CN107454045A - A kind of method, apparatus and system of the certification of user's IMS registration - Google Patents

A kind of method, apparatus and system of the certification of user's IMS registration Download PDF

Info

Publication number
CN107454045A
CN107454045A CN201610380324.1A CN201610380324A CN107454045A CN 107454045 A CN107454045 A CN 107454045A CN 201610380324 A CN201610380324 A CN 201610380324A CN 107454045 A CN107454045 A CN 107454045A
Authority
CN
China
Prior art keywords
user equipment
network side
network
sqni
sqn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610380324.1A
Other languages
Chinese (zh)
Other versions
CN107454045B (en
Inventor
张子敬
张晴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201610380324.1A priority Critical patent/CN107454045B/en
Publication of CN107454045A publication Critical patent/CN107454045A/en
Application granted granted Critical
Publication of CN107454045B publication Critical patent/CN107454045B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration

Abstract

The embodiment of the invention discloses a kind of method, apparatus and system of the certification of user's IMS registration, certification registration process can be completed by changing the signaling process of IMS AKA authentication registrations and the parameters for authentication of transmission by two signalings, 4 signalings compared to 3GPP IMS AKA complete authentication registration, reduce Signalling exchange, reduce network burden, shorten user and access delay, add Consumer's Experience.

Description

A kind of method, apparatus and system of the certification of user's IMS registration
Technical field
The present embodiments relate to the technical field of network registry, more particularly to a kind of user's IMS registration to recognize The method, apparatus and system of card.
Background technology
IMS (IP Multimedia Subsystem) is IP multimedia subsystem, and user is using IMS It must be registered before service to IMS network, user can be completed to network and net by registration process Two-way authentication of the network to user.VoLTE terminals pass through IMS-AKA (IMS-Authentication and Key Agreement, IMS Authentication and Key Agreement agreement) mechanism access IMS network, complete note Volume and certification.IMS-AKA registration processes are included and registered twice, are initial registration and identification log respectively.
Initial registration procedure is initiated by user, and the process of registration is initiated to IMS network, due to now going back Authentication is not carried out, so network can send 401 unauthorizeds and respond and carry authentication verification parameter (RAND, AUTN) initiates to challenge to user, and user can carry out the meter of Authentication Response parameter after receiving Calculate, identification log flow can be initiated afterwards.
Identification log flow is that challenge responses value is sent to network by user, and authentication and key are completed by network The process of negotiation.The registration of IMS network is completed by IMS-AKA mechanism, at least needs to send twice REGISTER is asked, and the sip message between user and network interacts excessively cumbersome, and sip message The certification header field (such as AUTNorization header fields and WWW-AUTNenticate header fields) of carrying is with crowd More AKA parameters, cause sip message length to be significantly increased.Due to the limitation of network bandwidth, transmission is prolonged Late will be fairly obvious, user will be long by registering the time-consuming of access network, influences making for user With impression.
The content of the invention
The purpose of the embodiment of the present invention is to propose a kind of method, apparatus of user's IMS registration certification and is System, it is intended to solve the problems, such as Signalling exchange how is reduced during user's registration, reduce network burden.
To use following technical scheme up to this purpose, the embodiment of the present invention:
In a first aspect, a kind of method of user's IMS registration certification, methods described include:
User equipment (UE) is after IMS-APN data link activates successfully, the user equipment (UE) Random parameter RAND is generated, and obtains the SQNi locally preserved, passes through AKA algorithms, the RAND With the SQNi calculating parameters, the parameter includes CK, IK, AK, MAC1, RES and AUTN1;
The user equipment (UE) is by IMPI, IMPU, AUTN1, the RAND, described RES parameter is sent to network side by Register message, to cause the network side to verify the user Whether equipment UE and the network side are synchronous, and determine whether the user equipment (UE) is legal;
The message of the network side feedback is received, the user equipment (UE) and institute are verified in the network side State in the case that network side is synchronous and the user equipment (UE) is legal, the user equipment (UE) is according to institute The message for stating network side feedback determines whether the network is legal;
Wherein, the AUTN1 is used to identify network authentication token;The MAC1 is used to identify message Authentication code, the RES are used to identify desired certification response, and the CK is used to identify confidentiality key, The IK is used to identify Integrity Key, and the AK is used to identify Anonymity Key.
Preferably, the data sent according to network side determine whether the network is legal, including:
The user equipment (UE) parses the AUTN that the network side is sent and obtains SQN and MAC, Judge whether the SQN is consistent with SQNi;
If the SQN is consistent with the SQNi, by the MAC1 with being obtained from AUTN MAC be compared, judge the legitimacy of the network;
If the SQN and the SQNi are inconsistent, the user equipment (UE) is according to the SQN MAC1 parameters are recalculated again compared with the MAC, judge the legitimacy of the network, together The SQNi that Shi Gengxin is locally stored, wherein SQNi can be set to SQN and add n, wherein n to be more than 0 Integer.
Preferably, methods described also includes:
After the user equipment (UE) verifies the legitimacy of the network, sent to the network and subscribe to request, The network detects that user registration state is notified that the user equipment (UE) after changing.
Second aspect, a kind of method of user's IMS registration certification, it is characterised in that methods described includes:
Network side receive user equipment (UE) Register message send IMPI, IMPU, After AUTN1, RAND, RES parameter, the S-CSCF of the network side is according to the IMPI to HSS Obtain authentication vector AV;
The HSS according to the IMPI retrieve corresponding to Key and according to the RAND calculate AKA Parameter, verify whether the user equipment (UE) and the network side are synchronous by the AUTN1, After determining the user equipment (UE) and the network side synchronization, the HSS sends authentication vector AV To the S-CSCF, the authentication vector AV includes RAND, xRes, CK, IK and AUTN;
The xRes that the RES and the HSS that the S-CSCF user equipment (UE)s are sent are sent It is whether consistent, determine that the user equipment (UE) is legal if consistent, and by the CK, the IK, The AUTN is sent to the P-CSCF of the network side;
The AUTN is sent to the user after the P-CSCF reservations CK and IK Equipment UE.
Preferably, the HSS verifies that the user equipment (UE) and the network side are by AUTN1 No synchronization, including:
The HSS parses the SQNi in the AUTN1, and with being generated according to the network side SQN compares;
If the SQNi is more than the SQN, the user equipment (UE) and the network side are synchronous, The HSS updates synchronization parameter;
If the SQNi is less than the SQN, the HSS recalculates according to the AKA algorithms AUTN。
The third aspect, a kind of device of user's IMS registration certification, described device include:
Computing module, it is raw for user equipment (UE) after IMS-APN data link activates successfully Into random parameter RAND, and the SQNi locally preserved is obtained, pass through AKA algorithms, the RAND With the SQNi calculating parameters, the parameter includes CK, IK, AK, MAC1, RES and AUTN1;
Sending module, for the user equipment (UE) by IMPI, IMPU, AUTN1, described RAND, the RES parameter are sent to network side by Register message, to cause the network side Verify whether the user equipment (UE) and the network side are synchronous, and determine the user equipment (UE) It is whether legal;
Determining module, for receiving the message of the network side feedback, the use is verified in the network side Family equipment UE and the network side are synchronous and in the case that the user equipment (UE) is legal, the user The message that equipment UE is fed back according to the network side determines whether the network is legal;
Wherein, the AUTN1 is used to identify network authentication token;The MAC1 is used to identify message Authentication code, the RES are used to identify desired certification response, and the CK is used to identify confidentiality key, The IK is used to identify Integrity Key, and the AK is used to identify Anonymity Key.
Preferably, the determining module, is used for:
Parse the AUTN that the network side is sent and obtain SQN and MAC, judge that the SQN is It is no consistent with SQNi;
If the SQN is consistent with the SQNi, by the MAC1 with being obtained from AUTN MAC be compared, judge the legitimacy of the network;
If the SQN and the SQNi are inconsistent, MAC ginsengs are recalculated according to the SQN Number compared with the MAC, judges the legitimacy of the network, while update what is be locally stored again SQNi, wherein SQNi can be set to SQN and add n, wherein n to be the integer more than 0.
Preferably, described device also includes:
Subscribing module, after the legitimacy for verifying the network, sent to the network and subscribe to request, The network detects that user registration state is notified that the user equipment (UE) after changing.
Fourth aspect, a kind of system of user's IMS registration certification, the system include:
S-CSCF, IMPI, IMPU of the Register message transmission for receiving user equipment (UE), After AUTN1, RAND, RES parameter, authentication vector AV is obtained to HSS according to the IMPI;
HSS, for the Key according to corresponding to IMPI retrievals and AKA is calculated according to the RAND Parameter, verify whether the user equipment (UE) and the network side are synchronous by the AUTN1, After determining the user equipment (UE) and the network side synchronization, the HSS sends authentication vector AV To the S-CSCF, the authentication vector AV includes RAND, xRes, CK, IK and AUTN;
The S-CSCF, the RES sent for the user equipment (UE) and the HSS are sent XRes it is whether consistent, determine that the user equipment (UE) is legal if consistent, and by the CK, institute State IK, the AUTN is sent to the P-CSCF of the network side;
The P-CSCF, retain and the AUTN is sent to the user after the CK and IK Equipment UE.
Preferably, the HSS, is additionally operable to:
The SQNi in the AUTN1 is parsed, and compared with the SQN with being generated according to the network side;
If the SQNi is more than the SQN, the user equipment (UE) and the network side are synchronous, Update synchronization parameter;
If the SQNi is less than the SQN, AUTN is recalculated according to the AKA algorithms.
The embodiment of the present invention provides a kind of method, apparatus and system of the certification of user's IMS registration, by repairing The signaling process and the parameters for authentication of transmission for changing IMS-AKA authentication registrations can be complete by two signalings Into certification registration process, 4 signalings compared to 3GPP IMS-AKA are completed authentication registration, reduced Signalling exchange, network burden is reduced, shorten user and access delay, add Consumer's Experience.
Brief description of the drawings
Fig. 1 is the interaction schematic diagram of the method for user's IMS registration certification of the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the method for user's IMS registration certification of the embodiment of the present invention;
Fig. 3 is another schematic flow sheet of the method for user's IMS registration certification of the embodiment of the present invention;
Fig. 4 is the structural representation of the device of user's IMS registration certification of the embodiment of the present invention;
Fig. 5 is the structural representation of the system of user's IMS registration certification of the embodiment of the present invention.
Embodiment
The embodiment of the present invention is described in further detail with reference to the accompanying drawings and examples.It can manage Solution, specific embodiment described herein are used only for explaining the embodiment of the present invention, rather than to this The restriction of inventive embodiments.It also should be noted that for the ease of describing, only shown in accompanying drawing The part related to the embodiment of the present invention rather than entire infrastructure.
With reference to figure 1, Fig. 1 is the interaction schematic diagram of the method for user's IMS registration certification of the embodiment of the present invention.
As shown in figure 1, user's IP multimedia subsystem (IP Multimedia Subsystem, IMS) The method of authentication registration is as follows:
Step 101, UE generates random parameter RAND, and obtains the last time that the i locally preserved is locally preserved Network sequence number (Sequence Number, SQNi) when succeeding in registration, assisted by certification and key Business's agreement (Authentication and Key Agreement, AKA) algorithm calculating relevant parameter (CK, IK, AK, MAC1, RES, AUTN1), and AUTN1, RAND, RES are passed through into Register Message is sent to network side;
Wherein, HSS completes AKA algorithms using parameters such as RAND, SQN, the certification ginseng mainly calculated Number and process are as follows, and wherein F1~F5 represents specific algorithm in AKA.
Key is personal security's root key, is stored in HSS and SIM card, each parameter is calculated as follows
Message authentication code MAC:Mac=F1 (key, SQN concatenation RAND concatenations AMF);
Desired certification response XRES:XRes=F2 (key, RAND);
Confidentiality ciphering key K:Ck=F3 (key, RAND);
Integrity Key IK:Ik=F4 (key, RAND);
Anonymity Key AK:Ak=F5 (key, RAND);
Network authentication token AUTH:AUTH=(SQN XOR AK) concatenation AMF concatenations MAC.
Step 102, HSS according to IP multimedia private identity (IP Multimedia Private Identity, IMPI) Key corresponding to retrieval, AKA parameters (CK, IK, AK, xRes) and root corresponding to generation UE side SQNi are parsed according to AUTN1, and judge synchronous regime, generation meets the network sequence number of condition (Sequence Number, SQN) recalculate MAC, authentication token (Authentication token, AUTN), and by subscription authentication Vector Groups AV (RAND, AUTN, CK, IK, xRes) send out Give S-CSCF;
Step 103, S-CSCF compares the expected response value that the RES and HSS of UE transmissions are returned Whether (Response, xRes) be consistent, thinks that UE is legal if consistent, and by encryption key (Cipher Key, CK), Integrity Key (Integrity Key, IK), AUTN be sent to P-CSCF;
Step 104, UE recalculates MAC parameters by RADN and AUTN, and with being taken in AUTN The MAC of band compares, and thinks that network is legal if consistent, and certification is by initiating subsequent SUBSCRIBE messages.
With reference to figure 2, Fig. 2 is the schematic flow sheet of the method for user's IMS registration certification of the embodiment of the present invention.
As shown in Fig. 2 the method for user's IMS registration certification includes:
Step 201, user equipment (UE) is in APN (the IP Multimedia for IMS links Subsystem-Access Point Name, IMS-APN) data link activate successfully after, the use Family equipment UE generation random parameter RAND, and the SQNi locally preserved is obtained, pass through AKA algorithms, institute RAND and the SQNi calculating parameters are stated, the parameter includes CK, IK, AK, MAC1, RES And AUTN1;
Step 202, the user equipment (UE) is by the publicly-owned mark of IMPI, IP multimedia (IP Multimedia Public Identity, IMPU), the AUTN1, the RAND, the RES parameter pass through Register message is sent to network side, to cause the network side to verify the user equipment (UE) and institute Whether synchronous state network side, and determine whether the user equipment (UE) is legal;
Step 203, the message of the network side feedback is received, verifies that the user sets in the network side Standby UE and the network side are synchronous and in the case that the user equipment (UE) is legal, the user equipment The message that UE feeds back according to the network side determines whether the network is legal;
Preferably, the data sent according to network side determine whether the network is legal, including:
The user equipment (UE) parses the AUTN that the network side is sent and obtains SQN and MAC, Judge whether the SQN is consistent with SQNi;
If the SQN is consistent with the SQNi, by the MAC1 with being obtained from AUTN MAC be compared, judge the legitimacy of the network;
If the SQN and the SQNi are inconsistent, the user equipment (UE) is according to the SQN MAC1 parameters are recalculated again compared with the MAC, judge the legitimacy of the network, together The SQNi that Shi Gengxin is locally stored, wherein SQNi can be set to SQN and add n, wherein n to be more than 0 Integer.
Wherein, the AUTN1 is used to identify network authentication token;The MAC1 is used to identify message Authentication code, the RES are used to identify desired certification response, and the CK is used to identify confidentiality key, The IK is used to identify Integrity Key, and the AK is used to identify Anonymity Key.
Preferably, methods described also includes:
After the user equipment (UE) verifies the legitimacy of the network, send to subscribe to the network and ask Ask, the network detects that user registration state is notified that the user equipment (UE) after changing.
The embodiment of the present invention provides a kind of method of user's IMS registration certification, by changing IMS-AKA notes The signaling process of volume certification and the parameters for authentication of transmission can complete certification by two signalings and register Journey, 4 signalings compared to 3GPP IMS-AKA complete authentication registration, reduce Signalling exchange, drop Low network burden, shorten user and access delay, add Consumer's Experience.
With reference to figure 3, Fig. 3 is the schematic flow sheet of the method for user's IMS registration certification of the embodiment of the present invention.
As shown in figure 3, the method for user's IMS registration certification includes:
Step 301, network side receive user equipment (UE) Register message send IMPI, After IMPU, AUTN1, RAND, RES parameter, the network-side service CSCF (Serving-Call Session Control Funtion, S-CSCF) obtains according to the IMPI to HSS Take authentication vector AV;
Step 302, home subscriber server (Home Subscriber Server, the HSS) basis Key corresponding to the IMPI retrievals simultaneously calculates AKA parameters according to the RAND, by described AUTN1 verifies whether the user equipment (UE) and the network side are synchronous, it is determined that the user sets After UE and the network side synchronization, authentication vector AV is sent to the S-CSCF by the HSS, The authentication vector AV includes RAND, xRes, CK, IK and AUTN;
Preferably, the HSS verifies that the user equipment (UE) and the network side are by AUTN1 No synchronization, including:
The HSS parses the SQNi in the AUTN1, and with being generated according to the network side SQN compares;
If the SQNi is more than the SQN, the user equipment (UE) and the network side are synchronous, The HSS updates synchronization parameter;
If the SQNi is less than the SQN, the HSS recalculates according to the AKA algorithms AUTN。
Step 303, the RES and the HSS that the S-CSCF user equipment (UE)s are sent Whether the xRes of transmission consistent, determines that the user equipment (UE) is legal if consistent, and by the CK, The IK, the AUTN are sent to Proxy Call Session Control Function (Proxy-Call Session Control Funtion, P-CSCF);
Step 304, the AUTN is sent to by the P-CSCF after retaining the CK and IK The user equipment (UE).
The embodiment of the present invention provides a kind of method of user's IMS registration certification, by changing IMS-AKA notes The signaling process of volume certification and the parameters for authentication of transmission can complete certification by two signalings and register Journey, 4 signalings compared to 3GPP IMS-AKA complete authentication registration, reduce Signalling exchange, drop Low network burden, shorten user and access delay, add Consumer's Experience.
With reference to figure 4, Fig. 4 is a kind of work(of the device of user's IMS registration certification provided in an embodiment of the present invention Can module diagram.
As shown in figure 4, the device of user's IMS registration certification includes:
Computing module 401, for user equipment (UE) after IMS-APN data link activates successfully, Random parameter RAND is generated, and obtains the SQNi locally preserved, passes through AKA algorithms, the RAND With the SQNi calculating parameters, the parameter includes CK, IK, AK, MAC1, RES and AUTN1;
Sending module 402, for the user equipment (UE) by IMPI, IMPU, the AUTN1, The RAND, the RES parameter are sent to network side by Register message, to cause the net Network side verifies whether the user equipment (UE) and the network side are synchronous, and determines the user equipment Whether UE is legal;
Determining module 403, for receiving the message of the network side feedback, institute is verified in the network side State user equipment (UE) and the network side is synchronous and in the case that the user equipment (UE) is legal, it is described The message that user equipment (UE) feeds back according to the network side determines whether the network is legal;
Preferably, the determining module 403, is used for:
Parse the AUTN that the network side is sent and obtain SQN and MAC, judge that the SQN is It is no consistent with SQNi;
If the SQN is consistent with the SQNi, by the MAC1 with being obtained from AUTN MAC be compared, judge the legitimacy of the network;
If the SQN and the SQNi are inconsistent, MAC ginsengs are recalculated according to the SQN Number compared with the MAC, judges the legitimacy of the network, while update what is be locally stored again SQNi, wherein SQNi can be set to SQN and add n, wherein n to be the integer more than 0.
Wherein, the AUTN1 is used to identify network authentication token;The MAC1 is used to identify message Authentication code, the RES are used to identify desired certification response, and the CK is used to identify confidentiality key, The IK is used to identify Integrity Key, and the AK is used to identify Anonymity Key.
Preferably, described device also includes:
Subscribing module, after the legitimacy for verifying the network, sent to the network and subscribe to request, The network detects that user registration state is notified that the user equipment (UE) after changing.
The embodiment of the present invention provides a kind of device of user's IMS registration certification, by changing IMS-AKA notes The signaling process of volume certification and the parameters for authentication of transmission can complete certification by two signalings and register Journey, 4 signalings compared to 3GPP IMS-AKA complete authentication registration, reduce Signalling exchange, drop Low network burden, shorten user and access delay, add Consumer's Experience.
With reference to figure 5, Fig. 5 is a kind of knot of the system of user's IMS registration certification provided in an embodiment of the present invention Structure schematic diagram.
As shown in figure 5, the system of user's IMS registration certification includes:
S-CSCF501, IMPI, IMPU of the Register message transmission for receiving user equipment (UE), After AUTN1, RAND, RES parameter, authentication vector AV is obtained to HSS according to the IMPI;
HSS502, calculated for the Key according to corresponding to IMPI retrievals and according to the RAND AKA parameters, verify whether the user equipment (UE) and the network side are same by the AUTN1 Step, it is determined that after the user equipment (UE) and the network side synchronization, the HSS is by authentication vector AV is sent to the S-CSCF, and the authentication vector AV includes RAND, xRes, CK, IK and AUTN;
The S-CSCF501, the RES sent for the user equipment (UE) and the HSS Whether the xRes of transmission consistent, determines that the user equipment (UE) is legal if consistent, and by the CK, The IK, the AUTN are sent to the P-CSCF of the network side;
The P-CSCF503, retain after the CK and IK AUTN is sent to it is described User equipment (UE).
The embodiment of the present invention provides a kind of system of user's IMS registration certification, by changing IMS-AKA notes The signaling process of volume certification and the parameters for authentication of transmission can complete certification by two signalings and register Journey, 4 signalings compared to 3GPP IMS-AKA complete authentication registration, reduce Signalling exchange, drop Low network burden, shorten user and access delay, add Consumer's Experience.
The technical principle of the embodiment of the present invention is described above in association with specific embodiment.These descriptions are to be The principle of the embodiment of the present invention is explained, and can not be construed to protect the embodiment of the present invention in any way The limitation of scope.Based on explanation herein, those skilled in the art would not require any inventive effort Other embodiments of the embodiment of the present invention can be associated, these modes fall within of the invention real Apply within the protection domain of example.

Claims (10)

  1. A kind of 1. method of user's IMS registration certification, it is characterised in that methods described includes:
    User equipment (UE) is after IMS-APN data link activates successfully, the user equipment (UE) Random parameter RAND is generated, and obtains the SQNi locally preserved, passes through AKA algorithms, the RAND With the SQNi calculating parameters, the parameter includes CK, IK, AK, MAC1, RES and AUTN1;
    The user equipment (UE) is by IMPI, IMPU, AUTN1, the RAND, described RES parameter is sent to network side by Register message, to cause the network side to verify the user Whether equipment UE and the network side are synchronous, and determine whether the user equipment (UE) is legal;
    The user equipment (UE) receives the message of the network side feedback, described in network side checking User equipment (UE) and the network side are synchronous and in the case that the user equipment (UE) is legal, the use The message that family equipment UE is fed back according to the network side determines whether the network is legal;
    Wherein, the AUTN1 is used to identify network authentication token;The MAC1 is used to identify message Authentication code, the RES are used to identify desired certification response, and the CK is used to identify confidentiality key, The IK is used to identify Integrity Key, and the AK is used to identify Anonymity Key.
  2. 2. according to the method for claim 1, it is characterised in that it is described according to network side send Data determine whether the network is legal, including:
    The user equipment (UE) parses the AUTN that the network side is sent and obtains SQN and MAC, Judge whether the SQN is consistent with SQNi;
    If the SQN is consistent with the SQNi, by the MAC1 with being obtained from AUTN MAC be compared, judge the legitimacy of the network;
    If the SQN and the SQNi are inconsistent, the user equipment (UE) is according to the SQN MAC1 parameters are recalculated again compared with the MAC, judge the legitimacy of the network, together The SQNi that Shi Gengxin is locally stored, wherein SQNi can be set to SQN and add n, wherein n to be more than 0 Integer.
  3. 3. method according to claim 1 or 2, it is characterised in that methods described also includes:
    After the user equipment (UE) verifies the legitimacy of the network, send to subscribe to the network and ask Ask, the network detects that user registration state is notified that the user equipment (UE) after changing.
  4. A kind of 4. method of user's IMS registration certification, it is characterised in that methods described includes:
    Network side receive user equipment (UE) Register message send IMPI, IMPU, AUTN1, After RAND, RES parameter, the S-CSCF of the network side obtains according to the IMPI to HSS to be reflected Weight vector AV;
    The HSS according to the IMPI retrieve corresponding to Key and according to the RAND calculate AKA Parameter, verify whether the user equipment (UE) and the network side are synchronous by the AUTN1, After determining the user equipment (UE) and the network side synchronization, the HSS sends authentication vector AV To the S-CSCF, the authentication vector AV includes RAND, xRes, CK, IK and AUTN;
    The xRes that the RES and the HSS that the S-CSCF user equipment (UE)s are sent are sent It is whether consistent, determine that the user equipment (UE) is legal if consistent, and by the CK, the IK, The AUTN is sent to the P-CSCF of the network side;
    The AUTN is sent to the user after the P-CSCF reservations CK and IK Equipment UE.
  5. 5. according to the method for claim 4, it is characterised in that the HSS passes through AUTN1 Verify whether the user equipment (UE) and the network side are synchronous, including:
    The HSS parses the SQNi in the AUTN1, and the SQN with being generated according to the network side Compare;
    If the SQNi is more than the SQN, the user equipment (UE) and the network side are synchronous, The HSS updates synchronization parameter;
    If the SQNi is less than the SQN, the HSS recalculates according to the AKA algorithms AUTN。
  6. 6. a kind of device of user's IMS registration certification, it is characterised in that described device includes:
    Computing module, it is raw for user equipment (UE) after IMS-APN data link activates successfully Into random parameter RAND, and the SQNi locally preserved is obtained, pass through AKA algorithms, the RAND With the SQNi calculating parameters, the parameter includes CK, IK, AK, MAC1, RES and AUTN1;
    Sending module, for the user equipment (UE) by IMPI, IMPU, AUTN1, described RAND, the RES parameter are sent to network side by Register message, to cause the network side Verify whether the user equipment (UE) and the network side are synchronous, and determine the user equipment (UE) It is whether legal;
    Determining module, for receiving the message of the network side feedback, the use is verified in the network side Family equipment UE and the network side are synchronous and in the case that the user equipment (UE) is legal, the user The message that equipment UE is fed back according to the network side determines whether the network is legal;
    Wherein, the AUTN1 is used to identify network authentication token;The MAC1 is used to identify message Authentication code, the RES are used to identify desired certification response, and the CK is used to identify confidentiality key, The IK is used to identify Integrity Key, and the AK is used to identify Anonymity Key.
  7. 7. device according to claim 6, it is characterised in that the determining module, be used for:
    Parse the AUTN that the network side is sent and obtain SQN and MAC, judge that the SQN is It is no consistent with SQNi;
    If the SQN is consistent with the SQNi, by the MAC1 with being obtained from AUTN MAC be compared, judge the legitimacy of the network;
    If the SQN and the SQNi are inconsistent, MAC ginsengs are recalculated according to the SQN Number compared with the MAC, judges the legitimacy of the network, while update what is be locally stored again SQNi, wherein SQNi can be set to SQN and add n, wherein n to be the integer more than 0.
  8. 8. the device according to claim 6 or 7, it is characterised in that described device also includes:
    Subscribing module, after the legitimacy for verifying the network, sent to the network and subscribe to request, The network detects that user registration state is notified that the user equipment (UE) after changing.
  9. 9. a kind of system of user's IMS registration certification, it is characterised in that the system includes:
    S-CSCF, IMPI, IMPU of the Register message transmission for receiving user equipment (UE), After AUTN1, RAND, RES parameter, authentication vector AV is obtained to HSS according to the IMPI;
    HSS, for the Key according to corresponding to IMPI retrievals and AKA is calculated according to the RAND Parameter, verify whether the user equipment (UE) and the network side are synchronous by the AUTN1, After determining the user equipment (UE) and the network side synchronization, the HSS sends authentication vector AV To the S-CSCF, the authentication vector AV includes RAND, xRes, CK, IK and AUTN;
    The S-CSCF, the RES sent for the user equipment (UE) and the HSS are sent XRes it is whether consistent, determine that the user equipment (UE) is legal if consistent, and by the CK, institute State IK, the AUTN is sent to the P-CSCF of the network side;
    The P-CSCF, retain and the AUTN is sent to the user after the CK and IK Equipment UE.
  10. 10. system according to claim 9, it is characterised in that the HSS, be additionally operable to:
    The SQNi in the AUTN1 is parsed, and compared with the SQN with being generated according to the network side;
    If the SQNi is more than the SQN, the user equipment (UE) and the network side are synchronous, Update synchronization parameter;
    If the SQNi is less than the SQN, AUTN is recalculated according to the AKA algorithms.
CN201610380324.1A 2016-06-01 2016-06-01 Method, device and system for user IMS registration authentication Expired - Fee Related CN107454045B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610380324.1A CN107454045B (en) 2016-06-01 2016-06-01 Method, device and system for user IMS registration authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610380324.1A CN107454045B (en) 2016-06-01 2016-06-01 Method, device and system for user IMS registration authentication

Publications (2)

Publication Number Publication Date
CN107454045A true CN107454045A (en) 2017-12-08
CN107454045B CN107454045B (en) 2020-09-11

Family

ID=60486092

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610380324.1A Expired - Fee Related CN107454045B (en) 2016-06-01 2016-06-01 Method, device and system for user IMS registration authentication

Country Status (1)

Country Link
CN (1) CN107454045B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110149241A (en) * 2019-04-09 2019-08-20 广州市高科通信技术股份有限公司 A kind of automated testing method and storage medium based on IMS equipment
CN110858969A (en) * 2018-08-23 2020-03-03 刘高峰 Client registration method, device and system
CN110933673A (en) * 2019-10-12 2020-03-27 国网浙江省电力有限公司信息通信分公司 Access authentication method of IMS network
CN113923658A (en) * 2021-09-30 2022-01-11 国网福建省电力有限公司 APN-based adaptive terminal authentication method and system
WO2022183427A1 (en) * 2021-03-04 2022-09-09 Zte Corporation Method, device, and system for protecting sequence number in wireless network

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1722689A (en) * 2005-06-21 2006-01-18 中兴通讯股份有限公司 A protection method for access security of IP multimedia subsystem
CN101106457A (en) * 2006-07-10 2008-01-16 华为技术有限公司 Method for identifying authentication mode of user terminal in IP multimedia subsystem network
CN101272251A (en) * 2007-03-22 2008-09-24 华为技术有限公司 Authentication and cryptographic key negotiation method, authentication method, system and equipment
CN101854629A (en) * 2010-05-21 2010-10-06 西安电子科技大学 Method of access authentication and recertification in home NodeB system of user terminal
CN101867928A (en) * 2010-05-21 2010-10-20 西安电子科技大学 Authentication method for accessing mobile subscriber to core network through femtocell
US20140053241A1 (en) * 2011-04-27 2014-02-20 Telefonaktiebolaget L M Ericsson (Publ) Authenticating a Device in a Network
CN104754581A (en) * 2015-03-24 2015-07-01 河海大学 Public key password system based LTE wireless network security certification system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1722689A (en) * 2005-06-21 2006-01-18 中兴通讯股份有限公司 A protection method for access security of IP multimedia subsystem
CN101106457A (en) * 2006-07-10 2008-01-16 华为技术有限公司 Method for identifying authentication mode of user terminal in IP multimedia subsystem network
CN101272251A (en) * 2007-03-22 2008-09-24 华为技术有限公司 Authentication and cryptographic key negotiation method, authentication method, system and equipment
CN101854629A (en) * 2010-05-21 2010-10-06 西安电子科技大学 Method of access authentication and recertification in home NodeB system of user terminal
CN101867928A (en) * 2010-05-21 2010-10-20 西安电子科技大学 Authentication method for accessing mobile subscriber to core network through femtocell
US20140053241A1 (en) * 2011-04-27 2014-02-20 Telefonaktiebolaget L M Ericsson (Publ) Authenticating a Device in a Network
CN104754581A (en) * 2015-03-24 2015-07-01 河海大学 Public key password system based LTE wireless network security certification system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110858969A (en) * 2018-08-23 2020-03-03 刘高峰 Client registration method, device and system
CN110149241A (en) * 2019-04-09 2019-08-20 广州市高科通信技术股份有限公司 A kind of automated testing method and storage medium based on IMS equipment
CN110149241B (en) * 2019-04-09 2021-08-24 广州市高科通信技术股份有限公司 Automatic testing method based on IMS equipment and storage medium
CN110933673A (en) * 2019-10-12 2020-03-27 国网浙江省电力有限公司信息通信分公司 Access authentication method of IMS network
CN110933673B (en) * 2019-10-12 2023-10-24 国网浙江省电力有限公司信息通信分公司 Access authentication method of IMS network
WO2022183427A1 (en) * 2021-03-04 2022-09-09 Zte Corporation Method, device, and system for protecting sequence number in wireless network
CN113923658A (en) * 2021-09-30 2022-01-11 国网福建省电力有限公司 APN-based adaptive terminal authentication method and system
CN113923658B (en) * 2021-09-30 2023-06-23 国网福建省电力有限公司 APN-based self-adaptive terminal authentication method and system

Also Published As

Publication number Publication date
CN107454045B (en) 2020-09-11

Similar Documents

Publication Publication Date Title
US8335487B2 (en) Method for authenticating user terminal in IP multimedia sub-system
CN107454045A (en) A kind of method, apparatus and system of the certification of user's IMS registration
US8984615B2 (en) Web to IMS registration and authentication for an unmanaged IP client device
US20130254531A1 (en) Ims multimedia communication method and system, terminal and ims core network
US8959343B2 (en) Authentication system, method and device
US20170118026A1 (en) Encrypted communication method and apparatus
US20100011220A1 (en) Authentication and key agreement method, authentication method, system and device
CN108632231A (en) A kind of internet of things equipment, Internet of Things authentication platform, authentication method and system
EP1414212A1 (en) Method and system for authenticating users in a telecommunication system
WO2008025280A1 (en) A method and system of authentication
CN1913437B (en) Initial session protocol application network and device and method for set-up of safety channel
US20080244266A1 (en) Authenticating a communication device and a user of the communication device in an ims network
CN109962878B (en) Registration method and device of IMS (IP multimedia subsystem) user
WO2007022800A1 (en) Method and apparatus for providing access security in a communications network
CN1777102B (en) Device and method for software terminal accessing IP multimedia sub-system
US9526005B2 (en) GSM A3/A8 authentication in an IMS network
CN102065069B (en) Method and system for authenticating identity and device
KR20090039451A (en) Authentication method using secret keys derived from user password
CN101198148B (en) Information distribution method for mobile terminal
Chen et al. An efficient end-to-end security mechanism for IP multimedia subsystem
CN101662475A (en) Authentication method of accessing WAPI terminal into IMS network, system thereof and terminal thereof
CN108668274A (en) A kind of method and device for realizing VoLTE IMS registrations
CN105827661B (en) Method and device for secure communication
Huang et al. Reducing signaling traffic for the authentication and key agreement procedure in an IP multimedia subsystem
CN102082769A (en) System, devices and method for authenticating IMS (IP multimedia subsystem) terminal during obtaining non-IMS services

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200911

CF01 Termination of patent right due to non-payment of annual fee