The IP Multimedia Subsystem (IMS) is an architectural framework for delivering Internet Protocol (IP) multimedia to mobile users. An IMS network is typically divided into an access domain and a network domain, each having its own security specification. A user may access an IP network via the access network of an access network provider, and then access different services, such as voice, video and streaming media, through one or more service networks provided by one or more service network providers.
Authentication in an IMS network is typically based on the known Authentication and Key Agreement (AKA) mechanism AKA is a security protocol typically used in 3G networks. AKA is a challenge-response based authentication mechanism that uses a shared secret and symmetric cryptography. AKA results in the establishment of a security association (i.e., a set of security data) between the user equipment and the IMS network that enables a set of security services to be provided to the user.
Public cryptography has not been widely employed in the telephony domain. There is a growing trend, however, to employ a public key infrastructure (PKI) for authentication in the telephony domain, such as in IMS networks. While public cryptography techniques can significantly improve the security of an IMS network, there are a number of technical considerations that have previously limited the use of public cryptography techniques in IMS networks. In particular, there is a concern that the private keys can be recovered from the allegedly “secure” volatile memory contained in the user equipment. Thus, any solution that would allow even temporary storage of private keys in a terminal memory is deemed unacceptable.
A need therefore exists for end user-to-network authentication based on the Public Key Infrastructure (PKI) within an IMS network. Another need exists for methods and apparatus for authenticating a user in an IMS network that ensure that the private keys are stored on a secure smart card or another secure memory. Yet another need exists for methods and apparatus for authenticating a user in an IMS network that ensure that all computations that involve the private keys are performed on the secure smart card or another secure processor.