CN104735664B - A kind of method for authenticating and device - Google Patents
A kind of method for authenticating and device Download PDFInfo
- Publication number
- CN104735664B CN104735664B CN201510110072.6A CN201510110072A CN104735664B CN 104735664 B CN104735664 B CN 104735664B CN 201510110072 A CN201510110072 A CN 201510110072A CN 104735664 B CN104735664 B CN 104735664B
- Authority
- CN
- China
- Prior art keywords
- response
- register
- authentication
- registration request
- cscf
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides a kind of method for authenticating and device, the method includes:S CSCF receive the registration request that UE is sent, and register and authentication is carried out with HSS;If register and authentication success, S CSCF preserve authentication vector;S CSCF receive the re-register or de-registration request that UE is sent, and judge whether preserve authentication vector in S CSCF, if preserving authentication vector, carry out re-register or nullify to authenticate to UE according to authentication vector.Method and device disclosed by the invention, S CSCF receive the registration request that UE is sent, if register and authentication success, S CSCF preserve authentication vector and user data;When S CSCF receive the re-register or de-registration request that UE is sent, if S CSCF preserve authentication vector, then UE is carried out re-register or nullified to authenticate according to authentication vector, acquisition authentication vector need not be interacted with HSS again, to improve re-register or nullify the efficiency of authentication.
Description
Technical field
The present invention relates to the communications fields, more particularly to a kind of method for authenticating and device.
Background technology
IMS (IP Multimedia Subsystem, IP multimedia subsystem) can provide completely new multimedia service shape
Formula can meet user to multimedia service more novelization and more diversified demand.
The network element entity of IMS includes:UE (User Equipment, user terminal), S-CSCF (Serving Call
Session Control Function, service call conversation control function) and HSS (Home Subscriber Server, return
Possession user service).Wherein, S-CSCF is the core in IMS, be responsible for the registration of user terminal, authentication, business triggering and
Conversation control function, HSS are the servers that user and server relevant information are stored in IMS.In order to ensure the peace of user account
Entirely, user terminal is before running multimedia service, and IMS needs to authenticate user terminal requests, including to user terminal
Registration, re-register and nullify behavior authenticated.If being carried in REGISTER (registration) requests that user terminal is sent
Authorization header fields, and the integrity-protected parameters in header field be tls-pending, tls-yes,
Ip-assoc-pending, ip-assoc-yes or auth-done;Or it is carried in REGISTER message
Authorization header fields, but integrity-protected parameters are not carried in header field, and the user of HSS allocation is whole
The authentication pattern at end is Digest patterns, then the authentication pattern of user terminal is Digest patterns.
Currently, IMS be based on 3GPPTS24.229 agreements (the IP multimedia calls control protocol based on SIP and SDP) to
Registration, re-register or the de-registration request that family terminal is sent carry out Digest pattern authentications, interactive process such as Fig. 1 institutes of the authentication
Show, the interactive process of the authentication includes:
First, S-CSCF receives first registration, re-register or the de-registration request that user terminal is sent, and sends MAR
(Multimedia authorization request, multimedia authentication request) arrives HSS;Then, HSS receives MAR, to S-
CSCF replys MAA (Multimedia authorization answer, multimedia authentication response), and S-CSCF receives MAA, and
Authentication vector is obtained, sends 401 (unauthorized) response messages to user terminal;Finally, S-CSCF receives subsequent registration, re-register
Or de-registration request, it is authenticated according to the response of the Authorization header fields in subsequent request, after authenticating successfully,
S-CSCF sends server assignment request to HSS, and receives the server assignment response of HSS feedbacks, is then sent out to user terminal
200OK is sent, to complete registration, re-register or the log off procedure of user terminal.
Since agreement provides, when authentication mode is Digest modes, one group of authentication vector can only be downloaded, so user is whole
When end needs authentication every time during using multimedia service, S-CSCF will be interacted with HSS, to obtain authentication vector progress
Authentication causes to authenticate inefficiency.
Invention content
The present invention provides a kind of method for authenticating and device, authentication efficiency when improving re-register and nullify.
On the one hand, the present invention provides a kind of method for authenticating, including:
Service call conversation control function S-CSCF receives the registration request that user terminal UE is sent, and is taken with ownership place user
Business HSS carries out register and authentication;If register and authentication success, S-CSCF preserve authentication vector;
S-CSCF receives the re-register or de-registration request that UE is sent, judge whether to preserve in S-CSCF it is described authenticate to
Amount carries out re-register or nullifies to authenticate according to the authentication vector if preserving the authentication vector to UE.
On the other hand, the present invention provides a kind of authentication devices, including:
Register and authentication module, the registration request sent for receiving user terminal UE, carries out with ownership place user service HSS
Register and authentication;If register and authentication success, preserves authentication vector;
Re-register or de-registration request authentication module, re-register or de-registration request for receiving UE transmissions, judge whether to protect
There is the authentication vector, if preserving the authentication vector, re-register or cancellation are carried out to UE according to the authentication vector
Authentication.
Compared with prior art, technical solution provided by the invention has the following advantages:
Service call conversation control function S-CSCF receives the registration request that user terminal UE is sent, and is taken with ownership place user
Business HSS carries out register and authentication;If register and authentication success, S-CSCF preserve authentication vector and user data;When S-CSCF is received
The re-register or de-registration request that UE is sent carry out re-register according to authentication vector if S-CSCF preserves authentication vector to UE
Or authentication is nullified, acquisition authentication vector need not be interacted with HSS again, to improve re-register or nullify the effect of authentication
Rate.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is the interactive process schematic diagram authenticated in the prior art;
Fig. 2 is a kind of flow diagram of method for authenticating provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another method for authenticating provided in an embodiment of the present invention;
Fig. 4 is the flow diagram of another method for authenticating provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of authentication device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of another authentication device provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Embodiment one
An embodiment of the present invention provides a kind of method for authenticating, be suitable for UE (User Equipment, user terminal) into
In the case of row service authentication, as shown in Fig. 2, the method for authenticating includes the following steps S201-S202.
Step S201, S-CSCF (Serving Call Session Control Function, service call session control
Function processed) registration request that UE is sent is received, it is carried out with HSS (Home Subscriber Server, ownership place user service)
Register and authentication;If register and authentication success, S-CSCF preserve authentication vector.
In this step, after S-CSCF receives UE transmission registration requests, MAR (Multimedia are carried out with HSS
Authorization request, multimedia authentication request) and/MAA (Multimedia authorization answer, it is more
Media authentication response) interaction, authentication vector H (A1) is obtained from the MAA that HSS is fed back.The authentication vector can be HSS foundations
PVI (Private user identity, private user identity), key and realm values, which calculate, to be obtained, and is filled into MAA anti-
Feed S-CSCF.If register and authentication success, preserves authentication vector, to carry out follow-up process in the free memory of S-CSCF
In need not carry out MAR/MAA with HSS again and interact and be obtained with authentication vector.Authentication vector generally only 32 bytes, occupy
Amount of ram is seldom, therefore need not extend existing S-CSCF amount of ram.If authentication is unsuccessful, authentication vector is not preserved.
The re-register or de-registration request that step S202, S-CSCF reception UE is sent, judge mirror whether is preserved in S-CSCF
Weight vector carries out re-register or nullifies to authenticate according to authentication vector if preserving authentication vector to UE.
In this step, S-CSCF receive UE send re-register or de-registration request, if preserved in S-CSCF authentication to
Amount then need not carry out MAR/MAA interactions with HSS, directly can carry out re-register or nullify to authenticate to UE;If not protected in S-CSCF
Authentication vector is deposited, then S-CSCF need to be interacted with HSS progress MAR/MAA to obtain MAA, and authentication vector is obtained from MAA, then right
UE carries out re-register or nullifies authentication.
A kind of method for authenticating provided through the embodiment of the present invention, service call conversation control function S-CSCF receive user
The registration request that terminal UE is sent carries out register and authentication with ownership place user service HSS;If register and authentication success, S-CSCF
Preserve authentication vector and user data;When the re-register or de-registration request that S-CSCF receptions UE is sent, if S-CSCF preserves mirror
Weight vector then carries out re-register or nullifies to authenticate according to authentication vector to UE, need not interact and obtain with HSS progress MAR/MAA again
Authentication vector is taken, to improve re-register or nullify the efficiency of authentication.
Embodiment two
An embodiment of the present invention provides a kind of method for authenticating, are applicable to the feelings that S-CSCF carries out UE registration service authentication
Under condition, as shown in figure 3, specifically including following steps S301-S306:
Step S301, S-CSCF receive first registration request that UE is sent, and multimedia authentication request MAR is sent to HSS,
And receive the multimedia authentication response MAA of HSS feedbacks.
In this step, HSS is obtained after the MAR for receiving S-CSCF transmissions according to PVI, key and the calculating of realm values
Authentication vector is obtained, and authentication vector is filled into MAA and feeds back to S-CSCF.
Step S302, S-CSCF obtain authentication vector from MAA, and include the response message of authentication vector to UE feedbacks.
In this step, S-CSCF extracts the authentication vector in MAA, and generates random field value (nonce), will authenticate to
Amount and random field value are filled into response message, and will include that the response message of authentication vector and random field value is sent to
UE, the response message can be 401 response messages.
Step S303, S-CSCF receive the Article 2 registration request that UE is sent, wherein are carried in Article 2 registration request
Response, random field value, private user identity and cipher key calculation in the header field that response passes through response message obtain.
In this step, it after UE receives the response message including authentication vector that S-CSCF is sent, is sent out to S-CSCF
Send Article 2 registration request.S-CSCF receives the Article 2 registration request that UE is sent, specifically, Article 2 registration request
Authorization header field response fields include response, response be UE according to random field value, private user identity and
The response that cipher key calculation goes out, random field value be include authentication vector response message in www-authenticate heads
The random field value in domain.
Step S304, S-CSCF calculate response according to random field value and authentication vector, and compare the sound for calculating and obtaining
It should be worth whether consistent with the response carried in Article 2 registration request;Determine that S-CSCF is registered with UE according to comparison result
Whether authentication succeeds.
In this step, S-CSCF can calculate response according to Message Digest Algorithm 5 MD5 algorithms, and compare
Calculate the response in the response and Article 2 registration request obtained;If consistent, register and authentication success, and execute step
S305.If inconsistent, register and authentication failure executes step S306.
Step S305, S-CSCF send server assignment request to HSS, and receive the server assignment response of HSS feedbacks,
Wherein, user data is carried in server assignment response;S-CSCF preserves user data and authentication vector, sends and registers to UE
Success response.
In this step, response of succeeding in registration can be 200OK responses.
Step S306, S-CSCF send failed authentication response message to UE.
In this step, failed authentication message can be 403 response messages.
A kind of method for authenticating provided through the embodiment of the present invention, after S-CSCF receives first login request message,
In order to ensure that the safety of registration process, S-CSCF are initiated MAR to HSS for the user, after the MAA for receiving HSS replies, obtained
The authentication vector in MAA is taken, and authentication vector is filled into 401 responses, then sends 401 responses to UE.UE is according to 401 sound
Random field value, private user identity and the cipher key calculation response values of www-authenticate header fields in answering, and will
The response fields of the authorization header fields of the response filling Article 2 registration request of calculating, after S-CSCF is received
The response that response and terminal are sent can be calculated according to MD5 algorithms to be compared.If compared successfully, authenticate successfully into
Row subsequent server distribution request/server assignment response flow preserves the authentication vector in user data and MAA to locally;
If comparing failure, failed authentication sends 403 responses to registration failure, to UE.
Embodiment three
An embodiment of the present invention provides a kind of method for authenticating, are applicable to S-CSCF and carry out re-register or logout service to UE
In the case of authentication, as shown in figure 4, specifically including following steps S401-S411:
Step S401, S-CSCF receive first re-register or de-registration request that UE is sent.
Step S402 judges whether preserve authentication vector in S-CSCF;If not preserving authentication vector, then follow the steps
S403;If preserving authentication vector, S404 is thened follow the steps.
Step S403, S-CSCF and HSS carry out MAR/MAA and interact to obtain authentication vector.
Step S404, S-CSCF to UE feedback include authentication vector response message.
Step S405, S-CSCF receive the Article 2 re-register or de-registration request that UE is sent, wherein Article 2 re-register or
Response is carried in de-registration request, random field value, private user identity in the header field that response passes through response message and
Cipher key calculation obtains.
In this step, S-CSCF receives the Article 2 re-register or de-registration request that UE is sent, Article 2 re-register or note
The authorization header field response fields of pin request include response, and response is UE according to random field value, privately owned use
Family identify and cipher key calculation response, random field value be include authentication vector response message in www-
The random field value of authenticate header fields, the response message can be 401 response messages.
Step S406, S-CSCF calculate response according to random field value and authentication vector, will calculate the response obtained
It is compared with the response carried in Article 2 re-register or de-registration request, if unanimously, re-register or cancellation are sent to UE
Authentication successful message.
In this step, S-CSCF can according to random field value, authentication vector, NonceCount, CNonce, Qop,
Method, URI (Uniform Resource Identifier, uniform resource identifier) calculate response with MD5 algorithms, and
The response obtained will be calculated to be compared with the response carried in Article 2 re-register or de-registration request, if inconsistent,
Execute step S407;If consistent, send re-register to UE or nullify authentication successful message, and execute step S408;.
Step S407, S-CSCF deletes authentication vector, and sends authentication errored response to UE.
In this step, S-CSCF sends re-register to US or nullifies failed authentication message, the re-register or cancellation authentication
Failed message can be 403 message.
Step S408, S-CSCF send server assignment request to HSS, and receive the server assignment response of HSS feedbacks,
Wherein, user data is carried in server assignment response.
In this step, user data can be the data such as contact address, public user identity and private user identity.
Step S409, S-CSCF judge whether first re-register received or de-registration request attach most importance to registration request, if
It is to then follow the steps S410;If it is not, thening follow the steps S411.
Step S410, S-CSCF preserves user data, and sends re-register to UE and respond success message.
In this step, if not preserving authentication vector in S-CSCF, authentication vector can also be preserved, so as in subsequent authentication
In the process, it need not be interacted with HSS progress MAR/MAA and be obtained with authentication vector.If preserving authentication vector in S-CSCF,
It need not then repeat to preserve.It can be re-register 200OK message that S-CSCF sends re-register response success message to UE.
Step S411, S-CSCF delete user data, are sent to UE and nullify response success message.
In this step, it can be to nullify 200OK message that S-CSCF, which sends to UE and nullifies response success message,.
A kind of method for authenticating provided through the embodiment of the present invention, S-CSCF receive first re-register or de-registration request
After message, if local have authentication vector, authentication vector is obtained from local, MAR/MAA interactions need not be carried out with HSS again
Obtain authentication vector;Otherwise, S-CSCF sends MAR requests to HSS, after the MAA responses for receiving HSS transmissions, obtains authentication vector,
And authentication vector is filled into 401 response messages, then sends 401 response messages to UE.UE is according in 401 responses
The random field values of www-authenticate header fields calculates response, and by the response of calculating insert Article 2 re-register or
The response value field of the authorization header fields of de-registration request, S-CSCF can calculate response after receiving according to MD5 algorithms,
It is compared with the UE responses sent.If compared successfully, success is authenticated, carries out follow-up SAR/SAA flows.When business is
When re-register, the authentication vector in user data and MAA message is preserved to locally, the 200OK of re-register is sent to UE, works as business
When to nullify, user data is deleted, the 200OK nullified is sent to terminal;If comparing failure, failed authentication, before deletion
The authentication vector locally preserved sends 403 response messages to terminal
Example IV
An embodiment of the present invention provides a kind of authentication device, in the case of being suitable for carrying out service authentication to UE, such as Fig. 5 institutes
Show, which specifically includes:Register and authentication module 51 and re-register or de-registration request authentication module 52.Wherein, registration mirror
Module 51 is weighed, the registration request sent for receiving user terminal UE carries out register and authentication with ownership place user service HSS;If
Register and authentication success, then preserve authentication vector;Re-register or de-registration request authentication module 52, the re-register for receiving UE transmissions
Or de-registration request, judge it is no preserve authentication vector, if preserving authentication vector, according to authentication vector to UE carry out re-register
Or nullify authentication.
In register and authentication module 51, after receiving UE transmission registration requests, MAR/MAA interactions are carried out with HSS, in HSS
Authentication vector is obtained in the MAA of feedback.The authentication vector can be that HSS calculates acquisition according to PVI, key and realm values.If note
Volume authenticates successfully, then authentication vector is preserved in free memory, to carry out that MAR/ need not be carried out with HSS again in follow-up process
MAA interactions are obtained with authentication vector.Authentication vector generally only 32 bytes, committed memory amount is seldom, therefore need not expand
Showing has amount of ram.If authentication is unsuccessful, authentication vector is not preserved.
In re-register or de-registration request authentication module 52, re-register or de-registration request that UE is sent are received, if preserving
Authentication vector then need not carry out MAR/MAA interactions with HSS, directly carry out re-register or nullify to authenticate to UE;If not preserving authentication
Vector then needs to interact to obtain MAA with HSS progress MAR/MAA, and obtains authentication vector from MAA, then carries out re-register to UE
Or nullify authentication.
A kind of authentication device provided through the embodiment of the present invention receives the registration request that UE is sent, with ownership place user
It services HSS and carries out register and authentication;If register and authentication success, preserves authentication vector and user data;When the weight for receiving UE transmissions
Registration or de-registration request carry out re-register or nullify to authenticate, not need according to authentication vector if preserving authentication vector to UE
MAR/MAA is carried out with HSS again and interacts acquisition authentication vector, to improve re-register or nullify the efficiency of authentication.
Embodiment five
An embodiment of the present invention provides a kind of authentication device, it is applicable to register UE, re-register and logout service
In the case of authentication, as shown in fig. 6, the authentication device includes:Register and authentication module 61, re-register or de-registration request authentication module
62, server distribution module 63, re-register request judgment module 64 and authentication vector removing module 65.Register and authentication module 61 is wrapped
It includes:First registration request receiving unit 611, Article 2 registration request receiving unit 612 and response comparing unit 613.Weight
Registration or de-registration request authentication module 62 include:First re-register or de-registration request receiving unit 621, Article 2 re-register or
De-registration request receiving unit 622 and response computing unit 623.
Preferably, first registration request receiving unit 611, first registration request for receiving UE transmissions, and to
UE feeds back the response message for including authentication vector;Article 2 registration request receiving unit 612, the Article 2 for receiving UE transmissions
Registration request carries response in Article 2 registration request, random field value in the header field that response passes through response message,
Private user identity and cipher key calculation obtain;Response comparing unit 613, for being calculated according to random field value and authentication vector
Response, and compare the response for calculating the response obtained and being carried in Article 2 registration request, if unanimously, register and authentication
Success.
First re-register or de-registration request receiving unit 621, first re-register for receiving UE transmissions or cancellation
Request, and judge whether to preserve authentication vector, include the response of authentication vector to UE feedbacks if preserving authentication vector
Message;Article 2 re-register or de-registration request receiving unit 622, Article 2 re-register or cancellation for receiving UE transmissions are asked
It asks, response is carried in Article 2 re-register or de-registration request, the random field in the header field that response passes through response message
Value, private user identity and cipher key calculation obtain;Response computing unit 623, for according to random field value and authentication vector
Response is calculated, the response obtained will be calculated and be compared with the response carried in Article 2 re-register or de-registration request,
If consistent, send re-register to UE or nullify authentication successful message.
Server distribution module 63, for sending user data requests to HSS, and the user data for receiving HSS feedbacks is rung
It answers, user data is carried in user data response;
Re-register asks judgment module 64, and whether Article 2 re-register or registration request for judging to receive are re-injection
Volume request if so, preserving user data and authentication vector, and sends re-register response message to UE;If it is not, then deleting user
Data send to UE and nullify response message.
Authentication vector removing module 65, if being taken with Article 2 re-register or de-registration request for calculating the response obtained
The response of band is inconsistent, then deletes authentication vector, and send authentication errored response to UE.
In first registration request receiving unit 611, HSS is after receiving MAR, according to PVI, key and realm
Value calculates acquisition authentication vector, and HSS and feedback include the MAA of authentication vector.First registration request receiving unit 611 extracts
Authentication vector in MAA, authentication vector is filled into response message, and will include that the response message of authentication vector is sent to
UE.Wherein, response message can be 401 response messages.
In Article 2 registration request receiving unit 612, after UE receives the response message including authentication vector, send
Article 2 registration request.Article 2 registration request receiving unit 612 receives the Article 2 registration request that UE is sent, specifically, the
The authorization header field response fields of two registration requests include response, response be UE according to random field value,
The response that private user identity and cipher key calculation go out, random field value be include authentication vector response message in www-
The random field value of authenticate header fields.
In response comparing unit 613, response is calculated according to random field value and authentication vector, and compare calculating and obtain
Whether the response carried in the response and Article 2 registration request that obtain is consistent;It is determined according to comparison result and is registered with UE
Whether authentication succeeds.
In first re-register or de-registration request receiving unit 621, if not preserving authentication vector, carried out with HSS
MAR/MAA is interacted to obtain authentication vector;If preserving authentication vector, disappear to the response that UE feedbacks include authentication vector
Breath.
In Article 2 re-register or de-registration request receiving unit 622, the Article 2 re-register or cancellation that UE is sent are received
The authorization header field response fields of request, Article 2 re-register or de-registration request include response, response UE
According to random field value, private user identity and cipher key calculation response, random field value is the response for including authentication vector
The random field value of www-authenticate header fields in message, the response message can be 401 response messages.
In response computing unit 623, can according to random field value, authentication vector, NonceCount, CNonce,
Qop, method, URI (Uniform Resource Identifier, uniform resource identifier) are calculated with MD5 algorithms and are responded
Value, and be compared the response obtained is calculated with the response carried in Article 2 re-register or de-registration request, if unanimously,
Then re-register is sent to UE or nullify authentication successful message, if inconsistent, send re-register to UE or cancellation failed authentication disappears
Breath, the re-register or cancellation failed authentication message can be 403 message.
In server distribution module 63, user data can be contact address, public user identity and privately owned user mark
The data such as knowledge.
A kind of authentication device provided through the embodiment of the present invention receives the registration request that UE is sent, with ownership place user
It services HSS and carries out register and authentication;If register and authentication success, preserves authentication vector and user data;When the weight for receiving UE transmissions
Registration or de-registration request carry out re-register or nullify to authenticate, not need according to authentication vector if preserving authentication vector to UE
MAR/MAA is carried out with HSS again and interacts acquisition authentication vector, to improve re-register or nullify the efficiency of authentication.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiment, the same or similar parts between the embodiments can be referred to each other.For system embodiment
For, since it is basically similar to the method embodiment, so description is fairly simple, referring to the portion of embodiment of the method in place of correlation
It defends oneself bright.
It above to a kind of method for authenticating provided by the present invention and device, is described in detail, tool used herein
Principle and implementation of the present invention are described for body example, and the explanation of above example is only intended to help to understand this hair
Bright method and its core concept;Meanwhile for those of ordinary skill in the art, according to the thought of the present invention, specific real
There will be changes in mode and application range are applied, to sum up, the content of the present specification should not be construed as limiting the invention.
Claims (8)
1. a kind of method for authenticating, which is characterized in that including:
Service call conversation control function S-CSCF receives the registration request that user terminal UE is sent, with ownership place user service
HSS carries out register and authentication;If register and authentication success, S-CSCF preserve authentication vector;
S-CSCF receives first re-register or de-registration request that UE is sent, judge whether to preserve in S-CSCF it is described authenticate to
Amount includes the response message of the authentication vector to UE feedbacks if preserving the authentication vector;
S-CSCF receives the Article 2 re-register or de-registration request that UE is sent, wherein the Article 2 re-register or de-registration request
In carry response, random field value, private user identity in the header field that the response passes through the response message and
Cipher key calculation obtains;
S-CSCF calculates response according to random field value and the authentication vector, will calculate the response and described second obtained
The response carried in re-register or de-registration request is compared, if unanimously, send re-register to UE or nullify authentication at
Work(message.
2. according to the method described in claim 1, it is characterized in that, the response obtained and the Article 2 will be calculated described
After the response carried in re-register or de-registration request is compared, further include:
S-CSCF sends server assignment request to HSS, and receives the server assignment response of HSS feedbacks, wherein the service
User data is carried in device assignment response;
S-CSCF judges whether first re-register for receiving or de-registration request attach most importance to registration request, if so, preserving
The user data and the authentication vector, and send re-register to UE and respond success message;
If it is not, then deleting the user data, is sent to UE and nullify response success message.
3. according to the method described in claim 1, it is characterized in that, further including:
If calculating the response obtained and the response carried in the Article 2 re-register or de-registration request being inconsistent, S-
CSCF deletes the authentication vector, and sends authentication errored response to UE.
4. according to the method described in claim 1, it is characterized in that, the service call conversation control function S-CSCF receives use
The registration request that family terminal UE is sent, carrying out register and authentication with ownership place user service HSS includes:
S-CSCF receives first registration request that UE is sent, and multimedia authentication request MAR is sent to HSS, and receives HSS feedbacks
Multimedia authentication response MAA;
S-CSCF obtains authentication vector from MAA, and includes the response message of the authentication vector to UE feedbacks;
S-CSCF receives the Article 2 registration request that UE is sent, wherein carries response in the Article 2 registration request, institute
Random field value, private user identity and the cipher key calculation stated in the header field that response passes through the response message obtain;
S-CSCF calculates response according to random field value and the authentication vector, and compares and calculate the response obtained and described
Whether the response carried in Article 2 registration request is consistent;Determine that S-CSCF and UE carries out register and authentication and is according to comparison result
No success.
5. a kind of authentication device, which is characterized in that including:
Register and authentication module, the registration request sent for receiving user terminal UE, is registered with ownership place user service HSS
Authentication;If register and authentication success, preserves authentication vector;
First re-register or de-registration request receiving unit, first re-register or de-registration request for receiving UE transmissions, and
Judge whether to preserve the authentication vector, includes the authentication vector to UE feedbacks if preserving the authentication vector
Response message;
Article 2 re-register or de-registration request receiving unit, Article 2 re-register or de-registration request for receiving UE transmissions, institute
State and carry response in Article 2 re-register or de-registration request, in the header field that the response passes through the response message with
Machine field value, private user identity and cipher key calculation obtain;
Response computing unit will calculate the sound obtained for calculating response according to random field value and the authentication vector
It should be worth and be compared with the response carried in the Article 2 re-register or de-registration request, if unanimously, re-injection is sent to UE
Volume nullifies authentication successful message.
6. device according to claim 5, which is characterized in that further include:
Server distribution module for sending server assignment request to HSS, and receives the server assignment response of HSS feedbacks,
User data is carried in the server assignment response;
Re-register asks judgment module, and whether first re-register or de-registration request for judging to receive are re-register
Request if so, preserving user data and the authentication vector, and sends re-register response message to UE;If it is not, then deleting institute
User data is stated, is sent to UE and nullifies response message.
7. device according to claim 5, which is characterized in that further include:
Authentication vector removing module, if being carried with the Article 2 re-register or de-registration request for calculating the response obtained
Response it is inconsistent, then delete the authentication vector, and authentication errored response is sent to UE.
8. device according to claim 5, which is characterized in that the register and authentication module includes:
First registration request receiving unit, first registration request for receiving UE transmissions, and to UE feedbacks comprising described
The response message of authentication vector;
Article 2 registration request receiving unit, the Article 2 registration request for receiving UE transmissions, the Article 2 registration request
In carry response, random field value, private user identity in the header field that the response passes through the response message and
Cipher key calculation obtains;
Response comparing unit for calculating response according to random field value and authentication vector, and compares the sound for calculating and obtaining
The response that should be worth and be carried in the Article 2 registration request;According to comparison result determine with UE carry out register and authentication whether at
Work(.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510110072.6A CN104735664B (en) | 2015-03-12 | 2015-03-12 | A kind of method for authenticating and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510110072.6A CN104735664B (en) | 2015-03-12 | 2015-03-12 | A kind of method for authenticating and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104735664A CN104735664A (en) | 2015-06-24 |
CN104735664B true CN104735664B (en) | 2018-08-03 |
Family
ID=53459006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510110072.6A Active CN104735664B (en) | 2015-03-12 | 2015-03-12 | A kind of method for authenticating and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104735664B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020215230A1 (en) * | 2019-04-24 | 2020-10-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Network node and method performed therein for controlling transmission |
CN112953718B (en) * | 2019-11-26 | 2024-05-28 | 中国移动通信集团安徽有限公司 | Authentication method and device for IMS network user and call session control function entity |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801815A (en) * | 2005-08-08 | 2006-07-12 | 华为技术有限公司 | Method for realizing initial Internet protocol multimedia subsystem registration |
CN101155096A (en) * | 2006-09-30 | 2008-04-02 | 西门子公司 | Registration method and system |
CN101931923A (en) * | 2009-06-26 | 2010-12-29 | 中兴通讯股份有限公司 | Method for user registration of IP multimedia subsystem network and service fulfillment system |
CN103037501A (en) * | 2011-09-30 | 2013-04-10 | 中国移动通信集团河南有限公司 | Registration method, device and system of internet protocol multimedia subsystem terminal |
-
2015
- 2015-03-12 CN CN201510110072.6A patent/CN104735664B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801815A (en) * | 2005-08-08 | 2006-07-12 | 华为技术有限公司 | Method for realizing initial Internet protocol multimedia subsystem registration |
CN101155096A (en) * | 2006-09-30 | 2008-04-02 | 西门子公司 | Registration method and system |
CN101931923A (en) * | 2009-06-26 | 2010-12-29 | 中兴通讯股份有限公司 | Method for user registration of IP multimedia subsystem network and service fulfillment system |
CN103037501A (en) * | 2011-09-30 | 2013-04-10 | 中国移动通信集团河南有限公司 | Registration method, device and system of internet protocol multimedia subsystem terminal |
Also Published As
Publication number | Publication date |
---|---|
CN104735664A (en) | 2015-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8880873B2 (en) | Method, system and device for authenticating cardless terminal using application server | |
US8613058B2 (en) | Systems, methods and computer program products for providing additional authentication beyond user equipment authentication in an IMS network | |
CN105141636B (en) | Suitable for the HTTP safety communicating methods and system of CDN value-added service platforms | |
CN102196426B (en) | Method, device and system for accessing IMS (IP multimedia subsystem) network | |
US8959343B2 (en) | Authentication system, method and device | |
CN106507348B (en) | The method and apparatus of UE access core net EPC in a kind of LTE system | |
CN104426656B (en) | Data receiving-transmitting method and system, the processing method and processing device of message | |
CN101877850A (en) | Access authentication method and device | |
CN106101078B (en) | A kind of IP multimedia subsystem, terminal and service implementation method | |
CN107493293A (en) | A kind of method of sip terminal access authentication | |
WO2019114320A1 (en) | Ims user registration method and device | |
US20040043756A1 (en) | Method and system for authentication in IP multimedia core network system (IMS) | |
CN104735664B (en) | A kind of method for authenticating and device | |
CN102111379B (en) | Authentication system, method and device | |
CN109120408A (en) | For authenticating the methods, devices and systems of user identity | |
CN101227474A (en) | Method for identifying authority of conversation initialized protocol user in soft switching network | |
CN109982319A (en) | User authentication method, device, system, node, server and storage medium | |
Huang et al. | One-pass authentication and key agreement procedure in IP multimedia subsystem for UMTS | |
CN102694779A (en) | Combination authentication system and authentication method | |
US8181030B2 (en) | Bundle authentication system and method | |
US8683034B2 (en) | Systems, methods and computer program products for coordinated session termination in an IMS network | |
CN108668274A (en) | A kind of method and device for realizing VoLTE IMS registrations | |
CN102082769B (en) | System, devices and method for authenticating IMS (IP multimedia subsystem) terminal during obtaining non-IMS services | |
Vrakas et al. | Evaluating the security and privacy protection level of IP multimedia subsystem environments | |
CN1953371A (en) | A method for authentication aiming at the client or agent of free enabled |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |