Encryption prevents unauthorized users from gaining access into the network. There
should be a mechanism for authenticating everyone who enters the network. Knowing
that subscribers really are who they say they are requires authentication. However,
authentication each and every time a subscriber accesses the network is not really
efficient. It would require a lot of network resources and tie up the S-CSCF. Once a
device is registered in the network, it has already been authenticated. There should be
a means of identifying that the subscriber has been authenticated, so that the process
is not repeated every time that subscriber establishes a session.
SIP provides an additional header that is inserted into the SIP message after authentication.
The P-ASSERTED-IDENTITY is a trusted header indicating that the
authentication process has already been completed, and the URI contained in this
header has been verified as the true identity of the subscriber. This header is used by
all IMS entities within a trusted domain instead of the FROM header, which is not to
be trusted.
The 3GPP added this header because they recognized it was not efficient to authenticate
for every session. It can also be used to identify the true user identity of a device
where the FROM header indicates something else.
If a subscriber has implemented privacy features (as indicated in the SIP message),
the P-ASSERTED-ID is still provided within the host network, but it is removed prior
to sending to other networks.
Pages:
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316