The ue shall initiate the re registration on the

Info icon This preview shows pages 81–82. Sign up to view the full content.

View Full Document Right Arrow Icon
The UE shall initiate the re-registration on the reception of the Authentication Required indication. In the event that the UE does not initiate the re-registration procedure after the request from the S-CSCF, the S-CSCF may decide to de- register the subscriber or re-issue an Authentication-Required. N.2.5 Support for dynamic password change SIP Digest relies on the use of passwords. This clause specifies the requirements on the HSS and the S-CSCF for supporting a change of this password in a dynamic way, while not disrupting ongoing communication. A user and his home network may agree on a new password for SIP Digest by a secure password change mechanism, which is outside the scope of this specification. As part of this process, the new password will be stored in the HSS. It is assumed here that the new password is stored in the HSS only after the user confirmed receipt of the new password as part of the secure password change mechanism. NOTE 1: Such a secure password change mechanism may be e.g. realized through the use of an online portal. The HSS and the S-CSCF shall support the possibility for the HSS to push a new entry for the hash value H(A1), of the IMPI, realm and password to the S-CSCF currently serving the user. The HSS shall be able to send such a H(A1) push message at any time independent of other communication on the Cx interface. NOTE 2: It is recommended that the secure password change mechanism updates the password in the HSS with minimal delay, and the HSS sends such a push message to the S-CSCF immediately after the new password entry in the HSS has occurred in order to avoid the situation that a user has already taken the new password into use while the H(A1) is not yet available in the S-CSCF. When the S-CSCF receives a new H(A1) from the HSS via a push message it shall store the new H(A1) and take it into use at the next occasion. NOTE 3: The text in this clause does not preclude the possibility that the HSS initiates a user de-registration or the S-CSCF triggers a network-initiated authenticated re-registration when it suspects a password compromise. De-registration would result in the loss of ongoing sessions, while authenticated re- registration would not. Network-initiated authenticated re-registration as a measure against suspected password compromise would therefore only be acceptable if a reasonably fast password change mechanism was available. To avoid password synchronization problems during password change that could lead to service interruption, the following approach may be applied as an implementation option. When the S-CSCF receives a new H(A1) from the HSS via a push or pull message it may keep at most one already stored H(A1). If the S-CSCF has two H(A1) for the user then, if authentication using one of the H(A1) values fails, the S-CSCF may continue trying to verify the Digest response using the other H(A1) value. After a successful verification using the new H(A1) value, the S-CSCF should delete the old H(A1). If the S-CSCF has already two H(A1) stored, and yet another H(A1) is pushed or pulled to the S-
Image of page 81

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 82
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern