WO2017006696A1 - Sip制御装置、移動通信システム及び通信制御方法 - Google Patents
Sip制御装置、移動通信システム及び通信制御方法 Download PDFInfo
- Publication number
- WO2017006696A1 WO2017006696A1 PCT/JP2016/067235 JP2016067235W WO2017006696A1 WO 2017006696 A1 WO2017006696 A1 WO 2017006696A1 JP 2016067235 W JP2016067235 W JP 2016067235W WO 2017006696 A1 WO2017006696 A1 WO 2017006696A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- user device
- user
- cscf
- completed
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M11/00—Telephonic communication systems specially adapted for combination with other electrical systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1016—IP multimedia subsystem [IMS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/08—Upper layer protocols
- H04W80/10—Upper layer protocols adapted for application session management, e.g. SIP [Session Initiation Protocol]
Definitions
- the present invention relates to a SIP control device, a mobile communication system, and a communication control method.
- the mobile communication system is realized by a wireless network including a base station device and a core network including an exchange.
- standard specifications of a communication method and a communication interface in a mobile communication system are defined by a third generation partnership project (3GPP: The 3rd Generation Generation Partnership Project).
- IMS IP Multimedia Subsystem
- IMS IP Multimedia Subsystem
- VoIP Voice over LTE
- EPC Evolved Packet Core
- the authentication process performed in the IMS is redundant. That is, in the current 3GPP standard specifications, it is considered that authentication processing is performed repeatedly for the same user device, which is not efficient. If the authentication process performed in IMS can be omitted, it is possible to realize a reduction in connection delay and a reduction in processing load.
- the disclosed technique has been made in view of the above, and an object of the present invention is to provide a technique for preventing duplicate authentication processing from being performed on an already authenticated user apparatus in IMS.
- a SIP control device is connected to a management device that manages a call processing policy in an IP network, and is a SIP control device that controls a voice call transmitted from a user device, and receives a call connection request from the user device.
- a determination unit that determines whether or not authentication of the user device is completed by making an inquiry to the management device when received, and when it is determined that authentication of the user device is completed,
- a call processing unit that performs call connection processing without authenticating the user device.
- a technology that prevents duplicate authentication processing from being performed on a user device that has already been authenticated in IMS.
- LTE is not only a communication system corresponding to Release 8 or 9 of 3GPP, but also a communication system corresponding to Release 10, 11, 12 or 13 or later of 3GPP. Used in a broad sense including.
- FIG. 1 is a diagram illustrating an example of a system configuration of a mobile communication system according to an embodiment.
- the mobile communication system according to the present embodiment includes a user apparatus 1, an eNB (evolved Node B) 2, an MME (Mobility Management Entity) 3, an SGW (Serving Gateway) 4, and a PGW ( Packet Data Network Gateway) 5, PCRF (Policy and Charging Rules Function) 6, P-CSCF (Proxy-Call Session Control Function) 7, I-CSCF (Interrogating Call Session Control Function) 8, and S-CSCF ( Serving Call Session Control Function) 9 and HSS (Home Subscriber Server) 10.
- eNB evolved Node B
- MME Mobility Management Entity
- SGW Serving Gateway
- PGW Packet Data Network Gateway
- PCRF Policy and Charging Rules Function
- P-CSCF Proxy-Call Session Control Function
- I-CSCF Interrogating Call Session Control Function
- S-CSCF Serving Call Session Control Function
- MME3, SGW4, PGW5 and PCRF6 are devices belonging to EPC.
- P-CSCF 7, I-CSCF 8, and S-CSCF 9 are devices belonging to IMS.
- GTP GPRS Tunneling Protocol
- PMIP Proxy Mobile IP
- User device 1 has a function of communicating with each device belonging to eNB 2, EPC, and IMS through radio.
- the user device 1 is, for example, a mobile phone, a smartphone, a tablet, a mobile router, a personal computer, a wearable terminal, or the like.
- the user device 1 may be any user device 1 as long as the device has a communication function.
- ENB2 is a base station in LTE, and communicates with the user apparatus 1 through radio. Also, the eNB 2 is directly connected to the MME 3 and the SGW 4, and a C-Plane signal transmitted / received between the user apparatus 1 and the MME 3 and a U-plane signal transmitted / received between the user apparatus 1 and the SGW 4 Relay.
- the MME 3 is an apparatus that is connected to the eNB 2 and the SGW 4 and provides the mobility control function of the user apparatus 1 and the EPC bearer control function of the SGW 4.
- the SGW 4 is a visited packet switch, and relays a U-plane signal between the eNB 2 and the PGW 5.
- the PGW 5 is a gateway device for the EPC to connect to an external network (IMS in the example of FIG. 1), and issues an IP address to the user device 1.
- the PCRF 6 is a device having policy control and charging control functions based on QoS (Quality of Service) settings of EPC bearers, subscriber information, and the like.
- the PCRF 6 performs various functions by the PCRF 6 such as a user identifier (IMSI (International Mobile Subscriber Identifier), MSISDN (Mobile Station International Subscriber Directory Number), IP address, IMEI, for uniquely identifying the user apparatus 1. (International Mobile Equipment Identity) etc.).
- IMSI International Mobile Subscriber Identifier
- MSISDN Mobile Station International Subscriber Directory Number
- IP address IP address
- IMEI for uniquely identifying the user apparatus 1. (International Mobile Equipment Identity) etc.).
- the P-CSCF 7 is a SIP (Session Initiation Protocol) relay server arranged at a connection point with the EPC. Further, the P-CSCF 7 not only simply relays the SIP signal but also has a function of instructing EPC (particularly the PCRF 6) to perform bearer control such as QoS / new bearer setting.
- the I-CSCF 8 is the first gateway SIP server connected from another network at the time of interconnection / roaming. It also has a function of relaying the SIP signal received from the P-CSCF 7 to an appropriate S-CSCF 9.
- the S-CSCF 9 is a SIP server having a session control for the user device 1 and a function for authenticating the user device 1. In the 3GPP specification, the P-CSCF 7 can also authenticate the user apparatus 1.
- the mobile communication system operates such that the authentication process performed in the IMS is skipped when the authentication performed when the user apparatus 1 is attached to the EPC is completed. Thereby, for example, when VoLTE is provided, it is possible to omit the authentication process performed in IMS, and to realize shortening of connection delay and reduction of processing load.
- the IMS can simultaneously connect networks other than EPC in addition to EPC.
- the mobile communication system in the embodiment skips authentication for the user apparatus 1 that accesses the IMS via the EPC, and accesses the IMS via a network other than the EPC (for example, a wireless LAN).
- the operation of the device 1 can be switched to perform authentication.
- FIG. 2 is a diagram illustrating an example of a functional configuration of the MME according to the embodiment.
- the MME 3 includes a signal reception unit 11, a signal transmission unit 12, and an authentication result holding unit 13.
- FIG. 2 shows only functional units particularly related to the embodiment of the present invention in the MME 3, and also has a function (not shown) for performing an operation based on at least LTE.
- the functional configuration shown in FIG. 2 is only an example. As long as the operation according to the present embodiment can be executed, the function classification and the name of the function unit may be anything.
- the signal reception unit 11 and the signal transmission unit 12 have a function of transmitting and receiving various signals (messages) to and from the user apparatus 1, eNB 2, SGW 4 or HSS 10 and performing necessary call processing.
- the signal receiving unit 11 and the signal transmitting unit 12 have a function of authenticating the user device 1 by an AKA authentication method described later.
- the authentication result holding unit 13 has a function of holding whether or not the authentication of the user device 1 is completed (or whether the authentication is successful).
- the authentication result holding unit 13 has a function of notifying the signal transmission unit 12 whether or not the authentication of the user device 1 is completed (or authentication is successful) in response to a request from the signal transmission unit 12. .
- FIG. 3 is a diagram illustrating an example of a functional configuration of the PCRF according to the embodiment.
- the PCRF 6 includes a signal reception unit 21, a signal transmission unit 22, and a user information holding unit 23.
- FIG. 3 shows only functional units particularly relevant to the embodiment of the present invention in the PCRF 6, and has at least a function (not shown) for performing an operation based on LTE. Further, the functional configuration shown in FIG. 3 is merely an example. As long as the operation according to the present embodiment can be executed, the function classification and the name of the function unit may be anything.
- the signal receiving unit 21 and the signal transmitting unit 22 have a function of transmitting / receiving various signals (messages) to / from the SGW 4, PGW 5, P-CSCF 7 or HSS 10 and performing necessary call processing.
- the user information holding unit 23 has a function of holding information related to the user device 1.
- the information related to the user device 1 includes at least a flag indicating that the authentication of the user device 1 is completed (hereinafter referred to as “authentication completion flag”) and a user identifier (for example, associated with the authentication completion flag). IMSI etc.). Note that the authentication completion flag may be called an “Access Permitted” flag.
- FIG. 4 is a diagram illustrating an example of a functional configuration of the P-CSCF according to the embodiment.
- the P-CSCF 7 includes a signal reception unit 31, a signal transmission unit 32, a determination unit 33, and an authentication processing unit 34.
- FIG. 4 shows only functional units particularly related to the embodiment of the present invention in the P-CSCF 7, and has at least a function (not shown) for performing an operation based on LTE.
- the functional configuration shown in FIG. 4 is only an example. As long as the operation according to the present embodiment can be executed, the function classification and the name of the function unit may be anything.
- the signal receiving unit 31 and the signal transmitting unit 32 have a function of transmitting and receiving various signals (messages) to and from the PGW 5, PCRF 6, I-CSCF 8, S-CSCF 9, or HSS 10 and performing call connection processing in IMS.
- the signal receiving unit 31 and the signal transmitting unit 32 have a function of authenticating the user device 1 by an AKA authentication method described later.
- the determination unit 33 has a function of determining whether or not the authentication of the user device 1 has been completed by inquiring of the PCRF 6 when a call connection request (SIP Register) is received from the user device 1.
- the determination unit 33 determines that the authentication of the user device 1 is completed when the signal received from the PCRF 6 includes the authentication completion flag, and the signal received from the PCRF 6 includes the authentication completion flag. If not, it may be determined that the authentication of the user device 1 has not been completed.
- the authentication processing unit 34 has a function of authenticating the user device 1 when the determination unit 33 determines that the authentication of the user device 1 is not completed.
- the signal receiving unit 31, the signal transmitting unit 32, and the authentication processing unit 34 may be collectively referred to as a call processing unit.
- FIG. 5 is a diagram illustrating an example of a functional configuration of the S-CSCF according to the embodiment.
- the S-CSCF 9 includes a signal reception unit 41, a signal transmission unit 42, a determination unit 43, and an authentication processing unit 44.
- FIG. 5 shows only functional units particularly related to the embodiment of the present invention in the S-CSCF 9, and has at least a function (not shown) for performing an operation based on LTE.
- the functional configuration shown in FIG. 5 is only an example. As long as the operation according to the present embodiment can be executed, the function classification and the name of the function unit may be anything.
- the signal receiving unit 41 and the signal transmitting unit 42 have a function of transmitting and receiving various signals (messages) to and from the PCRF 6, P-CSCF 7, I-CSCF 8, or HSS 10 and performing call connection processing in IMS.
- the signal reception unit 41 and the signal transmission unit 42 have a function of authenticating the user device 1 by an AKA authentication method described later.
- the signal receiving unit 41, the signal transmitting unit 42, and the authentication processing unit 44 may be collectively referred to as a call processing unit.
- each functional block may be realized by one device physically and / or logically coupled, and two or more devices physically and / or logically separated may be directly and / or indirectly. (For example, wired and / or wireless) and may be realized by these plural devices.
- the MME 3, the PCRF 6, the P-CSCF 7, and the S-CSCF 9 in the embodiment may function as a computer that performs processing of the wireless communication method of the present invention.
- FIG. 6 is a diagram illustrating an example of a hardware configuration of the MME 3, the PCRF 6, the P-CSCF 7, and the S-CSCF 9 according to the embodiment.
- the above-mentioned MME3, PCRF6, P-CSCF7 and S-CSCF9 are physically configured as a computer device including a processor 1001, a memory 1002, a storage 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like. May be.
- the term “apparatus” can be read as a circuit, a device, a unit, or the like.
- the hardware configuration of MME3, PCRF6, P-CSCF7, and S-CSCF9 may be configured to include one or a plurality of the devices shown in the figure, or may be configured not to include some devices. Good.
- the functions of the MME3, PCRF6, P-CSCF7, and S-CSCF9 are performed by the processor 1001 performing calculations by reading predetermined software (programs) on hardware such as the processor 1001 and the memory 1002, and the communication apparatus 1004 This is realized by controlling communication, reading and / or writing of data in the memory 1002 and the storage 1003.
- the processor 1001 controls the entire computer by operating an operating system, for example.
- the processor 1001 may be configured by a central processing unit (CPU) including an interface with peripheral devices, a control device, an arithmetic device, a register, and the like.
- CPU central processing unit
- the signal reception unit 11, the signal transmission unit 12, and the authentication result holding unit 13 of the MME 3, the signal reception unit 21 of the PCRF 6, the signal transmission unit 22, the user information holding unit 23, and the signal reception unit 31 of the P-CSCF 7 The signal transmission unit 32, the determination unit 33, the authentication processing unit 34, the signal reception unit 41 of the S-CSCF 9, the signal transmission unit 42, the determination unit 43, and the authentication processing unit 44 may be realized by the processor 1001. Good.
- the processor 1001 reads a program (program code), software module, or data from the storage 1003 and / or the communication device 1004 to the memory 1002, and executes various processes according to these.
- program program code
- software module software module
- data data from the storage 1003 and / or the communication device 1004 to the memory 1002, and executes various processes according to these.
- program a program that causes a computer to execute at least a part of the operations described in the embodiment is used.
- the signal transmission unit 32, the determination unit 33, and the authentication processing unit 34, the signal reception unit 41 of the S-CSCF 9, the signal transmission unit 42, the determination unit 43, and the authentication processing unit 44 are stored in the memory 1002, and are stored in the processor. It may be realized by a control program operating in 1001, and may be realized in the same manner for other functional blocks. Although the above-described various processes have been described as being executed by one processor 1001, they may be executed simultaneously or sequentially by two or more processors 1001. The processor 1001 may be implemented by one or more chips. Note that the program may be transmitted from a network via a telecommunication line.
- the memory 1002 is a computer-readable recording medium, and includes, for example, at least one of ROM (Read Only Memory), EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), RAM (Random Access Memory), and the like. May be.
- the memory 1002 may be called a register, a cache, a main memory (main storage device), or the like.
- the memory 1002 can store a program (program code), a software module, and the like that can be executed to implement the wireless communication method according to the embodiment.
- the storage 1003 is a computer-readable recording medium such as an optical disk such as a CD-ROM (Compact Disc ROM), a hard disk drive, a flexible disk, a magneto-optical disk (for example, a compact disk, a digital versatile disk, a Blu-ray). (Registered trademark) disk, smart card, flash memory (for example, card, stick, key drive), floppy (registered trademark) disk, magnetic strip, and the like.
- the storage 1003 may be referred to as an auxiliary storage device.
- the storage medium described above may be, for example, a database, server, or other suitable medium including the memory 1002 and / or the storage 1003.
- the communication device 1004 is hardware (transmission / reception device) for performing communication between computers via a wired and / or wireless network, and is also referred to as a network device, a network controller, a network card, a communication module, or the like.
- a network device for example, the signal reception unit 11 and signal transmission unit 12 of the MME 3, the signal reception unit 21 and signal transmission unit 22 of the PCRF 6, the signal reception unit 31 and signal transmission unit 32 of the P-CSCF 7, the signal reception unit 41 and signal of the S-CSCF 9
- the transmission unit 42 may be realized by the communication device 1004.
- the input device 1005 is an input device (for example, a keyboard, a mouse, a microphone, a switch, a button, a sensor, etc.) that accepts an input from the outside.
- the output device 1006 is an output device (for example, a display, a speaker, an LED lamp, etc.) that performs output to the outside.
- the input device 1005 and the output device 1006 may have an integrated configuration (for example, a touch panel).
- each device such as the processor 1001 and the memory 1002 is connected by a bus 1007 for communicating information.
- the bus 1007 may be configured with a single bus or may be configured with different buses between apparatuses.
- MME3, PCRF6, P-CSCF7 and S-CSCF9 are microprocessors, digital signal processors (DSPs), ASICs (Application Specific Integrated Circuits), PLDs (Programmable Logic Devices), FPGAs (Field Programmable Gate Arrays). ) Etc., and a part or all of each functional block may be realized by the hardware.
- the processor 1001 may be implemented by at least one of these hardware.
- FIG. 7 is a sequence diagram illustrating an example of a processing procedure when the user apparatus attaches to the EPC.
- FIG. 8 is a sequence diagram illustrating an example of a processing procedure when the user apparatus attached to the EPC accesses the IMS.
- the user apparatus 1 transmits an Attach Request to the MME in order to attach to the EPC (S101).
- the MME 3 transmits an Identity request to the user apparatus 1 (S102).
- the user apparatus 1 transmits Identity Response to the MME 3 in order to notify the IMSI to the MME 3.
- the MME 3 acquires an authentication vector (Authentication Vector) from the HSS 10 and transmits a random number (RAND: Number) included in the acquired authentication vector to the user apparatus 1.
- the user apparatus 1 inputs a random number or the like to a SIM (Subscriber Identity Module), and transmits a RES (Response) output from the SIM to the MME 3.
- the MME 3 authenticates the user apparatus 1 by determining whether the RES received from the user apparatus 1 matches an XRES (Expected Response) included in the authentication vector, and generates a secret key and an integrity key.
- This authentication method is an authentication method called AKA (Authentication and Key Agreement). Note that the authentication result holding unit 13 of the MME 3 stores the authentication result of the user device 1.
- the MME 3 transmits a Ciphered Options Request to the user apparatus 1 (S105). Subsequently, the user apparatus 1 transmits Ciphered Option (PCO or APN) to the MME 3 (S106).
- Ciphered Option PCO or APN
- the MME 3 transmits an Update Location Request to the HSS 10 in order to notify the HSS 10 of various identifiers related to the MME 3 itself (S107).
- the HSS 10 transmits Update Location Acknowledgement to the MME3 in order to notify the MME3 that the Update Location Request has been recognized (S108).
- the MME 3 transmits UE Radio Capability Match Request to the user device 1 in order to confirm the capability of the user device 1 (for example, whether it is compatible with VoLTE) (S109).
- the user device 1 transmits UE Radio Capability Match Response and UE Radio Capability Info Indication to the MME 3 (S110, S111).
- the MME 3 sends a Create Session Request to the SGW 4 in order to set up a bearer between the user apparatus 1 and the IMS (S112).
- the Create Session Request signal includes at least the user identifier of the user device 1 and the authentication completion flag.
- An example of an information element (IE: Information Element) included in the Create Session request is shown in FIG. In FIG. 9, the authentication completion flag corresponds to “Access Permitted”.
- the SGW 4 transmits a Create Session Request to the PGW 5 (S113).
- the Create Session Request signal includes at least the user identifier of the user device 1 and an authentication completion flag.
- An example of an information element (IE: Information Element) included in the Create Session request is shown in FIG. In FIG. 9, the authentication completion flag corresponds to “Access Permitted”.
- the PGW 5 transmits an authentication completion flag notification signal to the PCRF 6.
- the authentication completion flag notification signal includes at least the user identifier of the user device 1 and the authentication completion flag.
- the user information holding unit 23 of the PCRF 6 stores the user identifier received from the PGW 5 and the authentication completion flag in association with each other.
- the authentication completion flag notification signal may be a Diameter signal used for the Gx reference point.
- the authentication completion flag notification signal may be, for example, an IP-CAN Session Establish signal.
- the PGW 5 sends Create Session Response to the SGW3 (S115), and the SGW4 sends Create Session Response to the MME3 (S116).
- the MME 3 transmits Attach Accept to the user apparatus 1 (S117).
- the user device 1 transmits Attach Complete to the MME 3 (S118).
- processing procedure when the user apparatus 1 attaches to the EPC has been described with reference to FIG. 7, but the processing procedure at the time of attachment shown in FIG. 7 is merely an example, and the processing procedure of steps S112 to S114 is performed. If the authentication completion flag is notified from the MME 3 to the PCRF 6, a processing procedure different from that in FIG. 7 may be used. Moreover, the processing procedure of step S112 thru
- SGW4Create Session Request is sent from MME3
- Modify Bearer Request is sent from SGW4 to PGW5
- IP-CAN from PGW5 to PCRF6 Session Establish is transmitted, but the user identifier and the authentication completion flag may be notified from the MME 3 to the PCRF 6 using these signals.
- the user apparatus 1 is authenticated by one of the P-CSCF 7 and the S-CSCF 9. Whether the P-CSCF 7 or the S-CSCF 9 performs the authentication is determined by an operator policy, presence / absence of roaming, and the like.
- the processing procedure excluding steps S 212 to S 217 in FIG. 8 is executed, and when the user apparatus 1 is authenticated by the S-CSCF 9, A processing procedure excluding steps S202 to S207 is executed.
- the user device 1 transmits a SIP register to the P-CSCF 7 (S201).
- the P-CSCF 7 transmits a user information request signal to the PCRF 6 in order to confirm whether the authentication of the user device 1 is completed (S202).
- the user information request signal includes a user identifier (such as IMSI).
- the PCRF 6 displays the authentication completion flag. Is transmitted to the P-CSCF 7 (S203).
- the PCRF 6 sets the authentication completion flag.
- a user information response signal not included is transmitted to the P-CSCF 7.
- the user information response signal instead of the authentication completion flag, information indicating whether or not the authentication of the user device 1 is completed (for example, “1” when the authentication is completed, authentication is completed). In the case where there is no such information, information in which “0” is set may be included.
- the user information request signal and the user information response signal may be Diameter signals used for Rx reference points.
- the determination unit 33 of the P-CSCF 7 determines whether or not the authentication of the user device 1 is completed based on the user information response signal received in step S203 (S204).
- the determination unit 33 may determine whether or not the authentication of the user device 1 is completed depending on whether or not an authentication completion flag is included in the user information response signal.
- the P-CSCF 7 When the authentication of the user device 1 is completed, the P-CSCF 7 skips the processing procedure from step S205 to step S207 and proceeds to the processing procedure of step S208. When the authentication of the user device 1 is not completed, the P-CSCF 7 authenticates the user device 1 according to the processing procedure from step S205 to step S207.
- step S205 the P-CSCF 7 transmits Cx put / Cx Pull to the HSS10. Subsequently, an authentication process is performed among the user apparatus 1, the P-CSCF 7, and the HSS 10 (S206).
- the authentication method performed in step S206 is the same as the above-described AKA authentication method. That is, the authentication processing unit 34 of the P-CSCF 7 authenticates the user device 1 by comparing the RES received from the user device 1 with the XRES included in the authentication vector acquired from the HSS 10. Subsequently, the HSS 10 transmits Cx put Response / Cx Pull Response to the P-CSCF 7 (S207).
- the P-CSCF 7 transmits a SIP register to the I-CSCF 8 (S208).
- the I-CSCF 8 transmits Cx-Query / Cx-Select-Pull to the HSS 10 in order to grasp the S-CSCF 9 that transmits the SIP-Register (S209).
- the HSS 10 transmits Cx-Query Response / Cx-Select-Pull Response including information indicating the transfer destination S-CSCF to the I-CSCF 8 (S210).
- the I-CSCF 8 transmits a SIP register to the S-CSCF 9 instructed in the processing procedure of Step S210 (S211).
- the S-CSCF 9 transmits a user information request signal to the PCRF 6 in order to confirm whether the authentication of the user device 1 is completed (S212).
- the user equipment information request signal includes a user identifier (such as IMSI).
- the PCRF 6 displays the authentication completion flag. Is transmitted to the S-CSCF 9 (S213).
- the PCRF 6 sets the authentication completion flag.
- a user information response signal not included is transmitted to the S-CSCF 9.
- the user information response signal may include information indicating whether or not the authentication of the user device 1 has been completed, instead of the authentication completion flag.
- the user information request signal and the user information response signal may be Diameter signals used for Rx reference points.
- the determination unit 43 of the S-CSCF 9 determines whether or not the authentication of the user device 1 is completed based on the user information response signal received in step S213 (S214).
- the determination unit 43 may determine whether or not the authentication of the user device 1 has been completed based on whether or not an authentication completion flag is included in the user information response signal.
- the S-CSCF 9 When the authentication of the user device 1 is completed, the S-CSCF 9 skips the processing procedure from step S215 to step S217 and proceeds to the processing procedure of step S218. If the authentication of the user device 1 is not completed, the S-CSCF 9 authenticates the user device 1 according to the processing procedure from step S215 to step S217.
- step S215 the S-CSCF 9 transmits Cx put / Cx Pull to the HSS10. Subsequently, an authentication process is performed among the user apparatus 1, the S-CSCF 9, and the HSS 10 (S216).
- the authentication method performed in step S216 is the same as the above-described AKA authentication method. That is, the authentication processing unit 44 of the S-CSCF 9 authenticates the user device 1 by comparing the RES received from the user device 1 with the XRES included in the authentication vector acquired from the HSS 10. Subsequently, the HSS 10 transmits Cx put Response / Cx Pull Response to the S-CSCF 9 (S217).
- SIP 200 OK is transmitted from the S-CSCF 9 to the user apparatus 1 (S218, S219, S220), and the user apparatus 1 is registered in the IMS.
- the SIP control apparatus is connected to a management apparatus that manages call processing rules in an IP network and controls a voice call transmitted from a user apparatus.
- a determination unit that determines whether or not authentication of the user device is completed by making an inquiry to the management device when received, and when it is determined that authentication of the user device is completed,
- a SIP control device is provided that includes a call processing unit that performs call connection processing without authenticating the user device. This SIP control device provides a technique for preventing duplicate authentication processing from being performed on a user device that has already been authenticated in IMS.
- the determination unit determines that the authentication of the user device is completed when a predetermined flag is included in the signal received from the management device, and the predetermined flag is included in the signal received from the management device. If the user apparatus is not included, it may be determined that the authentication of the user device is not completed. As a result, the P-CSCF 7 or the S-CSCF 9 only needs to determine the presence or absence of a predetermined flag (authentication completion flag), and thus it is possible to easily determine whether or not the user apparatus 1 is authenticated. .
- a mobile communication system having a management device that manages call processing rules in an IP network, a switching device, and a SIP control device that controls a voice call transmitted from a user device,
- the exchange has a notification unit that notifies the management device that the authentication is completed when the authentication with the user device is completed, and the SIP control device receives a call connection request from the user device.
- a determination unit that determines whether or not authentication of the user device is completed by making an inquiry to the management device when received, and when it is determined that authentication of the user device is completed,
- a mobile communication system including a call processing unit that performs call connection processing without authenticating a user apparatus. This mobile communication system provides a technique for preventing duplicate authentication processing from being performed on a user device that has already been authenticated in IMS.
- a communication control method performed by a SIP control device that is connected to a management device that manages call processing rules in an IP packet network and controls a voice call transmitted from a user device.
- the management device When receiving a call connection request from a device, the management device is inquired to determine whether or not the authentication of the user device is completed, and it is determined that the authentication of the user device is completed.
- a communication control method comprising: performing a call connection process without authenticating the user apparatus. This communication method provides a technique for preventing duplicate authentication processing from being performed on a user device that has already been authenticated in IMS.
- each device (user device 1 / MME3 / SGW4 / PGW5 / PCRF6 / P-CSCF7 / I-CSCF8 / S-CSCF9 / HSS10) described in the embodiment of the present invention includes a CPU and a memory.
- the apparatus may have a configuration realized by a program being executed by a CPU (processor), or may be realized by hardware such as a hardware circuit including processing logic described in the present embodiment.
- a structure may be sufficient and a program and hardware may be mixed.
- the operations of a plurality of functional units may be physically performed by one component, or the operations of one functional unit may be physically performed by a plurality of components.
- the order of the sequences and flowcharts described in the embodiments may be changed as long as there is no contradiction.
- MME3, PCRF6, P-CSCF7 and S-CSCF9 have been described using functional block diagrams, but such devices may be implemented in hardware, software, or a combination thereof. Good.
- the software operated by the processor of the MME3, PCRF6, P-CSCF7 and S-CSCF9 includes random access memory (RAM), flash memory, read only memory (ROM), EPROM, EEPROM, register, It may be stored in a hard disk (HDD), a removable disk, a CD-ROM, a database, a server, or any other suitable storage medium.
- RAM random access memory
- ROM read only memory
- EPROM EPROM
- EEPROM electrically erasable programmable read only memory
- register It may be stored in a hard disk (HDD), a removable disk, a CD-ROM, a database, a server, or any other suitable storage medium.
- the PCRF 6 is an example of a management device.
- the P-CSCF 7 or S-CSCF 9 is an example of a SIP control device.
- the authentication completion flag is an example of a predetermined flag.
- SIP Register is an example of a call connection request.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
図1は、実施の形態に係る移動通信システムのシステム構成の一例を示す図である。図1に示すように、本実施の形態における移動通信システムは、ユーザ装置1と、eNB(evolved Node B)2と、MME(Mobility Management Entity)3と、SGW(Serving Gateway)4と、PGW(Packet Data Network Gateway)5と、PCRF(Policy and Charging Rules Function)6と、P-CSCF(Proxy-Call Session Control Function)7と、I-CSCF(Interrogating Call Session Control Function)8と、S-CSCF(Serving Call Session Control Function)9と、HSS(Home Subscriber Server)10とを有する。MME3、SGW4、PGW5及びPCRF6は、EPCに属する装置である。また、P-CSCF7、I-CSCF8及びS-CSCF9は、IMSに属する装置である。また、SGW4及びPGW5の間は、GTP(GPRS Tunneling Protocol)とPMIP(Proxy Mobile IP)の2種類の制御プロトコルのオプションが存在するが、どちらが利用されていてもよい。図1には1つのユーザ装置1が含まれているが、図示の便宜上であり、2以上のユーザ装置1が含まれていてもよい。
以下、本発明の実施の形態の動作を実行するMME3、PCRF6、P-CSCF7及びS-CSCF9の機能構成例を説明する。
図2は、実施の形態に係るMMEの機能構成の一例を示す図である。図2に示すように、MME3は、信号受信部11と、信号送信部12と、認証結果保持部13とを有する。なお、図2は、MME3において本発明の実施の形態に特に関連する機能部のみを示すものであり、少なくともLTEに準拠した動作を行うための図示しない機能も有するものである。また、図2に示す機能構成は一例に過ぎない。本実施の形態に係る動作を実行できるのであれば、機能区分及び機能部の名称はどのようなものでもよい。
図3は、実施の形態に係るPCRFの機能構成の一例を示す図である。図3に示すように、PCRF6は、信号受信部21と、信号送信部22と、ユーザ情報保持部23とを有する。なお、図3は、PCRF6において本発明の実施の形態に特に関連する機能部のみを示すものであり、少なくともLTEに準拠した動作を行うための図示しない機能も有するものである。また、図3に示す機能構成は一例に過ぎない。本実施の形態に係る動作を実行できるのであれば、機能区分及び機能部の名称はどのようなものでもよい。
図4は、実施の形態に係るP-CSCFの機能構成の一例を示す図である。図4に示すように、P-CSCF7は、信号受信部31と、信号送信部32と、判定部33と、認証処理部34とを有する。なお、図4は、P-CSCF7において本発明の実施の形態に特に関連する機能部のみを示すものであり、少なくともLTEに準拠した動作を行うための図示しない機能も有するものである。また、図4に示す機能構成は一例に過ぎない。本実施の形態に係る動作を実行できるのであれば、機能区分及び機能部の名称はどのようなものでもよい。
図5は、実施の形態に係るS-CSCFの機能構成の一例を示す図である。図5に示すように、S-CSCF9は、信号受信部41と、信号送信部42と、判定部43と、認証処理部44とを有する。なお、図5は、S-CSCF9において本発明の実施の形態に特に関連する機能部のみを示すものであり、少なくともLTEに準拠した動作を行うための図示しない機能も有するものである。また、図5に示す機能構成は一例に過ぎない。本実施の形態に係る動作を実行できるのであれば、機能区分及び機能部の名称はどのようなものでもよい。
実施の形態の説明に用いたブロック図(図2乃至図5)は、機能単位のブロックを示している。これらの機能ブロック(構成部)は、ハードウェア及び/又はソフトウェアの任意の組み合わせによって実現される。また、各機能ブロックの実現手段は特に限定されない。すなわち、各機能ブロックは、物理的及び/又は論理的に結合した1つの装置により実現されてもよいし、物理的及び/又は論理的に分離した2つ以上の装置を直接的及び/又は間接的に(例えば、有線及び/又は無線)で接続し、これら複数の装置により実現されてもよい。
図7は、ユーザ装置がEPCにアタッチする際の処理手順の一例を示すシーケンス図である。図8は、EPCにアタッチしたユーザ装置がIMSにアクセスする際の処理手順の一例を示すシーケンス図である。まず、図7を用いて、ユーザ装置1がEPCにアタッチする際の処理手順について説明する。
以上、実施の形態によれば、IPネットワークにおける呼処理規則を管理する管理装置と接続され、ユーザ装置から発信された音声呼を制御するSIP制御装置であって、前記ユーザ装置から呼接続要求を受信した場合に、前記管理装置に問い合わせることで、前記ユーザ装置の認証が完了しているか否かを判定する判定部と、前記ユーザ装置の認証が完了していると判定された場合に、前記ユーザ装置の認証を行わずに呼接続処理を行う呼処理部と、を有するSIP制御装置が提供される。このSIP制御装置により、IMSにおいて、既に認証されたユーザ装置に対して重複した認証処理が行われないようにする技術が提供される。
以上、本発明の実施の形態で説明する各装置(ユーザ装置1/MME3/SGW4/PGW5/PCRF6/P-CSCF7/I-CSCF8/S-CSCF9/HSS10)の構成は、CPUとメモリを備える当該装置において、プログラムがCPU(プロセッサ)により実行されることで実現される構成であってもよいし、本実施の形態で説明する処理のロジックを備えたハードウェア回路等のハードウェアで実現される構成であってもよいし、プログラムとハードウェアが混在していてもよい。
2 eNB
3 MME
4 SGW
5 PGW
6 PCRF
7 P-CSCF
8 I-CSCF
9 S-CSCF
10 HSS
11、21、31、41 信号受信部
12、22、32、42 信号送信部
13 認証結果保持部
23 ユーザ情報保持部
33、43 判定部
34、44 認証処理部
1001 プロセッサ
1002 メモリ
1003 ストレージ
1004 通信装置
1005 入力装置
1006 出力装置
Claims (4)
- IPネットワークにおける呼処理ポリシーを管理する管理装置と接続され、ユーザ装置から発信された音声呼を制御するSIP制御装置であって、
前記ユーザ装置から呼接続要求を受信した場合に、前記管理装置に問い合わせることで、前記ユーザ装置の認証が完了しているか否かを判定する判定部と、
前記ユーザ装置の認証が完了していると判定された場合に、前記ユーザ装置の認証を行わずに呼接続処理を行う呼処理部と、
を有するSIP制御装置。 - 前記判定部は、前記管理装置から受信した信号に所定のフラグが含まれている場合に前記ユーザ装置の認証が完了していると判定し、前記管理装置から受信した信号に所定のフラグが含まれていない場合に前記ユーザ装置の認証が完了していないと判定する、請求項1に記載のSIP制御装置。
- IPネットワークにおける呼処理ポリシーを管理する管理装置と、交換機と、ユーザ装置から発信された音声呼を制御するSIP制御装置とを有する移動通信システムであって、
前記交換機は、
前記ユーザ装置との間で認証が完了した場合に、認証が完了したことを前記管理装置に通知する通知部、
を有し、
前記SIP制御装置は、
前記ユーザ装置から呼接続要求を受信した場合に、前記管理装置に問い合わせることで、前記ユーザ装置の認証が完了しているか否かを判定する判定部と、
前記ユーザ装置の認証が完了していると判定された場合に、前記ユーザ装置の認証を行わずに呼接続処理を行う呼処理部と、
を有する移動通信システム。 - IPパケットネットワークにおける呼処理ポリシーを管理する管理装置と接続され、ユーザ装置から発信された音声呼を制御するSIP制御装置が行う通信制御方法であって、
前記ユーザ装置から呼接続要求を受信した場合に、前記管理装置に問い合わせることで、前記ユーザ装置の認証が完了しているか否かを判定するステップと、
前記ユーザ装置の認証が完了していると判定された場合に、前記ユーザ装置の認証を行わずに呼接続処理を行うステップと、
を有する通信制御方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/741,522 US20180213400A1 (en) | 2015-07-07 | 2016-06-09 | Sip control apparatus, mobile communication system and communication control method |
JP2017527143A JP6681892B2 (ja) | 2015-07-07 | 2016-06-09 | Sip制御装置、移動通信システム及び通信制御方法 |
EP16821167.0A EP3322137A4 (en) | 2015-07-07 | 2016-06-09 | SIP CONTROL DEVICE, MOBILE COMMUNICATION SYSTEM AND COMMUNICATION CONTROL METHOD |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015-136486 | 2015-07-07 | ||
JP2015136486 | 2015-07-07 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017006696A1 true WO2017006696A1 (ja) | 2017-01-12 |
Family
ID=57685128
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2016/067235 WO2017006696A1 (ja) | 2015-07-07 | 2016-06-09 | Sip制御装置、移動通信システム及び通信制御方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20180213400A1 (ja) |
EP (1) | EP3322137A4 (ja) |
JP (1) | JP6681892B2 (ja) |
WO (1) | WO2017006696A1 (ja) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050210288A1 (en) * | 2004-03-22 | 2005-09-22 | Grosse Eric H | Method and apparatus for eliminating dual authentication for enterprise access via wireless LAN services |
JP2014200036A (ja) * | 2013-03-29 | 2014-10-23 | 富士通株式会社 | 経路選択装置、経路選択方法および通信システム |
JP2015023545A (ja) * | 2013-07-23 | 2015-02-02 | 株式会社Nttドコモ | 通信システム、中継装置、制御情報中継プログラム及び通信方法 |
US20150118995A1 (en) * | 2013-10-25 | 2015-04-30 | Cellco Partnership D/B/A Verizon Wireless | Internet protocol multimedia subsystem (ims) authentication for non-ims subscribers |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001249892A (ja) * | 2000-03-03 | 2001-09-14 | Seiko Epson Corp | ウエブページ閲覧制限方法とサーバシステム |
KR100492958B1 (ko) * | 2002-09-10 | 2005-06-07 | 삼성전자주식회사 | 무선 고속 데이터 시스템에서 공중망과 사설망의 공통사용 방법 및 시스템 |
EP2245873B1 (en) * | 2008-02-15 | 2020-01-22 | Telefonaktiebolaget LM Ericsson (publ) | System and method of user authentication in wireless communication networks |
US8923818B2 (en) * | 2012-10-11 | 2014-12-30 | Cellco Partnership | Customer LTE router hub |
EP2785004A1 (en) * | 2013-03-28 | 2014-10-01 | Nokia Solutions and Networks Oy | Imei based lawful interception for ip multimedia subsystem |
-
2016
- 2016-06-09 WO PCT/JP2016/067235 patent/WO2017006696A1/ja active Application Filing
- 2016-06-09 EP EP16821167.0A patent/EP3322137A4/en not_active Withdrawn
- 2016-06-09 JP JP2017527143A patent/JP6681892B2/ja active Active
- 2016-06-09 US US15/741,522 patent/US20180213400A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050210288A1 (en) * | 2004-03-22 | 2005-09-22 | Grosse Eric H | Method and apparatus for eliminating dual authentication for enterprise access via wireless LAN services |
JP2014200036A (ja) * | 2013-03-29 | 2014-10-23 | 富士通株式会社 | 経路選択装置、経路選択方法および通信システム |
JP2015023545A (ja) * | 2013-07-23 | 2015-02-02 | 株式会社Nttドコモ | 通信システム、中継装置、制御情報中継プログラム及び通信方法 |
US20150118995A1 (en) * | 2013-10-25 | 2015-04-30 | Cellco Partnership D/B/A Verizon Wireless | Internet protocol multimedia subsystem (ims) authentication for non-ims subscribers |
Non-Patent Citations (1)
Title |
---|
See also references of EP3322137A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP3322137A1 (en) | 2018-05-16 |
JPWO2017006696A1 (ja) | 2018-04-19 |
EP3322137A4 (en) | 2019-02-20 |
JP6681892B2 (ja) | 2020-04-15 |
US20180213400A1 (en) | 2018-07-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11785454B2 (en) | Terminal apparatus, base station apparatus, mobility management entity (MME), and communication control method | |
US11089542B2 (en) | Terminal apparatus, base station apparatus, mobility management entity (MME), and communication control method | |
US11477726B2 (en) | Apparatus, system and method for dedicated core network | |
US8630607B2 (en) | Emergency call handoff between heterogeneous networks | |
US20170026896A1 (en) | Terminal device, relay terminal device, and communication control method | |
US20190028933A1 (en) | Terminal apparatus, mobility management entity (mme), and communication control method | |
EP3334238A1 (en) | Terminal device, mme, method for controlling communication of terminal device, and method for controlling communication of mme | |
EP3334239A1 (en) | Terminal device, base station device, method for controlling communication of terminal device, and method for controlling communication of base station device | |
US11064541B2 (en) | Terminal apparatus, mobility management entity (MME), and communication control method | |
US11197221B2 (en) | Terminal apparatus, control apparatus, and communication control method | |
US10264619B2 (en) | Local call service control function server selection | |
US20190230571A1 (en) | Terminal apparatus, control apparatus, and communication control method | |
EP3864813A1 (en) | Indication of evolved packet system fallback capability | |
US9326141B2 (en) | Internet protocol multimedia subsystem (IMS) authentication for non-IMS subscribers | |
US11350287B2 (en) | Switch and communication method | |
US11343754B2 (en) | Terminal apparatus, mobility management entity (MME), and communication control method | |
US9532292B2 (en) | Communication system | |
JP6634439B2 (ja) | Sip制御装置、移動通信システム及び緊急呼制御方法 | |
JP6681892B2 (ja) | Sip制御装置、移動通信システム及び通信制御方法 | |
KR20130003361A (ko) | Apn 변경 장치 및 방법과 apn 변경을 위한 무선 단말 장치 및 이를 실행하기 위한 기록매체 | |
WO2016082872A1 (en) | Blocking of nested connections |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16821167 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2017527143 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15741522 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016821167 Country of ref document: EP |