CN100563208C - A kind of machinery of consultation of H.248 protocol transmission security mechanism - Google Patents
A kind of machinery of consultation of H.248 protocol transmission security mechanism Download PDFInfo
- Publication number
- CN100563208C CN100563208C CNB2006100610614A CN200610061061A CN100563208C CN 100563208 C CN100563208 C CN 100563208C CN B2006100610614 A CNB2006100610614 A CN B2006100610614A CN 200610061061 A CN200610061061 A CN 200610061061A CN 100563208 C CN100563208 C CN 100563208C
- Authority
- CN
- China
- Prior art keywords
- message
- security mechanism
- soft switch
- tabulation
- servicechange
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a kind of machinery of consultation of H.248 protocol transmission security mechanism, this method comprises: media gateway sends a request message to soft switch; The security mechanism tabulation of self supporting is carried in soft switch in response message; Media gateway is selected and the common security mechanism of supporting of soft switch, sets up safety and connects.
Description
Technical field
The security mechanism that the present invention relates in the flexible exchanging network is consulted, and particularly relates to the H.248 machinery of consultation of protocol transmission security mechanism.
Background technology
Softswitch technology produces in order to adapt to the Communication Development demand.Because access node is many in the flexible exchanging network, user's access way and access place are all very flexible, so flexible exchanging network also just is faced with relatively more outstanding safety problem.In order to prevent that undelegated entity from utilizing host-host protocol between soft switch and the terminal to set up illegally to call out or interfere legal calling, need set up security mechanism to the transmission of these agreements.
The mechanism that guarantees the communication protocol safe transmission at present mainly is the IPsec agreement.When on IP network, transmitting H.248 agreement, H.248 also be that suggestion uses IPsec (referring to [RFC2401] to [RFC2411]) that protocol transmission is carried out safeguard protection.
In the prior art, can between both sides, set up escape way during the common a kind of security mechanism of soft switch that and if only and if media gateway support, but IPsec only is one of several possible security mechanisms, and some entity may support other mechanism as its privately owned characteristic.If there is more than one security mechanism of each self-supporting of multiple security mechanism and soft switch and media gateway, prior art can't be set up escape way in order to transmit H.248 agreement, thereby reduced the fail safe in user's use, reduced the satisfaction of user Virtual network operator.
Summary of the invention
In view of this, main purpose of the present invention is to provide the H.248 method of protocol transmission security mechanism of a kind of negotiation, thereby solves the H.248 safety problem of protocol transmission.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of machinery of consultation of H.248 protocol transmission security mechanism may further comprise the steps:
A, media gateway send ServiceChange message to soft switch;
The security mechanism tabulation of self supporting is carried in B, soft switch in response message;
C, media gateway are selected and the common security mechanism of supporting of soft switch, set up safety and connect.
After the step C, further comprise:
D, media gateway send registration message ServiceChange message to soft switch, carry the security mechanism tabulation that its soft switch of receiving is supported in message;
E, the entrained security mechanism tabulation of soft switch verification registration message if do not distorted, are returned the Reply success message, otherwise are returned the Reply failed message.
Request message described in the steps A is a registration message ServiceChange message.
In the steps A,, carry the security mechanism tabulation that media gateway is supported by expanding the parameter field of described registration message ServiceChange message.
By the parameter field of the described response message of expansion, carry the security mechanism tabulation that soft switch is supported among the step B.
By the parameter field of the described registration message ServiceChange message of expansion, carry the security mechanism tabulation that its soft switch of receiving is supported among the step D.
The parameter field of expansion ServiceChange message is meant definition ServiceChangeParm_Trans_Encrypt_Mode parameter in ServiceChange, the length Encrypt_Length of mechanism tabulation safe to carry and security mechanism tabulation Encrypt_List.
The parameter field of extended response message is meant definition ServiceChangeParm_Trans_Encrypt_Mode parameter in response message, the length Encrypt_Length of mechanism tabulation safe to carry and security mechanism tabulation Encrypt_List.
Step C comprises that further media gateway is selected to support and the highest security mechanism of priority with soft switch is common.
This shows, the inventive method provides a kind of machinery of consultation of H.248 protocol transmission security mechanism, solved prior art and had the problem that to set up escape way under more than one the situation of security mechanism of multiple security mechanism and soft switch and each self-supporting of media gateway, increased the satisfaction of user greatly operator.
Description of drawings
Fig. 1 media gateway is initiated the message flow chart that security mechanism is consulted;
The message flow chart that security mechanism is consulted is initiated in Fig. 2 soft switch.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with drawings and the specific embodiments.
Embodiment one: media gateway is initiated security mechanism and is consulted
Suppose media gateway support ipsec-ike (IPsec with IKE), ipsec-man (manually keyedIPsec without IKE), security mechanism, ipsec-ike and sec-private (privately owned security mechanism) are supported in soft switch.As shown in Figure 1:
(1) media gateway sends registration message ServiceChange message to soft switch, parameter field by extended registration message ServiceChange message, carry security mechanism ipsec-ike and ipsec-man that media gateway is supported, the presentation medium gateway can carry out security mechanism to be consulted.
(2) soft switch is returned the Reply message that responds ServiceChange message to media gateway, and is same by the above-mentioned parameter field of expansion in response message, carries security mechanism ipsec-ike and sec-private that soft switch is supported.
(3) the security mechanism tabulation of media gateway soft switch support that soft switch Reply message is carried compares with the security mechanism of self the supporting tabulation of preserving, select with the common security mechanism ipsec-ike of soft switch, after having set up the connection of bottom safety, media gateway sends registration message ServiceChange message to soft switch, by expansion ServiceChange message, in message, carry the security mechanism tabulation that its soft switch of receiving is supported;
When the common security mechanism of supporting of media gateway and soft switch has under the two or more situations, media gateway can be selected with the common security mechanism of soft switch according to priority orders.
(4) soft switch compares tabulation of the entrained security mechanism of ServiceChange message and self the security mechanism tabulation of preserving, if it is consistent, show that tabulation is not distorted, return the Reply success message, presentation medium gateway registration success, otherwise return the Reply failed message, the presentation medium gateway registration is unsuccessful.
In the above-mentioned steps, tabulate to carry corresponding security mechanisms by the parameter field of expansion ServiceChange message and Reply message, wherein, concrete extended mode is as follows:
In ServiceChange message or Reply message, define ServiceChangeParm_Trans_Encrypt_Mode, comprise following two parts in this parameter: Integer Encrypt_Length and StringEncrypt_List, wherein Encrypt_Length represents the length of security mechanism tabulation; Encrypt_List represents the security mechanism tabulation.
Embodiment two: soft switch is initiated security mechanism and is consulted
Suppose media gateway support ipsec-ike (IPsec with IKE), ipsec-man (manually keyedIPsec without IKE) security mechanism, ipsec-ike and sec-private (privately owned security mechanism) are supported in soft switch.As shown in Figure 2:
(1) media gateway sends registration message ServiceChange to soft switch, does not carry the security mechanism tabulation that media gateway is supported in the message.
(2) soft switch response Reply message, and in Reply message, pass through the spreading parameter territory, carry the security mechanism tabulation ipsec-ike and the sec-private that self support, expression need be carried out security mechanism and consult;
(3) the security mechanism tabulation of media gateway soft switch support that soft switch Reply message is carried compares with the security mechanism of self the supporting tabulation of preserving, select with the common security mechanism ipsec-ike of soft switch, after having set up the connection of bottom safety, media gateway sends registration message ServiceChange message to soft switch, by expansion ServiceChange message, in message, carry the security mechanism tabulation that its soft switch of receiving is supported.
When the common security mechanism of supporting of media gateway and soft switch has under the two or more situations, media gateway can be selected with the common security mechanism of soft switch according to priority orders;
(4) soft switch compares tabulation of the entrained security mechanism of ServiceChange and self the security mechanism tabulation of having preserved, if it is consistent, show that tabulation is not distorted, return the Reply success message, presentation medium gateway registration success, otherwise return the Reply failed message, the presentation medium gateway registration is unsuccessful.
In the above-mentioned steps, tabulate to carry corresponding security mechanisms by the parameter field of expansion ServiceChange message and Reply message, wherein, concrete extended mode is identical with embodiment one described mode, does not repeat them here.
In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1, a kind of machinery of consultation of H.248 protocol transmission security mechanism is characterized in that, said method comprising the steps of:
A, media gateway send ServiceChange message to soft switch;
The security mechanism tabulation of self supporting is carried in B, soft switch in response message;
C, media gateway are selected and the common security mechanism of supporting of soft switch, set up safety and connect.
2, method according to claim 1 is characterized in that, after the described step C, further comprises:
D, media gateway send registration message ServiceChange message to soft switch, carry the security mechanism tabulation that its soft switch of receiving is supported in message;
E, the entrained security mechanism tabulation of soft switch verification registration message if do not distorted, are returned the Reply success message, otherwise are returned the Reply failed message.
3, method according to claim 1 is characterized in that, the request message described in the steps A is a registration message ServiceChange message.
4, method according to claim 3 is characterized in that, in the steps A, by expanding the parameter field of described registration message ServiceChange message, carries the security mechanism tabulation that media gateway is supported.
5, method according to claim 1 is characterized in that, by the parameter field of the described response message of expansion, carries the security mechanism tabulation that soft switch is supported among the step B.
6, method according to claim 2 is characterized in that, by the parameter field of the described registration message ServiceChange message of expansion, carries the security mechanism tabulation that its soft switch of receiving is supported among the step D.
7, according to claim 4 or 6 described methods, it is characterized in that, the parameter field of expansion ServiceChange message is meant definition ServiceChangeParm_Trans_Encrypt_Mode parameter in ServiceChange, the length Encrypt_Length of mechanism tabulation safe to carry and security mechanism tabulation Encrypt_List.
8, method according to claim 5, it is characterized in that, the parameter field of extended response message is meant definition ServiceChangeParm_Trans_Encrypt_Mode parameter in response message, the length Encrypt_Length of mechanism tabulation safe to carry and security mechanism tabulation Encrypt_List.
According to any described method of claim 1 to 6, it is characterized in that 9, described step C comprises that further media gateway is selected to support and the highest security mechanism of priority with soft switch is common.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2006100610614A CN100563208C (en) | 2006-06-12 | 2006-06-12 | A kind of machinery of consultation of H.248 protocol transmission security mechanism |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2006100610614A CN100563208C (en) | 2006-06-12 | 2006-06-12 | A kind of machinery of consultation of H.248 protocol transmission security mechanism |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1984044A CN1984044A (en) | 2007-06-20 |
CN100563208C true CN100563208C (en) | 2009-11-25 |
Family
ID=38166291
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2006100610614A Expired - Fee Related CN100563208C (en) | 2006-06-12 | 2006-06-12 | A kind of machinery of consultation of H.248 protocol transmission security mechanism |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100563208C (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101478620B (en) * | 2009-01-20 | 2011-07-13 | 中兴通讯股份有限公司 | Method and system, soft switch and gateway for call processing |
WO2019158716A1 (en) * | 2018-02-19 | 2019-08-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Security negotiation in service based architectures (sba) |
-
2006
- 2006-06-12 CN CNB2006100610614A patent/CN100563208C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN1984044A (en) | 2007-06-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1838590B (en) | Method and system for supporting internet key exchange in SIP signal process | |
CN100379315C (en) | Method for carrying out authentication on user terminal | |
TW448657B (en) | Arrangement, system and method relating to data network access | |
CN1835436B (en) | General power authentication frame and method of realizing power auttientication | |
CN100413273C (en) | Method for WiMAX network accessing Internet protocol multimedia subdomain | |
CN100414890C (en) | Method and system for centrally configurating terminal equipment | |
CN103517266B (en) | Method for activating mobile terminal on mobile network side and mobile gateway system | |
CN101395932A (en) | Access terminal for communicating packets using a home anchored bearer path or a visited anchored bearer path | |
AU2002317425A1 (en) | Optimized routing between communication networks | |
WO2002069663A1 (en) | Method and wireless packet network for setting up a communications channel | |
CN1889611B (en) | Real-time speech communicating method and real-time speech communicating system | |
CN101166178B (en) | Session description protocol version negotiation method, system and network entity | |
WO2009000171A1 (en) | Method and system for realizing emergency number translation, server and user terminal | |
CN100563208C (en) | A kind of machinery of consultation of H.248 protocol transmission security mechanism | |
CN103973913A (en) | Method and service platform for achieving broadband service function under NGN | |
CN105516176A (en) | Call center system, communication connection method and device of call center system | |
US20070058611A1 (en) | Method and system to proxy mobile and network originated call sessions | |
CN102075501A (en) | Method for using Internet protocol (IP) multimedia subsystem (IMS), equipment and system | |
CN101631142A (en) | Sip server and communication system | |
CN101742008A (en) | Media stream proxy method, voice exchanger and communication system | |
CN101651606A (en) | Method, device and system for forwarding message | |
CN101212427A (en) | Device and method for accessing IP multimedia subsystem | |
CN103856572A (en) | Terminal device IP address contract extension method and household gateway | |
CN101635632A (en) | Method, system and device for authentication and configuration | |
CN101945108B (en) | A kind of method and system of carrying out control of authority in ldap server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091125 Termination date: 20130612 |