Content for TS 23.292 Word version: 17.0.0
1…
4…
5…
7…
7.2…
7.3…
7.3.2.2…
7.3.2.2.4…
7.4…
7.4.2.2…
7.4.2.2.3…
7.4.2.2.7…
7.5…
7.6…
7.6.1.2.2.6…
7.6.1.2.3…
7.6.1.2.3.5…
7.6.1.2.3.6…
7.6.2…
7.6.2.7
7.6.2.8…
7.6.2.11…
7.6.3…
7.7…
7.7.2…
7.9…
7.9.2…
7.9.2.4
7.9.2.5
8…
A…
G…
H…
H.5…
H.5.3…
G Combined CS Access Authentication and IMS Registration Procedure for non-roaming UEs
G.1 General
G.2 Procedure for registration utilizing IMS Authorization
...
...
G (Normative) Combined CS Access Authentication and IMS Registration Procedure for non-roaming UEs |R14| p. 125
G.1 General p. 125
An MSC enhanced for ICS may support the Combined CS Access Authentication procedure. This procedure enables to authenticate and register all users accessing a network via CS access within the IMS domain as the only service domain. When this is done this Annex is used instead of clause 7.2.1.1.
If the MSC enhanced for ICS supports the Combined CS Access Authentication all users within this MSC domain shall be authenticated utilizing this procedure.
The main additional function of MSC Server enhanced for ICS is:
- Receiving 3G CS authentication parameters from the S-CSCF.
G.2 Procedure for registration utilizing IMS Authorization p. 125
Figure G.2-1 describes how IMS registration is performed by the MSC Server upon receiving of a Location Update Request.
Figure G.2-1: Procedure for registration utilizing IMS Authorization
(⇒ copy of original 3GPP image)
(⇒ copy of original 3GPP image)
Step 1.
The UE sends a Location Update Request towards CS network.
Step 2-3.
Upon receipt of location update request, MSC Server enhanced for ICS performs standard identity request if needed.
Step 4.
The MSC Server enhanced for ICS decides to initiate IMS registration for this subscriber and derives a domain name from the subscriber's identity (e.g. IMSI) and discovers the address of the appropriate I-CSCF/IBCF.
Step 5-7.
The I-CSCF verifies that the incoming REGISTER origins from a trusted MSC Server (in the same way it would check that a normal REGISTER origins from a trusted P-CSCF). The I-CSCF compares the MNC/MCC in the IMPI/IMPU to detect whether the UE is an inbound roamer or not. For HPLMN subscribers the I-CSCF selects the HSS and for inbound roamers follows the procedure in Annex H, clause H.5.2.3.1.
For HPLMN SeDoC subscribers, the I-CSCF indicates to the HSS that the REGISTER is coming from an MSC and the HSS selects the appropriate S-CSCF which is able to handle the CS authentication. The I-CSCF initiates standard procedures for S-CSCF location/allocation and forwards the REGISTER to S-CSCF.
Step 8-9.
The S-CSCF identifies the REGISTER as being from the MSC Server enhanced for ICS.
During these procedures, authentication parameters for a given subscriber will be carried. The parameters contain an Authentication Quintuplet (Rand, Xres, Ck, Ik, Autn).
Step 10-11.
The S-CSCF sends a SIP 401 i.e. an authentication challenge towards the UE including the challenge RAND, the authentication token AUTN, and also the integrity key IK and the cipher key CK to MSC Server enhanced for ICS.
Step 12.
Upon receipt of 401 from IMS, MSC Server enhanced for ICS initiates the authentication procedure by transferring an AUTHENTICATION REQUEST message across the radio interface. The AUTHENTICATION REQUEST message contains the parameters necessary to calculate the response parameters.
Step 13.
The UE processes the challenge information and sends back an AUTHENTICATION RESPONSE message to the network.
Step 14.
The MSC Server enhanced for ICS should send REGISTER with authentication result (XRES) to I-CSCF.
Step 15-21.
I-CSCF forwards the authentication response to the S-CSCF. Upon receiving the message, the S-CSCF check the authentication response sent by the UE. If the user has been successfully authenticated, the S-CSCF sends 200 OK to MSC Server enhanced for ICS via I-CSCF.
Step 22.
On receiving a 200 (OK) response to the REGISTER request, the MSC Server enhanced for ICS generates a TMSI for the UE and sends Location Update Accept towards the UE.
