CN100369430C - A protection method for access security of IP multimedia subsystem - Google Patents
A protection method for access security of IP multimedia subsystem Download PDFInfo
- Publication number
- CN100369430C CN100369430C CNB2005100775561A CN200510077556A CN100369430C CN 100369430 C CN100369430 C CN 100369430C CN B2005100775561 A CNB2005100775561 A CN B2005100775561A CN 200510077556 A CN200510077556 A CN 200510077556A CN 100369430 C CN100369430 C CN 100369430C
- Authority
- CN
- China
- Prior art keywords
- cscf
- message
- sign
- security mechanism
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention discloses a protection method for the access security of an IP multimedia subsystem, which uses a sharing cipher key formed by a negotiation between a UE and a P-CSCF in the registering process of the UE, and then, a safe communication channel is arranged on the basis of the sharing cipher key. The safe communication channel is used for ensuring the safe transmission of an IMS signal between the UE and the P-CSCF, and the protected IMS signal can transparently penetrate an NAT. The present invention utilizes the sharing cipher key formed by a negotiation between the UE and the P-CSCF in the registering process of the UE in order to bind the registering process of the UE, the negotiation of the safe communication channel and a data encrypting process together, and the strong two-way identification between the UE and the P-CSCF is ensured. The present invention can be not only used for ensuring the safety of IMS access, but also can ensure the protected IMS signal can penetrate the NAT, the problem of poor two-way identification in the existing project is overcome, and an attacker can not attack an intermediator.
Description
Technical field
The present invention relates to the security fields of communication system, specifically, the present invention relates to the guard method of IMS (IP Multimedia System) access security.
Background technology
IMS is the subsystem of the support IP multimedia service that proposes in the Release5 version of 3GPP2, it can provide the core net functional entity of multimedia service to form by all, comprised the set of the functional entity that signaling is relevant with carrying, these functional entitys relate to CSCF (CSCF), MGCF (MGCF), MRF (media resource function) and HSS (home signature user server) etc.IMS is based on SIP (Session initiation Protocol) system, and SIP is the text based signaling protocol by client/server approach work, and IMS uses SIP to call out controlling mechanism various types of multimedia services of creating, manage and terminate.Except being the core with SIP, IMS has adaptability widely to various IMS access technologies, and IMS can support the mobile access way of 2G, 3G at present, and IMS also can support other access way in the future, inserts as fixing access, WLAN etc.IMS not only provides abundant next generation multimedia business and telephone service, help operator to enter high-end user market fast, and, develop new business of future generation fast, neatly for it open platform is provided for the business development merchant provides open environment able to programme.
In order to guarantee the safety of IMS system, IMS proposes the demand for security of the following aspects: the safety between the safety in the safety between IMS access security, CSCF and the HSS, the consolidated network between each functional entity of IMS, the heterogeneous networks between the IMS functional entity.The access security of IMS relates to user's authentication and the communication security between user terminal and the P-CSCF (agent call State Control function).
The access security of current I MS guarantees by IPSec/IMS AKA (referring to 3GPP TS33.203) mechanism.UE must registration before using IMS, and this is that IMS AKA by as shown in Figure 1 finishes, and its process is as follows:
1. the user sends registration message (SM1) to P-CSCF, comprises user's IMPI (the privately owned sign of UE), IMPU (public identify of UE) in this message.
2.P-CSCF registration message (SM2) is transmitted to user attaching web portal I-CSCF.
3.I-CSCF (SM3) is transmitted to S-CSCF with registration message.
Remove to authenticate UE 4.S-CSCF obtain the AV relevant (Ciphering Key, authentication authorization and accounting five-tuple RAND, AUTN, XRES, IK (integrity protection key), CK (encryption key)) with UE from HSS.
5.S-CSCF send an authentication challenge message Auth_Challenge (SM4) to I-CSCF, this message comprises RAND, AUTN, IK, a CK in the AV five-tuple.
6.I-CSCF (SM5) is transmitted to P-CSCF with authentication challenge message.
7.P-CSCF (SM6) is transmitted to UE with authentication challenge message, only includes RAND and AUTN in the AV five-tuple in this authentication challenge message.
8.UE the authentication information that authentication P-CSCF sends, and calculate RES, IK and CK, RES and other parameter are sent to P-CSCF as authentication response (SM7).Negotiated a pair of cipher key shared CK and IK between UE and the P-CSCF this moment.
9.P-CSCF (SM8) sends to I-CSCF with authentication response.
10.I-CSCF (SM9) sends to S-CSCF with authentication response.
11.S-CSCF relatively whether the RES in the authentication response is equal with corresponding XRES, if equal, authentication success then, S-CSCF will send authentication success message to UE.
In IPSec/IMS AKA mechanism; realize two-way authentication by IMS AKA between UE and the P-CSCF; and negotiating security association (set of security information such as cryptographic algorithm and association key) between UE and the P-CSCF, UE and P-CSCF use IPSec ESP (seeing RFC 2406) to protect the IMS signaling of transmitting between them then.But, some problems have appearred in the process of using IPSec/IMS AKA, when having NAT (network address translation) between UE and the P-CSCF, because the IMS signaling bear is wrapped at IP, when NAT is crossed in the IP free clothing, NAT changes the source address of IP bag, and the recipient is after receiving this IP bag, to go the verification corresponding security strategy according to source IP address, source port, purpose IP address, the destination interface in this IP bag, but because source IP address is changed by NAT, so the recipient is the verification security strategy correctly, cause the communication process failure.Why IPSec goes wrong when protection IMS access security; be because IPSec will use the IP address information in the IP bag packet header; and after the IP address changed by NAT; make IPSec can't obtain correct IP address; therefore, the current people of having has proposed to use tls protocol to protect the access security of IMS.
Tls protocol is under the jurisdiction of session layer, and it is based upon on the transport layer protocol TCP, for communicating pair provides the secure data transmission passage.Tls protocol is divided into two-layer: shake hands layer and recording layer.The TLS layer of shaking hands is used for the encryption standard of bipartite secured session of negotiation communication and use thereof, the main effect of TLS recording layer is that the data that the upper strata sends are sent by Transmission Control Protocol after the encryption standard of secured session is encrypted, and will use to encrypt from the data that Transmission Control Protocol receives to send to upper layer application after standard is deciphered.
Because tls protocol is based upon on the TCP connection, the TLS secured session connects and binds together with the TCP of this locality, there is not direct relation with the information of IP layer, therefore NAT penetrates (maintenance that the NAT that comprises TCP penetrates, NAT penetrates down the TCP connection etc.) agreement solution by TLS lower floor, to TLS is transparent, does not need to consider the NAT penetration problem when using TLS.
Current someone has proposed a kind of IMS access security scheme based on TLS.The main thought of this scheme is: UE is before sending article one IMS signaling message, and UE and P-CSCF realize the authentication of UE to the P-CSCF end by the session of tls handshake protocol negotiation to establish safety in handshake procedure.All IMS signaling messages that send between UE and the P-CSCF are all by the confidentiality and the integrality of this message of TLS recording layer protocol protection.
Although above-mentioned IMS access security scheme based on TLS makes that shielded IMS signaling can penetrating NAT, still there are a lot of problems in it.A more serious safety problem is exactly, the unilateral authentication problem in the process is set up in the TLS session, because in tls protocol, support communicating pair to use certificate to carry out authentication, and 3GPP only is supported in network side use certificate, on user terminal, do not support to use certificate, so UE and P-CSCF are in TLS session negotiation process, only support that UE authenticates P-CSCF, P-CSCF can not authenticate the identity of UE, so the assailant can pretend to be the user to insert IMS, and validated user is carried out man-in-the-middle attack.
Summary of the invention
In order to address the above problem, the present invention proposes a kind of guard method of IP Multimedia System access security, can guarantee the access security of IMS, also can guarantee shielded IMS signaling penetrating NAT simultaneously.
The present invention is based on a kind of like this thought: as shown in Figure 2; utilize the shared key that UE and P-CSCF consult out in the UE registration process; carry out then setting up a safe communication passage based on this shared key; utilize this escape way to guarantee the transmission security of IMS signaling between UE and the P-CSCF then, and make shielded IMS signaling penetrating NAT pellucidly.The present invention utilizes in the UE registration process and to consult the shared key consulting out with P-CSCF, registration process, the escape way of UE is consulted and data encryption process binds together, and has guaranteed the strong two-way authentication between UE and the P-CSCF.
Implementation procedure of the present invention is as follows:
The first step, UE registration, and UE and P-CSCF negotiate shared key in the UE registration process;
In second step, UE and P-CSCF are by going out an escape way based on above-mentioned shared key agreement;
In the 3rd step, utilize above-mentioned escape way to guarantee the transmission security of IMS signaling between UE and the P-CSCF.
Preferably, the first step specifically comprises following process:
(1) UE registration, UE and P-CSCF negotiate cipher key shared CK and IK by IMS AKA;
(2) UE and P-CSCF use certain strategy to deduce out one or more shared key SK from CK and IK, and respectively P-CSCF sign, UE enrollment status sign, SK and their correspondence relationship information are pressed certain policy store in this locality.
Preferably, described UE enrollment status sign can be the combination of IMPU, IMPI or IMPU and IMPI, or a sign of deducing out from them, the P-CSCF sign can be domain name, the IP address of the P-CSCF that obtains in the P-CSCF discovery procedure of UE or a sign of deducing out from them.
Preferably, when described step (1) UE and P-CSCF negotiate cipher key shared CK and IK by IMS AKA, carry out the negotiation of security mechanism for the reciprocal process between UE and the P-CSCF.
Preferably, described security mechanism negotiations process specifically may further comprise the steps:
A.UE sends initial registration message to P-CSCF, comprises user's IMPI, IMPU in this message, the relevant parameter that the security mechanism that also comprises UE in this message simultaneously and supported and this security mechanism are supported; P-CSCF after receiving this message, security mechanism and the priority thereof supported according to self, the security mechanism of use when determining that according to certain strategy it is communicated by letter with UE;
B.P-CSCF comprises P-CSCF and supports security mechanism, the priority of each security mechanism and the relevant parameter of each security mechanism when UE transmits authentication challenge message in this message; After UE receives this message, according to the security mechanism and the priority security mechanism that its uses according to certain policy selection thereof of the security mechanism of self supporting, P-CSCF support;
The 2nd registration message that c.UE sends to P-CSCF, comprise P-CSCF in this message and in authentication challenge message, responded the security information of giving UE, be that P-CSCF supports security mechanism, the priority of each security mechanism and the relevant parameter of each security mechanism, after P-CSCF receives this registration message, do not distorted judging that in view of the above message that P-CSCF sends to UE has;
D.P-CSCF transmits authentication success/failed message to UE.
Preferably, described second and third step can occur between step b, the c, and the IMS signaling among step c, the d can path protection safe in utilization.
The safety protocol negotiation that adopts UE and P-CSCF to select when preferably, negotiating an escape way in described second step goes out an escape way.
Preferably, when UE and P-CSCF can be the TLS connection session by negotiating an escape way based on the tls protocol of sharing key, the SK that uses UE and P-CSCF to deduce out during negotiation.
Preferably, UE and P-CSCF are when consulting the TLS session, and key exchange process is as follows:
1. P-CSCF is exchanging messages service key when sending to UE, if comprise the P-CSCF sign in this message, UE finds corresponding SK according to P-CSCF sign, UE enrollment status sign; If do not comprise the sign of P-CSCF in this message, because UE knows the sign of the P-CSCF that it connects when P-CSCF initiation TLS shakes hands, UE can directly find corresponding SK according to this sign, UE enrollment status sign;
2. UE is with client's cipher key exchange message; When sending to P-CSCF, comprise UE enrollment status sign in this message, P-CSCF finds corresponding SK according to this sign, P-CSCF sign.
Preferably, when UE and P-CSCF adopt be the IPSec/IKEv2 agreement time, the detailed process of consulting escape way is:
1. UE and P-CSCF use among the IKEv2 and carry out the negotiation of phase I based on the Aggressive Mode of wildcard; Both sides negotiate ISAKMP SA in this stage, in this stage, the enrollment status of UE sign and P-CSCF sign respectively with second step in UE enrollment status sign identify corresponding with P-CSCF;
2. UE and P-CSCF use among the IKEv2 and carry out the negotiation of second stage based on wildcard; In this stage, negotiate a pair of or manyly, be used to protect the IMS signaling between UE and the P-CSCF SA.
Compare with existing IMS access security scheme, the present invention can not only guarantee the access security of IMS, and can guarantee shielded IMS signaling penetrating NAT, and has overcome the weak two-way authentication problem in the existing scheme, makes the assailant can not implement man-in-the-middle attack.
Description of drawings
Fig. 1 has IMS AKA flow chart now;
The IMS access security scheme schematic diagram that Fig. 2 the present invention is designed;
Use the flow chart of TLS security mechanism protection IMS access security in Fig. 3 embodiment of the invention
Use the flow chart of IPSec/IKEv2 security mechanism protection IMS access security in Fig. 4 embodiment of the invention.
Embodiment
Present embodiment has been described the method for protecting the IMS access security among the present invention with tls protocol in conjunction with Fig. 3.UE and P-CSCF all support TLS, IPSec/IKEv2 and three kinds of security mechanisms of IPSec/IMS AKA in the present embodiment, and P-CSCF is higher to the priority that TLS supports, the IMS access procedure flow process of UE is as follows:
1.UE send initial registration message (Register) SM1 to P-CSCF, comprise require, proxy-require, security-client message header in this message.Require and proxy-require message header comprise label " sec-agree " option, and sign P-CSCF must support the security mechanism of UE.
Include security mechanism tabulation and parameter thereof that UE supports in the Security-client message header, its content is " TLS; IPSec/IKEv2; IPSec/IMS AKA; SPI_U; Port_U; purpose encryption suite list "; comprise three security mechanism: TLS, IPSec/IKEv2 and IPSec/IMSAKA in the security-client message header, the purpose encryption suite list that port numbers Port_U, the UE that wherein IPSec/IMS AKA follows later is relevant parameter Security Parameter Index SPI_U (SPI:securityparameter index), will protect supports.
2.P-CSCF after receiving the register requirement of UE,, determine to support the TLS security mechanism according to security mechanism and the priority thereof self supported.
3.P-CSCF when UE sends authentication challenge message SM6, comprise the security-server message header in this message, the content of this message header comprises " TLS; IPSec/IKEv2; IPSec/IMS AKA, SPI_P, Port_P, the purpose encryption suite list that P-CSCF supports ", wherein the security mechanism of P-CSCF support and purpose encryption suite list are all according to priority arranged sequentially.
4.UE after receiving the challenge message that P-CSCF sends, determine to use the TLS security mechanism according to the content in the security-server message header.
5. this moment, UE and P-CSCF had two shared ciphering key K and IK, and UE and P-CSCF deduce out a shared key SK by certain strategy from CK and IK.
6.UE with its P-CSCF domain name of in the P-CSCF discovery procedure, obtaining and SK as a user ID one key to being stored in this locality, P-CSCF with the combination of the identify label IMPU of UE and IMPI and SK as a user ID one key to being stored in this locality.
7.UE negotiate a TLS connection session by tls protocol based on shared key with P-CSCF.The employed tls protocol of UE and P-CSCF is draft-ietf-tls-psk-05.txt among the present invention.In the TLS handshake procedure, P-CSCF sends to UE at service key is exchanged messages (ServerKeyExchange), and the sign that comprises P-CSCF in this message is the domain name of P-CSCF, and UE finds the SK of this P-CSCF correspondence according to this sign.UE when sending to P-CSCF, is comprising the sign (IMPU of UE and the combination of IMPI) of UE with client's cipher key exchange message (ClientKeyExchange) in this message, P-CSCF finds the SK of this UE correspondence according to this sign.
8.UE with P-CSCF after negotiating TLS safety connection session, IMS signaling is after this all protected by TLS safety connection session.
9.UE when the 2nd registration message SM7 that P-CSCF sends, comprise P-CSCF in this message and in authentication challenge message, responded the security information of giving UE, be security mechanism, the priority of each security mechanism and the relevant parameter of each security mechanism etc. that P-CSCF supports, after P-CSCF receives this registration message, do not distorted judging that in view of the above message that P-CSCF sends to UE has.
10.P-CSCF transmit authentication success message SM12 to UE.
In the 7th step in said process, UE and P-CSCF have negotiated TLS safety connection session, and after this all IMS signalings between UE and the P-CSCF (comprising the 9th, 10 liang of IMS signaling SM7, the SM12 in the step) are all protected by TLS safety connection session.
Present embodiment is in conjunction with Fig. 4, described among the present invention the method with IPSec/IKEv2 protocol protection IMS access security.UE and P-CSCF all support IPSec/IKEv2, TLS and three kinds of security mechanisms of IPSec/IMS AKA in the present embodiment, and P-CSCF is higher to the priority that IPSec/IKEv2 supports, the IMS access procedure flow process of UE is as follows:
1.UE send initial registration message (Register) SM1 to P-CSCF.Comprise require, proxy-require, security-client message header in this message.Require and proxy-require message header comprise label " sec-agree " option, and sign P-CSCF must support the security mechanism of UE.Include security mechanism tabulation and parameter thereof that UE supports in the Security-client message header, its content is " IPSec/IKEv2; TLS; IPSec/IMS AKA, SPI_U, Port_U, purpose encryption suite list ".The purpose encryption suite list that port numbers Port_U, the UE that IPSec/IMS AKA follows later is relevant parameter Security Parameter Index SPI_U (SPI:security parameter index), will protect supports.
2.P-CSCF after receiving the register requirement of UE,, determine to support the IPSec/IKEv2 security mechanism according to security mechanism and the priority thereof self supported.
3.P-CSCF when UE sends authentication challenge message SM6, comprise the security-server message header in this message, the content of this message header comprises " IPSec/IKEv2; TLS; IPSec/IMS AKA, SPI_P, Port_P, the purpose encryption suite list that P-CSCF supports ", wherein the security mechanism of P-CSCF support and purpose encryption suite list are all according to priority arranged sequentially.
4.UE after receiving the challenge message that P-CSCF sends, determine to use the IPSec/IKEv2 security mechanism according to the content in the security-server message header.
5. this moment, UE and P-CSCF had two shared ciphering key K and IK, and UE and P-CSCF deduce out a shared key SK by certain strategy from CK and IK.
6.UE with its P-CSCF domain name of in the P-CSCF discovery procedure, obtaining and SK as a user ID one key to being stored in this locality, P-CSCF with the combination of the identify label IMPU of UE and IMPI and SK as a user ID one key to being stored in this locality.
7.UE with P-CSCF at first by carrying out the negotiation of phase I based on the IKEv2 agreement of sharing key, and set up ISAKMP SA.Under the protection of the Security Association that negotiates in the phase I, UE and P-CSCF carry out the negotiation of second stage by the IKEv2 agreement, and set up IPSec SAs.The employed IKEv2 agreement of UE and P-CSCF is draft-ietf-ipsec-ikev2-17.txt among the present invention.In the IKEv2 negotiations process, P-CSCF adopts its domain name as identify label, and UE finds the SK of this P-CSCF correspondence according to this sign.UE adopts the combination of its IMPU and IMPI as identify label, and P-CSCF finds the SK of this UE correspondence according to this sign.
8.UE with P-CSCF after negotiating the ipsec security passage, SIP signaling after this all uses IPSec SA to protect.
9.UE when the 2nd registration message SM7 that P-CSCF sends, comprise P-CSCF in this message and in authentication challenge message, responded the security information of giving UE, be security mechanism, the priority of each security mechanism and the relevant parameter of each security mechanism etc. that P-CSCF supports, after P-CSCF receives this registration message, do not distorted judging that in view of the above message that P-CSCF sends to UE has.
10.P-CSCF transmit authentication success message SM12 to UE.
In the 7th step in said process, UE and P-CSCF have negotiated IPSec SAs, and after this all IPSec SAs protects all IMS signalings between UE and the P-CSCF (comprising the 9th, 10 liang of IMS signaling SM7, the SM12 in the step) thus.
Claims (10)
1. the guard method of an IP Multimedia System access security is characterized in that, said method comprising the steps of:
The first step, UE registration, and UE and P-CSCF negotiate shared key in the UE registration process;
In second step, UE and P-CSCF go out an escape way by above-mentioned shared key agreement;
In the 3rd step, utilize above-mentioned escape way to guarantee the transmission security of IMS signaling between UE and the P-CSCF.
2. method according to claim 1 is characterized in that, the described first step specifically comprises following process:
(1) UE registration, UE and P-CSCF negotiate cipher key shared CK and IK by IMS AKA;
(2) UE and P-CSCF use certain strategy to deduce out one or more shared key SK from CK and IK, and respectively P-CSCF sign, UE enrollment status sign, SK and their correspondence relationship information are pressed certain policy store in this locality.
3. method according to claim 2, it is characterized in that, described UE enrollment status sign can be the combination of IMPU, IMPI or IMPU and IMPI, or a sign of deducing out from them, the P-CSCF sign can be domain name, the IP address of the P-CSCF that obtains in the P-CSCF discovery procedure of UE or a sign of deducing out from them.
4. method according to claim 2, it is characterized in that, in order to support the security mechanism negotiation functionality, when described step (1) UE and P-CSCF negotiate cipher key shared CK and IK by IMS AKA, carry out the negotiation of security mechanism for the reciprocal process between UE and the P-CSCF.
5. method according to claim 4 is characterized in that, described security mechanism negotiations process specifically may further comprise the steps:
A.UE sends initial registration message to P-CSCF, comprises user's IMPI, IMPU in this message, the relevant parameter that the security mechanism that also comprises UE in this message simultaneously and supported and this security mechanism are supported; P-CSCF after receiving this message, security mechanism and the priority thereof supported according to self, the security mechanism of use when determining that according to certain strategy it is communicated by letter with UE;
B.P-CSCF comprises P-CSCF and supports security mechanism, the priority of each security mechanism and the relevant parameter of each security mechanism when UE transmits authentication challenge message in this message; After UE receives this message, according to the security mechanism and the priority security mechanism that its uses according to certain policy selection thereof of the security mechanism of self supporting, P-CSCF support;
The 2nd registration message that c.UE sends to P-CSCF, comprise P-CSCF in this message and in authentication challenge message, responded the security information of giving UE, be that P-CSCF supports security mechanism, the priority of each security mechanism and the relevant parameter of each security mechanism, after P-CSCF receives this registration message, do not distorted judging that in view of the above message that P-CSCF sends to UE has;
D.P-CSCF transmits authentication success/failed message to UE.
6. method according to claim 5 is characterized in that, the IMS signaling among step c, the d can path protection safe in utilization.
7. method according to claim 5 is characterized in that, the safety protocol negotiation that adopts UE and P-CSCF to select when negotiating an escape way in described second step goes out an escape way.
8. method according to claim 7 is characterized in that, when UE and P-CSCF can be the TLS connection session by negotiating an escape way based on the tls protocol of sharing key, and the SK that uses UE and P-CSCF to deduce out during negotiation.
9. method according to claim 8 is characterized in that, UE and P-CSCF are when consulting the TLS session, and key exchange process is as follows:
1. P-CSCF is exchanging messages service key when sending to UE, if comprise the P-CSCF sign in this message, UE finds corresponding SK according to P-CSCF sign, UE enrollment status sign; If do not comprise the sign of P-CSCF in this message, because UE knows the sign of the P-CSCF that it connects when P-CSCF initiation TLS shakes hands, UE can directly find corresponding SK according to this sign, UE enrollment status sign;
2. UE comprises UE enrollment status sign in this message when client's cipher key exchange message is sent to P-CSCF, and P-CSCF finds corresponding SK according to this sign, P-CSCF sign.
10. method according to claim 6 is characterized in that, when UE and P-CSCF adopt be the IPSec/IKEv2 agreement time, the detailed process of consulting escape way is:
1. UE and P-CSCF use among the IKEv2 and carry out the negotiation of phase I based on the Aggressive Mode of wildcard;
Both sides negotiate ISAKMP SA in this stage, in this stage, the enrollment status of UE sign and P-CSCF sign respectively with second step in UE enrollment status sign identify corresponding with P-CSCF;
2. UE and P-CSCF use among the IKEv2 and carry out the negotiation of second stage based on wildcard; In this stage, negotiate a pair of or manyly, be used to protect the IMS signaling between UE and the P-CSCF SA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100775561A CN100369430C (en) | 2005-06-21 | 2005-06-21 | A protection method for access security of IP multimedia subsystem |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100775561A CN100369430C (en) | 2005-06-21 | 2005-06-21 | A protection method for access security of IP multimedia subsystem |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1722689A CN1722689A (en) | 2006-01-18 |
| CN100369430C true CN100369430C (en) | 2008-02-13 |
Family
ID=35912659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100775561A Active CN100369430C (en) | 2005-06-21 | 2005-06-21 | A protection method for access security of IP multimedia subsystem |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100369430C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534237B (en) * | 2008-03-13 | 2011-05-18 | 上海贝尔阿尔卡特股份有限公司 | Method and network unit for processing request messages |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090092109A1 (en) * | 2005-12-19 | 2009-04-09 | Torbjorn Cagenius | Method and Apparatus for Enabling Discovery Within a Home Network |
| CN101064921B (en) * | 2006-04-30 | 2011-12-21 | 华为技术有限公司 | Method for realizing encrypted negotiation for user equipment and network side |
| CN101110758A (en) * | 2006-07-21 | 2008-01-23 | 华为技术有限公司 | Method and system for establishing emergency conversation and proxy function of controlling call conversation |
| CN1913437B (en) * | 2006-08-25 | 2011-01-05 | 华为技术有限公司 | Initial session protocol application network and device and method for set-up of safety channel |
| WO2008083620A1 (en) * | 2007-01-11 | 2008-07-17 | Huawei Technologies Co., Ltd. | A method, a system and an apparatus for media flow security context negotiation |
| CN101222320B (en) * | 2007-01-11 | 2011-02-16 | 华为技术有限公司 | Method, system and device for media stream safety context negotiation |
| EP2201745B1 (en) * | 2007-09-14 | 2018-06-13 | Telefonaktiebolaget LM Ericsson (publ) | Methods and apparatuses for handling trust in an ip multimedia subsystem communication network |
| CN101635919B (en) * | 2009-08-20 | 2012-10-10 | 中兴通讯股份有限公司 | Encryption method and encryption system of IMS conference medium data of IP multimedia system |
| CN102420740B (en) * | 2010-09-28 | 2015-06-10 | 中兴通讯股份有限公司 | Method and system for managing keys of routing protocol |
| CN104735037B (en) * | 2013-12-24 | 2018-11-23 | 中国移动通信集团公司 | A kind of method for network authorization, apparatus and system |
| CN105491567B (en) * | 2014-09-18 | 2020-06-16 | 中兴通讯股份有限公司 | Method and device for acquiring SIP signaling decryption parameters |
| CN105827661B (en) * | 2016-05-31 | 2020-05-19 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for secure communication |
| CN107454045B (en) * | 2016-06-01 | 2020-09-11 | 宇龙计算机通信科技(深圳)有限公司 | Method, device and system for user IMS registration authentication |
| CN106790055B (en) * | 2016-12-20 | 2020-04-17 | 国网天津市电力公司 | Registration method and device of IMS (IP multimedia subsystem) |
| CN108712410A (en) * | 2018-05-11 | 2018-10-26 | 济南浪潮高新科技投资发展有限公司 | P-CSCF servers, conversational system and the method that secret key can match |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005029811A1 (en) * | 2003-09-22 | 2005-03-31 | Nokia Corporation | Remote ipsec security association management |
| WO2005032201A1 (en) * | 2003-09-26 | 2005-04-07 | Telefonaktiebolaget Lm Ericsson (Publ) | Enhanced security design for cryptography in mobile communication systems |
| WO2005039141A1 (en) * | 2003-10-14 | 2005-04-28 | Siemens Aktiengesellschaft | Method for securing the data traffic between a mobile radio network and an ims network |
-
2005
- 2005-06-21 CN CNB2005100775561A patent/CN100369430C/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005029811A1 (en) * | 2003-09-22 | 2005-03-31 | Nokia Corporation | Remote ipsec security association management |
| WO2005032201A1 (en) * | 2003-09-26 | 2005-04-07 | Telefonaktiebolaget Lm Ericsson (Publ) | Enhanced security design for cryptography in mobile communication systems |
| WO2005039141A1 (en) * | 2003-10-14 | 2005-04-28 | Siemens Aktiengesellschaft | Method for securing the data traffic between a mobile radio network and an ims network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534237B (en) * | 2008-03-13 | 2011-05-18 | 上海贝尔阿尔卡特股份有限公司 | Method and network unit for processing request messages |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1722689A (en) | 2006-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100369430C (en) | A protection method for access security of IP multimedia subsystem | |
| EP1946479B1 (en) | Communication securiy | |
| US9537837B2 (en) | Method for ensuring media stream security in IP multimedia sub-system | |
| CN100571134C (en) | The method of authenticated user terminal in IP Multimedia System | |
| CN100544358C (en) | A kind of IP Multimedia System access security guard method based on the IPSec passing through NAT | |
| CN101030854B (en) | Method and apparatus for inter-verifying network between multi-medium sub-systems | |
| CN101330504B (en) | Method for implementing transport layer safety of SIP network based on sharing cryptographic key | |
| EP2506615B1 (en) | Authentication system, method and device | |
| CN100561909C (en) | A kind of IP Multimedia System access security guard method based on TLS | |
| CN1658547B (en) | Crytographic keys distribution method | |
| CN101483863B (en) | Instant message transmitting method, system and WAPI terminal | |
| JP5342818B2 (en) | Management device, registered communication terminal, unregistered communication terminal, network system, management method, communication method, and computer program. | |
| US10419482B2 (en) | Method and apparatus for acquiring SIP signaling decryption parameters | |
| EP3248355B1 (en) | Enhanced establishment of ims session with secure media | |
| CN100544247C (en) | The negotiating safety capability method | |
| Gu et al. | A green and secure authentication for the 4th generation mobile network | |
| Chen et al. | An efficient end-to-end security mechanism for IP multimedia subsystem | |
| US11218515B2 (en) | Media protection within the core network of an IMS network | |
| Sher et al. | Secure Service Provisioning Framework (SSPF) for IP Multimedia System and Next Generation Mobile Networks | |
| Thalhammer | Security inVoIP-Telephony Systems | |
| CN110933673B (en) | Access authentication method of IMS network | |
| Sher et al. | Development of IMS privacy & security management framework for Fokus open IMS testbed | |
| Vintilă | Potential Applications of IPsec in Next Generation Networks | |
| Sher et al. | Enhanced SIP security for air interface (Gm) between IMS core and client |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |