1、 International Telecommunication Union ITU-T J.262TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2009) SERIES J: CABLE NETWORKS AND TRANSMISSION OF TELEVISION, SOUND PROGRAMME AND OTHER MULTIMEDIA SIGNALS IPCablecom Specifications for authentication in preferential telecommunications over IPCab
2、lecom2 networks Recommendation ITU-T J.262 Rec. ITU-T J.262 (10/2009) i Recommendation ITU-T J.262 Specifications for authentication in preferential telecommunications over IPCablecom2 networks Summary Recommendation ITU-T J.262 is one of a series of Recommendations to enable support for preferentia
3、l telecommunication services over IPCablecom networks. It defines the specifications for authentication in preferential telecommunications over IPCablecom2 networks. These specifications satisfy the requirements defined in Recommendation ITU-T J.260. The essential aspects of preferential telecommuni
4、cations over IPCablecom2 can be grouped into two areas: prioritization and authentication. This Recommendation defines specifications for authentication only. Authentication must be utilized to prevent unauthorized use of premium services and for emergency services in IPCablecom2 that may require pr
5、eferential treatment (e.g., telecommunications for disaster relief and the emergency telecommunications service). User authentication is necessary to determine whether to authorize a request for preferential telecommunication services. This Recommendation covers only authentication and does not addr
6、ess which services the authenticated user is authorized to use. Source Recommendation ITU-T J.262 was approved on 30 October 2009 by ITU-T Study Group 9 (2009-2012) under the WTSA Resolution 1 procedure. ii Rec. ITU-T J.262 (10/2009) FOREWORD The International Telecommunication Union (ITU) is the Un
7、ited Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recomme
8、ndations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The ap
9、proval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administr
10、ation“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g., interoperability or applicability) and complia
11、nce with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is
12、required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Inte
13、llectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation
14、. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2010 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without
15、the prior written permission of ITU. Rec. ITU-T J.262 (10/2009) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 2 4 Abbreviations 2 5 Conventions 2 6 Authentication in IPCablecom2 2 6.1 IPCablecom2 PIN authenticatio
16、n of VoIP UA preferential treatment call to PSTN 3 6.2 IPCablecom2 PIN Authentication of VoIP UA Call to VoIP UA 5 6.3 IPCablecom2 preferential treatment services subscription authentication in VoIP UA to VoIP UA calls Priority signalled by the UA using R-P header in the INVITE message . 7 6.4 IPCab
17、lecom2 preferential treatment services subscription authentication in VoIP UA to VoIP UA Calls Priority signalled by the UA, using an identifier . 9 7 IPCablecom2 preferential telecommunications services authentication requirements . 11 Bibliography. 12 iv Rec. ITU-T J.262 (10/2009) Introduction Eme
18、rgency and disaster communications for authorized users play a vital role in the health, safety, and welfare of people in all countries. The common thread to facilitate emergency/disaster operations is the utility of assured capabilities for user-friendly preferential telecommunication services that
19、 may be realized by technical solutions and/or administrative policy. The IPCablecom infrastructure offers an important resource for assured emergency/disaster telecommunications. Emergency and disaster situations can impact telecommunication infrastructures. Typical impacts may include congestion o
20、verload and the need to re-deploy or extend communications capabilities beyond that covered by existing infrastructures. Even when telecommunication infrastructures are not damaged by these situations, demand for telecommunication resources soar during such events. Therefore, priority mechanisms are
21、 needed so that limited bandwidth resources can be allocated to authorized emergency workers during emergency and disaster situations. Generally, when preferential or prioritized treatment telecommunication capabilities are offered, users of the service will be authenticated and authorized. Whether
22、authentication and authorization are required or not, as well as implementation aspects, such as databases for personal identification numbers (PIN), are national decisions. However, without authentication and authorization, preferential treatment capabilities may be subject to abuse by non-authoriz
23、ed individuals. This Recommendation defines specifications stemming from the requirements of Recommendation ITU-T J.260 for mechanisms to provide authentication in IPCablecom2 networks in support of preferential telecommunication services that need or benefit from preferential treatment. Rec. ITU-T
24、J.262 (10/2009) 1 Recommendation ITU-T J.262 Specifications for authentication in preferential telecommunications over IPCablecom2 networks 1 Scope This Recommendation is one of a series of Recommendations to enable support for preferential telecommunication services over IPCablecom networks. These
25、specifications do not apply to ordinary emergency calls such as people calling the police, the fire department, ambulances, etc. Aspects of preferential telecommunications include provisions for authentication and priority (special handling). The objective of this Recommendation is to provide an ini
26、tial set of authentication specifications for preferential telecommunications within IPCablecom2 networks according to the framework described in ITU-T J.261. This Recommendation defines specifications for capabilities, which, when implemented should help support preferential treatment telecommunica
27、tion services. NOTE Pre-emption specifications and authorization specifications are outside the scope of this Recommendation and are considered to be national matters. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, cons
28、titute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the R
29、ecommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T J.260 Recommendation ITU-T J.260 (20
30、05), Requirements for preferential telecommunications over IPCablecom networks. ITU-T J.261 Recommendation ITU-T J.261 (2009), Framework for implementing preferential telecommunications in IPCablecom and IPCablecom2 networks. ITU-T J.360 Recommendation ITU-T J.360 (2006), IPCablecom2 architecture fr
31、amework. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 assured capabilities ITU-T J.260: Capabilities providing high confidence or certainty that critical telecommunications are available and perform reliably. 3.1.2 authentication ITU
32、-T J.260: The act or method used to verify a claimed identity. 3.1.3 authorization ITU-T J.260: The act of determining if a particular privilege, such as access to telecommunications resources, can be granted to the presenter of a particular credential. 3.1.4 emergency situation ITU-T J.260: A situa
33、tion, of serious nature, that develops suddenly and unexpectedly. Extensive immediate important efforts, facilitated by telecommunications, may be required to restore a state of normality to avoid further risk to people or property. If this situation escalates, it may become a crisis and/or disaster
34、. 2 Rec. ITU-T J.262 (10/2009) 3.1.5 international emergency situation ITU-T J.260: An emergency situation, across international boundaries, that affects more than one country. 3.1.6 label ITU-T J.260: An identifier occurring within or attached to data elements. In the context of preferential teleco
35、mmunications it is an indication of priority. This identifier can be used as a mapping mechanism between different network priority levels. 3.1.7 policy ITU-T J.260: Rules (or methods) for allocating telecommunications network resources among types of traffic that may be differentiated by labels. 3.
36、1.8 preferential ITU-T J.260: A capability offering advantage over regular capabilities. 3.1.9 priority treatment capabilities ITU-T J.260: Capabilities that provide premium access to, and/or use of telecommunications network resources. 3.2 Terms defined in this Recommendation This Recommendation de
37、fines the following term: 3.2.1 factor: A factor, as used in the process of authentication, represents either something known (such as a PIN, password or passphrase), something possessed (such as a card with a magnetic stripe or a security token) or something unique (such as a finger or voice print)
38、 about the individual whose identity is be authenticated. 4 Abbreviations This Recommendation uses the following abbreviations: AS Application Server CM Cable Modem HSS Home Subscriber Server ISTP Internet Signalling Transport Protocol MTA Media Terminal Adapter P-CSCF Proxy Call Session Control Fun
39、ction PIN Personal Identification Number PSTN Public Switched Telephone Network S-CSCF Serving Call Session Control Function SIP Session Initiation Protocol UA User Agent 5 Conventions None. 6 Authentication in IPCablecom2 Authentication in IPCablecom2 networks is impacted by two dimensions: locatio
40、n of originating and terminating devices or VoIP user agent (UA) functionality; and form of identity presented by the preferential telecommunication service requester and manner by which the asserted identity is verified. Authentication entails receiving identification and identity verification/vali
41、dation information necessary, prior to authorizing completion of a preferential priority call or session. This capability Rec. ITU-T J.262 (10/2009) 3 should exist on the access network and it must also be propagated throughout all relevant network entities to provide, as much as possible, end-to-en
42、d preferential treatment. The manner in which end-to-end preferential treatment is provided is outside the scope of this Recommendation. The following four possibilities are to be considered for calls that require preferential treatment: 1) Originate from a UA at a location authorized for preferenti
43、al treatment services and terminate at a UA at any general location. 2) Originate from a UA at a location authorized for preferential treatment services and terminate at a UA at a location that is authorized for preferential treatment services. 3) Originate from a UA at a general location and termin
44、ate at a UA at a location authorized for preferential treatment services. 4) Originate from a UA at a general location and terminate at a UA at any general location. Authentication itself can be subdivided into two (or sometimes three) components: The first is receipt of identification information,
45、which identifies the preferential service requester. The second is receipt of identification verification information that allows the network to verify the accuracy of the requesters claimed identity when placing a preferential service call, so that the information can be propagated to all relevant
46、entities in the network, should the call be authorized. The third component, necessary in some situations, may require validating the identity against a database of authenticated identities. Another factor that can impact authentication is whether preferential treatment for access will be authorized
47、 on a: per call basis, or a subscription basis. Currently, identification and authentication are combined through the use of a personal identification number (PIN) presented by the caller after dialling an access number for enabling preferential treatment. This PIN may be validated against a PIN dat
48、abase to determine authorized services. PIN based authentication actually authenticates the requester, not the device being used when making the request, and thus allows preferential treatment requests to be initiated from any device. Also, this approach allows calls that require preferential treatm
49、ent to be originated from circuit switched telephone devices attached to private PBX systems. The PIN based authentication approach was designed specifically for per call requests. IPCablecom2-enabled infrastructures should accommodate this legacy approach along with providing other forms of identification and authentication for VoIP-based calls using the session initiation protocol (SIP). Appendix III of ITU-T J.360 and b-ITU-T J.366.8 include the three SIP authentication mechanisms specified in b-IETF RFC 3261: usage of HTTP authen