CN100562019C - Operation processing method in the IP Multimedia System and home signature user server - Google Patents
Operation processing method in the IP Multimedia System and home signature user server Download PDFInfo
- Publication number
- CN100562019C CN100562019C CNB2006100760043A CN200610076004A CN100562019C CN 100562019 C CN100562019 C CN 100562019C CN B2006100760043 A CNB2006100760043 A CN B2006100760043A CN 200610076004 A CN200610076004 A CN 200610076004A CN 100562019 C CN100562019 C CN 100562019C
- Authority
- CN
- China
- Prior art keywords
- message flow
- hss
- assigned
- state
- cscf
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides operation processing method and home signature user server in a kind of IP Multimedia System, among the SAR and the reciprocal process of SAA message flow of the present invention between S-CSCF and HSS, at first, loaded information is determined the assigned operation in the SAR message flow in the HSS SAR message flow that transmission comes according to S-CSCF, then, HSS carries out legitimacy in conjunction with user registration state to this assigned operation and judges, like this, HSS filters the assigned operation in the SAR message flow, avoided HSS to carry out the process of illegal operation, avoided illegal operation taking to the HSS resource, and, reduced the potential safety hazard of storage data among the HSS, the perfect interaction flow of SAR/SAA; Thereby realized raising HSS side secure user data, improved the treatment effeciency of legal operation, improved HSS and carry out the purpose of specifying operation process in the SAR message flow.
Description
Technical field
The present invention relates to the network communications technology field, be specifically related in a kind of IP Multimedia System operation processing method and home signature user server based on SAR.
Background technology
IMS (IP Multimedia Subsystem, IP Multimedia System) newly introduced IMPI (IMSPrivate Identity, the privately owned sign of IMS) and IMPU (IMS Public Identity, the IMS public identifier) two kinds of user ID, wherein, IMPI is the IMS IP multimedia private identity, is used for identifying UE (User Equipment, subscriber equipment), corresponding one by one with UE; IMPU is IMS user's a public identifier, is to be used for identifying a kind of symbol that communicates with one another, and is equivalent to telephone number.
The state of UE or User Status are meant the state that IMPI-IMPU is right.IMS authentication map of WCDMA (Wideband Code Division Multiple Access, Wideband Code Division Multiple Access (WCDMA)) the two-way authentication mode of R4, be the IMS authentication except comprising: network has also increased the terminal proof procedure legal to network the validity of terminal is authenticated.The process that the IMS network just authenticates IMPI and IMPU validity the authentication process of UE.
The IMS authentication process is also referred to as registration, user's login state comprises: authentication unsettled (AuthenticationPending), registered (Registered), non-login service state (Unregistered) and unregistered (Not registered) 4 kinds of states, the transition process of above-mentioned four kinds of login states as shown in Figure 1.
Among Fig. 1, behind the IMS new account, the UE login state is Not registered; When UE initiated registration, user registration state can be changed into Authentication Pending; When being that Not registered and UE are signatory, the UE login state have not registered state professional and when being called out, user registration state also can be changed into Unregistered; When user registration state is Authentication Pending, can only move to Registered; User registration state is after the UE process of Unregistered is nullified, but transition are Not registered; After user registration state is the UE process MAR/MAA message flow application authentication five-tuple of Unregistered, but transition are Authentication Pending; After user registration state is the UE process registration of Unregistered, but transition are Registered; Login state is that the UE of Registered operates the back through the cancellation of different modes or transition are that Unregistered or transition are Not registered.
Nullify corresponding with registering functional.According to the difference of initiating object, nullify and to be divided into two kinds of UE deregistration and network cancellations again, wherein, network is nullified can further be divided into HSS (Home Subscriber Server, home signature user server) network that the network of initiating is nullified and S-CSCF (Serving Call Session ControlFunction, service call conversation control function) initiates is nullified.
UE registers first by UE and initiates when inserting IMS network such as UE start first, and UE enters the IMS network through P-CSCF, and whole registration process as shown in Figure 2.
Among Fig. 2, behind the path that step 1, UE obtain to interconnect with IP network at visited network, send SIP (Session Initiated Protocol, initial session protocol) registration message by this path and flow to P-CSCF (ProxyCSCF, proxy CSCF).Main IE in the SIP registration message stream comprises: IMPU, IMPI, the IP address of home network domain name and UE.
After receiving SIP registration message stream to step 2, P-CSCF, by checking that the home network domain name finds I-CSCF (the Interrogating CSCF of home network, inquiry CSCF), and registration message circulation issued I-CSCF, main IE in the registration message stream of transmitting comprises: P-CSCF address or domain name, IMPU, IMPI, the IP address of P-CSCF network identity and UE.
Carry out UE access purview certification to step 3, I-CSCF by send UAR (user-authorization-request) message flow to HSS, the main IE of message flow comprises IMPU, IMPI and P-CSCF network identity.
In the step 3, HSS carries out the login state inquiry of UE simultaneously, and whether constraint decision signatory according to UE and operator allows UE to register by this P-CSCF, if allow the registration of UE by P-CSCF, to step 4.
Judge whether to allow this user to check in to step 4, HSS, if allow this user to check in, then UAA (user-authorization-answer) sends to I-CSCF as the response message stream of UAR by HSS, and response message flows main feedback can be for the S-CSCF name or the ability of UE service.If HSS knows the S-CSCF of UE, then return S-CSCF name.When being necessary to reselect S-CSCF, HSS should return the S-CSCF ability.When comprising S-CSCF name and ability among the UAA, I-CSCF can carry out the appointment of a new S-CSCF.When only having the ability to return among the UAA, I-CSCF should carry out the selection of new S-CSCF based on this ability of returning.To step 5.
In step 4, if it is unsuccessful to determine the HSS that checks in, then HSS should return the UAA that refusal is attempted registration, and this registration process finishes.
By domain name-addressing mechanism, utilize S-CSCF name to determine the IP address of S-CSCF in step 5, I-CSCF, simultaneously, also determine the home network access point that is complementary by the information of returning based on HSS.The home network access point can be S-CSCF itself, also can be an I-CSCF who wishes that network configuration is hidden.
To send MAR (medium authentication request) message flow to HSS to step 6, S-CSCF and carry out the application of authentication five-tuple, the main IE of this message flow comprises: the authentication five-tuple quantity of IMPU, IMPI, S-CSCF name, application and the authentication pattern of application.
Preserve the S-CSCF name that issues for this UE to step 7, HSS, simultaneously, after the login state with this UE is changed to authentication unsettled (Authentication Pending), return MAA (medium authentication responses) message flow and give S-CSCF, the main IE of the MAA that returns comprises: IMPU, IMPI, authentication five-tuple quantity and all authentication five-tuples.
From step 8 to step 15, wherein one group of authentication five-tuple that S-CSCF will apply for is used for the mutual authentication process between UE and the IMS network.
To step 16, S-CSCF sends SAR (Server-Assignment-Request, server assignment request) registration notification message stream to HSS, and the main IE of this message flow comprises: IMPU, IMPI and S-CSCF name.
Remove authentication unsettled (Authentication Pending) state of UE to step 17, HSS, and after login state is changed to registered (Registered), issue UE relevant user data and charge information by SAA (Server-Assignment-Answer, server assignment is replied) message flow to S-CSCF.
From step 18 to step 20, S-CSCF with the sip message that succeeds in registration stream by I-CSCF, P-CSCF notice UE.
In above-mentioned UE register flow path, the message flow that step 18,19 relates to is SAR/SAA.SAR/SAA not only is used for above-mentioned UE registration process first, and SAR is registration, the notification message streams initiated to HSS by S-CSCF when nullifying, and its effect mainly comprises: registration or when called request download the user data that UE is correlated with; Notice HSS revises relevant state of UE and the S-CSCF name that has distributed during cancellation.SAA then as the message flow of SAR response, returns UE relevant data and/or operating result sign indicating number according to the requested operation result.
AVP (the Attribute Value Pair that in the SAR message flow, has a Server-Assignment-Type by name (server assignment type), property value to), the main effect of this AVP is to define the various command codes that notice HSS carries out, as register first, heavily register, cancellation etc., its value comprises following 12 kinds:
1, NO_ASSIGNMENT (user service data is not assigned).
2, REGISTRATION (registration first).
3, RE_REGISTRATION (heavily registration).
4, UNREGISTERED_USER (the called notice of the UE of non-login service).
5, TIMEOUT_DEREGISTRATION (overtime cancellation).
6, TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME (preserving the overtime cancellation of service S-CSCF name).
7, USER_DEREGISTRATION (UE deregistration).
8, USER_DEREGISTRATION_STORE_SERVER_NAME (preserving the UE deregistration of service S-CSCF name).
9, DEREGISTRATION_TOO_MUCH_DATA (cancellation of data overlength).
10, ADMINISTRATIVE_DEREGISTRATION (management is nullified).
11, AUTHENTICATION_FAILURE (failed authentication cancellation).
12, AUTHENTICATION_TIMEOUT (the overtime cancellation of authentication).
Existing 3GPP TS 29228 protocol specifications have only been made regulation to user validation and necessary processing at the operation of above-mentioned definition, the legitimacy of the various operations of initiating for S-CSCF is not stipulated, as when the user is unregistered state, S-CSCF initiates heavily registration operation, if HSS carries out this heavy registration operation, bring hidden danger on the handling safety then can for the data of storing among the HSS.
In sum, existing operation based on the SAR notice awaits further perfect.
Summary of the invention
The objective of the invention is to, operation processing method and home signature user server based on SAR in a kind of IP Multimedia System are provided, judge by the assigned operation in the SAR message flow being carried out legitimacy in conjunction with user registration state, eliminate the potential safety hazard of HSS side user data, thereby improved HSS side secure user data, improved the treatment effeciency of legal operation.
For achieving the above object, the operation processing method in a kind of IP Multimedia System provided by the invention comprises: the reciprocal process of SAR between S-CSCF and the HSS and SAA message flow comprises in method described in this reciprocal process:
A, HSS determine assigned operation in the SAR message flow according to loaded information in the SAR message flow after receiving the SAR message flow that S-CSCF transmission comes;
When b, HSS determine described assigned operation and are legal operation according to user registration state, carry out described assigned operation.
Assigned operation among the described step a in the SAR message flow is: when registration operation first or failed authentication cancellation operation or the overtime cancellation of authentication were operated, described step b comprised:
When HSS is the unsettled or non-login service state of authentication at user registration state, determine that the overtime cancellation of the described cancellation/authentication of registration/failed authentication first is operating as legal operation, carries out described assigned operation.
Assigned operation among the described step a in the SAR message flow is: heavily registration operation or overtime cancellation operation or preservation are served the overtime cancellation operation or the UE deregistration operation of S-CSCF name or are preserved the UE deregistration of serving S-CSCF name when operating, and described step b comprises:
When HSS is registered state at user registration state, determine that the UE deregistration of the overtime cancellation/UE deregistration/preservation service S-CSCF name of described heavy registration/overtime cancellation/preservation service S-CSCF name is operating as legal operation, carry out described assigned operation.
Assigned operation among the described step a in the SAR message flow is: during the called notifying operation of the UE of non-login service, described step b comprises:
When HSS is non-login service state or unregistered state at user registration state, determine that the called notifying operation of UE of this non-login service is legal operation, carry out described assigned operation.
Assigned operation among the described step a in the SAR message flow is: the data overlength nullifies operation or operation is nullified in management, when user service data is not assigned, and described step b comprises:
When HSS is registered state or non-login service state at user registration state, determine that described data overlength cancellation/management cancellation is operating as legal operation, carries out described assigned operation.
Described method also comprises:
When HSS determines described assigned operation and is illegal operation according to user registration state, illegal operation information is back to S-CSCF by the SAA message flow.
Described illegal operation information-bearing is in the Experimental-Result-Code of SAA message flow.
The present invention also provides a kind of home signature user server, comprising: operation executing module and legitimacy judging module, operation executing module are carried out the assigned operation in the next SAR message flow of S-CSCF transmission;
The legitimacy judging module: when determining assigned operation in the SAR message flow and be legal operation according to the user registration state of storing among the HSS, the notifying operation Executive Module;
Operation executing module is carried out the assigned operation in the described SAR message flow after receiving described notice.
The assigned operation that the legitimacy judging module is determined in the SAR message flow is registration operation first or failed authentication cancellation operation or the overtime cancellation operation of authentication, and when user registration state is the unsettled or non-login service state of authentication, determine that the assigned operation in the SAR message flow is legal operation, the notifying operation Executive Module;
The legitimacy judging module is determined assigned operation in the SAR message flow attach most importance to registration operation or overtime cancellation operation or preserve the overtime cancellation operation of service S-CSCF name or the UE deregistration operation or the UE deregistration operation of preserving the service S-CSCF name, and when user registration state is registered state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module;
The assigned operation that the legitimacy judging module is determined in the SAR message flow is the called notifying operation of UE of non-login service, and when user registration state is non-login service state or unregistered state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module;
The legitimacy judging module determines that assigned operation in the SAR message flow is nullified operation for the data overlength or operation is nullified in management or user service data is not assigned, and when user registration state is registered state or non-login service state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module.
When the assigned operation of described legitimacy judging module in determining the SAR message flow is illegal operation, illegal operation information is back to S-CSCF by the SAA message flow.
Description by technique scheme as can be known, the present invention judges by in conjunction with user registration state the assigned operation in the SAR message flow being carried out legitimacy, assigned operation in the SAR message flow is filtered, avoided HSS to carry out the process of illegal operation, avoided illegal operation taking to the HSS resource, and, reduced the potential safety hazard of storage data among the HSS; The present invention can all carry out legitimacy to the various assigned operations in the SAR message flow and judge, has eliminated the potential safety hazard of storage data among the HSS fully; When the assigned operation of HSS in determining the SAR message flow is illegal operation, by returning the information of illegal operation to S-CSCF, the perfect interaction flow of SAR/SAA; Thereby realized raising HSS side secure user data by technical scheme provided by the invention, improved the treatment effeciency of legal operation, improved HSS and carry out the purpose of specifying operation process in the SAR message flow.
Description of drawings
Fig. 1 is the transition schematic diagram of user's login state;
Fig. 2 is the registration process flow chart that the user registers first;
Fig. 3 is the operational processes flow chart one based on the SAR notice of the embodiment of the invention;
Fig. 4 is the operational processes flowchart 2 based on the SAR notice of the embodiment of the invention.
Embodiment
In the IMS network, when the user initiated heavily registration operation for unregistered state S-CSCF by the SAR message flow, clearly, this heavy registration operation of appointment was not a legal operation in the SAR message flow, and at this moment, HSS should refuse to carry out this heavy registration operation.If HSS has carried out this illegal heavily registration operation, bring hidden danger on the handling safety then can for the data of storing among the HSS.In like manner, other operations of appointment as register, nullify the problem that also there is above-mentioned legitimacy in operation etc. first in the SAR message flow.Therefore, when HSS carries out assigned operation in the SAR message flow, if can carrying out legitimacy, HSS judges, then can effectively avoid it to carry out the process of illegal operation, thereby can eliminate the potential safety hazard of HSS side user data, avoid illegal operation to take the HSS resource.
Below in conjunction with accompanying drawing technology contents provided by the invention is described in detail.
Among the IMS provided by the invention based on the assigned operation handling process in the SAR message flow as shown in Figure 3.
Among Fig. 3, in step 300, HSS receives the SAR message flow that the S-CSCF transmission comes.
To step 310, HSS determines assigned operation in the SAR message flow according to loaded information in the SAR message flow, determine that according to the value of the AVP in the SAR message flow assigned operation in the SAR message flow, this assigned operation are the operations that S-CSCF needs HSS to carry out as HSS.
To step 320, HSS determines the user registration state of above-mentioned assigned operation correspondence according to its storage user data.
To step 330, HSS judges according to user registration state and the legitimacy of above-mentioned assigned operation when definite above-mentioned assigned operation is legal operation, arrives step 340 that HSS carries out this assigned operation according to existing implementation.
In step 330, if HSS determines above-mentioned assigned operation when being illegal operation, to step 350, HSS does not carry out this assigned operation according to existing implementation.At this moment, HSS can return the information of illegal operation by the SAA message flow to S-CSCF.
In above-mentioned description to Fig. 3, the assigned operation in the SAR message flow can be NO_ASSIGNMENT (user service data is not assigned), REGISTRATION (registration first), or RE_REGISTRATION (heavily registration), perhaps UNREGISTERED_USER (the called notice of the UE of non-login service), perhaps TIMEOUT_DEREGISTRATION (overtime cancellation), the perhaps TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME overtime cancellation of S-CSCF name (preserve service), perhaps USER_DEREGISTRATION (UE deregistration), the perhaps USER_DEREGISTRATION_STORE_SERVER_NAME UE deregistration of S-CSCF name (preserve service), perhaps DEREGISTRATION_TOO_MUCH_DATA (cancellation of data overlength), perhaps ADMINISTRATIVE_DEREGISTRATION (management nullify), perhaps AUTHENTICATION_FAILURE (failed authentication cancellation), perhaps AUTHENTICATION_TIMEOUT (the overtime cancellation of authentication).
When the assigned operation in the SAR message flow is NO_ASSIGNMENT (user service data is not assigned) operation, the login state of the UE that has only that and if only if is: Registered, Unregistered, HSS just can determine this NO_ASSIGNMENT and be operating as legal operation, then, HSS operates as carry out NO_ASSIGNMENT according to the regulation of existing protocol according to existing method; In above-mentioned judgement NO_ASSIGNMENT operation validity process, if user's login state is other situations, during as Not registered, HSS determines this NO_ASSIGNMENT and is operating as illegal operation, at this moment, HSS does not carry out the NO_ASSIGNMENT operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is REGISTRATION (registration first) operation, the login state of the UE that has only that and if only if is: Authentication Pending or Unregistered, HSS just can determine this REGISTRATION and be operating as legal operation, then, HSS operates as carry out REGISTRATION according to the regulation of existing protocol according to existing method; In above-mentioned judgement REGISTRATION operation validity process, if user's login state is other situations, during as Registered (registered) or Not registered (unregistered), HSS determines this REGISTRATION and is operating as illegal operation, at this moment, HSS does not carry out the REGISTRATION operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is RE_REGISTRATION (heavily registration) operation, the login state of the UE that has only that and if only if is: Registered, HSS just can determine this RE_REGISTRATION and be operating as legal operation, then, HSS operates as carry out RE_REGISTRATION according to the regulation of existing protocol according to existing method; In above-mentioned judgement RE_REGISTRATION operation validity process, if user's login state is other situations, during as Authentication Pending or Unregistered or Not registered, HSS determines this RE_REGISTRATION and is operating as illegal operation, at this moment, HSS does not carry out the RE_REGISTRATION operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is UNREGISTERED_USER (the called notice of the UE of non-login service) operation, the state of the UE that has only that and if only if is: when Not registered or Unregistered, HSS just can determine this UNREGISTERED_USER and be operating as legal operation, then, HSS operates as carry out UNREGISTERED_USER according to the regulation of existing protocol according to existing method; In above-mentioned judgement RE_REGISTRATION operation validity process, if user's login state is other situations, during as Registered, HSS determines this RE_REGISTRATION and is operating as illegal operation, at this moment, HSS does not carry out the RE_REGISTRATION operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is TIMEOUT_DEREGISTRATION (overtime cancellation) operation, when the state of the UE that has only that and if only if is Registered, HSS just can determine this TIMEOUT_DEREGISTRATION and be operating as legal operation, then, HSS operates as carry out TIMEOUT_DEREGISTRATION according to the regulation of existing protocol according to existing method; In above-mentioned judgement TIMEOUT_DEREGISTRATION operation validity process, if user's login state is other situations, during as Authentication Pending or Unregistered or Not registered, HSS determines this TIMEOUT_DEREGISTRATION and is operating as illegal operation, at this moment, HSS does not carry out the TIMEOUT_DEREGISTRATION operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME (preserving the overtime cancellation of service S-CSCF name) operation, when the state of the UE that has only that and if only if is Registered, HSS just can determine this TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME and be operating as legal operation, then, HSS operates as carry out TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME according to the regulation of existing protocol according to existing method; In above-mentioned judgement TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME operation validity process, if user's login state is other situations, during as Authentication Pending or Unregistered or Not registered, HSS determines this TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME and is operating as illegal operation, at this moment, HSS does not carry out the TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is USER_DEREGISTRATION (UE deregistration) operation, when the state of the UE that has only that and if only if is Registered, HSS just can determine this USER_DEREGISTRATION and be operating as legal operation, then, HSS operates as carry out USER_DEREGISTRATION according to the regulation of existing protocol according to existing method; In above-mentioned judgement USER_DEREGISTRATION operation validity process, if user's login state is other situations, during as Authentication Pending or Unregistered or Not registered, HSS determines this USER_DEREGISTRATION and is operating as illegal operation, at this moment, HSS does not carry out the USER_DEREGISTRATION operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is USER_DEREGISTRATION_STORE_SERVER_NAME (preserving the UE deregistration of service S-CSCF name) operation, when the state of the UE that has only that and if only if is Registered, HSS just can determine this USER_DEREGISTRATION_STORE_SERVER_NAME and be operating as legal operation, then, HSS operates as carry out USER_DEREGISTRATION_STORE_SERVER_NAME according to the regulation of existing protocol according to existing method; In above-mentioned judgement USER_DEREGISTRATION_STORE_SERVER_NAME operation validity process, if user's login state is other situations, during as Authentication Pending or Unregistered or Not registered, HSS determines this USER_DEREGISTRATION_STORE_SERVER_NAME and is operating as illegal operation, at this moment, HSS does not carry out the USER_DEREGISTRATION_STORE_SERVER_NAME operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is DEREGISTRATION_TOO_MUCH_DATA (cancellation of data overlength) operation, when the state of the UE that has only that and if only if is Registered or Unregistered, HSS just can determine this DEREGISTRATION_TOO_MUCH_DATA and be operating as legal operation, then, HSS operates as carry out DEREGISTRATION_TOO_MUCH_DATA according to the regulation of existing protocol according to existing method; In above-mentioned judgement DEREGISTRATION_TOO_MUCH_DATA operation validity process, if user's login state is other situations, during as Not registered, HSS determines this DEREGISTRATION_TOO_MUCH_DATA and is operating as illegal operation, at this moment, HSS does not carry out the DEREGISTRATION_TOO_MUCH_DATA operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is ADMINISTRATIVE_DEREGISTRATION (management is nullified) operation, when the state of the UE that has only that and if only if is Registered or Unregistered, HSS just can determine this ADMINISTRATIVE_DEREGISTRATION and be operating as legal operation, then, HSS operates as carry out ADMINISTRATIVE_DEREGISTRATION according to the regulation of existing protocol according to existing method; In above-mentioned judgement ADMINISTRATIVE_DEREGISTRATION operation validity process, if user's login state is other situations, during as Not registered, HSS determines this ADMINISTRATIVE_DEREGISTRATION and is operating as illegal operation, at this moment, HSS does not carry out the ADMINISTRATIVE_DEREGISTRATION operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is AUTHENTICATION_FAILURE (failed authentication cancellation) operation, when the state of the UE that has only that and if only if is Authentication Pending or Unregistered, HSS just can determine this AUTHENTICATION_FAILURE and be operating as legal operation, then, HSS operates as carry out AUTHENTICATION_FAILURE according to the regulation of existing protocol according to existing method; In above-mentioned judgement AUTHENTICATION_FAILURE operation validity process, if user's login state is other situations, during as Registered or Not registered, HSS determines this AUTHENTICATION_FAILURE and is operating as illegal operation, at this moment, HSS does not carry out the AUTHENTICATION_FAILURE operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
When the assigned operation in the SAR message flow is AUTHENTICATION_TIMEOUT (the overtime cancellation of authentication) operation, when the state of the UE that has only that and if only if is Authentication Pending or Unregistered, HSS just can determine this AUTHENTICATION_TIMEOUT and be operating as legal operation, then, HSS operates as carry out AUTHENTICATION_TIMEOUT according to the regulation of existing protocol according to existing method; In above-mentioned judgement AUTHENTICATION_TIMEOUT operation validity process, if user's login state is other situations, during as Registered or Not registered, HSS determines this AUTHENTICATION_TIMEOUT and is operating as illegal operation, at this moment, HSS does not carry out the AUTHENTICATION_TIMEOUT operation, and HSS can reply to S-CSCF by the SAA message flow with the information of illegal operation.
In the description process of the foregoing description, the information of illegal operation can be DIAMETER_ERROR_IN_ASSIGNMENT_TYPE (DIAMETER assigns type error), this information can be carried among the Experimental-Result-Code (result of experiment sign indicating number) of SAA message flow, and promptly HSS replies to S-CSCF with the SAA message flow that Experimental-Result-Code equals DIAMETER_ERROR_IN_ASSIGNMENT_TYPE.
Assigned operation in the SAR message flow of the present invention can be not limited to above-mentioned situation about exemplifying; and; HSS also can be only carries out legitimacy in the above-mentioned assigned operation that exemplifies one or more and judges; after every HSS carried out the legitimacy judgement in conjunction with user registration state to the assigned operation in the SAR message flow, the process of carrying out legal operation all belonged to the scope of protection of present invention.
Handling process below in conjunction with 4 pairs in the accompanying drawing assigned operation based on SAR message flow notice provided by the invention describes.
Among Fig. 4, in step 400, HSS receives the SAR message flow that the S-CSCF transmission comes, and begins to carry out legitimacy deterministic process of the present invention.
To step 410, HSS is according to the assigned operation in the value judgement SAR message flow of the AVP in the SAR message flow, if this assigned operation is: when registration operation first or failed authentication cancellation operation or the overtime cancellation of authentication are operated, to step 420, HSS judges whether user registration state is the unsettled or non-login service state of authentication, if it is the unsettled or non-login service state of authentication that HSS judges user registration state, to step 421, HSS is according to the assigned operation in the prior protocols standard execution SAR message flow.To step 460, this legitimacy to assigned operation in the SAR message flow is judged, implementation finishes.
In step 420, if judging user registration state, HSS is not the unsettled or non-login service state of authentication, to step 422, HSS replies to S-CSCF with the SAA message flow that the information such as the Experimental-Result-Code of illegal operation equals DIAMETER_ERROR_IN_ASSIGNMENT_TYPE.To step 460, this legitimacy to assigned operation in the SAR message flow is judged, implementation finishes.
In step 410, if HSS according to the assigned operation in the value judgement SAR message flow of the AVP in the SAR message flow is: heavily registration operation or overtime cancellation operation or preservation are served the overtime cancellation operation or the UE deregistration operation of S-CSCF name or are preserved the UE deregistration of serving S-CSCF name when operating, to step 430, HSS judges whether user registration state is registered state, if it is registered state that HSS judges user registration state, to step 431, HSS is according to the assigned operation in the prior protocols standard execution SAR message flow.To step 460, this legitimacy to assigned operation in the SAR message flow is judged, implementation finishes.
In step 430, if judging user registration state, HSS is not registered state, to step 422, HSS replies to S-CSCF with the SAA message flow that the information such as the Experimental-Result-Code of illegal operation equals DIAMETER_ERROR_IN_ASSIGNMENT_TYPE.To step 460, this legitimacy to assigned operation in the SAR message flow is judged, implementation finishes.
In step 410, if HSS judges that according to the value of the AVP in the SAR message flow assigned operation in the SAR message flow is: during the called notifying operation of UE of non-login service, to step 440, HSS judges whether user registration state is non-login service state or unregistered state, if it is non-login service state or unregistered state that HSS judges user registration state, to step 441, HSS is according to the assigned operation in the prior protocols standard execution SAR message flow.To step 460, this legitimacy to assigned operation in the SAR message flow is judged, implementation finishes.
In step 440, if judging user registration state, HSS is not non-login service state or unregistered state, to step 442, HSS replies to S-CSCF with the SAA message flow that the information such as the Experimental-Result-Code of illegal operation equals DIAMETER_ERROR_IN_ASSIGNMENT_TYPE.To step 460, this legitimacy to assigned operation in the SAR message flow is judged, implementation finishes.
In step 410, if HSS judges that according to the value of the AVP in the SAR message flow assigned operation in the SAR message flow is: when data overlength cancellation operation or management cancellation or user service data are not assigned operation, to step 450, HSS judges whether user registration state is registered state or non-login service state, if it is registered state or non-login service state that HSS judges user registration state, to step 451, HSS is according to the assigned operation in the prior protocols standard execution SAR message flow.To step 460, this legitimacy to assigned operation in the SAR message flow is judged, implementation finishes.
In step 450, if judging user registration state, HSS is not registered state or non-login service state, to step 442, HSS replies to S-CSCF with the SAA message flow that the information such as the Experimental-Result-Code of illegal operation equals DIAMETER_ERROR_IN_ASSIGNMENT_TYPE.To step 460, this legitimacy to assigned operation in the SAR message flow is judged, implementation finishes.
HSS provided by the invention (home signature user server) comprising: operation executing module and legitimacy judge module.
The legitimacy judging module is mainly used in: when determining assigned operation in the SAR message flow and whether be legal operation according to the user registration state of storing among the HSS, and when determining assigned operation and be legal operation, the notifying operation Executive Module; When determining assigned operation and be illegal operation, by the SAA message flow illegal operation information is back to S-CSCF, reply to S-CSCF as the SAA message flow that Experimental-Result-Code is equaled DIAMETER_ERROR_IN_ASSIGNMENT_TYPE.
Operation executing module is mainly used in the assigned operation of carrying out in the next SAR message flow of S-CSCF transmission.What the operation executing module among the present invention was carried out is through the assigned operation behind the legitimate verification, and promptly operation executing module is carried out the assigned operation in the SAR message flow after the notice that receives the legitimacy judging module.
The concrete judging process of legitimacy judging module and the operation of execution are as follows:
The assigned operation of legitimacy judging module in judging the SAR message flow is for registration operation first or failed authentication is nullified operation or the overtime cancellation of authentication is operated, and when user registration state is the unsettled or non-login service state of authentication, determine that the assigned operation in the SAR message flow is legal operation, the notifying operation Executive Module; When user registration state is other login states, illegal operation information is back to S-CSCF by the SAA message flow.
The assigned operation of legitimacy judging module in judging the SAR message flow attached most importance to, and registration is operated or the overtime cancellation operation of service S-CSCF name is operated or preserved in overtime cancellation or UE deregistration is operated or the UE deregistration operation of preservation service S-CSCF name, and when user registration state is registered state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module; When user registration state is other login states, illegal operation information is back to S-CSCF by the SAA message flow.
The assigned operation of legitimacy judging module in judging the SAR message flow is the called notifying operation of UE of non-login service, and when user registration state is non-login service state or unregistered state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module; When user registration state is other login states, illegal operation information is back to S-CSCF by the SAA message flow.
The assigned operation of legitimacy judging module in judging the SAR message flow nullifies operation for the data overlength or management is nullified or user service data is not assigned operation, and when user registration state is registered state or non-login service state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module; When user registration state is other login states, illegal operation information is back to S-CSCF by the SAA message flow.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, and the claim of application documents of the present invention comprises these distortion and variation.
Claims (11)
1, the operation processing method in a kind of IP Multimedia System, comprise: server assignment request SAR between service call conversation control function S-CSCF and the home signature user server HSS and server assignment are replied the reciprocal process of SAA message flow, it is characterized in that, comprise step in method described in this reciprocal process:
A, HSS determine assigned operation in the SAR message flow according to loaded information in the SAR message flow after receiving the SAR message flow that S-CSCF transmission comes;
When b, HSS determine described assigned operation and are legal operation according to user registration state, carry out described assigned operation;
Assigned operation among the described step a in the SAR message flow is: when registration operation first or failed authentication cancellation operation or the overtime cancellation of authentication were operated, described step b comprised:
When HSS is the unsettled or non-login service state of authentication at user registration state, determine that the overtime cancellation of the described cancellation/authentication of registration/failed authentication first is operating as legal operation, carries out described assigned operation.
2, the operation processing method in a kind of IP Multimedia System as claimed in claim 1, it is characterized in that, assigned operation among the described step a in the SAR message flow is: heavily registration operation or overtime cancellation operation or preservation are served the overtime cancellation operation or the UE deregistration operation of S-CSCF name or are preserved the UE deregistration of serving S-CSCF name when operating, and described step b comprises:
When HSS is registered state at user registration state, determine that the UE deregistration of the overtime cancellation/UE deregistration/preservation service S-CSCF name of described heavy registration/overtime cancellation/preservation service S-CSCF name is operating as legal operation, carry out described assigned operation.
3, the operation processing method in a kind of IP Multimedia System as claimed in claim 1 is characterized in that the assigned operation among the described step a in the SAR message flow is: during the called notifying operation of the UE of non-login service, described step b comprises:
When HSS is non-login service state or unregistered state at user registration state, determine that the called notifying operation of UE of this non-login service is legal operation, carry out described assigned operation.
4, the operation processing method in a kind of IP Multimedia System as claimed in claim 1, it is characterized in that, assigned operation among the described step a in the SAR message flow is: when data overlength cancellation operation or management cancellation operation or user service data were not assigned, described step b comprised:
When HSS is registered state or non-login service state at user registration state, determine that described data overlength cancellation/management cancellation operation/user service data is not assigned as legal operation, carries out described assigned operation.
5, as the operation processing method in the described a kind of IP Multimedia System of arbitrary claim in the claim 1 to 4, it is characterized in that described method also comprises:
When HSS determines described assigned operation and is illegal operation according to user registration state, illegal operation information is back to S-CSCF by the SAA message flow.
6, the operation processing method in a kind of IP Multimedia System as claimed in claim 5 is characterized in that, described illegal operation information-bearing is in the Experimental-Result-Code of SAA message flow.
7, a kind of home signature user server, comprise: operation executing module, operation executing module is carried out the assigned operation in the next server assignment request SAR message flow of service call conversation control function S-CSCF transmission, it is characterized in that, also be provided with among the described home signature user server HSS: the legitimacy judging module;
The legitimacy judging module: when determining assigned operation in the SAR message flow and be legal operation according to the user registration state of storing among the HSS, the notifying operation Executive Module;
Operation executing module is carried out the assigned operation in the described SAR message flow after receiving described notice;
Wherein, the assigned operation that described legitimacy judging module is determined in the SAR message flow is registration operation first or failed authentication cancellation operation or the overtime cancellation operation of authentication, and when user registration state is the unsettled or non-login service state of authentication, determine that the assigned operation in the SAR message flow is legal operation, the notifying operation Executive Module.
8, a kind of home signature user server as claimed in claim 7 is characterized in that:
Described legitimacy judging module is determined assigned operation in the SAR message flow attach most importance to registration operation or overtime cancellation operation or preserve the overtime cancellation operation of service S-CSCF name or the UE deregistration operation or the UE deregistration operation of preserving the service S-CSCF name, and when user registration state is registered state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module.
9, a kind of home signature user server as claimed in claim 7 is characterized in that:
The assigned operation that described legitimacy judging module is determined in the SAR message flow is the called notifying operation of UE of non-login service, and when user registration state is non-login service state or unregistered state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module.
10, a kind of home signature user server as claimed in claim 7 is characterized in that:
Described legitimacy judging module determines that assigned operation in the SAR message flow is nullified operation for the data overlength or operation is nullified in management or user service data is not assigned, and when user registration state is registered state or non-login service state, determine that the assigned operation in the SAR message flow is legal operation, and the notifying operation Executive Module.
11, as claim 7 or 8 or 9 or 10 described a kind of home signature user servers, it is characterized in that, when the assigned operation of described legitimacy judging module in determining the SAR message flow is illegal operation, replys the SAA message flow by server assignment illegal operation information is back to S-CSCF.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100760043A CN100562019C (en) | 2006-04-24 | 2006-04-24 | Operation processing method in the IP Multimedia System and home signature user server |
| PCT/CN2007/001310 WO2007121672A1 (en) | 2006-04-24 | 2007-04-20 | A method and apparatus for operation and management, a method and server for determining service operation validity |
| EP07720883A EP1874000A4 (en) | 2006-04-24 | 2007-04-20 | Method and device for operation processing, and method and server for determining validity of a service operation |
| CN2007800003188A CN101317419B (en) | 2006-04-24 | 2007-04-20 | Operation processing method and device, service operation validity decision method and server |
| EP12193676.9A EP2562989A3 (en) | 2006-04-24 | 2007-04-20 | Method and device for operation processing, and method and server for determining validity of a service operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100760043A CN100562019C (en) | 2006-04-24 | 2006-04-24 | Operation processing method in the IP Multimedia System and home signature user server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1984141A CN1984141A (en) | 2007-06-20 |
| CN100562019C true CN100562019C (en) | 2009-11-18 |
Family
ID=38166370
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100760043A Expired - Fee Related CN100562019C (en) | 2006-04-24 | 2006-04-24 | Operation processing method in the IP Multimedia System and home signature user server |
| CN2007800003188A Expired - Fee Related CN101317419B (en) | 2006-04-24 | 2007-04-20 | Operation processing method and device, service operation validity decision method and server |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007800003188A Expired - Fee Related CN101317419B (en) | 2006-04-24 | 2007-04-20 | Operation processing method and device, service operation validity decision method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN100562019C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103838513A (en) * | 2012-11-22 | 2014-06-04 | 深圳市中兴微电子技术有限公司 | Method and device for dynamic control over memory reading and writing |
| CN103248472A (en) * | 2013-04-16 | 2013-08-14 | 华为技术有限公司 | Operation request processing method and system and attack identification device |
| CN112187944B (en) * | 2020-09-30 | 2022-11-25 | 国网河北省电力有限公司信息通信分公司 | Method for processing one number service message |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1294722C (en) * | 2004-09-23 | 2007-01-10 | 华为技术有限公司 | Method of selecting right identification mode at network side |
| US7453876B2 (en) * | 2004-09-30 | 2008-11-18 | Lucent Technologies Inc. | Method and apparatus for providing distributed SLF routing capability in an internet multimedia subsystem (IMS) network |
-
2006
- 2006-04-24 CN CNB2006100760043A patent/CN100562019C/en not_active Expired - Fee Related
-
2007
- 2007-04-20 CN CN2007800003188A patent/CN101317419B/en not_active Expired - Fee Related
Non-Patent Citations (2)
| Title |
|---|
| 3GPP Specification detail. 13-17. 2006 |
| 3GPP Specification detail. 13-17. 2006 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101317419B (en) | 2011-07-06 |
| CN101317419A (en) | 2008-12-03 |
| CN1984141A (en) | 2007-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8250634B2 (en) | Systems, methods, media, and means for user level authentication | |
| CN101444062B (en) | System and method for carrying trusted network provided access network information in session initiation protocol | |
| EP1914935B1 (en) | A method for implementing the initial internet protocol multimedia subsystem register | |
| KR101528654B1 (en) | Method, apparatus and system for registering a terminal with an application server in an ims | |
| CN101156393B (en) | Method for processing registration message according to inceptive filtering regulation in IMS network | |
| EP1994707B1 (en) | Access control in a communication network | |
| CN101156495A (en) | Method for processing registration exception in user registration process | |
| CN101517960A (en) | Method, system and device for applying IMS communication service identification in communication system | |
| US7600116B2 (en) | Authentication of messages in a communication system | |
| US20070289009A1 (en) | Authentication in a multiple-access environment | |
| CN101132279B (en) | Authentication method and authentication system | |
| EP2106091B1 (en) | Method of setting up a call in an internet protocol (IP) multimedia subsystem (IMS) network, method of operating a network nude, network node, a telecommunications service provider using such a method, computer program and computer readable medium | |
| WO2015104423A1 (en) | Security for access to the ip multimedia subsystem (ims) with web real time communication (webrtc) | |
| CN100562019C (en) | Operation processing method in the IP Multimedia System and home signature user server | |
| CN1866823B (en) | Authentication method, device and system in IMS network | |
| CN1753363A (en) | Method of selecting right identification mode at network side | |
| CN101755433B (en) | Method for processing register request, network element, and communication system | |
| CN101001248B (en) | Method for processing registration initial filter rule in IMS network | |
| CN100596105C (en) | Method and server for determining net element business operation legality | |
| CN100433913C (en) | Method for realizing registering in IP multi-media subsystem | |
| CN101500234B (en) | Method and system for customer terminal access early period IMS authentication | |
| WO2007072383A2 (en) | User authentication in a communication system supporting multiple authentication schemes | |
| CN101156371B (en) | Method for implementing inceptive internet protocol multimedia subsystem registration | |
| CN101072230A (en) | Authentication method for Internet protocol multimedia service sub-system | |
| CN101296505A (en) | Method and system for implementing emergency callback, user server and call control device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091118 Termination date: 20130424 |