The Universal Mobile Telecommunications System (UMTS) is a third generation wireless system designed to provide higher data rates and enhanced services to subscribers. UMTS is a successor to the Global System for Mobile Communications (GSM), with an important evolutionary step between GSM and UMTS being the General Packet Radio Service (GPRS). GPRS introduces packet switching into the GSM core network and allows direct access to packet data networks (PDNs). This enables high-data rate packet switched transmissions well beyond the 64 kbps limit of ISDN through the GSM call network, which is a necessity for UMTS data transmission rates of up to 2 Mbps. UMTS is standardised by the 3rd Generation Partnership Project (3GPP) which is a conglomeration of regional standards bodies such as the European Telecommunication Standards Institute (ETSI), the Association of Radio Industry Businesses (ARIB) and others. See 3GPP TS 23.002 for more details.
The UMTS architecture includes a subsystem known as the IP Multimedia Subsystem (IMS) for supporting traditional telephony as well as new IP multimedia services (3GPP TS 22.228, TS 23.228, TS 24.229, TS 29.228, TS 29.229, TS 29.328 and TS 29.329 Releases 5 to 7). IMS provides key features to enrich the end-user person-to-person communication experience through the use of standardised IMS Service Enablers, which facilitate new rich person-to-person (client-to-client) communication services as well as person-to-content (client-to-server) services over IP-based networks. The IMS is able to connect to both PSTN/ISDN (Public Switched Telephone Network/Integrated Services Digital Network) as well as the Internet.
IMS provides a dynamic combination of voice, video, messaging, data, etc. within the same session. By growing the number of basic applications and the media which it is possible to combine, the number of services offered to the end users will grow, and the inter-personal communication experience will be enriched. This will lead to a new generation of personalised, rich multimedia communication services, including so-called “combinational IP Multimedia” services.
The IMS makes use of the Session Initiation Protocol (SIP) to set up and control calls or sessions between user terminals (or user terminals and application servers). SIP makes it possible for a calling party to establish a packet switched session to a called party (using so-called SIP User Agents, UAs, installed in the user terminals) even though the calling party does not know the current IP address of the called party prior to initiating the call. The Session Description Protocol (SDP), carried by SIP signaling, is used to describe and negotiate the media components of the session. Whilst SIP was created as a user-to-user protocol, IMS allows operators and service providers to control user access to services and to charge users accordingly. The 3GPP has chosen SIP for signaling between a User Equipment (UE) and the IMS as well as between the components within the IMS.
Specific details of the operation of the UMTS communications network and of the various components within such a network can be found from the Technical Specifications for UMTS that are available from http://www.3gpp.org. Further details of the use of SIP within UMTS can be found from the 3GPP Technical Specification TS 24.228 V5.8.0 (2004-03).
FIG. 1 of the accompanying drawings illustrates schematically how the IMS fits into the mobile network architecture in the case of a GPRS/PS access network (IMS can of course operate over other access networks). Call/Session Control Functions (CSCFs) operate as SIP proxies within the IMS. The 3GPP architecture defines three types of CSCFs: the Proxy CSCF (P-CSCF) which is the first point of contact within the IMS for a SIP terminal; the Serving CSCF (S-CSCF) which provides services to the user that the user is subscribed to; and the Interrogating CSCF (I-CSCF) whose role is to identify the correct S-CSCF and to forward to that S-CSCF a request received from a SIP terminal via a P-CSCF.
The current 3GPP IMS specifications mandate the use of IMS Authentication and Key Agreement (IMS-AKA) procedures for authentication of users to the IMS network. These procedures are described in 3GPP TS 24.229 and 33.203. Using this approach, a private user identity (IMPI) and one or more public user identities (IMPU) are allocated to the user by the operator. In order to participate in multimedia sessions, the user must register at least one IMPU with the network. The identities are then used by the network to identify the user during the registration and authentication procedure (the IMPI is used to locate the subscriber information, such as user credentials, while the IMPU specifies the user identity with which the user would like to interact, and to which specific services should be tied). The IMPI and IMPUs are stored in an IMS Services Identity Module (ISIM) application on a UMTS Integrated Circuit Card (UICC) at the user's terminal.
Each IMPU is associated with a so called Service Profile. The Service Profile is a collection of service and user related data, which includes, among other things, the Initial filter criteria that provide a simple service logic for the user (i.e., it defines a set of IMS services the public user identity will be able to use).
A user's IMPUs can be grouped into Implicit Registration Sets (IRS). When the user registers any of the IMPUs within an IRS, all other (non-barred) IMPUs within that IRS are also registered in the network. During the registration procedure, the user's terminal is informed about the complete set of IMPUs which were registered in the network as a result of the registration procedure. The terminal may then use any of these IMPUs to originate outgoing communication and can expect to receive incoming communication to any of these IMPUs.
The 3GPP data model outlined in 3GPP TS 23.228 shows that it is possible to define more than one IRS for a single user, when using a USIM or ISIM with the IMS AKA procedures. These can be used to define, for example, a set of work related identities and a set of personal related identities for a user, where the two sets may be registered independently by the user. For example, the work identities may be registered during office hours only, while the personal identities are always registered.
To serve a new subscriber, the operator needs to provision some user related information into the network. This information includes all IMPIs, IMPUs, IRSs and service profiles that the subscriber will be allowed to use. For the subscriber to be able to use the services provided by the operator's IMS network, the terminal needs to be able to provide one IMPI and one IMPU during the registration procedure. When using IMS AKA with ISIM, all IMPIs and at least one IMPU per IRS need to be stored in the ISIM on the UICC.
The 3GPP has also proposed an alternative mechanism, known as “Early IMS Security” (in 3GPP TR 33.978), by which terminals can be allowed to register in an IMS network without using IMS-AKA. This alternative mechanism does not require the use of an ISIM. Using this solution, identities required by the network to identify the user during registration are not stored on the UICC. Instead they are derived from the International Mobile Subscriber Identity (IMSI) of the user, which is stored in a Subscriber Identity Module (SIM) or Universal Subscriber Identity Module (USIM) application. A specific algorithm has been proposed for deriving an IMPI and IMPU, to be used during registration, from the IMSI. The IMPI and IMPU derived from the IMSI are then registered in the network. When the terminal has derived these identities they may be stored in the terminal, but this is optional as they can always be derived/generated from the IMSI (which is stored on the SIM/USIM) when needed. The derived IMPU is also referred to as a “Temporary IMPU”.
It will be noted that the IMSI is considered secret information. Since the Temporary IMPU is derived from the IMSI, the Temporary IMPU is not allowed to be used for any purpose other than registration. Instead, the mechanism relies on the fact that this Temporary IMPU is barred and belongs to an IRS that includes other non-barred IMPUs. These other non-barred IMPUs are provided to the terminal by the network during the registration procedure, to be used for subsequent communication with the network. These other IMPUs need to be provisioned by the operator when creating the subscription. The network will only allow a barred IMPU to be used during the registration procedure. It will reject subsequent communication attempts using a barred IMPU.
When Early IMS Security is operated, a single IMPI is derived from the user's IMSI and stored in the SIM or USIM. Only a single IRS can be registered using a specific USIM. If it is desired to register a set of work identities and a set of personal identities using the same SIM/USIM, all these identities have to be included in the same IRS. This means that they must all share the same registration status; it is not possible to register the personal identities but not the work identities.