The Third Generation Partnership Project, 3GPP, has specified Multimedia Telephony services (MMTel) as a service framework used within converged cellular and fixed networks based on IP (Internet Protocol) technology and with the Session Initiation Protocol (SIP) as the signaling protocol. Associated with telephony services are a number of supplementary services such as call waiting, call diversion and call barring. Within MMTel, these services can be configured by the user using Hypertext Transfer Protocol (HTTP) over the Ut interface. In order to protect the configuration some services could need a password to allow configuration. As an example, a parent might pay for their children's subscriptions and want to bar some services, e.g. expensive services or services with adult content. In existing technology, such as GSM and 3G systems, a password can be used for such configuration.
In MMTel, the configuration data consists of a specified XML document with a standardized content. The configuration consists of manipulating this document using XCAP mechanisms as described in IETF RFC 4825.
There is currently no option for the provision of a password or personal identification number across the Ut interface between the user equipment and the application server. The obvious solution to the problem would be the inclusion of the password or PIN into the XML document. However, this leads to a problem in that everyone who has reading rights to the XML document would also have access to the password or PIN.