CN102065069B - Method and system for authenticating identity and device - Google Patents
Method and system for authenticating identity and device Download PDFInfo
- Publication number
- CN102065069B CN102065069B CN 200910237819 CN200910237819A CN102065069B CN 102065069 B CN102065069 B CN 102065069B CN 200910237819 CN200910237819 CN 200910237819 CN 200910237819 A CN200910237819 A CN 200910237819A CN 102065069 B CN102065069 B CN 102065069B
- Authority
- CN
- China
- Prior art keywords
- key information
- user equipment
- application server
- ims domain
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明实施例公开了一种身份认证方法,包括以下步骤:接收非互联网协议多媒体子系统IMS域应用服务器提交的用户设备的身份标识,根据所述身份标识查询是否存在所述身份标识对应的密钥信息且所述密钥信息在有效期内;如果存在所述身份标识对应的密钥信息且所述密钥信息在有效期内,则查询所述用户设备在IMS域是否为已注册状态,如果查询结果为是,则向所述非IMS域应用服务器返回所述密钥信息和所述密钥信息的有效期,使所述非IMS域应用服务器使用所述密钥信息和所述密钥信息的有效期与所述用户设备进行身份认证。本发明实施例实现了IMS应用和非IMS应用之间的统一认证和状态同步。本发明实施例同样公开了一种应用上述方法的装置和系统。
The embodiment of the present invention discloses an identity authentication method, which includes the following steps: receiving the identity mark of the user equipment submitted by the non-Internet Protocol Multimedia Subsystem IMS domain application server, and querying whether there is a password corresponding to the identity mark according to the identity mark key information and the key information is within the validity period; if there is key information corresponding to the identity and the key information is within the validity period, query whether the user equipment is registered in the IMS domain, if the query If the result is yes, return the key information and the validity period of the key information to the non-IMS domain application server, so that the non-IMS domain application server uses the key information and the validity period of the key information Perform identity authentication with the user equipment. The embodiment of the present invention realizes unified authentication and state synchronization between IMS applications and non-IMS applications. The embodiment of the present invention also discloses a device and a system for applying the above method.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of identity identifying method, device and system.
Background technology
Along with the development of communication network and the promotion of multiple communication service, 3GPP (3rd GenerationPartnership Project, 3G (Third Generation) Moblie standardization partnership) released IMS (IPMultimedia Subsystem, internet protocol multi-media sub-system) framework, can provide a kind of standardized open architecture to realize diversified IP (Internet Protocol, Internet protocol) multimedia application provides abundanter business impression.
3GPP has also introduced ISIM (IMS Subscriber Identity Module, internet protocol multi-media sub-system) is used for the access of IMS, its concrete entity comprises CSCF (Call Session ControlFunction, CSCF) and HSS (Home Subscriber Server, home signature user server) functional entity, wherein, CSCF comprises serving CSCF (S-CSCF), proxy CSCF (P-CSCF) and 3 logic entities of inquiry CSCF (I-CSCF), above-mentioned logic entity can be positioned on the different physical equipments, also can be functional modules different in the same physical equipment.S-CSCF is the service switching center of IMS, is used to carry out session control, peace preservation association's speech phase, managing user information and generation charge information etc.; P-CSCF is the access point of terminal user access to IMS, is used to finish user's registration, QoS (Quality of Service, service quality) control and safety management etc.; I-CSCF is responsible for the distribution of collaborative and management, S-CSCF between the IMS territory, externally hides network topology structure and configuration information, and produces metering data etc.HSS (Home Subscriber Server, home signature user server) preserves user contracting data, is used for the processing of network enabled entity to calling and session, and the storage of ISIM is in HSS.
Because the introducing of IMS, increasing business platform is carried on the IMS, utilizes the characteristics of IMS to provide abundant business such as calling, video conference.In the IMS business, UE (User Equipment) is essential by SIP (Session Initiation Protocol, Session initiation Protocol) message and business platform AS (Application Server, application server) mutual, but UE with the mutual process of AS in also need to carry out alternately with the server in non-IMS territory.For example, IMS enterprise communication assistant client is behind login IMS, also need access burst group management sever (XDMS) to obtain user's group information, and XDMS can only use XCAP (XML Configuration Access Protocol, XML disposes access protocol), with HTTP (Hypertext Transfer Protocol, HTML (Hypertext Markup Language)) 1.1 carryings are directly mutual with terminal (client), communication process can't pass through IMS Core (IP Multimedia Subsystem Core, the internet protocol multi-media sub-system core net), the XDMS server must at first be confirmed user identity, could initiate XML (Extensible Markup Language, extend markup language) document function then.In addition, the IMS client also needs visit from the service door website behind login IMS, and visit portal website also needs to use http protocol and client directly mutual, reciprocal process is without IMSCore, and server also must at first be confirmed user identity, the demonstration that ability is personalized.
The inventor finds that there is following defective at least in prior art in realizing process of the present invention:
Because the authentication mechanism in IMS territory and non-IMS territory is different, for example, main IMS Digest (classification) and the IMS AKA (Authentication and Key Agreement, Authentication and Key Agreement) of adopting carries out authentication, all authentication message sip message in the IMS territory; But not IMS uses the main HTTP of employing Digest, GBA (Generic Bootstrapping Architecture, universal guiding structure), TLS (Transport Layer Security, the safe transmission layer protocol) agreement such as can't intercommunication between the difference of agreement has caused and used; The user is signatory in the IMS territory mainly is stored among the IMS HSS with authorization data, HSS is a core network element, its authorization data can't be by third-party non-IMS territory application access, therefore third-party non-IMS territory is used and also can't be authenticated the user, cause application of MS territory and non-IMS territory to be used and to share authentication state, realize unified certification.
Summary of the invention
The embodiment of the invention provides a kind of identity identifying method, device and system, is used to realize that IMS uses and unified certification and the state synchronized of non-IMS between using.
The embodiment of the invention provides a kind of identity identifying method, may further comprise the steps:
Receive the identify label of the subscriber equipment that non-internet protocol multi-media sub-system IMS territory application server submits to, whether have the key information of described identify label correspondence and described key information before the deadline according to described identify label inquiry;
If have the key information of described identify label correspondence and described key information before the deadline, whether then inquire about described subscriber equipment is registered state in the IMS territory, if Query Result is for being, then return the term of validity of described key information and described key information, make described non-IMS territory application server use the term of validity of described key information and described key information and described subscriber equipment to carry out authentication to described non-IMS territory application server.
Preferably, before the identify label of the subscriber equipment that the non-IMS of described reception territory application server is submitted to, also comprise:
Reception is obtained the registration parameter of carrying in the described sip message from the Session initiation Protocol sip message of subscriber equipment, and described registration parameter is generated according to Public key by described subscriber equipment;
Use the private cipher key of self preserving that the described registration parameter of obtaining is decrypted, if successful decryption, then preserve the key information of the identify label correspondence of described subscriber equipment, return the message that succeeds in registration to described subscriber equipment, make described subscriber equipment preserve described key information and visit non-IMS territory application server according to described key information.
Preferably, before the sip message of described reception from subscriber equipment, also comprise:
Described subscriber equipment is carried out the IMS authorizing procedure, registers in the IMS territory;
When use in the non-IMS of user equipment access territory, check whether this locality exists key information, if there is no, then generates key information at random, and generate the registration parameter, and send described registration parameter by sip message according to described key information and Public key.
Preferably, described subscriber equipment also comprises according to before key information and the Public key generation registration parameter:
Generate public private key pair, preserve the private cipher key in the described public private key pair, and disclose Public key in the described public private key pair to described subscriber equipment.
Preferably, described subscriber equipment is visited non-IMS territory application server according to key information, specifically comprises:
Described subscriber equipment sends access request to described non-IMS territory application server, and receives the challenge message that described non-IMS territory application server returns;
Described subscriber equipment returns challenge responses message according to self identify label and described key information to described non-IMS territory application server.
Preferably, described non-IMS territory application server uses the term of validity and the subscriber equipment of key information and key information to carry out authentication, specifically comprises:
Whether described non-IMS territory application server uses described key information checking correct from the challenge responses message of described subscriber equipment, if correct, then to described subscriber equipment return authentication success message;
Described subscriber equipment receives the authentication success message from described non-IMS territory application server, verify whether the authentication information that comprises in the described authentication success message is correct, if it is correct, then finish the two-way authentication with described non-IMS territory application server, undertaken alternately by escape way and described non-IMS territory application server.
The embodiment of the invention also provides a kind of authentication gateway, comprising:
Receiver module is used to receive the identify label of the subscriber equipment that non-IMS territory application server submits to;
Enquiry module, whether the identify label inquiry that is used for receiving according to described receiver module exists the key information of described identify label correspondence and described key information before the deadline, whether inquiring the key information that there is described identify label correspondence and described key information before the deadline the time, inquiring about described subscriber equipment is registered state in the IMS territory;
Sending module, be used for inquiring described subscriber equipment when being registered state in the IMS territory at described enquiry module, return the term of validity of described key information and described key information to described non-IMS territory application server, make described non-IMS territory application server use the term of validity of described key information and described key information and described subscriber equipment to carry out authentication.
Preferably, described receiver module also is used to receive the sip message from subscriber equipment, obtains the registration parameter of carrying in the described sip message, and described registration parameter is generated according to Public key by described subscriber equipment;
Described authentication gateway also comprises:
Deciphering module is used to use the private cipher key of self preserving that the registration parameter that described receiver module obtains is decrypted;
Described sending module, also be used for when described deciphering module successful decryption, preserve the key information of the identify label correspondence of described subscriber equipment, return the message that succeeds in registration to described subscriber equipment, make described subscriber equipment preserve described key information and visit non-IMS territory application server according to described key information.
Preferably, described authentication gateway also comprises:
Generation module is used to generate public private key pair, preserves the private cipher key in the described public private key pair, uses for described deciphering module, and discloses Public key in the described public private key pair to described subscriber equipment.
The embodiment of the invention also provides a kind of identity authorization system, comprising:
Subscriber equipment is used for sending access request to non-IMS territory application server, and receives the challenge message that described non-IMS territory application server returns; Identify label and described key information according to self return challenge responses message to described non-IMS territory application server;
Non-IMS territory application server, be used for submitting to the identify label of subscriber equipment to authentication gateway, reception uses the term of validity of described key information and described key information and described subscriber equipment to carry out authentication from the term of validity of the key information and the described key information of described authentication gateway;
Authentication gateway is used to receive the identify label of the subscriber equipment that described non-IMS territory application server submits to, whether has the key information of described identify label correspondence and described key information before the deadline according to described identify label inquiry; If have the key information of described identify label correspondence and described key information before the deadline, whether then inquire about described subscriber equipment is registered state in the IMS territory, if Query Result is for being then to return the term of validity of described key information and described key information to described non-IMS territory application server.
Preferably, described authentication gateway also is used to receive the Session initiation Protocol sip message from subscriber equipment, obtains the registration parameter of carrying in the described sip message, and described registration parameter is generated according to Public key by described subscriber equipment; Use the private cipher key of self preserving that the described registration parameter of obtaining is decrypted, if successful decryption, then preserve the key information of the identify label correspondence of described subscriber equipment, return the message that succeeds in registration to described subscriber equipment, make described subscriber equipment preserve described key information and visit non-IMS territory application server according to described key information.
Preferably, described subscriber equipment also is used to carry out the IMS authorizing procedure, registers in the IMS territory; When use in the non-IMS of visit territory, check whether this locality exists key information, if there is no, then generates key information at random, and generate the registration parameter, and send described registration parameter by sip message according to described key information and Public key.
Compared with prior art, the embodiment of the invention has the following advantages: the embodiment of the invention is utilized the existing security mechanism of IMS, for operation layer provides security service, has strengthened the fail safe between UE and the AS, and can not become the security bottleneck of system; In the term of validity of key information, do not need to repeat registration process, improved professional execution efficient.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in the embodiment of the invention or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of identity identifying method flow chart in the embodiment of the invention;
Fig. 2 is the flow for authenticating ID figure in the embodiment of the invention application scenarios;
Fig. 3 is the AUG register flow path figure in the embodiment of the invention application scenarios;
Fig. 4 is a kind of authentication gateway structural representation in the embodiment of the invention;
Fig. 5 is a kind of identity authorization system structural representation in the embodiment of the invention.
Embodiment
In the technical scheme that the embodiment of the invention provides, there is the SIP interface in its core concept for to increase AUG (authentication gateway) network element in system between the CSCF in this AUG network element and IMS territory, and has the HTTP interface between the AS in non-IMS territory.The AUG network element receives the identify label of the subscriber equipment that non-IMS territory application server submits to, whether has the key information of described identify label correspondence and described key information before the deadline according to described identify label inquiry; If have the key information of described identify label correspondence and described key information before the deadline, whether then inquire about described subscriber equipment is registered state in the IMS territory, if Query Result is for being, then return the term of validity of described key information and described key information, make described non-IMS territory application server use the term of validity of described key information and described key information and described subscriber equipment to carry out authentication to described non-IMS territory application server.
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme of the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
As shown in Figure 1, a kind of identity identifying method flow chart in the embodiment of the invention may further comprise the steps:
Particularly, authentication gateway generates public private key pair in advance, preserves the private cipher key in this public private key pair, and the Public key in the open public private key pair of subscriber equipment.
Described subscriber equipment is carried out the IMS authorizing procedure, registers in the IMS territory; When use in the non-IMS of user equipment access territory, check whether this locality exists key information, if there is no, then generates key information at random, and generate the registration parameter, and send described registration parameter by sip message according to described key information and Public key.
Authentication gateway receives the Session initiation Protocol sip message from subscriber equipment, obtains the registration parameter of carrying in the described sip message, and described registration parameter is generated according to Public key by described subscriber equipment; Use the private cipher key of self preserving that the described registration parameter of obtaining is decrypted, if successful decryption, then preserve the key information of the identify label correspondence of described subscriber equipment, return the message that succeeds in registration to described subscriber equipment, make described subscriber equipment preserve described key information and visit non-IMS territory application server according to described key information.
Above-mentioned subscriber equipment is visited non-IMS territory application server according to key information, specifically comprises: subscriber equipment sends access request to described non-IMS territory application server, and receives the challenge message that described non-IMS territory application server returns; Subscriber equipment returns challenge responses message according to self identify label and described key information to described non-IMS territory application server.
Whether step 103, inquiring about described subscriber equipment is registered state in the IMS territory.
If Query Result is for being that then execution in step 104; Otherwise, execution in step 102.
Particularly, above-mentioned non-IMS territory application server uses the term of validity and the subscriber equipment of key information and key information to carry out authentication, specifically comprise: whether non-IMS territory application server uses described key information checking correct from the challenge responses message of described subscriber equipment, if correct, then to described subscriber equipment return authentication success message; Subscriber equipment receives the authentication success message from described non-IMS territory application server, verify whether the authentication information that comprises in the described authentication success message is correct, if it is correct, then finish the two-way authentication with described non-IMS territory application server, undertaken alternately by escape way and described non-IMS territory application server.
The embodiment of the invention is utilized the existing security mechanism of IMS, for operation layer provides security service, has strengthened the fail safe between UE and the AS, and can not become the security bottleneck of system; In the term of validity of key information, do not need to repeat registration process, improved professional execution efficient.
Below in conjunction with concrete application scenarios the identity identifying method in the embodiment of the invention is described in detail.
As shown in Figure 2, the flow for authenticating ID figure in the embodiment of the invention application scenarios specifically may further comprise the steps:
Step 201, UE starts the non-IMS of non-IMS client-access territory application server AS 2, sends HTTP Request (request) message to AS2.
Wherein, non-IMS territory application server AS 2 can be http server, and HTTP Request message is without IMS core.
Step 202, AS2 initiates HTTP Digest two-way authentication, returns challenge information to UE.
Particularly, after AS2 receives HTTP Request message, requirement is carried out HTTP Digest two-way authentication to UE, returns the HTTP Digest challenge message of 401 unauthorized, and the WWW-Authenticate Header parameter in this challenge message comprises the challenge information of AS2 to UE.
Step 203, UE returns challenge responses message to AS2.
Particularly, UE is with IMPU (IP Multimedia Public Identity, the internet protocol multi-media public identifier) as username (user name), key (key) calculates response (response) as password (password), return the challenge responses message that comprises response by HTTP request, the Authorization in this response message (authentication) Parameter H eader comprises the challenge responses of UE.
Step 204, AS2 submits IMPU to AUG, the state of UE in the IMS territory and relevant key information of inquiry IMPU correspondence.
Step 205, whether AUG is by IMPU inquiry UE at this locality registration and key before the deadline.If Query Result is for being that then execution in step 206; Otherwise, return error message to AS2.
Step 206, whether AUG is registered to the login state of HSS inquiry UE.If Query Result is for being, then execution in step 207, if Query Result then returns error message to AS2 for not.
Step 207, AUG returns the key and the key term of validity to AS2.
Step 208, whether AS2 uses the key checking correct from the response in the challenge responses message of UE, if correct, then execution in step 210; Otherwise return error message to UE.
Step 209, AS2 is to UE return authentication success message.
Particularly, if AS2 checking response is correct, shows then and passed through the UE access that AS2 calculates challenge responses, returns 200OK message to UE, the Authentication-InfoHeader parameter in the 200OK message comprises the challenge responses of AS2.
Step 210, whether UE authentication verification success message is correct, if correct, then execution in step 211; Otherwise, return error message to AS2.
Particularly, whether UE checking Authentication-Info Header parameter is correct.
Step 211, UE and AS2 finish two-way authentication, and escape way and AS2 by HTTP Digest carry out alternately.
The embodiment of the invention is utilized the existing security mechanism of IMS, for operation layer provides security service, has strengthened the fail safe between UE and the AS, and can not become the security bottleneck of system; In the term of validity of key information, do not need to repeat registration process, improved professional execution efficient.
Before above-mentioned application scenarios, UE needs earlier to the AUG registration, so that visit non-IMS territory application server.As shown in Figure 3, the AUG register flow path figure in the embodiment of the invention application scenarios specifically may further comprise the steps:
Step 301, UE starts the IMS client, carries out the IMS authorizing procedure, carries out the IMS registration.
Particularly, the user opens the IMS client, login IMS net, and the IMS client can be carried out the IMS authorizing procedure between UE, CSCF, HSS, and finishes the IMS registration.
Step 302, UE and IMS application service AS1 carry out alternately.
Step 303, the IMS client of UE trigger the non-IMS of visit and use.
Step 304, UE checks whether this locality exists key and key before the deadline, if check result is for being that then execution in step 310; Otherwise execution in step 305.
Step 305, UE generates key at random, PubKey (Public key) the encryption generation Ekey=E of use AUG (PubKey, key).
Wherein, E is the cryptographic algorithm of RSA, AUG generates the RSA (Rivest-Shamir-Adleman of 1024bits in advance, public key algorithm) public private key pair, this public private key pair comprises PriKey (private cipher key) and PubKey, the secret PriKey that preserves of AUG, and openly give the IMS client with PubKey and be preset among the UE.
Step 306, UE sends to AUG with Ekey as the parameter of AUG registration message by sip message, request AUG registration.
Step 307, AUG uses PriKey deciphering Ekey, if successful decryption, then execution in step 309; Otherwise, return error message to UE.
Step 308, AUG preserves the key of the IMPU correspondence of UE, and returns sip 200OK message to UE.
Step 309, UE preserves key as the interim secret parameter of communicating by letter with AUG.
Step 310, UE starts non-IMS client-access AS2, sends HTTP Request message to AS2.
The embodiment of the invention is utilized the existing security mechanism of IMS, for operation layer provides security service, has strengthened the fail safe between UE and the AS, and can not become the security bottleneck of system; In the term of validity of key information, do not need to repeat registration process, improved professional execution efficient.
The embodiment of the invention provides identity identifying method and application scenarios in the above-described embodiment, and correspondingly, the embodiment of the invention also provides device and the system that uses above-mentioned identity identifying method.
As shown in Figure 4, a kind of authentication gateway structural representation in the embodiment of the invention comprises:
Above-mentioned receiver module 410 also is used to receive the sip message from subscriber equipment, obtains the registration parameter of carrying in the described sip message, and described registration parameter is generated according to Public key by described subscriber equipment.
Sending module 430, be used for inquiring described subscriber equipment when being registered state in the IMS territory at enquiry module 420, return the term of validity of described key information and described key information to described non-IMS territory application server, make described non-IMS territory application server use the term of validity of described key information and described key information and described subscriber equipment to carry out authentication.
Above-mentioned sending module 430, also be used for when described deciphering module 440 successful decryptions, preserve the key information of the identify label correspondence of described subscriber equipment, return the message that succeeds in registration to described subscriber equipment, make described subscriber equipment preserve described key information and visit non-IMS territory application server according to described key information.Generation module generates public private key pair, preserves the private cipher key in the described public private key pair, for described deciphering module use, and discloses Public key in the described public private key pair to described subscriber equipment.
Deciphering module 440 is used to use the private cipher key of self preserving that the registration parameter that described receiver module 410 obtains is decrypted.
The embodiment of the invention is utilized the existing security mechanism of IMS, for operation layer provides security service, has strengthened the fail safe between UE and the AS, and can not become the security bottleneck of system; In the term of validity of key information, do not need to repeat registration process, improved professional execution efficient.
As shown in Figure 5, a kind of identity authorization system structural representation in the embodiment of the invention comprises:
Above-mentioned subscriber equipment 510 also is used to carry out the IMS authorizing procedure, registers in the IMS territory; When use in the non-IMS of visit territory, check whether this locality exists key information, if there is no, then generates key information at random, and generate the registration parameter, and send described registration parameter by sip message according to described key information and Public key.
Non-IMS territory application server 520, be used for submitting to the identify label of subscriber equipment to authentication gateway 530, reception uses the term of validity of described key information and described key information and described subscriber equipment 510 to carry out authentication from the term of validity of the key information and the described key information of described authentication gateway 530.
Above-mentioned authentication gateway 530 also is used to receive the sip message from subscriber equipment 510, obtains the registration parameter of carrying in the described sip message, and described registration parameter is generated according to Public key by described subscriber equipment 510; Use the private cipher key of self preserving that the described registration parameter of obtaining is decrypted, if successful decryption, then preserve the key information of the identify label correspondence of described subscriber equipment 510, return the message that succeeds in registration to described subscriber equipment 510, make described subscriber equipment 510 preserve described key information and visit non-IMS territory application server according to described key information.
The embodiment of the invention is utilized the existing security mechanism of IMS, for operation layer provides security service, has strengthened the fail safe between UE and the AS, and can not become the security bottleneck of system; In the term of validity of key information, do not need to repeat registration process, improved professional execution efficient.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that the technical scheme of the embodiment of the invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from embodiment of the invention principle; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be integrated in one, and also can separate deployment; A module can be merged into, also a plurality of submodules can be further split into.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (12)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910237819 CN102065069B (en) | 2009-11-11 | 2009-11-11 | Method and system for authenticating identity and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910237819 CN102065069B (en) | 2009-11-11 | 2009-11-11 | Method and system for authenticating identity and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102065069A CN102065069A (en) | 2011-05-18 |
| CN102065069B true CN102065069B (en) | 2013-07-31 |
Family
ID=44000172
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910237819 Active CN102065069B (en) | 2009-11-11 | 2009-11-11 | Method and system for authenticating identity and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102065069B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108259157A (en) * | 2016-12-29 | 2018-07-06 | 华为技术有限公司 | Identity authentication method and the network equipment in a kind of ike negotiation |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103297969A (en) * | 2012-03-02 | 2013-09-11 | 中兴通讯股份有限公司 | IMS single sign-on combination authentication method and system |
| CN103856454B (en) * | 2012-12-04 | 2017-08-11 | 中国电信股份有限公司 | IP IP multimedia subsystem, IMSs and the method and business intercommunication gateway of Internet service intercommunication |
| CN103888414B (en) * | 2012-12-19 | 2017-05-03 | 中国移动通信集团公司 | Data processing method and equipment |
| CN105577606B (en) * | 2014-10-09 | 2019-03-01 | 华为技术有限公司 | A method and device for realizing authenticator registration |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197673A (en) * | 2006-12-05 | 2008-06-11 | 中兴通讯股份有限公司 | Fixed network access to IMS two-way authentication and key distribution method |
| CN101540678A (en) * | 2009-04-20 | 2009-09-23 | 中兴通讯股份有限公司 | Fixed terminal and authentication method thereof |
-
2009
- 2009-11-11 CN CN 200910237819 patent/CN102065069B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197673A (en) * | 2006-12-05 | 2008-06-11 | 中兴通讯股份有限公司 | Fixed network access to IMS two-way authentication and key distribution method |
| CN101540678A (en) * | 2009-04-20 | 2009-09-23 | 中兴通讯股份有限公司 | Fixed terminal and authentication method thereof |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108259157A (en) * | 2016-12-29 | 2018-07-06 | 华为技术有限公司 | Identity authentication method and the network equipment in a kind of ike negotiation |
| CN108259157B (en) * | 2016-12-29 | 2021-06-01 | 华为技术有限公司 | A method and network device for identity authentication in IKE negotiation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102065069A (en) | 2011-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101461455B1 (en) | Authentication method, system and device | |
| US8335487B2 (en) | Method for authenticating user terminal in IP multimedia sub-system | |
| US8527759B2 (en) | IMS user equipment, control method thereof, host device, and control method thereof | |
| US10516660B2 (en) | Methods, systems, devices and products for authentication | |
| US8959343B2 (en) | Authentication system, method and device | |
| US8713634B2 (en) | Systems, methods and computer program products supporting provision of web services using IMS | |
| CN1716953B (en) | Methods for Session Initiation Protocol Authentication | |
| CN102065069B (en) | Method and system for authenticating identity and device | |
| CN103888414B (en) | Data processing method and equipment | |
| CN104753872B (en) | authentication method, authentication platform, service platform, network element and system | |
| JP5342818B2 (en) | Management device, registered communication terminal, unregistered communication terminal, network system, management method, communication method, and computer program. | |
| CN101662475B (en) | Authentication method of accessing WAPI terminal into IMS network, system thereof and terminal thereof | |
| CN102111379A (en) | Authentication system, method and device | |
| CN102869010A (en) | Method and system for single sign-on | |
| Chen et al. | An efficient end-to-end security mechanism for IP multimedia subsystem | |
| CN101540678A (en) | Fixed terminal and authentication method thereof | |
| CN102082769B (en) | Authentication system, device and method for IMS terminal when obtaining non-IMS service | |
| Song et al. | Performance evaluation of an authentication solution for IMS services access | |
| Sher et al. | Enhanced SIP Security for Air Interface (Gm) between IMS Core and Client | |
| Maachaoui et al. | A secure One-way authentication protocol in IMS Context | |
| Jadoon | Evaluation of UICC-based IMS authentication schemes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |