Method for authenticating user terminal in IP multimedia sub-system

US 8,335,487 B2
Filed: 08/31/2007
Issued: 12/18/2012
Est. Priority Date: 04/30/2005
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:

generating, by a Serving-Call Session Control Function (S-CSCF) entity, an authentication challenge through a Digest Authentication Algorithm in response to a subscriber request, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;

receiving, by the user equipment, the authentication challenge;

generating, by the user equipment, an authentication response through the Digest Authentication Algorithm in accordance with a subscriber key and the authentication challenge, and sending the authentication response to the S-CSCF entity through the P-CSCF entity;

receiving, by the S-CSCF entity, the authentication response; and

verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm in accordance with information HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails,wherein the Digest Authentication Algorithm includes a Digest MD5 algorithm, and the S-CSCF entity obtains the HA1 through interacting with a Home Subscriber Server (HSS) before generating the authentication challenge or upon receiving the authentication response,wherein the obtaining the HA1 comprises;

sending, by the S-CSCF entity, to the HSS a request message carrying a subscriber identity; and

generating, by the HSS, the HA1 in accordance with a domain name of a domain corresponding to the subscriber, the subscriber identity and the subscriber key, and returning to the S-CSCF entity the HA1 in a response message.

View all claims

8 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method for authenticating user terminal in IMS network, the method includes: with regard to user request, Service-Call Session Control Function (S-CSCF) entity creates the authentication challenge utilizing Digest Authentication Algorithm, and sends the authentication challenge to user terminal through Proxy-Call Session Control Function (P-CSCF) entity; the user terminal creates the authentication response utilizing Digest Authentication Algorithm according to the user key and associated parameters with said authentication challenge, and sends the authentication response to S-CSCF entity through S-CSCF entity; S-CSCF entity authenticates said authentication response utilizing Digest Authentication Algorithm according to HAI and associated parameters, if the authentication passes, determines that the user terminal is authenticated successfully, otherwise, determines that the user terminal is authenticated failure.

24 Citations

View as Search Results

15 Claims

1. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
- generating, by a Serving-Call Session Control Function (S-CSCF) entity, an authentication challenge through a Digest Authentication Algorithm in response to a subscriber request, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;
  
  receiving, by the user equipment, the authentication challenge;
  
  generating, by the user equipment, an authentication response through the Digest Authentication Algorithm in accordance with a subscriber key and the authentication challenge, and sending the authentication response to the S-CSCF entity through the P-CSCF entity;
  
  receiving, by the S-CSCF entity, the authentication response; and
  
  verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm in accordance with information HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails,wherein the Digest Authentication Algorithm includes a Digest MD5 algorithm, and the S-CSCF entity obtains the HA1 through interacting with a Home Subscriber Server (HSS) before generating the authentication challenge or upon receiving the authentication response,wherein the obtaining the HA1 comprises;
  
  sending, by the S-CSCF entity, to the HSS a request message carrying a subscriber identity; and
  
  generating, by the HSS, the HA1 in accordance with a domain name of a domain corresponding to the subscriber, the subscriber identity and the subscriber key, and returning to the S-CSCF entity the HA1 in a response message.
- View Dependent Claims (2)
- - 2. The method according to claim 1, wherein the subscriber identity is a public user identity or a private user identity.

3. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
- generating, by a Serving-Call Session Control Function (S-CSCF) entity, an authentication challenge through a Digest MD5-Sess algorithm in response to a subscriber request, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;
  
  receiving, by the user equipment, the authentication challenge;
  
  generating, by the user equipment, an authentication response through the Digest MD5-Sess algorithm in accordance with a subscriber key and the authentication challenge, and sending the authentication response to the S-CSCF entity through the P-CSCF entity;
  
  receiving, by the S-CSCF entity, the authentication responseverifying, by the S-CSCF entity, the authentication response through the Digest MD5-Sess algorithm in accordance with information HA1 related to the subscriber key, and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails; and
  
  obtaining, by the S-CSCF entity, the HA1 by;
  
  sending, by the S-CSCF entity, to a Home Subscriber Server (HSS) a request message carrying a subscriber identity, a parameter “
  
  nonce” and
  
  a parameter “
  
  cnonce”
  
  upon receipt of the authentication response; and
  
  generating, by the HSS, the HA1 in accordance with a domain name of a domain corresponding to the subscriber, the subscriber identity, the subscriber key, the parameter “
  
  nonce” and
  
  the parameter “
  
  cnonce”
  
  , “
  
  cnonce”
  
  , and returning to the S-CSCF entity the HA1 in a response message.

4. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
- generating, by a Serving-Call Session Control Function (S-CSCF) entity, an authentication challenge through a Digest Authentication Algorithm in response to a registration request, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;
  
  receiving, by the user equipment, the authentication challenge;
  
  generating, by the user equipment, an authentication response through the Digest Authentication Algorithm in accordance with a subscriber key and the authentication challenge, and sending the authentication response to the S-CSCF entity through the P-CSCF entity;
  
  receiving, by the S-CSCF entity, the authentication response; and
  
  verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm in accordance with information HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails,wherein after the authentication for the user equipment succeeds, an authentication mode for authenticating a subsequent request message configured at an HSS is sent to the S-CSCF entity, and the S-CSCF entity authenticates the subsequent request message according to the authentication mode.
- View Dependent Claims (5, 6)
- - 5. The method according to claim 4, wherein the authentication mode comprises one of authenticating only a registration request message, authenticating only a registration request and a session request message, or authenticating each request message.
  - 6. The method according to claim 5, wherein in the case of authentication for each request message, an authentication period for a subscriber request message is configured equal to a subscriber registration period or a subscriber session period.

7. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
- generating, by a Home Subscriber Server (HSS), parameters required for generating an authentication challenge in a Digest Authentication in accordance with a subscriber identity carried in a request message sent from a Serving-Call Session Control Function (S-CSCF) entity, and sending the parameters to the S-CSCF entity;
  
  generating, by the S-CSCF entity, the authentication challenge in accordance with the parameters, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;
  
  generating, by the user equipment, an authentication response through a Digest Authentication Algorithm in accordance with a subscriber key and the authentication challenge, and transferring the authentication response to the HSS through the P-CSCF entity and the S-CSCF entity; and
  
  verifying, by the HSS, contents in the authentication response through the Digest Authentication Algorithm in accordance with the subscriber key and the authentication response, and if the verification is passed, informing the S-CSCF entity that the authentication for the user equipment succeeds, otherwise informing the S-CSCF entity that the authentication for the user equipment fails.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method according to claim 7, wherein the subscriber identity is a public user identity or a private user identity.
  - 9. The method according to claim 7, wherein after the authentication for the user equipment succeeds, an authentication mode for authenticating a subsequent request message configured at the HSS is sent to the S-CSCF entity, and the S-CSCF entity authenticates the subsequent request message according to the authentication mode.
  - 10. The method according to claim 9, wherein the authentication mode comprises one of authenticating only a registration request message, authenticating only a registration request and a session request message, or authenticating each request message.
  - 11. The method according to claim 10, wherein in the case of authentication for each request message, an authentication period for a subscriber message is configured equal to a subscriber registration period or a subscriber session period.

12. An authentication method in an IP multimedia subsystem, comprising:
- receiving, by a Serving-Call Control Function (S-CSCF) entity, a registration request from a user equipment;
  
  generating, by the S-CSCF entity, an authentication challenge through a Digest Authentication Algorithm, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;
  
  receiving, by the S-CSCF entity, an authentication response sent from the user equipment, wherein the authentication response is generated by the user equipment through the Digest Authentication Algorithm according to a subscriber key and the authentication challenge sent from the S-CSCF entity; and
  
  verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm according to HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails,wherein the Digest Authentication Algorithm is a Digest MD5 algorithm, and the method further comprises;
  
  sending, by the S-CSCF entity, to a Home Subscriber Server (HSS) an authentication request message carrying a subscriber identity which is carried in the registration request; and
  
  receiving, by the S-CSCF entity, an authentication response message carrying the HA1 from the HSS, wherein the HA1 is generated by the HSS according to a domain name of a domain corresponding to the subscriber, the subscriber identity and the subscriber key.

13. An authentication method in an IP multimedia subsystem, comprising:
- receiving, by a Serving-Call Control Function (S-CSCF) entity, a registration request from a user equipment;
  
  generating, by the S-CSCF entity, an authentication challenge through a Digest Authentication Algorithm, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;
  
  receiving, by the S-CSCF entity, an authentication response sent from the user equipment, wherein the authentication response is generated by the user equipment through the Digest Authentication Algorithm according to a subscriber key and the authentication challenge sent from the S-CSCF entity; and
  
  verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm according to HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails,wherein the Digest Authentication Algorithm includes a Digest MD5-Sess algorithm, and the method further comprises;
  
  sending, by the S-CSCF entity, to a Home Subscriber Server (HSS) a authentication request carrying a subscriber identity, a parameter “
  
  nonce” and
  
  a parameter “
  
  cnonce”
  
  upon receiving the authentication response from the user equipment; and
  
  receiving, by the S-CSCF entity, an authentication response message carrying the HA1 from the HSS, wherein the HA1 is generated by the HSS according to a domain name of a domain corresponding to the subscriber, the subscriber identity, the subscriber key, the parameter “
  
  nonce” and
  
  the parameter “
  
  cnonce”
  
  .

14. An authentication method in an IP multimedia subsystem, comprising:
- receiving, by a Serving-Call Control Function (S-CSCF) entity, a registration request from a user equipment;
  
  generating, by the S-CSCF entity, an authentication challenge through a Digest Authentication Algorithm, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;
  
  receiving, by the S-CSCF entity, an authentication response sent from the user equipment, wherein the authentication response is generated by the user equipment through the Digest Authentication Algorithm according to a subscriber key and the authentication challenge sent from the S-CSCF entity; and
  
  verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm according to HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails,wherein the authentication response sent from the user equipment carries a first “
  
  request-digest”
  
  calculated through the Digest Authentication Algorithm according to the subscriber key and the authentication challenge sent from the S-CSCF entity, and the method further comprises;
  
  calculating, by the S-CSCF entity, a second “
  
  request-digest”
  
  according to the HA1 and the authentication response from the user equipment; and
  
  comparing, by the S-CSCF entity, the first “
  
  request-digest” and
  
  the second “
  
  request-digest”
  
  , and determining that the user is authenticated successfully if the first “
  
  request-digest” and
  
  the second “
  
  request-digest”
  
  are same.

15. An authentication method in an IP multimedia subsystem, comprising:
- generating, by a Home Subscriber Server (HSS), parameters required for generating an authentication challenge in a Digest Authentication according to a subscriber identity carried in a request message sent from a Serving-Call Session Control Function (S-CSCF) entity, and sending the parameters to the S-CSCF entity;
  
  receiving, by the HSS, an authentication response sent from a user equipment through a Proxy-Call Session Control Function (P-CSCF) entity and the S-CSCF entity, wherein the authentication response is generated by the user equipment through a Digest Authentication Algorithm according to a subscriber key and a authentication challenge which is generated by the S-CSCF entity according to the parameters and is sent to the user equipment;
  
  verifying, by the HSS, contents in the authentication response through the Digest Authentication Algorithm according to the subscriber key and the authentication response, and if the verification is passed, informing the S-CSCF entity that the authentication for the user equipment succeeds.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
INVT SPE LLC (SoftBank Group Corp.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Wen, Kai, Gu, Jiongjiong
Primary Examiner(s)
Brandt, Christopher M

Application Number

US11/896,389
Publication Number

US 20080045214A1
Time in Patent Office

1,936 Days
Field of Search

455/411, 455/410
US Class Current

455/410
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless network architectu...

H04L 63/08   for authentication of entit...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

Method for authenticating user terminal in IP multimedia sub-system

First Claim

8 Assignments

Litigations

0 Petitions

Accused Products

Abstract

24 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for authenticating user terminal in IP multimedia sub-system

First Claim

8 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links