[go: up one dir, main page]

CN102857900B - Access method of access equipment to IMS (IP multimedia subsystem) network and AGCF (access gateway control function) and S-CSCF (serving-call session control function) - Google Patents

Access method of access equipment to IMS (IP multimedia subsystem) network and AGCF (access gateway control function) and S-CSCF (serving-call session control function) Download PDF

Info

Publication number
CN102857900B
CN102857900B CN201110176011.1A CN201110176011A CN102857900B CN 102857900 B CN102857900 B CN 102857900B CN 201110176011 A CN201110176011 A CN 201110176011A CN 102857900 B CN102857900 B CN 102857900B
Authority
CN
China
Prior art keywords
registration request
agcf
authentication
cscf
access device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110176011.1A
Other languages
Chinese (zh)
Other versions
CN102857900A (en
Inventor
缪永生
杜成鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110176011.1A priority Critical patent/CN102857900B/en
Priority to PCT/CN2012/071091 priority patent/WO2013000285A1/en
Publication of CN102857900A publication Critical patent/CN102857900A/en
Application granted granted Critical
Publication of CN102857900B publication Critical patent/CN102857900B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1046Call controllers; Call servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种接入设备接入IMS网络方法及AGCF和S‑CSCF,简化注册流程。所述方法包括:接入设备在通过AGCF接入IMS网络的过程中,AGCF在完成与接入设备的连接后,决策构造携带鉴权通过指示的注册请求,将所述注册请求通过查询呼叫会话控制功能实体(I‑CSCF)发送给服务呼叫会话控制功能实体(S‑CSCF),所述鉴权通过指示用于供所述S‑CSCF决策是否对该接入设备进行鉴权。与现有技术相比,通过上述方案,AGCF上无需保存用户鉴权密钥信息,简化了传统的固网接入设备通过AGCF接入IMS网络的用户注册流程。同时,由于AGCF上无需保存鉴权密钥,降低了运维成本。

The invention discloses a method for an access device to access an IMS network, an AGCF and an S‑CSCF, and simplifies the registration process. The method includes: when the access device is accessing the IMS network through the AGCF, after the AGCF completes the connection with the access device, it decides to construct a registration request carrying an indication of passing the authentication, and sends the registration request through the query call session The control function entity (I-CSCF) sends it to the serving call session control function entity (S-CSCF), and the authentication pass indication is used for the S-CSCF to decide whether to authenticate the access device. Compared with the prior art, through the above solution, there is no need to store user authentication key information on the AGCF, which simplifies the user registration process for traditional fixed network access devices to access the IMS network through the AGCF. At the same time, since there is no need to save the authentication key on the AGCF, the operation and maintenance cost is reduced.

Description

接入设备接入IMS网络方法及AGCF和S-CSCFAccess equipment access to IMS network method and AGCF and S-CSCF

技术领域technical field

本发明涉及移动通信领域,具体涉及一种接入设备通过接入网关控制功能(Access Gateway Control Function,简称AGCF)接入IMS(IP Multimedia subsystem,IP多媒体子系统)网络的方法以及AGCF和S-CSCF。The present invention relates to the field of mobile communication, in particular to a method for an access device to access an IMS (IP Multimedia subsystem, IP Multimedia Subsystem) network through an Access Gateway Control Function (AGCF) and the AGCF and S- CSCF.

背景技术Background technique

IP多媒体子系统(IP Multimedia subsystem,简称IMS)是第三代合作伙伴组织(3rd Generation Partnership Project,简称3GPP)定义的下一代网络(Next GenenationNetwork,简称NGN)的标准,它的显著特点是采用了SIP(Session Initiation Protocol,会话初始协议)体系,通讯与接入无关,可以具备多种媒体业务控制功能与承载能力分离,呼叫与会话分离,应用与服务分离,业务与网络分离,以及移动网与因特网业务融合等多种能力。IP Multimedia subsystem (IMS for short) is the standard of Next Generation Network (NGN for short) defined by the 3rd Generation Partnership Project (3GPP for short). SIP (Session Initiation Protocol, Session Initiation Protocol) system, communication and access have nothing to do, can have a variety of media business control function and bearer capacity separation, call and session separation, application and service separation, business and network separation, and mobile network and Multiple capabilities such as Internet service integration.

IMS的提出顺应了通讯网融合发展的趋势。IMS体系中的主要功能实体包括:用户设备(User Equipment,简称UE),代理呼叫会话控制功能实体(Proxy call sessioncontrol Function,简称P-CSCF),查询呼叫会话控制功能实体(Interrogating callsession control Function,简称I-CSCF),服务呼叫会话控制功能实体(Serving callsession control Function,简称S-CSCF),归属用户服务器(Home subscriber Server,简称HSS),以及应用服务器(Application Server,简称AS)。The proposal of IMS complies with the development trend of communication network convergence. The main functional entities in the IMS system include: User Equipment (UE for short), Proxy call session control function entity (Proxy call session control function, P-CSCF for short), interrogating call session control function entity (Interrogating call session control function, short for I-CSCF), a Serving call session control function entity (Serving calls session control Function, referred to as S-CSCF), a home subscriber server (Home subscriber Server, referred to as HSS), and an application server (Application Server, referred to as AS).

软交换(Soft Switch,简称SS)的概念是20世纪90年代后期在IP电话基础上逐步发展起来的,是在通信网由窄带向宽带过渡,由电路交换向分组交换演进的过程中逐步完善的。软交换已经在现网大规模商用,IMS作为固定网和移动网融合的目标网络,软交换向IMS演进是必然趋势。传统的固网接入设备,如H.248/媒体网关控制协议(Media GatewayControl Protocol,简称MGCP)的接入网关(Access Media Gateway,简称AG),可以通过接入网关控制功能实体(Access Gateway Control Function,简称AGCF)接入IMS网络,实现IMS相关业务,网络架构如图1所示。The concept of Soft Switch (SS for short) was gradually developed on the basis of IP telephony in the late 1990s. It was gradually improved during the transition of the communication network from narrowband to broadband, and from circuit switching to packet switching. . Softswitch has been commercially used on a large scale in the existing network. As IMS is the target network for the convergence of fixed and mobile networks, it is an inevitable trend for softswitch to evolve to IMS. Traditional fixed network access devices, such as Access Media Gateway (AG for short) of H.248/Media Gateway Control Protocol (MGCP for short), can control functional entities (Access Gateway Control Function, referred to as AGCF) accesses the IMS network to implement IMS-related services. The network architecture is shown in Figure 1.

在IMS网络现有技术中,传统的固网接入设备,如AG、IAD(Integrated AccessDevice,综合接入设备)等,通过AGCF接入IMS网络,需要AGCF代替用户在IMS网络进行注册。目前IMS系统中AGCF实现用户注册的过程如图2所示,包括以下步骤:In the existing IMS network technology, traditional fixed network access devices, such as AG and IAD (Integrated Access Device, integrated access device), etc., access the IMS network through the AGCF, and need the AGCF to register on the IMS network instead of the user. Currently, the process of AGCF implementing user registration in the IMS system is shown in Figure 2, including the following steps:

S202,具体的固定终端与固网接入设备相连,传统的固网接入设备,如AG/IAD等,基于现有技术与AGCF相连;目前AGCF支持的协议标准有H.248/MGCP/323/V5等,以H.248为例,AGCF收到服务变更(ServiceChange)请求;S202. The specific fixed terminal is connected to the fixed network access device. The traditional fixed network access device, such as AG/IAD, etc., is connected to the AGCF based on the existing technology; the current protocol standards supported by the AGCF include H.248/MGCP/323 /V5, etc., taking H.248 as an example, AGCF receives a service change (ServiceChange) request;

S204,AGCF基于现有技术完成与传统的固网接入设备的连接,以H.248为例,AGCF会针对ServiceChange请求发送ServiceChange Reply(服务变更回复)响应;S204, the AGCF completes the connection with the traditional fixed network access device based on the existing technology. Taking H.248 as an example, the AGCF will send a ServiceChange Reply (service change reply) response to the ServiceChange request;

S206,AGCF基于现有技术,构造基于SIP协议的注册请求(register),请求消息中携带公有用户标识和私有用户标识,并将注册请求转发到I-CSCF;S206, the AGCF constructs a registration request (register) based on the SIP protocol based on the prior art, the request message carries the public user ID and the private user ID, and forwards the registration request to the I-CSCF;

S208,I-CSCF向HSS发送用户认证请求(User-Authorization-Request,简称UAR)消息,请求分配S-CSCF;S208, the I-CSCF sends a user authentication request (User-Authorization-Request, UAR for short) message to the HSS, requesting to allocate the S-CSCF;

S210,HSS向I-CSCF发送用户认证响应(User-Authorization-Answer,简称UAA)消息,UAA中返回分配的S-CSCF名称或S-CSCF的能力;S210, the HSS sends a User-Authorization-Answer (UAA for short) message to the I-CSCF, and the UAA returns the assigned S-CSCF name or the capability of the S-CSCF;

S212,I-CSCF将注册请求消息发送到选定的S-CSCF;S212, the I-CSCF sends the registration request message to the selected S-CSCF;

S214,出于安全考虑,S-CSCF需要对用户进行认证鉴权,需要向HSS发送多媒体认证请求(Multimedia-Auth-Request,简称MAR)获取用户认证向量,AGCF用户一般采用SIPDigest鉴权;S214, for security reasons, the S-CSCF needs to perform authentication and authentication on the user, and needs to send a Multimedia-Auth-Request (MAR for short) to the HSS to obtain the user authentication vector, and the AGCF user generally uses SIPDigest authentication;

S216,HSS向S-CSCF发送多媒体认证响应(Multimedia-Auth-Answer,简称MAA),响应消息中携带认证向量;S216, the HSS sends a multimedia authentication response (Multimedia-Auth-Answer, MAA for short) to the S-CSCF, and the authentication vector is carried in the response message;

S218,S-CSCF根据认证向量信息,构造挑战请求(401 Unauthorized消息),并发送到I-CSCF;S218, the S-CSCF constructs a challenge request (401 Unauthorized message) according to the authentication vector information, and sends it to the I-CSCF;

S220,I-CSCF将401 Unauthorized消息转发至AGCF;S220, the I-CSCF forwards the 401 Unauthorized message to the AGCF;

S222,AGCF使用本地保存的用户的鉴权密钥信息,构造挑战响应注册消息,并发送到I-CSCF,鉴权密钥一般通过本地配置或者通过综合业务和运营支撑系统(Business &Operation Support System,简称BOSS)获取;S222. The AGCF uses the user's authentication key information stored locally to construct a challenge response registration message and send it to the I-CSCF. The authentication key is generally configured locally or through an integrated business and operation support system (Business & Operation Support System, BOSS) acquisition;

S224,I-CSCF收到注册请求消息后,向HSS发送UAR消息,请求分配S-CSCF;S224. After receiving the registration request message, the I-CSCF sends a UAR message to the HSS to request allocation of the S-CSCF;

S226,HSS向I-CSCF发送UAA消息,UAA中返回分配的S-CSCF名称;S226, the HSS sends a UAA message to the I-CSCF, and the assigned S-CSCF name is returned in the UAA;

S228,I-CSCF将注册请求消息发送到选定的S-CSCF;S228, the I-CSCF sends the registration request message to the selected S-CSCF;

S230,S-CSCF收到注册请求消息后,判断用户的合法性,完成对用户的鉴权,鉴权通过后向HSS发送用户配置数据请求(Server-Assignment-Request,简称SAR);S230, after receiving the registration request message, the S-CSCF judges the legitimacy of the user, completes the authentication of the user, and sends a user configuration data request (Server-Assignment-Request, SAR for short) to the HSS after the authentication is passed;

S232,HSS存储S-CSCF信息,并将用户的签约数据、计费地址信息通过用户配置数据响应(Server-Assignment-Answer,简称SAA)消息发送到S-CSCF;S232, the HSS stores the S-CSCF information, and sends the user's subscription data and charging address information to the S-CSCF through a user configuration data response (Server-Assignment-Answer, referred to as SAA) message;

S234,S-CSCF构建注册成功响应消息,如200OK,并发送到I-CSCF;S234. The S-CSCF constructs a registration success response message, such as 200 OK, and sends it to the I-CSCF;

S236,AGCF收到I-CSCF转发过来的注册成功响应,完成用户注册。S236. The AGCF receives the registration success response forwarded by the I-CSCF, and completes the user registration.

有必要对上述注册流程加以改进。There is a need to improve the registration process described above.

发明内容Contents of the invention

本发明要解决的技术问题是提供一种接入设备接入IMS网络方法及AGCF和S-CSCF,简化注册流程。The technical problem to be solved by the present invention is to provide a method for an access device to access an IMS network, an AGCF and an S-CSCF, and simplify the registration process.

为解决上述技术问题,本发明提供了一种接入设备接入IP多媒体子系统(IMS)网络的方法,包括:In order to solve the above technical problems, the present invention provides a method for an access device to access an IP Multimedia Subsystem (IMS) network, comprising:

接入设备在通过接入网关控制功能(AGCF)接入IMS网络的过程中,AGCF在完成与接入设备的连接后,决策构造携带鉴权通过指示的注册请求,将所述注册请求通过查询呼叫会话控制功能实体(I-CSCF)发送给服务呼叫会话控制功能实体(S-CSCF),所述鉴权通过指示用于供所述S-CSCF决策是否对该接入设备进行鉴权。When the access device is accessing the IMS network through the access gateway control function (AGCF), after the AGCF completes the connection with the access device, it decides to construct a registration request carrying the indication of passing the authentication, and passes the registration request through the query The call session control function entity (I-CSCF) sends it to the serving call session control function entity (S-CSCF), and the authentication pass indication is used for the S-CSCF to decide whether to authenticate the access device.

进一步地,所述AGCF决策构造携带鉴权通过指示的注册请求,包括:AGCF根据运营商的运维策略,和/或本地是否保存所述接入设备的接入用户的鉴权密钥信息,如果决策需要在注册请求中携带鉴权通过指示,则构造携带鉴权通过指示的注册请求。Further, the AGCF decision constructs a registration request carrying an authentication pass indication, including: AGCF stores the authentication key information of the access user of the access device locally according to the operation and maintenance policy of the operator, and/or locally, If the decision requires the registration request to carry the indication of passing the authentication, construct a registration request carrying the indication of passing the authentication.

进一步地,所述S-CSCF接收到注册请求后,判断如果所述注册请求中携带有鉴权通过指示,则:决策不对所述接入设备进行鉴权;或者,根据运营商的运维策略,和/或所述AGCF所在网络信息决策是否对该接入设备进行鉴权。Further, after receiving the registration request, the S-CSCF judges that if the registration request carries an indication of passing the authentication, then: decide not to perform authentication on the access device; or, according to the operation and maintenance policy of the operator , and/or the information of the network where the AGCF is located decides whether to authenticate the access device.

进一步地,所述注册请求包括初始注册请求、刷新注册请求或注销请求。Further, the registration request includes an initial registration request, a refresh registration request or a logout request.

进一步地,所述注册请求为SIP消息,所述鉴权通过指示置于所述注册请求的SIP头字段或参数中。Further, the registration request is a SIP message, and the authentication pass indication is placed in a SIP header field or parameter of the registration request.

为解决上述技术问题,本发明还提供了一种接入网关控制功能(AGCF)实体,用于提供接入设备接入IP多媒体子系统(IMS)网络,所述AGCF包括决策模块、构造模块和发送模块,其中:In order to solve the above-mentioned technical problems, the present invention also provides an Access Gateway Control Function (AGCF) entity, which is used to provide an access device to access an IP Multimedia Subsystem (IMS) network, and the AGCF includes a decision module, a construction module and sending module, where:

所述决策模块,用于在接入设备通过所述AGCF接入IMS网络的过程中,在完成与接入设备的连接后,决策是否构造携带鉴权通过指示的注册请求;The decision-making module is configured to decide whether to construct a registration request carrying an authentication passing indication after the access device is connected to the IMS network through the AGCF;

所述构造模块,用于在所述决策模块决策构造携带鉴权通过指示的注册请求时,构造携带鉴权通过指示的注册请求;The construction module is configured to construct a registration request carrying an authentication passing indication when the decision-making module decides to construct a registration request carrying an authentication passing indication;

所述发送模块,用于将所述构造模块构造的注册请求通过查询呼叫会话控制功能实体(I-CSCF)发送给服务呼叫会话控制功能实体(S-CSCF),所述鉴权通过指示用于供所述S-CSCF决策是否对该接入设备进行鉴权。The sending module is configured to send the registration request constructed by the construction module to the serving call session control function (S-CSCF) through the inquiry call session control function entity (I-CSCF), and the authentication pass indication is used for It is used for the S-CSCF to decide whether to authenticate the access device.

进一步地,所述决策模块是用于采用以下方式决策是否构造携带鉴权通过指示的注册请求:根据运营商的运维策略,和/或本地是否保存所述接入设备的接入用户的鉴权密钥信息来进行决策。Further, the decision-making module is used to decide whether to construct a registration request carrying an authentication pass indication in the following manner: according to the operation and maintenance policy of the operator, and/or whether to save the authentication of the access user of the access device locally key information to make decisions.

进一步地,所述注册请求为SIP消息,所述构造模块是用于采用以下方式构造携带鉴权通过指示的注册请求:将所述鉴权通过指示置于所述注册请求的SIP头字段或参数中。Further, the registration request is a SIP message, and the construction module is used to construct the registration request carrying the authentication pass indication in the following manner: put the authentication pass indication in the SIP header field or parameter of the registration request middle.

为解决上述技术问题,本发明还提供了一种服务呼叫会话控制功能实体(S-CSCF),用于提供接入设备接入IP多媒体子系统(IMS)网络,所述S-CSCF包括接收模块、判断模块和决策模块,其中:In order to solve the above technical problems, the present invention also provides a Serving Call Session Control Function (S-CSCF), which is used to provide an access device to access an IP Multimedia Subsystem (IMS) network, and the S-CSCF includes a receiving module , a judgment module and a decision module, wherein:

所述接收模块,用于接收接入网关控制功能(AGCF)发送的注册请求;The receiving module is configured to receive a registration request sent by an access gateway control function (AGCF);

所述判断模块,用于判断所述注册请求中是否携带有鉴权通过指示;The judging module is configured to judge whether the registration request carries an authentication pass indication;

所述决策模块,用于在判断模块判断所述注册请求中携带有鉴权通过指示,决策执行以下操作中的任一种:The decision-making module is used to judge that the registration request carries an indication of passing the authentication in the judging module, and decide to perform any one of the following operations:

不对所述接入设备进行鉴权;Not performing authentication on the access device;

根据运营商的运维策略,和/或所述AGCF所在网络信息决策是否对该接入设备进行鉴权。According to the operation and maintenance policy of the operator and/or the information of the network where the AGCF is located, it is decided whether to authenticate the access device.

与现有技术相比,通过上述方案,AGCF上无需保存用户鉴权密钥信息,S-CSCF通过判定鉴权通过指示,完成对用户的鉴权,简化了传统的固网接入设备通过AGCF接入IMS网络的用户注册流程。同时,由于AGCF上无需保存鉴权密钥,降低了运维成本,并且不会出现AGCF和HSS上密钥不一致的情况。另外,目前技术中AG/IAD与AGCF的固定接入,已经能够保证用户的安全性,本文的简化方法不会对接入设备的安全性造成影响。Compared with the existing technology, through the above scheme, there is no need to store user authentication key information on the AGCF, and the S-CSCF completes the user authentication by judging the authentication pass indication, which simplifies the traditional fixed network access equipment through the AGCF. User registration process for accessing the IMS network. At the same time, since there is no need to save the authentication key on the AGCF, the operation and maintenance cost is reduced, and there will be no inconsistency between the keys on the AGCF and the HSS. In addition, the fixed access of AG/IAD and AGCF in the current technology can already guarantee the security of users, and the simplified method in this paper will not affect the security of access devices.

附图说明Description of drawings

图1为现有固网用户接入IMS网络架构示意图;Figure 1 is a schematic diagram of the existing fixed network user access IMS network architecture;

图2为已知AGCF接入IMS网络用户注册的流程图;Fig. 2 is the flow chart of known AGCF access IMS network user registration;

图3为AGCF接入IMS网络用户注册实现方案一流程图;Fig. 3 is a flow chart of AGCF access IMS network user registration implementation scheme;

图4为本发明实施例AGCF与S-CSCF的结构示意图。Fig. 4 is a schematic structural diagram of an AGCF and an S-CSCF according to an embodiment of the present invention.

具体实施方式detailed description

对现有流程分析发现,由于AGCF需要保存IMS用户的鉴权密钥方可完成IMS网络的用户注册,一方面AGCF需要保存鉴权密钥,增加了运维成本,容易导致AGCF和HSS上密钥不一致;另一方面目前AGCF用户注册流程略显复杂。考虑到传统的固网接入设备通过AGCF接入IMS网络,能保证接入用户的安全性,因此,本文提供一种接入设备接入IMS网络的简化方案,包括:According to the analysis of the existing process, because the AGCF needs to save the authentication key of the IMS user to complete the user registration of the IMS network, on the one hand, the AGCF needs to save the authentication key, which increases the operation and maintenance cost, and easily leads to the encryption of the AGCF and the HSS. keys are inconsistent; on the other hand, the current AGCF user registration process is slightly complicated. Considering that traditional fixed network access devices access the IMS network through AGCF, which can ensure the security of access users, this paper provides a simplified solution for access devices to access the IMS network, including:

接入设备在通过AGCF接入IMS网络的过程中,AGCF在完成与接入设备的连接后,决策构造携带鉴权通过指示的注册请求,将所述注册请求通过I-CSCF发送给S-CSCF,所述鉴权通过指示用于供所述S-CSCF决策是否对该接入设备进行鉴权。When the access device is accessing the IMS network through the AGCF, after the AGCF completes the connection with the access device, it decides to construct a registration request carrying the indication of passing the authentication, and sends the registration request to the S-CSCF through the I-CSCF , the authentication pass indication is used for the S-CSCF to decide whether to authenticate the access device.

优选地,上述注册请求包括初始注册请求、刷新注册请求或注销请求。Preferably, the above registration request includes an initial registration request, a refresh registration request or a logout request.

为与现有技术兼容,AGCF可以根据运营商的运维策略,和/或本地是否保存该接入设备的接入用户的鉴权密钥信息等条件来决策是否在注册请求中携带鉴权通过指示,例如,如果AGCF本地没有保存该接入设备的接入用户的鉴权密钥信息,则在注册请求中携带该鉴权通过指示。In order to be compatible with the existing technology, the AGCF can decide whether to carry the authentication pass in the registration request according to the operator's operation and maintenance policy, and/or whether to store the authentication key information of the access user of the access device locally. Instructions, for example, if the AGCF does not store the authentication key information of the access user of the access device locally, the authentication pass indication is carried in the registration request.

AGCF和S-CSCF一般部署在可信网络,但是对于非可信网络,为了防止非可信网络中的欺骗行为,S-CSCF可以在接收到鉴权通过指示后,根据运维策略和/或拜访网络信息(如AGCF的所在网络信息),决策是否对该接入设备进行鉴权,如果决策需要对该接入设备进行鉴权,则忽略鉴权通过指示信息,依旧对该接入设备进行鉴权。AGCF and S-CSCF are generally deployed in trusted networks, but for untrusted networks, in order to prevent fraudulent behavior in untrusted networks, S-CSCF can, after receiving the authentication pass indication, according to the operation and maintenance policy and/or Visit the network information (such as the network information of the AGCF), decide whether to authenticate the access device, if the decision needs to authenticate the access device, ignore the authentication pass indication information, and still perform the authentication on the access device authentication.

优选地,注册请求为SIP消息,该鉴权通过指示可置于注册请求的SIP头字段或参数中,该SIP头字段可以是已有的SIP头字段,也可以是扩展的SIP头字段,该参数也可以是现有参数或者是扩展参数。Preferably, the registration request is a SIP message, and the authentication indication can be placed in the SIP header field or parameter of the registration request. The SIP header field can be an existing SIP header field or an extended SIP header field. Parameters can also be existing parameters or extension parameters.

上述方法不仅可以用于固网接入设备,还可以用于移动接入设备。The above method can be used not only for fixed network access equipment, but also for mobile access equipment.

下面结合附图和具体实施方式对本发明作进一步详细的说明。The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

为了简化传统的接入设备通过AGCF接入IMS网络的注册流程,同时解决AGCF保存用户鉴权密钥的一致性问题,本实施例流程如图3所示,包括以下步骤:In order to simplify the registration process of the traditional access device accessing the IMS network through the AGCF, and to solve the consistency problem of the user authentication key stored by the AGCF, the flow of this embodiment is shown in Figure 3, including the following steps:

S302,传统的固网接入设备,如AG/IAD等,基于现有技术与AGCF相连。以H.248为例,AGCF收到ServiceChange请求;S302, traditional fixed network access equipment, such as AG/IAD, is connected to the AGCF based on the existing technology. Taking H.248 as an example, AGCF receives a ServiceChange request;

S304,AGCF基于现有技术完成与传统的固网接入设备的连接,以H.248为例,AGCF会针对ServiceChange请求发送Reply响应;S304. The AGCF completes the connection with the traditional fixed network access device based on the existing technology. Taking H.248 as an example, the AGCF will send a Reply response to the ServiceChange request;

S306,AGCF构造基于SIP协议的注册请求,AGCF判断本地没有接入设备的接入用户的鉴权密钥,决策在请求消息中携带鉴权通过指示,希望S-CSCF对用户不鉴权;S306. The AGCF constructs a registration request based on the SIP protocol. The AGCF judges the authentication key of the access user who does not have an access device locally, and decides to carry an authentication pass indication in the request message, hoping that the S-CSCF will not authenticate the user;

AGCF基于现有技术构造基于SIP协议的注册请求。The AGCF constructs the registration request based on the SIP protocol based on the prior art.

AGCF除了判断本地是否保存接入设备的接入用户的鉴权密钥来决策是否在请求消息中携带鉴权通过指示外,还可以根据运营商的其他运维策略来进行决策,如果运维策略规定对所有的接入设备进行鉴权,则AGCF在请求消息中均不携带鉴权通过指示,如果运维策略规定对所有的接入设备均不进行鉴权,则AGCF在请求消息中均携带鉴权通过指示,或者运维策略可以规定需要进行鉴权的接入设备的条件,AGCF根据运维策略的规定决策是否在请求消息中携带鉴权通过指示。In addition to judging whether to save the authentication key of the access user of the access device locally to decide whether to carry the authentication pass indication in the request message, the AGCF can also make a decision based on other operation and maintenance strategies of the operator. If the operation and maintenance strategy If all access devices are required to be authenticated, the AGCF will not carry an authentication pass indication in the request message. If the operation and maintenance policy stipulates that all access devices are not authenticated, the AGCF will carry The authentication pass indication, or the operation and maintenance policy may specify the conditions of the access device that needs to be authenticated, and the AGCF decides whether to carry the authentication pass indication in the request message according to the operation and maintenance policy.

鉴权通过指示可以利用已有SIP头字段或者参数,也可以是扩展的SIP头字段或者参数,如将鉴权(Authorization)头部中完整性保护(integrity-protected)参数设置为″auth-done″。The authentication pass indication can use existing SIP header fields or parameters, and can also be extended SIP header fields or parameters, such as setting the integrity-protected (integrity-protected) parameter in the Authentication (Authorization) header to "auth-done "."

S308,AGCF将注册请求转发到I-CSCF,请求消息中携带鉴权通过指示;S308, the AGCF forwards the registration request to the I-CSCF, and the request message carries an authentication pass indication;

S310,I-CSCF向HSS发送用户认证请求UAR,请求分配S-CSCF;S310, the I-CSCF sends a user authentication request UAR to the HSS, requesting to allocate the S-CSCF;

S312,HSS向I-CSCF发送用户认证响应消息,UAA中返回分配的S-CSCF名称或S-CSCF的能力;S312, the HSS sends a user authentication response message to the I-CSCF, and returns the assigned S-CSCF name or S-CSCF capability in the UAA;

S314,I-CSCF将注册请求消息转发到选定的S-CSCF,请求消息中携带鉴权通过指示信息,如Authorization头部中integrity-protected参数信息需要传递到S-CSCF;S314, the I-CSCF forwards the registration request message to the selected S-CSCF, and the request message carries authentication passing indication information, such as the integrity-protected parameter information in the Authorization header needs to be transmitted to the S-CSCF;

S316,S-CSCF解析并识别鉴权通过指示信息,如发现Authorization头部中integrity-protected参数为″auth-done″,则认为用户鉴权通过,决策不对该接入设备进行鉴权;S316. The S-CSCF parses and identifies the authentication pass indication information. If the integrity-protected parameter in the Authorization header is found to be "auth-done", it considers that the user authentication has passed, and decides not to authenticate the access device;

在其他实施例中,S-CSCF可以具有忽略该鉴权通过指示的能力,而根据运维策略和/或AGCF所在网络信息决策是否对该接入设备进行鉴权。例如AGCF所在网络信息指示该AGCF处于非可信网络,则S-CSCF可以决策对该AGCF请求的注册均进行鉴权。In other embodiments, the S-CSCF may have the ability to ignore the authentication passing indication, and decide whether to authenticate the access device according to the operation and maintenance policy and/or the network information where the AGCF is located. For example, the information about the network where the AGCF is located indicates that the AGCF is in an untrusted network, and the S-CSCF may decide to perform authentication on all registrations requested by the AGCF.

S318,S-CSCF向HSS发送用户配置数据请求;S318, the S-CSCF sends a user configuration data request to the HSS;

S320,HSS存储S-CSCF信息,并将用户的签约数据、计费地址信息通过SAA消息发送到S-CSCF;S320, the HSS stores the S-CSCF information, and sends the user's subscription data and billing address information to the S-CSCF through the SAA message;

S322,S-CSCF构建注册成功响应消息,如200OK,并发送到I-CSCF;S322. The S-CSCF constructs a registration success response message, such as 200 OK, and sends it to the I-CSCF;

S324,AGCF收到I-CSCF转发过来的注册成功响应,完成用户注册。S324. The AGCF receives the registration success response forwarded by the I-CSCF, and completes the user registration.

实现上述方法的用于提供接入设备接入IMS网络的AGCF,如图4所示,包括决策模块、构造模块和发送模块,其中:The AGCF for providing the access device to access the IMS network for implementing the above method, as shown in Figure 4, includes a decision-making module, a construction module and a sending module, wherein:

所述决策模块,用于在接入设备通过所述AGCF接入IMS网络的过程中,在完成与接入设备的连接后,决策是否构造携带鉴权通过指示的注册请求;The decision-making module is configured to decide whether to construct a registration request carrying an authentication passing indication after the access device is connected to the IMS network through the AGCF;

所述构造模块,用于在所述决策模块决策构造携带鉴权通过指示的注册请求时,构造携带鉴权通过指示的注册请求;The construction module is configured to construct a registration request carrying an authentication passing indication when the decision-making module decides to construct a registration request carrying an authentication passing indication;

所述发送模块,用于将所述构造模块构造的注册请求通过I-CSCF发送给S-CSCF,所述鉴权通过指示用于供所述S-CSCF决策是否对该接入设备进行鉴权。The sending module is configured to send the registration request constructed by the construction module to the S-CSCF through the I-CSCF, and the authentication pass indication is used for the S-CSCF to decide whether to authenticate the access device .

具体地,该AGCF的决策模块是用于采用以下方式决策是否构造携带鉴权通过指示的注册请求:根据运营商的运维策略,和/或本地是否保存所述接入设备的接入用户的鉴权密钥信息来进行决策。Specifically, the decision-making module of the AGCF is used to decide whether to construct a registration request carrying an authentication passing indication in the following manner: according to the operation and maintenance policy of the operator, and/or whether to store the access user's information of the access device locally Authentication key information to make decisions.

优选地,注册请求为SIP消息,所述构造模块是用于采用以下方式构造携带鉴权通过指示的注册请求:将所述鉴权通过指示置于所述注册请求的SIP头字段或参数中。Preferably, the registration request is a SIP message, and the construction module is configured to construct the registration request carrying the authentication pass indication in the following manner: put the authentication pass indication in the SIP header field or parameter of the registration request.

实现上述方法的用于提供接入设备接入IMS网络的S-CSCF,如图4所示,包括接收模块、判断模块和决策模块,其中:The S-CSCF for providing the access device to access the IMS network for implementing the above method, as shown in Figure 4, includes a receiving module, a judging module and a decision-making module, wherein:

所述接收模块,用于接收接入网关控制功能(AGCF)发送的注册请求;The receiving module is configured to receive a registration request sent by an access gateway control function (AGCF);

所述判断模块,用于判断所述注册请求中是否携带有鉴权通过指示;The judging module is configured to judge whether the registration request carries an authentication pass indication;

所述决策模块,用于在判断模块判断所述注册请求中携带有鉴权通过指示,决策执行以下操作中的任一种:The decision-making module is used to judge that the registration request carries an indication of passing the authentication in the judging module, and decide to perform any one of the following operations:

不对所述接入设备进行鉴权;Not performing authentication on the access device;

根据运营商的运维策略,和/或所述AGCF所在网络信息决策是否对该接入设备进行鉴权。According to the operation and maintenance policy of the operator and/or the information of the network where the AGCF is located, it is decided whether to authenticate the access device.

采用本发明实施例方法,对于传统的固网设备接入,AGCF在注册请求消息中携带鉴权通过指示信息,S-CSCF识别鉴权通过指示信息,无需再对用户进行鉴权,直接完成用户注册。该方法一方面简化了AGCF用户注册流程,另一方面AGCF无需保存用户鉴权密钥,易于IMS网络的运维。With the method of the embodiment of the present invention, for traditional fixed network device access, the AGCF carries the authentication pass indication information in the registration request message, and the S-CSCF identifies the authentication pass indication information, and does not need to authenticate the user again, and directly completes the user registration process. register. On the one hand, the method simplifies the AGCF user registration process; on the other hand, the AGCF does not need to save the user authentication key, which facilitates the operation and maintenance of the IMS network.

本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。本发明不限制于任何特定形式的硬件和软件的结合。Those skilled in the art can understand that all or part of the steps in the above method can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable storage medium, such as a read-only memory, a magnetic disk or an optical disk, and the like. Optionally, all or part of the steps in the foregoing embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the foregoing embodiments may be implemented in the form of hardware, or may be implemented in the form of software function modules. The present invention is not limited to any specific combination of hardware and software.

当然,本发明还可有其他多种实施例,在不背离本发明精神及其实质的情况下,熟悉本领域的技术人员当可根据本发明作出各种相应的改变和变形,但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。Certainly, the present invention also can have other multiple embodiments, without departing from the spirit and essence of the present invention, those skilled in the art can make various corresponding changes and deformations according to the present invention, but these corresponding Changes and deformations should belong to the scope of protection of the appended claims of the present invention.

Claims (8)

1. a kind of method that access device accesses IP multimedia subsystem (IMS) network, including:
During IMS network is accessed by AGCF (AGCF), AGCF is completed and accessed access device After the connection of equipment, decision-making construction carries registration request of the authentication by instruction, by the registration request by query call meeting Words control function entity (I-CSCF) are sent to service call session control function entity (S-CSCF), and the authentication is by indicating For whether being authenticated to the access device for the S-CSCF decision-makings;
After the S-CSCF receives registration request, if carrying authentication in judging the registration request by indicating,:
Decision-making is not authenticated to the access device;Or
Whether the network information where the O&M strategy and/or the AGCF according to operator, decision-making reflects to the access device Power;If decision-making needs to authenticate the access device, ignore authentication by configured information, still the access device is entered Row authentication.
2. the method for claim 1, it is characterised in that:
The AGCF decision-makings construction carries registration request of the authentication by instruction, including:
Whether AGCF is close according to the O&M strategy of operator, and/or the authentication of the local accessing user for preserving the access device Key information, if decision-making needs to carry in the registration request authentication by instruction, construction carries registration of the authentication by instruction Request.
3. the method for claim 1, it is characterised in that:
The registration request includes initial registration request, refresh registration request or de-registration request.
4. the method for claim 1, it is characterised in that:
The registration request is sip message, and the authentication is placed in the SIP head field or parameter of the registration request by instruction In.
5. a kind of AGCF (AGCF) entity, IP multimedia subsystem (IMS) is accessed for providing access device Network, the AGCF includes decision-making module, constructing module and sending module, wherein:
The decision-making module, during accessing IMS network by the AGCF in access device, sets in completion with access After standby connection, whether decision-making constructs the registration request for carrying authentication by instruction;
The constructing module, for when the decision-making module decision-making constructs carrying and authenticates the registration request by indicating, constructing Carry registration request of the authentication by instruction;
The sending module, the registration request for the constructing module to be constructed passes through query call conversation control function entity (I-CSCF) service call session control function entity (S-CSCF) is sent to, the authentication is by indicating for supplying the S- Whether CSCF decision-makings authenticate to the access device;
The decision-making module is whether that the registration request for carrying authentication by instruction is constructed for decision-making in the following ways:
The Authentication Key information of O&M strategy and/or the local accessing user for whether preserving the access device according to operator To carry out decision-making.
6. AGCF as claimed in claim 5, it is characterised in that:
The registration request includes initial registration request, refresh registration request or de-registration request.
7. AGCF as claimed in claim 5, it is characterised in that:
The registration request is sip message, and the constructing module is for constructing carrying authentication in the following ways by indicating Registration request:The authentication is placed in the SIP head field of the registration request or parameter by indicating.
8. a kind of service call session control function entity (S-CSCF), IP multimedia subsystem is accessed for providing access device (IMS) network, the S-CSCF includes receiver module, judge module and decision-making module, wherein:
The receiver module, the registration request for receiving AGCF (AGCF) transmission;
The judge module, for judging whether carry authentication by indicating in the registration request;
The decision-making module, for judging the registration request in judge module in carry authentication by indicate, decision-making perform Below operate in any one:
The access device is not authenticated;
Whether network information decision-making where the O&M strategy according to operator, and/or the AGCF reflects to the access device Power, if decision-making needs to authenticate the access device, ignores authentication by configured information, and still the access device is entered Row authentication.
CN201110176011.1A 2011-06-27 2011-06-27 Access method of access equipment to IMS (IP multimedia subsystem) network and AGCF (access gateway control function) and S-CSCF (serving-call session control function) Expired - Fee Related CN102857900B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110176011.1A CN102857900B (en) 2011-06-27 2011-06-27 Access method of access equipment to IMS (IP multimedia subsystem) network and AGCF (access gateway control function) and S-CSCF (serving-call session control function)
PCT/CN2012/071091 WO2013000285A1 (en) 2011-06-27 2012-02-14 Method for access device to access ims network, and agcf and s-cscf

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110176011.1A CN102857900B (en) 2011-06-27 2011-06-27 Access method of access equipment to IMS (IP multimedia subsystem) network and AGCF (access gateway control function) and S-CSCF (serving-call session control function)

Publications (2)

Publication Number Publication Date
CN102857900A CN102857900A (en) 2013-01-02
CN102857900B true CN102857900B (en) 2017-05-24

Family

ID=47404023

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110176011.1A Expired - Fee Related CN102857900B (en) 2011-06-27 2011-06-27 Access method of access equipment to IMS (IP multimedia subsystem) network and AGCF (access gateway control function) and S-CSCF (serving-call session control function)

Country Status (2)

Country Link
CN (1) CN102857900B (en)
WO (1) WO2013000285A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102012002304A1 (en) 2012-02-06 2013-08-08 Audi Ag Apparatus for automated driving of a motor vehicle and method for operating a motor vehicle
CN106341814A (en) * 2015-07-08 2017-01-18 中兴通讯股份有限公司 Voice service registration method and device
CN112672349A (en) * 2019-10-16 2021-04-16 中兴通讯股份有限公司 Management and control method, terminal, system and computer readable storage medium
CN112953718B (en) * 2019-11-26 2024-05-28 中国移动通信集团安徽有限公司 Authentication method and device for IMS network user and call session control function entity

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100450207C (en) * 2005-09-30 2009-01-07 华为技术有限公司 Method and Communication System for CS Domain User to Access IMS Domain
CN101325759B (en) * 2007-06-15 2012-06-27 华为技术有限公司 Method and system for accessing IMS early authentication for subscriber terminal
CN102056154B (en) * 2009-10-30 2014-05-07 华为技术有限公司 IKE authentication method, system, IKE responding device and IKE initiating device

Also Published As

Publication number Publication date
WO2013000285A1 (en) 2013-01-03
CN102857900A (en) 2013-01-02

Similar Documents

Publication Publication Date Title
US7822407B2 (en) Method for selecting the authentication manner at the network side
JP5709322B2 (en) Authentication method, system and apparatus
JP4938674B2 (en) Method and apparatus for accessing an IP multimedia subsystem
JP4922397B2 (en) Method for multiple registration of multimode communication terminal devices
WO2007036123A1 (en) A method and communication system for the cs domain user accessing the ims domain
WO2006128373A1 (en) A method for im domain authenticating for the terminal user identifier module and a system thereof
EP1563654A4 (en) USER EQUIPMENT ADAPTED TO THE SIP SIGNALING PROTOCOL FOR PROVIDING MULTIMEDIA SERVICES WITH QUALITY OF SERVICE
Psimogiannos et al. An IMS-based network architecture for WiMAX-UMTS and WiMAX-WLAN interworking
CN101142833A (en) Equipment for controlling user terminals in the circuit switching domain to access IMS communication network services
CN104202786B (en) A kind of method and device for calling routing
CN101997828B (en) Method, device and network for network re-registration of Internet protocol multimedia subsystem (IMS)
CN102857900B (en) Access method of access equipment to IMS (IP multimedia subsystem) network and AGCF (access gateway control function) and S-CSCF (serving-call session control function)
EP2119178B1 (en) Method and apparatuses for the provision of network services offered through a set of servers in an ims network
WO2014201904A1 (en) Method for achieving registration when user terminal accesses ims network, and ims
CN101106457B (en) Method for Determining User Terminal Authentication Mode in IP Multimedia Subsystem Network
CN101030853B (en) An authentication method for a user terminal
CN101547424A (en) A terminal access position acquiring method, device and system
CN101448258A (en) Judgment method of authentication mode for UE to access IMS and device thereof
CN103001935A (en) Authentication method and system for UE of ILS network in IMS network
CN102082769B (en) Authentication system, device and method for IMS terminal when obtaining non-IMS service
CN101540678A (en) Fixed terminal and authentication method thereof
CN101053203B (en) Method and system for Internet multimedia domain authentication for terminal user identity module
CN115022878B (en) Method, apparatus and medium for takeover of selected VoLTE user
WO2011140883A1 (en) Method and system for logging off users
KR101016641B1 (en) Authentication control device and method for a terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170524