CN101192920B - A response request method and device - Google Patents

A response request method and device Download PDF

Info

Publication number
CN101192920B
CN101192920B CN200710163103.XA CN200710163103A CN101192920B CN 101192920 B CN101192920 B CN 101192920B CN 200710163103 A CN200710163103 A CN 200710163103A CN 101192920 B CN101192920 B CN 101192920B
Authority
CN
China
Prior art keywords
terminal
request
black
list
csi
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200710163103.XA
Other languages
Chinese (zh)
Other versions
CN101192920A (en
Inventor
杨健
陈国乔
王雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN200710163103.XA priority Critical patent/CN101192920B/en
Publication of CN101192920A publication Critical patent/CN101192920A/en
Application granted granted Critical
Publication of CN101192920B publication Critical patent/CN101192920B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a method for replying a request, which is applicable to a CSI service of an IMS service composition in an IP multimedia subsystem of circuit switching. The method includes the following steps: a black-and-white list of a request message is collocated to record terminals that prohibit or permit the request respectively; when other terminals send the request to a CSI terminal, the CSI terminal, according to the black-and-white list of the request message, identifies a list to which the terminal sending the request belongs; when the terminal which sends the request belongs to a white list, the request of the terminal is accepted; and when the terminal which sends the request belongs to a black list, the request of the terminal is refused. The application of the embodiment of the invention can restrict diversified requests to the CSI terminal from other terminals, avoid frequent malicious requests from a terminal, ensure establishment of regular calls and improve system performance thereby. The embodiment of the invention also discloses a device for replying the request in the CSI service, including a receiving module, a black-and-white list collocation module and a decision module.

Description

A kind of method and apparatus of acknowledges requests
Technical field
The present invention relates to the safe practice in SIP system, particularly the method and apparatus of one acknowledges requests in circuit switching IP Multimedia System (IMS) composite services (CSI) business.
Background technology
Along with the development of mobile communication technology, the more and more new communication technology is applied in the middle of mobile communication.The communication speed of mobile communication is faster, and the type of communication service is more, and also Vietnamese side is just in the communication brought.Along with increasing of business and continuing to bring out of new business, how to facilitate, commence business fast and become the emphasis of people's concern, for this reason, propose the concept of IMS.IMS is the center that 3G core network provides end-to-end multimedia service and Cluster Multimedia business, in 3GPP R6 version, IMS has been defined as the multimedia service core net supporting all IP Access Networks, any one can be supported to move or fixing, wired or wireless IP access network (IP-CAN).IMS becomes a general business platform just gradually, can realize carrying out fast and customizing of business by IMS, for operator brings huge benefit.
Based on IMS technology, operator can carry out numerous business, such as streaming media service, visual telephone service, CSI service etc.Wherein so-called CSI service, its full name is Combined CircuitSwitched (CS) and IP Multimedia Subsystem (IMS) sessions, may also be referred to as CSICS.Its business simply can be expressed as the concurrent of CS session and IMS session, can be that user sets up an IMS session end to end when carrying out CS call; Also can be that user sets up a CS session when IMS session.
CSI, based on the standard agreement of 3GPP and IETF, realizes concurrent IMS session in CS conversation procedure between the equipment of point-to-point, and concurrent CS session in IMS conversation procedure.Concurrent by CS and IMS session, can realize carrying out sharing of content by IMS in CS Phone process, comprise video clipping, music, picture, word and file etc.Therefore, CSI is otherwise known as the technology of Share.
In order to realize CSI service, terminal must support CS to connect simultaneously and IMS connects.IMS connects can access IMS core net in several ways, can be the wireless networks such as WCDMA, CDMA2000, WLAN, EDGE, also can be connected by cable networks such as XDSL.Wherein CS network mainly provides high-quality, real-time voice communication; IMS network mainly provides the addressing end to end of user, the negotiation of terminal capability and the controlling functions of business.
The realization of CSI service mainly contains two kinds of modes, i.e. the mode of E2E and E2G.Present stage, the mode of what main instrument factory commercial city adopted is E2E.Fig. 1 is the network structure of E2E mode.In this approach, main function, characteristic and operation focus on terminal and have come, and IMS network only provides the mechanism of a Message routing and forwarding, and accessory terminal completes this business.This mode needs stronger terminal capability, and meanwhile, because main function has end side to complete, therefore, for whole IMS, do not need to do too large change, substantially existing network just can provide this business.
Except above-mentioned E2E mode, in the industry cycle also consider the mode adopting a kind of E2G.Fig. 2 is the network structure of E2G mode.In this approach, control is transferred to system side from terminal.The control of this mode strengthens the ability of centralized management, is convenient to carrying out of business, and reduces the burden of terminal.But meanwhile, this mode needs terminal to carry out support can provide business; Meanwhile, this mode needs to transform existing network, realizes the comparatively front a kind of mode of difficulty and wants large.
The main implementation of current industry is the function providing content to share based on the mode of E2E.Terminal utilizes existing CS network and IMS core net, and just can be implemented in such as video clipping, net cast content, audio frequency, picture in the process of voice call, file etc. are shared.Before CSI session establishment, between CSI terminal, need handling capacity negotiation phase to realize the interaction of ability information between terminal.At present, the mutual of CSI terminal capability is realized by mutual inquiry terminal ability, and the method flow that two terminals are inquired about mutually is identical.Just inquire about the ability of CSI terminal B below for CSI terminal A, the method flow inquiring about CSI terminal capability in current CSI service is described.
Fig. 1 gives the CSI terminal A flow process of inquiring about CSI terminal B ability.Carry out UE ability and have several reason alternately: CSI terminal A does not know the ability of CSI terminal B; The ability of CSI terminal A itself there occurs change; When CSI terminal B request CSI terminal A ability, CSI terminal A finds that the ability version of CSI terminal B there occurs change.
Particularly, if first time calling is the IMS calling procedure of standard, and in call signaling, do not carry the ability interaction fields of the CSI of expansion, the ability information of not carrying out CSI terminal in calling procedure is mutual, and so CSI terminal can use the option of initial session protocol (SIP) (OPTIONS) order to obtain the ability information of CSI terminal.Terminal complete ability mutual after, available type of service is fed back to user according to the opposite end professional ability information obtained by terminal.
In CSI service process, no matter the calling first initiated is IMS calling or CS calling, user can use OPTIONS method to obtain the ability information of CSI terminal in communication process, and this scene for terminal flip-flop ability in communication process is very important.
As shown in Figure 3, the method for inquiry terminal ability comprises:
Step 301, CSI terminal A is to CSI terminal B requesting query ability.
In this step, SIP OPTIONS message is utilized to send inquiry request.The URI of CSI terminal B is had inside this OPTIONS message, and URI or MSISDN of CSI terminal A.Table 1 is the object lesson of the OPTIONS message of transmission.
OPTIONS request (terminal 1 is to terminal 2)
OPTIONS tel:+12125552222 SIP/2.0Via:SIP/2.0/UDP[5555::aaa:bbb:ccc:ddd]:1357;comp=sigcomp;branch=z9hG4bKnashds7Max-Forwards: 70Route:<sip:pcscf1.visited1.net:7531;lr;comp=sigcomp>,<sip:orig@scscf1.home1.net;lr>P-Preferred-Identity:<tel:+1-212-555-1111>P-Access-Network-Info:3GPP-UTRAN-TDD;utran-cell-id-3gpp=234151D0FCE11Privacy:noneFrom:<sip:user1_publicl@home1.net>;ag=171828To:<tel:+12125552222>Call-ID:cb03a0s09a2sdfglkj490333Cseq:127 OPTIONSRequire:sec-agreeProxy-Require:sec-agreeSecurity-Verify:ipsec-3gpp;q=0.1;alg=hmac-sha-1-96;spi-c=98765432;spi-s=87654321; port-c=8642;port-s=7531Contact:<sip:[5555::aaa:bbb:ccc:ddd]:1357;comp=sigcomp>Accept-Contact:*,+g.3gpp.cs-voice,+g.3gpp.cs-video;explicitAllow:INVITE,ACK,CANCEL,BYE,PRACK,UPDATE,REFER,MESSAGE,OPTIONSAccept:application/sdpUser-Aqent:PMI-0007Content-Length:0
Table 1
Step 302, IMS core net A is sent to IMS core net B SIP OPTIONS message.
Step 303, IMS core net B carries out Route Selection to SIP OPTIONS message.
Step 304, IMS core net B sends to CSI terminal B SIP OPTIONS message.
Step 305, CSI terminal B stores the address of CSI terminal A.
Step 306-308, CSI terminal B sends 200 OK message by IMS core net A and IMS core net B to CSI terminal A, and carries the ability description of CSI terminal B within the message.
In this step, the response message that CSI terminal B returns to CSI terminal A is as shown in table 2:
200 (OK) response (terminal 2 is to terminal 1)
SIP/2.0 200 OKVia:SIP/2.0/UDp pcscf2.visited2.net:5088;comp=sigcomp;branch=z9hG4bK361k21.1,SIP/2.0/UDP scscf2.home2.net;branch=z9hG4bK764z87.1,SIP/2.0/UDP icscf2_s.home2.net;branch=z9hG4bK871y12.1,SIP/2.0/UDP scscf1.home1.net;branch=z9hG4bK332b23.1,SIP/2.0/UDP pcscf1.visited1.net;branch=z9hG4bK240f34.1,SIP/2.0/UDP [5555::aaa:bbb:ccc:ddd]:1357;comp=sigcomp;branch=z9hG4bKnashds7Record-Route:<sip:pcscf2.visited2.net:5088;lr;comp=sigcomp>>,<sip:scscf2.home2.net;lr>, <sip:scscf1.home1.net;lr>,<sip:pcscf1.visited1.net;lr>Privacy:noneP-Access-Network-Info:3GPP-UTRAN-TDD;utran-cell-id-3gpp=123451D0FCE11From:<sip:user1_publicl@home1.net>;tag=171828To:<sip:user2_publicl@home2.net>;tag=314159Call-ID:cb03a0s09a2sdfglkj 490333Cseq:127 OPTIONSContact:<sip:user2_publicl@home2.net>;+g.3gpp.cs-voice,<tel:+12125552222>Allow:INVITE,ACK,CANCEL,BYE,PRACK,UPDATE,REFER,MESSAGE,OPTIONSServer:PMI-0EA2Content-Type:application/sdpContent-Length:(…)v=0o=-2987933615 2987933617 IN IP6 5555::eee:fff:aaa:bbbs=-c=IN IP6 5555::eee:fff:aaa:bbbt=0 0m=message 0 TCP/MSRP *a=accept-types:text/plain text/html message/cpim image/jpeg image/gif video/3gppa=max-size:65536m=video 0 RTP/AVP 96a=rtpmap:96 H2 63-2000/90000m=audio 0 RTP/AVP 97a=rtpmap:97 AMR/8000
Table 2
Step 309, CSI terminal A preserves the ability description of CSI terminal B.
After carrying out the capability query of CSI terminal room according to the method described above, namely can set up CSI calling.
In above-mentioned steps 306-308, CSI terminal B has fed back oneself three kinds of media processing capacity, comprises MSRP, H.263 video capability and AMR audio capability, and set forth in detail the detail parameter of often kind of media processing capacity.In fact, CSI terminal B feeds back these information needs to expend a lot of terminal system resources.
Summary of the invention
In the CSI terminal capability querying method shown in Fig. 3, if there is a malicious peer frequently initiate OPTIONS order, repeatedly require CSI terminal B transmitting capacity information, CSI terminal B needs to take a large amount of system resource owing to returning media capability information at every turn, probably cause whole system to respond user instruction slow, or the normal call request of other-end cannot be responded.If the even software systems of terminal existing defects in design, lack system redundancy protection, collapse in the process that whole operating system may be inquired about in frequent responding ability.
In addition, CSI terminal has media ability, for some application, after terminal receives OPTIONS message at every turn, feeds back all media capability and there is no need, and can bring potential safety hazard.If particularly there is a malicious peer, utilize the defect of some media communication capability to terminal offensive attack, consequence can be very serious.
In sum, the method for inquiry terminal ability in current CSI service, when running into malicious attack, greatly can reduce systematic function, affecting the foundation of normal call.Meanwhile, for the request message of other such as connection establishment in CSI service, there are the security breaches utilized by malicious peer too, process request message too continually, CSI terminal congestion can be caused, even cause system crash.
In view of this, the embodiment of the present invention provides a kind of method of acknowledges requests, can prevent from utilizing the request in CSI service to carry out malicious attack to CSI terminal, improves systematic function.
The embodiment of the present invention also provides a kind of equipment of acknowledges requests, and this terminal can prevent from utilizing the request in CSI service to carry out malicious attack to CSI terminal, improves systematic function.
The embodiment of the present invention adopts following technical scheme:
A method for acknowledges requests, be applicable to circuit switching IP Multimedia System IMS composite services CSI service, the method comprises:
Configuration request message black and white lists, the terminal of difference recording prohibition and permission described request in described request message black and white lists;
When other terminal sends request to CSI terminal, with reference to described request message black and white lists, judge the list belonging to terminal sent request, when the described terminal sent request belongs to white list, then accept the request of this terminal; When the described terminal sent request belongs to blacklist, then refuse the request of this terminal.
An equipment for acknowledges requests, this equipment comprises: receiver module, black and white lists configuration module and judging module, wherein,
Described receiver module, for receiving the request that other terminal sends, and gives described judging module by this request forward;
Described black and white lists configuration module, generates for accepting configuration and preserves request message black and white lists;
Described judging module, for receiving the request that described receiver module forwards, and with reference to the request message black and white lists preserved in described black and white lists configuration module, the terminal sent request is judged, when the described terminal sent request belongs to request message white list, then accept the request of this terminal, when the described terminal sent request belongs to request message blacklist, then refuse the request of this terminal.
As seen from the above technical solution, in the embodiment of the present invention, configuration request message black and white lists, controls the request of other terminal to CSI terminal.When other terminal sends request to this CSI terminal, first according to the request message black and white lists of configuration, judge the list belonging to terminal sent request, and then judge whether the request accepting the terminal that this sends request.The application embodiment of the present invention, just can limit the various requests of other terminal to CSI terminal, avoids the frequent requests of malicious peer, ensures the foundation of normal call, improves systematic function.
Accompanying drawing explanation
Fig. 1 is the network structure of E2E mode.
Fig. 2 is the network structure of E2G mode.
Fig. 3 is the method flow diagram of current inquiry terminal ability.
Fig. 4 is the method overview flow chart of embodiment of the present invention acknowledges requests in CSI service.
Fig. 5 is the method main flow figure of acknowledges requests in CSI service in the embodiment of the present invention one.
Fig. 6 is the primary structure figure of acknowledges requests equipment in CSI service in the embodiment of the present invention one.
Fig. 7 is the method main flow figure of acknowledges requests in CSI service in the embodiment of the present invention two.
Fig. 8 is the primary structure figure of acknowledges requests equipment in CSI service in the embodiment of the present invention two.
Fig. 9 is the method main flow figure inquiring about CSI terminal capability in the embodiment of the present invention three.
Figure 10 is the main body structure figure of the terminal device of CSI service in the embodiment of the present invention three.
Figure 11 utilizes the mode of terminal active detecting to configure or the main flow figure of modify request messages black and white lists.
Detailed description of the invention
For making the object of the embodiment of the present invention, technological means and advantage clearly understand, below in conjunction with accompanying drawing, the embodiment of the present invention is described in further details.
The basic thought of the embodiment of the present invention is: at CSI terminal configuration request message black and white lists, control the request of other terminal to this CSI terminal.When other terminal sends a request message to this CSI terminal, this CSI terminal, first according to the request message black and white lists of configuration, judges the list belonging to terminal sent request, and then judges whether the request accepting the terminal that this sends request.
Fig. 4 is the overview flow chart of acknowledges requests in CSI service of the embodiment of the present invention.As shown in Figure 4, the method comprises:
Step 401, configuration request message black and white lists.
Step 402, other terminal sends a request message to CSI terminal.
Step 403, with reference to the request message black and white lists of configuration, judges list belonging to the terminal sent request, if terminal A belongs to request message white list, then performs step 404, if terminal A belongs to request message blacklist, then performs step 405.
Step 404, accepts the request of the terminal sent request, and terminates this querying flow.
Step 405, refuses the request of the terminal sent request, and terminates this querying flow.
The terminal of recording prohibition and permission request respectively in the request message black and white lists configured in the embodiment of the present invention, contrasts this black and white lists, determines whether the terminal sent request has request permissions.In addition, when the terminal sent request is arranged in white list, after namely there is request permissions, can also require that it carries out authentication further, thus the security of further guarantee system; Or, when the request sent is capability query request, also can the capability class inquired about be limited, to save system consumption, to meet consumers' demand.
Below for three embodiments, the detailed description of the invention of acknowledges requests method, the acknowledges requests method of band authentication and the capability query method of increase capability query restriction that basic black and white lists judges is described respectively.In three embodiments, all to carry out the embodiment that capability query request illustrates concrete acknowledges requests.
Embodiment one:
In the present embodiment, basic black and white lists is adopted to judge whether to allow the request of other terminal, and, in black and white lists, adopt the address of terminal to represent certain terminal.
Fig. 5 is the method main flow figure of acknowledges requests in CSI service in the embodiment of the present invention one.As shown in Figure 5, the method comprises:
Step 501, configuration request message black and white lists in CSI terminal.
In this step, the mode of user's active arrangement can be adopted to carry out the configuration of request message black and white lists.In the present embodiment, adopt the address information of terminal to represent certain terminal, as utilized sip address GC group connector, that is, terminal list is actually the address list of terminal.
By the way to after CSI terminal configuration request message black and white lists, if there is terminal A, when requesting query is configured with the ability of CSI terminal of request message black and white lists, then perform following operation:
Step 502, terminal A is to CSI terminal transmitting capacity inquiry request.
In the present embodiment, SIP OPTIONS order is adopted to carry out capability query.
Step 503, the capability query request that CSI terminal receiving terminal A sends, and the list belonging to terminal A is judged, if terminal A belongs to request message white list, then perform step 504, if terminal A belongs to request message blacklist, then perform step 505.
In this step, judge that the mode of list belonging to terminal A is, the address information of terminal A is extracted from the OPTIONS message that CSI terminal receives, as sip address, compare the address information in the black and white lists preserved in this address information and CSI terminal, determine which list is the address information of terminal A be stored in, then namely this terminal belongs to this list.
Step 504, returns the ability information of CSI terminal, and terminates this querying flow to terminal A.
Step 505, returns exclude information, and notification terminal A forbids the ability information of its inquiry CSI terminal, and terminates this querying flow.
The above-mentioned method idiographic flow being responsibility inquiry request in the present embodiment.Additionally provide the detailed description of the invention of the terminal device in CSI service in the present embodiment, may be used for implementing said method flow process.Fig. 6 is the primary structure figure of acknowledges requests equipment in CSI service in the embodiment of the present invention one.As shown in Figure 6, this equipment 600 comprises: receiver module 601, black and white lists configuration module 602 and judging module 603.
In this equipment 600, receiver module 601, for receiving the request that other terminal sends, and by this request forward to judging module 602.
Black and white lists configuration module 602, generates for accepting configuration and preserves request message black and white lists.
Judging module 603, for receiving the request that receiver module 601 forwards, and with reference to the request message black and white lists preserved in black and white lists configuration module 602, the terminal sent request is judged, when the terminal sent request belongs to request message white list, then accept the request of this terminal, when the terminal sent request belongs to request message blacklist, then refuse the request of this terminal.
From above-mentioned, in the present embodiment in advance in CSI terminal after configuration request message black and white lists, the restriction of request message black and white lists will be subject to the inquiry of ability information in this CSI terminal, if the terminal of requesting query belongs to request message blacklist, would not to its resettability information, after malicious peer being included into request message blacklist, just can avoid the attack of malicious peer.
In the present embodiment, the configuration of request message blacklist is initiatively completed by user.In fact, terminal can also be adopted automatically to detect OPTIONS attack and the mode of real-time update.Such as, define an attack, and corresponding threshold value, after terminal receives OPTIONS request, just this OPTIONS order is once calculated, if when the frequency of request has exceeded some threshold values, terminal thinks that this is a kind of malicious attack.The terminal initiating malicious attack is introduced directly into the terminal list of forbidding carrying out capability query, or, after confirming through user, add the terminal list forbidding inquiring about.The mode adding terminal class can be, is forbidding increasing an illegal terminal address in the terminal list inquired about.CSI terminal afterwards can according to the terminal list after renewal, the OPTIONS request that shielding attacker sends.
Embodiment two:
For increasing the flexibility of system, terminal can allow to arrange secure option during the terminal list carrying out inquiring about in configuration, for the capability requests information from some terminal, requires to carry out authentication operations.The present embodiment, namely on the basis of embodiment one, is described in detail to the method for the inquiry terminal ability adding authentication operations, and concrete authentication operations is code authentication.
Fig. 5 is the method main flow figure of acknowledges requests in CSI service in the embodiment of the present invention two.As shown in Figure 5, the method comprises:
Step 501, configuration request message black and white lists in CSI terminal.
In this step, because CSI calling is based upon in IMS call basis, therefore the mode of allocative abilities black and white lists can be: synchronous with the calling black and white lists of IMS.Particularly, when initial configuration, can using the calling blacklist of IMS as request message blacklist, using the calling white list of IMS as request message white list.Further, according to user's needs, the mode of user's active arrangement can be adopted, the content of request message black and white lists revised accordingly.When the calling black and white lists of IMS changes, also request message black and white lists is modified simultaneously.As, when user adds or deletes an illegal terminal in the blacklist that IMS calls out, automatically add in request message blacklist or delete this illegal terminal; When user adds or deletes a legal terminal in the white list that IMS calls out, automatically add in request message white list or delete this legal terminal.
In the present embodiment, in white list except comprising the terminal list that allows to carry out capability query, can further include authentication list item, because authentication operations adopts the mode of code authentication, therefore this authentication list item comprises: terminal corresponding to this list item is the need of carrying out password authentification, and authentication password.
Assuming that there is terminal A, when requesting query is configured with the ability of CSI terminal of request message black and white lists, perform following operation:
Step 702, terminal A is to CSI terminal transmitting capacity inquiry request.
Step 703, the capability query request that CSI terminal receiving terminal A sends, and the list belonging to terminal A is judged, if terminal A belongs to request message white list, then perform step 704 and subsequent step thereof, if terminal A belongs to request message blacklist, then perform step 709.
In this step, judge that the mode of list belonging to terminal A is identical with embodiment one, just repeat no more here.
Step 704, the authentication list item that CSI terminal is corresponding according to terminal A, judges that terminal A is the need of carrying out password authentification, if so, then performs step 705 and subsequent step thereof, otherwise performs step 708.
Whether step 705, comprise authentication password in the capability query request that CSI terminal judges receives, and if so, then performs step 707 and subsequent step thereof, otherwise perform step 706 and subsequent step thereof.
Step 706, CSI terminal sends the message requiring authentication to terminal A, after terminal A receives this message, namely resend the capability query request of carrying authentication password.
Step 707, CSI terminal is according to the authentication password in authentication list item, and whether the authentication password of carrying in judgement inquiry request is legal, if so, then performs step 708, otherwise performs step 709.
Step 708, returns the ability information of CSI terminal, and terminates this querying flow to terminal A.
Step 709, abandons capability query request, does not feed back any information, and terminate this querying flow to terminal A.
The above-mentioned method idiographic flow being responsibility inquiry request in the present embodiment.Additionally provide the detailed description of the invention of the terminal device in CSI service in the present embodiment, may be used for implementing said method flow process.Fig. 8 is the primary structure figure of acknowledges requests equipment in the CSI service of the embodiment of the present invention two.As shown in Figure 8, this equipment 800 comprises: receiver module 801, black and white lists configuration module 802 and judging module 803.
In this equipment 800, receiver module 801, for receiving the request that other terminal sends, and by this request forward to judging module 802.
Black and white lists configuration module 802, generates for accepting configuration and preserves request message black and white lists, and comprising authentication list item further at the request message white list preserved.
Judging module 803, for receiving the request that receiver module 801 forwards, and with reference to the request message black and white lists preserved in black and white lists configuration module 802, the terminal sent request is judged, when the terminal sent request belongs to request message white list, from black and white lists configuration module 802, inquire about the terminal that sends request further the need of carrying out authentication, and carry out authentication, when the terminal sent request belongs to request message blacklist, then refuse the request of this terminal.
In the present embodiment, the method for inquiry terminal ability is substantially identical with embodiment one.Difference is: one, when allocative abilities inquiry white list, comprise the setting of secure option further.Be specially: in request message white list, increase an authentication list item, show that corresponding terminal is the need of authentication password when carrying out authentication operations and carry out authentication operations; Two, when judging whether feedback CSI terminal ability information, the present embodiment comprises the step 704-707 shown in Fig. 7 further, judges that the terminal A of transmitting capacity inquiry request is the need of carrying out authentication, and describes the overall process of carrying out authentication in detail.
In fact, the mode that private cipher key also can be adopted to sign when carrying out authentication operations.In this manner, the authentication information preserved in authentication list item is the result of private cipher key signature.After callee requires the message of authentication to caller transmission, the result that caller is signed by private cipher key turns back to callee, callee is compared by the content of preserving in the result of the private cipher key that receives signature and authentication list item, realizes user identity identification.
In the present embodiment, the mode of configuration request message black and white lists is synchronous with the black and white lists that IMS calls out, in this approach, specifically according to the black and white lists configuration request message black and white lists of IMS calling.In fact, another kind of mode can be: adopt the mode of user's active arrangement to make free burial ground for the destitute configure dedicated black and white lists by oneself, and the request message black and white lists for carrying out black and white lists judgement specifically includes the black and white lists of user configured special black and white lists and IMS calling.Like this, because capability query list itself includes the black and white lists of IMS calling, therefore also just naturally the object synchronous with the black and white lists that IMS calls out is achieved.
By the increase of authentication list item in the present embodiment, make the CSI terminal being configured with request message black and white lists can set the safe class that some sends request terminal, require that it carries out authentication, further increase the security of CSI terminal.
Embodiment three:
Need according to user and save unnecessary system consumption, can specify not need the terminal capability fed back to describe type in black and white lists, terminal determine can feedback terminal ability description time, only need the ability description that feedback terminal needs feed back, thus meet consumers' demand, and save system consumption.The present embodiment, namely on the basis of embodiment one, is described in detail to this kind of embodiment.
Fig. 9 is the method main flow figure inquiring about CSI terminal capability in the embodiment of the present invention three.As shown in Figure 9, the method comprises:
Step 901, configuration request message black and white lists in CSI terminal.
In this step, the mode of configuration request message black and white lists can be: terminal automatically detects OPTIONS and attacks, and is finding and after user confirms, is adding black and white lists.Particularly, define an attack, and corresponding threshold value, after terminal receives OPTIONS request, just this OPTIONS order is once calculated, if when the frequency of request has exceeded some threshold values, terminal thinks that this is a kind of malicious attack.Terminal is reported to user interface subsequently, after customer acceptance, black and white lists increases an illegal sip address, and terminal afterwards can according to black and white lists, the OPTIONS request that shielding attacker sends.Such as, user is arranged: if carry out the connection of 10 times in 10 seconds to CSI terminal, so can think that it is the assailant of malice, can automatically join in the middle of blacklist.
In the present embodiment, in white list except comprising the terminal list that allows to carry out capability query, can further include capability query restriction list item, in this list item, record the capability class not allowing to inquire about.
Assuming that there is terminal A, when requesting query is configured with the ability of CSI terminal of terminal list, perform following operation:
Step 902, terminal A is to CSI terminal transmitting capacity inquiry request.
Step 903, the capability query request that CSI terminal receiving terminal A sends, and the list belonging to terminal A is judged, if terminal A belongs to the list allowing to carry out capability query, then perform step 904 and subsequent step thereof, if terminal A belongs to the list forbidding carrying out capability query, then perform step 905.
In this step, judge that the mode of list belonging to terminal A is identical with embodiment one, just repeat no more here.
Step 904, the capability query restriction list item that CSI terminal is corresponding according to terminal A, the list of extractability inquiry response, and the terminal sent request described in the ability information in this list is fed back to, and terminate this querying flow.
In this step, CSI terminal finds terminal A in white list, and determines the specific requirement of the capability query restriction that this terminal is corresponding, as video calling is carried out in restriction, then when the list of extractability inquiry response, no longer extracts the ability information relevant to video calling.
Step 905, abandons capability query request, does not feed back any information, and terminate this querying flow to terminal A.
In the present embodiment, the difference of method compared with embodiment one of inquiry terminal ability is, when in step 501, configuration allows the terminal list carrying out capability query, or carry out in process, in white list in business, for different terminals, regulation does not wish that the terminal capability fed back describes type.So CSI terminal just according to the different terminals of transmitting capacity inquiry request, can feed back different ability description types.
Give an example, if user for some reason, do not wish with the MSRP session of terminal A in share multimedia messages, as Jpg picture, or the video of 3gpp form, so terminal use can be arranged in white list, in the capability query corresponding with terminal A restriction list item, insert Jpg picture, or the video of 3gpp form.After CSI terminal completes setting, if this CSI terminal receives the OPTIONS request that terminal A sends again, the ability information of this respect would not be returned.
Certainly, when arranging the ability of restriction inquiry, also can together limit this capability query of all terminals.
The above-mentioned method idiographic flow being responsibility inquiry request in the present embodiment.Additionally provide the detailed description of the invention of the terminal device in CSI service in the present embodiment, may be used for implementing said method flow process.Figure 10 is the primary structure figure of acknowledges requests equipment in the CSI service of the embodiment of the present invention three.As shown in Figure 10, this equipment 1000 comprises: receiver module 1001, black and white lists configuration module 1002 and judging module 1003, and wherein, judging module 1003 comprises capabilities list memory cell 1003a.
In this equipment 1000, receiver module 1001, for receiving the request that other terminal sends, and by this request forward to judging module 1002.
Black and white lists configuration module 1002, generates for accepting configuration and preserves request message black and white lists, and comprises capability query restriction list item further at the request message white list preserved.
Judging module 1003, for receiving the request that receiver module 1001 forwards, and with reference to the request message black and white lists preserved in black and white lists configuration module 1002, the terminal sent request is judged, when the terminal sent request belongs to request message white list, the capability query limiting content that the terminal that sends request is corresponding is inquired about further from black and white lists configuration module 1002, and according to this content, the ability information that will feed back is extracted from capabilities list memory cell 1003a, when the terminal sent request belongs to request message blacklist, then refuse the request of this terminal.
Capabilities list memory cell 1003a, for preserving the capabilities list of this terminal device.
In the present embodiment during configuration request message black and white lists, on the request message black and white lists basis that embodiment one configures, in white list, add the list item of capability query restriction further; In embodiment two during configuration request message black and white lists, on the request message black and white lists basis that embodiment one configures, in white list, add authentication list item further.
Certainly, on the request message black and white lists basis that also can configure in embodiment one, in white list, add authentication list item and capability query restriction list item further simultaneously.Whether CSI terminal is when feeding back the judgement of self-ability information, first black and white lists judgement is carried out, if belong to white list, then judge whether to need authentication according to authentication list item further, then after the terminal of request passes through authentication, according to capability query restriction list item, feed back the ability information of CSI terminal selectively.
By the increase of aforementioned capabilities inquiry restriction list item, make the ability information list that the CSI terminal being configured with request message black and white lists can control to terminal feedback, CSI terminal is not wished to the business of carrying out, can not identify in the ability information of feedback, like this, the terminal receiving feedback capability information can not recognize the ability in this respect of CSI terminal.Further increase the flexibility of CSI terminal.
In embodiment three, when configuration request message black and white lists, employing be terminal automatically detect OPTIONS attack in conjunction with user confirm mode.Particularly, preset attack, after terminal detects this attack automatically, according to the strategy of setting, configuration and modify request messages black and white lists.
Wherein, the attack of setting can be: the frequency sent request exceedes default thresholding; And/or, need the number of times of the terminal authentication failure of authentication to exceed default thresholding.The strategy of setting can be: when CSI terminal detects attack, the terminal initiating this attack is piped off; Or, when CSI terminal detects attack, this attack is reported, on obtaining confirmation from the user, the terminal initiating this attack is piped off.
Give a concrete illustration below the above-mentioned configuration to request message black and white lists and amendment are described.In this example, assuming that the attack of setting is: send the frequency of OPTIONS request more than 10 time/second; The strategy of setting is: when CSI terminal detects attack, this attack reported, and on obtaining confirmation from the user, the terminal initiating this attack is piped off.As shown in figure 11, specifically comprise:
Step 1101, CSI terminal idle, prepares to receive request.
Step 1102, CSI terminal receives the OPTIONS order that terminal A sends.
Step 1103, adds up the OPTIONS number of requests receiving terminal A in 1s.
Step 1104, whether the quantity obtained in determining step 1103, more than 10, if so, then performs step 1105, otherwise returns step 1101.
Step 1105, by CSI terminal interface to user's alarm, by this attack report of user.
Step 1106, user's input selection.
In this example, this is chosen as the message blacklist that whether joined request by terminal A.
Step 1107, judges the input in a step 1106 that user confirms, if confirm terminal A to join request message blacklist, then performs step 1108, otherwise performs step 1109.
Step 1108, message that terminal A is joined request blacklist, and process ends.
Step 1109, returns 0 by the OPTIONS number of requests of terminal A statistics, and process ends.
Through said process, just can be configured request message black and white lists or revise.Certainly can set other attack and corresponding strategy, after applying this attack and strategy, the mode of concrete configuration or modify request messages black and white lists is identical with upper example, just repeats no more here.
More than be the method for acknowledges requests and the detailed description of the invention of terminal device in the CSI service of the embodiment of the present invention.In an embodiment of the present invention, all that the CSI terminal transmission OPTIONS order being configured with request message black and white lists to certain for other terminal is carried out as capability query request, certainly, for sending other request to CSI terminal, the mode process in the embodiment of the present invention can also be adopted.As connection establishment request, this request can be sent by SIP INVITE order, setting up the mode of black and white lists and judgement for this request, whether to accept the mode of this request all identical with above-described embodiment, the black and white lists particular content just set up may difference to some extent, accept with refusal request after the operation carried out different.And be directed to different requests, the particular content of black and white lists and in the operation accepted and should carry out when refusing this request, be the content that those skilled in the art can grasp, just repeat no more here.
In addition, above-described embodiment, all to configure black and white lists in CSI terminal, illustrates the concrete enforcement of acknowledges requests in CSI service.Certainly, in E2G network structure, also can realize the method and apparatus of the embodiment of the present invention at server, specifically comprise the configuration of black and white lists and whether accept the judgement of user's request; Or also can coordinate aforesaid operations by server and CSI terminal.The method of concrete configuration black and white lists and utilize this black and white lists to judge whether to accept the mode of user's request, identical with above-mentioned embodiment, just repeat no more here.
These are only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. a method for acknowledges requests, be applicable to circuit switching IP Multimedia System IMS composite services CSI service, the method comprises:
At CSI terminal configuration request message black and white lists, the terminal of difference recording prohibition and permission described request in described request message black and white lists, described request message is CSI terminal capability query messages or session establishment request message, described capability query message is the option OPTIONS order of initial session protocol SIP, and described session establishment request message is the invitation INVITE order of SIP;
When other terminal sends request to CSI terminal, with reference to described request message black and white lists, list belonging to the terminal that judgement sends request, when the described terminal sent request belongs to white list, then accepts the request of this terminal; When the described terminal sent request belongs to blacklist, then refuse the request of this terminal;
This terminal request of described refusal is, not to the ability information of terminal described in this terminal feedback;
Capability query restriction list item is comprised further at described request message white list, the capability class of recording prohibition inquiry in this list item, described in the described terminal feedback to sending request, the ability information of terminal is further: the capability query restriction list item corresponding according to the described terminal sent request, the list of extractability inquiry response, and the terminal sent request described in the ability information in this list is fed back to.
2. method according to claim 1, is characterized in that, comprises authentication list item further at described request message white list, and this authentication list item comprises: terminal corresponding to this list item is the need of authentication information required when carrying out information and the authentication of authentication.
3. method according to claim 2, is characterized in that, after the terminal sent request described in judging belongs to request message white list, and before accepting the request of this terminal, comprises further:
The authentication list item that the terminal sent request described in a1, basis is corresponding, the terminal sent request described in judgement, the need of carrying out authentication, if so, then performs step a2-a4, otherwise continues to perform the described operation accepting this terminal request, and process ends;
Whether comprise authentication information in the request that a2, judgement receive, if so, then perform step a4, otherwise send to the described terminal sent request the message requiring authentication, and perform step a3;
A3, described in after the terminal that sends request receives the message requiring authentication, resend the request of carrying authentication information;
A4, according to the authentication information in described authentication list item, in judging to ask, whether the authentication information that carries is legal, and if so, then authentication success, continues to perform the described operation accepting this terminal request, otherwise failed authentication, refuse the request of this terminal.
4. method according to claim 1, is characterized in that, the method comprises further modifies to described request message black and white lists.
5. method according to claim 4, is characterized in that, described configuration or modify request messages black and white lists are:
User's configuration or modify request messages black and white lists;
Or, the black and white lists configuration utilizing IP Multimedia System IMS to call out or modify request messages black and white lists;
Or, after default attack being detected, according to the strategy of setting, configuration or modify request messages black and white lists.
6. method according to claim 5, is characterized in that, the black and white lists amendment utilizing IMS to call out allows and forbids that the terminal list carrying out capability query is:
When adding on the blacklist of IMS calling or delete a disabled user, add in described request message blacklist or delete this disabled user; When adding on the white list of IMS calling or delete a validated user, add in described request message white list or delete this validated user.
7. method according to claim 5, is characterized in that, black and white lists configuration or the modify request messages black and white lists of the described IMS of utilization calling are:
Described request message white list comprises IMS further and calls out the terminal enumerated in white list, and described request message blacklist comprises IMS further and calls out the terminal enumerated in blacklist.
8. method according to claim 5, is characterized in that, described attack is: the frequency sent request exceedes default thresholding; And/or, need the number of times of the terminal authentication failure of authentication to exceed default thresholding.
9. method according to claim 5, is characterized in that, described strategy is: when terminal detects attack, the terminal initiating this attack is piped off; Or, when terminal detects attack, this attack is reported, on obtaining confirmation from the user, the terminal initiating this attack is piped off.
10. a CSI terminal, is characterized in that, this CSI terminal comprises: receiver module, black and white lists configuration module and judging module, wherein,
Described receiver module, for receiving the request that other terminal sends, and gives described judging module by this request forward;
Described black and white lists configuration module, generate for accepting configuration and preserve request message black and white lists, described request message is CSI terminal capability query messages or session establishment request message;
Described judging module, for receiving the request that described receiver module forwards, and with reference to the request message black and white lists preserved in described black and white lists configuration module, the terminal sent request is judged, when the described terminal sent request belongs to request message white list, then accept the request of this terminal, when the described terminal sent request belongs to request message blacklist, then refuse the request of this terminal;
Described judging module comprises capabilities list memory cell further, for preserving the capabilities list of described terminal device;
The request message white list preserved in described black and white lists configuration module comprises capability query restriction list item further;
Described judging module, for after determining ability to accept inquiry request, the capability query limiting content that the terminal sent request described in inquiry from described black and white lists configuration module is further corresponding, and according to this content, from described capabilities list memory cell, extract the ability information that will feed back;
The request message white list preserved in described black and white lists configuration module comprises authentication list item further;
Described judging module, after belonging to request message white list in the CSI terminal determining to send request, the CSI terminal sent request described in inquiry from described black and white lists configuration module further the need of carrying out authentication, and carries out authentication.
CN200710163103.XA 2006-11-21 2006-11-21 A response request method and device Active CN101192920B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200710163103.XA CN101192920B (en) 2006-11-21 2006-11-21 A response request method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200710163103.XA CN101192920B (en) 2006-11-21 2006-11-21 A response request method and device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN2006101457683A Division CN101193068B (en) 2006-11-21 2006-11-21 A response request method and device

Publications (2)

Publication Number Publication Date
CN101192920A CN101192920A (en) 2008-06-04
CN101192920B true CN101192920B (en) 2015-04-29

Family

ID=39487695

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200710163103.XA Active CN101192920B (en) 2006-11-21 2006-11-21 A response request method and device

Country Status (1)

Country Link
CN (1) CN101192920B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193068B (en) * 2006-11-21 2011-11-16 华为技术有限公司 A response request method and device
CN101370294B (en) * 2008-10-06 2012-07-04 华为终端有限公司 Terminal cell switching method and communication terminal
CN101651936A (en) * 2009-09-08 2010-02-17 中兴通讯股份有限公司 Automatic reply method and system based on intelligent network
CN102111343B (en) * 2009-12-28 2014-07-02 中兴通讯股份有限公司 Method for implementing instant messaging control and system adopting same
JP5356339B2 (en) * 2010-09-03 2013-12-04 シャープ株式会社 Terminal apparatus, base station apparatus, communication system, and communication method
CN101977191B (en) * 2010-10-19 2014-02-12 深圳市阿尔斯电信技术有限公司 ISSN basic signaling-based authentication signaling system on Internet
US10063495B2 (en) 2012-02-14 2018-08-28 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for improved handling of IMS node blacklisting
CN106470421A (en) * 2015-08-20 2017-03-01 中国移动通信集团公司 A kind of method and apparatus preventing malicious peer from illegally occupying resources of core network
CN107948592B (en) * 2017-11-22 2019-03-15 珠海格力电器股份有限公司 A kind of method, apparatus and intelligent terminal of shared camera
CN110430255A (en) * 2019-07-31 2019-11-08 阿里巴巴集团控股有限公司 The processing method of service request, system and electronic equipment in distributed type assemblies
CN112769672B (en) * 2019-11-01 2022-07-29 腾讯科技(深圳)有限公司 Data communication method and device and communication configuration method and device
CN116235467A (en) * 2020-07-30 2023-06-06 华为技术有限公司 Correlation control method and correlation device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6134447A (en) * 1998-05-29 2000-10-17 Ericsson Inc. System and method for monitoring and barring location applications
CN1859140A (en) * 2005-12-31 2006-11-08 华为技术有限公司 Method for realizing enabled positioning and positioning platform system
CN1859644A (en) * 2005-12-30 2006-11-08 华为技术有限公司 Temporary cluster conversation requesting method
CN101193068A (en) * 2006-11-21 2008-06-04 华为技术有限公司 A response request method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6134447A (en) * 1998-05-29 2000-10-17 Ericsson Inc. System and method for monitoring and barring location applications
CN1859644A (en) * 2005-12-30 2006-11-08 华为技术有限公司 Temporary cluster conversation requesting method
CN1859140A (en) * 2005-12-31 2006-11-08 华为技术有限公司 Method for realizing enabled positioning and positioning platform system
CN101193068A (en) * 2006-11-21 2008-06-04 华为技术有限公司 A response request method and device

Also Published As

Publication number Publication date
CN101192920A (en) 2008-06-04

Similar Documents

Publication Publication Date Title
CN101192920B (en) A response request method and device
CN101193068B (en) A response request method and device
US9743442B2 (en) Enabling combinational services in a communications network
US10609099B2 (en) System and method for implementing media and media control transfer between devices
EP2456171B1 (en) Apparatus and method for directing a communication session to a communication device of a group of devices having a common registration identity
RU2532729C2 (en) Method and service node for accessing video part of voice and video call and method of adding video part to voice call
US9094260B2 (en) Service controlling in a service provisioning system
US9306986B2 (en) Method for controlling session and server using the same
US20110040836A1 (en) System and method for implementing media and media control transfer between devices
US20100312832A1 (en) System and method for implementing media and media control transfer between devices
US8977757B2 (en) Method of discovering operator-provided network services using IMS
KR101720989B1 (en) Method and apparatus for controlling a session for interworking in converged internet protocol message coverged service and sytem therof
EP2763464B1 (en) Convergence calling method and system
US9578545B2 (en) Controlling data sessions in a communication system
JP2011078101A (en) Mobile communication control system, communication control method, and communication terminal
CN104641686A (en) Vvoip call transfer
KR20090085152A (en) Method, terminal and network device for changing status of packet switched domain
US8798037B2 (en) Apparatus and method for providing recording service in IP multimedia subsystem
EP1914973B1 (en) System and method to provide combinational services to anonymous callers
US20160277453A1 (en) System and method for providing enterprise voice call continuity
JP2010141850A (en) Communication apparatus and mobile terminal
CN111404865A (en) IMS system encrypted call method, network equipment, terminal and system
TW201743594A (en) System d of dynamically identifying VoIP calling and calling and called subscribers accommodated in the same SBC for NGN/IMS and method thereof capable of effectively banning illegal IP from illegally using telecommunication resources
JP2008148198A (en) Communication control apparatus and method, and communication terminal
CN106888444A (en) Realize that the voice roaming user based on LTE does called method and operation system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant