WO2007098660A1 - Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia - Google Patents
Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia Download PDFInfo
- Publication number
- WO2007098660A1 WO2007098660A1 PCT/CN2006/003628 CN2006003628W WO2007098660A1 WO 2007098660 A1 WO2007098660 A1 WO 2007098660A1 CN 2006003628 W CN2006003628 W CN 2006003628W WO 2007098660 A1 WO2007098660 A1 WO 2007098660A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- network device
- cscf
- initiation
- entity
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Definitions
- the present invention relates to the field of communication and network security technologies, and in particular, to a mutual authentication method and system for network devices in an IP Multimedia Subsystem (IMS). Background technique
- the IP Multimedia Subsystem (IMS, IP Multimedia Subsystem) is access independent.
- the network elements defined in the IMS framework include a Serving Call Session Control Function (S-CSCF), a Proxy Call Session Control Function (P-CSCF: Proxy Call Session Control Function), and an Inquiring Call Session Function Entity ( I-CSCF: Interrogating Call Session Control Function), Media Gateway Control Function (MGCF: Media Gateway Control Function), Home Subscriber Server (HSS: Home Subscriber Server), SLF (Subscription Locator Function), etc.
- S-CSCF Serving Call Session Control Function
- P-CSCF Proxy Call Session Control Function
- I-CSCF Interrogating Call Session Control Function
- MGCF Media Gateway Control Function
- HSS Home Subscriber Server
- SLF Subscriber Server
- SLF Subscriber Server
- MRFC multimedia resource function controller
- MRFP multimedia resource function processor
- Figure 1 shows an existing IMS security architecture.
- the HSS implements the authentication function between the user equipment and the S-CSCF.
- the HSS is responsible for generating the key, and the long-term key is stored in the secure memory of the user and is stored by the user's private identification (IMPI).
- IMPI user's private identification
- Each user should have only one IMPI, and there can be multiple user public identities (IMPUs) externally.
- a secure connection is required between the user terminal (UE) and the P-CSCF to ensure that the security association can provide protection for the Gm interface.
- the security association refers to the negotiation and unification of security mechanisms, parameters, etc. between two or more entities on the network
- Gm refers to the UE and Reference point between P-CSCFs.
- data source authentication should be provided, that is, to ensure that the source of the received data matches the source of its claim.
- 1, 2 is called the security of the IMS access network
- 3, 4, and 5 are the security of the functional modules in the network domain.
- IMS IMS Subscriber Identity Card
- IMS IMS Subscriber Identity Card
- UMTS- Universal Mobile Universal Mobile Telecommunications System
- the ISIM card exists on the Universal Integrated Circuit Card (UICC) chip and does not share the security function with the USIM card, but it can also be shared with the USIM.
- UICC Universal Integrated Circuit Card
- the ISIM card defined in the prior art mainly includes the following parameters:
- IMPI IM personally identifiable information
- IMPU One or more IM public identity
- a UE successfully registers with the P-CSCF another legitimate UE with a malicious purpose may attempt to masquerade as a P-CSCF to send a SIP message to the S-CSCF.
- the malicious UE can use the identity of the P-CSCF to send a message to the S-CSCF that affects other users. For example: User A is communicating with the S-CSCF through the P-CSCF, and the malicious UE now uses the identity of the P-CSCF to send a forged message "User A requests to interrupt communication".
- the S-CSCF assumes that this is User A.
- the request causes user A communication to be interrupted.
- the P-CSCF cannot generate billing information and may attack other users.
- Devices that access the S-CSCF should be strictly part of the core network devices, which only serve IMS. It should be ensured that the UE cannot directly send IP packets directly to network devices outside the IMS restrictions, that is, only IP packets can be sent to the assigned P-CSCF or server.
- Some measures are taken to prevent malicious UEs from masquerading IMS core network devices at the IP layer, especially for P-CSCF.
- the access network provides a general protection mechanism to prevent malicious UEs from IP address spoofing.
- a certain authentication method and a method for preventing BP spoofing are mainly used to implement attacks against malicious UEs.
- IPSec encapsulated security payload IPSec ESP mechanism is used between the various security domains in the IMS and between the nodes in the security domain for integrity, confidentiality, and data source authentication.
- IPSec first uses the IKE key exchange protocol to establish an SA security association.
- ESP uses various security parameters (such as encryption algorithms, key distribution, etc.) agreed upon in the SA to encrypt subsequent communications.
- IKE negotiation requires the use of a pre-shared key, which is pre-customized by both parties.
- IPSec is a protocol based on IP. For a pre-shared key, it can only be established. On the basis of the IP of the other party, this makes the pre-shared key authentication only applicable to the fixed IP address, and limits the use of the authentication method by the network device using DHCP (Dynamic Host Configuration Protocol).
- DHCP Dynamic Host Configuration Protocol
- Border routers prevent IP spoofing
- a border router is used at the reference point between the visited network and the home network. As shown in FIG. 2a, a border router is deployed between the UE and the P-CSCF when the P-CSCF belongs to the home network; as shown in FIG. 2b, when the P-CSCF belongs to the access network, the P-CSCF and the S-CSCF Deploy border routers.
- the S-CSCF provides a trust mechanism to the P-CSCF, that is, the IP of the P-CSCF is legal for the border router. Since the P-CSCF does not belong to the internal network in this case, if the UE spoofs using the IP of the P-CSCF, the border router cannot recognize it.
- Border routers can only act on external IP spoofing, and there is nothing that can be done inside the network. Summary of the invention
- the object of the present invention is to provide a mutual authentication method and system for network devices in a multimedia subsystem, so as to improve the security and reliability of the multimedia subsystem.
- An embodiment of the present invention provides a mutual authentication method for a network device in a multimedia subsystem, where an entity identity identifier of the authentication response network device is stored in the authentication response network device, and the entity identity identifier and the location are stored in the home subscriber server.
- the method comprising the following steps: the authentication initiation network device receives the service request message sent by the authentication response network device, and from the service request message Obtaining a universal resource identifier of the authentication response network device; the authentication initiation network device sends an authentication vector request to the home subscriber server, where the authentication vector request includes a universal resource identifier of the authentication response network device;
- the authentication initiation network device sends an authentication challenge to the authentication response network device, where the authentication challenge includes parameters in the authentication vector;
- the authentication response network device After receiving the authentication challenge, the authentication response network device parses the parameters in the authentication vector, performs operations according to parameters in the authentication vector, and sends the result of the operation to the Authentication initiates a network device;
- the authentication initiation network device After receiving the authentication response message, the authentication initiation network device determines whether the authentication is successful according to the content of the authentication response message; if the authentication is successful, sends an authentication success message to the authentication response network device.
- the embodiment of the present invention further provides a mutual authentication system for a network device in a multimedia subsystem, including a home user server, a first network device, and a second network device.
- the home subscriber server where the entity identity identifier of the second network device and the correspondence between the entity identity identifier and the universal resource identifier of the second network device are stored; and the authentication vector is calculated according to the entity identity identifier and Sending the authentication vector to the first network device, or sending the entity identity identifier to the first network device, where the first network device calculates an authentication vector according to the entity identity identifier;
- the first network device includes:
- An authentication information obtaining unit configured to receive and obtain a universal resource identifier of the second network device, and obtain the authentication vector calculated according to the entity identity identifier;
- An authentication information sending unit configured to send an authentication challenge to the second network device, where the authentication challenge includes the authentication vector
- An authentication determining unit configured to determine, according to the authentication response of the second network device, whether the authentication is successful
- the second network device where the entity identity of the second network device is stored, and the authentication interaction with the first network device includes:
- an authentication operation unit configured to perform an operation on the authentication vector from the first network device, and feed back the result of the operation to the first network device by using an authentication response.
- the entity identity of the authentication response network device is bound to the universal resource identifier, and the network device using DHCP (Dynamic Host Configuration Protocol) can adopt IPSec IKE.
- the border router has the ability to identify the external trusted network device, thereby solving the problem of illegally masquerading the authentication response network device regardless of whether the authentication response network device is in the internal home network or the external access network. For example, the UE illegally masquerades as a P-CSCF.
- Border routers not only protect against peripherals, but also prevent spoofing between internal network devices, such as spoofing between P-CSCFs. Thereby improving the security and reliability of the multimedia subsystem.
- FIG. 1 is a schematic diagram of an IMS security architecture in the prior art
- Figure 2a shows the deployment of the border router of the P-CSCF in the home network in the prior art
- Figure 2b shows the deployment of the border router when the P-CSCF accesses the network in the prior art
- FIG. 4 is a schematic diagram showing the generation of an authentication vector in the first embodiment of the present invention.
- FIG. 5 is a schematic diagram of an authentication algorithm according to a first embodiment of the present invention.
- FIG. 6 is a diagram showing an S-CSCF and a UE in a roaming state in a second embodiment of the present invention
- FIG. 7 is a diagram showing the S-CSCF and the UE in a roaming state in the third embodiment of the present invention.
- FIG. 8 is a diagram showing the S-CSCF and the UE in a roaming state in the fourth embodiment of the present invention.
- FIG. 9 is a structural diagram of an authentication apparatus according to an embodiment of the present invention. detailed description
- Authentication between network entities is exemplified by authentication between the P-CSCF and the S-CSCF.
- IMS defines AKA (authentication and key agreement) as two-way authentication between the user and the home network.
- AKA authentication and key agreement
- the AKA mechanism is extended between network devices The authentication is performed, and the P-CSCF and the S-CSCF in the IMS network device are mutually authenticated, thereby better solving the problem that the UE masquerades as the P-CSCF and the S-CSCF to directly send the SIP message.
- an entity identity is first stored in the P-CSCF to identify the identity of the P-CSCF, the entity identity containing the following information:
- the correspondence between the entity identity, the entity identity, and the Session Initiation Protocol Uniform Resource Identifier (SIP URI) of the P-CSCF is stored in the HSS.
- SIP URI Session Initiation Protocol Uniform Resource Identifier
- the signaling path between the UE and the S-CSCF has been established.
- the UE's location has two conditions: it is within the home network, and it is roaming.
- the authentication schemes of the S-CSCF and the P-CSCF in these two cases are described in detail below using different implementation schemes.
- the UE When the UE is in the home zone, that is, in the non-roaming state, the UE sends a SIP message INVITE to the home zone P-CSCF, including the initial session description protocol SDP.
- the initial SDP may contain one or more media descriptions.
- Next Home Zone The P-CSCF selects the location of the next hop CSCF. In the non-roaming state, the next hop is the home zone S-CSCF.
- the authentication process of the home zone S-CSCF and the home zone P-CSCF is triggered, which is similar to the AKA authentication. Referring to Figure 3, the certification process is as follows:
- Step 101 The home zone S-CSCF sends an authentication vector request to the home zone HSS, where the content of the request includes the SIP URL of the P-CSCF to be authenticated.
- Step 102 The home zone HSS queries the entity identity information of the P-CSCF according to the universal resource identifier (SIP URI) of the home zone P-CSCF that is requested to be registered, and uses the private key of the P-CSCF as the pre-shared secret.
- Key K calculates the authentication vector.
- the home area HSS generates some parameters using fl ⁇ f5 to calculate the authentication vector AV, which is a quintuple composed of RAND, XRES, CK, IK, and AUTN.
- K is the private 128-bit key of the P-CSCF, and only the P-CSCF and HSS store the key.
- SQN is a 48-bit serial number
- RAND is a 128-bit random number
- AMF is a 16-bit message authentication field
- MAC is a 64-bit message authentication code generated by function fl
- XRES is a 64-bit expected response value generated by the function
- CK is the 128-bit encryption key generated by function ⁇
- ⁇ is the 128-bit integrity key generated by function f4
- AK is the 48-bit anonymous key generated by function f5
- AUTN is the authentication token
- AV authentication vector That is, the five-tuple.
- Step 103 The home zone HSS returns the calculated authentication vector to the S-CSCF.
- Step 104 The home zone S-CSCF sends an authentication challenge to the home zone P-CSCF, including the random number RAND and the authentication token AUTN.
- Step 105 The home zone
- the P-CSCF calculates the XMAC after receiving these, and checks whether the XMAC is equal to the MAC and whether the SQN is in the correct range. If the check is successful, the P-CSCF calculates RES and calculates CK and IK:.
- Step 106 The P-CSCF sends the calculated authentication parameter to the S-CSCF through the authentication response message.
- Step 107 The S-CSCF compares the RES sent by the XRES and the P-CSCF. If the comparison is the same, the P-CSCF is successfully authenticated, and subsequent communication can be performed.
- Step 108 The S-CSCF sends an authentication success message to the P-CSCF.
- Step 109 After the authentication is completed, both parties determine that CK and IK are assigned keys.
- the authentication between the P-CSCF and the S-CSCF is completed. Subsequent session messages will be encrypted using the keys CK, IK.
- the authentication between the P-CSCF and the S-CSCF is triggered when the UE sends a message. If necessary, the S-CSCF can trigger two-way authentication between the S-CSCF and the P-CSCF.
- the identity private key K of the P-CSCF is independent of the identity of the UE, so the triggering of the authentication is not necessarily related to the UE.
- the authentication process is triggered when the roaming area P-CSCF directly requests the service from the home zone S-CSCF. See Figure 6.
- the certification process is as follows:
- Step 201 The home zone S-CSCF may query the address of the roaming zone HSS according to the SIP URI information in the P-CSCF sending message, and the home zone S-CSCF requests the P-CSCF entity identity identifier from the roaming zone HSS. 102 is similar.
- Step 202 The roaming area
- the HSS transmits the entity identity (including the identity, the private key, and the home network) of the P-CSCF to the home zone S-CSCF.
- the information is transmitted by the S-CSCF public key in the home zone and digitally signed to ensure the privacy, integrity and authenticity of the transmitted information.
- Step 203 The home zone The S-CSCF calculates an authentication vector according to the obtained entity identity.
- the authentication vector is calculated in the S-CSCF, and the authentication vector can also be calculated in the HSS.
- the authentication steps are as follows:
- the authentication process is triggered when the roaming area P-CSCF requests the service directly from the home zone S-CSCF.
- Step 301 The home zone S-CSCF may query the address of the roaming zone HSS according to the SIP URI information in the P-CSCF sending message, and the home zone S-CSCF sends an authentication vector request to the roaming zone HSS.
- Step 302 The roaming area HSS queries the entity identity information of the P-CSCF according to the universal resource identifier (SIP URI) of the home zone P-CSCF, and calculates an authentication vector according to the pre-shared key K therein.
- SIP URI universal resource identifier
- Step 303 The roaming area HSS returns the calculated authentication vector to the home zone S-CSCF.
- the transmission of information is encrypted by the public key of the home zone S-CSCF and digitally signed to ensure the privacy, integrity and authenticity of the transmitted information.
- Step 304 The home area S-CSCF and the roaming area P-CSCF complete the AKA two-way authentication, and the authentication step is similar to the steps of Embodiment 1, and will not be described again.
- the entity identity private key K can be used as a pre-shared key for IPSec to establish a security association, thus providing good compatibility.
- the authentication process is triggered when the roaming area P-CSCF directly requests the service from the home zone S-CSCF. See Figure 8.
- the certification process is as follows:
- Step 401 The home zone S-CSCF sends a request to the roaming zone S-CSCF to request authentication of the P-CSCF.
- Step 402 The roaming area S-CSCF and the P-CSCF perform AKA two-way authentication.
- Step 403 The roaming area S-CSCF transmits the identity information of the P-CSCF (including the identity identifier, the private key K, the home network) to the home zone S-CSCF, and the communication keys CK and ⁇ : obtained by the step 402 authentication.
- the information is transmitted by the S-CSCF public key in the home zone and digitally signed to ensure the privacy, integrity and authenticity of the transmitted information.
- Step 404 The S-CSCF of the home zone establishes a trust relationship with the roaming zone P-CSCF. There are two modes:
- the P-CSCF performs another authentication with the S-CSCF of the home zone.
- Roaming area P-CSCF and home area S-CSCF uses CK and IK for subsequent encrypted communication.
- AKA authentication of the scheme
- K is allocated in advance outside the network, thereby ensuring the confidentiality of K.
- AKA's results allow both parties to authenticate each other, negotiating CK and IK for subsequent sessions.
- CK is used to guarantee the confidentiality of messages; IK is used to guarantee integrity.
- a mutual authentication system for a network device in a multimedia subsystem is further provided.
- an authentication response network device 910 and an authentication initiation network device 920 are provided.
- the home server 930, the authentication initiating network device 910 includes an authentication information acquiring unit 911, an authentication challenge sending unit 912, and an authentication determining unit 913, where the authentication response network device 920 includes an authentication computing unit 921, the authentication response network.
- the device 920 is provided with an entity identity identifier of the authentication response network device, and the entity identity identifier and the corresponding relationship between the entity identity identifier and the universal resource identifier of the authentication response network device are set in the home subscriber server.
- the authentication information acquiring unit 911 is configured to authenticate the initiating network device to obtain an authentication vector, and the response network device 920 sends an authentication challenge, where the authentication challenge content includes the authentication vector;
- the authentication operation unit 921 is configured to: after the authentication response network device 920 receives the authentication challenge, parse the authentication vector, perform an operation according to the authentication vector, and use the authentication determining unit 913 for the After the authentication initiation network device receives the authentication response, the content of the authentication response determines whether the authentication is successful.
- the authentication initiation network device 910 may be an S-CSCF, and the authentication response network device 920 may be a P-CSCF.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
L'invention concerne un procédé et un système d'authentification d'entités de réseau dans un sous-système multimédia IP (IMS). Ce procédé comprend: le calcul d'un vecteur d'authentification (AV) en fonction du rapport entre l'identificateur d'identité de l'entité et l'identificateur de ressource uniforme et ledit identificateur d'identité de l'entité; l'acquisition par l'entité d'initiation d'authentification dudit AV; l'envoi, par ladite entité d'initiation d'authentification, d'une demande d'authentification contenant des paramètres dans le vecteur d'authentification, à l'entité de réponse d'authentification; le calcul, par ladite entité de réponse d'authentification, en fonction des paramètres contenus dans le vecteur d'authentification, et l'envoi, de résultats à ladite entité d'initiation d'authentification via un message de réponse d'authentification, afin que l'authentification soit terminée. Un système d'authentification d'entité de réseau correspondant comprend une entité de réponse d'authentification, une entité d'initiation d'authentification et un serveur d'abonné domestique, ainsi qu'une unité d'acquisition d'AV, une unité d'envoi de demande d'authentification, une unité de calcul d'authentification et une unité de détermination d'authentification. L'invention permet de résoudre le problème de sécurité entre des entités de réseau rencontré dans les antériorités et d'augmenter la fiabilité des lMS. Par ailleurs, le traitement d'authentification est simple et adapté au service de communication en temps réel.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200610057977A CN101030854B (zh) | 2006-03-02 | 2006-03-02 | 多媒体子系统中网络实体的互认证方法及装置 |
CN200610057977.2 | 2006-03-02 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007098660A1 true WO2007098660A1 (fr) | 2007-09-07 |
Family
ID=38458648
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2006/003628 WO2007098660A1 (fr) | 2006-03-02 | 2006-12-27 | Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101030854B (fr) |
WO (1) | WO2007098660A1 (fr) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964950A (zh) * | 2010-11-04 | 2011-02-02 | 哈尔滨工业大学 | 基于td-lte的宽带多媒体集群系统集群调度服务器的鉴权方法 |
CN102622691A (zh) * | 2012-01-25 | 2012-08-01 | 任明和 | 实现商品分步防伪和网络身份鉴权的方法 |
CN111464306A (zh) * | 2019-01-18 | 2020-07-28 | 中兴通讯股份有限公司 | 认证处理方法、装置、存储介质及电子装置 |
WO2020199785A1 (fr) * | 2019-03-29 | 2020-10-08 | 华控清交信息科技(北京)有限公司 | Procédé de traitement et procédé de calcul de données privées, et dispositif applicable |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8265593B2 (en) * | 2007-08-27 | 2012-09-11 | Alcatel Lucent | Method and system of communication using extended sequence number |
CN101527632B (zh) * | 2008-03-06 | 2011-12-28 | 华为技术有限公司 | 响应消息认证方法、装置及系统 |
US20090259851A1 (en) | 2008-04-10 | 2009-10-15 | Igor Faynberg | Methods and Apparatus for Authentication and Identity Management Using a Public Key Infrastructure (PKI) in an IP-Based Telephony Environment |
CN101610509B (zh) * | 2008-06-16 | 2011-12-21 | 华为技术有限公司 | 一种保护通信安全的方法、装置及系统 |
CN102457560B (zh) * | 2010-10-29 | 2016-03-30 | 中兴通讯股份有限公司 | 一种云计算的安全管理方法和系统 |
CN103179558B (zh) | 2012-09-20 | 2016-06-22 | 中兴通讯股份有限公司 | 集群系统组呼加密实现方法及系统 |
CN107113610A (zh) * | 2014-12-02 | 2017-08-29 | 华为技术有限公司 | 一种无线通信网络中的鉴权方法、相关装置及系统 |
CN104486352A (zh) * | 2014-12-24 | 2015-04-01 | 大唐移动通信设备有限公司 | 一种安全算法发送、安全鉴权方法及装置 |
CN106162635A (zh) * | 2015-04-01 | 2016-11-23 | 北京佰才邦技术有限公司 | 用户设备的认证方法和装置 |
CN108989318B (zh) * | 2018-07-26 | 2020-12-29 | 中国电子科技集团公司第三十研究所 | 一种面向窄带物联网的轻量化安全认证及密钥交换方法 |
CN109688141A (zh) * | 2018-12-27 | 2019-04-26 | 杭州翼兔网络科技有限公司 | 一种生理参数数据加密传输方法 |
CN116091260B (zh) * | 2023-04-07 | 2023-07-25 | 吕梁学院 | 一种基于Hub-node节点的跨域实体身份关联方法及系统 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004054302A1 (fr) * | 2002-12-09 | 2004-06-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Enregistrements simultanes d'un utilisateur dans des serveurs de services differents par des numeros d'appels differents |
CN1606892A (zh) * | 2001-11-05 | 2005-04-13 | 高通股份有限公司 | 用于cdma通信系统中消息整体性的方法和装置 |
CN1697368A (zh) * | 2005-06-20 | 2005-11-16 | 中兴通讯股份有限公司 | 一种基于tls的ip多媒体子系统接入安全保护方法 |
-
2006
- 2006-03-02 CN CN200610057977A patent/CN101030854B/zh not_active Expired - Fee Related
- 2006-12-27 WO PCT/CN2006/003628 patent/WO2007098660A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1606892A (zh) * | 2001-11-05 | 2005-04-13 | 高通股份有限公司 | 用于cdma通信系统中消息整体性的方法和装置 |
WO2004054302A1 (fr) * | 2002-12-09 | 2004-06-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Enregistrements simultanes d'un utilisateur dans des serveurs de services differents par des numeros d'appels differents |
CN1697368A (zh) * | 2005-06-20 | 2005-11-16 | 中兴通讯股份有限公司 | 一种基于tls的ip多媒体子系统接入安全保护方法 |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964950A (zh) * | 2010-11-04 | 2011-02-02 | 哈尔滨工业大学 | 基于td-lte的宽带多媒体集群系统集群调度服务器的鉴权方法 |
CN102622691A (zh) * | 2012-01-25 | 2012-08-01 | 任明和 | 实现商品分步防伪和网络身份鉴权的方法 |
CN102622691B (zh) * | 2012-01-25 | 2015-11-18 | 杭州易网新科技有限公司 | 实现商品分步防伪和网络身份鉴权的方法 |
CN111464306A (zh) * | 2019-01-18 | 2020-07-28 | 中兴通讯股份有限公司 | 认证处理方法、装置、存储介质及电子装置 |
CN111464306B (zh) * | 2019-01-18 | 2022-12-02 | 中兴通讯股份有限公司 | 认证处理方法、装置、存储介质及电子装置 |
WO2020199785A1 (fr) * | 2019-03-29 | 2020-10-08 | 华控清交信息科技(北京)有限公司 | Procédé de traitement et procédé de calcul de données privées, et dispositif applicable |
CN111753324A (zh) * | 2019-03-29 | 2020-10-09 | 华控清交信息科技(北京)有限公司 | 私有数据的处理方法、计算方法及所适用的设备 |
CN111753324B (zh) * | 2019-03-29 | 2024-02-09 | 华控清交信息科技(北京)有限公司 | 私有数据的处理方法、计算方法及所适用的设备 |
Also Published As
Publication number | Publication date |
---|---|
CN101030854A (zh) | 2007-09-05 |
CN101030854B (zh) | 2010-05-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007098660A1 (fr) | Procédé et système d'authentification d'entités de réseau dans un sous-système multimédia | |
US10284555B2 (en) | User equipment credential system | |
US8335487B2 (en) | Method for authenticating user terminal in IP multimedia sub-system | |
JP5709322B2 (ja) | 認証方法、システムおよび装置 | |
US7574735B2 (en) | Method and network element for providing secure access to a packet data network | |
US7382881B2 (en) | Lawful interception of end-to-end encrypted data traffic | |
KR101343039B1 (ko) | 인증 시스템, 방법 및 장치 | |
US9264411B2 (en) | Methods, apparatuses and computer program product for user equipment authorization based on matching network access technology specific identification information | |
US20030159067A1 (en) | Method and apparatus for granting access by a portable phone to multimedia services | |
WO2011022999A1 (fr) | Procédé et système de cryptage de données de vidéoconférence par un terminal | |
WO2010028681A1 (fr) | Authentification dans un réseau de communication | |
WO2006000144A1 (fr) | Procede d'identification de protocole initial de session | |
WO2011041962A1 (fr) | Procédé et système de négociation de clé de session de bout en bout prenant en charge les interceptions légales | |
US20040043756A1 (en) | Method and system for authentication in IP multimedia core network system (IMS) | |
RU2328082C2 (ru) | Способ защиты трафика данных между сетью мобильной связи и сетью ims | |
WO2011035579A1 (fr) | Procédé, système et terminal d'authentification pour un terminal d'infrastructure d'authentification et de confidentialité de réseau local sans fil (wapi) accédant à un réseau de sous-système ip multimédia (ims) | |
Gu et al. | A green and secure authentication for the 4th generation mobile network | |
Werapun et al. | Solution analysis for SIP security threats | |
Belmekki et al. | Enhances security for IMS client | |
CN110933673B (zh) | 一种ims网络的接入认证方法 | |
TWI448128B (zh) | 用於雙堆疊操作互通授權的方法及裝置 | |
WO2008037196A1 (fr) | Procédé, système et dispositif d'authentification dans un ims | |
WO2012072099A1 (fr) | Dispositif d'authentification croisée | |
Βράκας | Enhancing security and privacy in VoIP/IMS environments | |
Maachaoui et al. | A secure One-way authentication protocol in IMS Context |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06840670 Country of ref document: EP Kind code of ref document: A1 |