CN1708006A - Method for switching in multimedia subsystem based on IP by user - Google Patents
Method for switching in multimedia subsystem based on IP by user Download PDFInfo
- Publication number
- CN1708006A CN1708006A CN 200410037197 CN200410037197A CN1708006A CN 1708006 A CN1708006 A CN 1708006A CN 200410037197 CN200410037197 CN 200410037197 CN 200410037197 A CN200410037197 A CN 200410037197A CN 1708006 A CN1708006 A CN 1708006A
- Authority
- CN
- China
- Prior art keywords
- user
- cscf
- information
- authentication
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The method for 2G user to access IMS has the key point that after and only after the 2G user passes through the authority discrimination of the 3GPP group domain and the IMS, the 2G user is allowed to access IMS. When the 2G user is to access IMS, the authority discrimination process has increased IMS discrimination step and the service layer authority discrimination and the group domain access layer authority discrimination are separated, so as to raise the safety of the system. At the same time, the present invention performs integrality protection on the idle port communication message between the 2G user and P-CSCF, and this provides even high safe guard for available inspection user marker and IP address binding mode.
Description
Technical field
The present invention relates to the mobile communication technology field, be meant that especially a kind of second generation mobile communications network (2G) user inserts the method for IP-based IP multimedia subsystem, IMS (IMS).
Background technology
Development along with broadband network, mobile communication not only is confined to traditional Speech Communication, by with present that business (presence), short message, webpage (WEB) are browsed, the combining of data service such as locating information, propelling movement business (PUSH) and file-sharing, mobile communication can realize the business of multiple medium types such as audio frequency, video, picture and text, to satisfy user's multiple demand.
For example, short message service can provide the service of instant message, chatroom and multimedia short message; Video traffic can provide amusement, multimedia messages service such as to exchange with daily; Electronic commerce affair can provide services such as catalogue, search engine, shopping cart, order management and payment; Game service can provide services such as solitaire game and group's recreation; Positioning service can provide services such as missing, guide and warning; The personal assistant business can provide services such as address book, schedule, bookmark management, file storage, event notification and Email.
Under the promotion of multiple application, 3rd Generation Partnership Project (3GPP) and 3rd Generation Partnership Project 2 (3GPP2) etc. are organized IP multimedia subsystem, IMS (IMS) framework of all successively having released based on 1P, its objective is and in the mobile network, use a kind of standardized open architecture to realize diversified multimedia application, so that more selection and abundanter impression to be provided to the user.
The IMS framework is superimposed upon on the packet field network, is made up of functional entitys such as CSCF (CSCF) entity, MGCF (MGCF) entity, media resource function (MRF) entity and HSS.
CSCF can be divided into serving CSCF (S-CSCF), proxy CSCF (P-CSCF) and three logic entities of inquiry CSCF (I-CSCF) again, and these three logic entities may be on the different physical equipment, also may be functional modules different in the same physical equipment.S-CSCF is the service switching center of IMS, is used to carry out session control, peace preservation association's speech phase, and managing user information produces charge information etc.; P-CSCF is the access point of terminal user access to IMS, is used to finish user's registration, service quality (QoS) control and safety management etc.; I-CSCF is responsible for the intercommunication between the IMS territory, and network topology structure and configuration information are externally hidden in the distribution of management S-CSCF, and produce metering data etc.
MGCF is used to realize the intercommunication of IMS network and other network; MRF is used to provide media resource, as the folding and unfolding sound, and encoding and decoding and multimedia conferencing bridge etc.HSS is very important customer data base, is used to support the processing of each network entity to calling and session.
IMS is based on the 3G (Third Generation) Moblie network, thereby the business on the IMS is very abundant, so operator uses IMS on the network of 2G demand occurred.
The process that existing 2G user inserts IMS is such:
2G user at first inserts the packet domain of 3GPP, this packet field network can carry out authentication to the user, after authentication was passed through, the packet network gateway node (GGSN) of packet network distributed an IP address to the user, and this IP address also is the IP address that the user uses when using the IMS service of subsystem.GGSN is notified to IMS with this IP address and user's telephone number (MSIDSN), HSS in the IMS finds the identify label of user in the IMS system by user's MSISDN, be IP multimedia private user identity (IMPI), and information such as this user's IMPI, MSISDN and IP address are bound preservation.When 2G user uses IMS, S-CSCF obtains this user's the IMPI and the binding relationship of IP address from HSS, inspection from 2G user whether pass through identify label that air interface inserts through P-CSCF and IP address consistent with the identify label of having bound and the IP address of self preservation, if, think that then it is a validated user, control this 2G user and insert, allow this user to use the IMS business, otherwise think that it is a disabled user, refuse this 2G user and insert.
There is following defective in the method that above-mentioned 2G user inserts IMS:
1) because IMS does not have authentication process independently to the user who lands, and therefore, if the safety of 3GPP packet domain is destroyed, IMS has not just had fail safe yet so, i.e. the fail safe of IMS relies on the fail safe of 3GPP packet domain fully, safety is independent.
2) because the IMS subsystem does not authenticate user identity itself, and not to the process of the integrity protection of the transmitted breath of air interface, thereby the IMS subsystem is checked the method shortage confidence level of 2G User Identity and IP binding.When for example passing through air interface communication between UE and P-CSCF, if message content is changed by illegal person, then the IMS network can not be known, thereby can't fundamentally guarantee the safety of message.
3), almost be impossible realize if require all 2G users all to change the safety that the 3G subscription card guarantees system.
Safety problem when therefore needing solution 2G user to insert IMS.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of 2G user to insert the method for IMS, by IMS the 2G user who inserts is carried out authentication independently, thereby improve the fail safe of system.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of 2G user inserts the method for IP-based IP multimedia subsystem, IMS, and after the authentication of 2G user by the packet domain of 3GPP, this method is further comprising the steps of:
After a, 2G user place terminal were converted to the IMPI that IMS can discern with self IMSI, the S-CSCF in IMS sent the registration request that comprises IMPI information;
B, S-CSCF receive user's register request message, judge the sign of integrity protection, if for being and the user registers, return the successful response message of registration then directly for this user, and control this 2G user and insert IMS, otherwise, send authentication request to this 2G user;
After c, 2G user receive this authentication request, produce a response, and this response returned to S-CSCF, S-CSCF judge this response that receives with self in preserved be used for whether this 2G user is carried out the value of authentication identical, if, then control this 2G user and insert IMS, insert otherwise refuse this 2G user.
Preferably, the described S-CSCF of step b sends authentication request to 2G user and may further comprise the steps:
B1, S-CSCF judge the local authentication vector information whether this 2G user is arranged, if having, and direct execution in step b3 then, otherwise, send the message of this 2G subscription authentication Vector Message of request that comprises IMPI, execution in step b2 then to HSS;
After b2, HSS are converted to IMSI with this 2G user's IMPI, HLR in the 2G system inquires about this 2G user's authentication vector, the authentication vector information that comprises RAND, SRES and Kc information from HLR that will receive then returns to S-CSCF, and S-CSCF preserves the authentication vector information that receives;
B3, S-CSCF to P-CSCF send comprise RAND and Kc information the user is carried out the information of authentication; P-CSCF is kept at this locality with the Kc information in the message, and the authentication request information that will comprise the RAND information and the communication information and protection algorithm integrallty information then sends to this 2G user.
Preferably, the described 2G user of step c receives this authentication request, produce a response after, further comprise: 2G user goes out Kc according to the RAND information calculations in the authentication request message that receives, and Kc is kept at this locality;
Step c is described to return to S-CSCF with this response and may further comprise the steps:
C1,2G user are included in the response that self produces and the communication information and protection algorithm integrallty information in the authentication request response message and send to P-CSCF;
C2, P-CSCF carry out integrity checking to the authentication request response message that receives, if by checking, insert corresponding sign in this message, the authentication request response message after will indicating again sends to S-CSCF.
Preferably, the described S-CSCF of step b sends authentication request to 2G user and may further comprise the steps:
B1, S-CSCF send the message of this 2G subscription authentication Vector Message of request that comprises IMPI to HSS;
After b2, HSS were converted to IMSI with this 2G user's IMPI, the HLR in the 2G system inquired about this 2G user's authentication vector, and the authentication vector information that comprises RAND, SRES and Kc information from HLR that will receive then returns to S-CSCF;
B3, S-CSCF preserve the authentication vector information receive, and after Kc is converted to IK and CK, to P-CSCF send comprise RAND, IK and CK information the user is carried out the information of authentication; P-CSCF is kept at this locality with IK in the message and CK information, and the authentication request information that will comprise the RAND and the communication information and protection algorithm integrallty information then sends to this 2G user.
Preferably, the described S-CSCF of step b sends authentication request to 2G user and may further comprise the steps:
B1, S-CSCF send the message of this 2G subscription authentication Vector Message of request that comprises IMPI to HSS;
After b2, HSS were converted to IMSI with this 2G user's IMPI, the HLR in the 2G system inquired about this 2G user's authentication vector, and the authentication vector information that comprises RAND, SRES and Kc information from HLR that will receive then returns to S-CSCF;
B3, S-CSCF preserve the authentication vector information receive, to P-CSCF send comprise RAND and Kc information the user is carried out the information of authentication; Kc in the message is converted to IK to P-CSCF and CK information is kept at this locality, and the authentication request information that will comprise the RAND information and the communication information and protection algorithm integrallty information then sends to this 2G user.
Preferably, the described 2G user of step c receives this authentication request, produce a response after, further comprise: 2G user goes out Kc according to the RAND information calculations in the authentication request message that receives, and after Kc is converted to IK and CK, IK and CK information are kept at this locality;
Step c is described to return to S-CSCF with this response and may further comprise the steps:
C1,2G user are included in the response that self produces and the communication information and protection algorithm integrallty information in the authentication request response message and send to P-CSCF;
C2, P-CSCF carry out integrity checking to the authentication request response message that receives, if by checking, insert corresponding sign in this message, the authentication request response message after will indicating again sends to S-CSCF.
Preferably, the registration request that the described 2G user of step a place terminal is initiated is transmitted through P-CSCF, and described 2G user also comprises the field that identifies access network type in the registration request that S-CSCF sends, P-CSCF and S-CSCF judge that according to the field of the sign access network type in the register request message the applied terminal of this 2G user is 2G mode terminal or 3G mode terminal.
Preferably, S-CSCF judge this response that receives with self in preserved be used for to this 2G user carry out the value of authentication identical after, this method further comprises: S-CSCF obtains 2G user's MSISDN, the IMPI and the binding relationship of IP address from HSS, whether inspection is consistent with the identify label of having bound, the IP address of self preservation from 2G user's the identify label of passing through the 2G user that air interface inserts through P-CSCF, IP address, if, then control this 2G user and insert, insert otherwise refuse this 2G user.
Preferably, described 2G user and P-CSCF carry out integrity protection through the message of air interface by the key that Kc or Kc derive.
Preferably, the registration request of the described 2G user of step a place terminal initiation is by user side or network-triggered.
Use the present invention, after the authentication of 2G user by the packet domain of 3GPP, this 2G user also needs could insert IMS, otherwise this 2G user can not insert IMS after the success of IMS authentication.When the present invention inserts IMS 2G user, increased the authentication process of IMS, made the acess-in layer authentication process of operation layer authentication and packet domain independent, the fail safe that has improved system it.Simultaneously, carried out integrity protection, the higher safety guarantee that provides for the mode of existing inspection user ID and IP address binding for message between 2G user and P-CSCF by idle port communication.
Description of drawings
Figure 1 shows that and use IMS of the present invention carries out authentication to 2G user schematic flow sheet.
Embodiment
For making technical scheme of the present invention clearer, the present invention is done detailed description further again below in conjunction with accompanying drawing.
Thinking of the present invention is: after the authentication of 2G user by the packet domain of 3GPP, after this 2G user is converted to the IMPI that IMS can discern by the place terminal with self IMSI, S-CSCF in IMS sends the registration request that comprises IMPI information, and this message is transmitted by intermediate entities such as P-CSCF and I-CSCF.After described S-CSCF receives 2G user's register request message, check the integrity protection sign in this register request message, if this protective emblem is for being, and this user registers, and sends the registration success message so to the user, allows this user to insert.If the integrity protection of this message is masked as not, no matter whether this user registers, S-CSCF sends authentication request message to the user so.After this 2G user receives above-mentioned authentication request, produce a response, and this response returned to S-CSCF, S-CSCF judge this response that receives with self in preserved be used for whether this 2G user is carried out the value of authentication identical, if, then control this 2G user and insert IMS, insert otherwise refuse this 2G user.
It is same as the prior art that 2G user accepts the authentication process of packet domain of 3GPP, no longer is described in detail at this.Describe IMS carries out authentication to the 2G user of request access process below in detail.
Figure 1 shows that and use IMS of the present invention carries out authentication to 2G user schematic flow sheet.
Step 101, UE is converted into the privately owned identify label form of the user IMPI that IMS uses with the international member identification code (IMSI) of self, and the S-CSCF in IMS sends the registration request that comprises IMPI information, the forwarding arrival S-CSCF of this request message process P-CSCF, I-CSCF.
Step 102 after S-CSCF receives 2G user's register request message, is checked the integrity protection sign in this register request message, if this protective emblem is for being, and this user registers, and then sends the registration success message to this 2G user, and execution in step 106, allow this 2G user to insert IMS; If the integrity protection of this message is masked as not, then no matter whether this 2G user registers, S-CSCF sends authentication request message to the user.Before S-CSCF sends authentication request message, at first judge the local authentication vector information whether this user is arranged, if having, then S-CSCF sends the message that comprises authentication vector information to this 2G user, execution in step 105 then, otherwise execution in step 103.
Step 103, S-CSCF sends the message of this 2G subscription authentication Vector Message of request that comprises IMPI to HSS.Because transform the IMPI that obtains through IMSI, its IMPI has corresponding flag information, is converted to through IMSI so HSS knows this IMPI, can directly not go to search user's relevant information according to IMPI.After HSS is converted to IMSI with this 2G user's IMPI, HLR in the 2G system inquires about this 2G user's authentication vector, to receive then from the comprising random number RA ND, wish that the Authentication Response value SRES obtain and the authentication vector information of key K c return to S-CSCF of HLR, promptly HSS returns the authentication vector tlv triple to S-CSCF.Certainly, the authentication vector tlv triple that HSS returns to S-CSCF can be one group, also can be many groups.If many groups, S-CSCF reads first group according to the order of arranging.
Step 104, S-CSCF preserves all authentication vector information after receiving the authentication vector information that HSS returns, and sends authentication request to this 2G user then.Its detailed process is:
S-CSCF through I-CSCF to P-CSCF send comprise RAND and Kc information the user is carried out the message of authentication; P-CSCF receives after this carries out the message of authentication to the user; at first preserve the Kc information in this message in this locality; then the communication information used in the communication process of back and protection algorithm integrallty information are inserted into this and user are carried out in the message of authentication, send the authentication request message that comprises RAND information and the communication information and protection algorithm integrallty information to 2G user.
Integrity protection is very important in the aerial port communications of UE and P-CSCF.So-called integrity protection is meant; the entity of transmission information is handled the information that sends out by means such as algorithm and keys; receiving terminal is after receiving this message; use identical algorithm and key etc. to check; if message is modified in transmitting the way; receiving terminal will find that this message has been modified so, and this protection to message just is called integrity protection.The application integrity protection can prevent illegal operations such as the message of telex network use is modified, so P-CSCF need indicate the integral algorithm that will use in the communication of back to the message that UE sends.P-CSCF is placed on selected integral algorithm sign in the message, reads for UE.The above-mentioned communication information mainly comprises port numbers and security related information, if support IPsec (IPsecurity) security related information so is exactly the relevant negotiation information of IPsec, if do not support IPsec, security related information can be information such as integral algorithm sign so.
Step 105 after 2G user receives this authentication request, produces a response SRES, this response SRES is included in returns to S-CSCF in the authentication response message.The specific implementation process is:
After 2G user produces response SRES; go out Kc according to the RAND information calculations in the authentication request message that receives; Kc is kept at this locality; send authentication response message to P-CSCF then; not only comprise response SRES in this authentication response message; the integral algorithm identification information that also comprises the communication information and application, simultaneously, key that this messages application Kc or Kc derive and selected integral algorithm carry out integrity protection.
P-CSCF checks to the integrality of this message at first after receiving authentication response message from 2G user that integrity checking is inserted corresponding sign by the back in this message, this message is sent to S-CSCF through I-CSCF.If P-CSCF is checked through this message not by integrity protection, or does not carry out integrity protection, then directly abandon this message.
Step 106, after S-CSCF received authentication response message, that checks response SRES and self preservation in the authentication response message was used for whether this 2G user is carried out the value SRES of authentication identical, if identical, think that then this user is a validated user, promptly, notify this 2G subscription authentication success, and control this 2G user and insert IMS by authentication to this user, otherwise, think this 2G user not by authentication, notify this 2G subscription authentication failure, and refuse this 2G user and insert IMS.
Above-mentioned 2G user can use the terminal of 2G or 3G pattern, uses above-mentioned flow process in the network of 2G pattern.At this moment,, therefore, can use the mode of existing IP address binding once more communication is checked, thereby further strengthen the fail safe of network because the fail safe of 2G network itself is limited.Promptly after S-CSCF is to 2G subscription authentication success, S-CSCF obtains this user's the IMPI and the binding relationship of IP address once more from HSS, inspection is passed through air interface through User Identity and IP address that P-CSCF inserts from 2G user's, whether consistent with the User Identity of having bound and the IP address of self preserving, if, think that just this 2G user is a validated user, and then control this 2G user and insert IMS, otherwise, refuse this 2G user and insert IMS, S-CSCF still can check user's authenticity by the mode of IP address binding in the communication process of back in addition.In the process of above-mentioned authentication once more, the message that air interface transmitted is carried out integrity protection by key K c.
Authentication can be to be triggered by user side, i.e. the user of said process description initiatively sends registration message, also can be by network-triggered, and promptly network sends this user of message informing needs authentication, and so at this moment the user also sends registration message, and follow-up flow process is identical.
Above-mentioned 2G user can also use the terminal of 3G pattern, use above-mentioned flow process in the network of 3G pattern, is the 2G pattern except subscriber card promptly, and all the other are the equipment and the system of 3G pattern.At this moment, the terminal of a need 3G pattern and the S-CSCF among the IMS or P-CSCF are converted into the key IK and the CK that use among the 3G with the key K c in the 2G system and get final product, and all the other steps are constant.That is to say, in step 104, after S-CSCF is converted to IK and CK with Kc, again through I-CSCF to P-CSCF send comprise RAND, IK and CK information the user is carried out the message of authentication, perhaps, after P-CSCF receives after this carries out the message of authentication to the user, at first according to the Kc information in this message Kc is converted to IK and CK, preserve IK and CK information again in this locality, send the authentication request message that comprises RAND information and the communication information and protection algorithm integrallty information to 2G user then; In step 105,2G user goes out Kc according to the RAND information calculations in the authentication request message that receives, Kc is converted to IK and CK after, again IK and CK are kept at this locality.
Comprise the access network type field in the registration request that 2G user sends in step 101, therefore, P-CSCF among the IMS and S-CSCF are according to the access network type field in the registration request, and just can judge the employed equipment of this 2G user is the equipment of 2G pattern or the equipment in the 3G pattern.
Because HSS and HLR are compatible, so HSS and HLR can be an entity, be respectively user's service of 3G and 2G, also can be different entities, be user's service of 3G and 2G.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1, a kind of 2G user inserts the method for IP-based IP multimedia subsystem, IMS, after the authentication of 2G user by the packet domain of 3GPP, it is characterized in that this method is further comprising the steps of:
After a, 2G user place terminal were converted to the IMPI that IMS can discern with self IMSI, the S-CSCF in IMS sent the registration request that comprises IMPI information;
B, S-CSCF receive user's register request message, judge the sign of integrity protection, if for being and the user registers, return the successful response message of registration then directly for this user, and control this 2G user and insert IMS, otherwise, send authentication request to this 2G user;
After c, 2G user receive this authentication request, produce a response, and this response returned to S-CSCF, S-CSCF judge this response that receives with self in preserved be used for whether this 2G user is carried out the value of authentication identical, if, then control this 2G user and insert IMS, insert otherwise refuse this 2G user.
2, method according to claim 1 is characterized in that, the described S-CSCF of step b sends authentication request to 2G user and may further comprise the steps:
B1, S-CSCF judge the local authentication vector information whether this 2G user is arranged, if having, and direct execution in step b3 then, otherwise, send the message of this 2G subscription authentication Vector Message of request that comprises IMPI, execution in step b2 then to HSS;
After b2, HSS are converted to IMSI with this 2G user's IMPI, HLR in the 2G system inquires about this 2G user's authentication vector, the authentication vector information that comprises RAND, SRES and Kc information from HLR that will receive then returns to S-CSCF, and S-CSCF preserves the authentication vector information that receives;
B3, S-CSCF to P-CSCF send comprise RAND and Kc information the user is carried out the information of authentication; P-CSCF is kept at this locality with the Kc information in the message, and the authentication request information that will comprise the RAND information and the communication information and protection algorithm integrallty information then sends to this 2G user.
3, method according to claim 2 is characterized in that,
The described 2G user of step c receives this authentication request, produce a response after, further comprise:
2G user goes out Kc according to the RAND information calculations in the authentication request message that receives, and Kc is kept at this locality;
Step c is described to return to S-CSCF with this response and may further comprise the steps:
C1,2G user are included in the response that self produces and the communication information and protection algorithm integrallty information in the authentication request response message and send to P-CSCF;
C2, P-CSCF carry out integrity checking to the authentication request response message that receives, if by checking, insert corresponding sign in this message, the authentication request response message after will indicating again sends to S-CSCF.
4, method according to claim 1 is characterized in that, the described S-CSCF of step b sends authentication request to 2G user and may further comprise the steps:
B1, S-CSCF send the message of this 2G subscription authentication Vector Message of request that comprises IMPI to HSS;
After b2, HSS were converted to IMSI with this 2G user's IMPI, the HLR in the 2G system inquired about this 2G user's authentication vector, and the authentication vector information that comprises RAND, SRES and Kc information from HLR that will receive then returns to S-CSCF;
B3, S-CSCF preserve the authentication vector information receive, and after Kc is converted to IK and CK, to P-CSCF send comprise RAND, IK and CK information the user is carried out the information of authentication; P-CSCF is kept at this locality with IK in the message and CK information, and the authentication request information that will comprise the RAND and the communication information and protection algorithm integrallty information then sends to this 2G user.
5, method according to claim 1 is characterized in that, the described S-CSCF of step b sends authentication request to 2G user and may further comprise the steps:
B1, S-CSCF send the message of this 2G subscription authentication Vector Message of request that comprises IMPI to HSS;
After b2, HSS were converted to IMSI with this 2G user's IMPI, the HLR in the 2G system inquired about this 2G user's authentication vector, and the authentication vector information that comprises RAND, SRES and Kc information from HLR that will receive then returns to S-CSCF;
B3, S-CSCF preserve the authentication vector information receive, to P-CSCF send comprise RAND and Kc information the user is carried out the information of authentication; Kc in the message is converted to IK to P-CSCF and CK information is kept at this locality, and the authentication request information that will comprise the RAND information and the communication information and protection algorithm integrallty information then sends to this 2G user.
6, according to claim 4 or 5 described methods, it is characterized in that,
The described 2G user of step c receives this authentication request, produce a response after, further comprise:
2G user goes out Kc according to the RAND information calculations in the authentication request message that receives, and after Kc is converted to IK and CK, IK and CK information is kept at this locality;
Step c is described to return to S-CSCF with this response and may further comprise the steps:
C1,2G user are included in the response that self produces and the communication information and protection algorithm integrallty information in the authentication request response message and send to P-CSCF;
C2, P-CSCF carry out integrity checking to the authentication request response message that receives, if by checking, insert corresponding sign in this message, the authentication request response message after will indicating again sends to S-CSCF.
7, method according to claim 1, it is characterized in that, the registration request that the described 2G user of step a place terminal is initiated is transmitted through P-CSCF, and described 2G user also comprises the field that identifies access network type in the registration request that S-CSCF sends, P-CSCF and S-CSCF judge that according to the field of the sign access network type in the register request message the applied terminal of this 2G user is 2G mode terminal or 3G mode terminal.
8, method according to claim 3, it is characterized in that, S-CSCF judge this response that receives with self in preserved be used for to this 2G user carry out the value of authentication identical after, this method further comprises: S-CSCF obtains 2G user's MSISDN from HSS, the binding relationship of IMPI and IP address, inspection is from 2G user's the identify label of passing through the 2G user that air interface inserts through P-CSCF, IP address and the identify label of having bound of self preserving, whether the IP address is consistent, if, then control this 2G user and insert, insert otherwise refuse this 2G user.
9, method according to claim 8 is characterized in that, described 2G user and P-CSCF carry out integrity protection through the message of air interface by the key that Kc or Kc derive.
10, method according to claim 1 is characterized in that, the registration request that the described 2G user of step a place terminal is initiated is by user side or network-triggered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100371972A CN100550728C (en) | 2004-06-08 | 2004-06-08 | 2G user inserts the method for IP-based IP multimedia subsystem, IMS |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100371972A CN100550728C (en) | 2004-06-08 | 2004-06-08 | 2G user inserts the method for IP-based IP multimedia subsystem, IMS |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1708006A true CN1708006A (en) | 2005-12-14 |
| CN100550728C CN100550728C (en) | 2009-10-14 |
Family
ID=35581669
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100371972A Expired - Fee Related CN100550728C (en) | 2004-06-08 | 2004-06-08 | 2G user inserts the method for IP-based IP multimedia subsystem, IMS |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100550728C (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007076729A1 (en) * | 2006-01-06 | 2007-07-12 | Huawei Technologies Co., Ltd. | A handover method for the mobile user as well as the device and the communication system and the evolution network device |
| WO2007124659A1 (en) * | 2006-04-26 | 2007-11-08 | Huawei Technologies Co., Ltd. | A method, device and system for implimenting sessions overlapping |
| WO2008037196A1 (en) * | 2006-09-30 | 2008-04-03 | Huawei Technologies Co., Ltd. | The method, system and device for authenticating in ims |
| CN100396160C (en) * | 2006-01-10 | 2008-06-18 | 华为技术有限公司 | Method for logging mobile terminal in dual modes, and mobile communication network |
| CN100428755C (en) * | 2006-01-24 | 2008-10-22 | 华为技术有限公司 | Method and system for circuit domain terminal to realize business self-aid |
| CN100488314C (en) * | 2007-01-24 | 2009-05-13 | 中兴通讯股份有限公司 | A method for restricting the access of the user terminal in the 3G network |
| WO2009097749A1 (en) * | 2008-01-31 | 2009-08-13 | Huawei Technologies Co., Ltd. | A method, system and apparatus for protecting user from cheat by home nodeb |
| CN101277184B (en) * | 2007-03-30 | 2010-11-24 | 展讯通信(上海)有限公司 | Message structure compatible with 3GPP protocol and communication method thereof |
| CN101193426B (en) * | 2006-11-24 | 2010-12-01 | 中兴通讯股份有限公司 | Method for protecting integrity of communication system access |
| CN1866823B (en) * | 2006-02-08 | 2011-05-04 | 华为技术有限公司 | Authentication method, device and system in IMS network |
| CN101009691B (en) * | 2006-01-24 | 2011-12-14 | 朗迅科技公司 | Convergence service control system and method for IMS network and old network |
| CN101536409B (en) * | 2006-11-13 | 2011-12-14 | 艾利森电话股份有限公司 | Method and arrangement in an internet protocol multimedia subsystem |
| CN102833820A (en) * | 2012-08-20 | 2012-12-19 | 中国联合网络通信集团有限公司 | Internet protocol multimedia subsystem (IMS) access processing method, universal user identification module and terminal equipment |
| CN104066086A (en) * | 2014-06-30 | 2014-09-24 | 中国联合网络通信集团有限公司 | Method and device for voice communication |
| CN112236770A (en) * | 2018-06-11 | 2021-01-15 | Arm有限公司 | Data processing |
-
2004
- 2004-06-08 CN CNB2004100371972A patent/CN100550728C/en not_active Expired - Fee Related
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007076729A1 (en) * | 2006-01-06 | 2007-07-12 | Huawei Technologies Co., Ltd. | A handover method for the mobile user as well as the device and the communication system and the evolution network device |
| CN100396160C (en) * | 2006-01-10 | 2008-06-18 | 华为技术有限公司 | Method for logging mobile terminal in dual modes, and mobile communication network |
| CN100428755C (en) * | 2006-01-24 | 2008-10-22 | 华为技术有限公司 | Method and system for circuit domain terminal to realize business self-aid |
| CN101009691B (en) * | 2006-01-24 | 2011-12-14 | 朗迅科技公司 | Convergence service control system and method for IMS network and old network |
| CN1866823B (en) * | 2006-02-08 | 2011-05-04 | 华为技术有限公司 | Authentication method, device and system in IMS network |
| WO2007124659A1 (en) * | 2006-04-26 | 2007-11-08 | Huawei Technologies Co., Ltd. | A method, device and system for implimenting sessions overlapping |
| WO2008037196A1 (en) * | 2006-09-30 | 2008-04-03 | Huawei Technologies Co., Ltd. | The method, system and device for authenticating in ims |
| CN101536409B (en) * | 2006-11-13 | 2011-12-14 | 艾利森电话股份有限公司 | Method and arrangement in an internet protocol multimedia subsystem |
| CN101193426B (en) * | 2006-11-24 | 2010-12-01 | 中兴通讯股份有限公司 | Method for protecting integrity of communication system access |
| CN100488314C (en) * | 2007-01-24 | 2009-05-13 | 中兴通讯股份有限公司 | A method for restricting the access of the user terminal in the 3G network |
| CN101277184B (en) * | 2007-03-30 | 2010-11-24 | 展讯通信(上海)有限公司 | Message structure compatible with 3GPP protocol and communication method thereof |
| WO2009097749A1 (en) * | 2008-01-31 | 2009-08-13 | Huawei Technologies Co., Ltd. | A method, system and apparatus for protecting user from cheat by home nodeb |
| CN102833820A (en) * | 2012-08-20 | 2012-12-19 | 中国联合网络通信集团有限公司 | Internet protocol multimedia subsystem (IMS) access processing method, universal user identification module and terminal equipment |
| CN104066086A (en) * | 2014-06-30 | 2014-09-24 | 中国联合网络通信集团有限公司 | Method and device for voice communication |
| CN104066086B (en) * | 2014-06-30 | 2017-10-27 | 中国联合网络通信集团有限公司 | The method and device of voice communication |
| CN112236770A (en) * | 2018-06-11 | 2021-01-15 | Arm有限公司 | Data processing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100550728C (en) | 2009-10-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1642083A (en) | Network side anthority-discrimination-mode selecting method | |
| CN1708006A (en) | Method for switching in multimedia subsystem based on IP by user | |
| US8250634B2 (en) | Systems, methods, media, and means for user level authentication | |
| US8406800B2 (en) | Method and device for establishing an inter-radio frequency subsystem interface (ISSI) unit-to-unit call | |
| CN1802016A (en) | Method for carrying out authentication on user terminal | |
| US20070189215A1 (en) | Method for reducing interface load of home subscriber server | |
| CN1642346A (en) | Method for user to register on belonging signatory user's service device | |
| CN100382503C (en) | Registration abnormity handling method in user registration course | |
| CN101444062A (en) | System and method for carrying trusted network provided access network information in session initiation protocol | |
| CN101517960A (en) | Method, system and device for applying IMS communication service identification in communication system | |
| US8265622B2 (en) | Method and saving entity for setting service | |
| CN101529883B (en) | System and method to provide combinational services to anonymous callers | |
| US8661517B2 (en) | Method and system for accessing network through public equipment | |
| EP2569998B1 (en) | Enabling set up of a connection from a non-registered UE in IMS | |
| CN101115232A (en) | Roaming control method and system for accessing to IP multimedia subsystem network through SBC | |
| CN101325759B (en) | Method and system for accessing IMS early authentication for subscriber terminal | |
| CN1294722C (en) | Method of selecting right identification mode at network side | |
| CN101841801A (en) | Methods and systems for registration and communication in IMS network and user terminal | |
| CN1780482A (en) | Method for ensuring information conformity after functional module re-start by calling session control | |
| CN103581112B (en) | Subscriber exchange accesses method for authenticating and the device of internet protocol multimedia subsystem network | |
| CN100562019C (en) | Operation processing method in the IP Multimedia System and home signature user server | |
| CN100388662C (en) | Method for preventing user with 3G ability from using transition right-identification mode | |
| CN1812322A (en) | Right discriminating system and processing method | |
| CN1764140A (en) | Method for realizing application server communication | |
| CN100452738C (en) | Method for processing IMS session and module with query calling session controlling function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091014 Termination date: 20210608 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |