CN102055744A - Implementing system and method of IP (Internet Protocol) multimedia subsystem emergency call service - Google Patents
Implementing system and method of IP (Internet Protocol) multimedia subsystem emergency call service Download PDFInfo
- Publication number
- CN102055744A CN102055744A CN2009102123560A CN200910212356A CN102055744A CN 102055744 A CN102055744 A CN 102055744A CN 2009102123560 A CN2009102123560 A CN 2009102123560A CN 200910212356 A CN200910212356 A CN 200910212356A CN 102055744 A CN102055744 A CN 102055744A
- Authority
- CN
- China
- Prior art keywords
- cscf
- session
- request
- authentication
- setting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an implementing system and method of an IP (Internet Protocol) multimedia subsystem emergency call service, overcoming the defect that a network cannot effectively authenticate UE (User Equipment) employing an SIP (Session Initiation Protocol) Digest authentication mechanism in an emergency call process in the prior art. The method comprises the following steps of: sending a session establishment request to a P-CSCF (Proxy-Call Session Control Function) by the UE employing the SIP Digest authentication mechanism; judging whether the request is an emergency call service or not by the P-CSCF, and if so, routing the session establishment request to an S-CSCF (Serving-Call Session Control Function); executing an authentication process to the session establishment request by the S-CSCF; if the authentication is passed, forwarding the session establishment request to an E-CSCF (Emergency-Call Session Control Function), or returning a redirection response to the P-CSCF; and forwarding the session establishment request to the E-CSCF by the P-CSCF. The invention overcomes the defect that the network cannot effectively authenticate the UE using the SIP Digest authentication mechanism in an emergency call process.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of realization system and method for IP Multimedia System emergence call service.
Background technology
According to the control regulation of various countries, regional telecommunication administration, communication network must can provide the emergency voice calls business.When user's emergency call number, or the default emergency telephone number of storing in the use terminal equipment, or when using the urgent call sign to initiate urgent call, network continues urgent call to the urgency communication of locality and accepts the center, as police, fire alarm, medical aid, rescue etc.
The government control in country variant or area requires different to the service object of urgent call, the country that has requires operator only to provide urgent call for the authenticated validated user that passes through, this moment, network must be confirmed the legitimacy of user and urgent call earlier, just provided urgent call for the user; The country that has requires operator also to provide urgent call for the user of unauthenticated, such as for the terminal that does not have plug sim card, or do not have the terminal of user authentication data, though network can't be confirmed user's legitimacy, also must can provide emergence call service.
IP (Intemet Protocol, Internet Protocol) IP multimedia subsystem, IMS (IP Multimedia Core Network Subsystem is called for short IMS) also must provide emergence call service, satisfies above-mentioned government control requirement.
Fig. 1 is the reference frame schematic diagram of IMS emergence call service in the prior art.As shown in Figure 1, whole framework comprises:
Subscriber equipment (User Equipment is called for short UE) 101;
Proxy Call Session Control Function (Proxy Call Session Control Function is called for short P-CSCF) 102;
Query call conversation control function (Interrogating Call Session Control Function is called for short P-CSCF) 103;
Service call conversation control function (Serving Call Session Control Function is called for short S-CSCF) 104;
Home subscriber server (Home Subscriber Server is called for short HSS) 105;
Emergency call session controlled function (Emergency Call Session Control Function is called for short E-CSCF) 106;
Urgency communication is accepted center (Public Safety Answering Point is called for short PSAP) 107.
In conversation procedure, also relate to interconnection boundary Control function (Interconnection Border Control Function in addition, abbreviation IBCF), MGCF (Media Gateway Control Function, be called for short MGCF) etc. functional entity, owing to do not have direct relation with the present invention, do not represent in the drawings.
As shown in Figure 1, be connected by Gm between UE 101 and the P-CSCF 102 in the above-mentioned framework, be connected by Mw between P-CSCF 102 and the I-CSCF 103, be connected by Dx between I-CSCF 103 and the HSS 105, be connected by Cx interface between S-CSCF 104 and the HSS 105, be connected by Mw between P-CSCF 102 and the S-CSCF 104, be connected by Mw between P-CSCF 102 and the E-CSCF106, be connected by the Mi/Mg interface between E-CSCF 106 and the PSAP 107, be connected by the Mm/Mw interface between S-CSCF 104 and the PSAP 107.Also there is annexation between I-CSCF 103 and the S-CSCF 104.
Wherein, P-CSCF 102, E-CSCF 106 and PSAP 107 are positioned at visited network, when P-CSCF102 receives user's emergency call request, emergency call request is forwarded to E-CSCF106, E-CSCF 106 is routed to PSAP 107 according to customer position information with emergency call request.Home network and P-CSC 101 that I-CSCF 103, S-CSCF 104, HSS 105 are positioned at the user can support urgent call registration, urgent call call-back business together.
According to the requirement of IMS urgent call, the user is when initiating urgent call, and UE must carry out the IMS registration, or after having carried out IMS urgent call registration, could initiate the IMS urgent call.
In order to guarantee user's legitimacy, IMS must authenticate UE.IMS supports multiple authentification of user security mechanism, as authentication and cryptographic key agreement (Authentication and key agreement, abbreviation AKA), session initiation protocol summary (Session Initiation Protocol Digest, be called for short SIPDigest), access-IMS binding authentication etc., wherein SIP Digest mechanism is simple and easy to usefulness, is widely used under scenes such as fixing access, cable access.
Fig. 2 is the IMS register flow path schematic diagram that uses SIP Digest authentication mechanism in the prior art.IMS urgent call register flow path and this flow process are basic identical, describe in the lump at this.When the UE that uses SIP Digest authentication mechanism need use IMS professional, must carry out the IMS registration.As shown in Figure 2, the IMS registration process mainly may further comprise the steps:
Step S201, UE sends register requirement to P-CSCF, comprises IP multimedia pUblic identity in the request, and the authentication header field, comprises user name, user attaching territory and domain name in the authentication header field, and wherein user name is carried user's privately owned sign;
If the user need initiate urgent call, then UE inserts the urgent call sign in above-mentioned register requirement, illustrates that this register requirement is the urgent call register requirement;
Because this UE uses SIP Digest authentication, will not carry any security type parameter;
Owing to be first registration, the authentication response parameter in the authentication header field is empty in addition;
Step S202 when P-CSCF receives register requirement, judges auth type, and register requirement is forwarded to the access point I-CSCF of home domain;
Step S203, I-CSCF carries out the S-CSCF assigning process, initiates the S-CSCF request for allocation to HSS, and HSS returns the S-CSCF address or the S-CSCF capability set of distribution;
Step S204, I-CSCF be to the S-CSCF that distributes, or transmit register requirement to the S-CSCF that selects according to the S-CSCF capability set;
Step S205, S-CSCF find that the user registers first, carry out the login state setting up procedure, and notice HSS user is in the registration process, and HSS preserves this S-CSCF address;
Step S206 because S-CSCF does not have the needed authentication information of authentification of user, sends the authentication vector request message to HSS, and notice HSS auth type;
Step S207, HSS generate authentication vector according to user's secure data, and by authentication vector response are returned to S-CSCF;
Comprise level of security, identifying algorithm, hashed value in the authentication vector, wherein hashed value is to be obtained through hash function by IP multimedia private identity, user attaching territory, password;
Step S208, S-CSCF generate the authentication random number, and the return authentication challenge responses wherein comprises authentication random number and identifying algorithm that S-CSCF generates;
Step S209, I-CSCF is transmitted to P-CSCF with the authentication challenge response;
Step S210, P-CSCF is transmitted to UE with the authentication challenge response;
Step S211, UE are according to random value, identifying algorithm in the authentication challenge response, and the local hashed value calculating authentication response value of calculating, and initiate register requirement then again, and carry the authentication response value that calculates in the authentication header field;
Step S212, S202 is identical with step;
Step S213, S203 is basic identical with step, because UE is in the registration suspended state in HSS, this moment, HSS returned the S-CSCF address of preserving among the step S205;
Step S214, S204 is identical with step;
Step S215, after S-CSCF received register requirement, whether the authentication response value that inspection discovery UE returns was correct, if correct, then carries out the login state setting up procedure, and notice HSS user is in registered state, respond otherwise return refusal, or authentication challenge responds;
Step S216, after authentication was passed through, S-CSCF obtained user contracting data in interior user profile to HSS;
Step S217, S-CSCF returns the response of succeeding in registration to I-CSCF;
S-CSCF generates new random number, and covers in the authentication header field of the response of succeeding in registration;
Step S218, I-CSCF will succeed in registration to respond and be transmitted to P-CSCF;
After step S219, P-CSCF preserved user's link address information, the response of will succeeding in registration was transmitted to UE.
UE preserves the up-to-date random number that S-CSCF generates, for follow-up service request is used.
User's link address that P-CSCF preserves, can be used to check the legitimacy of follow-up session initiation protocol (SIP) message, if it is inconsistent that employed link address of this user's subsequent message and P-CSCF preserve, then P-CSCF thinks that this message is illegal, refuses this message.This method has improved the fail safe of system to a certain extent, but stops IP address forgery and attack in can't be thoroughly.
So far, UE succeeds in registration in IMS, can use the IMS business.
Fig. 3 is the IMS service request schematic flow sheet that uses SIP Digest authentication mechanism in the prior art, is example to initiate a session request.After UE has succeeded in registration in IMS, when the user need make a call, as shown in Figure 3, mainly may further comprise the steps:
When step S301, UE set up request in initiation session, the random value that obtains according to the last time calculated the authentication response value, was inserted into session and set up in the request message, then the session request of setting up was sent to P-CSCF;
Step S302, P-CSCF checks the legitimacy of session foundation request according to the link address of preserving in the IMS registration process, if consistent legal that link address that request message uses and P-CSCF preserve set up in session, then session foundation is asked to be forwarded to S-CSCF, otherwise refuse this request message;
By this checking process, improved the fail safe of system to a certain extent;
Step S303, S-CSCF checks the authentication response value that the session request of setting up is carried, this request message is authenticated, if authentication is passed through, S-CSCF carries out subsequent processes, execution in step S308, otherwise think that this request is illegal, return the refusal response, or execution in step S304, the authentication challenge process initiated;
By this verification process, further improved the fail safe of system, guaranteed user's legitimacy, effectively prevent IP address forgery and attack;
Step S304, S-CSCF generate the authentication random number, and the return authentication challenge responses is given P-CSCF, comprise authentication random number and identifying algorithm that S-CSCF generates in the response;
Step S305, P-CSCF is transmitted to UE with the authentication challenge response;
Step S306, UE calculates the authentication response value according to the random value among the step S305, and is inserted into session and sets up in the request message, then request message is set up in session and is sent to P-CSCF;
Step S307, S302 is identical with step, after S-CSCF receives that request message is set up in session, request message is authenticated, if execution in step S308, otherwise refusal request, and then initiation authentication challenge process are passed through in authentication;
Step S308, S-CSCF sets up the opposite end network that request message is issued the called subscriber place with session after carrying out business logic processing, finishes the subsequent voice calls process.
By the process of describing among Fig. 2 and Fig. 3, can be in registration process and nonregistered (NR) service request process, guarantee to use the UE legitimacy of SIP Digest, prevent that effectively other users from forging this IP address and initiating business or attack, improve the fail safe of system.
Fig. 4 is an IMS urgent call schematic flow sheet in the prior art.Urgent call is that visit ground is professional, and is different with normal IMS calling procedure.The user need initiate urgent call, must in IMS, succeed in registration, or the urgent call registration, as shown in Figure 4, emergency calling process mainly may further comprise the steps:
Step S401, when UE sets up request in initiation session, the random value that obtains according to the last time calculates the authentication response value, being inserted into session sets up in the request message, if it is urgent call that UE can judge this calling, also need in urgent call, insert the urgent call sign, then the session request of setting up be sent to P-CSCF;
Step S402, P-CSCF checks the legitimacy that session foundation is asked according to the link address of preserving in IMS registration or the Emmergency log-on process, if legal, then further judges call property; If be urgent call, then the session request of setting up is forwarded to local E-CSCF, otherwise carries out normal call flow process shown in Figure 3, the session request of setting up is forwarded to the S-CSCF of user ascription area;
P-CSCF judges call property by the following method:
1) checks in the session foundation request whether comprise the urgent call sign,, think that then this calling is urgent call, otherwise further check the called number in the session foundation request if comprise;
2),, think that then this calling is urgent call, otherwise think ordinary call as 911,110 etc. if called number is an emergency telephone number; When being judged as urgent call, P-CSCF asks to be transmitted to E-CSCF with session foundation insert the urgent call sign in session foundation request after; Or return the replacement service response, notify the user to call out to be urgent call, UE to initiate the urgent call registration again and request is set up in the session that contains the urgent call sign;
Step S403, E-CSCF are forwarded to PSAP according to user position information with the session request of setting up;
If PSAP is arranged in PSTN (PSTN), the session request of setting up also can be passed through media gateway CCF and media gateway, is routed to PSAP again, finishes follow-up emergency calling process.
The inventor finds in realizing process of the present invention, from the angle of network security, owing to do not have interface between E-CSCF and the HSS, can't obtain SIP Digest authentication parameters needed, can't user's emergency call request message be authenticated.Can only depend on the inspection of P-CSCF to the contact address this moment, can't effectively prevent IP address embezzlement and attack such as counterfeit, it is the legitimacy that existing urgent call mechanism can't guarantee emergency call user fully, level of security is lower, can not satisfy the requirement of urgent call government control simultaneously.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of realization system and method for IMS emergence call service, overcomes the prior art defective that network can't effectively authenticate the UE that uses the SIPDigest authentication mechanism in emergency calling process.
In order to solve the problems of the technologies described above, the invention provides a kind of implementation method of IP Multimedia System emergence call service, comprising:
Use the subscriber equipment (UE) of session initiation protocol summary (SIP Digest) authentication mechanism to send session foundation request to Proxy Call Session Control Function (P-CSCF);
Described P-CSCF judges the emergence call service that is to use SIP Digest authentication mechanism, then the described session request of setting up is routed to service call conversation control function (S-CSCF);
Described S-CSCF carries out verification process to the described session request of setting up, then the described session request of setting up is forwarded to emergency call session controlled function (E-CSCF) by this authentication, perhaps return redirect response, the described session request of setting up is forwarded to described E-CSCF by described P-CSCF to described P-CSCF.
Preferably, described S-CSCF sets up request authentication to described session and does not pass through, and then refuses described session and sets up request, or initiate the authentication challenge process.
Preferably, described UE sets up in described session and inserts the urgent call sign in the request, then the described session request of setting up is sent to described P-CSCF.
Preferably, described P-CSCF selects the described E-CSCF on visit ground, session initiation protocol (SIP) sign of described E-CSCF is inserted into described session sets up in the request, then the described session request of setting up is routed to described S-CSCF.
Preferably, described P-CSCF is inserted into the SIP sign of described E-CSCF in the described session foundation request, comprises being placed on route header field tabulation top.
Preferably, described S-CSCF sets up the step of asking to be forwarded to described E-CSCF with described session, comprising:
Described S-CSCF removes the SIP sign of self from route header field tabulation top, and obtain the SIP sign of described E-CSCF from described route header field tabulation top, the indication according to described route header field tabulation top is forwarded to described E-CSCF with the described session request of setting up then.
Preferably, described P-CSCF sets up in described session and inserts the urgent call sign in the request, then the described session request of setting up is transmitted to described S-CSCF.
Preferably, described S-CSCF sets up the SIP sign of obtaining E-CSCF request or the local configuration from described session after setting up the authentication of request by described session, and the SIP sign of described E-CSCF is inserted in the described redirect response as redirection target.
Preferably, after described P-CSCF receives described redirect response, from described redirect response, obtain the address of described E-CSCF, or, described session foundation is asked to be forwarded to described E-CSCF according to the address of described E-CSCF from the address that described E-CSCF is obtained in this locality configuration.
Preferably, the described authentication challenge process that described S-CSCF initiates comprises:
Described S-CSCF generates the authentication random number, returns the authentication challenge response of carrying described authentication random number to described P-CSCF;
Described P-CSCF is transmitted to described UE with described authentication challenge response;
Described UE calculates the authentication response value according to the described authentication random number in the described authentication challenge response, initiates the session of urgent call according to described authentication response value again and sets up request.
In order to solve the problems of the technologies described above, the present invention also provides a kind of realization system of IP Multimedia System emergence call service, comprise subscriber equipment (UE), Proxy Call Session Control Function (P-CSCF), service call conversation control function (S-CSCF) and emergency call session controlled function (E-CSCF), wherein:
Described UE uses session initiation protocol summary (SIP Digest) authentication mechanism, is used for sending session to described P-CSCF and sets up request;
Described P-CSCF, after being used to judge the described session request of setting up and being to use the emergence call service of SIP Digest authentication mechanism, the described session request of setting up is routed to described S-CSCF, and the redirect response that sends according to described S-CSCF is forwarded to described E-CSCF with the described session request of setting up;
Described S-CSCF, be used for verification process is carried out in the described session request of setting up, authentication by after the described session request of setting up is forwarded to described E-CSCF, perhaps send described redirect response to described P-CSCF, otherwise refuse described session and set up request, or initiate the authentication challenge process.
Preferably, described UE is further used for setting up insertion urgent call sign in the request in described session; Described P-CSCF is further used for setting up insertion urgent call sign in the request in described session.
P-CSCF in the technical solution of the present invention will use the emergency call request of SIP Digest authentication mechanism to be transmitted to S-CSCF, authenticate by S-CSCF, be redirected to E-CSCF by P-CSCF then, or directly send to E-CSCF by S-CSCF, overcome the defective that network can't effectively authenticate the UE that uses SIP Digest authentication mechanism in the emergency calling process, guaranteed to initiate the legitimacy of emergency call request, the control requirement to urgent call has been satisfied in the fail safe that has improved system.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in specification, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used from explanation the present invention with embodiments of the invention one, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the reference frame schematic diagram of IMS emergence call service in the prior art;
Fig. 2 is the IMS register flow path schematic diagram that uses SIP Digest authentication mechanism in the prior art;
Fig. 3 is the IMS service request schematic flow sheet that uses SIP Digest authentication mechanism in the prior art;
Fig. 4 is an IMS urgent call schematic flow sheet in the prior art;
Fig. 5 is the schematic flow sheet of the inventive method first embodiment;
Fig. 6 is the schematic flow sheet of the inventive method second embodiment.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, how the application technology means solve technical problem to the present invention whereby, and the implementation procedure of reaching technique effect can fully understand and implements according to this.
Need to prove that if do not conflict, each feature among the embodiment of the invention and the embodiment can mutually combine, all within protection scope of the present invention.In addition, can in computer system, carry out in the step shown in the flow chart of accompanying drawing such as a set of computer-executable instructions, and, though there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.
The core concept of the implementation method of the IMS urgent call that technical solution of the present invention provides is when using the UE initiation urgent call of SIP Digest authentication mechanism, to send session to P-CSCF and set up request; This P-CSCF judges the emergence call service that is to use SIP Digest authentication mechanism, then this session request of setting up is routed to S-CSCF; This S-CSCF carries out verification process, then the described session request of setting up is forwarded to emergency call session controlled function (E-CSCF) by this authentication, perhaps return redirect response to described P-CSCF, by described P-CSCF the described session request of setting up is forwarded to described E-CSCF, sets up request or initiate the authentication challenge process otherwise refuse described session.
Fig. 5 is the schematic flow sheet of the inventive method first embodiment.UE in the present embodiment is for using the UE of SIP Digest authentication mechanism, in the IMS urgent call flow process after the improvement that present embodiment is described, when the user need initiate urgent call, use the UE of SIP Digest authentication mechanism in IMS, to succeed in registration, or successfully carried out Emmergency log-on, the emergency calling process of present embodiment mainly may further comprise the steps:
Step S501, when UE sets up request in initiation session, the random value that obtains according to the last time calculates the authentication response value, being inserted into session sets up in the request message, if it is urgent call that UE can judge this calling, then set up and insert the urgent call sign in the request, then the session request of setting up is sent to P-CSCF in session;
Step S502, P-CSCF checks the legitimacy that session foundation is asked according to the link address of preserving in IMS registration or the Emmergency log-on process, if legal, then further judges call property; Judge and be urgent call, and use SIP Digest authentication mechanism, then the session request of setting up is forwarded to the S-CSCF of user's service, otherwise carries out call flow of the prior art;
Calling procedure of the prior art is meant, if this calling is ordinary call, then the session request of setting up is transmitted to S-CSCF; If this calling is urgent call, but the right and wrong SIP Digest authentication mechanism that uses, then P-CSCF is transmitted to E-CSCF with the session request of setting up of urgent call;
The authentication mechanism that UE uses in calling procedure must be identical with use authentication mechanism in IMS registration or the IMS urgent call registration process, otherwise the emergency call request of this P-CSCF refusing user's; Such as in registration process, having used SIP Digest authentication mechanism, then in non-login service process such as calling procedure, must use SIP Digest authentication mechanism;
If setting up, the session that this UE sends do not have the urgent call sign in the request, be that not identify this calling be urgent call to UE, and P-CSCF finds that the called number that session is set up in the request is an emergency telephone number, as 911,110 etc., then return the substitution service response, indication UE initiates urgent call again, or sets up insertion urgent call sign in the request in session, then the session request of setting up is transmitted to S-CSCF, explicitly notice S-CSCF should call out and be urgent call;
P-CSCF selects the E-CSCF on visit ground, and the SIP sign of E-CSCF is inserted into session sets up in the request, as is placed in the top of route header field tabulation, or in other header fields, parameter, the E-CSCF address of this emergence call service of notice S-CSCF;
Step S503, S-CSCF checks the authentication response value that the emergency call session request of setting up is carried, this request message is authenticated, if authentication is passed through, S-CSCF carries out subsequent processes, execution in step S508, otherwise think that this request is illegal, return the refusal response, or execution in step S504 initiates the authentication challenge process to step S507;
S-CSCF thinks that then this calling is urgent call, otherwise is ordinary call by finding to carry the urgent call sign in the setup requests;
If ordinary call, S-CSCF then needs to carry out business logic processing according to user's service contracting, and for urgent call, S-CSCF then skips above-mentioned business logic processing, directly the emergency call redirection process of execution in step S508;
By the verification process of this step, further guaranteed the legitimacy of urgent call;
Step S504, S-CSCF generate the authentication random number, and the return authentication challenge responses is given P-CSCF, comprise authentication random number and identifying algorithm that S-CSCF generates in the response;
The described verification process of step S503~S504 is identical with the verification process of normal call.
Step S505, P-CSCF is transmitted to UE with the authentication challenge response;
Step S506, UE calculates the authentication response value according to the authentication random number that the authentication challenge among step S505 response is carried, and then the authentication response value is inserted into session and sets up in the request message, and the session request of setting up that will carry the authentication response value sends to P-CSCF;
Step S507, S502 is identical with step, after S-CSCF receives that request is set up in session, request message is authenticated, pass through if authenticate, execution in step S508, otherwise refusal request, or initiate the authentication challenge process once more;
Step S508, after session was set up request authentication and passed through, S-CSCF returned redirect response to P-CSCF;
S-CSCF sets up the request from described emergency call session, obtain the SIP sign of the E-CSCF of P-CSCF appointment, or from the configuration of this locality, select E-CSCF, then the SIP of E-CSCF sign is inserted into as redirection target and sends to P-CSCF in the redirect response, indication P-CSCF sends to the emergency call session request of setting up the E-CSCF of appointment;
Step S509, P-CSCF initiate redirect operation according to the indication that is redirected, and the session request of setting up are forwarded to the E-CSCF on visit ground;
For ordinary call, P-CSCF need be transmitted to UE with redirect response, carries out redirect operation by UE; And, then carry out redirect operation by P-CSCF for the urgent call of using SIP Digest authentication mechanism;
P-CSCF obtains the SIP sign of E-CSCF from redirect response, or from local selection of configuration E-CSCF;
Step S510, E-CSCF are forwarded to PSAP nearby according to user position information with the session request of setting up.
If PSAP is arranged in the PSTN network, the session request of setting up also can be passed through media gateway CCF and media gateway, is routed to PSAP again, finishes follow-up emergency calling process, and follow-up emergency calling process is same as the prior art.
From said process as can be seen,, provide authentication, check the legitimacy of request, thereby solved problems of the prior art by S-CSCF because P-CSCF will use the emergency call session request of setting up of SIP Digest authentication mechanism to issue S-CSCF earlier.
Fig. 6 is the schematic flow sheet of the inventive method second embodiment.UE in the present embodiment is for using the UE of SIP Digest authentication mechanism, in the IMS urgent call flow process after the improvement that present embodiment is described, the user need initiate urgent call, use the UE of SIP Digest authentication mechanism in IMS, to succeed in registration, or successfully carried out Emmergency log-on, as shown in Figure 6, the described emergency calling process of present embodiment mainly may further comprise the steps:
Step S601, when UE sets up request in initiation session, the random value that obtains according to the last time calculates the authentication response value, the authentication response value is inserted into session to be set up in the request message, if it is urgent call that UE can judge this calling, then set up and insert the urgent call sign in the request, then the session request of setting up is sent to P-CSCF in session;
Step S602, P-CSCF checks the legitimacy that session foundation is asked according to the link address of preserving in IMS registration or the Emmergency log-on process, if legal, then further judges call property; Be urgent call if this is called out, and use SIP Digest authentication mechanism, then the session request of setting up is forwarded to the S-CSCF of user's service, otherwise carries out call flow of the prior art;
Calling procedure of the prior art is meant, if this calling is ordinary call, then the session request of setting up is transmitted to S-CSCF; If this calling is urgent call, but the right and wrong SIP Digest authentication mechanism that uses, then P-CSCF is transmitted to E-CSCF with the session request of setting up of this urgent call;
The authentication mechanism that UE uses in calling procedure must be identical with use authentication mechanism in IMS registration or the IMS urgent call registration process, otherwise the emergency call request of this P-CSCF refusing user's; Such as in registration process, having used SIP Digest authentication mechanism, then in non-login service process such as calling procedure, must use SIP Digest authentication mechanism;
If setting up, the session that this UE sends do not have the urgent call sign in the request, be that not identify this calling be urgent call to UE, and P-CSCF finds that the called number that session is set up in the request is an emergency telephone number, as 911,110 etc., then return the substitution service response, indication UE initiates urgent call again, or sets up insertion urgent call sign in the request in session, then the session request of setting up is transmitted to S-CSCF, explicitly notice S-CSCF should call out and be urgent call;
P-CSCF selects the E-CSCF on visit ground, and the SIP sign of E-CSCF is inserted into the top that route header field tabulation in the request is set up in session, as:
route:<sip:ecscf1.visited1.net;lr;comp=sigcomp>
Wherein sip:ecscf1.visited1.net is the SIP sign of the E-CSCF on the visit ground selected of P-CSCF;
When P-CSCF was transmitted to S-CSCF with the emergency call session request of setting up, the SIP that also can increase S-CSCF by prior art on the top of route header field tabulation again identified, as:
route:<sip:scscf1.home1.net;lr;comp=sigcomp>;
<sip:ecscf1.visited1.net;lr;comp=sigcomp>
P-CSCF also can adopt other modes, carries the E-CSCF address as other header fields or parameter; P-CSCF also can not select E-CSCF, finishes selection by S-CSCF;
Step S603, S-CSCF checks the authentication response value that the emergency call session request of setting up is carried, this request message is authenticated, if authentication is passed through, S-CSCF carries out subsequent processes, execution in step S608, otherwise think that this request is illegal, return the refusal response, or execution in step S604 initiates the authentication challenge process to step S607;
S-CSCF thinks that then this calling is urgent call, otherwise is ordinary call by finding to carry the urgent call sign in the setup requests;
If ordinary call, S-CSCF then needs to carry out business logic processing according to user's service contracting, and for urgent call, S-CSCF then skips above-mentioned business logic processing, directly the urgent call repeating process of execution in step S608;
By the verification process of this step, further guaranteed the legitimacy of urgent call;
Step S604, S-CSCF generate the authentication random number, and the return authentication challenge responses is given P-CSCF, comprise authentication random number and identifying algorithm that S-CSCF generates in the response;
The described verification process in step S603~604 is identical with the verification process of normal call;
Step S605, P-CSCF is transmitted to UE with the authentication challenge response;
Step S606, UE calculates the authentication response value according to the authentication random number that the authentication challenge among step S605 response is carried, and then the authentication response value is inserted into session and sets up in the request message, and the session request of setting up that will carry the authentication response value sends to P-CSCF;
Step S607, S602 is identical with step, after S-CSCF receives that request is set up in session, request message is authenticated, pass through if authenticate, execution in step S608, otherwise refusal request, or initiate the authentication challenge process once more;
Step S608, after request authentication is set up in session being passed through, S-CSCF sends to E-CSCF with the emergency call session request of setting up;
If carry the E-CSCF address in the tabulation of route header field, then repeating process is:
1) S-CSCF removes the SIP sign of self from route header field tabulation top, is sip:scscf1.home1.net in an embodiment, and this moment, the tabulation of route header field became:
route:<sip:ecscf1.visited1.net;lr;comp=sigcomp>;
2) S-CSCF obtains the address (being the SIP sign) of described E-CSCF from the route header field tabulation top that the SIP that removes S-CSCF identifies, and is sip:ecscf1.visited1.net in an embodiment;
3) S-CSCF sends emergency call session foundation and asks the route header field tabulation specified E-CSCF in top;
If P-CSCF does not specify E-CSCF, then S-CSCF can be according to local selection of configuration E-CSCF;
In addition, S-CSCF can select oneself not to be added in the SIP session path; For normal call, S-CSCF must be arranged in session path, and its address with oneself adds in the tabulation of record route header field, for example:
record-route:<sip:scscf1.home1.net;lr>,<sip:pcscf1.visited1.net;lr>;
Because urgent call is that visit ground is professional, therefore S-CSCF there is no need to add in the session path, therefore during S-CSCF can not tabulate the SIP sign adding record route header field of oneself, the recording head domain list that the emergency call session that transfer this moment is set up in asking was:
record-route:<sip:pcscf1.visited1.net;lr>;
S-CSCF will be no longer passed through in follow-up SIP request in this session like this;
Step S609, E-CSCF set up session the PSAP that asks to be forwarded to nearby according to user position information;
If PSAP is arranged in the PSTN network, the session request of setting up also can be passed through media gateway CCF and media gateway, is routed to PSAP again, finishes follow-up emergency calling process;
Step S610, the PSAP receipt of call returns session and sets up success response.
Between step S609 and S610, also have some other interaction flow, since irrelevant with the present invention, be not described in detail here;
Step S611, E-CSCF is created as the merit response with session and sends to S-CSCF;
Step S612, S-CSCF is created as the merit response with session and sends to P-CSCF;
Step S613, P-CSCF is created as the merit response with session and sends to UE;
Step S614, UE returns response confirmation message to P-CSCF, and expression receives success response; Response confirmation message is the sip request message in this session;
Step S615, if S-CSCF does not add session path with oneself, P-CSCF then directly sends to E-CSCF with response confirmation message, otherwise also can continue to send to S-CSCF;
The processing mode of the sip request message in other sessions (discharging request as session updates request, session) is identical therewith;
Step S616, E-CSCF sends to PSAP with response confirmation message.
So far, set up emergency call session between UE and the PSAP, entered the urgent call talking state.
From said process as can be seen, because P-CSCF will use the emergency call session request of setting up of SIP Digest authentication mechanism to issue S-CSCF, provide authentication by S-CSCF, check the legitimacy of request, and then send to E-CSCF, thereby problems of the prior art have been solved.
Contrast the inventive method first embodiment shown in Figure 5 and the inventive method shown in Figure 6 second embodiment, the realization system of the IMS emergence call service that the present invention proposes mainly comprises UE, P-CSCF, S-CSCF and E-CSCF, wherein:
This UE uses session initiation protocol summary (SIP Digest) authentication mechanism, is used for sending session to this P-CSCF and sets up request;
This P-CSCF, after being used to judge this session request of setting up and being to use the emergence call service of SIP Digest authentication mechanism, this session request of setting up is routed to this S-CSCF, and the redirect response that sends according to this S-CSCF is forwarded to this E-CSCF with this session request of setting up;
This S-CSCF is used for verification process is carried out in this session request of setting up, authentication by after this session request of setting up is forwarded to this E-CSCF, perhaps send this redirect response, otherwise refusal response or initiate the authentication challenge process to this P-CSCF.
Wherein, this UE can be further used for setting up insertion urgent call sign in the request in this session; This P-CSCF also can be further used for setting up insertion urgent call sign in the request in this session.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Though the disclosed execution mode of the present invention as above, the execution mode that described content just adopts for the ease of understanding the present invention is not in order to limit the present invention.Technical staff in any the technical field of the invention; under the prerequisite that does not break away from the disclosed spirit and scope of the present invention; can do any modification and variation what implement in form and on the details; but scope of patent protection of the present invention still must be as the criterion with the scope that appending claims was defined.
Claims (12)
1. the implementation method of an IP Multimedia System emergence call service is characterized in that, comprising:
Use the subscriber equipment (UE) of session initiation protocol summary (SIP Digest) authentication mechanism to send session foundation request to Proxy Call Session Control Function (P-CSCF);
Described P-CSCF judges the emergence call service that is to use SIP Digest authentication mechanism, then the described session request of setting up is routed to service call conversation control function (S-CSCF);
Described S-CSCF carries out verification process to the described session request of setting up, then the described session request of setting up is forwarded to emergency call session controlled function (E-CSCF) by this authentication, perhaps return redirect response, the described session request of setting up is forwarded to described E-CSCF by described P-CSCF to described P-CSCF.
2. the method for claim 1 is characterized in that:
Described S-CSCF sets up request authentication to described session and does not pass through, and then refuses described session and sets up request, or initiate the authentication challenge process.
3. the method for claim 1 is characterized in that:
Described UE sets up in described session and inserts the urgent call sign in the request, then the described session request of setting up is sent to described P-CSCF.
4. the method for claim 1 is characterized in that:
Described P-CSCF selects the described E-CSCF on visit ground, session initiation protocol (SIP) sign of described E-CSCF is inserted into described session sets up in the request, then the described session request of setting up is routed to described S-CSCF.
5. method as claimed in claim 4 is characterized in that:
Described P-CSCF is inserted into the SIP sign of described E-CSCF in the described session foundation request, comprises being placed on route header field tabulation top.
6. method as claimed in claim 5 is characterized in that, described S-CSCF sets up the step of asking to be forwarded to described E-CSCF with described session, comprising:
Described S-CSCF removes the SIP sign of self from route header field tabulation top, and obtain the SIP sign of described E-CSCF from described route header field tabulation top, the indication according to described route header field tabulation top is forwarded to described E-CSCF with the described session request of setting up then.
7. the method for claim 1 is characterized in that:
Described P-CSCF sets up in described session and inserts the urgent call sign in the request, then the described session request of setting up is transmitted to described S-CSCF.
8. the method for claim 1 is characterized in that:
Described S-CSCF sets up the SIP sign of obtaining E-CSCF request or the local configuration from described session after setting up the authentication of request by described session, the SIP sign of described E-CSCF is inserted in the described redirect response as redirection target.
9. the method for claim 1 is characterized in that:
After described P-CSCF receives described redirect response, from described redirect response, obtain the address of described E-CSCF, or, described session foundation is asked to be forwarded to described E-CSCF according to the address of described E-CSCF from the address that described E-CSCF is obtained in this locality configuration.
10. the method for claim 1 is characterized in that, the described authentication challenge process that described S-CSCF initiates comprises:
Described S-CSCF generates the authentication random number, returns the authentication challenge response of carrying described authentication random number to described P-CSCF;
Described P-CSCF is transmitted to described UE with described authentication challenge response;
Described UE calculates the authentication response value according to the described authentication random number in the described authentication challenge response, initiates the session of urgent call according to described authentication response value again and sets up request.
11. the realization system of an IP Multimedia System emergence call service, it is characterized in that, comprise subscriber equipment (UE), Proxy Call Session Control Function (P-CSCF), service call conversation control function (S-CSCF) and emergency call session controlled function (E-CSCF), wherein:
Described UE uses session initiation protocol summary (SIP Digest) authentication mechanism, is used for sending session to described P-CSCF and sets up request;
Described P-CSCF, after being used to judge the described session request of setting up and being to use the emergence call service of SIP Digest authentication mechanism, the described session request of setting up is routed to described S-CSCF, and the redirect response that sends according to described S-CSCF is forwarded to described E-CSCF with the described session request of setting up;
Described S-CSCF, be used for verification process is carried out in the described session request of setting up, authentication by after the described session request of setting up is forwarded to described E-CSCF, perhaps send described redirect response to described P-CSCF, otherwise refuse described session and set up request, or initiate the authentication challenge process.
12. system as claimed in claim 11 is characterized in that:
Described UE is further used for setting up insertion urgent call sign in the request in described session;
Described P-CSCF is further used for setting up insertion urgent call sign in the request in described session.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102123560A CN102055744A (en) | 2009-11-06 | 2009-11-06 | Implementing system and method of IP (Internet Protocol) multimedia subsystem emergency call service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102123560A CN102055744A (en) | 2009-11-06 | 2009-11-06 | Implementing system and method of IP (Internet Protocol) multimedia subsystem emergency call service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102055744A true CN102055744A (en) | 2011-05-11 |
Family
ID=43959673
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102123560A Pending CN102055744A (en) | 2009-11-06 | 2009-11-06 | Implementing system and method of IP (Internet Protocol) multimedia subsystem emergency call service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102055744A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013185709A1 (en) * | 2012-09-12 | 2013-12-19 | 中兴通讯股份有限公司 | Call authentication method, device, and system |
| WO2014075484A1 (en) * | 2012-11-13 | 2014-05-22 | 中兴通讯股份有限公司 | Browser emergency call method, system, and mobile device in real-time communication |
| CN109691017A (en) * | 2017-01-25 | 2019-04-26 | 华为技术有限公司 | Message protection method, user equipment and equipment of the core network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505908A (en) * | 2001-04-27 | 2004-06-16 | ��˹��ŵ�� | Method and system for handling a network-identified emergency session |
| EP2018075A1 (en) * | 2006-05-02 | 2009-01-21 | NTT DoCoMo, Inc. | Mobile terminal and mobile communication system |
| CN101448258A (en) * | 2007-11-26 | 2009-06-03 | 华为技术有限公司 | Judgment method of authentication mode for UE to access IMS and device thereof |
| CN101448233A (en) * | 2008-05-23 | 2009-06-03 | 中兴通讯股份有限公司 | Method for realizing IP multimedia subsystem emergency call |
-
2009
- 2009-11-06 CN CN2009102123560A patent/CN102055744A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505908A (en) * | 2001-04-27 | 2004-06-16 | ��˹��ŵ�� | Method and system for handling a network-identified emergency session |
| EP2018075A1 (en) * | 2006-05-02 | 2009-01-21 | NTT DoCoMo, Inc. | Mobile terminal and mobile communication system |
| CN101448258A (en) * | 2007-11-26 | 2009-06-03 | 华为技术有限公司 | Judgment method of authentication mode for UE to access IMS and device thereof |
| CN101448233A (en) * | 2008-05-23 | 2009-06-03 | 中兴通讯股份有限公司 | Method for realizing IP multimedia subsystem emergency call |
Non-Patent Citations (1)
| Title |
|---|
| 3RD GENERATION PARTNERSHIP PROJECT: "《3GPP TS 23.167 V7.2.0》", 30 September 2006 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013185709A1 (en) * | 2012-09-12 | 2013-12-19 | 中兴通讯股份有限公司 | Call authentication method, device, and system |
| CN103686651A (en) * | 2012-09-12 | 2014-03-26 | 中兴通讯股份有限公司 | Emergency call based authentication method, device and system |
| CN103686651B (en) * | 2012-09-12 | 2018-05-11 | 中兴通讯股份有限公司 | A kind of authentication method based on urgent call, equipment and system |
| WO2014075484A1 (en) * | 2012-11-13 | 2014-05-22 | 中兴通讯股份有限公司 | Browser emergency call method, system, and mobile device in real-time communication |
| CN109691017A (en) * | 2017-01-25 | 2019-04-26 | 华为技术有限公司 | Message protection method, user equipment and equipment of the core network |
| CN109691017B (en) * | 2017-01-25 | 2022-02-01 | 华为技术有限公司 | Message protection method, user equipment and core network equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7574735B2 (en) | Method and network element for providing secure access to a packet data network | |
| EP2521304B1 (en) | Authentication method, system and apparatus | |
| KR101243488B1 (en) | Coding and behavior when receiving an ims emergency session indicator from authorized source | |
| EP2112798B1 (en) | Service controlling in a service provisioning system | |
| US8613058B2 (en) | Systems, methods and computer program products for providing additional authentication beyond user equipment authentication in an IMS network | |
| KR101281844B1 (en) | System and method for managing emergency requests | |
| US11063990B2 (en) | Originating caller verification via insertion of an attestation parameter | |
| US20120028598A1 (en) | Privacy-Related Requests for an IMS Emergency Session | |
| JP6330916B2 (en) | System and method for webRTC | |
| US20060242310A1 (en) | Session initiation from application servers in an IP multimedia subsystem | |
| US9276970B2 (en) | Method and equipment for forwarding a SIP request message having alerting information associated therewith to a receiving subscriber in a SIP based communications network | |
| WO2008022554A1 (en) | Method and apparatus for transmit-receiving emergency services | |
| US7600116B2 (en) | Authentication of messages in a communication system | |
| US20080244266A1 (en) | Authenticating a communication device and a user of the communication device in an ims network | |
| US8499340B2 (en) | IMS network identity management | |
| EP2106091B1 (en) | Method of setting up a call in an internet protocol (IP) multimedia subsystem (IMS) network, method of operating a network nude, network node, a telecommunications service provider using such a method, computer program and computer readable medium | |
| US20040043756A1 (en) | Method and system for authentication in IP multimedia core network system (IMS) | |
| EP2569998B1 (en) | Enabling set up of a connection from a non-registered UE in IMS | |
| US9692835B2 (en) | Method and apparatuses for the provision of network services offered through a set of servers in an IMS network | |
| US20050159157A1 (en) | Authentications in a communication system | |
| CN106790055B (en) | Registration method and device of IMS (IP multimedia subsystem) | |
| CN102055744A (en) | Implementing system and method of IP (Internet Protocol) multimedia subsystem emergency call service | |
| US8214512B2 (en) | Control entity and method for setting up a session in a communications network, subscriber database and communications network | |
| KR101385842B1 (en) | Method and application server for routing combinational services to a single endpoint | |
| RU2490813C2 (en) | Method, apparatus, system and computer program product for supporting p-cscf (proxy call session control function) to indicate to s-cscf (serving call session control function) to skip authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110511 |