WO2007098660A1 - Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia - Google Patents

Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia Download PDF

Info

Publication number
WO2007098660A1
WO2007098660A1 PCT/CN2006/003628 CN2006003628W WO2007098660A1 WO 2007098660 A1 WO2007098660 A1 WO 2007098660A1 CN 2006003628 W CN2006003628 W CN 2006003628W WO 2007098660 A1 WO2007098660 A1 WO 2007098660A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
network device
cscf
initiation
entity
Prior art date
Application number
PCT/CN2006/003628
Other languages
English (en)
Chinese (zh)
Inventor
Yang Xin
Fuyou Miao
Yixian Yang
Kai Zhao
Bing Liu
Pengchao Li
Original Assignee
Huawei Technologies Co., Ltd.
Beijing University Of Posts And Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd., Beijing University Of Posts And Telecommunications filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007098660A1 publication Critical patent/WO2007098660A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to the field of communication and network security technologies, and in particular, to a mutual authentication method and system for network devices in an IP Multimedia Subsystem (IMS). Background technique
  • the IP Multimedia Subsystem (IMS, IP Multimedia Subsystem) is access independent.
  • the network elements defined in the IMS framework include a Serving Call Session Control Function (S-CSCF), a Proxy Call Session Control Function (P-CSCF: Proxy Call Session Control Function), and an Inquiring Call Session Function Entity ( I-CSCF: Interrogating Call Session Control Function), Media Gateway Control Function (MGCF: Media Gateway Control Function), Home Subscriber Server (HSS: Home Subscriber Server), SLF (Subscription Locator Function), etc.
  • S-CSCF Serving Call Session Control Function
  • P-CSCF Proxy Call Session Control Function
  • I-CSCF Interrogating Call Session Control Function
  • MGCF Media Gateway Control Function
  • HSS Home Subscriber Server
  • SLF Subscriber Server
  • SLF Subscriber Server
  • MRFC multimedia resource function controller
  • MRFP multimedia resource function processor
  • Figure 1 shows an existing IMS security architecture.
  • the HSS implements the authentication function between the user equipment and the S-CSCF.
  • the HSS is responsible for generating the key, and the long-term key is stored in the secure memory of the user and is stored by the user's private identification (IMPI).
  • IMPI user's private identification
  • Each user should have only one IMPI, and there can be multiple user public identities (IMPUs) externally.
  • a secure connection is required between the user terminal (UE) and the P-CSCF to ensure that the security association can provide protection for the Gm interface.
  • the security association refers to the negotiation and unification of security mechanisms, parameters, etc. between two or more entities on the network
  • Gm refers to the UE and Reference point between P-CSCFs.
  • data source authentication should be provided, that is, to ensure that the source of the received data matches the source of its claim.
  • 1, 2 is called the security of the IMS access network
  • 3, 4, and 5 are the security of the functional modules in the network domain.
  • IMS IMS Subscriber Identity Card
  • IMS IMS Subscriber Identity Card
  • UMTS- Universal Mobile Universal Mobile Telecommunications System
  • the ISIM card exists on the Universal Integrated Circuit Card (UICC) chip and does not share the security function with the USIM card, but it can also be shared with the USIM.
  • UICC Universal Integrated Circuit Card
  • the ISIM card defined in the prior art mainly includes the following parameters:
  • IMPI IM personally identifiable information
  • IMPU One or more IM public identity
  • a UE successfully registers with the P-CSCF another legitimate UE with a malicious purpose may attempt to masquerade as a P-CSCF to send a SIP message to the S-CSCF.
  • the malicious UE can use the identity of the P-CSCF to send a message to the S-CSCF that affects other users. For example: User A is communicating with the S-CSCF through the P-CSCF, and the malicious UE now uses the identity of the P-CSCF to send a forged message "User A requests to interrupt communication".
  • the S-CSCF assumes that this is User A.
  • the request causes user A communication to be interrupted.
  • the P-CSCF cannot generate billing information and may attack other users.
  • Devices that access the S-CSCF should be strictly part of the core network devices, which only serve IMS. It should be ensured that the UE cannot directly send IP packets directly to network devices outside the IMS restrictions, that is, only IP packets can be sent to the assigned P-CSCF or server.
  • Some measures are taken to prevent malicious UEs from masquerading IMS core network devices at the IP layer, especially for P-CSCF.
  • the access network provides a general protection mechanism to prevent malicious UEs from IP address spoofing.
  • a certain authentication method and a method for preventing BP spoofing are mainly used to implement attacks against malicious UEs.
  • IPSec encapsulated security payload IPSec ESP mechanism is used between the various security domains in the IMS and between the nodes in the security domain for integrity, confidentiality, and data source authentication.
  • IPSec first uses the IKE key exchange protocol to establish an SA security association.
  • ESP uses various security parameters (such as encryption algorithms, key distribution, etc.) agreed upon in the SA to encrypt subsequent communications.
  • IKE negotiation requires the use of a pre-shared key, which is pre-customized by both parties.
  • IPSec is a protocol based on IP. For a pre-shared key, it can only be established. On the basis of the IP of the other party, this makes the pre-shared key authentication only applicable to the fixed IP address, and limits the use of the authentication method by the network device using DHCP (Dynamic Host Configuration Protocol).
  • DHCP Dynamic Host Configuration Protocol
  • Border routers prevent IP spoofing
  • a border router is used at the reference point between the visited network and the home network. As shown in FIG. 2a, a border router is deployed between the UE and the P-CSCF when the P-CSCF belongs to the home network; as shown in FIG. 2b, when the P-CSCF belongs to the access network, the P-CSCF and the S-CSCF Deploy border routers.
  • the S-CSCF provides a trust mechanism to the P-CSCF, that is, the IP of the P-CSCF is legal for the border router. Since the P-CSCF does not belong to the internal network in this case, if the UE spoofs using the IP of the P-CSCF, the border router cannot recognize it.
  • Border routers can only act on external IP spoofing, and there is nothing that can be done inside the network. Summary of the invention
  • the object of the present invention is to provide a mutual authentication method and system for network devices in a multimedia subsystem, so as to improve the security and reliability of the multimedia subsystem.
  • An embodiment of the present invention provides a mutual authentication method for a network device in a multimedia subsystem, where an entity identity identifier of the authentication response network device is stored in the authentication response network device, and the entity identity identifier and the location are stored in the home subscriber server.
  • the method comprising the following steps: the authentication initiation network device receives the service request message sent by the authentication response network device, and from the service request message Obtaining a universal resource identifier of the authentication response network device; the authentication initiation network device sends an authentication vector request to the home subscriber server, where the authentication vector request includes a universal resource identifier of the authentication response network device;
  • the authentication initiation network device sends an authentication challenge to the authentication response network device, where the authentication challenge includes parameters in the authentication vector;
  • the authentication response network device After receiving the authentication challenge, the authentication response network device parses the parameters in the authentication vector, performs operations according to parameters in the authentication vector, and sends the result of the operation to the Authentication initiates a network device;
  • the authentication initiation network device After receiving the authentication response message, the authentication initiation network device determines whether the authentication is successful according to the content of the authentication response message; if the authentication is successful, sends an authentication success message to the authentication response network device.
  • the embodiment of the present invention further provides a mutual authentication system for a network device in a multimedia subsystem, including a home user server, a first network device, and a second network device.
  • the home subscriber server where the entity identity identifier of the second network device and the correspondence between the entity identity identifier and the universal resource identifier of the second network device are stored; and the authentication vector is calculated according to the entity identity identifier and Sending the authentication vector to the first network device, or sending the entity identity identifier to the first network device, where the first network device calculates an authentication vector according to the entity identity identifier;
  • the first network device includes:
  • An authentication information obtaining unit configured to receive and obtain a universal resource identifier of the second network device, and obtain the authentication vector calculated according to the entity identity identifier;
  • An authentication information sending unit configured to send an authentication challenge to the second network device, where the authentication challenge includes the authentication vector
  • An authentication determining unit configured to determine, according to the authentication response of the second network device, whether the authentication is successful
  • the second network device where the entity identity of the second network device is stored, and the authentication interaction with the first network device includes:
  • an authentication operation unit configured to perform an operation on the authentication vector from the first network device, and feed back the result of the operation to the first network device by using an authentication response.
  • the entity identity of the authentication response network device is bound to the universal resource identifier, and the network device using DHCP (Dynamic Host Configuration Protocol) can adopt IPSec IKE.
  • the border router has the ability to identify the external trusted network device, thereby solving the problem of illegally masquerading the authentication response network device regardless of whether the authentication response network device is in the internal home network or the external access network. For example, the UE illegally masquerades as a P-CSCF.
  • Border routers not only protect against peripherals, but also prevent spoofing between internal network devices, such as spoofing between P-CSCFs. Thereby improving the security and reliability of the multimedia subsystem.
  • FIG. 1 is a schematic diagram of an IMS security architecture in the prior art
  • Figure 2a shows the deployment of the border router of the P-CSCF in the home network in the prior art
  • Figure 2b shows the deployment of the border router when the P-CSCF accesses the network in the prior art
  • FIG. 4 is a schematic diagram showing the generation of an authentication vector in the first embodiment of the present invention.
  • FIG. 5 is a schematic diagram of an authentication algorithm according to a first embodiment of the present invention.
  • FIG. 6 is a diagram showing an S-CSCF and a UE in a roaming state in a second embodiment of the present invention
  • FIG. 7 is a diagram showing the S-CSCF and the UE in a roaming state in the third embodiment of the present invention.
  • FIG. 8 is a diagram showing the S-CSCF and the UE in a roaming state in the fourth embodiment of the present invention.
  • FIG. 9 is a structural diagram of an authentication apparatus according to an embodiment of the present invention. detailed description
  • Authentication between network entities is exemplified by authentication between the P-CSCF and the S-CSCF.
  • IMS defines AKA (authentication and key agreement) as two-way authentication between the user and the home network.
  • AKA authentication and key agreement
  • the AKA mechanism is extended between network devices The authentication is performed, and the P-CSCF and the S-CSCF in the IMS network device are mutually authenticated, thereby better solving the problem that the UE masquerades as the P-CSCF and the S-CSCF to directly send the SIP message.
  • an entity identity is first stored in the P-CSCF to identify the identity of the P-CSCF, the entity identity containing the following information:
  • the correspondence between the entity identity, the entity identity, and the Session Initiation Protocol Uniform Resource Identifier (SIP URI) of the P-CSCF is stored in the HSS.
  • SIP URI Session Initiation Protocol Uniform Resource Identifier
  • the signaling path between the UE and the S-CSCF has been established.
  • the UE's location has two conditions: it is within the home network, and it is roaming.
  • the authentication schemes of the S-CSCF and the P-CSCF in these two cases are described in detail below using different implementation schemes.
  • the UE When the UE is in the home zone, that is, in the non-roaming state, the UE sends a SIP message INVITE to the home zone P-CSCF, including the initial session description protocol SDP.
  • the initial SDP may contain one or more media descriptions.
  • Next Home Zone The P-CSCF selects the location of the next hop CSCF. In the non-roaming state, the next hop is the home zone S-CSCF.
  • the authentication process of the home zone S-CSCF and the home zone P-CSCF is triggered, which is similar to the AKA authentication. Referring to Figure 3, the certification process is as follows:
  • Step 101 The home zone S-CSCF sends an authentication vector request to the home zone HSS, where the content of the request includes the SIP URL of the P-CSCF to be authenticated.
  • Step 102 The home zone HSS queries the entity identity information of the P-CSCF according to the universal resource identifier (SIP URI) of the home zone P-CSCF that is requested to be registered, and uses the private key of the P-CSCF as the pre-shared secret.
  • Key K calculates the authentication vector.
  • the home area HSS generates some parameters using fl ⁇ f5 to calculate the authentication vector AV, which is a quintuple composed of RAND, XRES, CK, IK, and AUTN.
  • K is the private 128-bit key of the P-CSCF, and only the P-CSCF and HSS store the key.
  • SQN is a 48-bit serial number
  • RAND is a 128-bit random number
  • AMF is a 16-bit message authentication field
  • MAC is a 64-bit message authentication code generated by function fl
  • XRES is a 64-bit expected response value generated by the function
  • CK is the 128-bit encryption key generated by function ⁇
  • is the 128-bit integrity key generated by function f4
  • AK is the 48-bit anonymous key generated by function f5
  • AUTN is the authentication token
  • AV authentication vector That is, the five-tuple.
  • Step 103 The home zone HSS returns the calculated authentication vector to the S-CSCF.
  • Step 104 The home zone S-CSCF sends an authentication challenge to the home zone P-CSCF, including the random number RAND and the authentication token AUTN.
  • Step 105 The home zone
  • the P-CSCF calculates the XMAC after receiving these, and checks whether the XMAC is equal to the MAC and whether the SQN is in the correct range. If the check is successful, the P-CSCF calculates RES and calculates CK and IK:.
  • Step 106 The P-CSCF sends the calculated authentication parameter to the S-CSCF through the authentication response message.
  • Step 107 The S-CSCF compares the RES sent by the XRES and the P-CSCF. If the comparison is the same, the P-CSCF is successfully authenticated, and subsequent communication can be performed.
  • Step 108 The S-CSCF sends an authentication success message to the P-CSCF.
  • Step 109 After the authentication is completed, both parties determine that CK and IK are assigned keys.
  • the authentication between the P-CSCF and the S-CSCF is completed. Subsequent session messages will be encrypted using the keys CK, IK.
  • the authentication between the P-CSCF and the S-CSCF is triggered when the UE sends a message. If necessary, the S-CSCF can trigger two-way authentication between the S-CSCF and the P-CSCF.
  • the identity private key K of the P-CSCF is independent of the identity of the UE, so the triggering of the authentication is not necessarily related to the UE.
  • the authentication process is triggered when the roaming area P-CSCF directly requests the service from the home zone S-CSCF. See Figure 6.
  • the certification process is as follows:
  • Step 201 The home zone S-CSCF may query the address of the roaming zone HSS according to the SIP URI information in the P-CSCF sending message, and the home zone S-CSCF requests the P-CSCF entity identity identifier from the roaming zone HSS. 102 is similar.
  • Step 202 The roaming area
  • the HSS transmits the entity identity (including the identity, the private key, and the home network) of the P-CSCF to the home zone S-CSCF.
  • the information is transmitted by the S-CSCF public key in the home zone and digitally signed to ensure the privacy, integrity and authenticity of the transmitted information.
  • Step 203 The home zone The S-CSCF calculates an authentication vector according to the obtained entity identity.
  • the authentication vector is calculated in the S-CSCF, and the authentication vector can also be calculated in the HSS.
  • the authentication steps are as follows:
  • the authentication process is triggered when the roaming area P-CSCF requests the service directly from the home zone S-CSCF.
  • Step 301 The home zone S-CSCF may query the address of the roaming zone HSS according to the SIP URI information in the P-CSCF sending message, and the home zone S-CSCF sends an authentication vector request to the roaming zone HSS.
  • Step 302 The roaming area HSS queries the entity identity information of the P-CSCF according to the universal resource identifier (SIP URI) of the home zone P-CSCF, and calculates an authentication vector according to the pre-shared key K therein.
  • SIP URI universal resource identifier
  • Step 303 The roaming area HSS returns the calculated authentication vector to the home zone S-CSCF.
  • the transmission of information is encrypted by the public key of the home zone S-CSCF and digitally signed to ensure the privacy, integrity and authenticity of the transmitted information.
  • Step 304 The home area S-CSCF and the roaming area P-CSCF complete the AKA two-way authentication, and the authentication step is similar to the steps of Embodiment 1, and will not be described again.
  • the entity identity private key K can be used as a pre-shared key for IPSec to establish a security association, thus providing good compatibility.
  • the authentication process is triggered when the roaming area P-CSCF directly requests the service from the home zone S-CSCF. See Figure 8.
  • the certification process is as follows:
  • Step 401 The home zone S-CSCF sends a request to the roaming zone S-CSCF to request authentication of the P-CSCF.
  • Step 402 The roaming area S-CSCF and the P-CSCF perform AKA two-way authentication.
  • Step 403 The roaming area S-CSCF transmits the identity information of the P-CSCF (including the identity identifier, the private key K, the home network) to the home zone S-CSCF, and the communication keys CK and ⁇ : obtained by the step 402 authentication.
  • the information is transmitted by the S-CSCF public key in the home zone and digitally signed to ensure the privacy, integrity and authenticity of the transmitted information.
  • Step 404 The S-CSCF of the home zone establishes a trust relationship with the roaming zone P-CSCF. There are two modes:
  • the P-CSCF performs another authentication with the S-CSCF of the home zone.
  • Roaming area P-CSCF and home area S-CSCF uses CK and IK for subsequent encrypted communication.
  • AKA authentication of the scheme
  • K is allocated in advance outside the network, thereby ensuring the confidentiality of K.
  • AKA's results allow both parties to authenticate each other, negotiating CK and IK for subsequent sessions.
  • CK is used to guarantee the confidentiality of messages; IK is used to guarantee integrity.
  • a mutual authentication system for a network device in a multimedia subsystem is further provided.
  • an authentication response network device 910 and an authentication initiation network device 920 are provided.
  • the home server 930, the authentication initiating network device 910 includes an authentication information acquiring unit 911, an authentication challenge sending unit 912, and an authentication determining unit 913, where the authentication response network device 920 includes an authentication computing unit 921, the authentication response network.
  • the device 920 is provided with an entity identity identifier of the authentication response network device, and the entity identity identifier and the corresponding relationship between the entity identity identifier and the universal resource identifier of the authentication response network device are set in the home subscriber server.
  • the authentication information acquiring unit 911 is configured to authenticate the initiating network device to obtain an authentication vector, and the response network device 920 sends an authentication challenge, where the authentication challenge content includes the authentication vector;
  • the authentication operation unit 921 is configured to: after the authentication response network device 920 receives the authentication challenge, parse the authentication vector, perform an operation according to the authentication vector, and use the authentication determining unit 913 for the After the authentication initiation network device receives the authentication response, the content of the authentication response determines whether the authentication is successful.
  • the authentication initiation network device 910 may be an S-CSCF, and the authentication response network device 920 may be a P-CSCF.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un système d'authentification d'entités de réseau dans un sous-système multimédia IP (IMS). Ce procédé comprend: le calcul d'un vecteur d'authentification (AV) en fonction du rapport entre l'identificateur d'identité de l'entité et l'identificateur de ressource uniforme et ledit identificateur d'identité de l'entité; l'acquisition par l'entité d'initiation d'authentification dudit AV; l'envoi, par ladite entité d'initiation d'authentification, d'une demande d'authentification contenant des paramètres dans le vecteur d'authentification, à l'entité de réponse d'authentification; le calcul, par ladite entité de réponse d'authentification, en fonction des paramètres contenus dans le vecteur d'authentification, et l'envoi, de résultats à ladite entité d'initiation d'authentification via un message de réponse d'authentification, afin que l'authentification soit terminée. Un système d'authentification d'entité de réseau correspondant comprend une entité de réponse d'authentification, une entité d'initiation d'authentification et un serveur d'abonné domestique, ainsi qu'une unité d'acquisition d'AV, une unité d'envoi de demande d'authentification, une unité de calcul d'authentification et une unité de détermination d'authentification. L'invention permet de résoudre le problème de sécurité entre des entités de réseau rencontré dans les antériorités et d'augmenter la fiabilité des lMS. Par ailleurs, le traitement d'authentification est simple et adapté au service de communication en temps réel.
PCT/CN2006/003628 2006-03-02 2006-12-27 Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia WO2007098660A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610057977A CN101030854B (zh) 2006-03-02 2006-03-02 多媒体子系统中网络实体的互认证方法及装置
CN200610057977.2 2006-03-02

Publications (1)

Publication Number Publication Date
WO2007098660A1 true WO2007098660A1 (fr) 2007-09-07

Family

ID=38458648

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/003628 WO2007098660A1 (fr) 2006-03-02 2006-12-27 Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia

Country Status (2)

Country Link
CN (1) CN101030854B (fr)
WO (1) WO2007098660A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101964950A (zh) * 2010-11-04 2011-02-02 哈尔滨工业大学 基于td-lte的宽带多媒体集群系统集群调度服务器的鉴权方法
CN102622691A (zh) * 2012-01-25 2012-08-01 任明和 实现商品分步防伪和网络身份鉴权的方法
CN111464306A (zh) * 2019-01-18 2020-07-28 中兴通讯股份有限公司 认证处理方法、装置、存储介质及电子装置
WO2020199785A1 (fr) * 2019-03-29 2020-10-08 华控清交信息科技(北京)有限公司 Procédé de traitement et procédé de calcul de données privées, et dispositif applicable

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8265593B2 (en) * 2007-08-27 2012-09-11 Alcatel Lucent Method and system of communication using extended sequence number
CN101527632B (zh) * 2008-03-06 2011-12-28 华为技术有限公司 响应消息认证方法、装置及系统
US20090259851A1 (en) 2008-04-10 2009-10-15 Igor Faynberg Methods and Apparatus for Authentication and Identity Management Using a Public Key Infrastructure (PKI) in an IP-Based Telephony Environment
CN101610509B (zh) * 2008-06-16 2011-12-21 华为技术有限公司 一种保护通信安全的方法、装置及系统
CN102457560B (zh) * 2010-10-29 2016-03-30 中兴通讯股份有限公司 一种云计算的安全管理方法和系统
CN103179558B (zh) 2012-09-20 2016-06-22 中兴通讯股份有限公司 集群系统组呼加密实现方法及系统
CN107113610A (zh) * 2014-12-02 2017-08-29 华为技术有限公司 一种无线通信网络中的鉴权方法、相关装置及系统
CN104486352A (zh) * 2014-12-24 2015-04-01 大唐移动通信设备有限公司 一种安全算法发送、安全鉴权方法及装置
CN106162635A (zh) * 2015-04-01 2016-11-23 北京佰才邦技术有限公司 用户设备的认证方法和装置
CN108989318B (zh) * 2018-07-26 2020-12-29 中国电子科技集团公司第三十研究所 一种面向窄带物联网的轻量化安全认证及密钥交换方法
CN109688141A (zh) * 2018-12-27 2019-04-26 杭州翼兔网络科技有限公司 一种生理参数数据加密传输方法
CN116091260B (zh) * 2023-04-07 2023-07-25 吕梁学院 一种基于Hub-node节点的跨域实体身份关联方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004054302A1 (fr) * 2002-12-09 2004-06-24 Telefonaktiebolaget Lm Ericsson (Publ) Enregistrements simultanes d'un utilisateur dans des serveurs de services differents par des numeros d'appels differents
CN1606892A (zh) * 2001-11-05 2005-04-13 高通股份有限公司 用于cdma通信系统中消息整体性的方法和装置
CN1697368A (zh) * 2005-06-20 2005-11-16 中兴通讯股份有限公司 一种基于tls的ip多媒体子系统接入安全保护方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1606892A (zh) * 2001-11-05 2005-04-13 高通股份有限公司 用于cdma通信系统中消息整体性的方法和装置
WO2004054302A1 (fr) * 2002-12-09 2004-06-24 Telefonaktiebolaget Lm Ericsson (Publ) Enregistrements simultanes d'un utilisateur dans des serveurs de services differents par des numeros d'appels differents
CN1697368A (zh) * 2005-06-20 2005-11-16 中兴通讯股份有限公司 一种基于tls的ip多媒体子系统接入安全保护方法

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101964950A (zh) * 2010-11-04 2011-02-02 哈尔滨工业大学 基于td-lte的宽带多媒体集群系统集群调度服务器的鉴权方法
CN102622691A (zh) * 2012-01-25 2012-08-01 任明和 实现商品分步防伪和网络身份鉴权的方法
CN102622691B (zh) * 2012-01-25 2015-11-18 杭州易网新科技有限公司 实现商品分步防伪和网络身份鉴权的方法
CN111464306A (zh) * 2019-01-18 2020-07-28 中兴通讯股份有限公司 认证处理方法、装置、存储介质及电子装置
CN111464306B (zh) * 2019-01-18 2022-12-02 中兴通讯股份有限公司 认证处理方法、装置、存储介质及电子装置
WO2020199785A1 (fr) * 2019-03-29 2020-10-08 华控清交信息科技(北京)有限公司 Procédé de traitement et procédé de calcul de données privées, et dispositif applicable
CN111753324A (zh) * 2019-03-29 2020-10-09 华控清交信息科技(北京)有限公司 私有数据的处理方法、计算方法及所适用的设备
CN111753324B (zh) * 2019-03-29 2024-02-09 华控清交信息科技(北京)有限公司 私有数据的处理方法、计算方法及所适用的设备

Also Published As

Publication number Publication date
CN101030854A (zh) 2007-09-05
CN101030854B (zh) 2010-05-12

Similar Documents

Publication Publication Date Title
WO2007098660A1 (fr) Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia
US10284555B2 (en) User equipment credential system
US8335487B2 (en) Method for authenticating user terminal in IP multimedia sub-system
JP5709322B2 (ja) 認証方法、システムおよび装置
US7574735B2 (en) Method and network element for providing secure access to a packet data network
US7382881B2 (en) Lawful interception of end-to-end encrypted data traffic
KR101343039B1 (ko) 인증 시스템, 방법 및 장치
US9264411B2 (en) Methods, apparatuses and computer program product for user equipment authorization based on matching network access technology specific identification information
US20030159067A1 (en) Method and apparatus for granting access by a portable phone to multimedia services
WO2011022999A1 (fr) Procédé et système de cryptage de données de vidéoconférence par un terminal
WO2010028681A1 (fr) Authentification dans un réseau de communication
WO2006000144A1 (fr) Procede d'identification de protocole initial de session
WO2011041962A1 (fr) Procédé et système de négociation de clé de session de bout en bout prenant en charge les interceptions légales
US20040043756A1 (en) Method and system for authentication in IP multimedia core network system (IMS)
RU2328082C2 (ru) Способ защиты трафика данных между сетью мобильной связи и сетью ims
WO2011035579A1 (fr) Procédé, système et terminal d'authentification pour un terminal d'infrastructure d'authentification et de confidentialité de réseau local sans fil (wapi) accédant à un réseau de sous-système ip multimédia (ims)
Gu et al. A green and secure authentication for the 4th generation mobile network
Werapun et al. Solution analysis for SIP security threats
Belmekki et al. Enhances security for IMS client
CN110933673B (zh) 一种ims网络的接入认证方法
TWI448128B (zh) 用於雙堆疊操作互通授權的方法及裝置
WO2008037196A1 (fr) Procédé, système et dispositif d'authentification dans un ims
WO2012072099A1 (fr) Dispositif d'authentification croisée
Βράκας Enhancing security and privacy in VoIP/IMS environments
Maachaoui et al. A secure One-way authentication protocol in IMS Context

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06840670

Country of ref document: EP

Kind code of ref document: A1