计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (32): 101-104.DOI: 10.3778/j.issn.1002-8331.2008.32.030

• 网络、通信、安全 • 上一篇    下一篇

IMS中的一种跨域信任机制

王晓雷,郭云飞,胡金萍   

  1. 国家数字交换系统工程技术研究中心,郑州 450002
  • 收稿日期:2007-12-10 修回日期:2008-03-25 出版日期:2008-11-11 发布日期:2008-11-11
  • 通讯作者: 王晓雷

Cross-Domain trust mechanism in IMS

WANG Xiao-lei,GUO Yun-fei,HU Jin-ping   

  1. National Digital Switching System Engineering & Technological Research Center,Zhengzhou 450002,China
  • Received:2007-12-10 Revised:2008-03-25 Online:2008-11-11 Published:2008-11-11
  • Contact: WANG Xiao-lei

摘要: 分析了IMS中媒体层、控制层和应用层的认证机制,针对IMS用户漫游时跨域认证造成开销过大的问题,在IMS控制层提出了一种跨域信任机制。该机制通过在HSS和S-CSCF中增加信任证书数据库、证书目录、声明发生器和标签提取器四个功能模块,实现了用户漫游时的单次认证策略,减小了因重复认证造成的开销。利用Open SER实现了IMS中各个实体的功能,搭建了简易的IMS仿真环境,然后在仿真网络中对跨域信任机制进行验证。仿真结果表明,跨域信任机制减少了0.417 7 s的时间开销。

关键词: IP多媒体子系统, 跨域认证, 信任机制, 开销

Abstract: Analyzed the authorization mechanism of media layer,control layer and application layer in IMS.To the problem of overhead of Cross-Domain authorization when UE roaming in IMS,proposed a Cross-Domain trust mechanism of the control layer in IMS.The Cross-Domain trust mechanism added four functional modules which are trust certificate database,certificate directory,assertion generator and tag extractor.The trust mechanism realized the single-authorization strategy to UE,and reduced the cost of repeat authorization.Using Open SER realized the function of each entity in IMS and built a simple simulation network,and then did simulation of Cross-Domain trust mechanism in the network.The simulation result shows that the Cross-Domain trust mechanism reduces 0.417 7 s of time cost.

Key words: IP Multimedia Subsystem(IMS), Cross-Domain security, trust mechanism, cost