CN105743847A - Method for achieving SIP signal safety transmission based on WebSocket - Google Patents
Method for achieving SIP signal safety transmission based on WebSocket Download PDFInfo
- Publication number
- CN105743847A CN105743847A CN201410747922.9A CN201410747922A CN105743847A CN 105743847 A CN105743847 A CN 105743847A CN 201410747922 A CN201410747922 A CN 201410747922A CN 105743847 A CN105743847 A CN 105743847A
- Authority
- CN
- China
- Prior art keywords
- sip
- browser
- pki
- sip server
- handshake
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a method for achieving the SIP signal safety transmission based on WebSocket, and the method comprises the steps that a browser and an SIP server firstly generate respective public keys through an RSA, and then enable the respective public keys to be transmitted to each other through a handshake request message and a handshake response message of the WebSocket; the SIP signal of a transmitting side is encrypted through the public key of a receiving side in a subsequent process; the encrypted ciphertext is transmitted in a network, and the receiving side carries out the decoding of the ciphertext through the public key after receiving the ciphertext. The method can improve the transmission safety of the SIP signal in the network, and can prevent the user information at a format of plaintext in the SIP signal from being leaked.
Description
Technical field
The present invention relates to a kind of sing on web Socket method realizing SIP signaling security transmission, belong to communication technical field.
Background technology
The session for generating, revise and terminate between one or more participant of SIP (SessionInitiationProtocol) conversation initialized protocol, such as voice and video telephone, instant message etc.;Sip server is based on a necessary unit in the network of Session Initiation Protocol, is responsible for setting up, safeguarding that in network, all of SIP call connects.
Fast development along with computer networking technology, sing on web Socket protocol transmission SIP signaling gets more and more with the application realizing audio/video communication, such as click to dial (click-to-call) application that a lot of websites provide, user is click to dial button on browser page, browser is set up with server after being connected, and can realize the voice and video telephone between browser;But, owing to the SIP signaling in network and audio, video data are expressly, lawless person very easily obtains user profile according to SIP signaling, therefore, should pass through the information security technology such as encryption and improve safety that SIP signaling transmits in a network to avoid the leakage of user profile.
Summary of the invention
In view of the foregoing, it is an object of the invention to provide a kind of sing on web Socket method realizing SIP signaling security transmission, browser and sip server are by the respective PKI of alternating transmission in the handshake procedure of WebSocket, follow-up SIP signaling utilizes PKI to be encrypted, ciphertext after encryption is transmitted in a network, recipient recycles private key and ciphertext is decrypted, it is possible to improves the safety that SIP signaling is transmitted in a network, and then avoids the leakage of user profile.
For achieving the above object, the present invention is by the following technical solutions:
Sing on web Socket realizes the method for SIP signaling security transmission, it is characterised in that:
By the mutual respective PKI of handshake procedure of WebSocket between browser and sip server, the SIP signaling of sender utilizes the PKI of recipient to be transferred to recipient after being encrypted, and recipient utilizes the private key of self to be decrypted after receiving the SIP signaling of encryption.
Further,
The step of the method includes:
S10: browser sends handshake request message to sip server, carries the PKI of browser in this handshake request message;
S11:SIP server receives this handshake request message, therefrom extracts the PKI of browser and preserves;
S12:SIP server sends handshake response message to browser, carries the PKI of sip server in this handshake response message;
S13: browser receives the handshake response message of sip server, therefrom extracts the PKI of sip server and preserves;
S14: the SIP signaling between browser and sip server is encrypted by the PKI that both sides are mutual.
Described PKI utilizes RSA Algorithm to generate.
It is an advantage of the current invention that:
The WebSocket of the present invention realizes the method for SIP signaling security transmission, browser and sip server are by the respective PKI of alternating transmission in the handshake procedure of WebSocket, follow-up SIP signaling utilizes PKI to be encrypted, ciphertext after encryption is transmitted in a network, recipient recycles private key and ciphertext is decrypted, the safety that SIP signaling is transmitted in a network can be improved, and then avoid the leakage of user profile.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of the present invention.
Fig. 2 is the system architecture schematic diagram realizing the present invention.
Fig. 3 is the message flow graph of the present invention one specific embodiment.
Fig. 4 is the handshake request message that in the present invention one specific embodiment, browser sends.
Fig. 5 is the handshake response message that in the present invention one specific embodiment, sip server sends.
Detailed description of the invention
Below in conjunction with drawings and Examples, the present invention is described in further detail.
Fig. 1 is the method flow diagram of the present invention, and Fig. 2 is the system architecture schematic diagram realizing the present invention, and Fig. 3 is the message flow graph of the present invention one specific embodiment;As it can be seen, the method that sing on web Socket disclosed by the invention realizes SIP signaling security transmission, including step:
S10: browser sends handshake request message to sip server, carries the PKI of browser in this handshake request message;
Fig. 4 is the handshake request message that in the present invention one specific embodiment, browser sends, as shown in the figure, in this handshake request message, the value of Sec-WebSocket-Protocol field is the value of sip, RSA-WebSocket-Key field is the PKI that browser is generated by RSA Algorithm.
S11:SIP server receives this handshake request message, extracts the PKI of browser and preserve from this handshake request message;
S12:SIP server sends handshake response message to browser, carries the PKI of sip server in this handshake response message;
Fig. 5 is the handshake response message that in the present invention one specific embodiment, sip server sends, as it can be seen, in this handshake response message, the value of RSA-WebSocket-Key field is the PKI that sip server is generated by RSA Algorithm.
S13: browser receives the handshake response message of sip server, extracts the PKI of sip server from this handshake response message and preserves;
S14: handshake procedure terminates, the SIP signaling between follow-up browser and sip server is encrypted by the PKI that both sides are mutual, and the ciphertext after encryption is transmitted in a network.
The SIP signaling that browser sends to sip server sends to sip server with WebSocket message after the public key encryption of sip server, after sip server receives this WebSocket message, utilize the private key (being generated by RSA Algorithm) of self the SIP signaling of encryption to be decrypted and carry out subsequent treatment;
The SIP signaling that sip server sends to browser sends to browser with WebSocket message after the public key encryption of browser, after browser receives this WebSocket message, utilizes the private key of self the SIP signaling of encryption to be decrypted and carries out subsequent treatment.
The sing on web Socket of the present invention realizes the method for SIP signaling security transmission, browser and sip server generate respective PKI first with RSA, by the handshake request message of WebSocket and handshake response message, respective PKI is transferred to the other side, in subsequent process, the SIP signaling of sender utilizes the PKI of recipient to be encrypted, and the ciphertext after encryption is transmitted in a network, and recipient utilizes the private key of self that ciphertext is decrypted after receiving ciphertext.The present invention can improve the safety that SIP signaling is transmitted in a network, and then can avoid the leakage of the user profile of the plaintext version carried in SIP signaling.
The above is presently preferred embodiments of the present invention and the know-why used thereof; for a person skilled in the art; when without departing substantially from the spirit and scope of the present invention; any based on apparent changes such as the equivalent transformation on technical solution of the present invention basis, simple replacements, belong within scope.
Claims (3)
1. the method that sing on web Socket realizes SIP signaling security transmission, it is characterised in that:
By the mutual respective PKI of handshake procedure of WebSocket between browser and sip server, the SIP signaling of sender utilizes the PKI of recipient to be transferred to recipient after being encrypted, and recipient utilizes the private key of self to be decrypted after receiving the SIP signaling of encryption.
2. the method that sing on web Socket as claimed in claim 1 realizes SIP signaling security transmission, it is characterised in that the step of the method includes:
S10: browser sends handshake request message to sip server, carries the PKI of browser in this handshake request message;
S11:SIP server receives this handshake request message, therefrom extracts the PKI of browser and preserves;
S12:SIP server sends handshake response message to browser, carries the PKI of sip server in this handshake response message;
S13: browser receives the handshake response message of sip server, therefrom extracts the PKI of sip server and preserves;
S14: the SIP signaling between browser and sip server is encrypted by the PKI that both sides are mutual.
3. the method that sing on web Socket as claimed in claim 2 realizes SIP signaling security transmission, it is characterised in that described PKI utilizes RSA Algorithm to generate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410747922.9A CN105743847A (en) | 2014-12-09 | 2014-12-09 | Method for achieving SIP signal safety transmission based on WebSocket |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410747922.9A CN105743847A (en) | 2014-12-09 | 2014-12-09 | Method for achieving SIP signal safety transmission based on WebSocket |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105743847A true CN105743847A (en) | 2016-07-06 |
Family
ID=56239566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410747922.9A Pending CN105743847A (en) | 2014-12-09 | 2014-12-09 | Method for achieving SIP signal safety transmission based on WebSocket |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105743847A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714561A (en) * | 2019-01-07 | 2019-05-03 | 福建星网智慧科技股份有限公司 | A kind of SIP conference control method based on INFO message |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127604A (en) * | 2007-09-25 | 2008-02-20 | 中兴通讯股份有限公司 | Information secure transmission method and system |
| CN101567784A (en) * | 2008-04-21 | 2009-10-28 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for acquiring key |
| CN102523217A (en) * | 2011-12-16 | 2012-06-27 | 淮安信息职业技术学院 | Secure communication method based on JAIN SIP (Session Initiation Protocol) |
| CN102833253A (en) * | 2012-08-29 | 2012-12-19 | 五八同城信息技术有限公司 | Method and server for establishing safe connection between client and server |
| CN103281324A (en) * | 2013-06-04 | 2013-09-04 | 江苏科大汇峰科技有限公司 | Safety communication method for Android client side |
| CN103607417A (en) * | 2012-12-03 | 2014-02-26 | 深圳市证通电子股份有限公司 | Network server supporting SSL protocol |
-
2014
- 2014-12-09 CN CN201410747922.9A patent/CN105743847A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127604A (en) * | 2007-09-25 | 2008-02-20 | 中兴通讯股份有限公司 | Information secure transmission method and system |
| CN101567784A (en) * | 2008-04-21 | 2009-10-28 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for acquiring key |
| CN102523217A (en) * | 2011-12-16 | 2012-06-27 | 淮安信息职业技术学院 | Secure communication method based on JAIN SIP (Session Initiation Protocol) |
| CN102833253A (en) * | 2012-08-29 | 2012-12-19 | 五八同城信息技术有限公司 | Method and server for establishing safe connection between client and server |
| CN103607417A (en) * | 2012-12-03 | 2014-02-26 | 深圳市证通电子股份有限公司 | Network server supporting SSL protocol |
| CN103281324A (en) * | 2013-06-04 | 2013-09-04 | 江苏科大汇峰科技有限公司 | Safety communication method for Android client side |
Non-Patent Citations (2)
| Title |
|---|
| 华骏: "基于公钥加密体制的SIP协议安全模型研究与实现", 《中国优秀硕士学位论文全文数据库》 * |
| 龙昭华,李哲明: "基于应用层的SIP安全机制设计", 《计算机工程与设计》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714561A (en) * | 2019-01-07 | 2019-05-03 | 福建星网智慧科技股份有限公司 | A kind of SIP conference control method based on INFO message |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2916527C (en) | Securing method for lawful interception | |
| CN106850195B (en) | Group key negotiation and communication method in instant communication | |
| CN103986503B (en) | Safe bluetooth earphone and voice communication method thereof | |
| US20150082021A1 (en) | Mobile proxy for webrtc interoperability | |
| WO2015180654A1 (en) | Method and apparatus for achieving secret communications | |
| CN106936788B (en) | A kind of cryptographic key distribution method suitable for VOIP voice encryption | |
| RU2011150225A (en) | ACCESS MANAGEMENT TO PROTECTED APPLICATION FUNCTIONS USING CLIENT'S CONFIDENCE LEVELS | |
| CN104486077A (en) | End-to-end secret key negotiation method for VoIP (Voice Over Internet Protocol) real-time data safety transmission | |
| CN105792190B (en) | Data encryption, decryption and transmission method in communication system | |
| KR102507113B1 (en) | Method, Appratus and System of Monitoring Supporting for Encrypted Communication Session | |
| CN104243146A (en) | Encryption communication method and device and terminal | |
| CN103997405B (en) | A kind of key generation method and device | |
| CN107534555B (en) | Method and device for certificate verification | |
| WO2017215443A1 (en) | Message transmission method, apparatus and system | |
| CN107294968A (en) | The monitoring method and system of a kind of audio, video data | |
| US9819651B2 (en) | Secure voice and text communication | |
| WO2017197968A1 (en) | Data transmission method and device | |
| WO2016070685A1 (en) | Method and system for implementing sip session transmission | |
| CN104753869A (en) | SIP protocol based session encryption method | |
| CN105743847A (en) | Method for achieving SIP signal safety transmission based on WebSocket | |
| WO2012024904A1 (en) | Method and system for pre-accessing conference telephone and network side device | |
| CN104753876A (en) | Flexible and controllable session encryption method | |
| TW201608864A (en) | Communication security system and method | |
| CN108696512B (en) | Cross-protocol code stream encryption negotiation method and device and conference equipment | |
| CN110574335B (en) | Key distribution system, method and recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160706 |