1. Field of the Invention
The invention is related to the field of communication networks and, in particular, to authenticating a communication device in an IMS network and also authenticating a user of the communication device.
2. Statement of the Problem
One type of communication network gaining popularity is an IP Multimedia Subsystem (IMS) network. As set forth in the 3rd Generation Partnership Project (3GPP), IMS provides a common core network having access-agnostic network architecture for converged networks. The access network between a communication device and the IMS network may be a cellular network, a WLAN (e.g., a WiFi or a WiMAX network), or another type of access network. The IMS architecture is initially defined by the 3GPP to provide multimedia services to communication devices over an Internet Protocol (IP) network, as IP networks have become the most cost savings bearer network to transmit video, voice, and data. Service providers are accepting this architecture in next generation network evolution.
Before a communication device receives service from the IMS network, the communication device attempts to register with the IMS network. To register, the communication device transmits a register message, such as a SIP REGISTER message, to the IMS network. Responsive to the register message, the IMS network attempts to authenticate the communication device. The 3GPP has defined standards to specify the rules and procedures for authenticating a communication device. For instance, the 3GPP specifications TS 33.203 and TS 33.102 describe an IMS AKA authentication method and IPsec that may be used to authenticate a communication device. The 3GPP specifications can be found at “www.3gpp.org”. For the AKA authentication method, the IMS network and the communication device each store a secret key. The IMS network generates an authentication token based on the secret key, and transmits the authentication token to the communication device. The communication device authenticates the IMS network based on the secret key and the authentication token. The communication device then generates an authentication response based on the secret key and transmits the authentication response to the IMS network. The IMS network processes the authentication response to authenticate the communication device.
Through the AKA authentication method and other methods, the communication device is authenticated so that the IMS network may provide service to the communication device. When the communication device receives service, virtually any individual may use the communication device. One problem is that there is no effective way to monitor, determine, or control which individual is using the communication device. This may especially be a problem for communication devices used by public safety organizations or other public organizations. A communication device of a public organization may be shared amongst multiple authorized individuals, and it may be desirable to ensure that unauthorized users are not allowed to use these communication devices. It may also be desirable to limit usage of a public communication device to a selected number of authorized individuals.