CN1893722A - Method for binding IP multi-media subsystem authentication and acess-in layer authentication - Google Patents

Method for binding IP multi-media subsystem authentication and acess-in layer authentication Download PDF

Info

Publication number
CN1893722A
CN1893722A CNA2005100932168A CN200510093216A CN1893722A CN 1893722 A CN1893722 A CN 1893722A CN A2005100932168 A CNA2005100932168 A CN A2005100932168A CN 200510093216 A CN200510093216 A CN 200510093216A CN 1893722 A CN1893722 A CN 1893722A
Authority
CN
China
Prior art keywords
cscf
authentication
information
message
hss
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2005100932168A
Other languages
Chinese (zh)
Other versions
CN100442926C (en
Inventor
严军
王樱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CNB2005100932168A priority Critical patent/CN100442926C/en
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN200680010294.XA priority patent/CN101151869B/en
Priority to DE602006011282T priority patent/DE602006011282D1/en
Priority to BRPI0612687-1A priority patent/BRPI0612687B1/en
Priority to EP06753103A priority patent/EP1853032B1/en
Priority to PCT/CN2006/001569 priority patent/WO2007003140A1/en
Priority to AT06753103T priority patent/ATE453282T1/en
Publication of CN1893722A publication Critical patent/CN1893722A/en
Priority to US11/842,668 priority patent/US7974604B2/en
Application granted granted Critical
Publication of CN100442926C publication Critical patent/CN100442926C/en
Priority to US13/092,413 priority patent/US8364121B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The method includes steps: after receiving logging on message sent from UE, P-CSCF determines CLF based on information in logging on message; P-CSCF queries UE information attached to access network from CLF so as to obtain queried result, and sends logging on message of carrying queried result to I-CSCF; I-CSCF forwards the logging on message to S-CSCF informed by home subscriber server (HSS); based on authorization mode bound between authorization in service layer and authorization in access layer obtained from HSS, S-CSCF carries out authorization for UE so as to obtain result of authorization and sends the result to UE. The invention possesses rationality: HSS decides authorization mode of user; and S-CSCF accomplishes procedure of authorization. Advantages are: small change for IMS AKA flow, and easy of implementation.

Description

The method of a kind of IP Multimedia System authentication and acess-in layer authentication binding
Technical field
The present invention relates in the IP multimedia service sub-network (IMS) to the technical field of subscriber terminal authority the method for particularly a kind of IP Multimedia System authentication and acess-in layer authentication binding.
Background technology
In fixing (NGN) network of future generation and mobile network, network can be divided into access network and business network usually.The user is linked on the IP network by the access network of access network operator, and then enjoys different business by the business network of one or more business network operator, for example business such as voice, video, Streaming Media.
When if access network and business network do not belong to same operator, access network is separate to user's authentication and business network to user's authentication.In such cases, a user needs authentication twice usually if will enjoy certain business, once is the authentication of Access Layer, and the user can be linked into the NGN network after by the authentication of Access Layer; Another time is the authentication of operation layer, and the user can enjoy the business that this business network provides after by the operation layer authentication.
When if business network and access network belong to same operator, when perhaps having certain cooperative relationship between business network operator and the access network operator, under some networking situation, business network operator can bind the authentication of operation layer with the authentication of Access Layer, promptly after the user passes through acess-in layer authentication, just think that this user is safe, no longer needs to carry out the authentication of operation layer.
(IP Multimedia Core Network Subsystem, IMS) in the Access Layer, general key agreement (AKA) flow process that authenticates based on IMS of using realizes the authentication of IMS operation layer to the user in existing IP multimedia service sub-network.
With reference to figure 1, the AKA flow process may further comprise the steps:
Step 101, (User Equipment, UE) (Proxy-Call Session Control Function P-CSCF) sends logon message Register to user terminal to proxy call conversation control function entity.
Step 102, P-CSCF is as Session initiation Protocol (Session Initial Protocol, SIP) acting server, with the logon message Register of UE be transmitted to the enquiry call conversation control function entity (Interrogaing-Call Session Control Function, I-CSCF).
Step 103, I-CSCF is with home subscriber server (Home Subscribe Server, HSS) select corresponding service call session control function entity (Service-Call Session Control Function by Cx-Selection-Info message between, S-CSCF), be that I-CSCF sends request to HSS, the user property of searching among the HSS determines which S-CSCF to handle this logon message by.
Step 104, I-CSCF is transmitted to the logon message Register of UE and determines S-CSCF in the step 103.
Step 105 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 106, S-CSCF sends AV-Req message, the authentication vector of asking this user to HSS.
Step 107, HSS sends AV-Req-Resp message to S-CSCF, and the authentication vector with this user sends to S-CSCF.
Step 108, S-CSCF judges this user and need carry out authentication according to authentication vector that obtains in step 107 and the logon message of UE, sends 4xx Auth_Challenge message to I-CSCF then, expression need be carried out authentication, and carries the information relevant with authentication.Wherein 4xx represents a class mistake, and xx represents a numeral from 00~99.
Step 109, I-CSCF sends to P-CSCF with described 4xx Auth_Challenge message.
Step 110, P-CSCF sends to UE with described 4xx Auth_Challenge message.
Step 111 after UE receives described 4xx Auth_Challenge message, send new logon message Register to P-CSCF again, and this Register carries parameters for authentication.
Step 112, P-CSCF sends to I-CSCF with the logon message Register of UE.
Step 113, after I-CSCF receives described logon message Register, and determine by Cx-Query this UE logon message handles for which S-CSCF between the HSS, be that I-CSCF handles for which S-CSCF to HSS inquiring user logon message, HSS informs that according to the S-CSCF indication information of preserving I-CSCF handles the S-CSCF of this user's logon message.
Step 114, I-CSCF is transmitted to the S-CSCF that step 113 is determined with logon message Register.
Step 115 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS is at this S-CSCF.
Step 116, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 117, S-CSCF carries out authentication according to described user's subscription data information and the parameters for authentication among the UE logon message Register.If the authentication success, S-CSCF sends 2xxAuth_OK message to I-CSCF, and expression is succeeded in registration, and wherein 2xx represents successfully corresponding message, and xx is a numeral of 00~99.If failed authentication, then S-CSCF sends the message of expression failed authentication to I-CSCF.
Step 118, if the authentication success, I-CSCF sends to P-CSCF with above-mentioned 2xx Auth_OK message.If failed authentication, then I-CSCF sends to P-CSCF with the message of above-mentioned expression failed authentication.
Step 119, if the authentication success, P-CSCF sends to UE with above-mentioned 2xx Auth_OK message.If failed authentication, then P-CSCF sends to UE with the message of above-mentioned expression failed authentication.
France Telecom has proposed the scheme of a kind of IMS of realization operation layer authentication and acess-in layer authentication binding on telecommunications and the Internet converged services and six meeting interim meetings of high-level network protocol (TISPAN 6bis).This scheme is at Network Attachment Subsystem (Network Attach Sub System, NASS) (the Connection Location Function of the link position functional entity in, CLF) preserve the IP address of UE and the binding logo of the corresponding relation that inserts user ID (subscription-id) and this UE operation layer authentication and acess-in layer authentication binding on, wherein each connection of user all has one to insert user ID.
With reference to figure 2, the roughly flow process of this scheme is as follows:
Step 201, UE sends logon message Register to P-CSCF.
Step 202, the information of adhering to that P-CSCF inquires about UE according to the source IP address of logon message to CLF, adhering to has the access of UE user ID in the information, and the indication of operation layer authentication and Access Layer binding.
Step 203, private user identity in the access user ID of P-CSCF comparison UE and the logon message in the authentication header field, if both unanimities, the success of IMS operation layer authentication then is described, execution in step 205 and subsequent step thereof, otherwise failed authentication execution in step 204 sends failed authentication message 403Forbidden to UE.
Step 205, whether successfully P-CSCF continues the logon message Register of UE is transmitted to I-CSCF, carry authentication indication in the message.
Step 206, I-CSCF selects corresponding S-CSCF with between the HSS by Cx-Selection-Info message, and promptly I-CSCF sends request to HSS, and the user property of searching among the HSS determines which S-CSCF to handle this logon message by.
Step 207, I-CSCF sends to logon message Register and determines S-CSCF in the step 206.
Step 208, after S-CSCF confirms user registration success, there is not to ask to HSS again user's authentication vector, but pass through Cx-Put message between direct and the HSS, upgrade the S-CSCF indication information on the HSS, inform that the follow-up processing of this user of HSS carries out at this S-CSCF, and and HSS between subscription data by Cx-Pull message download user.
Step 209, S-CSCF returns 2xx message to I-CSCF, the success of expression authentication.
Step 210, I-CSCF sends to P-CSCF with described 2xx authentication success message.
Step 211, P-CSCF sends to UE with described 2xx authentication success message.
In the technique scheme, the private user identity that carries among the requirement registration message Register is consistent with user's access user ID, be that the private user identity of operation layer and the user ID of Access Layer are same signs, but under a lot of situations, business network operator and access network operator are not same operator, and they use identical sign meeting limiting network application flexibility mandatory requirement.In the indication operation layer authentication and the Access Layer binding in the subsystem of adhering to of network access layer, also be irrational, should indicate by relevant device in the operation layer (as HSS), access layer network only is responsible for providing relevant information.Finishing authentication work by P-CSCF, also is irrational, and reasonable manner should be the authentication work that the S-CSCF of ownership place finishes operation layer, same the information that need be responsible for providing authentication relevant of P-CSCF.
Summary of the invention
In view of this, the objective of the invention is to propose a kind of method of binding by the IP Multimedia System authentication and the acess-in layer authentication of operation layer decision subscription authentication mode.
According to above-mentioned purpose, the invention provides the method for a kind of IP Multimedia System authentication and acess-in layer authentication binding, this method may further comprise the steps: after A.P-CSCF receives the logon message that UE sends, determine CLF according to information in information in the described logon message and the logon message that sets in advance and the corresponding relation of CLF;
B.P-CSCF obtains Query Result to the information of adhering to of described CLF inquiry UE in Access Network, and the logon message that will carry described Query Result sends to I-CSCF;
C.I-CSCF is transmitted to the S-CSCF that HSS informs with described logon message;
D.S-CSCF carries out authentication to UE and obtains authenticating result, and described authenticating result is sent to UE according to the authentication mode of operation layer authentication of obtaining from HSS and acess-in layer authentication binding.
In such scheme, further comprise before the steps A: A1.UE sends logon message to S-CSCF; A2.S-CSCF asks the authentication vector of described UE to HSS; A3.HSS judges that according to preset user authentication subscription data whether the authentication mode of described UE is operation layer authentication and acess-in layer authentication binding, and send the message that comprises described authentication mode to S-CSCF under the situation that is; A4.S-CSCF sends the message that comprises described authentication mode to UE; A5.UE sends new logon message to P-CSCF after receiving the described message that comprises authentication mode; Logon message described in steps A, step B and the step C is described new logon message.
In such scheme, further comprise before the step D: S-CSCF asks the authentication vector of described UE to HSS; HSS judges that according to preset user authentication subscription data whether the authentication mode of described UE is operation layer authentication and acess-in layer authentication binding, and send the message that comprises described authentication mode to S-CSCF under the situation that is.
Described HSS judges according to preset user authentication subscription data whether the authentication mode of described UE is that the step that operation layer authentication and acess-in layer authentication are bound further comprises afterwards: the authentication mode at described UE is not under the situation of operation layer authentication and acess-in layer authentication binding, handles according to key agreement AKA flow process.
Information described in the steps A in the logon message is access carrier sign or described logon message source IP address.
Preferably, described logon message comprises the access user ID; In CLF, preserved the UE corresponding in advance and in Access Network, adhered to information with described access user ID; P-CSCF described in the step B comprises to the step that information obtains Query Result of adhering to of described CLF inquiry UE in Access Network: P-CSCF adheres to information to described CLF inquiry UE according to described access user ID in Access Network; In CLF, exist the IP address information corresponding with described access user ID adhere to information the time, CLF returns the Query Result that comprises described IP address information to P-CSCF, otherwise returns the Query Result that inquiry is failed to P-CSCF.
Preferably, described logon message comprises private user identity; In CLF, preserved the UE corresponding in advance and in Access Network, adhered to information with described private user identity; P-CSCF described in the step B comprises to the step that information obtains Query Result of adhering to of described CLF inquiry UE in Access Network: P-CSCF adheres to information to described CLF inquiry UE according to described private user identity in Access Network; In CLF, exist the IP address information corresponding with described private user identity adhere to information the time, CLF returns the Query Result that comprises described IP address information to P-CSCF, otherwise returns the Query Result that inquiry is failed to P-CSCF.
Step B comprises that further P-CSCF sends to the source IP address of the logon message received the step of I-CSCF; Step C comprises that further I-CSCF is transmitted to described logon message source IP address the step of described S-CSCF; Described in the step D UE being carried out the step that authentication obtains authenticating result comprises: when described Query Result comprises the IP address information, logon message source IP source address that the more described P-CSCF of S-CSCF is received and the IP address information in the described Query Result, if it is consistent, then obtain the authenticating result of authentication success, otherwise obtain the authenticating result of failed authentication; When described Query Result was query failure message, S-CSCF obtained the authenticating result of failed authentication.
Preferably, in CLF, preserved the UE corresponding in advance and in Access Network, adhered to information with the logon message source IP address; P-CSCF described in the step B comprises to the step that information obtains Query Result of adhering to of described CLF inquiry UE in Access Network: P-CSCF adheres to information to described CLF inquiry UE according to described logon message source IP address in Access Network; In CLF, exist the access subscriber association information corresponding with described logon message source IP address adhere to information the time, CLF returns the Query Result that comprises described access subscriber association information to P-CSCF, otherwise returns the Query Result that inquiry is failed to P-CSCF.
Described in the step D UE is carried out authentication and obtain further comprising before the authenticating result that S-CSCF obtains to be kept in advance the step of access subscriber association information of the binding of HSS from HSS; Described in the step D UE being carried out the step that authentication obtains authenticating result comprises: comprise when inserting subscriber association information at described Query Result, the access subscriber association information of the more described binding that obtains from HSS of S-CSCF and the access subscriber association information the described Query Result, if it is consistent, then obtain the authenticating result of authentication success, otherwise obtain the authenticating result of failed authentication; When described Query Result was query failure message, S-CSCF obtained the authenticating result of failed authentication.
In such scheme, described access subscriber association information is for inserting user ID, positional information or IP address information.
As can be seen, the present invention is by inserting the information of adhering among user ID, private user identity or the logon message source IP address inquiry CLF from such scheme, and by HSS decision user's authentication mode, and the judgement of carrying out the authentication success or not by S-CSCF.Unlike the prior art, the present invention compared with prior art by the HSS of operation layer decision user's authentication mode, finishes authentication process by S-CSCF, has more reasonability.And the present invention is according to access carrier mark location CLF, and adopts and insert user ID and adhere to information to the CLF inquiring user, do not require that the operation layer user ID is necessarily identical with the access user ID this moment.Consider the situation of actual networking simultaneously, reduction procedure, this programme is same support when service provider and access carrier are that same operator and IP address are planned preferably, when operation layer private user identity and access user ID are same, can locate CLF with the logon message source IP address, go the adhere to information of CLF inquiring user at access network with operation layer private user identity or logon message source IP address.And, in the S-CSCF authentication, the source IP address of the logon message that is received by the IP address information that relatively obtains from CLF inquiry and P-CSCF or the access subscriber association information that relatively obtains from the CLF inquiry and access subscriber association information from the binding of HSS acquisition, in both unanimities, obtain the result of authentication success, when both are inconsistent, obtain the result of failed authentication.Therefore this programme compared with prior art has more versatility and flexibility, the principle that on scheme, meets the operation layer authentication, implementation is more reasonable, have more logicality, technical scheme of the present invention in addition is less to the change of existing IMS AKA flow process, the flow process basically identical, just the variation of parameters for authentication and the easier fusion of flow process of existing IMS AKA have the advantage of easy realization.
Description of drawings
Fig. 1 is the schematic flow sheet of AKA authentication mechanism;
Fig. 2 is the schematic flow sheet of prior art;
Fig. 3 a and Fig. 3 b are the schematic flow sheet of first embodiment of the invention;
Fig. 4 a and Fig. 4 b are the schematic flow sheet of second embodiment of the invention;
Fig. 5 a and Fig. 5 b are the schematic flow sheet of third embodiment of the invention;
Fig. 6 a and Fig. 6 b are the schematic flow sheet of fourth embodiment of the invention;
Fig. 7 a and Fig. 7 b are the schematic flow sheet of fifth embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in more detail by the following examples.
The first embodiment of the present invention has provided the method for a kind of IMS operation layer authentication and acess-in layer authentication binding based on the AKA flow process.Among first embodiment, preserve user's authentication subscription data in advance at HSS, the authentication subscription data shows whether this user's authentication mode is operation layer authentication and acess-in layer authentication binding.
With reference to figure 3a and Fig. 3 b, the flow process of first embodiment is as follows:
Step 301, UE sends logon message Register to P-CSCF.
Step 302, P-CSCF is transmitted to I-CSCF with the logon message Register of UE.
Step 303, I-CSCF selects corresponding S-CSCF with between the HSS by Cx-Selection-Info message, and promptly I-CSCF sends request to HSS, and the user property of searching among the HSS determines which S-CSCF to handle this logon message by.
Step 304, I-CSCF is transmitted to the logon message Register of UE and determines S-CSCF in the step 303.
Step 305 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 306, S-CSCF sends AV-Req message, the authentication vector of asking this user to HSS.
Step 307, HSS checks user's authentication subscription data, whether the authentication mode of judging this user according to the authentication subscription data is operation layer authentication and acess-in layer authentication binding, if then execution in step 308 and subsequent step thereof, otherwise the step 107 of carrying out the AKA flow process is carried out general authorizing procedure to step 119.
Step 308, HSS sends AV-Req-Resp message to S-CSCF, and different with the authentication vector that sends in the prior art, the authentication mode information with this user in this step sends to S-CSCF.
Step 309, S-CSCF is according to the authentication mode information that obtains in step 308, the authentication mode of learning this user is operation layer authentication and acess-in layer authentication binding, send 4xxAuth_Challenge message to I-CSCF then, and show that in the authentication header field of message authentication mode is operation layer authentication and acess-in layer authentication binding, promptly carries the authentication mode indication information.
Step 310, I-CSCF sends to P-CSCF with described 4xx Auth_Challenge message of carrying the authentication mode indication information.
Step 311, P-CSCF sends to UE with described 4xx Auth_Challenge message of carrying the authentication mode indication information.
At this moment because P-CSCF learns that according to this message authentication mode is the binding of operation layer authentication and acess-in layer authentication, so P-CSCF does not need to set up and UE between Security Association.
Step 312 after UE receives described 4xx Auth_Challenge message, sends logon message Register to P-CSCF again, and this message carries the access carrier sign and inserts user ID.
Step 313, P-CSCF determines CLF according to the corresponding relation between the sign of the operator in the logon message and operator's sign that sets in advance and the CLF.
Step 314, P-CSCF is according to the access user ID in the logon message, in the above among the CLF of Que Dinging inquiring user in the information of adhering to of Access Layer.Unlike the prior art be, preserved and inserted the data record of user ID corresponding attachment information among the CLF in advance, the described information of adhering to comprises IP address information, positional information etc., but does not comprise the binding logo of prior art.If should not insert the data record of user ID among the CLF, CLF can return the inquiry failure.
Step 315, P-CSCF will carry previous step rapid in this Register source IP address of being received of the logon message Register and the P-CSCF of Query Result send to I-CSCF.If the successful inquiring of front, the information of adhering to that then inquiry is obtained sends to I-CSCF; If the inquiry failure then reports query failure message to I-CSCF.
Step 316, determine by Cx-Query this UE logon message handles for which S-CSCF between I-CSCF and the HSS, be which S-CSCF processing I-CSCF inquires about this logon message to HSS, HSS informs that according to the S-CSCF indication information of preserving I-CSCF handles the S-CSCF of this logon message.
Step 317, I-CSCF will comprise this Register source IP address that the logon message Register and the P-CSCF of Query Result received and be transmitted to the S-CSCF that step 316 is determined.Described Query Result for inquiring about the information of adhering to that obtains, is the query failure message that reports when the inquiry failure when successful inquiring.
Step 318, Query Result for the inquiry obtain adhere to information the time, S-CSCF judges whether the source IP address of the logon message Register that P-CSCF receives is consistent with the described IP address information of adhering to the information that obtains from the CLF inquiry, if it is consistent, the authentication success then is described, execution in step 319 and follow-up flow process thereof promptly send the message of authentication success to UE; If inconsistent, failed authentication then is described, execution in step 331 and subsequent step thereof promptly send the message of failed authentication to UE.
When Query Result is the query failure message that reports, failed authentication also is described, execution in step 331 and subsequent step thereof promptly send the message of failed authentication to UE.
Step 319 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 320, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 321, S-CSCF sends 2xx Auth_OK message to I-CSCF, the success of expression authentication.
Step 322, I-CSCF sends to P-CSCF with above-mentioned 2xx Auth_OK message.
Step 323, P-CSCF sends to UE with above-mentioned 2xx Auth_OK message.
Step 331 shown in Fig. 3 b by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 332, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 333, S-CSCF represents failed authentication to the message that I-CSCF sends failed authentication.
Step 334, I-CSCF sends to P-CSCF with the message of above-mentioned failed authentication.
Step 335, P-CSCF sends to UE with the message of above-mentioned failed authentication.
When access network operator and business network operator are same operator, because inserting user ID is identical with private user identity, can not issue the access carrier sign among the NASS and insert user ID to UE, can adopt the method for second embodiment shown in Fig. 4 a and Fig. 4 b, second embodiment is the simplified way of first embodiment, in a second embodiment, source IP address by Register is discerned access carrier and CLF, and inquires about the adhere to information of UE at Access Layer according to the private user identity of IMS operation layer at CLF.The same with first embodiment, preserve user's authentication subscription data in advance at HSS, the authentication subscription data shows whether this user's authentication mode is operation layer authentication and acess-in layer authentication binding.
With reference to Fig. 4 a and Fig. 4 b, second embodiment may further comprise the steps:
Wherein, step 401 is identical to step 311 with step 301 among first embodiment to step 411.
Step 401, UE sends logon message Register to P-CSCF.
Step 402, P-CSCF is transmitted to I-CSCF with the logon message Register of UE.
Step 403, I-CSCF selects corresponding S-CSCF with between the HSS by Cx-Selection-Info message, and promptly I-CSCF sends request to HSS, and the user property of searching among the HSS determines which S-CSCF to handle this logon message by.
Step 404, I-CSCF is transmitted to the logon message Register of UE and determines S-CSCF in the step 403.
Step 405 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 406, S-CSCF sends AV-Req message, the authentication vector of asking this user to HSS.
Step 407, HSS checks user's authentication subscription data, whether the authentication mode of judging this user according to the authentication subscription data is operation layer authentication and acess-in layer authentication binding, if then execution in step 408 and subsequent step thereof, otherwise the step 107 of carrying out the AKA flow process is carried out general authorizing procedure to step 119.
Step 408, HSS sends AV-Req-Resp message to S-CSCF, and different with the authentication vector that sends in the prior art, the authentication mode information with this user in this step sends to S-CSCF.
Step 409, S-CSCF is according to the authentication mode information that obtains in step 408, the authentication mode of learning this user is operation layer authentication and acess-in layer authentication binding, send 4xxAuth_Challenge message to I-CSCF then, and show that in the authentication header field of message authentication mode is operation layer authentication and acess-in layer authentication binding, promptly carries the authentication mode indication information.
Step 410, I-CSCF sends to P-CSCF with described 4xx Auth_Challenge message of carrying the authentication mode indication information.
Step 411, P-CSCF sends to UE with described 4xx Auth_Challenge message of carrying the authentication mode indication information.
At this moment because P-CSCF learns that according to this message authentication mode is the binding of operation layer authentication and Access Layer, so P-CSCF does not need to set up and UE between Security Association (SA).
Step 412, after UE receives described 4xx Auth_Challenge message, again send logon message Register to P-CSCF, different with first embodiment is, this message does not need to carry the access carrier sign and inserts user ID, carry private user identity described in the prior art but adopt in the authentication header field, this is identified in the existing IMS AKA flow process existing.
Step 413, P-CSCF determines CLF according to the source IP address of logon message and the corresponding relation between source IP address that sets in advance and the CLF.
Step 414, P-CSCF is according to the private user identity in the logon message authentication header field, in the above among the CLF of Que Dinging inquiring user in the information of adhering to of Access Layer.Preserved the data record with private user identity corresponding attachment information among the CLF in advance, the described information of adhering to comprises IP address information, positional information etc., but does not comprise binding logo of the prior art.If the data record of this private user identity not among the CLF, CLF can return the inquiry failure.
Following step 415 is identical to step 323 with step 315 among first embodiment to step 423.
Step 415, P-CSCF will carry previous step rapid in this Register source IP address of being received of the logon message Register and the P-CSCF of Query Result send to I-CSCF.If the successful inquiring of front, the information of adhering to that then inquiry is obtained sends to I-CSCF; If the inquiry failure then reports query failure message to I-CSCF.
Step 416, determine by Cx-Query this UE logon message handles for which S-CSCF between I-CSCF and the HSS, be which S-CSCF processing I-CSCF inquires about this logon message to HSS, HSS informs that according to the S-CSCF indication information of preserving I-CSCF handles the S-CSCF of this logon message.
Step 417, I-CSCF will comprise the Register source IP address that the logon message Register and the P-CSCF of Query Result received and be transmitted to the S-CSCF that step 416 is determined.Described Query Result for inquiring about the information of adhering to that obtains, is the query failure message that reports when the inquiry failure when successful inquiring.
Step 418, Query Result for the inquiry obtain adhere to information the time, S-CSCF judges whether the source IP address of the logon message Register that P-CSCF receives is consistent with the described IP address information of adhering to the information that obtains from the CLF inquiry, if it is consistent, the authentication success then is described, execution in step 419 and follow-up flow process thereof promptly send the message of authentication success to UE; If inconsistent, failed authentication then is described, execution in step 431 and subsequent step thereof promptly send the message of failed authentication to UE.
When Query Result is the query failure message that reports, failed authentication also is described, execution in step 331 and subsequent step thereof promptly send the message of failed authentication to UE.
Step 419 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 420, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 421, S-CSCF sends 2xx Auth_OK message to I-CSCF, the success of expression authentication.
Step 422, I-CSCF sends to P-CSCF with above-mentioned 2xx Auth_OK message.
Step 423, P-CSCF sends to UE with above-mentioned 2xx Auth_OK message.
Step 431 shown in Fig. 4 b by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 432, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 433, S-CSCF represents failed authentication to the message that I-CSCF sends failed authentication.
Step 434, I-CSCF sends to P-CSCF with the message of above-mentioned failed authentication.
Step 435, P-CSCF sends to UE with the message of above-mentioned failed authentication.
In the method for first embodiment and second embodiment, UE is after operation layer authentication and acess-in layer authentication are bound obtaining authentication mode, just sends the logon message that carries operator's sign and insert user ID.In the third embodiment of the present invention, UE sends the logon message that carries operator's sign and insert user ID at the very start.The same with first embodiment, second embodiment, preserve user's authentication subscription data among the 3rd embodiment in advance at HSS, the authentication subscription data shows whether this user's authentication mode is operation layer authentication and acess-in layer authentication binding.
With reference to figure 5a and Fig. 5 b, the flow process of second embodiment is as follows:
Step 501, UE sends logon message Register to P-CSCF, and this message carries the access carrier sign and inserts user ID.
Step 502, P-CSCF determines CLF according to the corresponding relation between the sign of the access carrier in the logon message and access carrier sign that sets in advance and the CLF.
Step 503, P-CSCF is according to the access user ID in the logon message, in the above among the CLF of Que Dinging inquiring user in the information of adhering to of Access Layer.Preserved the data record with private user identity corresponding attachment information among the CLF in advance, the described information of adhering to comprises IP address information, positional information etc., but does not comprise binding logo of the prior art.If should not insert the data record of user ID among the CLF, CLF can return the inquiry failure.
Step 504, P-CSCF will carry previous step rapid in this logon message source IP address of being received of the logon message Register and the P-CSCF of Query Result send to I-CSCF.If the successful inquiring of front, the information of adhering to that then inquiry is obtained sends to I-CSCF; If the inquiry failure then reports query failure message to I-CSCF.
Step 505, I-CSCF selects corresponding S-CSCF with between the HSS by Cx-Selection-Info message, and promptly I-CSCF sends request to HSS, and the user property of searching among the HSS determines which S-CSCF to handle this logon message by.
Step 506, I-CSCF will comprise that the logon message source IP address that the logon message Register and the P-CSCF of above-mentioned Query Result are received is transmitted to the S-CSCF that step 505 is determined.Described Query Result for inquiring about the information of adhering to that obtains, is the query failure message that reports when the inquiry failure when successful inquiring.
Step 507 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 508, S-CSCF sends AV-Req message, the authentication vector of asking this user to HSS.
Step 509, HSS checks user's authentication subscription data, whether the authentication mode of judging this user according to the authentication subscription data is operation layer authentication and acess-in layer authentication binding, if then execution in step 510 and subsequent step thereof, otherwise the step 107 of carrying out the AKA flow process is carried out general authorizing procedure to step 119.
Step 510, HSS sends AV-Req-Resp message to S-CSCF, and different with the authentication vector that sends in the prior art, the authentication mode information with this user in this step sends to S-CSCF.
Step 511, Query Result for the inquiry obtain adhere to information the time, S-CSCF judges whether the source IP address of the logon message Register that P-CSCF receives is consistent with the described IP address information of adhering to the information that obtains from the CLF inquiry, if it is consistent, the authentication success then is described, execution in step 512 and follow-up flow process thereof promptly send the message of authentication success to UE; If inconsistent, failed authentication then is described, execution in step 521 and subsequent step thereof promptly send the message of failed authentication to UE.
When Query Result is the query failure message that reports, failed authentication also is described, execution in step 521 and subsequent step thereof promptly send the message of failed authentication to UE.
Step 512 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 513, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 514, S-CSCF sends 2xx Auth_OK message to I-CSCF, the success of expression authentication.
Step 515, I-CSCF sends to P-CSCF with above-mentioned 2xx Auth_OK message.
Step 516, P-CSCF sends to UE with above-mentioned 2xx Auth_OK message.
Step 521 shown in Fig. 5 b by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 522, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 523, S-CSCF represents failed authentication to the message that I-CSCF sends failed authentication.
Step 524, I-CSCF sends to P-CSCF with the message of above-mentioned failed authentication.
Step 525, P-CSCF sends to UE with the message of above-mentioned failed authentication.
The same with second embodiment, when access network operator and business network operator are same operator, because inserting user ID is identical with private user identity, can not issue the access carrier sign among the NASS and insert user ID to UE, can adopt the method for the 4th embodiment shown in Fig. 6 a and Fig. 6 b, the 4th embodiment is the simplified way of the 3rd embodiment, in the 4th embodiment, source IP address by Register is discerned access carrier and CLF, and inquires about the adhere to information of UE at Access Layer according to the private user identity of IMS operation layer at CLF.The same with first embodiment, preserve user's authentication subscription data in advance at HSS, the authentication subscription data shows whether this user's authentication mode is operation layer authentication and acess-in layer authentication binding.
With reference to figure 6a and Fig. 6 b, the 4th embodiment may further comprise the steps:
Step 601, UE sends logon message Register to P-CSCF, and different with the 3rd embodiment is that this message does not need to carry the access carrier sign and inserts user ID, but carries private user identity described in the prior art in the authentication header field.
Step 602, P-CSCF determines CLF according to the source IP address of logon message and the corresponding relation between source IP address that sets in advance and the CLF.
Step 603, P-CSCF is according to the private user identity in the logon message authentication header field, in the above among the CLF of Que Dinging inquiring user in the information of adhering to of Access Layer.Preserved the data record with private user identity corresponding attachment information among the CLF in advance, the described information of adhering to comprises IP address information, positional information etc., but does not comprise binding logo of the prior art.If the data record of this private user identity not among the CLF, CLF can return the inquiry failure.
Following step 604 is identical to step 525 with step 504 among the 3rd embodiment to step 625.
Step 604, P-CSCF will carry previous step rapid in this logon message source IP address of being received of the logon message Register and the P-CSCF of Query Result send to I-CSCF.If the successful inquiring of front, the information of adhering to that then inquiry is obtained sends to I-CSCF; If the inquiry failure then reports query failure message to I-CSCF.
Step 605, I-CSCF selects corresponding S-CSCF with between the HSS by Cx-Selection-Info message, and promptly I-CSCF sends request to HSS, and the user property of searching among the HSS determines which S-CSCF to handle this logon message by.
Step 606, I-CSCF will comprise that this logon message source IP address that the logon message Register and the described P-CSCF of above-mentioned Query Result are received is transmitted to the S-CSCF that step 605 is determined.Described Query Result for inquiring about the information of adhering to that obtains, is the query failure message that reports when the inquiry failure when successful inquiring.
Step 607 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 608, S-CSCF sends AV-Req message, the authentication vector of asking this user to HSS.
Step 609, HSS checks user's authentication subscription data, whether the authentication mode of judging this user according to the authentication subscription data is operation layer authentication and acess-in layer authentication binding, if then execution in step 610 and subsequent step thereof, otherwise the step 107 of carrying out the AKA flow process is carried out general authorizing procedure to step 119.
Step 610, HSS sends AV-Req-Resp message to S-CSCF, and different with the authentication vector that sends in the prior art, the authentication mode information with this user in this step sends to S-CSCF.
Step 611, Query Result for the inquiry obtain adhere to information the time, S-CSCF judges whether the source IP address of the logon message Register that P-CSCF receives is consistent with the described IP address information of adhering to the information that obtains from the CLF inquiry, if it is consistent, the authentication success then is described, execution in step 612 and follow-up flow process thereof promptly send the message of authentication success to UE; If inconsistent, failed authentication then is described, execution in step 521 and subsequent step thereof promptly send the message of failed authentication to UE.
When Query Result is the query failure message that reports, failed authentication also is described, execution in step 621 and subsequent step thereof promptly send the message of failed authentication to UE.
Step 612 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 613, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 614, S-CSCF sends 2xx Auth_OK message to I-CSCF, the success of expression authentication.
Step 615, I-CSCF sends to P-CSCF with above-mentioned 2xx Auth_OK message.
Step 616, P-CSCF sends to UE with above-mentioned 2xx Auth_OK message.
Step 621 shown in Fig. 6 b by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 622, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 623, S-CSCF represents failed authentication to the message that I-CSCF sends failed authentication.
Step 624, I-CSCF sends to P-CSCF with the message of above-mentioned failed authentication.
Step 625, P-CSCF sends to UE with the message of above-mentioned failed authentication.
In the method for first embodiment to the, four embodiment, the source IP address of S-CSCF by the logon message Register that P-CSCF received relatively with inquire about the whether consistent authentication of carrying out of the IP address information that obtains from CLF, in the fifth embodiment of the present invention, the access subscriber association information of the binding of S-CSCF by being kept at HSS more in advance and carry out authentication from the access subscriber association information that the CLF inquiry obtains, wherein said access subscriber association information can be to insert user ID (access useridentity), positional information (location information), IP address informations etc. are example explanation implementation procedure to insert user ID here.Among the 5th embodiment, be that example explanation is determined CLF and from the process of CLF inquiring user related information with the logon message source IP address, but can find out, can use other parameters to realize this process, repeat no more here from the embodiment of front.
With reference to figure 7a and Fig. 7 b, the flow process of second embodiment is as follows:
Step 701, UE sends logon message Register to P-CSCF.
Step 702, P-CSCF determines CLF according to the source IP address of logon message and the corresponding relation between IP address that sets in advance and the CLF.
Step 703, P-CSCF is according to the source IP address of logon message, in the above the access user ID of inquiring user among the CLF of Que Dinging.Preserved the data record of adhering to information of the UE corresponding among the CLF in advance with source IP address.The described information of adhering to comprises the access subscriber association information at least, inserts subscriber association information here for inserting user ID.If the data record of this source IP address not among the CLF, CLF can return the inquiry failure.
Step 704, the logon message Register that P-CSCF will carry the rapid middle Query Result of previous step sends to I-CSCF.If the successful inquiring of front, the access user ID that then inquiry is obtained sends to I-CSCF as Query Result; If the inquiry failure then reports I-CSCF with query failure message as Query Result.
Step 705, I-CSCF selects corresponding S-CSCF with between the HSS by Cx-Selection-Info message, and promptly I-CSCF sends request to HSS, searches the user property of this UE among the HSS and determines which S-CSCF to handle this logon message by.
Step 706, I-CSCF will comprise that the logon message Register of above-mentioned Query Result is transmitted to the S-CSCF that step 705 is determined.Described Query Result, the access user ID that obtains for inquiry when successful inquiring is the query failure message that reports when the inquiry failure.
Step 707 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 708, S-CSCF sends AV-Req message, the authentication vector of asking this user to HSS.
Step 709, HSS checks user's authentication subscription data, whether the authentication mode of judging this user according to the authentication subscription data is operation layer authentication and acess-in layer authentication binding, if then execution in step 710 and subsequent step thereof, otherwise the step 107 of carrying out the AKA flow process is carried out general authorizing procedure to step 119.
Step 710, HSS sends AV-Req-Resp message to S-CSCF, and is different with the authentication vector that sends in the prior art, and authentication mode information and access user ID with this user in this step are handed down to S-CSCF.
Step 711, at Query Result is when inquiring about the access user ID that obtains, S-CSCF judges whether the described access user ID that obtains from the CLF inquiry is consistent with the access user ID that HSS issues, if it is consistent, the authentication success then is described, execution in step 712 and follow-up flow process thereof promptly send the message of authentication success to UE; If inconsistent, failed authentication then is described, execution in step 521 and subsequent step thereof promptly send the message of failed authentication to UE.
When Query Result is the query failure message that reports, failed authentication also is described, execution in step 721 and subsequent step thereof promptly send the message of failed authentication to UE.
Step 712 by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 713, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 714, S-CSCF sends 2xx Auth_OK message to I-CSCF, the success of expression authentication.
Step 715, I-CSCF sends to P-CSCF with above-mentioned 2xx Auth_OK message.
Step 716, P-CSCF sends to UE with above-mentioned 2xx Auth_OK message.
Step 721 shown in Fig. 7 b by Cx-Put message, is upgraded the S-CSCF indication information on the HSS between S-CSCF and the HSS, informs that the follow-up processing of this user of HSS carries out at this S-CSCF.
Step 722, S-CSCF and HSS obtain user's subscription data information by Cx-Pull message.
Step 723, S-CSCF represents failed authentication to the message that I-CSCF sends failed authentication.
Step 724, I-CSCF sends to P-CSCF with the message of above-mentioned failed authentication.
Step 725, P-CSCF sends to UE with the message of above-mentioned failed authentication.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (11)

1, the method for a kind of IP Multimedia System authentication and acess-in layer authentication binding is characterized in that this method may further comprise the steps:
A. after proxy call conversation control function entity P-CSCF receives the logon message that user terminal UE sends, determine CLF according to information in information in the described logon message and the logon message that sets in advance and the corresponding relation of link position functional entity CLF;
B.P-CSCF obtains Query Result to the information of adhering to of described CLF inquiry UE in Access Network, and the logon message that will carry described Query Result sends to enquiry call conversation control function entity I-CSCF;
C.I-CSCF is transmitted to the service call session control function entity S-CSCF that home subscriber server HSS informs with described logon message;
D.S-CSCF carries out authentication to UE and obtains authenticating result, and described authenticating result is sent to UE according to the authentication mode of operation layer authentication of obtaining from HSS and acess-in layer authentication binding.
2, method according to claim 1 is characterized in that, further comprises before the steps A:
A1.UE sends logon message to S-CSCF;
A2.S-CSCF asks the authentication vector of described UE to HSS;
A3.HSS judges that according to preset user authentication subscription data whether the authentication mode of described UE is operation layer authentication and acess-in layer authentication binding, and send the message that comprises described authentication mode to S-CSCF under the situation that is;
A4.S-CSCF sends the message that comprises described authentication mode to UE;
A5.UE sends new logon message to P-CSCF after receiving the described message that comprises authentication mode;
Logon message described in steps A, step B and the step C is described new logon message.
3, method according to claim 1 is characterized in that, further comprises before the step D:
S-CSCF asks the authentication vector of described UE to HSS;
HSS judges that according to preset user authentication subscription data whether the authentication mode of described UE is operation layer authentication and acess-in layer authentication binding, and send the message that comprises described authentication mode to S-CSCF under the situation that is.
4, according to claim 2 or 3 described methods, it is characterized in that, described HSS judges according to preset user authentication subscription data whether the authentication mode of described UE is that the step that operation layer authentication and acess-in layer authentication are bound further comprises afterwards: the authentication mode at described UE is not under the situation of operation layer authentication and acess-in layer authentication binding, handles according to key agreement AKA flow process.
5, method according to claim 1 is characterized in that, the information described in the steps A in the logon message is access carrier sign or described logon message source IP address.
6, method according to claim 1 is characterized in that, described logon message comprises the access user ID; In CLF, preserved the UE corresponding in advance and in Access Network, adhered to information with described access user ID;
P-CSCF described in the step B comprises to the step that information obtains Query Result of adhering to of described CLF inquiry UE in Access Network:
P-CSCF adheres to information to described CLF inquiry UE according to described access user ID in Access Network; In CLF, exist the IP address information corresponding with described access user ID adhere to information the time, CLF returns the Query Result that comprises described IP address information to P-CSCF, otherwise returns the Query Result that inquiry is failed to P-CSCF.
7, method according to claim 1 is characterized in that, described logon message comprises private user identity; In CLF, preserved the UE corresponding in advance and in Access Network, adhered to information with described private user identity;
P-CSCF described in the step B comprises to the step that information obtains Query Result of adhering to of described CLF inquiry UE in Access Network:
P-CSCF adheres to information to described CLF inquiry UE according to described private user identity in Access Network; In CLF, exist the IP address information corresponding with described private user identity adhere to information the time, CLF returns the Query Result that comprises described IP address information to P-CSCF, otherwise returns the Query Result that inquiry is failed to P-CSCF.
8, according to claim 1,6, one of 7 described methods, it is characterized in that,
Step B comprises that further P-CSCF sends to the source IP address of the logon message received the step of I-CSCF;
Step C comprises that further I-CSCF is transmitted to described logon message source IP address the step of described S-CSCF;
Described in the step D UE being carried out the step that authentication obtains authenticating result comprises:
When described Query Result comprises the IP address information, logon message source IP source address that the more described P-CSCF of S-CSCF is received and the IP address information in the described Query Result, if consistent, then obtain the authenticating result of authentication success, otherwise obtain the authenticating result of failed authentication; When described Query Result was query failure message, S-CSCF obtained the authenticating result of failed authentication.
9, method according to claim 1 is characterized in that, has preserved the UE corresponding with the logon message source IP address in advance and adhere to information in CLF in Access Network;
P-CSCF described in the step B comprises to the step that information obtains Query Result of adhering to of described CLF inquiry UE in Access Network:
P-CSCF adheres to information to described CLF inquiry UE according to described logon message source IP address in Access Network; In CLF, exist the access subscriber association information corresponding with described logon message source IP address adhere to information the time, CLF returns the Query Result that comprises described access subscriber association information to P-CSCF, otherwise returns the Query Result that inquiry is failed to P-CSCF.
10, according to claim 1 or 9 described methods, it is characterized in that,
Described in the step D UE is carried out authentication and obtain further comprising before the authenticating result that S-CSCF obtains to be kept in advance the step of access subscriber association information of the binding of HSS from HSS;
Described in the step D UE being carried out the step that authentication obtains authenticating result comprises:
When described Query Result comprises the access subscriber association information, the access subscriber association information of the more described binding that obtains from HSS of S-CSCF and the access subscriber association information the described Query Result, if it is consistent, then obtain the authenticating result of authentication success, otherwise obtain the authenticating result of failed authentication; When described Query Result was query failure message, S-CSCF obtained the authenticating result of failed authentication.
11, method according to claim 10 is characterized in that, described access subscriber association information is for inserting user ID, positional information or IP address information.
CNB2005100932168A 2005-07-05 2005-08-19 Method for binding IP multi-media subsystem authentication and acess-in layer authentication Active CN100442926C (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
CNB2005100932168A CN100442926C (en) 2005-07-05 2005-08-19 Method for binding IP multi-media subsystem authentication and acess-in layer authentication
DE602006011282T DE602006011282D1 (en) 2005-07-05 2006-07-05 AUTHENTICATION PROCEDURE FOR THE IP MULTIMEDIA SUBSYSTEM
BRPI0612687-1A BRPI0612687B1 (en) 2005-07-05 2006-07-05 IP MULTIMEDIA SUBSYSTEM AUTHENTICATION METHOD
EP06753103A EP1853032B1 (en) 2005-07-05 2006-07-05 An authentication method for the ip multimedia subsystem
CN200680010294.XA CN101151869B (en) 2005-07-05 2006-07-05 Internet protocol multimedia subsystem authorization method
PCT/CN2006/001569 WO2007003140A1 (en) 2005-07-05 2006-07-05 An authentication method of internet protocol multimedia subsystem
AT06753103T ATE453282T1 (en) 2005-07-05 2006-07-05 AUTHENTICATION PROCEDURE FOR THE IP MULTIMEDIA SUBSYSTEM
US11/842,668 US7974604B2 (en) 2005-07-05 2007-08-21 Method of authentication in IP multimedia subsystem
US13/092,413 US8364121B2 (en) 2005-07-05 2011-04-22 Method of authentication in IP multimedia subsystem

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN200510082907 2005-07-05
CN200510082907.8 2005-07-05
CNB2005100932168A CN100442926C (en) 2005-07-05 2005-08-19 Method for binding IP multi-media subsystem authentication and acess-in layer authentication

Publications (2)

Publication Number Publication Date
CN1893722A true CN1893722A (en) 2007-01-10
CN100442926C CN100442926C (en) 2008-12-10

Family

ID=37598124

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100932168A Active CN100442926C (en) 2005-07-05 2005-08-19 Method for binding IP multi-media subsystem authentication and acess-in layer authentication

Country Status (1)

Country Link
CN (1) CN100442926C (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008113292A1 (en) * 2007-03-16 2008-09-25 Huawei Technologies Co., Ltd. A method, apparatus and system for obtaining cs domain attaching state
WO2009024076A1 (en) * 2007-08-21 2009-02-26 Huawei Technologies Co., Ltd. Method for configuring service and entity for storing service configuration
CN101291332B (en) * 2008-05-23 2012-06-13 中兴通讯股份有限公司 Implementing method of multimedia name card on terminal
CN103581112A (en) * 2012-07-20 2014-02-12 中国移动通信集团浙江有限公司 Authentication method and device for PBX having access to IMS
CN104066109A (en) * 2014-06-30 2014-09-24 中国联合网络通信集团有限公司 Method, device and system for registration management of IMS network

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE602006011282D1 (en) 2005-07-05 2010-02-04 Huawei Tech Co Ltd AUTHENTICATION PROCEDURE FOR THE IP MULTIMEDIA SUBSYSTEM

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10116547A1 (en) * 2001-04-03 2002-10-10 Nokia Corp Registration of a terminal in a data network
US6859651B2 (en) * 2002-03-28 2005-02-22 Nokia Corporation Method and system for re-authentication in IP multimedia core network system (IMS)
EP1414212B1 (en) * 2002-10-22 2005-10-12 Telefonaktiebolaget LM Ericsson (publ) Method and system for authenticating users in a telecommunication system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008113292A1 (en) * 2007-03-16 2008-09-25 Huawei Technologies Co., Ltd. A method, apparatus and system for obtaining cs domain attaching state
WO2009024076A1 (en) * 2007-08-21 2009-02-26 Huawei Technologies Co., Ltd. Method for configuring service and entity for storing service configuration
US8265622B2 (en) 2007-08-21 2012-09-11 Huawei Technologies Co., Ltd. Method and saving entity for setting service
CN101291332B (en) * 2008-05-23 2012-06-13 中兴通讯股份有限公司 Implementing method of multimedia name card on terminal
CN103581112A (en) * 2012-07-20 2014-02-12 中国移动通信集团浙江有限公司 Authentication method and device for PBX having access to IMS
CN103581112B (en) * 2012-07-20 2016-12-21 中国移动通信集团浙江有限公司 Subscriber exchange accesses method for authenticating and the device of internet protocol multimedia subsystem network
CN104066109A (en) * 2014-06-30 2014-09-24 中国联合网络通信集团有限公司 Method, device and system for registration management of IMS network
CN104066109B (en) * 2014-06-30 2018-01-26 中国联合网络通信集团有限公司 The registration management method, apparatus and system of IMS network

Also Published As

Publication number Publication date
CN100442926C (en) 2008-12-10

Similar Documents

Publication Publication Date Title
CN1832473A (en) Method and device for processing session message in IMS network
CN101052154A (en) IP multimedia sub system and its coding and decoding switching control method
CN101053231A (en) Message-based conveyance of load control information
CN1933478A (en) Media stream packet assembling time length consultation method
CN1661990A (en) Protocol translator
CN1722670A (en) Communication system, communication terminal equipment and meeting control unit
CN1859380A (en) Method for obtaining off line message
CN101030964A (en) Session controller and controlling method
CN1941933A (en) Method and telecommunication system for accessing IMS domain to circuit domain users
CN1893427A (en) Method for conducting business support ability consultation
CN1913503A (en) Control method and system of session route path
CN1801231A (en) Emergency call system and emergency call method
CN1819580A (en) Communication equipment, communication control equipment, and communication system
CN1825830A (en) System and method for implementing route control
CN101052161A (en) Method and system for realizing IMS business intercommunication
CN1859395A (en) Service realizing system and method for IP multimedia subsystem
CN1842211A (en) Method and system for realizing route control
CN1893722A (en) Method for binding IP multi-media subsystem authentication and acess-in layer authentication
CN1956460A (en) Method and device for recovering network connection
CN1665324A (en) Method for constructing press-and-speak communication linkage and press-and-speak customer unit and communication device thereof
CN1889771A (en) A HLR and inserting IMS domain method and system for traditional mobile terminal
CN1889586A (en) A log-on/log-down system and log-on/log-down method
CN1878388A (en) Method for confirming data transmission service quality in communication network
CN101064863A (en) Method and system for providing media resource service in IMS network
CN1870777A (en) Method, network and equipment for selecting called route

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant