Along with the development of broadband networks, demands for mobile communications go beyond voice communication. By combining with services such as presence, short message, WEB browsing, positioning information, push-to-talk (PUSH) and file sharing, mobile communication can provide multiple media type services, such as audio, video, picture and text to meet various demands of the user.
For example, the short message service may provide such service as instant messaging, chat room, and multimedia short message; the video service may provide such services as entertainment, multimedia information, and daily communication; an e-business service may provide such service as catalog, search engine, shopping cart, order management and payment; a game service may provide such services as single player game and group game; a positioning service may provide such services as person searching, guiding and alarm; a personal assistant service may provide such services as address book, schedule, book mark management, file storing, event reminder and e-mail.
Under the promotion of various applications, 3rd Generation Partnership Project (3GPP) and 3rd Generation Partnership Project 2 (3GPP2) successively put forward IMS architecture, the objective thereof is to provide a standard open structure in mobile networks to implement various multimedia applications, to provide the user with more selections and richer experience.
As shown in FIG. 1, the IMS is essentially an overlay to the Packet Service Domain (PS-Domain). IMS security architecture includes a Call Session Control Function (CSCF) and a Home Subscriber Server (HSS). The CSCF may include a Serving-CSCF (S-CSCF), a Proxy-CSCF (P-CSCF) and an Interrogating-CSCF (I-CSCF), which may reside in different physical devices or in one physical device. The S-CSCF is a session routing control center of the IMS and is used for performing a session control, maintaining session status, managing user information and generating charging information. The P-CSCF functions as an access point for the user, and is used for performing user registration, controlling Quality of Service (QoS) and conducting security management. The I-CSCF is in charge of the inter-working between the IMS domains, managing S-CSCF assignment, hiding the internal network topology and configuration information and generating charging data. The HSS is a very important user database, and assistants the CSCFs with call processing and session processing.
At the beginning of the IMS (R5 version protocol), the IMS is only used in the 3rd generation mobile communication network. For the richer services of the IMS, the demand of using the IMS in 2G networks are required by the operators. However, it is impossible for the 2G network to support the 3G-based IMS security function. In order to provide the IMS services to users of the 2G network, TR33.878/TR33.978 has defined an Early IMS security mechanism, which provides certain IMS security functions for the IMS services in the 2G network. When the 2G network is upgraded to 3G, full IMS security functions are supported.
The existing IMS security implementation in a 2G network may include followings. A user accesses a 3GPP PS domain network, and the 3GPP PS domain network authorizes the user. When the authorization is successful, a Gateway GPRS Support Node (GGSN) of the PS domain network allocates to the user an IP address which is used when the user uses the IMS services. The GGSN sends the IP address and a Mobile Subscriber ISDN Number (MSISDN) or an International Mobile Subscriber Identity (IMSI) of the user to an HSS via an intermediate entity. The HSS finds an IP Multimedia Private Identity (IMPI) of the user according to the MSISDN or the IMSI, creates a secure binding between the IMPI, MSISDN and the IP address allocated and stores the security binding. When the user wants to use an IMS service, the user sends a registration request (REGISTER) to an S-CSCF through an intermediate entity. The S-CSCF obtains the secure binding from the HSS, stores the secure binding, and checks whether the IP address and the IMS identifier in the registration request from the user match the security binding stored in the HSS. If the IP address and the IMS identifier in the registration request from the user match the security binding stored in the HSS, the S-CSCF determines that the user is a legal user and allows the user to use the IMS service; otherwise, the S-CSCF determines that the user is an illegal user, and rejects the registration request of the user. When the user releases the IP address, it is necessary for the GGSN to send a message to notify the HSS. The HSS may initiate a de-registration procedure at the network side triggered by the message sent from the GGSN.
When the Full 3GPP compliant authorization method is used, the I-CSCF needs to distinguish whether the registration request from the user is an initial registration or a re-registration. Sometimes, when the I-CSCF sends a Session Initiation Protocol (SIP) registration message to the S-CSCF, the S-CSCF may not give a response due to the S-CSCF failure or other reasons, thus the I-CSCF needs to distinguish initial and non-initial REGISTER messages by using certain information included in an Authorization header of the SIP registration message. If the registration message is an initial registration, the I-CSCF may select a new S-CSCF for sending the registration message. If the registration is not an initial registration, the I-CSCF returns a 408 (Request Timeout) response or a 504 (Server Time-out) response to the user, rather than selecting a new S-CSCF.
Due to the fact that the Authorization header is not included in the registration request in early IMS security, and IP Security protocol (IPSec) security associations are not set up between the UE and the P-CSCF, it is impossible to determine whether the registration message is an initial registration or a re-registration according to whether the registration message is a protected register. When the S-CSCF selected by the I-CSCF can not be accessed, the I-CSCF is unable to decide whether the SIP registration message received is an initial registration or a subsequent registration. Network elements which need to distinguish whether the registration is an initial registration or a re-registration are unable to determine subsequent handling procedures. Therefore, we need a solution on the current 3GPP Early IMS protocol.