CN101668016A - Authentication method and device - Google Patents
Authentication method and device Download PDFInfo
- Publication number
- CN101668016A CN101668016A CN200910174570A CN200910174570A CN101668016A CN 101668016 A CN101668016 A CN 101668016A CN 200910174570 A CN200910174570 A CN 200910174570A CN 200910174570 A CN200910174570 A CN 200910174570A CN 101668016 A CN101668016 A CN 101668016A
- Authority
- CN
- China
- Prior art keywords
- application server
- authentication information
- ims network
- message
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1016—IP multimedia subsystem [IMS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
Abstract
The embodiment of the invention provides an authentication method and a device; the device comprises the following steps: a network authentication request of an IP multimedia subsystem IMS, which is sent by user equipment, is received; according to the IMS network authentication request, authentication information of an application server is obtained from a home subscriber server HSS; an IMS network authentication respond message containing the authentication information of the application server is transmitted to the UE, so as to trigger the UE to utilize the authentication information of theapplication server to carry out authentication in the application server. In the method of the embodiment of the invention, uniform authentication of IMS and the application server is realized by carrying the authentication information of the application server in the returned result of the IMS network authentication without mutually intervening the authentication process of the application server by the user. The method brings great convenience to the usage of the user and the management of operators; in addition, the existing IMS authentication flow is fully utilized to realize simpleness.
Description
Technical field
The present invention relates to the communications field, relate to a kind of method for authenticating and device particularly.
Background technology
In IMS (IP multimedia subsystem, IP Multimedia System) network, except the network equipment that basic telecommunications class business is provided, much provide the application server of value-added service in addition.This class application server can be independent of the IMS network operation, uses and correct charging for guaranteeing legal business, and a lot of application servers all need separately UE (User Equipment, subscriber equipment) to be carried out authentication.Such as an application server GROUP that address list storage and management are provided, no matter whether UE is by the authentication of IMS network, and UE must provide right user name and password with the authentication by GROUP before the service that normal use GROUP provides.
Fig. 1 is the IMS network authentication and the application server authorizing procedure figure of prior art.As shown in Figure 1, wherein S101-S104 is the IMS network standard authorizing procedure of prior art; S105-S107 is the application server authorizing procedure of prior art, and wherein S105 needs the user manually to import authentication information once more.
The inventor finds that prior art has the following disadvantages at least in realizing process of the present invention: prior art all needs the user to intervene in each authentication process, can't realize automatic right-discriminating, inconvenient user's use; The method of prior art can't realize the unified authentication to IMS network and application server.
Summary of the invention
The embodiment of the invention provides a kind of method for authenticating, authentication information transmission method and device.
On the one hand, the embodiment of the invention provides a kind of method for authenticating, and described method comprises: receive the IP Multimedia System IMS network authentication request that user equipment (UE) sends; According to the request of described IMS network authentication, obtain the application server authentication information from home subscriber server HSS; Send the IMS network authentication response message that comprises described application server authentication information to described UE, utilize described application server authentication information to carry out authentication to described application server to trigger described UE.
Another aspect, the embodiment of the invention provide a kind of authentication information transmission method, and described method comprises:
First message that receipt of call conversation control function entity CSCF sends comprises the UE sign that the IMS network authentication is carried out in request in described first message; According to described first message, judge whether to exist and described UE corresponding application server authentication information; When existence and described UE corresponding application server authentication information, send second message that comprises described UE corresponding application server authentication information to described CSCF.
Also have on the one hand, the embodiment of the invention provides a kind of method for authenticating, and described method for authenticating comprises: send the request of IP Multimedia System IMS network authentication to call conversation control function entity CSCF; Receive the IMS network authentication response message that described CSCF sends, described IMS network authentication response message carries the application server authentication information; Utilize described application server authentication information to carry out authentication to described application server.
On the other hand, the embodiment of the invention provides a kind of call conversation control function entity CSCF, described call conversation control function entity CSCF comprises: the authentication request receiving element is used to receive the IP Multimedia System IMS network authentication request that user equipment (UE) sends; The authentication information acquiring unit is used for obtaining the application server authentication information according to the request of described IMS network authentication from home subscriber server HSS; The Authentication Response transmitting element is used for sending the IMS network authentication response message that comprises described application server authentication information to described UE, utilizes described application server authentication information to carry out authentication to described application server to trigger described UE.
Again on the one hand, the embodiment of the invention provides a kind of home subscriber server, described home subscriber server comprises: receiving element, be used for first message that receipt of call conversation control function entity CSCF sends, and comprise the UE sign that the IMS network authentication is carried out in request in described first message; Judging unit is used to judge whether exist and described UE corresponding application server authentication information; Transmitting element is used for sending second message that comprises described UE corresponding application server authentication information to described CSCF when existence and described UE corresponding application server authentication information.
Last aspect, the embodiment of the invention provide a kind of subscriber equipment, and described subscriber equipment comprises: the first authentication request transmitting element is used for sending the request of IP Multimedia System IMS network authentication to call conversation control function entity CSCF; The Authentication Response receiving element is used to receive the IMS network authentication response message that described CSCF sends, and described IMS network authentication response message carries the application server authentication information; The second authentication request transmitting element is used to utilize described application server authentication information to carry out authentication to described application server.
The technical scheme that the embodiment of the invention provides, by carrying the authentication information of application server among the result who returns at the IMS network authentication, realized the unified authentication of IMS network and application server, realized the automatic right-discriminating of application server simultaneously, promptly in authentication process, need not the user and intervene, all bring great convenience to user's use and operator's management; Make full use of existing IMS network authentication flow process, realize simple.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the IMS network authentication and the application server authorizing procedure figure of prior art;
Fig. 2 is the Signalling exchange flow chart of the system of the embodiment of the invention 1;
Fig. 3 is the system functional block diagram of the embodiment of the invention 1;
Fig. 4 is the overall flow figure of the method for the embodiment of the invention 2;
The particular flow sheet one of the method for Fig. 4 a embodiment of the invention 2;
Fig. 4 b is the particular flow sheet two of the method for the embodiment of the invention 2;
Fig. 4 c is the particular flow sheet three of the method for the embodiment of the invention 2;
Fig. 5 is the method flow diagram of the embodiment of the invention 3;
Fig. 6 is the expansion structure schematic diagram of the User Profile of the embodiment of the invention 3;
Fig. 7 is the in-line format sample figure of the user profile of the embodiment of the invention 3;
Fig. 8 is the structural representation of the application server authentication information of the embodiment of the invention 3;
Fig. 9 is the definition figure of the Add-ons field of the embodiment of the invention 3;
Figure 10 is the overall flow figure of the method for the embodiment of the invention 4;
Figure 10 a is the particular flow sheet one of the method for the embodiment of the invention 4;
Figure 10 b is the particular flow sheet two of the method for the embodiment of the invention 4;
Figure 11 is the functional block diagram of the call conversation control function entity of the embodiment of the invention 5;
Figure 11 a is the functional block diagram of the authentication information acquiring unit of the embodiment of the invention 5;
Figure 11 b is the functional block diagram of the Authentication Response transmitting element of the embodiment of the invention 5;
Figure 12 is the functional block diagram of the home subscriber server of the embodiment of the invention 6;
Figure 13 is the allomeric function block diagram of the subscriber equipment of the embodiment of the invention 7;
Figure 14 is the refinement functional block diagram of the subscriber equipment of the embodiment of the invention 7.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The described application server of the embodiment of the invention refers to that mainly it is independent of the IMS network, needs the application server of independent authentication, and this class application server independently provides value-added service, for example " WEB territory application server " usually.
HSS (Home Subscriber System, home subscriber server) with CSCF (Call SessionControl Functions, CSCF) interface between comprises Cx interface, and its major function comprises location management, user data download/renewal processing, subscription authentication etc.
Embodiment 1:
The embodiment of the invention 1 provides a kind of IP Multimedia System IMS network and application server to unify the method and system of authentication.
The embodiment of the invention 1 is utilized existing IMS equipment and flow process, suitably expands, and supports the unified authentication of IMS network and application server.Be UE after the IMS network authentication passes through, utilize the authentication information in IMS network authentication process, get access to, employed other application server of the UE that has authorized is carried out automatic right-discriminating, the user does not need to intervene.
Fig. 2 is the Signalling exchange flow chart of the system of the embodiment of the invention 1.As shown in Figure 2, this Signalling exchange flow process comprises:
S201, user equipment (UE) carry out IP Multimedia System IMS network authentication, and UE sends the request of IMS network authentication to CSCF;
Authentication arithmetic comprises: IMS AKA (Authentication and Key Agreement, Authentication and Key Agreement), Early AKA or HTTP Digest (HTTP abstract authentication algorithm) etc.;
S202, CSCF send SAR message to HSS, to obtain the user signing contract information UserProfile of UE;
S203, HSS return the user signing contract information UserProfile of UE to CSCF by the SAA message of expansion; If corresponding IMPU (IP Multimedia Public Identity, IP multimedia public identify) or IRS (Implicitly Registered Set, implicitly registered set) there is related application server authentication information, then in User Profile, comprises the application server authentication information; Otherwise in User Profile, do not comprise the application server authentication information;
S204, CSCF judge whether attendant applications server authentication information of User Profile, as subsidiary, then return the IMS network authentication response message 200OK consistent with prior art to UE; As subsidiary, then return IMS network authentication response message 200OK, and this 200OK carries above-mentioned application server authentication information to UE;
When S205, UE receive 200OK, take out the application server authentication information;
If in 200OK, increase related unified resource sign P-Associated-URI header field, and adopt the P-Associated-URI header field to carry the application server authentication information, then UE checks whether attach parameters such as http-username, http-token in the p-aso-uri-spec tabulation.Have the URI of http-username parameter from first, take out http-token and subsequent other parameters; And use CK (Check Bit, check bit) to be decrypted; If when UE and IMS network using HTTP Digest authentication, then adopt HA1 to be decrypted.
S206, UE carry out authentication according to the authentication information that returns to application server;
If application server adopts HTTP Digest method for authenticating to subscription authentication.UE uses HTTP username, the HTTP Token (WEB Password) that obtains from the IMS network, and authentication is finished in compute authentication Digest response.
S207, application server return authenticating result.
When UE need arrive a plurality of application servers and carries out authentication, repeat S206-S207.
The system of the embodiment of the invention 1 utilizes existing authorizing procedure to realize unified authentication to IMS network and application server.
Fig. 3 is the system functional block diagram of the embodiment of the invention 1.As shown in Figure 3, a kind of IP Multimedia System IMS network of the embodiment of the invention 1 and the application server system 10 that unifies authentication comprises:
User equipment (UE) 101 is used for sending the request of IP Multimedia System IMS network authentication to call conversation control function entity CSCF102; Receive the IMS network authentication response message 200OK that described CSCF102 sends, described 200OK carries the authentication information of application server; Utilize described application server authentication information to carry out authentication to application server;
Call conversation control function entity CSCF102 is used to receive the IP Multimedia System IMS network authentication request that user equipment (UE) 101 sends; Send SAR message to home subscriber server HSS103, to obtain the user signing contract information User Profile of described UE101; Receive the SAA message that described HSS103 sends, described SAA message comprises described User Profile, and described User Profile carries the application server authentication information; Send the IMS network authentication response message 200OK that comprises described application server authentication information to described UE101, utilize described application server authentication information to carry out authentication to application server 104 to trigger described UE101;
Home subscriber server HSS103 is used for the SAR message that receipt of call conversation control function entity CSCF102 sends; When having stored, send the SAA message of the user signing contract information User Profile that comprises described U101E to described CSCF102, and described User Profile carries described application server authentication information with UE101 corresponding application server authentication information;
Application server AS 104 is used to receive the authentication request that described UE101 sends, and described UE101 is carried out authentication, and return Authentication Response to described UE101.
Adopt the system of the embodiment of the invention 1, the User Profile structure that HSS carries by expansion SAA message in Cx interface, add application server authentication information structure at User Profile structure end, thereby the application server authentication information is passed to CSCF by SAA message.
CSCF is by in the process of transmission 200OK message, and the application server authentication information uses bit verification CK or HA1 mode to encrypt, thereby has guaranteed application server authentication information safety of transmission.
UE carries out authentication by the application server authentication information that uses 200OK message to carry to application server, and need not to import manually the application server authentication information repeatedly, has alleviated user's operation burden, has realized automatic right-discriminating.
In sum, the system of the embodiment of the invention 1 has realized the unified authentication to IMS network and application server, all brings great convenience to user's use and operator's management; Make full use of existing IMS authorizing procedure, realize simply, do not need newly-increased in addition authentication task equipment; Existing application server is not had specific (special) requirements, do not need to change existing authorizing procedure.
Embodiment 2:
The embodiment of the invention 2 provides a kind of method for authenticating, and this method for authenticating is the method that a kind of IP Multimedia System IMS network and application server are unified authentication, and the executive agent of this method can be CSCF.
Fig. 4 is the overall flow figure of the method for the embodiment of the invention 2.As shown in Figure 4, this method comprises:
The IP Multimedia System IMS network authentication request that S401, reception user equipment (UE) send;
S402, according to the request of described IMS network authentication, obtain the application server authentication information from home subscriber server HSS;
Particularly, above-mentioned application server authentication information comprises: the additional parameter Add-ons (for example IP address of application server) of authentication password (can the expand to authentication credentials) HTTP-Token of the authentication user name HTTP-Username of application server, application server, application server.Wherein Add-ons is an optional parameters, and above-mentioned Add-ons parameter comprises one or more server parameter Sever-parameter.
S403, send the IMS network authentication response message that comprises described application server authentication information, utilize described application server authentication information to carry out authentication to described application server to trigger described UE to described UE.
Need to prove, ordinary circumstance is that UE has defined and need carry out authentication to which application server, just UE does not know the needed necessary information of authentication, for example IP address, user name, password etc., in case the IMS network returns to UE to these information, UE just can arrive application server and carry out authentication.
Fig. 4 a is the particular flow sheet one of the method for the embodiment of the invention 2.Alternatively, shown in Fig. 4 a, this method can comprise:
The IP Multimedia System IMS network authentication request that S401a, reception user equipment (UE) send;
S402a, send SAR message to home subscriber server HSS, to obtain the user signing contract information User Profile of described UE;
Particularly, described SAR message comprises Server-Assignment-Request message.Server-Assignment-Request is the order that CSCF sends to HSS in the Cx interface, can carry IMPU and/or IMPI (the IP Multimedia Private Identity of UE in the described SAR message, IP multimedia private identity), so that HSS goes inquiry whether to store UE corresponding application server authentication information according to the IMPU of UE and/or IMPI.
The SAA message that S403a, the described HSS of reception send, described SAA message comprises described UserProfile, and described User Profile carries the application server authentication information;
Particularly, described SAA message is Server-Assignment-Answer message, and it is the response that HSS orders SAR in the Cx interface.
The expansion structure of the User Profile of the embodiment of the invention and the structure of application server authentication information will be described in detail in the embodiment of back, wouldn't describe at this.
Alternatively, also can send other message and obtain the application server authentication information, for example can come delivery applications server authentication information by other message in self-defining other processes between CSCF and the HSS.
S404a, send the IMS network authentication response message 200OK that comprises described application server authentication information, utilize described application server authentication information to carry out authentication to application server to trigger described UE to described UE.
Fig. 4 b is the particular flow sheet two of the method for the embodiment of the invention 2.The difference of Fig. 4 b and Fig. 4 a is S404b.
S404b, send IMS network authentication response message 200OK to described UE, described 200OK message comprises related unified resource sign P-Associated-URI header field, described P-Associated-URI header field carries described application server authentication information, utilizes described application server authentication information to carry out authentication to application server to trigger described UE.
Particularly, the detailed process of S404b also can comprise:
Give the ai-param parameter that described P-Associated-URI header field comprises with the value of described HTTP-Username;
Give the 2nd ai-param parameter that described P-Associated-URI header field comprises with the value of described HTTP-Token;
Send IMS network authentication response message 200OK to described UE, described 200OK comprises related unified resource sign P-Associated-URI header field, and described P-Associated-URI header field comprises a described ai-param parameter and described the 2nd ai-param parameter.
Alternatively, the value of one or more server parameter Server-parameter that Add-ons can also be comprised is given other corresponding a plurality of ai-param parameters that the P-Associated-URI header field comprises respectively;
Alternatively, can also send IMS network authentication response message 200OK to described UE, described 200OK comprises related unified resource sign P-Associated-URI header field, other a plurality of ai-param parameters that described P-Associated-URI header field comprises a described ai-param parameter, described the 2nd ai-param parameter and carries the value of a plurality of Server-parameter.
Fig. 4 c is the particular flow sheet three of the method for the embodiment of the invention 2.The difference of Fig. 4 c and Fig. 4 is S404c and S405c.
S404c, employing check bit CK or HA1 encrypt described application server authentication information;
S405c, send IMS network authentication response message 200OK to described UE, described 200OK comprises the described application server authentication information that adopts after check bit CK or HA1 encrypt, and utilizes described application server authentication information to carry out authentication to application server to trigger described UE.
The method of carrying the application server authentication information in above-mentioned 200Ok response can comprise: the application server authentication information is transmitted as the ai-param parameter of P-Associated-URI header field.
For example: utilize the parameter of P-Associated-URI definition in the standard to carry " application server authentication information ".
P-Associated-URI is defined as in standard:
P-Associated-URI=″P-Associated-URI″HCOLON
(p-aso-uri-spec)
*(COMMA?p-aso-uri-spec)
p-aso-uri-spec=name-addr*(SEMI?ai-param)
ai-param=generic-param
Below illustrate the process of carrying " application server authentication information " by the parameter of P-Associated-URI definition.
CSCF takes out the HTTP-username cell of application server authentication information, with its content replication in the http-username parameter, with the ai-param parameter of http-username as P-Associated-URI;
For example, take out the HTTP-username cell of application server authentication information, the content " user1@home1.net " of this cell is copied in the http-username parameter, make http-username=" user1@home1.net ", and with the ai-param parameter of this http-username as P-Associated-URI.
CSCF takes out the HTTP-Token cell of application server authentication information, with its content replication in the http-token parameter, with the ai-param parameter of http-token as P-Associated-URI;
For example, take out the HTTP-Token cell of application server authentication information, the content " PWD " of this cell is copied in the http-token parameter, make http-token=" PWD ", and with the ai-param parameter of http-token as P-Associated-URI.
CSCF takes out the Add-ons cell of application server authentication information, each Server-parameter among one or more Server-parameter that above-mentioned Add-ons cell is comprised is respectively as an independent ai-param parameter, if a plurality of Server-parameter are arranged, then distinguish corresponding one by one a plurality of ai-param parameters.
For example, take out the Add-ons cell of application server authentication information, content among the 1st Server-parameter that this cell is comprised " group-domain-address " copy in the group-uri parameter, make group-uri=" group-domain-address ", and with the ai-param parameter of group-uri as P-Associated-URI;
Content among the 2nd Server-parameter that this cell is comprised " AP-domain-address " copy in the ap-uri parameter, make ap-uri=" AP-domain-address "; And with the ai-param parameter of ap-uri as P-Associated-URI.
Therefore, an example that carries the P-Associated-URI of application server authentication information forms as follows:
P-Associated-URI:
Sip:user1@home1.net;http-username=”user1@home1.net”;http-token=”PWD”;group-uri=”group-domain-address”;ap-uri=”AP-domain-address”
Further, for guaranteeing the fail safe of transmission course, can adopt CK to encrypt by the application server authentication information; If when UE and IMS adopt HTTP Digest authentication, then adopt HA1 (results of intermediate calculations of HTTPDigest authentication process) to encrypt.
The method of the embodiment of the invention, by receiving the SAA message that comprises the application server authentication information that HSS sends, and this application server authentication information sent to UE by 200OK response, thereby make UE carry out authentication to application server according to the application server authentication information that receives from the 200OK response, this process need not manual intervention, realize the automatic right-discriminating of application server, also realized the unified authentication of IMS network and application server, convenient for users to use.
By adopting CK or HA1 that the application server authentication information in the transmission course is encrypted, guaranteed the fail safe of data passes effectively.
Because the method for the embodiment of the invention, not newly-increased authentication special equipment, but on the basis of existing device and existing flow process, improve, a kind of unified authorizing procedure of realizing simple IMS network and application server is provided, thereby has helped the investment of operator's management and saving operator.
Embodiment 3:
The embodiment of the invention 3 provides a kind of transmission method of application server authentication information, and the executive agent of this method can be HSS.
Fig. 5 is the method flow diagram of the embodiment of the invention 3.As shown in Figure 5, this method comprises:
First message that S501, receipt of call conversation control function entity CSCF send comprises the UE sign that the IMS network authentication is carried out in request in described first message;
S502, according to described first message, judge whether to exist and described UE corresponding application server authentication information;
S503, when existing with described UE corresponding application server authentication information, send second message that comprises described UE corresponding application server authentication information to described CSCF.
Alternatively, described first message can be SAR message, and described second message can be SAA message, and described UE sign comprises: IP multimedia public identify IMPU or the IMPI of UE.
The process of S503 specifically can comprise:
When existence and described UE corresponding application server authentication information, send SAA message to described CSCF, described SAA message comprises the user signing contract information User Profile of described UE, and described UserProfile carries described application server authentication information.
Alternatively, can carry IMPU and/or the IMPI of UE in the described SAR message, so that HSS removes to inquire about UE corresponding application server authentication information according to IMPU and/or the IMPI of UE.Wherein when UE comprised a plurality of IMPU, above-mentioned a plurality of IMPU can form an IRS.
Particularly, when IMS user opens an account or applies for new business, if artificial or BOSS (Business and Operation Supporting System by office side, the telecommunication service OSS) judges the back discovery, the application server that needs independent authentication is arranged, then the authentication information of this application server is left among the HSS.The authentication information of application server can be associated with one or more IMPU, and promptly the authentication information of application server can be corresponding with one or more IMPU, can belong to one or more IMPU.
When the authentication information of application server is related with a plurality of IMPU, can in HSS, be registered as an IRS to the IMPU that is associated, promptly be equivalent to application server authentication information and IRS are associated.Be arranged in the set by a plurality of IMPU, when UE has a plurality of IMPU, no matter login like this with which IMPU, the server authentication information that can be applied, and do not need the application server authentication information is preserved repeatedly on HSS.
When HSS judges that there are related application server authentication information in corresponding IMPU or IRS, then in User Profile, comprise this application server authentication information.
For example, the User Profile structure that expansion SAA message is carried in Cx interface, add application server authentication information structure at this UserProfile structure end, use UML (Unified ModelLanguage, UML) be expressed as Fig. 6, Fig. 6 is the expansion structure schematic diagram of the User Profile of the embodiment of the invention 3.
As shown in Figure 6, an IMS user's IMPI can corresponding one or more " Service Profile " and can be corresponding one or 0 " application server authentication information "." 1...n " expression among Fig. 6 is one or more, and " 0...1 " expression does not have or one.Fig. 7 is the in-line format sample figure of the user profile of the embodiment of the invention 3.2 Service profile only are shown among Fig. 7,, can adopt Service profile more than 2 for different application; 3 Public id only are shown among Fig. 7,, can adopt more than 3 Public id for different application.IFC among Fig. 7 represents inceptive filtering criterion (initial filtercriteria).Service profile is identical with the definition among the former user profile.
The structure of the application server authentication information of the embodiment of the invention 3 uses UML to be expressed as Fig. 8, and Fig. 8 is the structural representation of the application server authentication information of the embodiment of the invention 3.As shown in Figure 8, HTTP-Username has indicated the authentication user name of application server; HTTP-Token has indicated the authentication password (can expand to authentication credentials) of application server; Add-ons has then stored the additional parameter (for example IP address of application server) of application server.As shown in Figure 8, an application server authentication information for example can comprise a HTTP-Username, a HTTP-Token, 1 or 0 Add-ons.In other is used, also can comprise a plurality of HTTP-Username, a plurality of HTTP-Token and a plurality of Add-ons.
If a plurality of application servers are arranged, then, specify identical authentication user name and authentication password opening an account, apply for new business or other application scenarios, to different additional parameters (for example IP address of application server), in the Add-ons field, store.Alternatively, application server authentication information structure also can be expanded, and can specify authentication user name and authentication password inequality for a plurality of application servers.
The Add-ons field of application server authentication information structure can adopt definition shown in Figure 9.Fig. 9 is the definition figure of the Add-ons field of the embodiment of the invention 3.As shown in Figure 9, wherein " 1...n " expression is one or more, and promptly 1 Add-ons field can comprise one or more Server-parameter, in each Server-parameter, has preserved the title and the parameter value of parameter; Group-uri=for example " group-domain-address " form, wherein group-uri represents parameter name, group-domain-address represents the relevant parameters value.
In a word, the User Profile message structure that HSS comprises by expansion SAA message, add application server authentication information structure at this UserProfile structure end, and return the SAA message of carrying the application server authentication information, thereby the application server authentication information is transmitted CSCF to CSCF.Alternatively, also can add application server authentication information structure in the front of User Profile structure.
The method of the embodiment of the invention 3, by expanding the User Profile structure that SAA message is carried, add application server authentication information structure at User Profile structure end, thereby the application server authentication information can be sent to CSCF by SAA message, thereby CSCF can further send to UE with this application server authentication information, so that UE carries out authentication according to this application server authentication information to application server, and do not need the user manually to intervene the authentication process of application server.This method is used to the user and operator's management all brings great convenience.By technique scheme, the method for the embodiment of the invention 3 helps realizing the unified authentication of IMS network and application server.
Embodiment 4:
The embodiment of the invention 4 provides a kind of method for authenticating, and this method for authenticating comprises that a kind of IMS multi-media subsystem network and application server unify the method for authentication.The executive agent of this method can be UE.
Figure 10 is the overall flow figure of the method for the embodiment of the invention 4.As shown in figure 10, this method comprises:
S1001, send the request of IMS network authentication to call conversation control function entity CSCF;
The IMS network authentication response message that S1002, the described CSCF of reception send, described IMS network authentication response message carries the authentication information of application server;
S1003, utilize described application server authentication information to carry out authentication to described application server.
Figure 10 a is the particular flow sheet one of the method for the embodiment of the invention 4.The difference of Figure 10 a and Figure 10 is S1002a.
S1002a receives the IMS network authentication response message 200OK that described CSCF sends, and described 200OK comprises related unified resource sign P-Associated-URI header field, and described P-Associated-URI header field carries the application server authentication information.
Particularly, the process of S1002a can comprise:
Receive the IMS network authentication response message 200OK that described CSCF sends, described 200OK comprises related unified resource sign P-Associated-URI header field, and a plurality of ai-param parameters that described P-Associated-URI header field is comprised are carried the additional parameter Add-ons of the authentication password HTTP-Token of authentication user name HTTP-Username, application server of application server and or zero application server.
Figure 10 b is the particular flow sheet two of the method for the embodiment of the invention 4.Shown in Figure 10 b, this method comprises:
S1001b, send the request of IMS network authentication to call conversation control function entity CSCF;
The IMS network authentication response message that S1002b, the described CSCF of reception send, described IMS network authentication response message carry and adopt check bit CK or HA1 encrypted applications server authentication information;
S1003b, employing check bit CK or HA1 decipher described application server authentication information;
S1004b, utilize described application server authentication information to carry out authentication to described application server.
The method of the embodiment of the invention 4, by in IMS network authentication response message, carrying the application server authentication information, make UE can from the IMS network authentication response message that receives, obtain the application server authentication information, and carry out automatic right-discriminating to application server according to this application server authentication information.This method has been simplified authorizing procedure, and is convenient for users, and the user does not need to intervene, and this method is used to the user and operator's management all brings great convenience; By using CK or HA1 to encrypt, guaranteed the fail safe of data passes simultaneously to the application server authentication information in the transmission course.
Embodiment 5:
The embodiment of the invention 5 provides a kind of call conversation control function entity CSCF.This CSCF forms for the method corresponding to embodiment 2.
Figure 11 is the functional block diagram of the call conversation control function entity of the embodiment of the invention 5.As shown in figure 11, this CSCF20 comprises:
Authentication request receiving element 201 is used to receive the IP Multimedia System IMS network authentication request that user equipment (UE) sends;
Authentication information acquiring unit 202 is used for obtaining the application server authentication information according to the request of described IMS network authentication from home subscriber server HSS;
Authentication Response transmitting element 203 is used for sending the IMS network authentication response message that comprises described application server authentication information to described UE, utilizes described application server authentication information to carry out authentication to described application server to trigger described UE.
Figure 11 a is the functional block diagram of authentication information acquiring unit.Alternatively, described authentication information acquiring unit 202 can comprise:
Receive subelement 2022, be used to receive the SAA message that described HSS sends, described SAA message comprises described User Profile, and described User Profile carries the application server authentication information.
Alternatively, described Authentication Response transmitting element 203, be used for sending IMS network authentication response message 200OK to described UE, increase related unified resource sign P-Associated-URI header field among the described 200OK, described P-Associated-URI header field carries described application server authentication information.
Figure 11 b is the functional block diagram of Authentication Response transmitting element.Alternatively, described Authentication Response transmitting element 203 can comprise:
Send subelement 2032, be used for sending IMS network authentication response message to described UE, described IMS network authentication response message comprises the described application server authentication information that adopts after CK or HA1 encrypt.
Described application server authentication information comprises: the authentication user name HTTP-Username of application server and the authentication password HTTP-Token of application server; Alternatively, the application server authentication information can also comprise the additional parameter Add-ons of application server, and described Add-ons comprises one or more server parameters Server-parameter.
The CSCF entity that the embodiment of the invention 5 provides, expanded the SAA message of User Profile structure by reception, application server authentication information structure has been added at this User Profile structure end, thereby can obtain application corresponding server authentication information from HSS.
The CSCF entity is encrypted by use CK in the transmission course of application server authentication information, or when UE and IMS employing HTTP Digest authentication, then adopts HA1 application server authentication information to encrypt, thereby help ensureing safety of transmission.
The CSCF entity makes UE can utilize this application server authentication information to carry out authentication to application server by carry the application server authentication information in the 200OK message of returning to UE, and this process need not manual intervention, has realized automatic right-discriminating.
In a word, by adopting the CSCF of the embodiment of the invention, realized the unified authentication of IMS and application server is all brought great convenience to user's use and operator's management; Save operator's investment simultaneously, do not need newly-increased in addition authentication task equipment.
Embodiment 6:
The embodiment of the invention provides a kind of home subscriber server, and it is for forming by the method for embodiment 3 is corresponding.
Figure 12 is the functional block diagram of the home subscriber server of the embodiment of the invention 6.As shown in figure 12, this home subscriber server 30 comprises:
Receiving element 301 is used for first message that receipt of call conversation control function entity CSCF sends, and comprises the UE sign that the IMS network authentication is carried out in request in described first message;
Judging unit is used to judge whether exist and described UE corresponding application server authentication information;
Transmitting element 302 is used for sending second message that comprises described UE corresponding application server authentication information to described CSCF when existence and described UE corresponding application server authentication information.
Alternatively, described first message can be SAR message, and described second message can be SAA message, and the sign of described UE comprises IP multimedia public identify IMPU or the IMPI of UE.Described transmitting element 302, can be used for when existence and described UE corresponding application server authentication information, send SAA message to described CSCF, described SAA message comprises the user signing contract information UserProfile of described UE, and described User Profile carries described application server authentication information.
See also Fig. 6-Fig. 9 about the structure of User Profile of expansion and the structure of application server authentication information, and corresponding description, do not give unnecessary details at this.
The home subscriber server of the embodiment of the invention 6, by storing UE corresponding application server authentication information in advance, and by expansion User Profile, promptly be added on application server authentication information structure at the end of User Profile message structure, thereby can help realizing the unified authentication of IMS and application server by the authentication information of SAA message to CSCF delivery applications server.
Embodiment 7:
The embodiment of the invention 7 provides a kind of subscriber equipment, and this subscriber equipment is corresponding formation by the method for embodiment 4.
Figure 13 is the functional block diagram of the subscriber equipment of the embodiment of the invention 7.As shown in figure 13, this subscriber equipment 40 comprises:
The first authentication request transmitting element 401 is used for sending the request of IP Multimedia System IMS network authentication to call conversation control function entity CSCF;
Authentication Response receiving element 402 is used to receive the IMS network authentication response message that described CSCF sends, and described IMS network authentication response message carries the authentication information of application server;
The second authentication request transmitting element 403 is used to utilize described application server authentication information to carry out authentication to described application server.
Alternatively, described Authentication Response receiving element 401, can also be used to receive the IMS network authentication response message 200OK that described CSCF sends, described 200OK comprises related unified resource sign P-Associated-URI header field, and described P-Associated-URI header field carries the application server authentication information.
Alternatively, described Authentication Response receiving element 401, can also be used to receive the IMS network authentication response message that described CSCF sends, a plurality of ai-param parameters that the related unified resource sign P-Associated-URI header field of described IMS network authentication response message is comprised are carried the value of the additional parameter Add-ons of the value of authentication password HTTP-Token of value, application server of the authentication user name HTTP-Username of application server and or zero application server.
About carry the concrete grammar of application server authentication information by the newly-increased P-Associated-URI header field of 200OK, see also the corresponding description among the embodiment 2, do not give unnecessary details at this.
Alternatively, described Authentication Response receiving element 401 can also be used to receive the IMS network authentication response message that described CSCF sends, and described IMS network authentication response message carries and adopts check bit CK or HA1 encrypted applications server authentication information.
Figure 14 is the refinement functional block diagram of the subscriber equipment of the embodiment of the invention 7.Alternatively, described subscriber equipment 40 can also comprise:
The subscriber equipment that the embodiment of the invention 7 provides, the application server authentication information that can use 200OK message to carry carries out authentication to application server, and need not to import the application server authentication information convenient for users and operator's management by artificial repeatedly manual mode; The method of the embodiment of the invention has realized the unified authentication to IMS network and application server by carrying the authentication information of application server among the result who returns at the IMS network authentication.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-OnlyMemory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Above embodiment only in order to the technical scheme of the explanation embodiment of the invention, is not intended to limit; Although the embodiment of the invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of each embodiment technical scheme of the embodiment of the invention.
Claims (20)
1, a kind of method for authenticating is characterized in that, described method for authenticating comprises:
Receive the IP Multimedia System IMS network authentication request that user equipment (UE) sends;
According to the request of described IMS network authentication, obtain the application server authentication information from home subscriber server HSS;
Send the IMS network authentication response message that comprises described application server authentication information to described UE, utilize described application server authentication information to carry out authentication to described application server to trigger described UE.
2, method according to claim 1 is characterized in that, according to the request of described IMS network authentication, obtains the application server authentication information from home subscriber server HSS and comprises:
Send SAR message to home subscriber server HSS, to obtain the user signing contract information User Profile of described UE;
Receive the SAA message that described HSS sends, described SAA message comprises described User Profile, and described User Profile carries the application server authentication information.
3, method according to claim 1 is characterized in that, sends the IMS network authentication response message that comprises described application server authentication information to described UE and comprises:
Send IMS network authentication response message 200OK to described UE, increase related unified resource sign P-Associated-URI header field among the described 200OK, described P-Associated-URI header field carries described application server authentication information.
4, method according to claim 1 is characterized in that, sends the IMS network authentication response message that comprises described application server authentication information to described UE and comprises:
Adopt check bit CK or HA1 that described application server authentication information is encrypted;
Send IMS network authentication response message to described UE, described IMS network authentication response message comprises the described application server authentication information that adopts after CK or HA1 encrypt.
5, a kind of authentication information transmission method is characterized in that, described method comprises:
First message that receipt of call conversation control function entity CSCF sends comprises the UE sign that the IMS network authentication is carried out in request in described first message;
According to described first message, judge whether to exist and described UE corresponding application server authentication information;
When existence and described UE corresponding application server authentication information, send second message that comprises described UE corresponding application server authentication information to described CSCF.
6, method according to claim 5 is characterized in that, described first message is SAR message, and described second message is SAA message;
Sending second message that comprises described application server authentication information to described CSCF comprises: send SAA message to described CSCF, described SAA message comprises the user signing contract information UserProfile of described UE, and described User Profile carries described application server authentication information.
7, a kind of method for authenticating is characterized in that, described method for authenticating comprises:
Send the request of IP Multimedia System IMS network authentication to call conversation control function entity CSCF;
Receive the IMS network authentication response message that described CSCF sends, described IMS network authentication response message carries the application server authentication information;
Utilize described application server authentication information to carry out authentication to described application server.
8, method according to claim 7 is characterized in that, receives the IMS network authentication response message that described CSCF sends, and described IMS network authentication response message carries the application server authentication information and comprises:
Receive the IMS network authentication response message 200OK that described CSCF sends, described 200OK comprises related unified resource sign P-Associated-URI header field, and described P-Associated-URI header field carries the application server authentication information.
9, method according to claim 7 is characterized in that, receives the IMS network authentication response message that described CSCF sends, and described IMS network authentication response message carries the application server authentication information and comprises:
Receive the IMS network authentication response message that described CSCF sends, described IMS network authentication response message carries and adopts check bit CK or HA1 encrypted applications server authentication information.
10, method according to claim 9 is characterized in that, utilizes described application server authentication information also to comprise before described application server carries out authentication:
Adopt check bit CK or HA1 to decipher described application server authentication information.
11, a kind of call conversation control function entity CSCF is characterized in that, described call conversation control function entity CSCF comprises:
The authentication request receiving element is used to receive the IP Multimedia System IMS network authentication request that user equipment (UE) sends;
The authentication information acquiring unit is used for obtaining the application server authentication information according to the request of described IMS network authentication from home subscriber server HSS;
The Authentication Response transmitting element is used for sending the IMS network authentication response message that comprises described application server authentication information to described UE, utilizes described application server authentication information to carry out authentication to described application server to trigger described UE.
12, call conversation control function entity CSCF according to claim 11 is characterized in that, described authentication information acquiring unit comprises:
The request subelement is used for sending SAR message to home subscriber server HSS, to obtain the user signing contract information User Profile of described UE;
Receive subelement, be used to receive the SAA message that described HSS sends, described SAA message comprises described User Profile, and described User Profile carries the application server authentication information.
13, call conversation control function entity CSCF according to claim 11 is characterized in that,
Described Authentication Response transmitting element, be used for sending IMS network authentication response message 200OK to described UE, increase related unified resource sign P-Associated-URI header field among the described 200OK, described P-Associated-URI header field carries described application server authentication information.
14, call conversation control function entity CSCF according to claim 11 is characterized in that, described Authentication Response transmitting element comprises:
Encrypt subelement, be used to adopt check bit CK or HA1 that described application server authentication information is encrypted;
Send subelement, be used for sending IMS network authentication response message to described UE, described IMS network authentication response message comprises the described application server authentication information that adopts after CK or HA1 encrypt.
15, a kind of home subscriber server is characterized in that, described home subscriber server comprises:
Receiving element is used for first message that receipt of call conversation control function entity CSCF sends, and comprises the UE sign that the IMS network authentication is carried out in request in described first message;
Judging unit is used to judge whether exist and described UE corresponding application server authentication information;
Transmitting element is used for sending second message that comprises described UE corresponding application server authentication information to described CSCF when existence and described UE corresponding application server authentication information.
16, home subscriber server according to claim 15 is characterized in that, described first message is SAR message, and described second message is SAA message,
Described transmitting element, be used for when existence and described UE corresponding application server authentication information, send SAA message to described CSCF, described SAA message comprises the user signing contract information UserProfile of described UE, and described User Profile carries described application server authentication information.
17, a kind of subscriber equipment is characterized in that, described subscriber equipment comprises:
The first authentication request transmitting element is used for sending the request of IP Multimedia System IMS network authentication to call conversation control function entity CSCF;
The Authentication Response receiving element is used to receive the IMS network authentication response message that described CSCF sends, and described IMS network authentication response message carries the application server authentication information;
The second authentication request transmitting element is used to utilize described application server authentication information to carry out authentication to described application server.
18, subscriber equipment according to claim 17 is characterized in that,
Described Authentication Response receiving element, be used to receive the IMS network authentication response message 200OK that described CSCF sends, described 200OK comprises related unified resource sign P-Associated-URI header field, and described P-Associated-URI header field carries the application server authentication information.
19, subscriber equipment according to claim 17 is characterized in that,
Described Authentication Response receiving element is used to receive the IMS network authentication response message that described CSCF sends, and described IMS network authentication response message carries and adopts check bit CK or HA1 encrypted applications server authentication information.
20, subscriber equipment according to claim 19 is characterized in that, described subscriber equipment also comprises:
Decrypting device is used to adopt check bit CK or HA1 to decipher described application server authentication information.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910174570A CN101668016B (en) | 2009-09-30 | 2009-09-30 | Authentication method and device |
| PCT/CN2010/077516 WO2011038691A1 (en) | 2009-09-30 | 2010-09-30 | Authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910174570A CN101668016B (en) | 2009-09-30 | 2009-09-30 | Authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101668016A true CN101668016A (en) | 2010-03-10 |
| CN101668016B CN101668016B (en) | 2012-10-03 |
Family
ID=41804456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910174570A Active CN101668016B (en) | 2009-09-30 | 2009-09-30 | Authentication method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101668016B (en) |
| WO (1) | WO2011038691A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011038691A1 (en) * | 2009-09-30 | 2011-04-07 | 华为技术有限公司 | Authentication method and device |
| CN102440018A (en) * | 2011-06-30 | 2012-05-02 | 华为技术有限公司 | User device authentication method and authentication device under general authentication framework |
| CN102916966A (en) * | 2012-10-30 | 2013-02-06 | 青岛百灵信息科技有限公司 | Cloud computing and C2D (core 2 duo) based HIS (hospital information system) communication dialing module |
| CN105636034A (en) * | 2014-10-30 | 2016-06-01 | 南京悠信网络科技有限公司 | Authentication method and device for user equipment |
| CN106713249A (en) * | 2015-11-18 | 2017-05-24 | 大唐移动通信设备有限公司 | Authentication method and device |
| CN107172494A (en) * | 2017-06-29 | 2017-09-15 | 深圳市茁壮网络股份有限公司 | A kind of method for authenticating and right discriminating system |
| CN109618194A (en) * | 2018-12-10 | 2019-04-12 | 深圳贝尔创意科教有限公司 | A kind of authentication order method and its device based on program request platform end |
| CN110741613A (en) * | 2017-10-16 | 2020-01-31 | Oppo广东移动通信有限公司 | encrypted data stream identification method, device, storage medium and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1812322A (en) * | 2005-01-28 | 2006-08-02 | 华为技术有限公司 | Right discriminating system and processing method |
| CN1968138A (en) * | 2006-06-07 | 2007-05-23 | 华为技术有限公司 | Subscriber registration information management method and apparatus in IMS network |
| CN1866823B (en) * | 2006-02-08 | 2011-05-04 | 华为技术有限公司 | Authentication method, device and system in IMS network |
| CN1859099B (en) * | 2006-03-08 | 2011-02-02 | 华为技术有限公司 | Method for providing on-line application service for mobile terminal |
| CN101668016B (en) * | 2009-09-30 | 2012-10-03 | 华为技术有限公司 | Authentication method and device |
-
2009
- 2009-09-30 CN CN200910174570A patent/CN101668016B/en active Active
-
2010
- 2010-09-30 WO PCT/CN2010/077516 patent/WO2011038691A1/en active Application Filing
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011038691A1 (en) * | 2009-09-30 | 2011-04-07 | 华为技术有限公司 | Authentication method and device |
| CN102440018A (en) * | 2011-06-30 | 2012-05-02 | 华为技术有限公司 | User device authentication method and authentication device under general authentication framework |
| CN102916966A (en) * | 2012-10-30 | 2013-02-06 | 青岛百灵信息科技有限公司 | Cloud computing and C2D (core 2 duo) based HIS (hospital information system) communication dialing module |
| CN105636034A (en) * | 2014-10-30 | 2016-06-01 | 南京悠信网络科技有限公司 | Authentication method and device for user equipment |
| CN106713249A (en) * | 2015-11-18 | 2017-05-24 | 大唐移动通信设备有限公司 | Authentication method and device |
| CN107172494A (en) * | 2017-06-29 | 2017-09-15 | 深圳市茁壮网络股份有限公司 | A kind of method for authenticating and right discriminating system |
| CN107172494B (en) * | 2017-06-29 | 2019-07-16 | 深圳市茁壮网络股份有限公司 | A kind of method for authenticating and right discriminating system |
| CN110741613A (en) * | 2017-10-16 | 2020-01-31 | Oppo广东移动通信有限公司 | encrypted data stream identification method, device, storage medium and system |
| US11418951B2 (en) | 2017-10-16 | 2022-08-16 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method for identifying encrypted data stream, device, storage medium and system |
| CN109618194A (en) * | 2018-12-10 | 2019-04-12 | 深圳贝尔创意科教有限公司 | A kind of authentication order method and its device based on program request platform end |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101668016B (en) | 2012-10-03 |
| WO2011038691A1 (en) | 2011-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101668016B (en) | Authentication method and device | |
| US9628271B2 (en) | Key management for secure communication | |
| US7822407B2 (en) | Method for selecting the authentication manner at the network side | |
| CN101635823B (en) | Method and system of terminal for encrypting videoconference data | |
| CN102474523B (en) | Methods and apparatuses for initiating provisioning of subscriber data in a hss of an IP multimedia subsystem network | |
| US8990563B2 (en) | Sending protected data in a communication network | |
| CN103733701A (en) | System and method for subscribing for internet protocol multimedia subsystems (ims) services registration status | |
| KR20120109580A (en) | Authentication method, system and device | |
| US9369873B2 (en) | Network application function authorisation in a generic bootstrapping architecture | |
| US20120207284A1 (en) | Method for Obtaining Information of Key Management Server, and Method, System and Device for Monitoring | |
| WO2019114320A1 (en) | Ims user registration method and device | |
| CN101227474A (en) | Method for identifying authority of conversation initialized protocol user in soft switching network | |
| CN105516070A (en) | Authentication credential replacing method and authentication credential replacing device | |
| EP2671366B1 (en) | Determining a location address for shared data | |
| EP2532143B1 (en) | Method and apparatus for routing xcap requests | |
| CN101674178A (en) | User information storage method as well as user information authentication method and device | |
| CN102594782B (en) | IP Multimedia System method for authenticating, system and server | |
| CN101083838B (en) | HTTP abstract authentication method in IP multimedia subsystem | |
| CN105635098B (en) | The register method and system of IMS network | |
| CN101299874B (en) | User data returning method, system and equipment | |
| JP5746774B2 (en) | Key management for secure communication | |
| CN102572778B (en) | Method and device for processing messages based on globally routable user agent uniform resource indicators (GRUU) | |
| CN101296505A (en) | Method and system for implementing emergency callback, user server and call control device | |
| CN103139709A (en) | Method and system of massively texting multimedia information and media exchanging center | |
| CN101296500A (en) | User authentication processing method, system and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |