CN102638440A - Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network - Google Patents
Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network Download PDFInfo
- Publication number
- CN102638440A CN102638440A CN2011100385335A CN201110038533A CN102638440A CN 102638440 A CN102638440 A CN 102638440A CN 2011100385335 A CN2011100385335 A CN 2011100385335A CN 201110038533 A CN201110038533 A CN 201110038533A CN 102638440 A CN102638440 A CN 102638440A
- Authority
- CN
- China
- Prior art keywords
- terminal
- user
- authentication
- ims
- registered
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 239000013598 vector Substances 0.000 claims abstract description 38
- 230000007246 mechanism Effects 0.000 claims description 20
- 238000010586 diagram Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method and a system for realizing single sign on (SSO) in an IP multimedia subsystem (IMS) network. The method and the system are characterized in that after terminal user equipment (UE) registers in the IMS network, the authentication request of the terminal UE for accessing an application server (AS) is redirected to a relay server (RS); and the RS obtains the related authentication vector and user information of the terminal UE, identifies whether the terminal UE has registered or not according to the related authentication vector and user information and generates a shared key when confirming that the terminal UE has registered. The method and the system have the effects of realizing an SSO function, without re-authenticating the terminal UE, and effectively reducing the complexity of access flows.
Description
Technical Field
The invention relates to the field of communication, in particular to a method and a system for realizing single sign-on (SSO) in an IMS network.
Background
Currently, to implement IMS single sign-on, when accessing an Application Server (AS) in the unified IMS, an authentication mechanism such AS AKA or SIP Digest is usually used to authenticate a terminal User Equipment (UE) outside an IMS core network, so AS to implement a final single sign-on function. An architecture schematic diagram in which an AS and a Relay Server (RS) have a secure channel to implement IMS single sign-on is shown in fig. 1; an architecture schematic diagram of the AS and RS for sharing a key to implement IMS single sign-on is shown in fig. 2.
In the case that the terminal UE of the unified IMS implements the SSO function for the application server, the implementation scenarios can be divided into three types according to the application scenario:
1: a case that the IMS terminal UE has a UICC card therein and a network operator has deployed GBA; at this time, the GBA authentication mechanism and the Liberty Alliance/OpenID can be combined to realize single sign-on and the intercommunication with other existing SSO mechanisms.
2: the IMS terminal has a UICC card in UE, but an operator can not deploy GBA; in this case, ALU has proposed related proposals, which adopt AKA/OpenID combination scheme to implement SSO function in this scenario.
3: IMS end UE does not have UICC card and the operator does not deploy GBA either. In this case, the situation has been established by the NSN at the 3GPP SA3#60 conference.
In the above three application scenarios of SSO, when a terminal UE accesses an AS service, a functional network element is required to authenticate the terminal UE by using an AKA or SIP Digest authentication mechanism outside an IMS core network, without paying attention to whether the IMS terminal is registered in the IMS core network, and without associating the registration authentication process in the IMS core network with the single sign-on process of the IMS terminal. With the trend of continuous convergence between the IMS network and the Internet network, the IMS terminal has an increased access demand for various application servers, so as to implement the SSO function of the IMS terminal on the application servers. In the prior art, a great number of functional network elements for authenticating terminal UE are deployed in an IMS network by an operator to implement an SSO function for an IMS network-related application service.
In the existing scheme, only functional network elements supporting an authentication mechanism are deployed in a network operator, and the terminal UE can realize the SSO function of accessing the AS by performing identity authentication on the terminal UE again through the functional network elements. This will increase the complexity of the access flow.
Disclosure of Invention
In view of this, the main object of the present invention is to provide a method and a system for implementing single sign-on in an IMS network, which can implement an SSO function without authenticating a terminal UE again, thereby effectively reducing the complexity of an access flow.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method of implementing single sign-on in an IMS network, the method comprising:
after the terminal user equipment UE registers in the IMS network, the authentication request of the terminal UE for accessing the AS is redirected to the RS; the RS acquires the relevant authentication vector and the user information of the terminal UE, identifies whether the terminal UE is registered or not according to the relevant authentication vector and the user information, and generates a shared secret key when the terminal UE is confirmed to be registered.
The method for registering the terminal UE in the IMS network comprises the following steps: IMS terminal UE utilizes SIP Digest terminal user registration mechanism to complete the registration process in IMS core network;
the process of acquiring the relevant authentication vector and the user information of the terminal UE comprises the following steps: if the RS successfully authenticates the AS, the RS sends a request for acquiring an authentication vector to the HSS; and the HSS searches and downloads the corresponding SIP Digest authentication vector and the user configuration information content according to the user identity identifier in the received request.
The method further comprises a procedure of authenticating the AS:
the AS sends the user public identity identifier and the self identity identifier to the RS together, the RS authenticates the AS according to the identity identifier of the AS, and if the AS fails in authentication, the RS directly returns error information to the terminal UE; otherwise, the authentication vector of the terminal UE is obtained;
or the AS redirects a user service request sent by the terminal UE and sends an AS authentication request to the RS address, and the RS authenticates the AS according to the AS identity identification information; if the AS authentication fails, the RS directly returns error information to the terminal UE; otherwise, the authentication vector of the terminal UE is obtained.
The determining whether the terminal UE is registered, and the generating the shared key includes:
finding and identifying a registration identifier from the user information; if the identifier identifies that the terminal UE has successfully registered, the RS generates a random number and generates a shared secret key accordingly.
The method further comprises a process of the AS obtaining the shared secret key.
A system for realizing single sign-on in IMS network, the system includes HSS and RS; wherein,
the HSS is used for providing relevant authentication vectors and user information of the terminal UE;
and the RS is used for acquiring a relevant authentication vector and user information of the terminal UE after the terminal UE is registered in the IMS network and an authentication request of the terminal UE for accessing the AS is redirected to the RS, thereby identifying whether the terminal UE is registered or not and generating a shared secret key when the terminal UE is confirmed to be registered.
The terminal UE is configured to, when registering in the IMS network: the registration process in the IMS core network is completed by utilizing an SIP Digest terminal user registration mechanism;
when acquiring the relevant authentication vector and the user information of the terminal UE, the RS is configured to: if the AS is successfully authenticated, sending a request for acquiring an authentication vector to the HSS; and triggering the HSS to search and download the corresponding SIP Digest authentication vector and the user configuration information content according to the user identity identifier in the received request.
The AS is further used for cooperating with the RS to authenticate the AS; wherein,
the AS is used for: sending the public identity identifier of the user and the self identity identifier to the RS;
the RS is used for: authenticating the AS according to the identity identifier of the AS, and if the AS fails to authenticate, directly returning error information to the terminal UE by the RS; otherwise, the authentication vector of the terminal UE is obtained;
or, the AS is configured to: redirecting a user service request sent by a terminal UE and sending an RP authentication request to an RS address;
the RS is used for: authenticating the AS according to the AS identity identification information; if the AS authentication fails, the RS directly returns error information to the terminal UE; otherwise, the authentication vector of the terminal UE is obtained.
When the RS determines whether the terminal UE is registered and generates the shared secret key, the RS is configured to:
finding and identifying a registration identifier from the user information; if the identifier identifies that the terminal UE has successfully registered, the RS generates a random number and generates a shared secret key accordingly.
The AS is further used for obtaining the shared secret key.
The method and the system for realizing single sign-on in the IMS network can realize the SSO function without authenticating the terminal UE again, thereby effectively reducing the complexity of the access flow.
Drawings
FIG. 1 is an overall architecture diagram of an AS and RS implementing IMS single sign-on function when a secure channel exists;
FIG. 2 is an overall architecture diagram of the implementation of IMS single sign-on function when the AS and the RS have a shared key;
FIG. 3 is a flowchart illustrating binding of an SIP Digest authentication mechanism registration process in an IMS core network to implement an SSO function of a terminal UE when a secure channel exists between an AS and an RS;
FIG. 4 is a flowchart illustrating binding of an SIP Digest authentication mechanism registration procedure in an IMS core network to implement an SSO function of a terminal UE when a secure channel does not exist between the AS and the RS but a shared key exists;
fig. 5 is a simplified flowchart of implementing single sign-on in an IMS network according to an embodiment of the present invention.
Detailed Description
In fact, the terminal UE only needs to register once in the IMS core network, and generates an identifier register for identifying that the terminal UE has registered in the S-CSCF, and the terminal UE does not need to register again according to the identifier, and thus can perform subsequent call operations. The identifier can also be used when the terminal UE accesses the application server, so that the terminal UE can directly and safely obtain the required service without using the authentication mechanism again to perform the authentication process between the UE and the authentication center. In order to implement this function, a new network element RS needs to be designed, the identifier is identified by the network element, and a shared key can be established between the terminal UE and the application server, so as to perform secure information interaction.
In the invention, when a terminal UE adopts an SIP Digest authentication mechanism to complete a registration process in an IMS core network, a registration identifier Register generated in an S-CSCF is transmitted to an HSS, and an RS network element provided by a network operator is utilized to perform an information interaction process with the HSS, so that the RS obtains SIP Digest authentication vector parameters IMPU, realm, qop, algorithmm and H (A1) transmitted in the registration authentication process in the IMS core network and the registration identifier Register generated by the S-CSCF. The RS network element recognizes the Register identifier to know that the terminal UE is registered and authenticated, and further generates a session key of the AS and the terminal UE, and the AS and the terminal UE can perform safe information interaction through the session key. Meanwhile, the RS authenticates the accessed application server, and the safety of the identity information of the terminal UE is ensured.
In view of the above, the present invention utilizes the registration identifier generated in the SIP Digest authentication registration process of the terminal UE in the IMS core network to implement the SSO functional architecture and flow for the application server in the unified IMS network; the identification of the registration identifier by the functional network element in the process of realizing the SSO function is provided, and the RS network element provides a mechanism for authenticating the AS server; in the IMS, the terminal UE only needs to complete the registration process by using an SIP Digest authentication mechanism in an IMS core network, the SSO function of accessing the required application server can be realized by using the registration identifier generated by registration authentication, and the SSO function can be realized without carrying out SIP Digest authentication on the terminal UE outside the IMS core network again.
In practical application, after a terminal UE is registered in an IMS network, when the terminal UE needs to access an AS, the AS does not store any identity information of the UE and does not identify the terminal UE, but directly redirects an authentication request of the terminal UE to an RS network element provided by a network operator so AS to identify the terminal UE; meanwhile, for the security of the terminal UE, the AS needs to authenticate to the RS. The RS and AS have negotiated a shared key in advance or a secure channel exists. The RS authenticates the AS identity, if the AS authentication fails, error information is directly returned to the terminal UE, otherwise the RS downloads the authentication vector and the user information related to the user into the HSS according to the received public user identifier IMPU, the information comprises a Register registration identifier which is used for identifying whether the terminal UE is registered, if the terminal UE is not registered or the registration life cycle is expired, the terminal UE is required to be registered in an IMS core network, otherwise the RS learns that the terminal UE is registered through the registration identifier, and generates a shared key AS _ Ks; redirecting the information to the AS, wherein the information comprises AS _ Ks and nonce values encrypted by using the AS and RS shared key; the terminal UE obtains the nonce and generates a secret key AS _ Ks; the redirection information arrives at RS, which contains the encrypted information EKa, r (AS _ Ks); the AS decrypts the received encrypted information to obtain a secret key AS _ Ks; and finally, the AS sends an application request reply to the terminal UE, and the shared secret key AS _ Ks is acted on an interface between the UE and the AS so AS to ensure the safe information transmission of the UE and the AS.
The invention uses IMS terminal to adopt SIP Digest authentication mechanism to complete the registration identifier generated by S-CSCF after registration in IMS core network, S-CSCF transmits the registration identifier to HSS for storage, and functional network element is designed to identify the identifier to realize SSO function of terminal UE. The UE is an IMS terminal, the AS corresponds to an application server to be accessed by the IMS terminal, and the RS corresponds to a functional network element which is provided by a network operator and used for identifying a registration identifier and generating a key.
The technical scheme of the invention is further elaborated by combining the drawings and the specific implementation example.
Referring to fig. 3, when a secure channel exists between the AS and the RS, and when the SSO function of the terminal UE is implemented by using SIP Digest authentication mechanism registration process binding in the IMS core network, the following steps may be performed:
step 1: the IMS terminal UE firstly utilizes a SIP Digest terminal user registration mechanism to complete the registration process in an IMS core network.
Step 2: the UE sends a request for accessing service to the AS, and in order to ensure that the user private identifier IMPI is not leaked, the request carries the user public identity IMPU of the user and is used for representing the terminal UE.
And step 3: after the AS obtains the user service request, the public identity of the user IMPU and the identity of the AS (AS identity) are sent to the RS together.
And 4, step 4: and the RS authenticates the AS according to the identity identifier of the AS. If the AS authentication fails, the RS directly returns error information to the terminal UE; otherwise, step 6 is executed.
And 5: and if the RS authenticates the AS and learns that the AS is illegal, the RS returns authentication failure information to the terminal UE.
Step 6: if the RS successfully authenticates the AS, the RS sends a request for acquiring an authentication vector to the HSS, and the message carries the IMPU of the terminal UE.
And 7: the HSS searches and downloads the corresponding SIP Digest authentication Vector (SD-AV) and the user configuration information content according to the received user identity IMPU. The SD-AV comprises IMPU, realm (belonging area), qop (quality of protection), algorithm (adopting algorithm) and H (A1), wherein H (A1) is a hash function value consisting of IMPU, realm and password; meanwhile, the registration identifier register is found and identified from the user configuration information content; if the identifier identifies that the terminal UE is not registered, the process jumps to the execution of the registration process of the terminal UE in the IMS core network; otherwise, the terminal UE is identified to be successfully registered. In a multi-HSS environment, the RS may find the corresponding HSS by querying a Subscriber Location Function (SLF) to obtain a corresponding HSS address storing the subscriber information.
And 8: the RS generates a random number nonce and generates a shared key AS _ Ks together with the nonce using H (a1) downloaded from the HSS.
And step 9: and the RS sends identity authentication response information to the AS by using the secure channel, wherein the identity authentication response information comprises information such AS the key AS _ Ks, the nonce and the like.
Step 10: the AS obtains the key AS _ Ks.
Step 11: and the AS sends an application service response to the terminal UE, wherein the information comprises information such AS random number nonce and the like.
Step 12: the terminal UE obtains the nonce to generate an H (A1) value, and the terminal UE generates the key AS _ Ks using the nonce and the H (A1) value; at this point, the UE and AS have the same key AS _ Ks, and both can perform secure application service procedures.
If any one of the steps fails, the whole process stops executing.
Referring to fig. 4, when a secure channel does not exist between the AS and the RS but the AS and the RS have a shared key, and when the SSO function of the terminal UE is implemented by using SIP Digest authentication mechanism registration procedure binding in the IMS core network, the following steps may be performed:
step 1: the IMS terminal UE firstly utilizes a SIP Digest terminal user registration mechanism to complete the registration process in an IMS core network.
Step 2: the UE sends a request for accessing service to the AS, and in order to ensure that a private user identifier (IMPI) is not leaked, the request carries a public user Identity (IMPU) of the user and is used for representing the terminal UE.
And step 3: the AS redirects the user service request and sends an RP authentication request to the RS address. Carrying both IMPU and RP identity information (AS identity).
And 4, step 4: the request is redirected to the RS address. Carrying both IMPI and RP identity information (AS identity).
And 5: the RS authenticates the AS according to the AS identity identification information (AS identity); if the AS authentication fails, the RS directly returns error information to the terminal UE; otherwise step 7 is performed. A shared secret key (Ka, r) has been established in advance between the AS and the RS.
Step 6: and after the authentication of the AS by the RS fails, returning authentication error information to the terminal UE.
And 7: if the RS successfully authenticates the AS, the RS sends a request for acquiring an authentication vector to the HSS, and the message carries the IMPU of the terminal UE.
And 8: HSS according to received user ID IMPU searching and downloading corresponding SIP DigestAuthentication Vector (SD-AV) and user configuration information content. Wherein SD-AV comprises IMPI, realm, qop, algorithm and H (A1), wherein H (A1) is a hash function value consisting of IMPI, realm and password; at the same time, the registration identifier register is found and identified from the user configuration information content; if the identifier identifies that the terminal UE is not registered, the process jumps to the execution of the registration process of the terminal UE in the IMS core network; otherwise, the terminal UE is identified to be successfully registered. In a multi-HSS environment, the RS may find the corresponding HSS by querying the SLF to obtain the corresponding HSS address storing the user information.
And step 9: the RS generates a random number nonce and generates a shared key AS _ Ks together with the nonce using H (a1) downloaded from the HSS.
Step 10: the RS redirects the authentication result information to the AS, which includes the nonce and information EKa, r (AS _ Ks) of the encrypted AS _ Ks.
Step 11: the UE receives the nonce value, generates a hash value H (a1) from password, IMPU, etc., and generates a key AS _ Ks using the H (a1) and the nonce value.
Step 12: redirect the encrypted information to the AS, which contains EKa, r (AS _ Ks).
Step 13: the AS decrypts the received encryption information to obtain a shared key AS _ Ks; at this point, the UE and AS have the same key AS _ Ks, and both can perform secure application service procedures.
If any one of the steps fails, the whole process stops executing.
When a UE user accesses an AS, if the network is disconnected due to accidents, and the UE does not finish the process of establishing a shared key with the AS, if the UE needs to access an application server after the network is recovered, the service requesting process needs to be restarted; when UE has finished the establishment process of the shared key, if the life cycle of the shared key is not reached when recovering the network use, the UE and the AS after the network recovery can continue to apply the shared key to the protocol on the reference point thereof, and continue to perform the safe interaction with the AS, otherwise, the shared key process needs to be regenerated. After the UE user accesses the AS, if the UE user actively closes to log off the UE or powers off, the user needs to complete the whole execution flow such AS registration in the IMS again.
With reference to the foregoing embodiments, it can be seen that the operation idea of the present invention for implementing single sign-on in an IMS network may be represented by a flow shown in fig. 5, where the flow shown in fig. 5 includes the following steps:
step 510: after the terminal UE registers in the IMS network, the authentication request of the terminal UE for accessing the AS is redirected to the RS.
Step 520: the RS acquires the relevant authentication vector and the user information of the terminal UE, identifies whether the terminal UE is registered or not according to the relevant authentication vector and the user information, and generates a shared secret key AS _ Ks when the terminal UE is confirmed to be registered.
In summary, the method and system for realizing single sign-on in the IMS network of the present invention can realize the SSO function without authenticating the terminal UE again, thereby effectively reducing the complexity of the access flow.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.
Claims (10)
1. A method for implementing single sign-on in an IMS network, the method comprising:
after the terminal user equipment UE registers in the IMS network, the authentication request of the terminal UE for accessing the AS is redirected to the RS; the RS acquires the relevant authentication vector and the user information of the terminal UE, identifies whether the terminal UE is registered or not according to the relevant authentication vector and the user information, and generates a shared secret key when the terminal UE is confirmed to be registered.
2. The method of claim 1,
the method for registering the terminal UE in the IMS network comprises the following steps: IMS terminal UE utilizes SIP Digest terminal user registration mechanism to complete the registration process in IMS core network;
the process of acquiring the relevant authentication vector and the user information of the terminal UE comprises the following steps: if the RS successfully authenticates the AS, the RS sends a request for acquiring an authentication vector to the HSS; and the HSS searches and downloads the corresponding SIP Digest authentication vector and the user configuration information content according to the user identity identifier in the received request.
3. The method of claim 2, further comprising the step of authenticating the AS:
the AS sends the user public identity identifier and the self identity identifier to the RS together, the RS authenticates the AS according to the identity identifier of the AS, and if the AS fails in authentication, the RS directly returns error information to the terminal UE; otherwise, the authentication vector of the terminal UE is obtained;
or the AS redirects a user service request sent by the terminal UE and sends an AS authentication request to the RS address, and the RS authenticates the AS according to the AS identity identification information; if the AS authentication fails, the RS directly returns error information to the terminal UE; otherwise, the authentication vector of the terminal UE is obtained.
4. The method according to any of claims 1 to 3, wherein the determining whether the terminal UE is registered and the generating the shared secret key comprises:
finding and identifying a registration identifier from the user information; if the identifier identifies that the terminal UE has successfully registered, the RS generates a random number and generates a shared secret key accordingly.
5. The method of claim 4, further comprising a process of the AS obtaining the shared secret key.
6. A system for realizing single sign-on in IMS network, characterized in that, the system includes HSS and RS; wherein,
the HSS is used for providing relevant authentication vectors and user information of the terminal UE;
and the RS is used for acquiring a relevant authentication vector and user information of the terminal UE after the terminal UE is registered in the IMS network and an authentication request of the terminal UE for accessing the AS is redirected to the RS, thereby identifying whether the terminal UE is registered or not and generating a shared secret key when the terminal UE is confirmed to be registered.
7. The system of claim 6,
the terminal UE is configured to, when registering in the IMS network: the registration process in the IMS core network is completed by utilizing an SIP Digest terminal user registration mechanism;
when acquiring the relevant authentication vector and the user information of the terminal UE, the RS is configured to: if the AS is successfully authenticated, sending a request for acquiring an authentication vector to the HSS; and triggering the HSS to search and download the corresponding SIP Digest authentication vector and the user configuration information content according to the user identity identifier in the received request.
8. The system of claim 7, wherein the AS is further configured to cooperate with the RS to authenticate the AS; wherein,
the AS is used for: sending the public identity identifier of the user and the self identity identifier to the RS;
the RS is used for: authenticating the AS according to the identity identifier of the AS, and if the AS fails to authenticate, directly returning error information to the terminal UE by the RS; otherwise, the authentication vector of the terminal UE is obtained;
or, the AS is configured to: redirecting a user service request sent by a terminal UE and sending an RP authentication request to an RS address;
the RS is used for: authenticating the AS according to the AS identity identification information; if the AS authentication fails, the RS directly returns error information to the terminal UE; otherwise, the authentication vector of the terminal UE is obtained.
9. The system according to any of claims 6 to 8, wherein the RS, when determining whether the terminal UE is registered and generating the shared key, is configured to:
finding and identifying a registration identifier from the user information; if the identifier identifies that the terminal UE has successfully registered, the RS generates a random number and generates a shared secret key accordingly.
10. The system of claim 9, wherein the AS is further configured to obtain the shared secret key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100385335A CN102638440A (en) | 2011-02-15 | 2011-02-15 | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100385335A CN102638440A (en) | 2011-02-15 | 2011-02-15 | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102638440A true CN102638440A (en) | 2012-08-15 |
Family
ID=46622686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100385335A Pending CN102638440A (en) | 2011-02-15 | 2011-02-15 | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102638440A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104010290A (en) * | 2014-06-16 | 2014-08-27 | 武汉博睿达信息技术有限公司 | IMS application server selecting system and method based on user information |
| CN104038935A (en) * | 2013-03-06 | 2014-09-10 | 北京分享在线网络技术有限公司 | User authentication method and user authentication equipment based on mobile terminal smart card |
| WO2014176997A1 (en) * | 2013-08-19 | 2014-11-06 | 中兴通讯股份有限公司 | Method and system for transmitting and receiving data, method and device for processing message |
| CN111769939A (en) * | 2020-06-29 | 2020-10-13 | 北京海泰方圆科技股份有限公司 | Business system access method and device, storage medium and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022651A (en) * | 2006-02-13 | 2007-08-22 | 华为技术有限公司 | Combined right-discriminating construction and realizing method thereof |
| CN101448258A (en) * | 2007-11-26 | 2009-06-03 | 华为技术有限公司 | Judgment method of authentication mode for UE to access IMS and device thereof |
-
2011
- 2011-02-15 CN CN2011100385335A patent/CN102638440A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022651A (en) * | 2006-02-13 | 2007-08-22 | 华为技术有限公司 | Combined right-discriminating construction and realizing method thereof |
| CN101448258A (en) * | 2007-11-26 | 2009-06-03 | 华为技术有限公司 | Judgment method of authentication mode for UE to access IMS and device thereof |
Non-Patent Citations (2)
| Title |
|---|
| 3GPP TECHNICAL SPECIFICATION GROUP SERVICES AND SYSTEM ASPECTS: "《3GPP TS 33.203 V11.0.0》", 31 December 2010 * |
| ZTE CORPORATION: "《3GPP TSG SA WG3 #61 S3-101329》", 19 November 2010 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104038935A (en) * | 2013-03-06 | 2014-09-10 | 北京分享在线网络技术有限公司 | User authentication method and user authentication equipment based on mobile terminal smart card |
| WO2014176997A1 (en) * | 2013-08-19 | 2014-11-06 | 中兴通讯股份有限公司 | Method and system for transmitting and receiving data, method and device for processing message |
| US9882897B2 (en) | 2013-08-19 | 2018-01-30 | Xi'an Zhongxing New Software Co. Ltd. | Method and system for transmitting and receiving data, method and device for processing message |
| CN104010290A (en) * | 2014-06-16 | 2014-08-27 | 武汉博睿达信息技术有限公司 | IMS application server selecting system and method based on user information |
| CN111769939A (en) * | 2020-06-29 | 2020-10-13 | 北京海泰方圆科技股份有限公司 | Business system access method and device, storage medium and electronic equipment |
| CN111769939B (en) * | 2020-06-29 | 2021-02-09 | 北京海泰方圆科技股份有限公司 | Business system access method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9015819B2 (en) | Method and system for single sign-on | |
| EP3750342B1 (en) | Mobile identity for single sign-on (sso) in enterprise networks | |
| CN111147421B (en) | Authentication method based on general guide architecture GBA and related equipment | |
| CN101573934B (en) | Discriminating in a communication network | |
| US20110191842A1 (en) | Authentication in a Communication Network | |
| EP2245873B1 (en) | System and method of user authentication in wireless communication networks | |
| WO2007003140A1 (en) | An authentication method of internet protocol multimedia subsystem | |
| EP1414212A1 (en) | Method and system for authenticating users in a telecommunication system | |
| CN102196426A (en) | Method, device and system for accessing IMS (IP multimedia subsystem) network | |
| CN106465108A (en) | Cellular network authentication control | |
| US8726023B2 (en) | Authentication using GAA functionality for unidirectional network connections | |
| CN105763517A (en) | Router security access and control method and system | |
| CN106465109A (en) | Cellular Authentication | |
| US20230007481A1 (en) | Enhancement of authentication | |
| CN102638440A (en) | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network | |
| CN103051594A (en) | Method, network side equipment and system of establishing end-to-end security of marked net | |
| CN103888414B (en) | Data processing method and equipment | |
| CN103067345A (en) | Method and system for varied GBA guiding | |
| CN102694779B (en) | Combination attestation system and authentication method | |
| WO2006072209A1 (en) | A method for agreeing upon the key in the ip multimedia sub-system | |
| CN102264069B (en) | Authentication control method, device and system based on universal guide architecture | |
| WO2013004104A1 (en) | Single sign-on method and system | |
| US8181030B2 (en) | Bundle authentication system and method | |
| CN102638441A (en) | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network | |
| JP5165725B2 (en) | Method and apparatus for authenticating a mobile device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120815 |