CN101123504A - Certification method for communication terminal and response source - Google Patents
Certification method for communication terminal and response source Download PDFInfo
- Publication number
- CN101123504A CN101123504A CNA2007100769413A CN200710076941A CN101123504A CN 101123504 A CN101123504 A CN 101123504A CN A2007100769413 A CNA2007100769413 A CN A2007100769413A CN 200710076941 A CN200710076941 A CN 200710076941A CN 101123504 A CN101123504 A CN 101123504A
- Authority
- CN
- China
- Prior art keywords
- session
- communication terminal
- module
- response
- identity token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the present invention discloses an identification method of a communication terminal and a response source, which includes two steps. Firstly, the communication terminal receives a response message returned by the response source; secondly, the communication terminal judges whether the response source is reliable, if yes, then a session are established, and if not, then the establishment flow is terminated. The communication terminal comprises a response-receiving module, which is used to receive the response message returned by the response source, an identification module, which is used to judge whether the response source is reliable, a session-establishing module, which is used to establish a session, and a session establishment terminating module, which is used to terminate the establishment flow of a session. The identification method of the communication terminal and the response source can ensure that the establishment of an expected session does not fail because of the failure of identity verification, and enable the communication terminal to independently select the processing method of messages, thereby flexibility is increased, realization is simple, and the dependency on a system is decreased.
Description
Technical field
The invention belongs to the communications field, relate in particular to the authentication method of a kind of communication terminal and response source.
Background technology
Set up in the process in session, reliability is identified extremely important to filtering non-expectation request, for example can support blacklist or white list.With SIP (Session Initiation Protocol, session initiation protocol) session is example, and UAS (User Agent Server, subscriber proxy server) need carry out the reliability of request source usually when receiving the SIP request identifies.
Prior art identifies that to the reliability of request source two kinds of methods are arranged usually: hop-by-hop confirmation method and ciphering signature method.
In the hop-by-hop confirmation method, each the SIP entity on the signalling path all can receive the affirmation information of previous SIP entity to request source.Outer the SIP media of UAC (User Agent Client, User Agent Client) can carry out authentication to UAC usually, thereby can confirm the UAC identity of next SIP entity, and this next one SIP entity is confirmed to next SIP entity successively again.Yet this method only exists under the situation of continuous trust chain effectively, if entity is distrusted the affirmation of its previous entity, it can not use and can not transmit corresponding information to other entities yet.
In the ciphering signature method,, can insert the ciphering signature identity information for the identity server that can carry out authentication in UAC that has private key or suitable certificate or the same territory to UAC.The recipient of ciphering signature identity can determine whether believing this identity according to the certificate of signer.
And prior art identifies also do not have effective method to solve at present to the reliability of response source.Because request can be shifted, for example be redirected, so response message not necessarily can send the situation that this has just caused request source can not identify the identity of response source from having the entity that common identity or request source trust with the source request.Be example still, see also Fig. 1, suppose that a UAC and a UAS trust each other with the SIP session.Set up in the process in session, if session is redirected to the 2nd UAS for a certain reason, then response message is beamed back by the 2nd UAS.And since UAC and do not know the identity of the 2nd UAS therefore can refuse this response, thereby cause session to set up failure.
Summary of the invention
Embodiment of the invention technical problem to be solved is to provide a kind of can guarantee that session that expectation sets up can be owing to identity can't be verified the communication terminal of setting up failure and the authentication method of response source.
For solving the problems of the technologies described above, the embodiment of the invention provides a kind of authentication method of response source, and it may further comprise the steps:
Communication terminal receives the response message that response source is beamed back;
Communication terminal judges whether response source is reliable, if, then set up session, if not, then end session sets up flow process.
The embodiment of the invention also provides a kind of communication terminal, and it comprises:
The response receiver module is used to receive the response message that response source is beamed back;
Identify module, be used to judge whether response source is reliable;
Module is set up in session, is used to set up session;
End session is set up module, is used for the flow process of setting up of end session;
Identify that as if described the judged result of module is that response source is reliable, then described evaluation module is set up module with described session and is connected, if judged result is that response source is unreliable, then described evaluation module is set up module with described end session and is connected.
Because the authentication method of the communication terminal that provides of the embodiment of the invention and response source has increased the mechanism that response source is identified in terminal, the session that therefore can guarantee to expect foundation can can't not verified and sets up failure owing to identity; Also make communication terminal can independently select processing method in addition, thereby improved flexibility, and implement fairly simplely, and reduced dependence system to message.
Description of drawings
Fig. 1 is that the process schematic diagram is set up in the session that response source identity that prior art provides can not authenticate.
Fig. 2 is the authentication method flow chart of the response source that provides of third embodiment of the invention.
Fig. 3 is the authentication method flow chart of the response source that provides of seventh embodiment of the invention.
Fig. 4 adopts the session of the authentication method of the response source that seventh embodiment of the invention provides to set up the process schematic diagram.
Fig. 5 is that the process schematic diagram is set up in the session of adopting the SIP mode of extended message header field to transmit identity token.
Fig. 6 is the authentication method flow chart of the response source that provides of eighth embodiment of the invention.
Fig. 7 is the communication terminal functions module frame chart that first embodiment of the invention provides.
Fig. 8 is the communication terminal functions module frame chart that second embodiment of the invention provides.
Fig. 9 is the communication terminal functions module frame chart that third embodiment of the invention provides.
Figure 10 is the communication terminal functions module frame chart that fourth embodiment of the invention provides.
Figure 11 is the communication terminal functions module frame chart that fifth embodiment of the invention provides.
Figure 12 is the communication terminal functions module frame chart that sixth embodiment of the invention provides.
Figure 13 is the communication terminal functions module frame chart that seventh embodiment of the invention provides.
Figure 14 is the communication terminal functions module frame chart that eighth embodiment of the invention provides.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
First embodiment of the authentication method of response source of the present invention may further comprise the steps:
Set up in the process in session, when communication terminal received the response message that response source beams back, communication terminal judged whether response source is reliable, if, then set up session, if not, then end session sets up flow process.
Second embodiment of the authentication method of response source of the present invention may further comprise the steps:
Set up in the process in session, when communication terminal receives the response message that response source beams back, to set up address, session side identical with expectation in the address that communication terminal is judged response source, if it is identical, then be defined as reliably setting up session, if inequality, it is unreliable then to be defined as, end session set up flow process.
See also Fig. 2, the 3rd embodiment of the authentication method of response source of the present invention may further comprise the steps:
A1, communication terminal receive the response message that response source is beamed back;
To set up address, session side identical with expectation in the address that A2, communication terminal are judged response source, if identical, then is defined as reliably, sets up session, if inequality, execution in step A3 then;
A3, communication terminal judge whether only to be ready that setting up session side with expectation sets up session, if it is unreliable then to be defined as, end session set up flow process, if not, then be defined as reliably, set up session.
The 4th embodiment of the authentication method of response source of the present invention may further comprise the steps:
Set up in the process in session, when communication terminal receives the response message that response source beams back, communication terminal judges whether the address of response source belongs to the address of the default trusted source of communication terminal, if, then be defined as reliably setting up session, if not, it is unreliable then to be defined as, end session set up flow process.
The 5th embodiment of the authentication method of response source of the present invention may further comprise the steps:
Set up in the process in session, when communication terminal receives the response message that response source beams back, communication terminal judges whether the address of response source belongs to the address of the default non-trusted source of communication terminal, if, it is unreliable then to be defined as, end session set up flow process, if not, then be defined as reliably setting up session.
The 6th embodiment of the authentication method of response source of the present invention may further comprise the steps:
Communication terminal sends conversation request message, carries call identification (Call-ID) in this conversation request message, and this call identification is the unique identification that is used to distinguish different sessions;
Communication terminal receives the response message that response source is beamed back;
Communication terminal judges that the call identification that carries in this response message is whether consistent with the call identification that carries in the conversation request message, if consistent, then is defined as reliably, sets up session, if inconsistent, it is unreliable then to be defined as, end session set up flow process.
See also Fig. 3, the 7th embodiment of the authentication method of response source of the present invention may further comprise the steps:
B1, communication terminal send conversation request message, and this request message carries the original identity token of this communication terminal, all carry this identity token to allow session set up in the message of each jumping in the process;
B2, communication terminal receive the response message that response source is beamed back;
B3, communication terminal judge whether carry identity token in the response message, if, execution in step B4 then, if not, it is unreliable then to be defined as, end session set up flow process;
B4, communication terminal judge whether the identity token that carries in the response message consistent with the original identity token of communication terminal, if consistent, then are defined as reliably, set up session, if inconsistent, it is unreliable then to be defined as, end session set up flow process.
For security consideration, the identity token that transmits in the authentication method of the response source that seventh embodiment of the invention provides generally is not expressly to transmit, and for example adopts the method for public, private key theory to encrypt the back transmission.That is to say that requesting party's communication terminal adopts the PKI of first response source that original identity token is encrypted back formation identity token A and carries in request message; And first response source receives the back with the public key encryption of using second response source behind the private key decryption identity token A of oneself again, carries in the message that is redirected behind the formation identity token B; Second response source reception back is used the private key decryption identity token B of oneself and is used requesting party's public key encryption, is carrying in final response message behind the formation identity token C.Requesting party's communication terminal can be deciphered identity token C with the private key of oneself after receiving response message like this, and compares with original identity token.So just guaranteed the reliability of identity token.
See also Fig. 4, in the authentication method of the response source that seventh embodiment of the invention provides, suppose that requesting party's communication terminal trusts first response source, and session is set up in expectation with it, when first response source need be redirected to second response source with session for a certain reason, its can also transmit over identity token simultaneously, and second response source is taken back identity token to the requesting party when beaming back response message to requesting party's communication terminal again.Requesting party's communication terminal can learn just that according to the identity token that carries in the response message second response source is that first response source is trusted like this.
In the authentication method of the response source that seventh embodiment of the invention provides, the identity token transmission can adopt the mode of extended multimedia session protocol to carry out, wherein the Multimedia session agreement includes but not limited to SIP, H.323 waits, and extended mode includes but not limited to that extended message header field, expansion have the parameter of header field, extended message body etc. now.
See also Fig. 5, adopting the SIP mode of extended message header field with the identity token transmission below is that the example descriptive session is set up process, specific as follows:
(1) UAC encrypts original identity token token and generates identity token tokenCP with the PKI of acting server (PROXY), preserve original identity token information afterwards and send session foundation request, comprised the PKI of identity token information tokenCP and UAC in the request message to PROXY;
(2) PROXY is with identity token tokenCP deciphering, and the public key encryption with a UAS generates identity token tokenPS1 again, is carried at then in the message and sends session foundation request to a UAS;
(3) the one UAS wish that this moment the 2nd UAS is on behalf of replying, therefore beam back redirect response message to PROXY, the address information and the parameters such as identity token information tokenS1 and PKI that have comprised the 2nd UAS in the response message, wherein tokenS1 uses the public key encryption of PROXY to generate after the one UAS deciphers tokenPS1 with the private key of oneself again;
The identity token tokenS1 deciphering of (4) carrying in the redirect response message that PROXY beams back a UAS, the public key encryption with the 2nd UAS generates identity token tokenPS2 again, is carried at then in the message to send session to the 2nd UAS and set up and ask;
(5) the 2nd UAS obtain identity token tokenPS2 from request message, use the public key encryption of PROXY to form identity token tokenS2 again after the private key deciphering with oneself, beam back the response message of agreeing that session is set up then, carried the identity token tokenS2 that can prove identity in the response message;
(6) PROXY deciphers identity token, and the public key encryption with UAC generates identity token tokenPC again, is carried in the message then and beams back response message to UAC;
(7) after UAC received response message, to the 2nd UAS, promptly response source was identified according to the information that provides in the response message;
(8) if the 2nd UAS authentication is passed through, then be defined as reliably, set up session, if authentication is not passed through, it is unreliable then to be defined as, end session set up flow process.
See also Fig. 6, the 8th embodiment of the authentication method of response source of the present invention specifically may further comprise the steps:
Whether C1, the address of judging response source belong to the address of the default non-trusted source of UAC, if, direct execution in step C8 then, if not, execution in step C2 then;
C2, judge whether carry identity token in the response message, if having, execution in step C3 then, if do not have, direct execution in step C8 then;
C3, UAC decipher identity token with private key;
C4, judge that the identity token after the deciphering is whether consistent with the original identity token that UAC preserves, if consistent, execution in step C5 then, if inconsistent, direct execution in step C8 then;
To set up address, session side identical with expectation for C5, the address of judging response source, if identical, direct execution in step C7 then, if inequality, execution in step C6 then;
C6, judge whether only to be ready to set up session with former expectation side, if not, execution in step C7 then, if, direct execution in step C8 then;
C7, be defined as reliably, set up session;
C8, be defined as unreliable, end session set up flow process.
See also Fig. 7, first embodiment of communication terminal of the present invention comprises:
The response receiver module is used to receive the response message that response source is beamed back;
Identify module, be used to judge whether response source is reliable;
Module is set up in session, is used to set up session;
End session is set up module, is used for the flow process of setting up of end session;
If identify that the judged result of module is that response source is reliable, then set up module and set up session by session, if judged result is that response source is unreliable, then set up the flow process of setting up of module end session by end session.
See also Fig. 8, second embodiment of communication terminal of the present invention and the difference of first embodiment are that the evaluation module of second embodiment comprises:
To set up address, session side identical with expectation for first judge module, the address that is used to judge response source;
If the judged result of first judge module is identical, then set up module and set up session by session, if judged result is inequality, then set up the flow process of setting up of module end session by end session.
See also Fig. 9, the 3rd embodiment of communication terminal of the present invention and the difference of first embodiment are that the evaluation module of the 3rd embodiment comprises:
To set up address, session side identical with expectation for first judge module, the address that is used to judge response source;
Second judge module is used to judge whether communication terminal only is ready that setting up session side with expectation sets up session;
If the judged result of first judge module is identical, then first judge module is set up module with session and is connected, if judged result is inequality, then judge further by second judge module whether communication terminal only is ready that setting up session side with expectation sets up session, if the judged result of second judge module is for being, then set up flow process, if judged result is then set up module by session and set up session for not by the end session end session.
See also Figure 10, the difference of communication terminal the 4th embodiment of the present invention and first embodiment is that the evaluation module of the 4th embodiment comprises:
The 3rd judge module is used to judge whether the address of response source belongs to the address of the default trusted source of communication terminal;
If the judged result of the 3rd judge module is then set up module by session and is set up session for being, if judged result is then set up the module end session by end session and set up flow process for not.
See also Figure 11, the difference of communication terminal the 5th embodiment of the present invention and first embodiment is that the evaluation module of the 5th embodiment comprises:
The 4th judge module is used to judge whether the address of response source belongs to the address of the default non-trusted source of communication terminal;
If the judged result of the 4th judge module is then set up the module end session by end session and is set up flow process for being, if judged result is then set up module by session and set up session for not.
See also Figure 12, the 6th embodiment of communication terminal of the present invention and the difference of first embodiment are that the 6th embodiment also comprises:
Request sending module is used to send conversation request message, carries call identification in this conversation request message, and this call identification is the unique identification that is used to distinguish different sessions;
The evaluation module of the 6th embodiment comprises:
The 5th judge module is used for judging that call identification that response message carries is whether consistent with the call identification that carries in the conversation request message;
If the judged result of the 5th judge module is consistent, then set up module and set up session by session, if judged result is inconsistent, then sets up the module end session and set up flow process by end session.
See also Figure 13, the 7th embodiment of communication terminal of the present invention and the difference of first embodiment are that the 7th embodiment also comprises:
Encrypting module is used for original identity token is encrypted;
Request sending module is used to send conversation request message, and this request message carries the original identity token of this communication terminal, all carries this identity token to allow session set up in the message of each jumping in the process;
Deciphering module, the identity token after the encryption that is used for receiving is decrypted;
The identity token receiver module is used to receive the identity token that response source is beamed back;
In addition, the evaluation module of the communication terminal that provides of the 7th embodiment comprises:
The 6th judge module is used for judging whether response message carries identity token;
The 7th judge module is used for judging whether the identity token that response message carries is consistent with the original identity token of communication terminal;
If the judged result of the 6th judge module is for having, then the identity token after encrypting module is encrypted that will be received by deciphering module is decrypted, further judge by the 7th judge module whether the identity token that carries in the response message is consistent with the original identity token of communication terminal, if judged result for not having, is then set up the flow process of setting up of module end session by end session; If the judged result of the 7th judge module is consistent, then set up module and set up session by session, if judged result is inconsistent, then set up the flow process of setting up of module end session by end session.
See also Figure 14, the 8th embodiment of communication terminal of the present invention and the difference of first embodiment are that the 8th embodiment also comprises:
Encrypting module is used for original identity token is encrypted;
Request sending module is used to send conversation request message, and this request message carries the original identity token of this communication terminal, all carries this identity token to allow session set up in the message of each jumping in the process;
Deciphering module, the identity token after the encryption that is used for receiving is decrypted;
The identity token receiver module is used to receive the identity token that response source is beamed back;
In addition, the evaluation module of the communication terminal that provides of the 8th embodiment comprises:
The 4th judge module is used to judge whether the address of response source belongs to the address of the default non-trusted source of communication terminal;
The 6th judge module is used for judging whether response message carries identity token;
The 7th judge module is used for judging whether the identity token that response message carries is consistent with the original identity token of communication terminal;
To set up address, session side identical with expectation for first judge module, the address that is used to judge response source;
Second judge module is used to judge whether communication terminal only is ready that setting up session side with expectation sets up session;
If the judged result of the 4th judge module for being, is then set up the flow process of setting up of module end session by end session, as if judged result for not being then further to judge whether carry identity token in the response message by the 6th judge module; If the judged result of the 6th judge module is for having, then the identity token after encrypting module is encrypted that will be received by deciphering module is decrypted, further judge by the 7th judge module whether the identity token that carries in the response message is consistent with the original identity token of communication terminal, if judged result for not having, is then set up the flow process of setting up of module end session by end session; If the judged result of the 7th judge module be consistent, then to set up address, session side identical with expectation in the address of further judging response source by first judge module, is inconsistent as if judged result, then set up the flow process of setting up of module end session by end session; If the judged result of first judge module is identical, then set up module and set up session by session, if judged result is inequality, then judge further by second judge module whether communication terminal only is ready that setting up session side with expectation sets up session; If the judged result of second judge module for not being, is then set up module by session and is set up session, as if judged result for being then to set up the flow process of setting up of module end session by end session.
The communication terminal that the embodiment of the invention provides and the authentication method of response source be owing to increased the mechanism that response source is identified in terminal, the session that therefore can guarantee to expect foundation can can't not verified and sets up failure owing to identity; Also make communication terminal can independently select processing method in addition, thereby improved flexibility, and implement fairly simplely, and reduced dependence system to message.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (18)
1. the authentication method of a response source is characterized in that, may further comprise the steps:
Communication terminal receives the response message that response source is beamed back;
Communication terminal judges whether response source is reliable, if, then set up session, if not, then end session sets up flow process.
2. the authentication method of response source as claimed in claim 1, it is characterized in that, described communication terminal is judged response source, and whether reliably step is specifically: to set up address, session side identical with expectation in the address that communication terminal is judged response source, if it is identical, then be defined as reliable, if inequality, it is unreliable then to be defined as.
3. the authentication method of response source as claimed in claim 1 is characterized in that, described communication terminal is judged response source, and whether reliably step is specifically:
To set up address, session side identical with expectation in the address that A1, communication terminal are judged response source, if identical, then be defined as reliable, if inequality, execution in step A2 then;
A2, communication terminal judge whether only to be ready that setting up session side with expectation sets up session, if it is unreliable then to be defined as, if not, then be defined as reliable.
4. the authentication method of response source as claimed in claim 1, it is characterized in that, described communication terminal is judged response source, and whether reliably step is specifically: communication terminal judges whether the address of response source belongs to the address of the trusted source that communication terminal presets, if, then be defined as reliable, if not, it is unreliable then to be defined as.
5. the authentication method of response source as claimed in claim 1, it is characterized in that, described communication terminal is judged response source, and whether reliably step is specifically: communication terminal judges whether the address of response source belongs to the address of the non-trusted source that communication terminal presets, if, it is unreliable then to be defined as, if not, then be defined as reliable.
6. the authentication method of response source as claimed in claim 1 is characterized in that, and is further comprising the steps of before the step of the response message that described communication terminal reception response source is beamed back:
Communication terminal sends conversation request message, carries call identification in the described conversation request message, and described call identification is the unique identification that is used to distinguish different sessions;
Described communication terminal is judged response source, and whether reliably step is specifically: communication terminal judges that the call identification that carries in the described response message is whether consistent with the call identification that carries in the conversation request message, if it is consistent, then be defined as reliably, if inconsistent, it is unreliable then to be defined as.
7. the authentication method of response source as claimed in claim 1 is characterized in that, and is further comprising the steps of before the step of the response message that described communication terminal reception response source is beamed back:
B1, communication terminal send conversation request message, and described request message is carried the original identity token of described communication terminal, all carry described identity token to allow session set up in the message of each jumping in the process;
Described communication terminal is judged response source, and whether reliably step is specifically:
B2, communication terminal judge whether carry identity token in the response message, if, execution in step B3 then, if not, it is unreliable then to be defined as;
B3, communication terminal judge whether the identity token that carries in the response message is consistent with the original identity token of communication terminal, if consistent, then are defined as reliably, if inconsistent, it is unreliable then to be defined as.
8. the authentication method of response source as claimed in claim 7 is characterized in that, described identity token transmits by encrypting the back.
9. the authentication method of response source as claimed in claim 1 is characterized in that, described communication terminal is judged response source, and whether reliably step is specifically:
C1, communication terminal judge whether the address of response source belongs to the address of the default non-trusted source of communication terminal, if, direct execution in step C8 then, if not, execution in step C2 then;
C2, judge whether carry identity token in the response message, if having, execution in step C3 then, if do not have, direct execution in step C8 then;
C3, identity token is deciphered;
C4, judge whether the identity token after the deciphering is consistent with the original identity token of communication terminal, if consistent, execution in step C5 then, if inconsistent, direct execution in step C8 then;
To set up address, session side identical with expectation for C5, the address of judging response source, if identical, direct execution in step C7 then, if inequality, execution in step C6 then;
C6, judge whether only to be ready to set up session with former expectation side, if not, execution in step C7 then, if, direct execution in step C8 then;
C7, be defined as reliable;
C8, be defined as unreliable.
10. a communication terminal is characterized in that, comprising:
The response receiver module is used to receive the response message that response source is beamed back;
Module is set up in session, is used to set up session;
End session is set up module, is used for the flow process of setting up of end session;
Identify module to be used to judge whether response source is reliable, if, then set up module and set up session by described session, if not, the flow process of setting up of module end session then set up by described end session.
11. communication terminal as claimed in claim 10 is characterized in that, described evaluation module comprises:
To set up address, session side identical with expectation for first judge module, the address that is used to judge response source, if identical, then set up module by described session and set up session, if inequality, then set up the flow process of setting up of module end session by described end session.
12. communication terminal as claimed in claim 10 is characterized in that, described evaluation module comprises:
First judge module, to set up address, session side identical with expectation in the address that is used to judge response source, if it is identical, then set up module and set up session by described session, if inequality, then judge further by second judge module whether communication terminal only is ready that setting up session side with expectation sets up session;
Described second judge module is used to judge whether communication terminal only is ready that setting up session side with expectation sets up session, if, then set up the flow process of setting up of module end session by described end session, if not, then set up module and set up session by described session.
13. communication terminal as claimed in claim 10 is characterized in that, described evaluation module comprises:
The 3rd judge module is used to judge whether the address of response source belongs to the address of the default trusted source of communication terminal, if, then set up module and set up session by described session, if not, the flow process of setting up of module end session then set up by described end session.
14. communication terminal as claimed in claim 10 is characterized in that, described evaluation module comprises:
The 4th judge module is used to judge whether the address of response source belongs to the address of the default non-trusted source of communication terminal, if, then set up the flow process of setting up of module end session by described end session, if not, then set up module and set up session by described session.
15. communication terminal as claimed in claim 10 is characterized in that, described communication terminal also comprises:
Request sending module is used to send conversation request message, carries call identification in the described conversation request message, and described call identification is the unique identification that is used to distinguish different sessions;
Described evaluation module comprises:
The 5th judge module, be used for judging that call identification that response message carries is whether consistent with the call identification that carries in the conversation request message,, then set up module and set up session by described session if consistent, if inconsistent, then set up the flow process of setting up of module end session by described end session.
16. communication terminal as claimed in claim 10 is characterized in that, described communication terminal also comprises:
Request sending module is used to send conversation request message, and this request message carries the original identity token of this communication terminal, all carries described identity token to allow session set up in the message of each jumping in the process;
The identity token receiver module is used to receive the identity token that response source is beamed back;
Described evaluation module comprises:
The 6th judge module, be used for judging whether response message carries identity token, if, then judge further by the 7th judge module whether the identity token that carries in the response message is consistent with the original identity token of communication terminal, if not, then set up the flow process of setting up of module end session by described end session;
Described the 7th judge module, be used for judging whether the identity token that response message carries is consistent with the original identity token of communication terminal, if consistent, then set up module by described session and sets up session, if inconsistent, then set up the flow process of setting up of module end session by finishing described session.
17. communication terminal as claimed in claim 10 is characterized in that, described communication terminal also comprises:
Request sending module is used to send conversation request message, and this request message carries the original identity token of this communication terminal, all carries this identity token to allow session set up in the message of each jumping in the process;
The identity token receiver module is used to receive the identity token that response source is beamed back;
Described evaluation module comprises:
The 4th judge module, be used to judge whether the address of response source belongs to the address of the default non-trusted source of communication terminal, if, then set up the flow process of setting up of module end session by described end session, if not, then further judge whether carry identity token in the response message by the 6th judge module;
Described the 6th judge module, be used for judging whether response message carries identity token, if, then judge further by the 7th judge module whether the identity token that carries in the response message is consistent with the original identity token of communication terminal, if not, then set up the flow process of setting up of module end session by described end session;
Described the 7th judge module, be used for judging whether the identity token that response message carries is consistent with the original identity token of communication terminal, if it is consistent, then to set up address, session side identical with expectation in the address of further judging response source by first judge module, if inconsistent, then set up the flow process of setting up of module end session by described end session;
Described first judge module, to set up address, session side identical with expectation in the address that is used to judge response source, if then set up module by session and set up session, if not, then judge further by second judge module whether communication terminal only is ready that setting up session side with expectation sets up session;
Described second judge module is used to judge whether communication terminal only is ready that setting up session side with expectation sets up session, if not, then set up module and set up session, if then set up the flow process of setting up of module end session by end session by session.
18., it is characterized in that described communication terminal also comprises as claim 16 or 17 described communication terminals:
Encrypting module is used for original identity token is encrypted;
Deciphering module, be used for working as the judged result of described the 6th judge module for sometimes, the identity token after described encrypting module is encrypted that receives is decrypted, judges further by described the 7th judge module whether the identity token that carries in the response message is consistent with the original identity token of communication terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100769413A CN101123504A (en) | 2007-09-04 | 2007-09-04 | Certification method for communication terminal and response source |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100769413A CN101123504A (en) | 2007-09-04 | 2007-09-04 | Certification method for communication terminal and response source |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101123504A true CN101123504A (en) | 2008-02-13 |
Family
ID=39085693
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100769413A Pending CN101123504A (en) | 2007-09-04 | 2007-09-04 | Certification method for communication terminal and response source |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101123504A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101527632B (en) * | 2008-03-06 | 2011-12-28 | 华为技术有限公司 | Method, device and system for authenticating response messages |
| CN110460674A (en) * | 2019-08-21 | 2019-11-15 | 中国工商银行股份有限公司 | A kind of information-pushing method, apparatus and system |
-
2007
- 2007-09-04 CN CNA2007100769413A patent/CN101123504A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101527632B (en) * | 2008-03-06 | 2011-12-28 | 华为技术有限公司 | Method, device and system for authenticating response messages |
| CN110460674A (en) * | 2019-08-21 | 2019-11-15 | 中国工商银行股份有限公司 | A kind of information-pushing method, apparatus and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109302412B (en) | VoIP communication processing method based on CPK, terminal, server and storage medium | |
| US8214649B2 (en) | System and method for secure communications between at least one user device and a network entity | |
| RU2406251C2 (en) | Method and device for establishing security association | |
| US8639929B2 (en) | Method, device and system for authenticating gateway, node and server | |
| CN102868665B (en) | The method of data transmission and device | |
| US8468347B2 (en) | Secure network communications | |
| US8683194B2 (en) | Method and devices for secure communications in a telecommunications network | |
| US7764945B2 (en) | Method and apparatus for token distribution in session for future polling or subscription | |
| CN111935693B (en) | Bluetooth device connection method and Bluetooth device | |
| JP2012110009A (en) | Methods and arrangements for secure linking of entity authentication and ciphering key generation | |
| CN112491550B (en) | Mobile terminal equipment credibility authentication method and system based on Internet of vehicles | |
| CN103795966B (en) | A kind of security video call implementing method and system based on digital certificate | |
| CN111756726A (en) | SIP security authentication method supporting State cipher algorithm | |
| US20070288744A1 (en) | Method of Secure Communication Between Endpoints | |
| WO2012024905A1 (en) | Method, terminal and ggsn for encrypting and decrypting data in mobile communication network | |
| CN1881869B (en) | Method for realizing encryption communication | |
| KR101016277B1 (en) | Method and apparatus for sip registering and establishing sip session with enhanced security | |
| CN114826659A (en) | Encryption communication method and system | |
| KR20070006913A (en) | Fast and secure connectivity for a mobile node | |
| CN106209384B (en) | Use the client terminal of security mechanism and the communication authentication method of charging unit | |
| CN114928503B (en) | Method for realizing secure channel and data transmission method | |
| CN101123504A (en) | Certification method for communication terminal and response source | |
| CN112073370B (en) | Client encryption communication method | |
| CN116346505B (en) | Internet of things data security communication method, system and computer readable storage medium | |
| KR0175458B1 (en) | Outgoing and called party handling method for legitimate user authentication in integrated telecommunication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20080213 |