The IP multimedia subsystem (IMS) is a network functional architecture for helping with the establishment and deployment of multimedia services. The IMS supports interoperability and network convergence, allows network operators to play a key role in flow distribution, and is therefore like a data pipeline.
The IMS is drafted and designed by the 3rd generation partnership project (3GPP) of the wireless standard working group at the very beginning as a part of the network evolution of the global system for mobile communications (GSM). The initial standard (3GPP R5) is used for providing interne multimedia services on the general packet radio service (GPRS). Through constant updating and revision thereafter, the standard is applicable to the networks such as GPRS, wireless LAN (WLAN), TD network, wideband code division multiple access (WCDMA) network, CDMA2000 and fixed network and so on. The IMS can realize the convergence of the fixed network and the mobile network.
IMS security relates to a plurality of network elements of an IMS core network. For a terminal, the IMS security mainly aims at establishing a security link between the terminal and a proxy-call session control function (P-CSCF) of the IMS.
FIG. 1 is a schematic diagram of the layered structure of the IMS security network according to the related art. As shown in FIG. 1, according to the layered model of the network, the IMS security of the terminal comprises access layer security, network layer security, transport layer security and application layer security. In the above, the application layer security provides bidirectional authentication for the user identity, and is realized mainly through the authentication and authorization of the IMS message digest registered by the IMS and the IMS authentication and key agreement (IMS-AKA); the transport layer security is realized through the transport layer security/secure socket layer (TLS/SSL); the network layer security is realized through IP security (IPsec); and the access layer security varies according to different network access modes, and for the WLAN, it mainly comprises the 802.111 of IEEE and the WAPI Of a Chinese national standard. The WAPI adopts public key encryption system, and uses an authentication service unit (ASU) to realize the bidirectional authentication and confidential transmission between a WLAN terminal and an access point (AP).
When a mobile terminal with the WAPI functions accesses the IMS, if the above-mentioned multiple security mechanisms are adopted at the same time, security redundancy will be caused, with the result that the quality of service (QoS) is reduced (e.g. the network delay is increased) and the resource consumption is increased (e.g. the power consumption of the terminal is increased). For the problem of how to realize the security mechanisms without causing the security redundancy when the WAPI terminal accessing the IMS system, no effective solution has been proposed in the related art.