedia authentication response MAA;
S-CSCF obtains authentication vector from MAA, and includes the response message of the authentication vector to UE feedbacks;
S-CSCF receives the Article 2 registration request that UE is sent, wherein carries response in the Article 2 registration request, institute Random field value, private user identity and the cipher key calculation stated in the header field that response passes through the response message obtain;
S-CSCF calculates response according to random field value and the authentication vector, and compares and calculate the response obtained and described Whether the response carried in Article 2 registration request is consistent;Determine that S-CSCF and UE carries out register and authentication and is according to comparison result No success.
5. a kind of authentication device, which is characterized in that including:
Register and authentication module, the registration request sent for receiving user terminal UE, is registered with ownership place user service HSS Authentication;If register and authentication success, preserves authentication vector;
First re-register or de-registration request receiving unit, first re-register or de-registration request for receiving UE transmissions, and Judge whether to preserve the authentication vector, includes the authentication vector to UE feedbacks if preserving the authentication vector Response message;
Article 2 re-register or de-registration request receiving unit, Article 2 re-register or de-registration request for receiving UE transmissions, institute State and carry response in Article 2 re-register or de-registration request, in the header field that the response passes through the response message with Machine field value, private user identity and cipher key calculation obtain;
Response computing unit will calculate the sound obtained for calculating response according to random field value and the authentication vector It should be worth and be compared with the response carried in the Article 2 re-register or de-registration request, if unanimously, re-injection is sent to UE Volume nullifies authentication successful message.
6. device according to claim 5, which is characterized in that further include:
Server distribution module for sending server assignment request to HSS, and receives the server assignment response of HSS feedbacks, User data is carried in the server assignment response;
Re-register asks judgment module, and whether first re-register or de-registration request for judging to receive are re-register Request if so, preserving user data and the authentication vector, and sends re-register response message to UE;If it is not, then deleting institute User data is stated, is sent to UE and nullifies response message.
7. device according to claim 5, which is characterized in that further include:
Authentication vector removing module, if being carried with the Article 2 re-register or de-registration request for calculating the response obtained Response it is inconsistent, then delete the authentication vector, and authentication errored response is sent to UE.
8. device according to claim 5, which is characterized in that the register and authentication module includes:
First registration request receiving unit, first registration request for receiving UE transmissions, and to UE feedbacks comprising described The response message of authentication vector;
Article 2 registration request receiving unit, the Article 2 registration request for receiving UE transmissions, the Article 2 registration request In carry response, random field value, private user identity in the header field that the response passes through the response message and Cipher key calculation obtains;
Response comparing unit for calculating response according to random field value and authentication vector, and compares the sound for calculating and obtaining The response that should be worth and be carried in the Article 2 registration request;According to comparison result determine with UE carry out register and authentication whether at Work(.
CN201510110072.6A 2015-03-12 2015-03-12 A kind of method for authenticating and device Active CN104735664B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510110072.6A CN104735664B (en) 2015-03-12 2015-03-12 A kind of method for authenticating and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510110072.6A CN104735664B (en) 2015-03-12 2015-03-12 A kind of method for authenticating and device

Publications (2)

Publication Number Publication Date
CN104735664A CN104735664A (en) 2015-06-24
CN104735664B true CN104735664B (en) 2018-08-03

Family

ID=53459006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510110072.6A Active CN104735664B (en) 2015-03-12 2015-03-12 A kind of method for authenticating and device

Country Status (1)

Country Link
CN (1) CN104735664B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020215230A1 (en) * 2019-04-24 2020-10-29 Telefonaktiebolaget Lm Ericsson (Publ) Network node and method performed therein for controlling transmission
CN112953718B (en) * 2019-11-26 2024-05-28 中国移动通信集团安徽有限公司 Authentication method and device for IMS network user and call session control function entity

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801815A (en) * 2005-08-08 2006-07-12 华为技术有限公司 Method for realizing initial Internet protocol multimedia subsystem registration
CN101155096A (en) * 2006-09-30 2008-04-02 西门子公司 Registration method and system
CN101931923A (en) * 2009-06-26 2010-12-29 中兴通讯股份有限公司 Method for user registration of IP multimedia subsystem network and service fulfillment system
CN103037501A (en) * 2011-09-30 2013-04-10 中国移动通信集团河南有限公司 Registration method, device and system of internet protocol multimedia subsystem terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801815A (en) * 2005-08-08 2006-07-12 华为技术有限公司 Method for realizing initial Internet protocol multimedia subsystem registration
CN101155096A (en) * 2006-09-30 2008-04-02 西门子公司 Registration method and system
CN101931923A (en) * 2009-06-26 2010-12-29 中兴通讯股份有限公司 Method for user registration of IP multimedia subsystem network and service fulfillment system
CN103037501A (en) * 2011-09-30 2013-04-10 中国移动通信集团河南有限公司 Registration method, device and system of internet protocol multimedia subsystem terminal

Also Published As

Publication number Publication date
CN104735664A (en) 2015-06-24

Similar Documents

Publication Publication Date Title
US8880873B2 (en) Method, system and device for authenticating cardless terminal using application server
US8613058B2 (en) Systems, methods and computer program products for providing additional authentication beyond user equipment authentication in an IMS network
CN105141636B (en) Suitable for the HTTP safety communicating methods and system of CDN value-added service platforms
CN102196426B (en) Method, device and system for accessing IMS (IP multimedia subsystem) network
US8959343B2 (en) Authentication system, method and device
CN106507348B (en) The method and apparatus of UE access core net EPC in a kind of LTE system
CN104426656B (en) Data receiving-transmitting method and system, the processing method and processing device of message
CN101877850A (en) Access authentication method and device
CN106101078B (en) A kind of IP multimedia subsystem, terminal and service implementation method
CN107493293A (en) A kind of method of sip terminal access authentication
WO2019114320A1 (en) Ims user registration method and device
US20040043756A1 (en) Method and system for authentication in IP multimedia core network system (IMS)
CN104735664B (en) A kind of method for authenticating and device
CN102111379B (en) Authentication system, method and device
CN109120408A (en) For authenticating the methods, devices and systems of user identity
CN101227474A (en) Method for identifying authority of conversation initialized protocol user in soft switching network
CN109982319A (en) User authentication method, device, system, node, server and storage medium
Huang et al. One-pass authentication and key agreement procedure in IP multimedia subsystem for UMTS
CN102694779A (en) Combination authentication system and authentication method
US8181030B2 (en) Bundle authentication system and method
US8683034B2 (en) Systems, methods and computer program products for coordinated session termination in an IMS network
CN108668274A (en) A kind of method and device for realizing VoLTE IMS registrations
CN102082769B (en) System, devices and method for authenticating IMS (IP multimedia subsystem) terminal during obtaining non-IMS services
Vrakas et al. Evaluating the security and privacy protection level of IP multimedia subsystem environments
CN1953371A (en) A method for authentication aiming at the client or agent of free enabled

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant