1. An unauthenticated user attempts IMS registration which is rejected by the I-CSCF with a 401 Unauthorized response.
2. The user equipment is challenged to authenticate with the network and establishes an IPSec security association.
3. The user then performs an authenticated IMS registration by sending a REGISTER request with an Authorization header indicating integrity protection is enabled. The I-CSCF forwards the request to the assigned S-CSCF.
1. An unauthenticated user attempts IMS registration which is rejected by the I-CSCF with a 401 Unauthorized response.
2. The user equipment is challenged to authenticate with the network and establishes an IPSec security association.
3. The user then performs an authenticated IMS registration by sending a REGISTER request with an Authorization header indicating integrity protection is enabled. The I-CSCF forwards the request to the assigned S-CSCF.
1. An unauthenticated user attempts IMS registration which is rejected by the I-CSCF with a 401 Unauthorized response.
2. The user equipment is challenged to authenticate with the network and establishes an IPSec security association.
3. The user then performs an authenticated IMS registration by sending a REGISTER request with an Authorization header indicating integrity protection is enabled. The I-CSCF forwards the request to the assigned S-CSCF.
I-CSCF Interfaces (IMS Registration for an Unauthenticated User)
Visited Network Internet Home Network
EventStudio System Designer 4.0 User Visited CN Visited IMS DNS Server Home IMS Home CN Equipment 24-Nov-07 18:36 (Page 1) Subscriber SGSN GGSN P-CSCF DNS Server I-CSCF S-CSCF HSS GPRS Attach PDP Context Activation Unauthenticated IMS Registration Attempt REGISTER P-CSCF adds a Via header and REGISTER sip:hims.net SIP/2.0, removes the Route header. The Via: SIP/2.0/UDP REGISTER message will be routed pcscf1.vims.net;branch=0aab1, Via: SIP/2.0/UDP to the IP address obtained from the UE-IP;branch=0abab, DNS response. Note that the Max-Forwards: 19, From: integrity protection flag is set to <sip:name@hims.net>;tag=abbb, false to signify that the user has not To: <sip:name@hims.net>, Contact: been authenticated. <sip:[UE-IP]>;expires=90000, Call-ID: ababab, CSeq: 25 REGISTER, Content-Length: 0, Authorization: Digest username = name.private@hims.net integrity protection: no
User Authorization Request Query the HSS to assign the
name.private@hims.net S-CSCF.
User Authorization Answer HSS replies with the S-CSCFs.
S-CSCF Name, S-CSCF Capabilities
Select S-CSCF I-CSCF selects the S-CSCF based on
the S-CSCF capabilities. REGISTER The I-CSCF forwards the REGISTER REGISTER sip:hims.net SIP/2.0, message to the selected S-CSCF. Via: SIP/2.0/UDP icscf1.hims.net;branch=0aab2, Via: SIP/2.0/UDP pcscf1.vims.net;branch=0aab1, Via: SIP/2.0/UDP UE-IP;branch=0abab, Route: sip:scscf1.hims.net, Max-Forwards: 18, From: <sip:name@hims.net>;tag=abbb, To: <sip:name@hims.net>, Contact: <sip:[UE-IP]>;expires=90000, Call-ID: ababab, CSeq: 25 REGISTER, Content-Length: 0, Authorization: Digest username = name.private@hims.net integrity protection: no
401 Unauthorized The user is currently not
WWW-Authenticate: authenticated, so the registration nonce=RAND-AUTN, ck, ik, request is rejected. The terminal is Via: icscf1, pcscf1, ue-ip challenged to authenticate the user. RAND, AUTN, CK and IK are passed in the WWW-Authenticate header. 401 Unauthorized Pass the message to the P-CSCF. WWW-Authenticate: CK and IK are carried in the nonce=RAND-AUTN, ck, ik, WWW-Authenticate header. Via: pcscf1, ue-ip
IPSec Security Association Establishment
Authenticated IMS Registration REGISTER Pass the REGISTER message to the Via: pcscf1 UE-IP;UE-Server-Port, I-CSCF. This time the Authorization Contact: UE-IP ue-server-port, header indicates that integrity Authorization: Digest username = name.private@hims.net protection is enabled. response=RES integrity protection: yes, RES
User Authorization Request Query the HSS to assign the
name.private@hims.net S-CSCF.
User Authorization Answer HSS replies with the S-CSCFs.
S-CSCF Name, S-CSCF Capabilities I-CSCF Interfaces (IMS Registration for an Unauthenticated User) Visited Network Internet Home Network EventStudio System Designer 4.0 User Visited CN Visited IMS DNS Server Home IMS Home CN Equipment 24-Nov-07 18:36 (Page 2) Subscriber SGSN GGSN P-CSCF DNS Server I-CSCF S-CSCF HSS REGISTER The SIP REGISTER message is Via: icscf1 pcscf1 finally delivered to the S-CSCF. UE-IP;UE-Server-Port, Contact: UE-IP ue-server-port, Authorization: Digest username = name.private@hims.net response=RES integrity protection: yes, RES
200 OK The RES and the XRES matched, so
Via: icscf1, pcscf1, the S-CSCF replies with success. UE-IP;UE-Server-Port