CN101227474A - Method for identifying authority of conversation initialized protocol user in soft switching network - Google Patents
Method for identifying authority of conversation initialized protocol user in soft switching network Download PDFInfo
- Publication number
- CN101227474A CN101227474A CNA2008100068437A CN200810006843A CN101227474A CN 101227474 A CN101227474 A CN 101227474A CN A2008100068437 A CNA2008100068437 A CN A2008100068437A CN 200810006843 A CN200810006843 A CN 200810006843A CN 101227474 A CN101227474 A CN 101227474A
- Authority
- CN
- China
- Prior art keywords
- authentication
- response value
- authentication response
- message
- softswitch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an SIP user authentication process in a soft switch network, which comprises an SIP user send the first registration request message to a soft switch device in the own region, the soft switch produces a random number after receiving the first registration request message and delivers a non authentication message which carries the random number to the SIP user, the SIP user produces the first authentication response value according to the random number and an authentication key, and delivers the first authentication response value and the second registration message to the soft switch device, the soft switch device delivers the authentication message to an intelligent home location register which produces the second authentication response value according to the authentication message and the authentication key which is stored in the intelligent home location register, and delivers the second authentication response value to the soft switch device, and the soft switch device compares the first authentication response value and the second response value, and judges whether the authentication is successful or not according to the compared result. The invention solves the registration authentication of the SIP use under the soft switching.
Description
Technical field
The present invention relates to fixed network NGN field, particularly conversation initialized protocol user's method for authenticating in the NGN network under the intelligent network background.
Background technology
Communication network is experiencing a change, develops to the NGN of all-IP (NextGeneration Network) network from the PSTN network of traditional TDM (Time DivisionMultiplexing, time division multiplexing).The important feature of NGN network is carried (MAG-Media Access Gateway) exactly and is separated with control (MGC-Media GatewayControl), and can manage the broadband sip user, realizes the business of wide band.
Because the successful transformation of intelligent network, PSTN (Public Switched TelephoneNetwork, Public Switched Telephone Network), AG (Access gateway, IAD), SIP (Session Inition protocol, conversation initialized protocol) user data is concentrated at SHLR (Smart Home Location Register, Smart Home Location Register) and is managed.On the NGN network, its sip user storage is at SHLR, and SHLR also preserves the authorization data of sip user simultaneously.
The authentication of traditional fixed network sip user, between soft switch SS (registrar, acting server) and terminal, carry out, require registrar (Softswitch) to have this user's authorization data, and after the intellectuality of fixed network flexible exchanging network, user data comprises authorization data, all by the SHLR centralized management, so independently registrar can't be finished the authentication of sip user.
For addressing this problem, need be in Softswitch and SHLR device extension MAP signaling, make fixed network sip user mutual by with SHLR, realize the authentication of fixed network sip user.
Summary of the invention
The technical problem to be solved in the present invention provides the method for authenticating of sip user in a kind of intelligent network NGN network.
The present invention deposits the KI of fixed network sip user by SHLR, produce random number by SS, and obtain authenticating result that SHLR calculates alternately and by SS comparison terminal and SHLR result calculated by the MAP authentication message, and the then terminal authentication success of comparative result unanimity, inconsistent then terminal authentication is failed.
According to the present invention, the method for authenticating of the sip user in a kind of flexible exchanging network is provided, may further comprise the steps: step 1, sip user Softswitch in territory under it sends first login request message; Step 2, after receiving first login request message, Softswitch produces a random number, and sends the not authentication message that carries random number to sip user; Step 3, sip user produces the first Authentication Response value according to the KI of random number and its storage, and sends the first Authentication Response value and second login request message to Softswitch; Step 4, receive second login request message after, Softswitch sends authentication message to Smart Home Location Register; Step 5, Smart Home Location Register produces the second Authentication Response value, and the second Authentication Response value is sent to Softswitch according to authentication message and the KI that is stored in the Smart Home Location Register; And step 6, Softswitch is the first Authentication Response value and the second Authentication Response value relatively, and judge according to comparative result whether authentication is successful.
Step 3 may further comprise the steps: after receiving not authentication message, sip user obtains or produces unified resource sign, user name, authentication parameter automatically, and according to unified resource sign, user name, authentication parameter, with the KI that is stored in the sip user, produce the first Authentication Response value according to pre-defined algorithm; And sip user sends the first Authentication Response value and second login request message to Softswitch.
Carry a plurality of parameters in the authentication message.
Step 5 may further comprise the steps: Smart Home Location Register is according to a plurality of parameters in the authentication message and be stored in KI in the Smart Home Location Register, produces the second Authentication Response value according to pre-defined algorithm; And Smart Home Location Register is sent to Softswitch with the second Authentication Response value.
Step 6 may further comprise the steps: Softswitch is the first Authentication Response value and the second Authentication Response value relatively; If the first Authentication Response value equates that with the second Authentication Response value Softswitch sends success message to sip user, authentication is passed through; If or the first Authentication Response value and the second Authentication Response value are unequal, failed authentication.
A plurality of parameters of carrying in the authentication message comprise: random number, unified resource sign, user name, authentication parameter.
Pre-defined algorithm is MD 5 algorithms by RFC 2617 definition.
The present invention has effectively solved under the intelligent network NGN network, the register and authentication of sip user under the soft switch.
When sip user is the fixed network sip user, step 4 is further comprising the steps of: Softswitch is to MAP (Mobile Application Part, MAP) agreement is expanded, so that the fixed network sip user is by realizing authentication to the fixed network sip user alternately with Smart Home Location Register.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 shows the flow chart according to the sip user method for authenticating in the flexible exchanging network of the present invention;
Fig. 2 shows the system construction drawing according to the sip user authentication that is used for flexible exchanging network of the embodiment of the invention; And
Fig. 3 shows the flow chart according to the sip user method for authenticating in the flexible exchanging network of the embodiment of the invention.
Embodiment
Describe embodiments of the invention in detail below in conjunction with accompanying drawing.
Fig. 1 shows the flow chart according to the sip user method for authenticating in the flexible exchanging network of the present invention.With reference to Fig. 1, may further comprise the steps according to the sip user method for authenticating in the flexible exchanging network of the present invention: step S102, sip user Softswitch in territory under it sends first login request message; Step S104, after receiving first login request message, Softswitch produces a random number, and sends the not authentication message that carries random number to sip user; Step S106, sip user produces the first Authentication Response value according to the KI of random number and its storage, and sends the first Authentication Response value and second login request message to Softswitch; Step S108, receive second login request message after, Softswitch sends authentication message to Smart Home Location Register; Step S110, Smart Home Location Register produces the second Authentication Response value, and the second Authentication Response value is sent to Softswitch according to authentication message and the KI that is stored in the Smart Home Location Register; And step S112, Softswitch is the first Authentication Response value and the second Authentication Response value relatively, and judge according to comparative result whether authentication is successful.
Step S106 may further comprise the steps: after receiving not authentication message, sip user obtains or produces uri, Username, realm, cnonce, noncecount parameter automatically, and according to these parameters and random number, Qop value be stored in KI in the sip user, produce the first Authentication Response value according to pre-defined algorithm; And sip user sends the first Authentication Response value and second login request message to Softswitch.
Carry a plurality of parameters in the authentication message.
Step S110 may further comprise the steps: Smart Home Location Register is according to a plurality of parameters in the authentication message and be stored in KI in the Smart Home Location Register, produces the second Authentication Response value according to pre-defined algorithm; And Smart Home Location Register is sent to Softswitch with the second Authentication Response value.
Step S112 may further comprise the steps: Softswitch is the first Authentication Response value and the second Authentication Response value relatively; If the first Authentication Response value equates that with the second Authentication Response value Softswitch sends success message to sip user, authentication is passed through; If or the first Authentication Response value and the second Authentication Response value are unequal, failed authentication.
A plurality of parameters of carrying in the authentication message comprise: random number, username, realm, uri, cnonce, Qop, method and noncecount parameter.
Pre-defined algorithm is the MD5 algorithm by the RFC2617 definition.
When sip user was the fixed network sip user, step S108 was further comprising the steps of: Softswitch is expanded the MAP signaling, so that the fixed network sip user is by realizing authentication to the fixed network sip user alternately with Smart Home Location Register.
Fig. 2 is under the NGN network environment, the system configuration schematic diagram of fixed network sip user, and as shown in Figure 2, native system comprises Smart Home Location Register (SHLR), soft switch (SS), sip user.In native system, adopt between sip user and the SS and adopt the MAP signaling link between SIP (Session InitiationProtocol, session initiation protocol) intercommunication, SHLR and SS.
In native system, to the SHLR database expand, MAP (MobileApplication Part, MAP) signaling is expanded, and supports deposit data with the fixed network sip user in the SHLR customer data base, and realizes the authentication of fixed network sip user by the MAP interacting message.
Specifically, move on on all among the SHLR after the management in all data of sip user, the authentication operations of sip user in SS (registrar) registration process, need SS to send the authentication request operation to SHLR, SHLR sends to SS according to the random number that the key of storing in the database and SS bring with the value of calculating, compare sip terminal and SHLR result calculated by SS, if consistent, authentication is passed through, inconsistent then failed authentication.
Fig. 3 is a fixed network sip user register and authentication step of the present invention, this Figure illustrates the flow process of sip user success authentication and registration, and it may further comprise the steps:
Step S302, sip user is initiated register requirement to the registrar (SS) in affiliated territory;
Step S304, soft switch is as registrar, for sip user produces the random number nonce that authentication is used;
Step S306, sip terminal receives 401 not after the authentication, automatically obtain or produce uri, Username, realm, cnonce, noncecount, simultaneously according to the user cipher of storing on the nonce value in network side 401 message, Qop value and the terminal, MD5 algorithm computation by the RFC2617 definition goes out an Authentication Response response, sends login request message to registrar again;
Step S308, soft switch sends Send_Auth_Info message to SHLR, and MAP is expanded, and carries username, realm, nonce, uri, cnonce in the message, Qop, method, parameters such as noncecount;
Step S310, the username that SHLR provides according to soft switch, realm, nonce, uri, cnonce, Qop, method, the user cipher of noncecount and SHLR storage, draw Response after the MD5 algorithm computation according to the RFC2617 definition, give soft switch by the Send_Auth_Info_Ack loopback the Response parameter; And
Step S312, after the SAI_ACK of SHLR is received in soft switch, the Response value of comparison terminal side and SHLR side, if equate then be legitimate messages, soft switch is returned 200OK to sip terminal, the authentication success.
As follows for an application example:
Suppose sip user A:801020800001@1.1.1.1, the register and authentication step is as follows:
(1) sip user is initiated register requirement to the registrar in affiliated territory;
(2) soft switch is as registrar, and for sip user produces the random number " ca019edffb7551683c2136eb2dd10537 " that authentication is used, with " nonce " (annotating 1) sign, the lifetime of nonce can dispose on registrar, 2~60 seconds.Registrar returns 401 response messages to sip terminal;
SIP/2.0401Unauthorized
From:sip:801020800001@1.1.1.1;tag=25486
To:sip:801020800001@1.1.1.1;tag=254863455
Via:SIP/2.0/UDP?1.1.1.100:5060;branch=z9hG4bK1063644978
CSeq:1REGISTER
Call-ID:10000000@1.1.1.100
WWW-Authenticate:Digest?realm=″1.1.1.1″,
nonce=″ca019edffb7551683c2136eb2dd10537″,stale=FALSE,algorithm=MD5,QoP=Auth
Content-Length:0
(3) after sip terminal receives 401, automatically obtain or produce uri=" sip:801020800001@1.1.1.1 ", Username=" 801020800001 ", realm=" 1.1.1.1 ", cnonce=" 123412341 ", noncecount=" 000001 " (annotating 1), simultaneously according to the user cipher of storing on the nonce value in network side 401 message, qop value and the terminal, MD5 algorithm computation by the RFC2617 definition goes out an Authentication Response response=" dffb7551683c2136e ", again send login request message to registrar, as follows:
REGISTER?sip:1.1.1.1SIP/2.0.
From:sip:801020800001@1.1.1.1;tag=25ER486
To:sip:801020800001@1.1.1.1
CSeq:2REGISTER
Call-ID:10000000@1.1.1.100
Via:SIP/2.0/UDP?1.1.1.10:5060;branch=z9hG4bK1063644978
Maxforward:70
Contact:sip:801020800001@1.1.1.100:5060
Expires:3600
WWW-Authorization:Digestusername=″801020800001″,realm=″1.1.1.1″,
nonce=″ca019edffb7551683c2136eb2dd10537″,uri=“sip:801020800001@1.1.1.1”,cnonce=”123412341”,qop=”Auth”,noncecount=”0000001”,response=“dffb7551683c2136e”
Content-Length:0
(4) soft switch sends Send_Auth_Inro message to SHLR, carries username, realm, nonce, uri, cnonce in the message, Qop, method, parameters such as noncecount;
(5) username, the realm, nonce, uri, the cnonce that provide according to soft switch of SHLR, Qop, method, the user cipher of noncecount and SHLR storage, draw Response after the MD5 algorithm computation according to the RFC2617 definition, give soft switch by the Send_Auth_Info_Ack loopback the Response parameter; And
(6) after the SAI_ACK of SHLR is received in soft switch, the Response value of comparison terminal side and SHLR side, if equate then be legitimate messages, soft switch is returned 200OK to sip terminal, the authentication success.200OK message is as follows:
SIP/2.0200OK
From:sip:801020800001@1.1.1.1;tag=25ER486
To:sip:801020800001@1.1.1.1;tag=2343244332
CSeq:2REGISTER
Call-ID:10000000@1.1.1.10
Via:SIP/2.0/UDP?1.1.1.10:5060;branch=z9hG4bK1063644978
Contact:sip:801020800001@1.1.1.100:5060
Expires:3600
The present invention has effectively solved under the intelligent network NGN network, the register and authentication of sip user under the soft switch.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. the method for identifying authority of conversation initialized protocol user in the flexible exchanging network is characterized in that, may further comprise the steps:
Step 1, the Softswitch in territory sends first login request message under the described conversation initialized protocol user Xiang Qi;
Step 2, after receiving described first login request message, described Softswitch produces a random number, and sends the not authentication message that carries described random number to described conversation initialized protocol user;
Step 3, described conversation initialized protocol user produces the first Authentication Response value according to the KI of described random number and its storage, and sends the described first Authentication Response value and second login request message to described Softswitch;
Step 4, receive described second login request message after, described Softswitch sends authentication message to Smart Home Location Register;
Step 5, described Smart Home Location Register produces the second Authentication Response value, and the described second Authentication Response value is sent to described Softswitch according to described authentication message and the KI that is stored in the described Smart Home Location Register; And
Step 6, described Softswitch is the first Authentication Response value and the described second Authentication Response value relatively, and judges according to comparative result whether authentication is successful.
2. method according to claim 1 is characterized in that, described step 3 may further comprise the steps:
After receiving described not authentication message, described conversation initialized protocol user obtains or produces unified resource sign, user name, authentication parameter automatically, and according to described unified resource sign, described user name, described authentication parameter and described random number be stored in KI among the described conversation initialized protocol user, produce the first Authentication Response value according to pre-defined algorithm; And
Described conversation initialized protocol user sends the described first Authentication Response value and second login request message to described Softswitch.
3. method according to claim 2 is characterized in that, carries a plurality of parameters in the described authentication message.
4. method according to claim 3 is characterized in that, described step 5 may further comprise the steps:
Described Smart Home Location Register is according to the described a plurality of parameters in the described authentication message and be stored in described KI in the described Smart Home Location Register, produces the second Authentication Response value according to described pre-defined algorithm; And
Described Smart Home Location Register is sent to described Softswitch with the described second Authentication Response value.
5. method according to claim 4 is characterized in that, described step 6 may further comprise the steps:
Described Softswitch is the first Authentication Response value and the described second Authentication Response value relatively;
If the described first Authentication Response value equates with the described second Authentication Response value, described Softswitch sends success message to described conversation initialized protocol user, authentication is passed through, if described first Authentication Response value and the described second Authentication Response value are unequal, and failed authentication.
6. method according to claim 5 is characterized in that, described a plurality of parameters of carrying in the described authentication message comprise: described random number, described user name, described unified resource sign and described authentication parameter.
7. method according to claim 6 is characterized in that, described pre-defined algorithm is the MD5 algorithm by the RFC2617 definition.
8. method according to claim 2 is characterized in that, when described conversation initialized protocol user was fixed network conversation initialized protocol user, described step 4 was further comprising the steps of:
Described Softswitch is expanded the MAP signaling, so that described fixed network conversation initialized protocol user is by realizing authentication to described fixed network conversation initialized protocol user alternately with described Smart Home Location Register.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100068437A CN101227474A (en) | 2008-02-01 | 2008-02-01 | Method for identifying authority of conversation initialized protocol user in soft switching network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100068437A CN101227474A (en) | 2008-02-01 | 2008-02-01 | Method for identifying authority of conversation initialized protocol user in soft switching network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101227474A true CN101227474A (en) | 2008-07-23 |
Family
ID=39859224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100068437A Pending CN101227474A (en) | 2008-02-01 | 2008-02-01 | Method for identifying authority of conversation initialized protocol user in soft switching network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101227474A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521667B (en) * | 2009-04-15 | 2012-04-04 | 山东渔翁信息技术股份有限公司 | Method and device for safety data communication |
| CN102474509A (en) * | 2009-07-07 | 2012-05-23 | 阿尔卡特朗讯公司 | Efficient key management system and method |
| CN102823222A (en) * | 2010-02-01 | 2012-12-12 | 法国电信公司 | Method for identifying and authenticating rfid tag by reader |
| CN103401869A (en) * | 2013-07-31 | 2013-11-20 | 常州北大众志网络计算机有限公司 | Automatic account logging method |
| WO2014114088A1 (en) * | 2013-01-25 | 2014-07-31 | 中兴通讯股份有限公司 | Method and service platform for implementing broadband service function in next generation network (ngn) |
| CN101697542B (en) * | 2009-10-19 | 2015-01-28 | 中兴通讯股份有限公司 | Authentication method, soft switch and terminal |
| CN114143334A (en) * | 2021-12-03 | 2022-03-04 | 爱信诺征信有限公司 | Terminal control method and device |
-
2008
- 2008-02-01 CN CNA2008100068437A patent/CN101227474A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521667B (en) * | 2009-04-15 | 2012-04-04 | 山东渔翁信息技术股份有限公司 | Method and device for safety data communication |
| CN102474509A (en) * | 2009-07-07 | 2012-05-23 | 阿尔卡特朗讯公司 | Efficient key management system and method |
| CN102474509B (en) * | 2009-07-07 | 2016-05-11 | 阿尔卡特朗讯公司 | efficient key management system and method |
| CN101697542B (en) * | 2009-10-19 | 2015-01-28 | 中兴通讯股份有限公司 | Authentication method, soft switch and terminal |
| CN102823222A (en) * | 2010-02-01 | 2012-12-12 | 法国电信公司 | Method for identifying and authenticating rfid tag by reader |
| CN102823222B (en) * | 2010-02-01 | 2016-08-17 | 法国电信公司 | For the method being identified and verifying RFID tags by reader |
| WO2014114088A1 (en) * | 2013-01-25 | 2014-07-31 | 中兴通讯股份有限公司 | Method and service platform for implementing broadband service function in next generation network (ngn) |
| CN103973913A (en) * | 2013-01-25 | 2014-08-06 | 中兴通讯股份有限公司 | Method and service platform for achieving broadband service function under NGN |
| CN103401869A (en) * | 2013-07-31 | 2013-11-20 | 常州北大众志网络计算机有限公司 | Automatic account logging method |
| CN114143334A (en) * | 2021-12-03 | 2022-03-04 | 爱信诺征信有限公司 | Terminal control method and device |
| CN114143334B (en) * | 2021-12-03 | 2024-04-09 | 爱信诺征信有限公司 | Terminal control method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8364121B2 (en) | Method of authentication in IP multimedia subsystem | |
| US7813509B2 (en) | Key distribution method | |
| US20100153726A1 (en) | Authentication method, system, and apparatus thereof for inter-domain information communication | |
| Lin et al. | One-pass GPRS and IMS authentication procedure for UMTS | |
| US9270453B2 (en) | Local security key generation | |
| CN102025718B (en) | SIP endpoint enhancer | |
| US8549132B2 (en) | Apparatus and method for managing a network | |
| CN101227474A (en) | Method for identifying authority of conversation initialized protocol user in soft switching network | |
| CN114553422B (en) | VoLTE voice encryption communication method, terminal and system | |
| CN102273238A (en) | Creating a globally unique identifier of a subscriber device | |
| US8284935B2 (en) | Method, devices and computer program product for encoding and decoding media data | |
| US20090300197A1 (en) | Internet Protocol Communication System, Server Unit, Terminal Device, and Authentication Method | |
| CN105307144B (en) | A kind of register method, method of calling, application server and network domain arrangement | |
| US20130091546A1 (en) | Transmitting Authentication Information | |
| CN101127722A (en) | Processing method after core network restart/failure recovery | |
| CN108833943A (en) | The encrypted negotiation method, apparatus and conference terminal of code stream | |
| CN101668016A (en) | Authentication method and device | |
| CN107172099B (en) | Secret key configurable system and method in MMtel application server | |
| JP4778282B2 (en) | Communication connection method, system, and program | |
| CN102144380A (en) | End-to-end address transfer | |
| CN101098336B (en) | IMS terminal configuration server and IMS localization entry point detecting method | |
| WO2007090320A1 (en) | A user identity system and method for registering and configuring the service and route | |
| CN101155336B (en) | Method and system for implementing message system user roaming | |
| CN101052056B (en) | Soft exchanging system and power identifying processing method for call business | |
| CN101621501B (en) | User registration control method and session functional control entity of communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080723 |