With the development of broadband network, mobile communication is not just limited to traditional voice communication. By integrating with data services like Presentation Services, Short Messages, WEB Browing, location information, PUSH services and file sharing, mobile communication can implement all kinds of media services such as audio, video, images and texts so as to meet various demands of subscribers.
With the purpose of implementing various multimedia applications by making use of a standardized open structure in mobile networks to provide more choices and richer tastes for subscribers, the framework of an IP-based Multimedia Subsystem (IMS) is put forward by the Third Generation Partnership Project (3GPP), the Third Generation Partnership Project 2 (3GPP2) and the like.
The IMS framework is superimposed upon the packet domain network, wherein entities relevant to authentication comprise a Call Session Control Function (CSCF) entity and a Home Subscriber Server (HSS) functional entity.
The CSCF entity comprises three logical entities, namely Serving CSCF (S-CSCF), Proxy CSCF (P-CSCF) and Inquiry CSCF (I-CSCF), wherein these three logical entities may be located in different physical equipments or different functional modules inside one physical equipment. As the service switching center of IMS, S-CSCF is used to perform session control, maintain session states, manage subscriber information and generate charging information, etc; as the access point of terminal to IMS, P-CSCF is used to fulfill subscriber registration, Quality of Service (QoS) control and security management, etc; I-CSCF is in charge of intercommunication between IMS domains, managing S-CSCF allocation, concealing network topology structure and configuration information from externals, generating charging data and so on. HSS is a subscriber data bank with great importance and is used for supporting each network entity to process callings and sessions.
IMS is based on the third generation mobile communication network and offers abundant services, accordingly responding to operators' demands of utilizing IMS on the second-generation (2G) network. However, IMS functions with respect to security based on the third-generation (3G) network, such as the access authentication based on IMS layer, are not supported by 2G network, therefore, a transitional authentication scheme for 2G network adopting IMS services emerges in the prior art, wherein the authentication scheme is also called Early-IMS-based authentication scheme or IP-based authentication scheme and provides certain security functions for 2G subscribers to apply IMS services. When the network is updated to 3G network, full 3G-based authentication mode, namely Full-IMS-based authentication mode, will be applied.
When applying IMS, the prior 2G-based authentication mode, namely the Early-IMS-based authentication scheme, is as follows:
First of all, a user equipment (UE) is accessed to 3GPP Packet Section-Domain (PS-Domain), wherein the PS-Domain network will authenticate the subscriber; and if the subscriber passes the authentication, Gateway GPRS Supporting Node (GGSN) of PS-Domain network will allocate an IP address for the subscriber to apply when enjoying the IMS services. GGSN notifies the IP address and telephone number (MSIDSN) to HSS via intermediate entities. HSS looks up the subscriber's IP Multimedia Private Identity (IMPI) in the IMS through the MSIDSN and bonds the information like the subscriber's IMPI, MSISDN, IP address and the like for storage. When the subscriber needs to utilize IMS, the UE will firstly send a Message of register request that is forwarded to S-CSCF via an intermediate entity, then S-CSCF obtains the bond relationship between the subscriber's IMPI and IP address from HSS and stores the relationship, and then S-CSCF checks whether the IMPI and the used IP address from UE match the self-stored IMPI and IP address; if yes, the UE will be determined as legal and get access to use IMS services, otherwise, the 2G-based UE will be determined as illegal and rejected.
When applying IMS, the prior 3G-based authentication mode, namely the authentication scheme supporting Full-IMS-based subscriber, is as follows:
the UE is accessed to 3GPP PS-Domain. If the UE passes the authentication of PS-Domain, GGSN will allocate an IP address for the subscriber to establish a connection. If the subscriber needs to utilize IMS services, the UE will send a Register message in IMS domain and the message is forwarded to S-CSCF, then S-CSCF requests HSS for an authentication vector to perform IMS service authentication to the subscriber by utilizing an Authentication and Key Agreement (AKA) protocol. If the authentication is successful, the subscriber will be allowed to access IMS services; otherwise the subscriber will be rejected.
Although both 2G-based subscribers and 3G-based subscribers can access and apply IMS services, and 2G-based IMS access mode and 3G-based IMS access mode are compatible, the existing problem is that, as to a system updated to 3G, the core network in IMS cannot decide which authentication mode should be adopted to authenticate the subscriber after receiving the subscriber's Message of register request, and will directly apply 3G-based authentication mode to authenticate the subscriber. In this way, a legal 2G-based subscriber cannot get access, since the authentication modes for the 2G-based subscribers are different from those for 3G-based subscribers. Further, failing to pass the 3G-based authentication, the 2G-based subscribers will be determined as illegal, which leads to inaccurate rejection of legal subscribers and poor error tolerant ability of the network.