CN103701780A - Authenticating method and system - Google Patents

Authenticating method and system Download PDF

Info

Publication number
CN103701780A
CN103701780A CN201310686614.5A CN201310686614A CN103701780A CN 103701780 A CN103701780 A CN 103701780A CN 201310686614 A CN201310686614 A CN 201310686614A CN 103701780 A CN103701780 A CN 103701780A
Authority
CN
China
Prior art keywords
authentication
authentication mode
described terminal
message
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310686614.5A
Other languages
Chinese (zh)
Inventor
武兴
马维孝
师亚刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201310686614.5A priority Critical patent/CN103701780A/en
Publication of CN103701780A publication Critical patent/CN103701780A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides an authenticating method and an authenticating system to solve the problems that the authenticating method at present is more complicated, can not be adapted to the actual using environment of users and influences the perception of the users. The authenticating method comprises the following steps of determining an authenticating mode supported by a terminal according to an initial registering message sent by the terminal; acquiring a first response value corresponding to the authenticating mode supported by the terminal from an HSS (Home Subscriber Server); acquiring a second response value corresponding to the authenticating mode supported by the terminal from the terminal; comparing the first response value with the second response value, and if the first response value and the second response value are the same, determining that authentication is successful, and allowing the terminal to be registered. The authenticating method and the authenticating system disclosed by the embodiment of the invention have simple authenticating processes and can be adapted to the actual using environment of the users, so that the perception of the users is improved.

Description

A kind of method for authenticating and system
Technical field
The embodiment of the present invention relates to communication technical field, particularly relates to a kind of method for authenticating and a kind of right discriminating system.
Background technology
IMS(IP Multimedia Subsystem, IP Multimedia System) be a kind of brand-new multimedia service form, it can meet, and present terminal client is more novel, the demand of more diversified multimedia service.At present, IMS is considered to the core technology of next generation network, is also to solve mobile and fixed network fusion, introduces the important way of the differentiated services such as voice, data, video Triple Fusion.
In order to ensure the fail safe of network and user's interests, when accessing terminal to network, to carry out authentication to user, just authentication accesses by rear permission.In IMS, support four kinds of authentication mechanism at present, be respectively: IMS-AKA(Authentication and Key Agreement, authentication and key agreement) authentication, Early IMS authentication, HTTP(HTTP-Hypertext transfer protocol, hypertext transfer protocol) Digest(summary) authentication, NBA(NASS Bundled Authentication, Network Attachment Subsystem binding authentication).User is at HSS(Home Subscriber Server, ownership place subscription data server) during initial subscription authentication, can configure a kind of authentication mode of acquiescence, follow-uply will use this acquiescence authentication mode execution authentication process.
But, along with communication network enters all-IP (Internet Protocol, Internet Protocol), since changing, user requires no matter when and where can both communicate by letter freely, so just there will be user in different regions, to use the situation of diversified accessing terminal to network.Yet the authentication mode that different terminals is supported may be different, therefore, when acquiescence authentication mode when the authentication mode of supporting when the terminal of the current use of user and user are signing is inconsistent, acquiescence authentication mode while still adopting initial subscription authentication carries out authentication and will cause failed authentication, and network side will directly be refused the registration of this terminal.
For the problems referred to above, the method change user's of general employing manual modification HSS configuration at present authentication mode, the authentication mode that its terminal of using with user is supported is consistent, thereby completes authentication.But this kind of method is comparatively loaded down with trivial details, can not adapt to user's practical service environment, affect user awareness.
Summary of the invention
The embodiment of the present invention provides a kind of method for authenticating and system, comparatively loaded down with trivial details to solve current method for authenticating, can not adapt to user's practical service environment, affects the problem of user awareness.
In order to address the above problem, the invention discloses a kind of method for authenticating, it is characterized in that, comprising:
The initial registration message sending according to terminal is determined the authentication mode that described terminal is supported;
From ownership place subscription data server HSS, obtain the first response corresponding to authentication mode that described terminal is supported;
From described terminal, obtain the second response corresponding to authentication mode that described terminal is supported;
More described the first response and described the second response, if described the first response is identical with described the second response, determine authentication success, allows described endpoint registration.
Preferably, the described initial registration message sending according to terminal determines that the step of the authentication mode of described terminal support comprises:
The authentication header field that comprises the authentication mode that described terminal is supported if carry in described initial registration message obtains the authentication mode that described terminal is supported from described authentication header field;
If carry the Access Network information of described terminal in described initial registration message, the authentication mode of authentication mode matching with described Access Network information being supported as described terminal;
If carry in described initial registration message, comprise the authentication header field of authentication mode and the Access Network information of described terminal that described terminal is supported, from described authentication header field, obtain the authentication mode of described terminal support or the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal.
Preferably, the described initial registration message sending according to terminal determines that the step of the authentication mode of described terminal support comprises:
If do not carry in described initial registration message, comprise the authentication header field of authentication mode and the Access Network information of described terminal that described terminal is supported, to described HSS, initiate authentication request message;
Receive the authentication response message that described HSS returns, described authentication response message comprises acquiescence authentication mode;
To described terminal, initiate authentication challenge message, described authentication challenge message comprises described acquiescence authentication mode;
Receive the identification log message that described terminal is initiated, in described identification log message, carry the authentication header field of the authentication mode that comprises that described terminal is supported, from described authentication header field, obtain the authentication mode that described terminal is supported.
Preferably, the described step of obtaining the first response that the authentication mode of described terminal support is corresponding from HSS comprises:
To described HSS, initiate authentication request message, described authentication request message comprises the authentication mode that described terminal is supported;
Receive the authentication response message that described HSS returns, described authentication response message comprises the first response corresponding to authentication mode that described terminal is supported; Described the first response calculates according to the authentication mode of described terminal support by described HSS.
Preferably, the described step of obtaining the second response that the authentication mode of described terminal support is corresponding from described terminal comprises:
To described terminal, initiate authentication challenge message, described authentication challenge message comprises the authentication mode that described terminal is supported;
Receive the identification log message that described terminal is initiated, described identification log message comprises the second response corresponding to authentication mode that described terminal is supported; Described the second response calculates according to the authentication mode of described terminal support by described terminal.
According to a further aspect in the invention, also disclose a kind of right discriminating system, it is characterized in that, having comprised:
Mode determination module, determines for the initial registration message sending according to terminal the authentication mode that described terminal is supported;
The first acquisition module, the first response corresponding to authentication mode of supporting for obtain described terminal from ownership place subscription data server HSS;
The second acquisition module, the second response corresponding to authentication mode of supporting for obtain described terminal from described terminal;
Determination module relatively, for more described the first response and described the second response, when identical, determines authentication success with described the second response in described the first response, allows described endpoint registration.
Preferably, described mode determination module comprises:
First obtains submodule, when carrying the authentication header field of the authentication mode that comprises that described terminal is supported in described initial registration message, obtains the authentication mode that described terminal is supported from described authentication header field;
Second obtains submodule, when carrying the Access Network information of described terminal in described initial registration message, and the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal;
The 3rd obtains submodule, while comprising the authentication header field of authentication mode that described terminal is supported and the Access Network information of described terminal for carrying in described initial registration message, from described authentication header field, obtain the authentication mode of described terminal support or the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal.
Preferably, described mode determination module comprises:
First initiates submodule, while comprising the authentication header field of authentication mode that described terminal is supported and the Access Network information of described terminal for not carrying in described initial registration message, to described HSS, initiates authentication request message;
First receives submodule, the authentication response message of returning for receiving described HSS, and described authentication response message comprises acquiescence authentication mode;
Second initiates submodule, and for initiating authentication challenge message to described terminal, described authentication challenge message comprises described acquiescence authentication mode;
Second receives submodule, for receiving the identification log message of described terminal initiation, carries the authentication header field of the authentication mode that comprises that described terminal is supported in described identification log message, obtains the authentication mode that described terminal is supported from described authentication header field.
Preferably, described the first acquisition module comprises:
The 3rd initiates submodule, and for initiating authentication request message to described HSS, described authentication request message comprises the authentication mode that described terminal is supported;
The 3rd receives submodule, the authentication response message of returning for receiving described HSS, and described authentication response message comprises the first response corresponding to authentication mode that described terminal is supported; Described the first response calculates according to the authentication mode of described terminal support by described HSS.
Preferably, described the second acquisition module comprises:
The 4th initiates submodule, and for initiating authentication challenge message to described terminal, described authentication challenge message comprises the authentication mode that described terminal is supported;
The 4th receives submodule, the identification log message of initiating for receiving described terminal, and described identification log message comprises the second response corresponding to authentication mode that described terminal is supported; Described the second response calculates according to the authentication mode of described terminal support by described terminal.
Compared with prior art, the embodiment of the present invention comprises following advantage:
The initial registration message that first can send according to terminal in the embodiment of the present invention is determined the authentication mode that described terminal is supported, and obtain from HSS the first response corresponding to authentication mode that described terminal is supported, from described terminal, obtain the second response corresponding to authentication mode that described terminal is supported; Then more described the first response and described the second response, if described the first response is identical with described the second response, determine authentication success, allows described endpoint registration.
Because user may use diversified accessing terminal to network in different regions, and the authentication mode that different terminals is supported may be different, when the authentication mode of therefore supporting in the terminal of the current use of user in the embodiment of the present invention and acquiescence authentication mode when signing are inconsistent, network equipment can dynamically be adjusted authentication mode, the authentication mode of supporting according to terminal carries out authentication, thereby without manual modification HSS configuration again, authentication process is simple, the practical service environment that can adapt to user, improves user awareness.
Accompanying drawing explanation
Fig. 1 is the application scenarios schematic diagram of different terminals access network in the embodiment of the present invention one;
Fig. 2 is the flow chart of a kind of method for authenticating of the embodiment of the present invention one;
Fig. 3 is the flow chart of a kind of method for authenticating of the embodiment of the present invention two;
Fig. 4 is the successful message flow chart of a kind of authentication of the embodiment of the present invention two;
Fig. 5 is the successful message flow chart of another kind of authentication of the embodiment of the present invention two;
Fig. 6 is the message flow chart of a kind of failed authentication of the embodiment of the present invention two;
Fig. 7 is the structured flowchart of a kind of right discriminating system of the embodiment of the present invention three.
Embodiment
For above-mentioned purpose of the present invention, feature and advantage can be become apparent more, below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
User is when HSS initial subscription authenticates, adopt unique user ID (for example user's identification card number) authentication of contracting, HSS can configure for this user ID a kind of authentication mode of acquiescence, follow-up when this user uses accessing terminal to network, will adopt above-mentioned acquiescence authentication mode to carry out authentication process.In authentication process, first terminal sends initial registration message to S-CSCF(Serving-Call Server Control Function, service call conversation control entity), then S-CSCF will obtain respectively response from HSS and terminal, now HSS can be according to issuing response to S-CSCF for this user configured acquiescence authentication mode, response corresponding to authentication mode that terminal sends to the response of S-CSCF to support for terminal, if it is inconsistent that S-CSCF judges two responses, can refuse the registration of this terminal.
Along with since communication network enters all-IP, user requires no matter when and where can both freely communicate by letter, so just there will be user in different regions, to use the situation of diversified accessing terminal to network, the authentication mode that different terminals is supported may be different.Therefore, adopt in the process of current authentication mode authentication, if the acquiescence authentication mode when authentication mode that the terminal of the current use of user is supported and user are signing is inconsistent, can cause failed authentication, network side will directly be refused the registration of this terminal.And the method for the manual modification HSS adopting at present configuration is comparatively loaded down with trivial details, can not adapt to user's practical service environment, affect user awareness.
For the problems referred to above, the present invention proposes a kind of method for authenticating and system, the authentication mode that can support according to user terminal at network side is dynamically adjusted adopted authentication mode, thereby guarantee that authentication process carries out smoothly, and authentication process is simple, the practical service environment that can adapt to user, improves user awareness.
Below, by following each embodiment, method for authenticating of the present invention and system are described in detail.
Embodiment mono-:
Along with the development of communication network, user may use diversified accessing terminal to network in different regions.With reference to Fig. 1, show the application scenarios schematic diagram of different terminals access network.In Fig. 1, user exists on company, office, family, the ground such as go on business by PC(personal computer in the normal process of using terminal, personal computer) software terminal, IP hard terminal, mobile phone software terminal, PAD(panel computer) software terminal etc. is linked into the mode of the network equipment, wherein when company and office, pass through the IP of enterprise private network access network device, when staying at home and going on business, pass through Internet access network device.Different authentication modes when the network equipment needs compatible same user by various different terminals access in this process, to meet the internet security in multiple terminal access situation, guarantee that Subscriber Number can be by free call on sb. else's expense through illegal means, protection user's rights and interests.
In the embodiment of the present invention, the described network equipment can comprise HSS, CSCF(Call Server Control Function, call conversation control entity), S-CSCF, I-CSCF(Interrogating-Call Server Control Function, query call conversation control entity), P-CSCF(Proxy-Call Server Control Function, agent call conversation control entity), AS(Application Server, application server), etc.
With reference to Fig. 2, show the flow chart of a kind of method for authenticating of the embodiment of the present invention one, the method specifically can comprise the following steps:
Step 201, the initial registration message sending according to terminal is determined the authentication mode that described terminal is supported.
Terminal, when register and authentication, first can send initial registration message to the S-CSCF of network side, is sending initial registration message to the forwarding that can pass through the equipment such as P-CSCF, I-CSCF in the process of S-CSCF, and the embodiment of the present invention is discussed no longer in detail at this.Because the authentication mode that different terminals is supported may be different, and the object of the embodiment of the present invention is dynamically to adjust authentication mode to satisfy the demands in authentication process, the initial registration message that therefore first S-CSCF can send according to terminal is determined the authentication mode that described terminal is supported.
Step 202, obtains from HSS the first response corresponding to authentication mode that described terminal is supported.
S-CSCF, after determining the authentication mode that described terminal is supported, can obtain from HSS the first response corresponding to authentication mode that described terminal is supported according to the authentication mode of described terminal support.Follow-up the first response that can be corresponding according to the authentication mode of this terminal support is carried out authentication, and the authentication mode during now by this endpoint registration is adjusted into the authentication mode that described terminal is supported.
Step 203, obtains from described terminal the second response corresponding to authentication mode that described terminal is supported.
In authentication process, S-CSCF can also obtain the second response corresponding to authentication mode that described terminal is supported from described terminal, and according to this second response, described terminal is carried out to authentication.
Step 204, more described the first response and described the second response, if described the first response is identical with described the second response, determine authentication success, allows described endpoint registration.
Respectively after HSS and terminal get the first response and the second response, S-CSCF can compare two responses.If two responses are identical, can determine authentication success, now can allow described endpoint registration; If two response differences, can determine failed authentication, now can refuse described endpoint registration.
When the authentication mode of supporting in the terminal of the current use of user in the embodiment of the present invention and acquiescence authentication mode when signing are inconsistent, network equipment can dynamically be adjusted authentication mode, the authentication mode of supporting according to terminal carries out authentication, thereby without manual modification HSS configuration again, authentication process is simple, the practical service environment that can adapt to user, improves user awareness.
Embodiment bis-:
With reference to Fig. 3, show the flow chart of a kind of method for authenticating of the embodiment of the present invention two, the method specifically can comprise the following steps:
Step 301, the initial registration message sending according to terminal is determined the authentication mode that described terminal is supported.
In the embodiment of the present invention, there are following four kinds of situations in the form of the initial registration message that described terminal sends:
(1) in described initial registration message, only carry the authentication header field (AUTH header field) of the authentication mode that comprises that described terminal is supported;
(2) in described initial registration message, only carry the Access Network information (P-access-network-info) of described terminal;
(3) in described initial registration message, carry AUTH header field and P-access-network-info;
(4) in described initial registration message, do not carry AUTH header field and P-access-network-info.
For above-mentioned four kinds of different situations, the initial registration message that described S-CSCF sends according to terminal determines that the method for the authentication mode that described terminal is supported is different, below is introduced respectively.
For (1) kind situation:
In described initial registration message, only carry AUTH header field, because this AUTH header field comprises the authentication mode that described terminal is supported, so in this kind of situation, can directly from described AUTH header field, obtain the authentication mode that described terminal is supported.
For (2) kind situation:
In described initial registration message, only carry P-access-network-info, the authentication mode of supporting with terminal due to the Access Network information of terminal is mutually to mate, can set in advance the Access Network information of terminal and the matching relationship of the authentication mode that terminal is supported, therefore in this kind of situation, can obtain the authentication mode that the Access Network information with described terminal matches according to setting in advance, and the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal.
For (3) kind situation:
In described initial registration message, carry AUTH header field and P-access-network-info, in this kind of situation, the authentication mode of the described terminal support that described AUTH header field comprises is the authentication mode that the Access Network information of the terminal representing with described P-access-network-info matches, and therefore can from described AUTH header field, obtain the authentication mode of described terminal support or the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal.
For (4) kind situation:
In described initial registration message, do not carry AUTH header field and P-access-network-info, the initial registration message that cannot send from described terminal, obtain the authentication mode that described terminal is supported in this kind of situation, therefore can again from terminal, obtain the authentication mode that described terminal is supported.
In (4) kind situation, can carry out following sub-step:
Sub-step a1, initiates authentication request message to described HSS;
Sub-step a2, receives the authentication response message that described HSS returns, and described authentication response message comprises acquiescence authentication mode;
Sub-step a3, initiates authentication challenge message to described terminal, and described authentication challenge message comprises described acquiescence authentication mode;
Sub-step a4, receives the identification log message that described terminal is initiated, and carries the authentication header field of the authentication mode that comprises that described terminal is supported in described identification log message, obtains the authentication mode that described terminal is supported from described authentication header field.
If do not carry AUTH header field and P-access-network-info in described initial registration message, S-CSCF can initiate authentication request message to described HSS, from HSS, obtaining HSS is this user configured acquiescence authentication mode, then can initiate authentication challenge message to described terminal, described acquiescence authentication mode is sent to described terminal.Terminal is after receiving authentication challenge message, find that described acquiescence authentication mode and the authentication mode of self supporting are inconsistent, now terminal will be initiated identification log message, and carry AUTH header field in this identification log message, S-CSCF, after receiving this identification log message, can obtain the authentication mode that described terminal is supported from described AUTH header field.
Step 302, obtains from HSS the first response corresponding to authentication mode that described terminal is supported.
After S-CSCF determines the authentication mode of described terminal support, can from HSS, obtain the first response corresponding to authentication mode that described terminal is supported according to the authentication mode of this terminal support.
In the embodiment of the present invention, this step 302 specifically can comprise following sub-step:
Sub-step b1, initiates authentication request message to described HSS, and described authentication request message comprises the authentication mode that described terminal is supported.
Sub-step b2, receives the authentication response message that described HSS returns, and described authentication response message comprises the first response corresponding to authentication mode that described terminal is supported; Described the first response calculates according to the authentication mode of described terminal support by described HSS.
First S-CSCF can initiate authentication request message to described HSS, can comprise the authentication mode that described terminal is supported in this authentication request message, to obtain the first response corresponding to authentication mode that described terminal is supported from HSS.HSS is after receiving authentication request message, and the authentication mode that can support according to described terminal calculates the first corresponding response, then this first response is back to S-CSCF by authentication response message.
The calculating of Authentication Response value is a set of cryptographic algorithm, different authentication modes has different cryptographic algorithm, can be according to user name, password, response corresponding to authentication vector compute authentication mode, different authentication modes, the response that same user name, cryptographic calculations go out is inconsistent.
When user initial subscription when authentication in HSS, HSS can preserve this user's username and password, after HSS gets the authentication mode of described terminal support, can calculate the first response corresponding to authentication mode that described terminal is supported according to the authentication vector corresponding to authentication mode of the user name of this terminal respective user, password and described terminal support.For HSS, calculate the detailed process of the first response, those skilled in the art carry out relevant treatment according to practical experience, and the embodiment of the present invention is discussed no longer in detail at this.
Step 303, obtains from described terminal the second response corresponding to authentication mode that described terminal is supported.
S-CSCF, after getting the first response from HSS, also will obtain the second response corresponding to authentication mode that described terminal is supported from terminal, to carry out authentication according to two responses.
In the embodiment of the present invention, this step 303 specifically can comprise following sub-step:
Sub-step c1, initiates authentication challenge message to described terminal, and described authentication challenge message comprises the authentication mode that described terminal is supported.
Sub-step c2, receives the identification log message that described terminal is initiated, and described identification log message comprises the second response corresponding to authentication mode that described terminal is supported; Described the second response calculates according to the authentication mode of described terminal support by described terminal.
First S-CSCF can initiate authentication challenge message to described terminal, can comprise the authentication mode that described terminal is supported in this authentication challenge message, to obtain the second response corresponding to authentication mode that described terminal is supported from terminal.Terminal is after receiving authentication challenge message, the authentication mode that judgement receives is consistent with the authentication mode of self supporting, now terminal can be calculated the second response corresponding to authentication mode that self supports, then this second response is back to S-CSCF by identification log message.
Terminal also can be according to user name, password, response corresponding to authentication vector compute authentication mode.First user can input username and password in end, then terminal can be inputted according to user user name, password, and authentication vector corresponding to the authentication mode of described terminal support calculated the second response corresponding to authentication mode that described terminal is supported.For terminal, calculate the detailed process of the second response, those skilled in the art carry out relevant treatment according to practical experience, and the embodiment of the present invention is discussed no longer in detail at this.
Step 304, whether more described the first response is identical with described the second response.
After S-CSCF gets the first response and the second response, can more described the first response whether identical with described the second response, to determine whether to allow endpoint registration.
If described the first response is identical with described the second response, perform step 305; If described the first response is different with described the second response, perform step 306.
Step 305, determines authentication success, allows described endpoint registration.
Because the first response is the response that HSS calculates according to the authentication mode of described terminal support, if the username and password that therefore user inputs in terminal is correct, the first response that the second response that the authentication mode that terminal is supported according to self calculates calculates with described HSS is identical, authentication success is now described, therefore can allows described endpoint registration.
Step 306, determines failed authentication, refuses described endpoint registration.
If the username and password that user inputs in terminal is wrong, the first response that the second response that the authentication mode that terminal is supported according to self calculates calculates from described HSS is different, failed authentication is now described, therefore can refuses described endpoint registration.Therefore, the embodiment of the present invention can guarantee that Subscriber Number can be by free call on sb. else's expense through illegal means, protection user's rights and interests.
Certainly, the inconsistent situation of above-mentioned response is just as illustrating, also may due to other reason cause the first response and the second response inconsistent, the embodiment of the present invention is discussed no longer in detail at this.
Below, by following three concrete examples, the method for authenticating of the embodiment of the present invention is described.
The equipment relating in three examples below comprises UE(User Equipment, subscriber equipment), P-CSCF, I-CSCF, S-CSCF and HSS, wherein, UE is the terminal described in the embodiment of the present invention, and P-CSCF, I-CSCF, S-CSCF and HSS are the network equipment.
With reference to Fig. 4, show the successful message flow chart of a kind of authentication of the embodiment of the present invention two, the flow process described in Fig. 4 is the situation of AUTH header field and P-access-network-info of carrying in initial registration message.This flow process specifically describes as follows:
1, terminal is initiated REGISTER message (being the initial registration message described in above-mentioned steps 301) to P-CSCF;
2, P-CSCF receives after REGISTER message, and REGISTER message is forwarded to I-CSCF;
3, I-CSCF receives after REGISTER message, by Cx interface, to HSS, initiates UAR(User Authorization Request, user-authorization-request) message;
4, HSS receives after UAR message, by Cx interface, to I-CSCF, returns to UAA(UserAuthorization Answer, user-authorization-answer) message;
5, I-CSCF receives after UAA message, and REGISTER message is forwarded to S-CSCF;
Above-mentioned 1~5 is terminal normally initiates the process of initial registration message by P-CSCF, I-CSCF and HSS to S-CSCF.Owing to carrying AUTH header field and P-access-network-info in REGISTER message (initial registration message), therefore the authentication mode that the content judgement UE that S-CSCF can carry according to AUTH header field and P-access-network-info supports, and in sending to the authentication request message of HSS, carry the authentication mode that described UE supports.
6, S-CSCF determines after the authentication mode of UE support, by Cx interface, to HSS, initiates MAR message (being the authentication request message described in above-mentioned sub-step b1); Described MAR message is carried the authentication mode that described UE supports;
HSS receives after MAR message, and the authentication mode of supporting according to described UE is calculated to the first corresponding response.
7, HSS returns to MAA message (being the authentication response message described in above-mentioned sub-step b2) by Cx interface to S-CSCF; Described MAA message is carried the first response corresponding to authentication mode that described UE supports;
Above-mentioned 6~7 are S-CSCF obtains the process of the first response from HSS.
8, S-CSCF initiates 401Unauthorized message (be above-mentioned sub-step c1 described in authentication challenge message) to I-CSCF; Described 401Unauthorized message is carried the authentication mode that described UE supports;
9, I-CSCF is forwarded to P-CSCF by described 401Unauthorized message;
10, P-CSCF is forwarded to UE by described 401Unauthorized message;
UE receives after 401Unauthorized message, will calculate the second response corresponding to authentication mode of self supporting.
11, UE initiates REGISTER message (be above-mentioned sub-step c2 described in identification log message) to P-CSCF again; Described REGISTER message is carried the second response corresponding to authentication mode that described UE supports;
12, P-CSCF is forwarded to I-CSCF by described REGISTER message;
13, I-CSCF is forwarded to S-CSCF by described REGISTER message;
Above-mentioned 8~13 are S-CSCF obtains the process of the second response from terminal.
After S-CSCF gets the first response and the second response, by more described the first response and the second response, in this example, the first response is identical with the second response, so S-CSCF will allow UE registration.
14, S-CSCF initiates SAR(Server Assignment Request, server-assignment request by Cx interface to HSS) message, to ask related service data to HSS;
15, HSS returns to SAA(Server Assignment Answer by Cx interface to S-CSCF, and server-assignment is replied) message, related service data are sent to S-CSCF;
16, S-CSCF initiates 200OK message (success response message) to I-CSCF;
17, I-CSCF is forwarded to P-CSCF by described 200OK message;
18, P-CSCF is forwarded to UE by described 200OK message, succeeds in registration.
With reference to Fig. 5, show the successful message flow chart of another kind of authentication of the embodiment of the present invention two, flow process described in Fig. 5 is the situation of AUTH header field and P-access-network-info of not carrying in initial registration message, and this example to take the acquiescence authentication mode of user when signing be that the authentication mode that IMS-AKA authentication, UE support describes as Digest authentication as example.
This flow process specifically describes as follows:
1, terminal is initiated REGISTER message (being the initial registration message described in above-mentioned steps 301) to P-CSCF;
2, P-CSCF receives after REGISTER message, and REGISTER message is forwarded to I-CSCF;
3, I-CSCF receives after REGISTER message, by Cx interface, to HSS, initiates UAR message (user authorization request message);
4, HSS receives after UAR message, by Cx interface, to I-CSCF, returns to UAA message (subscriber authorisation response message);
5, I-CSCF receives after UAA message, and REGISTER message is forwarded to S-CSCF;
Above-mentioned 1~5 is terminal normally initiates the process of initial registration message by P-CSCF, I-CSCF and HSS to S-CSCF.Owing to not carrying AUTH header field and P-access-network-info in REGISTER message (initial registration message), so S-CSCF cannot judge the authentication mode that UE supports, now can initiate authentication request message to HSS.
6, S-CSCF initiates MAR message (being the authentication request message described in above-mentioned sub-step a1) by Cx interface to HSS;
7, HSS returns to MAA message (being the authentication response message described in above-mentioned sub-step a2) by Cx interface to S-CSCF; Described MAA message is carried the acquiescence authentication mode configuring when user contracts;
8, S-CSCF initiates 401Unauthorized message (be above-mentioned sub-step a3 described in authentication challenge message) to I-CSCF; Described 401Unauthorized message is carried described acquiescence authentication mode and (for example in 401Unauthorized message, is carried AUTH header field, AUTH=IMS-AKA);
9, I-CSCF is forwarded to P-CSCF by described 401Unauthorized message;
10, P-CSCF is forwarded to UE by described 401Unauthorized message;
UE receives after 401Unauthorized message, and judgement acquiescence authentication mode and the authentication mode of self supporting are inconsistent, and the authentication mode that now self can be supported is sent to S-CSCF.
11, UE initiates REGISTER message (be above-mentioned sub-step a4 described in identification log message) to P-CSCF again; The authentication mode that described REGISTER message is carried described UE support (for example carries AUTH header field, AUTH=Digest) in REGISTER message;
12, P-CSCF is forwarded to I-CSCF by described REGISTER message;
13, I-CSCF receives after REGISTER message, by Cx interface, to HSS, initiates UAR message;
14, HSS receives after UAR message, by Cx interface, to I-CSCF, returns to UAA message;
15, I-CSCF receives after UAA message, and REGISTER message is forwarded to S-CSCF;
Owing to carrying AUTH header field in REGISTER message (identification log message), therefore the authentication mode that the content judgement UE that S-CSCF can carry according to AUTH header field supports is Digest, and in sending to the authentication request message of HSS, carries the authentication mode that described UE supports.
16, S-CSCF determines after the authentication mode of UE support, by Cx interface, to HSS, initiates MAR message (being the authentication request message described in above-mentioned sub-step b1); Described MAR message is carried the authentication mode (Digest) that described UE supports;
HSS receives after MAR message, and the authentication mode (Digest) of supporting according to described UE is calculated to the first corresponding response.
17, HSS returns to MAA message (being the authentication response message described in above-mentioned sub-step b2) by Cx interface to S-CSCF; Described MAA message is carried the first response corresponding to authentication mode (Digest) that described UE supports;
Above-mentioned 6~7 are S-CSCF obtains the process of the first response from HSS.
18, S-CSCF initiates 401Unauthorized message (be above-mentioned sub-step c1 described in authentication challenge message) to I-CSCF; The authentication mode that described 401Unauthorized message is carried described UE support (for example carries AUTH header field, AUTH=Digest) in REGISTER message;
19, I-CSCF is forwarded to P-CSCF by described 401Unauthorized message;
20, P-CSCF is forwarded to UE by described 401Unauthorized message;
UE receives after 401Unauthorized message, will calculate the second response corresponding to authentication mode (Digest) of self supporting.
21, UE initiates REGISTER message (be above-mentioned sub-step c2 described in identification log message) to P-CSCF again; Described REGISTER message is carried the second response corresponding to authentication mode (Digest) that described UE supports, in this REGISTER message, can also carry AUTH header field, AUTH=Digest;
22, P-CSCF is forwarded to I-CSCF by described REGISTER message;
23, I-CSCF is forwarded to S-CSCF by described REGISTER message;
Above-mentioned 18~23 are S-CSCF obtains the process of the second response from terminal.
After S-CSCF gets the first response and the second response, by more described the first response and the second response, in this example, the first response is identical with the second response, so S-CSCF will allow UE registration.
24, S-CSCF initiates SAR message by Cx interface to HSS, to ask related service data to HSS;
25, HSS returns to SAA message by Cx interface to S-CSCF, and related service data are sent to S-CSCF;
26, S-CSCF initiates 200OK message to I-CSCF;
27, I-CSCF is forwarded to P-CSCF by described 200OK message;
28, P-CSCF is forwarded to UE by described 200OK message, succeeds in registration.
With reference to Fig. 6, show the message flow chart of a kind of failed authentication of the embodiment of the present invention two, flow process described in Fig. 6 is the situation of AUTH header field and P-access-network-info of not carrying in initial registration message, and this example to take the acquiescence authentication mode of user when signing be that the authentication mode that IMS-AKA authentication, UE support describes as Digest authentication as example.
This flow process specifically describes as follows:
1~23 substantially similar, concrete with reference to the above-mentioned associated description for Fig. 5 to above-mentioned Fig. 5 of 1~23 process.
After S-CSCF gets the first response and the second response, by more described the first response and the second response, the first response different with the second response (user name that for example user inputs in terminal, password mistakes) in this example, so S-CSCF will refuse UE registration.
24, S-CSCF initiates 403refuse message (error response message) to I-CSCF;
25, I-CSCF is forwarded to P-CSCF by described 403refuse message;
26, P-CSCF is forwarded to UE, registration failure by described 403refuse message.
The embodiment of the present invention can meet user by the demand of multiple terminals, many regions access network device, has reached the object of free communication, can in the situation that participating in without user, adjust authentication mode dynamically, has improved user awareness; The application model of having expanded IMS equipment, enables compatible Softswitch, and the use habit of being more close to the users has improved the autgmentability of equipment.
For aforesaid each embodiment of the method, for simple description, therefore it is all expressed as to a series of combination of actions, but those skilled in the art should know, the present invention is not subject to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.
Embodiment tri-:
With reference to Fig. 7, show the structured flowchart of a kind of right discriminating system of the embodiment of the present invention three, this system specifically can comprise with lower module:
Mode determination module 701, determines for the initial registration message sending according to terminal the authentication mode that described terminal is supported;
The first acquisition module 702, the first response corresponding to authentication mode of supporting for obtain described terminal from ownership place subscription data server HSS;
The second acquisition module 703, the second response corresponding to authentication mode of supporting for obtain described terminal from described terminal;
Determination module 704 relatively, for more described the first response and described the second response, when identical, determines authentication success with described the second response in described the first response, allows described endpoint registration; Described relatively determination module also, for when different, determining failed authentication with described the second response in described the first response, is refused described endpoint registration.
In a preferred embodiment of the present invention, described mode determination module can comprise following submodule:
First obtains submodule, when carrying the authentication header field of the authentication mode that comprises that described terminal is supported in described initial registration message, obtains the authentication mode that described terminal is supported from described authentication header field;
Second obtains submodule, when carrying the Access Network information of described terminal in described initial registration message, and the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal;
The 3rd obtains submodule, while comprising the authentication header field of authentication mode that described terminal is supported and the Access Network information of described terminal for carrying in described initial registration message, from described authentication header field, obtain the authentication mode of described terminal support or the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal;
First initiates submodule, while comprising the authentication header field of authentication mode that described terminal is supported and the Access Network information of described terminal for not carrying in described initial registration message, to described HSS, initiates authentication request message;
First receives submodule, the authentication response message of returning for receiving described HSS, and described authentication response message comprises acquiescence authentication mode;
Second initiates submodule, and for initiating authentication challenge message to described terminal, described authentication challenge message comprises described acquiescence authentication mode;
Second receives submodule, for receiving the identification log message of described terminal initiation, carries the authentication header field of the authentication mode that comprises that described terminal is supported in described identification log message, obtains the authentication mode that described terminal is supported from described authentication header field.
Above-mentioned first obtains submodule, second obtains submodule and the 3rd to obtain submodule is the authentication header field that carries the authentication mode that comprises that described terminal is supported in described initial registration message, or, carry the Access Network information of described terminal, or, the module of calling while carrying the authentication header field of the authentication mode that comprises described terminal support and the Access Network information of described terminal; It is the module of calling while not carrying the authentication header field of the authentication mode that comprises described terminal support and the Access Network information of described terminal in described initial registration message that described the first initiation submodule, first receives submodule, the second initiation submodule and the second reception submodule.
In a preferred embodiment of the present invention, described the first acquisition module can comprise following submodule:
The 3rd initiates submodule, and for initiating authentication request message to described HSS, described authentication request message comprises the authentication mode that described terminal is supported;
The 3rd receives submodule, the authentication response message of returning for receiving described HSS, and described authentication response message comprises the first response corresponding to authentication mode that described terminal is supported; Described the first response calculates according to the authentication mode of described terminal support by described HSS.
Described the second acquisition module can comprise following submodule:
The 4th initiates submodule, and for initiating authentication challenge message to described terminal, described authentication challenge message comprises the authentication mode that described terminal is supported;
The 4th receives submodule, the identification log message of initiating for receiving described terminal, and described identification log message comprises the second response corresponding to authentication mode that described terminal is supported; Described the second response calculates according to the authentication mode of described terminal support by described terminal.
The initial registration message that first can send according to terminal in the embodiment of the present invention is determined the authentication mode that described terminal is supported, when the authentication mode of supporting in described terminal and acquiescence authentication mode when signing are inconsistent, can obtain the first response corresponding to authentication mode that described terminal is supported from HSS, and obtain from described terminal the second response corresponding to authentication mode that described terminal is supported; Then more described the first response and described the second response, if described the first response is identical with described the second response, determine authentication success, allows described endpoint registration.
Because user may use diversified accessing terminal to network in different regions, and the authentication mode that different terminals is supported may be different, when the authentication mode of therefore supporting in the terminal of the current use of user in the embodiment of the present invention and acquiescence authentication mode when signing are inconsistent, network equipment can dynamically be adjusted authentication mode, the authentication mode of supporting according to terminal carries out authentication, thereby without manual modification HSS configuration again, authentication process is simple, the practical service environment that can adapt to user, improves user awareness.
For system embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part is referring to the part explanation of embodiment of the method.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and each embodiment stresses is the difference with other embodiment, between each embodiment identical similar part mutually referring to.
The embodiment of the present invention can be described in the general context of the computer executable instructions of being carried out by computer, for example program module.Usually, program module comprises the routine carrying out particular task or realize particular abstract data type, program, object, assembly, data structure etc.Also can in distributed computing environment (DCE), put into practice the present invention, in these distributed computing environment (DCE), by the teleprocessing equipment being connected by communication network, be executed the task.In distributed computing environment (DCE), program module can be arranged in the local and remote computer-readable storage medium that comprises memory device.
Finally, also it should be noted that, in this article, relational terms such as the first and second grades is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply and between these entities or operation, have the relation of any this reality or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby the process, method, commodity or the equipment that make to comprise a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or be also included as the intrinsic key element of this process, method, commodity or equipment.The in the situation that of more restrictions not, the key element being limited by statement " comprising ... ", and be not precluded within process, method, commodity or the equipment that comprises described key element and also have other identical element.
Above to a kind of method for authenticating provided by the present invention and system, be described in detail, applied specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention meanwhile.

Claims (10)

1. a method for authenticating, is characterized in that, comprising:
The initial registration message sending according to terminal is determined the authentication mode that described terminal is supported;
From ownership place subscription data server HSS, obtain the first response corresponding to authentication mode that described terminal is supported;
From described terminal, obtain the second response corresponding to authentication mode that described terminal is supported;
More described the first response and described the second response, if described the first response is identical with described the second response, determine authentication success, allows described endpoint registration.
2. method according to claim 1, is characterized in that, the described initial registration message sending according to terminal determines that the step of the authentication mode of described terminal support comprises:
The authentication header field that comprises the authentication mode that described terminal is supported if carry in described initial registration message obtains the authentication mode that described terminal is supported from described authentication header field;
If carry the Access Network information of described terminal in described initial registration message, the authentication mode of authentication mode matching with described Access Network information being supported as described terminal;
If carry in described initial registration message, comprise the authentication header field of authentication mode and the Access Network information of described terminal that described terminal is supported, from described authentication header field, obtain the authentication mode of described terminal support or the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal.
3. method according to claim 1, is characterized in that, the described initial registration message sending according to terminal determines that the step of the authentication mode of described terminal support comprises:
If do not carry in described initial registration message, comprise the authentication header field of authentication mode and the Access Network information of described terminal that described terminal is supported, to described HSS, initiate authentication request message;
Receive the authentication response message that described HSS returns, described authentication response message comprises acquiescence authentication mode;
To described terminal, initiate authentication challenge message, described authentication challenge message comprises described acquiescence authentication mode;
Receive the identification log message that described terminal is initiated, in described identification log message, carry the authentication header field of the authentication mode that comprises that described terminal is supported, from described authentication header field, obtain the authentication mode that described terminal is supported.
4. method according to claim 1, is characterized in that, the described step of obtaining the first response that the authentication mode of described terminal support is corresponding from HSS comprises:
To described HSS, initiate authentication request message, described authentication request message comprises the authentication mode that described terminal is supported;
Receive the authentication response message that described HSS returns, described authentication response message comprises the first response corresponding to authentication mode that described terminal is supported; Described the first response calculates according to the authentication mode of described terminal support by described HSS.
5. method according to claim 1, is characterized in that, the described step of obtaining the second response that the authentication mode of described terminal support is corresponding from described terminal comprises:
To described terminal, initiate authentication challenge message, described authentication challenge message comprises the authentication mode that described terminal is supported;
Receive the identification log message that described terminal is initiated, described identification log message comprises the second response corresponding to authentication mode that described terminal is supported; Described the second response calculates according to the authentication mode of described terminal support by described terminal.
6. a right discriminating system, is characterized in that, comprising:
Mode determination module, determines for the initial registration message sending according to terminal the authentication mode that described terminal is supported;
The first acquisition module, the first response corresponding to authentication mode of supporting for obtain described terminal from ownership place subscription data server HSS;
The second acquisition module, the second response corresponding to authentication mode of supporting for obtain described terminal from described terminal;
Determination module relatively, for more described the first response and described the second response, when identical, determines authentication success with described the second response in described the first response, allows described endpoint registration.
7. system according to claim 6, is characterized in that, described mode determination module comprises:
First obtains submodule, when carrying the authentication header field of the authentication mode that comprises that described terminal is supported in described initial registration message, obtains the authentication mode that described terminal is supported from described authentication header field;
Second obtains submodule, when carrying the Access Network information of described terminal in described initial registration message, and the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal;
The 3rd obtains submodule, while comprising the authentication header field of authentication mode that described terminal is supported and the Access Network information of described terminal for carrying in described initial registration message, from described authentication header field, obtain the authentication mode of described terminal support or the authentication mode that the authentication mode matching with described Access Network information is supported as described terminal.
8. system according to claim 6, is characterized in that, described mode determination module comprises:
First initiates submodule, while comprising the authentication header field of authentication mode that described terminal is supported and the Access Network information of described terminal for not carrying in described initial registration message, to described HSS, initiates authentication request message;
First receives submodule, the authentication response message of returning for receiving described HSS, and described authentication response message comprises acquiescence authentication mode;
Second initiates submodule, and for initiating authentication challenge message to described terminal, described authentication challenge message comprises described acquiescence authentication mode;
Second receives submodule, for receiving the identification log message of described terminal initiation, carries the authentication header field of the authentication mode that comprises that described terminal is supported in described identification log message, obtains the authentication mode that described terminal is supported from described authentication header field.
9. system according to claim 6, is characterized in that, described the first acquisition module comprises:
The 3rd initiates submodule, and for initiating authentication request message to described HSS, described authentication request message comprises the authentication mode that described terminal is supported;
The 3rd receives submodule, the authentication response message of returning for receiving described HSS, and described authentication response message comprises the first response corresponding to authentication mode that described terminal is supported; Described the first response calculates according to the authentication mode of described terminal support by described HSS.
10. system according to claim 6, is characterized in that, described the second acquisition module comprises:
The 4th initiates submodule, and for initiating authentication challenge message to described terminal, described authentication challenge message comprises the authentication mode that described terminal is supported;
The 4th receives submodule, the identification log message of initiating for receiving described terminal, and described identification log message comprises the second response corresponding to authentication mode that described terminal is supported; Described the second response calculates according to the authentication mode of described terminal support by described terminal.
CN201310686614.5A 2013-12-13 2013-12-13 Authenticating method and system Pending CN103701780A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310686614.5A CN103701780A (en) 2013-12-13 2013-12-13 Authenticating method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310686614.5A CN103701780A (en) 2013-12-13 2013-12-13 Authenticating method and system

Publications (1)

Publication Number Publication Date
CN103701780A true CN103701780A (en) 2014-04-02

Family

ID=50363177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310686614.5A Pending CN103701780A (en) 2013-12-13 2013-12-13 Authenticating method and system

Country Status (1)

Country Link
CN (1) CN103701780A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105338526A (en) * 2014-07-31 2016-02-17 成都鼎桥通信技术有限公司 Distributed authentication system, method and device based on cluster users
CN106713249A (en) * 2015-11-18 2017-05-24 大唐移动通信设备有限公司 Authentication method and device
CN107294803A (en) * 2017-06-15 2017-10-24 北京小度信息科技有限公司 Response message conformance test method and device
CN110493773A (en) * 2019-08-23 2019-11-22 中国联合网络通信集团有限公司 The acquisition methods and its equipment of mobile device authentication capability

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801706A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Network authentication system and method for IP multimedia subsystem
CN1852556A (en) * 2005-06-17 2006-10-25 华为技术有限公司 Method for realizing registering in IP multi-media subsystem
CN1866823A (en) * 2006-02-08 2006-11-22 华为技术有限公司 Authentication method, device and system in IMS network
CN1870812A (en) * 2005-05-27 2006-11-29 华为技术有限公司 Method for selecting safety mechanism of IP multimedia subsystem acess field
CN101043744A (en) * 2006-03-21 2007-09-26 华为技术有限公司 Method for user terminal accessing authentication in IMS network
CN101106795A (en) * 2006-07-12 2008-01-16 华为技术有限公司 A registration hiding method for IMS domain
US20080168540A1 (en) * 2006-12-07 2008-07-10 Kaitki Agarwal Systems, Methods, Media, and Means for User Level Authentication
CN101997828A (en) * 2009-08-28 2011-03-30 中国移动通信集团公司 Method, device and network for network re-registration of Internet protocol multimedia subsystem (IMS)

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801706A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Network authentication system and method for IP multimedia subsystem
CN1870812A (en) * 2005-05-27 2006-11-29 华为技术有限公司 Method for selecting safety mechanism of IP multimedia subsystem acess field
CN1852556A (en) * 2005-06-17 2006-10-25 华为技术有限公司 Method for realizing registering in IP multi-media subsystem
CN1866823A (en) * 2006-02-08 2006-11-22 华为技术有限公司 Authentication method, device and system in IMS network
CN101043744A (en) * 2006-03-21 2007-09-26 华为技术有限公司 Method for user terminal accessing authentication in IMS network
CN101106795A (en) * 2006-07-12 2008-01-16 华为技术有限公司 A registration hiding method for IMS domain
US20080168540A1 (en) * 2006-12-07 2008-07-10 Kaitki Agarwal Systems, Methods, Media, and Means for User Level Authentication
CN101997828A (en) * 2009-08-28 2011-03-30 中国移动通信集团公司 Method, device and network for network re-registration of Internet protocol multimedia subsystem (IMS)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105338526A (en) * 2014-07-31 2016-02-17 成都鼎桥通信技术有限公司 Distributed authentication system, method and device based on cluster users
CN105338526B (en) * 2014-07-31 2019-01-08 成都鼎桥通信技术有限公司 Distributed right discriminating system based on cluster user, method and device
CN106713249A (en) * 2015-11-18 2017-05-24 大唐移动通信设备有限公司 Authentication method and device
CN107294803A (en) * 2017-06-15 2017-10-24 北京小度信息科技有限公司 Response message conformance test method and device
CN110493773A (en) * 2019-08-23 2019-11-22 中国联合网络通信集团有限公司 The acquisition methods and its equipment of mobile device authentication capability
CN110493773B (en) * 2019-08-23 2022-09-02 中国联合网络通信集团有限公司 Method and equipment for acquiring authentication capability of mobile equipment

Similar Documents

Publication Publication Date Title
CN1327681C (en) Method for realizing initial Internet protocol multimedia subsystem registration
CN101091374B (en) IP multimedia subsystem access method and apparatus
US8929521B2 (en) System and method for authenticating a communication device
CN102474523B (en) Methods and apparatuses for initiating provisioning of subscriber data in a hss of an IP multimedia subsystem network
US9854508B2 (en) Downloadable ISIM
EP1909430A1 (en) Access authorization system of communication network and method thereof
US8533348B2 (en) Failover communication services
CN105307144B (en) A kind of register method, method of calling, application server and network domain arrangement
CN103701780A (en) Authenticating method and system
CN103259763B (en) IP Multimedia System IMS domain register method, system and device
CN109962878A (en) A kind of register method and device of IMS user
CN101911651A (en) Securing contact information
US9143536B2 (en) Determining a location address for shared data
US20120246289A1 (en) Control Entity and Method for Setting up a Session in a Communications Network, Subscriber Database and Communications Network
CN106790055B (en) Registration method and device of IMS (IP multimedia subsystem)
CN103905405A (en) IMS user registration method and device and related equipment
US8755799B1 (en) Provisioning and using wildcarded private identity to register devices for wireless services
CN101001145B (en) Authentication method for supporting terminal roaming of non-IP multimedia service subsystem
CN100433913C (en) Method for realizing registering in IP multi-media subsystem
CN101083838B (en) HTTP abstract authentication method in IP multimedia subsystem
CN1866823B (en) Authentication method, device and system in IMS network
CN100562019C (en) Operation processing method in the IP Multimedia System and home signature user server
CN108881118A (en) A kind of IMS cascade connection networking method and equipment
CN103607411A (en) Method and device for processing IMS user identification
JP4980813B2 (en) Authentication processing apparatus, authentication processing method, and authentication processing system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20140402