After Authentication, Security and UE Capability requests, the network accepts the Attach request and activates the EPS bearer context. Once that has happened and the UE has also established a PDP context, a typical IMS SIP client registration (Figure 4) begins:

1. The IMS client attempts to register by sending a REGISTER request to the P-CSCF.
2. The P-CSCF forwards the REGISTER request to the I-CSCF.
3. The I-CSCF polls the HSS for data used to decide which S-CSCF should manage the REGISTER request. The I-CSCF then makes that decision.
4. The I-CSCF forwards the REGISTER request to the appropriate S-CSCF.
5. The S-CSCF typically sends the P-CSCF a 401 (UNAUTHORIZED) response as well as a challenge string in the form of a “number used once” or “nonce”.
6. The P-CSCF forwards the 401 – UNAUTHORIZED response to the UE.
7. Both the UE and the network have stored some Shared Secret Data (SSD), the UE in its ISIM or USIM and the network on the HSS. The UE uses an algorithm per RFC 33101 (e.g. AKAv2-MD5) to hash the SSD and the nonce.”
8. The UE sends a REGISTER request to the P-CSCF. This time the request includes the result of the hashed nonce and SSD.
9. The P-CSCF forwards the new REGISTER request to the I-CSCF.
10. The I-CSCF forwards the new REGISTER request to the S-CSCF.
11. The S-CSCF polls the HSS (via the I-CSCF) for the SSD, hashes it against the nonce and determines whether the UE should be allowed to register. Assuming the hashed values match, the S-CSCF sends 200 – OK
    response to the P-CSCF. At this point an IPSec security association is established by the P-CSCF.
12. The P-CSCF forwards the 200 – OK response to the UE.

Each element described therefore has a unique set of roles in this arrangement:
• The UE initiates the registration sequence, attaches to the LTE network and activates the PDP context. It discovers which P-CSCF to use, then makes a deliberately unauthenticated registration attempt. It waits for the expected 401 response, extracts the nonce from the response and hashes it with the SSD before including the result in a second REGISTER request.
• The P-CSCF, typically resident in the visited network, acts as the UE’s gateway into the UE’s home network. It identifies the home IMS network, routes traffic to and from the home IMS network and establishes the IPSec
security association.
• The I-CSCF, typically resident in the home network, acts as the front-end of the home IMS. It interfaces with the P-CSCF in the visited network and selects the S-CSCF (by querying the HSS).
• The S-CSCF, typically resident in the home network, handles the registration request from the I-CSCF, pulls authentication vectors from the HSS and passes them to the P-CSCF (via the I-CSCF), and authenticates the
user in the second registration attempt.

Back to IMS Procedures

Source: IMS Procedures and Protocols: The LTE User Equipment Perspective by Spirent