WO2004019640A1 - Verfahren zum identifizieren eines kommunikationsendgeräts - Google Patents

Verfahren zum identifizieren eines kommunikationsendgeräts Download PDF

Info

Publication number
WO2004019640A1
WO2004019640A1 PCT/DE2002/003060 DE0203060W WO2004019640A1 WO 2004019640 A1 WO2004019640 A1 WO 2004019640A1 DE 0203060 W DE0203060 W DE 0203060W WO 2004019640 A1 WO2004019640 A1 WO 2004019640A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
service
public
service network
communication terminal
Prior art date
Application number
PCT/DE2002/003060
Other languages
German (de)
English (en)
French (fr)
Inventor
Georg Kastelewicz
Peter Kim
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Priority to BR0215842-6A priority Critical patent/BR0215842A/pt
Priority to PCT/DE2002/003060 priority patent/WO2004019640A1/de
Priority to DE10297762T priority patent/DE10297762D2/de
Priority to CNB028294548A priority patent/CN100362896C/zh
Priority to AU2002336891A priority patent/AU2002336891A1/en
Publication of WO2004019640A1 publication Critical patent/WO2004019640A1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/147Signalling methods or messages providing extensions to protocols defined by standardisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/58Message adaptation for wireless communication

Definitions

  • mobile radio users are offered services which are provided by special networks (service networks) which are optimized for the provision of services.
  • service networks are connected to the service network via an access network (e.g. a communication network working according to the GPRS standard). It is often of interest for network operators to ascertain the identity of the service users before a service is provided and to register these users if authentication is successful.
  • IMS IP Multimedia Subsystem
  • a prerequisite for the charging of services requested by a user (service charging) in the IMS is the identification of the user in the IMS, as can be implemented according to the mechanisms described in the 3GPP TS 23.228 version 5.4.1. However, the implementation of these mechanisms requires that communication terminals and the access network essentially have to be adapted or comply with the 3GPP standardization release 5, which is not yet implemented.
  • a registration procedure as required above is the subject of German patent application DE 10223248.2.
  • a method for identifying a communication terminal (UE) registered in a service network (IMS) when using a ⁇ TO ⁇ is provided with a communication service that can be organized, with communication end devices (UE) accessing the service network (IMS) via an access network (GPRS) connecting the communication terminal device (UE) to the service network (IMS), in which a Pre-step a registration IP address (IP-SRC-UE), which was assigned to the communication terminal (UE) when the communication terminal (UE) registered with the access network (GPRS), received by the service network (IMS) and in this was stored for the respective user of the communication terminal, the registration IP address (IP-SRC-UE) of the service network (IMS) was assigned a public identifier (SIP-Public-ID) of the communication terminal (UE), and during registration of the communication terminal in the service network gives the communication terminal an identifier Chen (token) was assigned by the service network
  • IMS IP-SRC-UE
  • RN random number
  • the identifier (token) and a public identifier are also transmitted, before providing the requested communication service, the identifier transmitted with the messages (SIP Message, SIP INVITE,) on the part of the communication terminal with the identifier data and the transmitted public Identifier can be compared with the corresponding public identifier stored in the service network and - with simultaneous agreement of the identifier with the identifier data and the public identifier contained in the messages to be sent by the communication terminal for the provision of the communication service with the public identifier stored in the service network Identifier the requested communication service is carried out, and - if the identifier does not match the identifier data and / or the messages to be sent by the communication terminal to provide the communication service e Contained public identifier with the public identifier stored in the service network, an execution of the requested communication service is denied.
  • the method according to the invention advantageously does not require any communication terminals or access networks which correspond to standardization regulations of 3GPP "Release 5". Rather, the method according to the invention can also be used with the communication terminals and access networks prevailing today which standardization regulations of 3GPP "Release 1999” (also as “Release.” 3 ") are sufficient. For example, common communication terminal devices are now suitable which only have a conventional" Subscriber Identity Module (SIM) "card.
  • SIM Subscriber Identity Module
  • a further advantage of the method according to the invention is that the license plate can be “guessed” only with great difficulty, since the license plate is generated from the login IP address and a random number by means of an encryption method
  • This and the routing in the access network advantageously ensures that the identifier only reaches the communication terminal with the login IP address, so that in the further course of the method only for this a communication terminal can successfully identify.
  • the method according to the invention can be designed such that the identifier is stored in the service network as identifier data, when the identifier assigned to the communication terminal is compared with the identifier data stored in the service network, the identifier assigned to the communication network is compared with the stored identifier. and with simultaneous agreement of the identifier assigned to the communication terminal with the stored identifier and that in the to provide the Communication service on the part of the communication terminal to be sent messages containing the public identifier with the public identifier stored in the service network
  • the identification can be carried out in a particularly simple manner, since in just one comparison step the identifier already assigned to the communication terminal during the registration of the communication terminal in the service network needs to be compared with the stored identifier. It is also not necessary to decrypt the license plates, so that the resources of the service network are used only slightly.
  • the method according to the invention can also be designed such that the registration IP address and the random number are stored in the service network as identifier data and, after receipt of messages to be sent from the communication terminal to the service network in order to provide the communication service, from the service network ( IMS) the license plate transmitted with these messages is decrypted.
  • a comparison of the transmitted identifier with the identifier data stored in the service network then means that the login IP address recovered during the decryption is compared with the stored login IP address. If the recovered login IP address coincides with the stored login IP address and the public ID contained in the messages to be sent by the communication terminal to provide the communication service the requested communication service is carried out with the public identifier stored in the service network.
  • the license plate is marked as invalid when a predetermined validity period of the license plate has elapsed.
  • the license plate can only be used for a certain period of validity. If the license plate becomes known to unauthorized persons, the duration of any undesired use is limited.
  • the number plate can also be decrypted by the switching center of the service network.
  • the method according to the invention can also be carried out in such a way that a switching center of the service network compares the license plate number transmitted by the communications terminal to be sent to provide the communication service with the license plate data and the transmitted public identifier with the public identifier stored in the service network the requested communication service is carried out by the switching center with simultaneous agreement of the license plate with the license plate data and the transmitted public identification with the public identification stored in the service network, and by the switching center if the number plate does not match the registration number Data and / or the transmitted public identifier with the public identifier stored in the service network, the execution of the requested communication service is refused.
  • FIG. 1 shows an exemplary embodiment of an arrangement for carrying out the method according to the invention
  • FIG. 2 shows a schematic representation of an exemplary embodiment of the method according to the invention.
  • the first communication terminal UE1 and the second communication terminal UE2 can be, for example, mobile telephones, laptops or palmtops with a mobile radio module.
  • a service network IMS IP multimedia subsystem
  • S-CSCF Call session control function
  • S-CSCF Serv ing-CSCF
  • a message called "IMS Instant Message" can be sent to the second communication terminal UE2; that is, a specific service is requested. This request can only be made after successful registration. If the communication terminal UE1 is successfully registered in the IMS, it must identify or authenticate again immediately before or when requesting a service.
  • a user of a communication terminal wants to use services of the IMS service network, his communication terminal is logged into the access network (the access network is now often implemented by a so-called "Release 1999" GPRS network).
  • a GPRS user authentication known per se is carried out, this uses the SIM card present in the terminal device.
  • the communication terminal device has to register with the service network IMS and thereby authenticate. Both procedures, the registration in the access network GPRS and the registration (registration) in the Service network IMS, for example, are carried out automatically when the terminal is switched on.
  • An essential part of the registration with the service network is authentication by the service network.
  • a user of the communication terminal is authenticated during registration of the communication terminal with the service network ie the SIM card of the user, which is inserted in the communication terminal, is recognized and thus closed to the person of the user.
  • FIG. 2 shows how an IMS user identification for using a communication service or here an IMS service is carried out according to the invention.
  • the displayed message flow (SIP message flow) is identical to a standardized message flow shown in the 3GPP in the document TS 24.228 version 5.00, but differs from the standard on the one hand in that the communication terminal has an identifier, a so-called Token is also sent and on the other hand in the identification procedure according to the invention, which is carried out in the service network IMS.
  • the exemplary embodiment begins with the registration of a communication terminal UE-A of a subscriber A in an access network, in this example a GPRS access network.
  • IP-SRC-UE assign a temporary IP address IP-SRC-UE to the communication terminal UE-A. This IP address allows other network participants to send IP packets to the communication terminal.
  • Another communication terminal UE-B of a second subscriber B is also logged in.
  • the communication terminal UE-A registers in the service network IMS. In the course of the registration process, which is known from DE 10223248, an identifier (token) is transmitted to the communication terminal UE-A.
  • subscriber A After registration, subscriber A starts a communication service or an IMS service on his communication terminal UE-A.
  • the message flow that follows is analogous to the message flow specified in the standard TS 23.228.
  • a so-called SIP INVITE message is first sent from the communication terminal UE-A of subscriber A to the communication terminal UE-B of subscriber B.
  • the SIP INVITE message contains the speed IP address (IP-SRC-UE-1) of the communication terminal
  • the SIP-INVITE message also contains a public identifier SIP-Public-ID-1, which was assigned to the communication terminal UE-A by the service network IMS. This parameter can also be manipulated by a dishonest participant A. To check this, the token assigned during registration is inserted into the SIP INVITE message by the communication terminal UE-A.
  • the sequence described so far comprises steps 2 to 5 in FIG. 2.
  • a switching center S-CSCF of the service network IMS receives the SIP INVITE message with the identifier (token) (step 6).
  • the identifier (token) from the SIP INVITE message is compared with the identifier (token) stored on the exchange S-CSCF or the identifier (token) from the SIP-INVITE message is first decrypted in the switching center S-CSCF and the parameters RN and IP-SRC-UE obtained therefrom are then entered with a corresponding entry ⁇ RN, IP-SRC-UE; SIP Public ID> compared in a database of the exchange S-CSCF.
  • the public identifier the so-called SIP Public User ID from the SIP INVITE message with the SIP Public IP assigned to this identifier (token) or with the corresponding ⁇ RN, IP-SRC-UE, SIP Public -ID> Triple stored SIP Public User ID compared.
  • the subscriber A is identified if either the identifier (token) from the SIP INVITE message with that on the Switch S-CSCF matches the identifier (token) and the public identifier SIP-Public-ID stored for this identifier (token) on the switch S-CSCF matches the public identifier SIP-Public-ID-1 from the SIP-INVITE message matches or if for the parameters RN and IP-SRC-UE decrypted from the identifier (token) of the SIP INVITE message a suitable ⁇ RN, IP-SRC-UE; SIP-Public-ID> entry on the switching center S-CSCF exists and the public identifier SIP-Public-ID stored in this entry matches the public identifier SIP-Public-ID-1 from the SIP-INVITE message.
  • the exchange S-CSCF sends a SIP-401-UNAUTHORIZED message to the communication terminal UE-A of subscriber A.
  • the message flow is continued analogously to the standard TS 23.228 (step 7-27).
  • the identifier (token) is also added to the sent message and the check just described for the SIP INVITE message is carried out.
  • the message flow according to FIG. 2 is only continued in the event of success, otherwise the communication service is terminated.
  • IP-SRC-UE In order to search for the associated identifier (token) or the associated data record entry ⁇ RN, IP-SRC-UE; in the IMS user authentication at the switching center S-CSCF; SIP Public ID> to accelerate, for example, an index ver drive can be used in the switching center database.
  • the database index required for this can be e.g. from the
  • IP address IP-SRC-UE is only delivered to the terminal device which has been assigned this IP address by the gateway GPRS switching center GGSN « . This is ensured by routing in the GPRS access network.
  • the encryption of all messages during transmission via the air interface ensures that the token cannot be intercepted by other GPRS devices.
  • the use of a random number in the token generation prevents the token (identifier) from being used by dishonest intentions from another terminal device that is randomly assigned the same temporary IP address at a later point in time.
  • the method according to the invention does not require any new interfaces or network elements. Without a clear identification of a subscriber who wants to use a communication service of a service network, no communication services can be billed.
  • the method according to the invention provides a solution for secure subscriber authentication.
  • the method according to the invention can be used both for charging for services in a service network, such as IMS, and for charging content that is offered in the service network, such as IMS.
  • the method according to the invention provides the same security as exists today for WAP services.
  • a great advantage for a network operator is that for a service network like IMS, today's Release 99 GPRS networks can be used as access networks, since a secure authentication of a service user is possible by means of the method according to the invention.
  • An advantage for a service user is that in addition to GPRS (e.g. WAP) services, he can also use IMS services without having to log in again, for example with a password.
  • GPRS e.g. WAP
  • the method described can advantageously be used to prevent messages which, for example, are sent with dishonest intentions with an incorrect IP address or an incorrect SIP Public User ID, which leads to incorrect authentication.
  • An essential aspect of the method is that a communication terminal is assigned an identifier by addressing it with a specific temporary IP address to the terminal that actually has this specific temporary IP address. This is ensured by the routing mechanisms of the access network (e.g. a GPRS network). If a device only faked a temporary IP address during registration, it will not receive this identifier. However, the indicator is required for a successful request from an IMS service. in the
  • the license plate allows verification of the temporary IP address. This in turn then allows the public identifier SIP-Public-ID and a corresponding private identifier SIP-Private-ID to be reliably identified.
  • IP multimedia subsystem IP multimedia subsystem
  • IMS IP multimedia subsystem
  • the problem is that a subscriber can fraudulently modify a communication device, which can result in SIP messages with an incorrect IP address and an incorrect SIP Public User ID being sent, resulting in incorrect charging
  • the described method enables the IMS user to be reliably identified even in the event that the service network IMS is connected to a “Release 1999” GPRS network that is common today or that existing “Release 1999” Devices that do not have an ISIM card, for example, can be used by doing this for the purpose of registration in the IMS to the communication device t sent identifier (token) is used to check the identity or authenticity of a subscriber who wants to use an IMS service and for this purpose sends service-related messages.
  • identifier token
  • the service network IMS is able to check whether the temporary IP address or the SIP public user ID specified in the service-relevant messages matches that which was specified and verified when the communication terminal was registered. Through this secure authentication the subscriber may be charged for IMS services.
  • An example scenario is the following:
  • a fraudulent subscriber logs into a 1999 GPRS access network. He would like to send an IMS instant message to another subscriber and thereby cause a connected service network, such as an IMS, to charge a third party of the service network for costs incurred for sending the instant message.
  • the dishonest participant logs on under his own identity in the GPRS access network and in the service network such as IMS. According to the registration procedure from DE 10223248, every subscriber of the service network IMS receives a token during the successful booking into the IMS. Up to this step, the dishonest participant must behave correctly, otherwise he will not be logged into the IMS service network. This also gives him a valid token.
  • the service network IMS would deliver the instant message to the recipient and charge according to the wrong information that the dishonest participant has inserted in the instant message. This means that the wrong IMS participant is billed, which must be excluded in any case.
  • the method according to the invention requires that IMS services can only be used if the identifier is specified.
  • the indicator enables the specified IP address and the specified SIP public ID to be checked.
  • Each IMS participant only receives his own identifier (token) when registering and not that of another IMS participant. It is also difficult to guess the token (token) due to the random number it contains. It is also not possible to listen to the license plate (token), since all messages are encrypted and transmitted over the air interface.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
PCT/DE2002/003060 2002-08-16 2002-08-16 Verfahren zum identifizieren eines kommunikationsendgeräts WO2004019640A1 (de)

Priority Applications (5)

Application Number Priority Date Filing Date Title
BR0215842-6A BR0215842A (pt) 2002-08-16 2002-08-16 Processo para identificação de um terminal de comunicação
PCT/DE2002/003060 WO2004019640A1 (de) 2002-08-16 2002-08-16 Verfahren zum identifizieren eines kommunikationsendgeräts
DE10297762T DE10297762D2 (de) 2002-08-16 2002-08-16 Verfahren zum Identifizieren eines Kommunikationsendgeräts
CNB028294548A CN100362896C (zh) 2002-08-16 2002-08-16 用于验证通信终端设备的方法
AU2002336891A AU2002336891A1 (en) 2002-08-16 2002-08-16 Method for identifying a communications terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/DE2002/003060 WO2004019640A1 (de) 2002-08-16 2002-08-16 Verfahren zum identifizieren eines kommunikationsendgeräts

Publications (1)

Publication Number Publication Date
WO2004019640A1 true WO2004019640A1 (de) 2004-03-04

Family

ID=31892774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2002/003060 WO2004019640A1 (de) 2002-08-16 2002-08-16 Verfahren zum identifizieren eines kommunikationsendgeräts

Country Status (5)

Country Link
CN (1) CN100362896C (zh)
AU (1) AU2002336891A1 (zh)
BR (1) BR0215842A (zh)
DE (1) DE10297762D2 (zh)
WO (1) WO2004019640A1 (zh)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006126962A2 (en) * 2005-05-25 2006-11-30 Telefonaktiebolaget Lm Ericsson (Publ) Authentication of an application layer media flow request for radio resources
WO2006128373A1 (fr) * 2005-05-31 2006-12-07 Huawei Technologies Co., Ltd. Procede pour l'authentification de domaine im pour le module d'identification d'utilisateur de terminal et systeme associe
WO2007012247A1 (fr) * 2005-07-29 2007-02-01 Huawei Technologies Co., Ltd Procédé et appareil permettant d’enregistrer l’interaction d’identification d’utilisateur de terminal sans fil
CN1327680C (zh) * 2005-03-25 2007-07-18 华为技术有限公司 一种电路交换网络到ims网络呼叫路由的建立方法
EP1830536A1 (en) * 2006-03-01 2007-09-05 Siemens Aktiengesellschaft Method for self-provisioning of subscriber data in the IP multimedia subsystem (IMS)
CN100366031C (zh) * 2005-05-20 2008-01-30 北京交通大学 一种IPv6传感器网络中支持压缩包并行传输的实现方法
WO2008041798A1 (en) * 2006-10-02 2008-04-10 Lg Electronics Inc. Method for transmitting legacy service message through internet protocol multimedia subsystem network and user equipment therefor
CN100396156C (zh) * 2005-07-26 2008-06-18 华为技术有限公司 一种同步sqn的处理方法
US20080184029A1 (en) * 2007-01-30 2008-07-31 Sims John B Method and system for generating digital fingerprint
CN100417285C (zh) * 2005-08-29 2008-09-03 华为技术有限公司 一种鉴权元组留用方法
CN100433738C (zh) * 2005-01-19 2008-11-12 华为技术有限公司 一种在终端之间实现能力交互的方法
CN100433909C (zh) * 2005-04-29 2008-11-12 华为技术有限公司 一种从电路交换网络到ims网络传输呼叫信令的方法
CN100455110C (zh) * 2005-06-06 2009-01-21 华为技术有限公司 随机接入信道的分配和接入方法
WO2010039569A2 (en) * 2008-09-30 2010-04-08 Qualcomm Incorporated Third party validation of internet protocol addresses
CN102546574A (zh) * 2010-12-24 2012-07-04 中国移动通信集团公司 基于ip多媒体子系统的流媒体点播方法和装置
CN103152342A (zh) * 2006-12-22 2013-06-12 日本电气株式会社 线路交换用户代理系统、通信装置以及运用于这些系统和装置的服务提供方法
US8548467B2 (en) 2008-09-12 2013-10-01 Qualcomm Incorporated Ticket-based configuration parameters validation
US8862872B2 (en) 2008-09-12 2014-10-14 Qualcomm Incorporated Ticket-based spectrum authorization and access control
US9037732B2 (en) 2005-03-28 2015-05-19 Huawei Technologies Co., Ltd. Method of implementing UE capability exchange and route control for parallel IMS and CS services

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100440997C (zh) * 2005-10-22 2008-12-03 华为技术有限公司 一种将传统移动终端接入多媒体域的系统和方法
CN1980250B (zh) * 2005-11-29 2012-02-29 中国移动通信集团公司 网络协议多媒体子系统及获取接入点信息的方法
WO2007062674A1 (en) * 2005-12-01 2007-06-07 Telefonaktiebolaget Lm Ericsson (Publ) Call handling for ims registered user
CN101030853B (zh) * 2006-03-02 2010-04-14 华为技术有限公司 一种用户终端的鉴权方法
CN101166177B (zh) * 2006-10-18 2010-09-22 大唐移动通信设备有限公司 一种非接入层初始信令传送的方法及系统
CN101079903B (zh) * 2007-06-21 2011-01-19 中国工商银行股份有限公司 基于用户终端远程登录的方法及系统
CN101217374B (zh) * 2008-01-18 2010-06-23 北京工业大学 三方会话中用户隐私保护方法
CN101946455B (zh) * 2008-02-21 2012-09-05 上海贝尔股份有限公司 用于异构网络的一次通过认证机制和系统
CN102752324B (zh) * 2011-04-18 2015-06-24 阿里巴巴集团控股有限公司 网络通信系统和方法
US10558808B2 (en) * 2016-03-03 2020-02-11 Qualcomm Incorporated Methods and apparatus for packet-based validation of control-flow transfers for hardware control-flow enforcement

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4919545A (en) * 1988-12-22 1990-04-24 Gte Laboratories Incorporated Distributed security procedure for intelligent networks

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2790177B1 (fr) * 1999-02-22 2001-05-18 Gemplus Card Int Authentification dans un reseau de radiotelephonie

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4919545A (en) * 1988-12-22 1990-04-24 Gte Laboratories Incorporated Distributed security procedure for intelligent networks

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"UMTS (Phase 2+); 3G security; Access security for IP-based services (3GPP TS 33.203 version 5.2.0 Release 5); ETSI TS 133 203 V5.2.0", ETSI TS 133 203 V5.2.0, June 2002 (2002-06-01), pages 1 - 37, XP002225941 *
A. NIEMI, J. ARKKO, V. TORVINEN: "HTTP Digest Authentication Using AKA, NETWORK WORKING GROUP INTERNET-DRAFT, draft-ietf-sip-digest-aka-01", NETWORK WORKING GROUP INTERNET-DRAFT, 25 April 2002 (2002-04-25), pages 1 - 18, XP002225942 *

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100433738C (zh) * 2005-01-19 2008-11-12 华为技术有限公司 一种在终端之间实现能力交互的方法
CN1327680C (zh) * 2005-03-25 2007-07-18 华为技术有限公司 一种电路交换网络到ims网络呼叫路由的建立方法
US10237726B2 (en) 2005-03-28 2019-03-19 Huawei Technologies Co., Ltd. Method of implementing UE capability exchange and route control for parallel IMS and CS services
US9037732B2 (en) 2005-03-28 2015-05-19 Huawei Technologies Co., Ltd. Method of implementing UE capability exchange and route control for parallel IMS and CS services
CN100433909C (zh) * 2005-04-29 2008-11-12 华为技术有限公司 一种从电路交换网络到ims网络传输呼叫信令的方法
CN100366031C (zh) * 2005-05-20 2008-01-30 北京交通大学 一种IPv6传感器网络中支持压缩包并行传输的实现方法
WO2006126962A3 (en) * 2005-05-25 2007-02-15 Ericsson Telefon Ab L M Authentication of an application layer media flow request for radio resources
WO2006126962A2 (en) * 2005-05-25 2006-11-30 Telefonaktiebolaget Lm Ericsson (Publ) Authentication of an application layer media flow request for radio resources
WO2006128373A1 (fr) * 2005-05-31 2006-12-07 Huawei Technologies Co., Ltd. Procede pour l'authentification de domaine im pour le module d'identification d'utilisateur de terminal et systeme associe
US8027666B2 (en) 2005-05-31 2011-09-27 Huawei Technologies Co., Ltd. Method and system for authenticating terminal subscriber identity module in IP multimedia domain
CN100455110C (zh) * 2005-06-06 2009-01-21 华为技术有限公司 随机接入信道的分配和接入方法
CN100396156C (zh) * 2005-07-26 2008-06-18 华为技术有限公司 一种同步sqn的处理方法
WO2007012247A1 (fr) * 2005-07-29 2007-02-01 Huawei Technologies Co., Ltd Procédé et appareil permettant d’enregistrer l’interaction d’identification d’utilisateur de terminal sans fil
CN100417285C (zh) * 2005-08-29 2008-09-03 华为技术有限公司 一种鉴权元组留用方法
US8805361B2 (en) 2006-03-01 2014-08-12 Nokia Siemens Networks Gmbh & Co. Kg Method for self-provisioning of subscriber data in the IP multimedia subsystem (IMS)
EP1830536A1 (en) * 2006-03-01 2007-09-05 Siemens Aktiengesellschaft Method for self-provisioning of subscriber data in the IP multimedia subsystem (IMS)
WO2007099090A1 (en) * 2006-03-01 2007-09-07 Nokia Siemens Networks Gmbh & Co.Kg Method for self-provisioning of subscriber data in the ip multimedia subsystem (ims)
EP2066091A1 (en) 2006-03-01 2009-06-03 Nokia Siemens Networks Gmbh & Co. Kg Method for self-provisioning of subscriber data in the IP Multimedia Subsystem (IMS)
WO2008041798A1 (en) * 2006-10-02 2008-04-10 Lg Electronics Inc. Method for transmitting legacy service message through internet protocol multimedia subsystem network and user equipment therefor
CN103152342A (zh) * 2006-12-22 2013-06-12 日本电气株式会社 线路交换用户代理系统、通信装置以及运用于这些系统和装置的服务提供方法
US8689300B2 (en) * 2007-01-30 2014-04-01 The Boeing Company Method and system for generating digital fingerprint
US20080184029A1 (en) * 2007-01-30 2008-07-31 Sims John B Method and system for generating digital fingerprint
US8548467B2 (en) 2008-09-12 2013-10-01 Qualcomm Incorporated Ticket-based configuration parameters validation
US8862872B2 (en) 2008-09-12 2014-10-14 Qualcomm Incorporated Ticket-based spectrum authorization and access control
US8913995B2 (en) 2008-09-12 2014-12-16 Qualcomm Incorporated Ticket-based configuration parameters validation
WO2010039569A3 (en) * 2008-09-30 2010-10-21 Qualcomm Incorporated Third party validation of internet protocol addresses
US9148335B2 (en) 2008-09-30 2015-09-29 Qualcomm Incorporated Third party validation of internet protocol addresses
WO2010039569A2 (en) * 2008-09-30 2010-04-08 Qualcomm Incorporated Third party validation of internet protocol addresses
CN102546574A (zh) * 2010-12-24 2012-07-04 中国移动通信集团公司 基于ip多媒体子系统的流媒体点播方法和装置

Also Published As

Publication number Publication date
CN1650659A (zh) 2005-08-03
CN100362896C (zh) 2008-01-16
BR0215842A (pt) 2005-06-21
DE10297762D2 (de) 2005-04-07
AU2002336891A1 (en) 2004-03-11

Similar Documents

Publication Publication Date Title
WO2004019640A1 (de) Verfahren zum identifizieren eines kommunikationsendgeräts
EP1365620B1 (de) Verfahren zum Registrieren eines Kommunikationsendgeräts in einem Dienstnetz (IMS)
DE19722424C1 (de) Verfahren zum Sichern eines Zugreifens auf ein fernab gelegenes System
EP1449324B1 (de) Nutzung eines public-key-schlüsselpaares im endgerät zur authentisierung und autorisierung des telekommunikations-teilnehmers gegenüber dem netzbetreiber und geschäftspartnern
DE60114986T2 (de) Verfahren zur herausgabe einer elektronischen identität
DE69929574T2 (de) Verfahren zur Sicherung einer Funkverbindung in einem drahtlosen System
DE60313445T2 (de) Apparat und Methode für eine Authentisierung mit einmaliger Passworteingabe über einen unsicheren Netzwerkzugang
DE60314673T2 (de) Mittel und verfahren zur steuerung der dienstprogression zwischen verschiedenen domänen
EP2443853A1 (de) Verfahren zum einbuchen eines mobilfunkgeräts in ein mobilfunknetz
WO2004034717A1 (de) Überprüfen der einbuchungsberechtigung durch eine zugangs-berechtigungsmarke
EP1290905B1 (de) Verfahren zur kryptografischen identifikation einer physikalischen einheit in einem drahtlosen telekommunikationsnetzwerk
WO2012150160A1 (de) Beantwortung von anfragen mittels des kommunikationsendgeräts eines nutzers
EP3799379B1 (de) Verfahren und ip-basiertes kommunikationssystem zum wechseln von verbindungs-steuerungsinstanzen ohne neuregistrierung von endteilnehmern
WO2007073842A1 (de) Verfahren zur vorbereitung einer chipkarte für elektronische signaturdienste
WO2003063409A2 (de) Verfahren zur datenverkehrssicherung in einer mobilen netzumgebung
WO2004019641A1 (de) Verfahren zum authentifizieren eines nutzers eines kommunikationsendgeräts beim registrieren in einem und bei nutzung von einem dienstnetz
EP1414260A1 (de) Verfahren, System und Vorrichtungen zur Teilnehmerauthentifizierung in einem Telekommunikationsnetz
EP1419638A2 (de) Computersystem und verfahren zur datenzugriffskontrolle
WO2009039866A1 (de) Zugangskontrolle für beispielsweise einem webserver mittels einer durch den benutzer initiierten telefon kommunikationsverbindung
EP1844619A1 (de) Mobilfunknetz, verfahren zum betreiben eines endgerätes in einem solchen und endgerät mit integrierten elektronischen schaltungsanordnungen zur speicherung von das endgerät identifizierenden parametern
EP2723111B1 (de) Mehrfaktor-Authentifikation für mobile Endgeräte
EP1300981B1 (de) Verfahren zum Erzeugen eines authentischen elektronischen Zertifikats
EP1244270B1 (de) Verfahren zur Bereitstellung eines authentischen elektronischen Zertifikats
EP1985086B1 (de) Verfahren zur übermittlung von daten in einem kommunikationsnetz
EP1678933A1 (de) Verfahren zum gesicherten abfragen von daten eines kommunikationsteilnehmers

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 20028294548

Country of ref document: CN

Ref document number: 1020057002630

Country of ref document: KR

ENP Entry into the national phase

Ref document number: 2005107327

Country of ref document: RU

Kind code of ref document: A

REF Corresponds to

Ref document number: 10297762

Country of ref document: DE

Date of ref document: 20050407

Kind code of ref document: P

WWE Wipo information: entry into national phase

Ref document number: 10297762

Country of ref document: DE

WWP Wipo information: published in national office

Ref document number: 1020057002630

Country of ref document: KR

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: JP