Method for authenticating user terminal in IP multimedia sub-system
DCFirst Claim
1. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
- generating, by a Serving-Call Session Control Function (S-CSCF) entity, an authentication challenge through a Digest Authentication Algorithm in response to a subscriber request, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity;
receiving, by the user equipment, the authentication challenge;
generating, by the user equipment, an authentication response through the Digest Authentication Algorithm in accordance with a subscriber key and the authentication challenge, and sending the authentication response to the S-CSCF entity through the P-CSCF entity;
receiving, by the S-CSCF entity, the authentication response; and
verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm in accordance with information HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails,wherein the Digest Authentication Algorithm includes a Digest MD5 algorithm, and the S-CSCF entity obtains the HA1 through interacting with a Home Subscriber Server (HSS) before generating the authentication challenge or upon receiving the authentication response,wherein the obtaining the HA1 comprises;
sending, by the S-CSCF entity, to the HSS a request message carrying a subscriber identity; and
generating, by the HSS, the HA1 in accordance with a domain name of a domain corresponding to the subscriber, the subscriber identity and the subscriber key, and returning to the S-CSCF entity the HA1 in a response message.
8 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method for authenticating user terminal in IMS network, the method includes: with regard to user request, Service-Call Session Control Function (S-CSCF) entity creates the authentication challenge utilizing Digest Authentication Algorithm, and sends the authentication challenge to user terminal through Proxy-Call Session Control Function (P-CSCF) entity; the user terminal creates the authentication response utilizing Digest Authentication Algorithm according to the user key and associated parameters with said authentication challenge, and sends the authentication response to S-CSCF entity through S-CSCF entity; S-CSCF entity authenticates said authentication response utilizing Digest Authentication Algorithm according to HAI and associated parameters, if the authentication passes, determines that the user terminal is authenticated successfully, otherwise, determines that the user terminal is authenticated failure.
24 Citations
15 Claims
-
1. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
-
generating, by a Serving-Call Session Control Function (S-CSCF) entity, an authentication challenge through a Digest Authentication Algorithm in response to a subscriber request, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity; receiving, by the user equipment, the authentication challenge; generating, by the user equipment, an authentication response through the Digest Authentication Algorithm in accordance with a subscriber key and the authentication challenge, and sending the authentication response to the S-CSCF entity through the P-CSCF entity; receiving, by the S-CSCF entity, the authentication response; and verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm in accordance with information HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails, wherein the Digest Authentication Algorithm includes a Digest MD5 algorithm, and the S-CSCF entity obtains the HA1 through interacting with a Home Subscriber Server (HSS) before generating the authentication challenge or upon receiving the authentication response, wherein the obtaining the HA1 comprises; sending, by the S-CSCF entity, to the HSS a request message carrying a subscriber identity; and generating, by the HSS, the HA1 in accordance with a domain name of a domain corresponding to the subscriber, the subscriber identity and the subscriber key, and returning to the S-CSCF entity the HA1 in a response message. - View Dependent Claims (2)
-
-
3. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
-
generating, by a Serving-Call Session Control Function (S-CSCF) entity, an authentication challenge through a Digest MD5-Sess algorithm in response to a subscriber request, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity; receiving, by the user equipment, the authentication challenge; generating, by the user equipment, an authentication response through the Digest MD5-Sess algorithm in accordance with a subscriber key and the authentication challenge, and sending the authentication response to the S-CSCF entity through the P-CSCF entity; receiving, by the S-CSCF entity, the authentication response verifying, by the S-CSCF entity, the authentication response through the Digest MD5-Sess algorithm in accordance with information HA1 related to the subscriber key, and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails; and obtaining, by the S-CSCF entity, the HA1 by; sending, by the S-CSCF entity, to a Home Subscriber Server (HSS) a request message carrying a subscriber identity, a parameter “
nonce” and
a parameter “
cnonce”
upon receipt of the authentication response; andgenerating, by the HSS, the HA1 in accordance with a domain name of a domain corresponding to the subscriber, the subscriber identity, the subscriber key, the parameter “
nonce” and
the parameter “
cnonce”
, “
cnonce”
, and returning to the S-CSCF entity the HA1 in a response message.
-
-
4. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
-
generating, by a Serving-Call Session Control Function (S-CSCF) entity, an authentication challenge through a Digest Authentication Algorithm in response to a registration request, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity; receiving, by the user equipment, the authentication challenge; generating, by the user equipment, an authentication response through the Digest Authentication Algorithm in accordance with a subscriber key and the authentication challenge, and sending the authentication response to the S-CSCF entity through the P-CSCF entity; receiving, by the S-CSCF entity, the authentication response; and verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm in accordance with information HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails, wherein after the authentication for the user equipment succeeds, an authentication mode for authenticating a subsequent request message configured at an HSS is sent to the S-CSCF entity, and the S-CSCF entity authenticates the subsequent request message according to the authentication mode. - View Dependent Claims (5, 6)
-
-
7. A method for authenticating a user equipment in an IP multimedia subsystem, comprising:
-
generating, by a Home Subscriber Server (HSS), parameters required for generating an authentication challenge in a Digest Authentication in accordance with a subscriber identity carried in a request message sent from a Serving-Call Session Control Function (S-CSCF) entity, and sending the parameters to the S-CSCF entity; generating, by the S-CSCF entity, the authentication challenge in accordance with the parameters, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity; generating, by the user equipment, an authentication response through a Digest Authentication Algorithm in accordance with a subscriber key and the authentication challenge, and transferring the authentication response to the HSS through the P-CSCF entity and the S-CSCF entity; and verifying, by the HSS, contents in the authentication response through the Digest Authentication Algorithm in accordance with the subscriber key and the authentication response, and if the verification is passed, informing the S-CSCF entity that the authentication for the user equipment succeeds, otherwise informing the S-CSCF entity that the authentication for the user equipment fails. - View Dependent Claims (8, 9, 10, 11)
-
-
12. An authentication method in an IP multimedia subsystem, comprising:
-
receiving, by a Serving-Call Control Function (S-CSCF) entity, a registration request from a user equipment; generating, by the S-CSCF entity, an authentication challenge through a Digest Authentication Algorithm, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity; receiving, by the S-CSCF entity, an authentication response sent from the user equipment, wherein the authentication response is generated by the user equipment through the Digest Authentication Algorithm according to a subscriber key and the authentication challenge sent from the S-CSCF entity; and verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm according to HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails, wherein the Digest Authentication Algorithm is a Digest MD5 algorithm, and the method further comprises; sending, by the S-CSCF entity, to a Home Subscriber Server (HSS) an authentication request message carrying a subscriber identity which is carried in the registration request; and receiving, by the S-CSCF entity, an authentication response message carrying the HA1 from the HSS, wherein the HA1 is generated by the HSS according to a domain name of a domain corresponding to the subscriber, the subscriber identity and the subscriber key.
-
-
13. An authentication method in an IP multimedia subsystem, comprising:
-
receiving, by a Serving-Call Control Function (S-CSCF) entity, a registration request from a user equipment; generating, by the S-CSCF entity, an authentication challenge through a Digest Authentication Algorithm, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity; receiving, by the S-CSCF entity, an authentication response sent from the user equipment, wherein the authentication response is generated by the user equipment through the Digest Authentication Algorithm according to a subscriber key and the authentication challenge sent from the S-CSCF entity; and verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm according to HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails, wherein the Digest Authentication Algorithm includes a Digest MD5-Sess algorithm, and the method further comprises; sending, by the S-CSCF entity, to a Home Subscriber Server (HSS) a authentication request carrying a subscriber identity, a parameter “
nonce” and
a parameter “
cnonce”
upon receiving the authentication response from the user equipment; andreceiving, by the S-CSCF entity, an authentication response message carrying the HA1 from the HSS, wherein the HA1 is generated by the HSS according to a domain name of a domain corresponding to the subscriber, the subscriber identity, the subscriber key, the parameter “
nonce” and
the parameter “
cnonce”
.
-
-
14. An authentication method in an IP multimedia subsystem, comprising:
-
receiving, by a Serving-Call Control Function (S-CSCF) entity, a registration request from a user equipment; generating, by the S-CSCF entity, an authentication challenge through a Digest Authentication Algorithm, and sending the authentication challenge to the user equipment through a Proxy-Call Session Control Function (P-CSCF) entity; receiving, by the S-CSCF entity, an authentication response sent from the user equipment, wherein the authentication response is generated by the user equipment through the Digest Authentication Algorithm according to a subscriber key and the authentication challenge sent from the S-CSCF entity; and verifying, by the S-CSCF entity, the authentication response through the Digest Authentication Algorithm according to HA1 related to the subscriber key and the authentication response, and if the verification is passed, determining that the authentication for the user equipment succeeds, otherwise determining that the authentication for the user equipment fails, wherein the authentication response sent from the user equipment carries a first “
request-digest”
calculated through the Digest Authentication Algorithm according to the subscriber key and the authentication challenge sent from the S-CSCF entity, and the method further comprises;calculating, by the S-CSCF entity, a second “
request-digest”
according to the HA1 and the authentication response from the user equipment; andcomparing, by the S-CSCF entity, the first “
request-digest” and
the second “
request-digest”
, and determining that the user is authenticated successfully if the first “
request-digest” and
the second “
request-digest”
are same.
-
-
15. An authentication method in an IP multimedia subsystem, comprising:
-
generating, by a Home Subscriber Server (HSS), parameters required for generating an authentication challenge in a Digest Authentication according to a subscriber identity carried in a request message sent from a Serving-Call Session Control Function (S-CSCF) entity, and sending the parameters to the S-CSCF entity; receiving, by the HSS, an authentication response sent from a user equipment through a Proxy-Call Session Control Function (P-CSCF) entity and the S-CSCF entity, wherein the authentication response is generated by the user equipment through a Digest Authentication Algorithm according to a subscriber key and a authentication challenge which is generated by the S-CSCF entity according to the parameters and is sent to the user equipment; verifying, by the HSS, contents in the authentication response through the Digest Authentication Algorithm according to the subscriber key and the authentication response, and if the verification is passed, informing the S-CSCF entity that the authentication for the user equipment succeeds.
-
Specification