This section is intended to provide a background or context to the invention that is recited in the claims. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, what is described in this section is not prior art to the description and claims in this application and is not admitted to be prior art by inclusion in this section.
The Telecom and Internet Converged services and Protocols for Advanced Networks (TISPAN) provides user authentication concepts for IP Multimedia Subsystem (IMS) based services. TISPAN has introduced Network Attachment Subsystem (NASS) bundled authentication (NBA) that uses network-recognized access information, particularly the line-id, for authentication purposes. The line-id is obtained by a Proxy Call Session Control Function (P-CSCF) from the access network and delivered to the Serving Call Session Control Function (S-CSCF) by the P-CSCF in the P-Access-Network-Info header to be used as a base for authentication purposes. However, this approach is less than ideal.
First, the P-Access-Network-Info header, as currently defined in RFC3455, is generally designated for carrying information from user equipment (UE) to the network (NW). This header is not configured for carrying access-info from one network element to another. In fact, this type of usage is specifically prohibited by RFC3455.
In addition, introducing this deviation in handling of the P-Access-Network-Info (P-A-N-I) into the P-CSCF can cause compatibility problems and even security holes in the system when both “NBA-aware” and legacy “Non-NBA-aware” P-CSCFs (such as ones presented in already deployed 3GPP R5/R6 systems) co-exist. As illustrated in FIG. 1, a UE attached to a legacy P-CSCF can put false line-id information into the P-A-N-I. In this case, the legacy P-CSCF will not touch the P-A-N-I, so this false line-id information can make it to the S-CSCF. If the S-CSCF uses this false information as a basis for NBA, then the offending UE may get authenticated based on this false information. Even if the offending UE were attached to an “NBA-aware” P-CSCF, the P-CSCF would be required to screen the content of all P-A-N-I in order to block the attached. This could adversely impact system performance.
As such, there is a need for improved authentication systems and methods which address the compatibility, security and performance problems of current solutions.