SECURITY MANAGEMENT METHOD AND SYSTEM FOR WAPI TERMINAL ACCESSING IMS NETWORK

US 20110276798A1
Filed: 07/16/2009
Published: 11/10/2011
Est. Priority Date: 01/16/2009
Status: Active Grant

First Claim

Patent Images

1. A security management method for a WAPI terminal accessing an IP multimedia subsystem (IMS) network, the method comprising:

an authentication service unit (ASU) sending, under the circumstance that an access point and the WAPI terminal pass the verification of the ASU, a security information request message to a home subscriber server (HSS), wherein the security information request message carries IMS account information of the WAPI terminal;

the HSS setting security information corresponding to the IMS account information of the WAPI terminal as access layer security after receiving the security information request message from the ASU; and

a proxy-call session control function (P-CSCF) receiving an IMS login request message from the WAPI terminal, inquiring about the security information of the WAPI terminal through the HSS, and allowing the WAPI terminal to execute an IMS service flow under the circumstance that the security information of the WAPI terminal is the access layer security.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a security management method and a security management system for a WAPI terminal accessing an IMS network. The method comprises: an authentication service unit (ASU) sending, under the circumstance that an access point and the WAPI terminal pass the verification of the ASU, a security information request message to a home subscriber server (HSS) (S302); the HSS setting security information corresponding to the IMS account information of the WAPI terminal as access layer security after receiving the security information request message from the ASU (S304); a proxy-call session control function (P-CSCF) receiving an IMS login request message from the WAPI terminal, inquiring about the security information of the WAPI terminal through the HSS, and allowing the WAPI terminal to execute an IMS service flow under the circumstance that the security information of the WAPI terminal is the access layer security (S306).

25 Citations

View as Search Results

14 Claims

1. A security management method for a WAPI terminal accessing an IP multimedia subsystem (IMS) network, the method comprising:
- an authentication service unit (ASU) sending, under the circumstance that an access point and the WAPI terminal pass the verification of the ASU, a security information request message to a home subscriber server (HSS), wherein the security information request message carries IMS account information of the WAPI terminal;
  
  the HSS setting security information corresponding to the IMS account information of the WAPI terminal as access layer security after receiving the security information request message from the ASU; and
  
  a proxy-call session control function (P-CSCF) receiving an IMS login request message from the WAPI terminal, inquiring about the security information of the WAPI terminal through the HSS, and allowing the WAPI terminal to execute an IMS service flow under the circumstance that the security information of the WAPI terminal is the access layer security.
- View Dependent Claims (2, 3, 4, 5, 6, 11, 12, 13, 14)
- - 2. The method according to claim 1, wherein the step of the ASU verifying the access point and the WAPI terminal comprises:
    - the ASU verifying a signature and a certificate of the access point, and further verifying a signature of the WAPI terminal under the circumstance that the signature and the certificate of the access point pass the verification; and
      
      the ASU determining that the access point and the WAPI terminal pass the verification under the circumstance that the signature of the WAPI terminal passes the verification.
  - 3. The method according to claim 1, wherein before the step of the ASU verifying the access point and the WAPI terminal, the method further comprises:
    - the access point sending an authentication activating message to the WAPI terminal, wherein the authentication activating message carries a certificate of the access point, parameter information of a elliptic curve Diffie-Hellman (ECDH), identifier information of the ASU, and authentication identifier information of the ASU;
      
      the WAPI terminal receiving the authentication activating message, and sending an access authentication request message to the access point, wherein the access authentication request message carries a certificate of the WAPI terminal, a certificate of the access point, parameter information of the ECDH, and ECDH public key information of the WAPI terminal; and
      
      the access point sending a certificate authentication request message to the ASU, wherein the certificate authentication request message carries a signature and the certificate of the access point, and a signature of the WAPI terminal.
  - 4. The method according to claim 3, wherein after the step of the HSS setting the security information corresponding to the IMS account information of the WAPI terminal as access layer security, and before the step of the WAPI terminal sending the IMS login request message to the P-CSCF, the method further comprises:
    - the access point receiving a certificate authentication response message from the ASU, and sending an access authentication response message to the WAPI terminal; and
      
      the access point and the WAPI terminal performing unicast key agreement to determine a base key adopted during encrypted transmission of data between the access point and the WAPI terminal, wherein under the circumstance that the agreement is successful, the data transmitted between the access point and the WAPI terminal is encrypted and decrypted by using the base key.
  - 5. The method according to claim 4, wherein the step of the access point and the WAPI terminal performing unicast key agreement comprises:
    - the access point sending a unicast key agreement request message to the WAPI terminal; and
      
      the access point receiving a unicast key agreement response message from the WAPI terminal, and sending a unicast key agreement confirmation message to the WAPI terminal.
  - 6. The method according to claim 1, wherein under the circumstance that the WAPI terminal quits the IMS services, the method also comprises:
    - the ASU receiving a releasing link and verification request message from the access point, and sending a security information releasing request message to the HSS, wherein the security information releasing request message carries the IMS account information of the released WAPI terminal; and
      
      the HSS receiving the security information releasing request message from the ASU, and setting the access layer security of the security information corresponding to the IMS account information of the WAPI terminal as null.
  - 11. The method according to claim 2, wherein under the circumstance that the WAPI terminal quits the IMS services, the method also comprises:
    - the ASU receiving a releasing link and verification request message from the access point, and sending a security information releasing request message to the HSS, wherein the security information releasing request message carries the IMS account information of the released WAPI terminal; and
      
      the HSS receiving the security information releasing request message from the ASU, and setting the access layer security of the security information corresponding to the IMS account information of the WAPI terminal as null.
  - 12. The method according to claim 3, wherein under the circumstance that the WAPI terminal quits the IMS services, the method also comprises:
    - the ASU receiving a releasing link and verification request message from the access point, and sending a security information releasing request message to the HSS, wherein the security information releasing request message carries the IMS account information of the released WAPI terminal; and
      
      the HSS receiving the security information releasing request message from the ASU, and setting the access layer security of the security information corresponding to the IMS account information of the WAPI terminal as null.
  - 13. The method according to claim 4, wherein under the circumstance that the WAPI terminal quits the IMS services, the method also comprises:
    - the ASU receiving a releasing link and verification request message from the access point, and sending a security information releasing request message to the HSS, wherein the security information releasing request message carries the IMS account information of the released WAPI terminal; and
      
      the HSS receiving the security information releasing request message from the ASU, and setting the access layer security of the security information corresponding to the IMS account information of the WAPI terminal as null.
  - 14. The method according to claim 5, wherein under the circumstance that the WAPI terminal quits the IMS services, the method also comprises:
    - the ASU receiving a releasing link and verification request message from the access point, and sending a security information releasing request message to the HSS, wherein the security information releasing request message carries the IMS account information of the released WAPI terminal; and
      
      the HSS receiving the security information releasing request message from the ASU, and setting the access layer security of the security information corresponding to the IMS account information of the WAPI terminal as null.

7. A security management system for a WAPI terminal accessing into an IP multimedia subsystem (IMS) network, the system comprising:
- an authentication service unit (ASU), configured to verify an access point and the WAPI terminal, and send a security information request message to a home subscriber server (HSS) under the circumstance that the access point and the WAPI terminal pass the verification, wherein the security information request message carries IMS account information of the WAPI terminal;
  
  the HSS, configured to receive the security information request message from the ASU, and set security information corresponding to the IMS account information of the WAPI terminal as access layer security; and
  
  a proxy-call session control function (P-CSCF), configured to inquire, under the circumstance that an IMS login request message from the WAPI terminal is received, about the security information of the WAPI terminal through the HSS, and perform subsequent processing according to the inquiry result.
- View Dependent Claims (8, 9, 10)
- - 8. The system according to claim 7, wherein the ASU further comprises:
    - a verification module, configured to verify the access point and the WAPI terminal; and
      
      a sending module, configured to send the security information request message to the HSS under the circumstance that the verification result of the verification module is that the access point and the WAPI terminal pass the verification, wherein the security information request message carries the IMS account information of the WAPI terminal.
  - 9. The system according to claim 8, wherein the HSS further comprises:
    - a first receiving module, configured to receive the security information request message from the sending module; and
      
      a setting module, configured to set the security information corresponding to the IMS account information of the WAPI terminal as access layer security according to the security information request message received by the first receiving module.
  - 10. The system according to claim 9, wherein the P-CSCF further comprises:
    - a second receiving module, configured to receive the IMS login request message from the WAPI terminal; and
      
      an inquiry module, configured to inquiring about the security information of the WAPI terminal through the HSS, and perform subsequent processing according to the inquiry result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZTE Corporation
Original Assignee
ZTE Corporation
Inventors
Liu, Jiabing, Liang, Jiehui, Shi, Yuanqing

Granted Patent

US 8,595,485 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1073   Registration or de-registra...

H04L 65/1076   Screening of IP real time c...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 84/12   WLAN [Wireless Local Area N...

Y02D 30/70   in wireless communication n...

SECURITY MANAGEMENT METHOD AND SYSTEM FOR WAPI TERMINAL ACCESSING IMS NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

SECURITY MANAGEMENT METHOD AND SYSTEM FOR WAPI TERMINAL ACCESSING IMS NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others