CN101527632B - Method, device and system for authenticating response messages - Google Patents
Method, device and system for authenticating response messages Download PDFInfo
- Publication number
- CN101527632B CN101527632B CN2008101014631A CN200810101463A CN101527632B CN 101527632 B CN101527632 B CN 101527632B CN 2008101014631 A CN2008101014631 A CN 2008101014631A CN 200810101463 A CN200810101463 A CN 200810101463A CN 101527632 B CN101527632 B CN 101527632B
- Authority
- CN
- China
- Prior art keywords
- response message
- message
- information
- signature
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to a method, a device and a system for authenticating response messages. The method for authenticating the response messages comprises the following steps: forwarding a received request message comprising a preset label; receiving the forwarded request message and transmitting the request message; receiving a returned response message, authenticating a terminal transmitting the response message, inserting a generated signature comprising information which identifies true entity initiating the response message and certificate information into the response message, and forwarding the response message; and removing the signature and the certificate information in the response message and transmitting the response message. The method, the device and the system for authenticating the response messages can better realize effective authentification of the response messages of a message receiving terminal by a message request terminal.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of response message authentication method, Apparatus and system.
Background technology
In order to guarantee the fail safe in the communication process, for example, do not intercepted and captured in order to ensure the message that message request side sends by the terminal of malice, message receiver need authenticate message requesting party's identity, simultaneously, do not transferred the call to some illegal entities and then message request side and illegal entity by the indication of the acting server of malice in order to ensure message request side and converse, message request side need authenticate the identity of message receiver.
At present, session initiation protocol (SIP, Session Initiation Protocol) mode that communicating pair authenticates in mainly contains summary (Digest) authentication, Transport Layer Security (TLS, Transport LayerSecurity), safety multi-purpose way the Internet email extension protocol (S/MIME, Secure MultipurposeInternet Mail Extension) etc., but all there are some defectives in these methods: for example, Digest can only be used for both sides to be had under the situation of shared key, TLS and S/MIME require to use user certificate, but actual conditions are few end users the certificate of oneself is arranged, so in order to solve the authentication of SIP communicating pair, especially the not authentication under the situation in same territory of communicating pair, the Internet engineering duty group (IETF, TheInternet Engineering Task Force) the authentication identification management (rfc4474) of SIP group has proposed a kind of scheme: the acting server (proxy) by requestor's home domain uses Digest that it is authenticated, and this proxy uses the certificate in territory that the requestor's identity in the request message and other relevant informations are signed then; The proxy of recipient or recipient's home domain verifies this signature then, and if the verification passes and credential request person proxy, then authentication is passed through.
But, what such scheme solved is the authentication of request message, it is the authentication of unresolved response message also, because response message is more than the request message complexity, the sender of response message is the represented entity of To value in the response message not necessarily, the neither one field can accurately identification response message the sender, mainly show following two aspects:
1) some response message is that proxy sends out, as the Temporary Response of 1xx, and redirected (redirection) message of 3xx;
2) its To value of message that is redirected (retarget) can't change because of being redirected.
Summary of the invention
The embodiment of the invention provides a kind of response message authentication method, Apparatus and system, to realize the effective authentication of message request terminal to the response message of message receiving terminal.
The embodiment of the invention provides a kind of response message authentication method, and this method specifically comprises:
The request message that comprises preset label that forwarding receives;
Receive the described request information and sending of transmitting;
The response message that reception is returned, and authentication response message transmission terminal are inserted in this response message the comprise signature and the certificate information that identify the information of initiating described response message real entities that generates and transmission;
Described signature in the described response message and certificate information are removed and send.
The embodiment of the invention also provides a kind of response message authentication method, and this method specifically comprises:
The request message that comprises preset label that forwarding receives;
Be inserted in the response message signature and the certificate information that comprise sign initiation response message real entities information that generate and transmission;
Described signature in the described response message and certificate information are removed and send.
The embodiment of the invention provides a kind of response message Verification System, and this system specifically comprises requester agent server and recipient's acting server, and wherein, described request side's acting server comprises:
The request message retransmission unit is used to transmit the request message that comprises preset label that receives;
The response message receiving element is used for that receiving belt bears the signature and the response message of certificate information and transmitting;
The response authentication unit is used to receive the response message that has signature and certificate information that the response message receiving element is transmitted, and verifies whether described response message is legal, then described signature and certificate information is removed and transmits as if legal;
Described recipient's acting server comprises:
The request message adapter unit is used to receive the request message that the request message retransmission unit is transmitted;
The request message processing unit is used for judging whether that according to the request message that receives needs return redirect response message, and when not needing to return redirect response message, request message is handled and sent;
Be redirected the unit, be used for when needs return response message, send the response message that comprises the described response message real entities information of sign initiation;
Authentication ' unit is used to receive the response message that returns, and whether authenticate described response message legal, if legal then the transmission comprises the response message that sign is initiated described response message real entities information;
Signature unit is used for the information of the described response message real entities of sign initiation is signed, and is inserted in the response message described signature and certificate information and transmission.
The embodiment of the invention provides a kind of response message authenticate device, and this device specifically comprises:
Retransmission unit is used to transmit the request message that comprises preset label that receives;
Receiving element is used to receive the described request information and sending of forwarding;
The success message transmitting element receives the response message that returns, and authentication response message transmission terminal, is inserted in this response message the comprise signature and the certificate information that identify the information of initiating described response message real entities that generates and transmission;
The success message retransmission unit removes described signature in the described response message and certificate information and send.
The embodiment of the invention also provides a kind of response message authenticate device, and this device specifically comprises:
Retransmission unit is used to transmit the request message that comprises preset label that receives;
Transmitting element, the signature and the certificate information that comprise sign initiation response message real entities information that are used for generating are inserted into response message and transmission;
The success message retransmission unit is used for the described signature and the certificate information of described response message are removed and send.
Above-mentioned response message authentication method, Apparatus and system, by using SIP extension tag response-p-auth to make the requesting terminal can require the receiving terminal acting server that receiving terminal is authenticated, by the information of identification response message promoter true identity is set in response message, can allow the requestor know the entity that communicates with, allow the requestor determine the entity that the entity that communicates with is exactly in the response message to be claimed by signature, thereby can realize of the effective authentication of message request terminal preferably the response message of message receiving terminal to true response entity information.
Description of drawings
Fig. 1 is the signaling process figure of response message authentication method embodiment one of the present invention;
Fig. 2 is the signaling process figure of response message authentication method embodiment two of the present invention;
Fig. 3 is the signaling process figure of response message authentication method embodiment three of the present invention;
Fig. 4 is the signaling process figure of response message authentication method embodiment four of the present invention;
Fig. 5 is the flow chart of response message authentication method embodiment one of the present invention;
Fig. 6 is the flow chart of response message authentication method embodiment two of the present invention;
Fig. 7 is the structural representation of response message Verification System embodiment of the present invention;
Fig. 8 is the structural representation of response message authenticate device embodiment one of the present invention;
Fig. 9 is the structural representation of response message authenticate device embodiment two of the present invention.
Embodiment
As shown in Figure 1, be the signaling process figure of response message authentication method embodiment one of the present invention, this method specifically comprises:
Step 101, requesting terminal send the request message that comprises preset label to the requester agent server;
Comprise header field Require:respond-p-auth in the request message, suppose that above-mentioned requesting terminal is Alice, the requester agent server is Proxy A, and receiving terminal is Bob, and recipient's acting server is Proxy B, and this request message is specially:
INVITE?sip:bobbiloxi.example.com?SIP/2.0
Via:SIP/2.0/TCP?client.atlanta.example.com:5060;branch=z9hG4bK74bf9
Require:response-p-auth
From:Alice<sip:aliceatlanta.example.com>;tag=9fxced76sl
To:Bob<sip:bobbiloxi.example.com>
Call-ID:3848276298220188511atlanta.example.com
CSeq:1?INVITE
Contact:<sip:aliceclient.atlanta.example.com;transport=tcp>
This request message represents that requesting party's (represented by the From field, i.e. Alice<sip:aliceatlanta.example.com 〉) sends one to recipient's (represented by the To field, i.e. Bob<sip:bobbiloxi.example.com 〉) and invites request Invite; Wherein, in this request message, represent that by preset label Require:response-p-auth the requesting party requires recipient's acting server that the response message of recipient in its territory is authenticated;
The request message that step 102, requester agent server will comprise preset label is forwarded to recipient's acting server;
Step 103, recipient's acting server are inserted challenge information in the request message of transmitting, and the request message that will contain challenge information is sent to receiving terminal;
The above-mentioned request message that contains challenge information is specially:
INVITE?sip:bobclient.biloxi.example.com?SIP/2.0
… …
Require:response-p-auth
… …
Proxy-Authenticate:Digest?realm=″biloxi.example.com″,qop=″auth″,
nonce=″wf84flceczx41ae6cbe5aea9c8e88d359″,
opaque=″″,stale=FALSE,algorithm=MD5
The Proxy-Authenticate field is represented challenge information, the information that described challenge information comprises is consistent with digest authentication regulation among the existing SIP, wherein nonce is the random number of recipient's acting server generation, and realm is the domain name of recipient's acting server;
Step 104, receiving terminal return the response message that has challenge responses information;
After receiving terminal is received the request message that contains challenge information, after request message finished dealing with, in response message, add the challenge responses information Proxy-Authorization that generates according to challenge information; Include the digest value that the nonce value in receiving terminal user name username, receiving terminal password and the described challenge information generates in the challenge responses information, this digest value is placed in the response attribute.Wherein user name username must be the true ID of receiving terminal oneself; Rather than the ID that comprises for the To field in the request message of receiving terminal of the recipient's server forwards described in the step 103;
The above-mentioned response message that has challenge responses information that returns is specially:
… …
Proxy-Authorization:Digest?username=″bob″,realm=″biloxi.example.com″,
nonce=″wf84flceczx41ae6cbe5aea9c8e88d359″,opaque=″″,uri=″sip:bobbiloxi.example.com″,
response=″42ce3cef44b22f50c6a6071bc8″
In the above-mentioned message, the SIP URI of uri attribute representation receiving terminal adds that by user name the acting server domain name in territory is formed under the user.
Step 105, recipient's acting server are checked challenge responses message, if check by then insert oneself signature and certificate information in response message;
Recipient's acting server checks at first whether the receiving terminal ID in the challenge responses message belongs to this territory user, and promptly whether the domain name part among the uri is consistent with this acting server domain name; If consistent, then the digest value among the response is verified with the verification method of challenge responses in the existing Session Initiation Protocol.
If the verification passes, the SIP URI that then represents among the uri is set to the value of RespID as real response message transmit leg, generate signature then, the signature value is put into the Identity field, RespID, certificate deposit position and signature algorithm are put into the Identity-info field this value;
Message behind the signature of above-mentioned insertion oneself in response message is specially:
… …
Identity:
″ZYNBbHC00VMZr2kZt6VmCvPonWJMGvQTBDqghoWeLxJfzB2a1pxAr3VgrBOSsSAaifsRdiOPoQZYOy2wrVghuhcsMbHWUSFxI6p6q5TOQXHMmz6uEo3svJsSH49thyGnFVcnyaZ++yRlBYYQTLqWzJ+KVhPKbfU/pryhVn9Yc6U=″
Identity-Info:<https://biloxi.example.com/biloxi.cer>;alg=rsa-shal;
RespID=bobbiloxi.example.com
If step 106, requester agent server authentication certificate and signature by then removing Identity and Identity-Info, are sent to the requesting terminal with response message then.
Above-mentioned response message authentication method, by using SIP extension tag response-p-auth to make the requesting terminal can require recipient's acting server that receiving terminal is authenticated, by the information of identification response message promoter true identity is set in recipient's response message, can allow the requestor know the entity that communicates with, can be so that the requestor determine the response entity that the entity that communicates with is exactly in response message to be claimed by recipient's acting server to the signature of true response entity information, thus can realize of the effective authentication of message request terminal preferably to message receiving terminal response message.
As shown in Figure 2, signaling process figure for response message authentication method embodiment two of the present invention, that the signaling process figure of this signaling process figure and response message authentication method embodiment one of the present invention is different is step 205-206, step 205 sends BYE message to receiving terminal earlier for after recipient's acting server checks the challenge responses message failure; Step 206 recipient acting server sends 440 Response Authentication Failed information for the requester agent server; Step 207 requester agent server sends 440 Response Authentication Failed information to the requesting terminal.
Above-mentioned response message authentication method, described preferably at the interaction flow between requesting terminal, requester agent server, recipient's acting server and the receiving terminal under the situation of recipient's acting server checking challenge information failure, return response to the requesting party by increasing when a new answer code 440 Response AuthenticationFailed make recipient's acting server checking recipient identity mistake, thereby avoided illegal terminal to pretend to be response terminal to return response message.
As shown in Figure 3, be the signaling process figure of response message authentication method embodiment three of the present invention, what the signaling process figure of this signaling process figure and response message authentication method embodiment one of the present invention was different is step 306; Step 306 is requester agent discovering server certificate and signature when incorrect, sends BYE message for recipient's acting server, sends 440 Response Authentication Failed information to the requesting terminal.
Because this BYE message is that server mails in the territory, so this 440 message do not comprise Identity and Identity-Info, and the communication security between requesting terminal and the requester agent server is guaranteed by alternate manner, as TLS.Above-mentioned 440 response messages are specially:
SIP/2.0?440?Response?Authentication?Failed
……
Above-mentioned response message authentication method, requesting terminal under the situation of requester agent server authentication signature failure has been described preferably, the requester agent server, interaction flow between recipient's acting server and the receiving terminal, simultaneously by the information of identification response message promoter true identity is set in response message, can allow the requestor know the entity that communicates with, allow the requestor determine that the entity that communicates with is exactly its entity of claiming by signature, thereby can realize of the effective authentication of message request terminal preferably the information receiving terminal response message to true response entity information.
As shown in Figure 4, signaling process figure for response message authentication method embodiment four of the present invention, what the signaling process figure of this signaling process figure and response message authentication method embodiment one of the present invention was different is after recipient's acting server is received the request message of requester agent server forwards, return the 3xx response message, and be transmitted to the recipient no longer downwards; This response message is specially:
……
Identity-Info:<https://biloxi.example.com/biloxi.cer>;alg=rsa-shal;
RespID=biloxi.example.com
From the response message of response message authentication method embodiment one and embodiment four, can see, the value difference of RespID, RespID=bobbiloxi.example.com among the embodiment one, RespID=biloxi.example.com among the embodiment four, the real entities that is transmission response message among the embodiment one is receiving terminal Bob, and the real entities of transmission response message is recipient's acting server Proxy B among the embodiment four.
In addition, when requester agent discovering server certificate and signature are incorrect, the signaling process figure of its signaling process figure such as response message authentication method embodiment three of the present invention.
Above-mentioned response message authentication method, thereby make the requestor determine the entity that the entity that communicates with is exactly in the response message to be claimed by the information that identification response message promoter true identity is set in response message, thereby can realize of the effective authentication of message request terminal preferably message receiving terminal response message.
The embodiment of the invention one response message authentication method specifically comprises:
The request message that comprises preset label that forwarding receives;
Receive the described request information and sending of transmitting;
The response message that reception is returned, and authentication response message transmission terminal are inserted in this response message the comprise signature and the certificate information that identify the information of initiating described response message real entities that generates and transmission;
Described signature in the described response message and certificate information are removed and send.
As shown in Figure 5, be the flow chart of response message authentication method embodiment one of the present invention, this method specifically comprises:
The request message that comprises preset label that step 501, forwarding receive;
The requester agent server is transmitted to recipient's acting server after receiving the request message that comprises preset label that the requesting terminal sends, above-mentioned preset label is that the requesting terminal requires response message sender authentication is required information, can represent with response-p-auth, the using form of preset label response-p-auth is Require:response-p-auth, and the expression requesting terminal requires recipient's acting server that the response message of receiving terminal in its territory is authenticated;
After recipient's acting server receives the request message of requester agent server forwards, in above-mentioned request message, send to receiving terminal behind the adding challenge information Proxy-Authenticate;
Whether the response message that has challenge responses information that step 503, inspection receive is legal, if legal, then execution in step 504, otherwise execution in step 505;
This step is an optional step, and receiving terminal generates and return the response message that has challenge responses information according to the request message that has challenge information that receives, and whether the challenge responses information that the inspection of recipient's acting server receives is legal;
Above-mentioned steps 502 and 503 is the authentication of recipient's acting server to receiving terminal, and the challenge authentication mode that is based on Digest that uses; But the method that realizes this authentication is not limited to the challenge mode, can also comprise TLS, 3GPP GBA mode etc.;
The above-mentioned sign that comprises is initiated the ID that the signature of above-mentioned response message real entities information comprises the real entities of " RespID=" field and initiation response message; When the response message that comprises challenge information that receives is legal, the value of RespID is made as the ID of receiving terminal, SIP the field signature of recipient's acting server to comprising RespID, the signature value is put into the Identity field, RespID and certificate storage address are put into the Identity-info field, and Identity and Identity-Info field are put into response message and transmission; The URL(uniform resource locator) (URL) that ID (RespID), endorsement method (Sign method) and the recipient's acting server territory certificate that the field that Identity-info comprises has sign to initiate the real entities of this response message deposited; RespID is the pairing SIP URI of user name (usemame) among the Proxy-Authorization, this value does not always equal the value of receiving terminal in the request message (To), when promptly the request message that sends when the requesting terminal is not redirected, actual recipient is exactly the indicated entity of To in the request message, therefore the RespID value equals the value of To the inside, but when request message is when being redirected (retarget) to the actual reception terminal, the value of To during the value of RespID is not equal in the request message, but the ID of actual reception terminal; Recipient's acting server can also be signed to following field except RespID is signed: requesting terminal (From), receiving terminal (To), session identification (Call-ID), date (Date), other parameters of Identity-info, answer code and description etc.; Above-mentioned endorsement method (Sign method) can be a Message Digest 5 version 5RSA signature algorithm (MD5RSA), promptly at first use Message Digest 5 version 5 (message-digest algorithm v5, md5) response ID and other relevant fields are carried out Hash, it is encrypted with the private key of territory certificate correspondence by recipient's acting server again;
This step only takes place when terminal authentication is failed receiving at recipient's acting server.If adopt the challenge authentication method, when the challenge responses message of recipient's acting server reception is illegal, take place, this moment, recipient's acting server sent BYE message with the session of end with receiving terminal to receiving terminal earlier, sent 440 Response Authentication Failed then and responded to the requester agent server with notice request terminal response authentification failure;
Above-mentioned steps 506 also is an optional step, after the requester agent server receives and comprises the response message of above-mentioned signature and certificate information, it is verified, if be proved to be successful, then based on the trust of requester agent server to recipient's acting server, the requester agent server thinks that the response message initiator is that receiving terminal is by success identity.
This proof procedure specifically comprises:
The requester agent server obtains the certificate of recipient's acting server according to the certificate information in the response message; Relatively the domain name part of the response entity identification among the RespID whether with described certificate in the certificate owner belong to a territory together; If not, authentication failed then, because acting server can only be managed the user in this territory; If according to the signature algorithm that step 504 adopted, for example MD5RSA verifies described signature, this proof procedure is specially:
Use described Message Digest 5 to calculate the digest value of the field of being signed, wherein must comprise RespID; Again with the signature value in the PKI deciphering response message that described certificate comprised; At last with data after the deciphering and the contrast of described digest value.If equate, then expression is proved to be successful; If not etc., authentication failed then;
If by checking, the requester agent server then removes above-mentioned signature and certificate information and transmits the response message that has removed above-mentioned signature and certificate information and give the requesting terminal;
This step occurs in response message during the checking by the requester agent server, send BYE message to recipient's acting server this moment earlier, sends 440ResponseAuthentication Failed response with notice request terminal response authentification failure to the requesting terminal again;
Above-mentioned response message authentication method is finished at network side, receiving terminal is by being provided with the information of identification response message promoter true identity in response message, can allow the requesting terminal know the entity that communicates with, thereby make the requestor determine the entity that the entity that communicates with is exactly in the response message to be claimed by recipient's acting server to the signature of true response entity information, thereby can realize of the effective authentication of message request terminal preferably the response message of message receiving terminal.
As shown in Figure 6, be the flow chart of response message authentication method embodiment two of the present invention, this method specifically comprises:
The request message that comprises preset label that step 601, forwarding receive;
Operating procedure with step 101 among the response message authentication method embodiment one of the present invention is the same, and preset label is also identical, is response-p-auth, and using form is also identical;
Recipient's acting server need return response message and give the requesting party according to the processing of sip request message, and when no longer being transmitted to receiving terminal, then carries out this step.The response message that recipient's acting server will have signature and certificate information sends to the requester agent server, and the RespID of the above-mentioned response message real entities of sign initiation is set to the sign of recipient's acting server in above-mentioned signature and the certificate information;
This step is an optional step, and the requester agent server verifies that to it this proof procedure comprises after receiving and comprising the response message of above-mentioned signature and certificate information:
Obtain the requester agent server certificate, and whether the owner's sign that compares in the certificate is identical with RespID; If inequality, authentification failure then; If identical, then verify described signature value.Verification method is identical with embodiment one;
If by checking, then the requester agent server removes above-mentioned signature and certificate information and transmits the response message that removes above-mentioned signature and certificate information and give the requesting terminal of initiating described request message;
This step only at response message if the time just do not take place by checking, send BYE message to recipient's acting server this moment earlier, sends 440 Response Authentication Failed response with notice request terminal response authentification failure to the requesting terminal again;
Above-mentioned response message authentication method is finished at network side, by the information of identification response message promoter true identity is set in response message, can allow the requestor know the entity that communicates with, thereby recipient's acting server makes the requestor determine the entity that the entity that communicates with is exactly in the response message to be claimed by the signature to true response entity information, thereby can realize the effective authentication of message request terminal to the response message of message receiving terminal preferably.
As shown in Figure 7, be the structural representation of response message Verification System embodiment of the present invention, this system specifically comprises requester agent server 12 and recipient's acting server 13.
Wherein, requester agent server 12 comprises: request message retransmission unit 121 is used to transmit the request message that comprises preset label that receives; Response message receiving element 122 is used for that receiving belt bears the signature and the response message of certificate information and transmitting; Response authentication unit 123 is used to receive the response message that has signature and certificate information that the response message receiving element is transmitted, and verifies whether described response message is legal, then described signature and certificate information is removed and transmits as if legal;
In addition, above-mentioned requester agent server can also comprise: the authentification failure unit, be used for when response message is illegal, and send failed message earlier, the back sends the response failed message.
Above-mentioned recipient's acting server 13 comprises: request message adapter unit 131 is used to receive the request message that the request message retransmission unit is transmitted; Request message processing unit 132 is used for judging whether that according to the request message that receives needs return redirect response message, and when not needing to return redirect response message, request message is handled and sent; Be redirected unit 133, be used for when needs return response message, send the response message that comprises the described response message real entities information of sign initiation; Authentication ' unit 134 is used to receive the response message that returns, and whether authenticate described response message legal, if legal then the transmission comprises the response message that sign is initiated described response message real entities information; Signature unit 135 is used for the information of the described response message real entities of sign initiation is signed, and is inserted in the response message described signature and certificate information and transmission.
Wherein, above-mentioned request message processing unit is specially challenge request message processing unit, be used for judging whether that according to the request message that receives needs return redirect response message, and when not needing to return redirect response message, in request message, insert challenge information and transmission; Above-mentioned response authentication unit specifically comprises: the certificate acquisition unit is used to receive the response message that has signature and certificate information that the response message receiving element is transmitted, and obtains certificate according to the address in the certificate information; The certificate verification unit, whether be used for according to the described response message of certification authentication that obtains legal, if legal described signature and the certificate information of then removing, and transmit the response message that removes described signature and certificate information.
In addition, said system can further include requesting terminal 11 and receiving terminal 14.Above-mentioned requesting terminal 11 comprises: request message generation unit 111 is used to generate the request message and the transmission that comprise preset label; Response message receiving element 112 is used to receive the response message that removes signature and certificate information of forwarding.Above-mentioned receiving terminal 14 comprises: request message receiving element 141 is used to receive the request message that the request message processing unit is transmitted; Processing unit 142, the request message that is used for receiving according to the request message receiving element generates response message; Response message transmitting element 143 is used to send the response message of generation.
Wherein, above-mentioned request message receiving element is specially challenge request message receiving element, is used to receive the request message that has challenge information that the request message processing unit is transmitted; Above-mentioned processing unit is specially the challenge information processing unit, is used for generating the response message that has challenge responses information according to the request message that has challenge information that the request message receiving element receives; Above-mentioned response message transmitting element is specially the challenge responses message sending unit, is used to send the response message that has challenge responses information.
Further, authentication ' unit on above-mentioned recipient's acting server and signature unit have constituted a logic entity jointly and have authenticated sub-device (authenticator), it can be implemented on the independent server carries out alternately with acting server, also can be used as a logic entity on the acting server, its effect is that the response that the receiving terminal in this territory returns is authenticated, when receiving the response of (Proxy-Authorization) that carry challenge information, authenticator verifies whether it is validated user, if the verification passes, and the requesting terminal is not in this territory, authenticator uses the private key of oneself to this information signature, the signature value is put into signature (Identity) header field, inserts certificate information (Identity-Info) simultaneously in message; If the requesting terminal is in this territory, promptly requesting terminal and receiving terminal then do not need to insert direct transmission of signature and get final product in same territory.
If the intra domain user checking is not passed through, can there be multiple mode to handle, as directly sends the BYE end session after returning ACK, return 440 Response AuthenticationFailed response to the requesting terminal simultaneously; Perhaps resend this request, finish conversation later on,, can realize with flexible way as the case may be because this relates to the formulation of local security policy up to the certain number of times of continuous failure.
Further, response authentication unit on the above-mentioned requester agent server also can be used as a logic entity and verifies sub-device (verifier), it both can be implemented on the independent server carries out alternately with acting server, can be used as a logic entity on the acting server again, its effect is the certificate that obtains recipient's acting server by the certificate acquisition unit according to the URL(uniform resource locator) (URL) in the response message identity-info header field, whether whether the response message by authentication ' unit checking receiving terminal passes through the receiving terminal server authentication then, be the signature value that the receiving terminal server is generated with the signature value in the certification authentication Identity header field promptly.
Above-mentioned response message Verification System, when the requesting terminal sends request, if desired response message is authenticated, in sip request message, insert Require:response-p-auth by the request message generation unit, if intermediate server or receiving terminal client are not supported response-p-auth, then 420 Bad Extension response will be received in the requesting terminal; After the requesting terminal is sent to the request message processing unit of recipient's acting server with request message, recipient's acting server judges that according to whether needs return redirect response message this request message is send to receiving terminal or should send to the requester agent server, and different response entity identification RespID is set thus, when needs return redirect response message, RespID is set to the ID of recipient's acting server, otherwise RespID is set to the ID of receiving terminal, above-mentioned signature unit can be signed according to different RespID, thereby carries out effective response message authentication for requesting party's terminal or requester agent server.
As shown in Figure 8, be the structural representation of response message authenticate device embodiment one of the present invention, this device specifically comprises: retransmission unit 21 is used to transmit the request message that comprises preset label that receives; Receiving element 22 is used to receive the described request information and sending of forwarding; Success message transmitting element 24 receives the response message that returns, and authentication response message transmission terminal, is inserted in this response message the comprise signature and the certificate information that identify the information of initiating described response message real entities that generates and transmission; Success message retransmission unit 26 removes described signature in the described response message and certificate information and send.
Wherein, above-mentioned receiving element is specially the challenge message Transmit-Receive Unit, is used for adding challenge information and transmission in the described request message of the forwarding that receives; Above-mentioned success message transmitting element is specially successfully the challenge message transmitting element, be used for the response message that has challenge responses information that basis is returned, be inserted in this response message the comprise signature and the certificate information that identify the information of initiating described response message real entities that generates and transmission.
In addition, above-mentioned response message authenticate device also comprises: inspection unit 23, be used to check whether the challenge responses message of reception is legal, if it is legal, then according to the response message that has challenge responses information that returns, the sign that comprises that generates is initiated the signature of information of above-mentioned response message real entities and certificate information and is inserted in this response message and sends, otherwise, send failed message earlier, the back sends the response failed message; Finish; Authentication unit 25 is used to verify whether the response message that comprises above-mentioned signature and certificate information is legal, then above-mentioned signature in the above-mentioned response message and certificate information removed and sends as if legal, otherwise, sending failed message earlier, the back sends and responds failed message.
Wherein, above-mentioned authentication unit specifically can comprise: acquisition module 251 is used for obtaining the certificate information of response message; Judge module 252, the domain name part that the sign that is used for relatively signing is initiated described response message real entities information whether with described certificate in the certificate owner belong to a territory together, if do not belong to a territory together, authentication failed then, send failed message earlier, the back sends the response failed message, if belong to a territory together, then, described signature is verified, if checking is passed through according to generating the signature algorithm that is adopted when signing, then described signature in the described response message and certificate information are removed and send, otherwise, sending failed message earlier, the back sends the response failed message.
In addition, said apparatus can also comprise: the failed message transmitting element, be used for when the challenge responses message that receives is illegal, sending failed message earlier, and the back sends the response failed message, finishes; Said apparatus also can comprise: the failed message retransmission unit, be used for when the response message that comprises above-mentioned signature and certificate information that receives is illegal, sending failed message earlier, and the back sends the response failed message.
Above-mentioned response message authenticate device is arranged on network side, the request message that the requesting terminal that utilizes retransmission unit to transmit reception sends, the challenge request message that utilizes transmitting element to receive sends to receiving terminal, whether the challenge responses message of utilizing the inspection unit inspection to receive then is legal, and legal challenge responses message is sent to recipient's acting server by the success message transmitting element, utilize the signature and the certificate information that comprise in the authentication unit authentication response information whether legal then, by the success message retransmission unit response message is sent to the requesting terminal as if legal, thereby finish the normal conversation of requesting terminal and receiving terminal; Simultaneously, also can utilize the failed message transmitting element that the challenge responses information of failure is sent to recipient's acting server, and then send to the requesting terminal with end session; Also can utilize the failed message retransmission unit that the response message of failure is sent to the requesting terminal with end session; Thereby can realize of the effective authentication of message request terminal preferably to the information receiving terminal response message.
As shown in Figure 9, be the structural representation of response message authenticate device embodiment two of the present invention, this device specifically comprises: retransmission unit 21 is used to transmit the request message that comprises preset label that receives; Transmitting element 31, the signature and the certificate information that comprise sign initiation response message real entities information that are used for generating are inserted into response message and transmission; Success message retransmission unit 26 is used for the above-mentioned signature and the certificate information of above-mentioned response message are removed and send.
Said apparatus is arranged on network side, in addition, said apparatus can also comprise: authentication unit 25, be used to verify whether the response message that comprises above-mentioned signature and certificate information is legal, then above-mentioned signature in the above-mentioned response message and certificate information are removed and send as if legal, otherwise, sending failed message earlier, the back sends the response failed message.
Wherein, above-mentioned authentication unit specifically can comprise: acquisition module 251 is used for obtaining the certificate information of response message; Judge module 252, the domain name part that the sign that is used for relatively signing is initiated described response message real entities information whether with described certificate in the certificate owner belong to a territory together, if do not belong to a territory together, authentication failed then, send failed message earlier, the back sends the response failed message, if belong to a territory together, then, described signature is verified, if checking is passed through according to generating the signature algorithm that is adopted when signing, then described signature in the described response message and certificate information are removed and send, otherwise, sending failed message earlier, the back sends the response failed message.
Above-mentioned response message authenticate device, utilize retransmission unit to transmit the request message that receives, utilize signature that transmitting element will generate and certificate information to be inserted in the response message and send to recipient's acting server, utilize the signature and the certificate information that comprise in the authentication unit authentication response information whether legal then, by the success message retransmission unit response message is sent to the requesting terminal as if legal, thereby finish the normal conversation of requesting terminal and receiving terminal; Simultaneously, also can utilize the failed message transmitting element that the challenge responses information of failure is sent to recipient's acting server, and then send to the requesting terminal with end session; Also can utilize the failed message retransmission unit that the response message of failure is sent to the requesting terminal with end session; Thereby realized of the effective authentication of message request terminal preferably to the information receiving terminal response message.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (23)
1. response message authentication method is characterized in that comprising:
The requester agent server is transmitted the request message that comprises preset label that receives from the requesting terminal to recipient's acting server;
Described recipient's acting server receives the described request information and sending of transmitting and gives receiving terminal;
Described recipient's acting server receives the response message that described receiving terminal returns, and authentication response message sends terminal, and the sign that comprises that generates is initiated the signature of information of described response message real entities and certificate information and is inserted in this response message and sends to described request side's acting server;
Described request side's acting server removes and sends to the described request terminal with described signature in the described response message and certificate information.
2. response message authentication method according to claim 1, it is characterized in that described recipient's acting server receives the described request information and sending of transmitting and is specially to receiving terminal: recipient's acting server adds challenge information and sends to receiving terminal in the described request message of the forwarding that receives.
3. response message authentication method according to claim 2, it is characterized in that described recipient's acting server receives the response message that described receiving terminal returns, and authentication response message sends terminal, and the sign that comprises that generates is initiated the signature of information of described response message real entities and certificate information and is inserted in this response message and sends to described request side's agency service implement body and comprise:
Whether the response message that has challenge responses information that described recipient's acting server inspection receives is legal, if it is legal, the response message that has challenge responses information that returns according to described receiving terminal is then initiated the sign that comprises that generates the signature of information of described response message real entities and certificate information and is inserted in this response message and sends to described request side's acting server.
4. response message authentication method according to claim 3 is characterized in that described request side's acting server also comprises before the described signature in the described response message and certificate information are removed and send to the described request terminal:
Described request side's acting server verifies whether the response message that comprises described signature and certificate information is legal, then described signature in the described response message and certificate information is removed and send to the described request terminal as if legal.
5. response message authentication method according to claim 4, it is characterized in that whether acting server checking in described request side comprises the response message of described signature and certificate information legal, if legally then the described signature in the described response message and certificate information are removed and send to the described request terminal and specifically comprise:
Described request side's acting server obtains the certificate information in the response message, relatively the domain name part that sign is initiated described response message real entities information in the signature whether with described certificate in the certificate owner belong to a territory together, if belong to a territory together, then according to generating the signature algorithm that is adopted when signing, described signature is verified, if checking is passed through, then described signature in the described response message and certificate information are removed and send to the described request terminal.
6. response message authentication method is characterized in that comprising:
The requester agent server is transmitted the request message that comprises preset label that receives from the requesting terminal to recipient's acting server;
Signature that comprises sign initiation response message real entities information that described recipient's acting server will generate and certificate information are inserted in the response message and send to described request side's acting server;
Described request side's acting server removes and sends to the described request terminal with described signature in the described response message and certificate information.
7. response message authentication method according to claim 6 is characterized in that described request side's acting server also comprises before the described signature in the described response message and certificate information are removed and send to the described request terminal:
Described request side's acting server verifies whether the response message that comprises described signature and certificate information is legal, then described signature in the described response message and certificate information is removed and send to the described request terminal as if legal.
8. response message authentication method according to claim 7, it is characterized in that whether acting server checking in described request side comprises the response message of described signature and certificate information legal, if legally then the described signature in the described response message and certificate information are removed and send to the described request terminal and specifically comprise:
Described request side's acting server obtains the certificate information in the response message, relatively the domain name part that sign is initiated described response message real entities information in the signature whether with described certificate in the certificate owner belong to a territory together, if belong to a territory together, then according to generating the signature algorithm that is adopted when signing, described signature is verified, if checking is passed through, then described signature in the described response message and certificate information are removed and send to the described request terminal.
9. a response message Verification System comprises requester agent server and recipient's acting server, it is characterized in that described request side's acting server comprises:
The request message retransmission unit is used to transmit the request message that comprises preset label that receives;
The response message receiving element is used for that receiving belt bears the signature and the response message of certificate information and transmitting;
The response authentication unit is used to receive the response message that has signature and certificate information that the response message receiving element is transmitted, and verifies whether described response message is legal, then described signature and certificate information is removed and transmits as if legal;
Described recipient's acting server comprises:
The request message adapter unit is used to receive the request message that the request message retransmission unit is transmitted;
The request message processing unit is used for judging whether that according to the request message that receives needs return redirect response information, and when not needing to return redirect response information, request message is handled and sent;
Be redirected the unit, be used for when needs return response message, send the response message that comprises the described response message real entities information of sign initiation;
Authentication ' unit is used to receive the response message that returns, and whether authenticate described response message legal, if legal then the transmission comprises the response message that sign is initiated described response message real entities information;
Signature unit is used for the information of the described response message real entities of sign initiation is signed, and is inserted in the response message described signature and certificate information and transmission.
10. response message Verification System according to claim 9 is characterized in that also comprising the requesting terminal, and the described request terminal comprises:
The request message generation unit is used to generate the request message and the transmission that comprise preset label;
The response message receiving element is used to receive the response message that removes signature and certificate information of forwarding.
11. response message Verification System according to claim 10 is characterized in that also comprising receiving terminal, described receiving terminal comprises:
The request message receiving element is used to receive the request message that the request message processing unit is transmitted;
Processing unit, the request message that is used for receiving according to the request message receiving element generates response message;
The response message transmitting element is used to send the response message of generation.
12. response message Verification System according to claim 11, it is characterized in that the described request message processing unit is specially challenge request message processing unit, be used for judging whether that according to the request message that receives needs return redirect response information, and when not needing to return redirect response information, in request message, insert challenge information and transmission.
13. response message Verification System according to claim 12 is characterized in that described response authentication unit specifically comprises:
The certificate acquisition unit is used to receive the response message that has signature and certificate information that the response message receiving element is transmitted, and obtains certificate according to the address in the certificate information;
The certificate verification unit is used for according to the certificate that obtains and verifies whether described response message is legal, if legal described signature and the certificate information of then removing, and transmit the response message that removes described signature and certificate information.
14. response message Verification System according to claim 13 is characterized in that:
Described request message sink unit is specially challenge request message receiving element, is used to receive the request message that has challenge information that the request message processing unit is transmitted;
Described processing unit is specially the challenge information processing unit, is used for generating the response message that has challenge responses information according to the request message that has challenge information that the request message receiving element receives;
Described response message transmitting element is specially the challenge responses message sending unit, is used to send the response message that has challenge responses information.
15. a response message authenticate device is characterized in that comprising:
Retransmission unit is used for transmitting the request message that comprises preset label that receives from the requesting terminal to receiving element;
Receiving element is used to receive the described request information and sending of described retransmission unit forwarding to receiving terminal;
The success message transmitting element, be used to receive the response message that described receiving terminal returns, and authentication response message sends terminal, and the sign that comprises that generates is initiated the signature of information of described response message real entities and certificate information and is inserted in this response message and sends to the success message retransmission unit;
The success message retransmission unit is used for the described signature and the certificate information of described response message are removed and send to the described request terminal.
16. response message authenticate device according to claim 15 is characterized in that described receiving element is specially the challenge message Transmit-Receive Unit, is used for adding challenge information and transmission in the described request message of the forwarding that receives.
17. response message authenticate device according to claim 16, it is characterized in that described success message transmitting element is specially successfully the challenge message transmitting element, be used for the response message that has challenge responses information that basis is returned, be inserted in this response message the comprise signature and the certificate information that identify the information of initiating described response message real entities that generates and transmission.
18. response message authenticate device according to claim 17 is characterized in that also comprising:
Inspection unit is used to check whether the challenge responses message of reception is legal, if legal, then response message is sent to successfully the challenge message transmitting element, otherwise, sending failed message earlier, the back sends the response failed message; Finish.
19. response message authenticate device according to claim 18 is characterized in that also comprising:
Authentication unit is used to verify whether the response message that comprises described signature and certificate information is legal, then described response message is sent to the success message retransmission unit as if legal, otherwise, sending failed message earlier, the back sends and responds failed message.
20. response message authenticate device according to claim 19 is characterized in that described authentication unit specifically comprises:
Acquisition module is used for obtaining the certificate information of response message;
Judge module, the domain name part that the sign that is used for relatively signing is initiated described response message real entities information whether with described certificate in the certificate owner belong to a territory together, if do not belong to a territory together, authentication failed then, send failed message earlier, the back sends the response failed message, if belong to a territory together, then, described signature is verified, if checking is passed through according to generating the signature algorithm that is adopted when signing, then described signature in the described response message and certificate information are removed and send, otherwise, sending failed message earlier, the back sends the response failed message.
21. a response message authenticate device is characterized in that comprising:
Retransmission unit is used to transmit the request message that comprises preset label that receives from the requesting terminal;
Transmitting element, the signature and the certificate information that comprise sign initiation response message real entities information that are used for generating are inserted into response message and send to the success message retransmission unit;
The success message retransmission unit is used for the described signature and the certificate information of described response message are removed and send to the described request terminal.
22. response message authenticate device according to claim 21 is characterized in that also comprising:
Authentication unit is used to verify whether the response message that comprises described signature and certificate information is legal, then described response message is sent to the success message retransmission unit as if legal, otherwise, sending failed message earlier, the back sends and responds failed message.
23. response message authenticate device according to claim 22 is characterized in that described authentication unit specifically comprises:
Acquisition module is used for obtaining the certificate information of response message;
Judge module, the domain name part that the sign that is used for relatively signing is initiated described response message real entities information whether with described certificate in the certificate owner belong to a territory together, if do not belong to a territory together, authentication failed then, send failed message earlier, the back sends the response failed message, if belong to a territory together, then, described signature is verified, if checking is passed through according to generating the signature algorithm that is adopted when signing, then described signature in the described response message and certificate information are removed and send, otherwise, sending failed message earlier, the back sends the response failed message.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101014631A CN101527632B (en) | 2008-03-06 | 2008-03-06 | Method, device and system for authenticating response messages |
| PCT/CN2008/073702 WO2009109093A1 (en) | 2008-03-06 | 2008-12-24 | Method, device and system for certifying response message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101014631A CN101527632B (en) | 2008-03-06 | 2008-03-06 | Method, device and system for authenticating response messages |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101527632A CN101527632A (en) | 2009-09-09 |
| CN101527632B true CN101527632B (en) | 2011-12-28 |
Family
ID=41055535
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101014631A Expired - Fee Related CN101527632B (en) | 2008-03-06 | 2008-03-06 | Method, device and system for authenticating response messages |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101527632B (en) |
| WO (1) | WO2009109093A1 (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227519B (en) * | 2014-06-04 | 2019-11-26 | 广州市动景计算机科技有限公司 | It is a kind of to have secure access to the method for webpage, client and server |
| CN108449280B (en) * | 2017-02-16 | 2023-03-07 | 中兴通讯股份有限公司 | Method and device for avoiding ping-pong of TCP (Transmission control protocol) messages |
| US11070506B2 (en) * | 2018-01-10 | 2021-07-20 | Vmware, Inc. | Email notification system |
| CN110035037B (en) * | 2018-01-11 | 2021-09-17 | 华为技术有限公司 | Security authentication method, related equipment and system |
| CN109088855A (en) * | 2018-07-12 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of identity authentication method and equipment |
| CN110267219B (en) * | 2019-07-02 | 2021-10-01 | 中国联合网络通信集团有限公司 | Call forwarding reporting method, register, user terminal and block chain network |
| CN111031074B (en) * | 2020-01-09 | 2022-03-01 | 中国信息通信研究院 | Authentication method, server and client |
| CN114827074B (en) * | 2021-01-28 | 2024-04-09 | 腾讯科技(深圳)有限公司 | Social message processing method, device, server, terminal and medium |
| CN112906063B (en) * | 2021-02-26 | 2024-04-26 | 杭州萤石软件有限公司 | Digital digest algorithm processing equipment method, device, system and equipment |
| CN113615220B (en) * | 2021-06-22 | 2023-04-18 | 华为技术有限公司 | Secure communication method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1376301A2 (en) * | 2002-06-26 | 2004-01-02 | Microsoft Corporation | Content access management |
| WO2005024567A2 (en) * | 2003-08-18 | 2005-03-17 | Spearman Anthony C | Network communication security system, monitoring system and methods |
| CN101123504A (en) * | 2007-09-04 | 2008-02-13 | 华为技术有限公司 | Certification method for communication terminal and response source |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100579012C (en) * | 2005-03-30 | 2010-01-06 | 中兴通讯股份有限公司 | Method for terminal user safety access soft handoff network |
| CN100550902C (en) * | 2005-05-13 | 2009-10-14 | 中兴通讯股份有限公司 | A kind of method of improved IP Multimedia System Authentication and Key Agreement |
| CN101030854B (en) * | 2006-03-02 | 2010-05-12 | 华为技术有限公司 | Method and apparatus for inter-verifying network between multi-medium sub-systems |
| CN101094064A (en) * | 2006-07-25 | 2007-12-26 | 中兴通讯股份有限公司 | Method for IP terminals to access network in security |
-
2008
- 2008-03-06 CN CN2008101014631A patent/CN101527632B/en not_active Expired - Fee Related
- 2008-12-24 WO PCT/CN2008/073702 patent/WO2009109093A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1376301A2 (en) * | 2002-06-26 | 2004-01-02 | Microsoft Corporation | Content access management |
| WO2005024567A2 (en) * | 2003-08-18 | 2005-03-17 | Spearman Anthony C | Network communication security system, monitoring system and methods |
| CN101123504A (en) * | 2007-09-04 | 2008-02-13 | 华为技术有限公司 | Certification method for communication terminal and response source |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009109093A1 (en) | 2009-09-11 |
| CN101527632A (en) | 2009-09-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101527632B (en) | Method, device and system for authenticating response messages | |
| US9749318B2 (en) | Key management in a communication network | |
| US7240366B2 (en) | End-to-end authentication of session initiation protocol messages using certificates | |
| US8122240B2 (en) | Method and apparatus for establishing a security association | |
| US8417955B2 (en) | Entity bidirectional authentication method and system | |
| CN101902476B (en) | Method for authenticating identity of mobile peer-to-peer user | |
| Wang et al. | A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography | |
| CN105187450A (en) | Authentication method and device based on authentication equipment | |
| CN101521660B (en) | Session initiation protocol registry method, certification and authorization method, system and equipment | |
| CN101442411A (en) | Identification authentication method between peer-to-peer user nodes in P2P network | |
| CN1716953B (en) | Method for identifying conversation initial protocol | |
| CN105577612A (en) | Identity authentication method, third party server, merchant server, and user terminal | |
| Azad et al. | Authentic caller: Self-enforcing authentication in a next-generation network | |
| CN101252577B (en) | Method for generating three parts cipher key negotiation | |
| CN101488945B (en) | Authentication method oriented to SIP | |
| CN109639426A (en) | Bidirectional self-authentication method based on identification password | |
| WO2007000115A1 (en) | A method for authenticating the device receiving the sip request message | |
| CN102577231B (en) | Sending protected data in a communication network | |
| CN115955320B (en) | Video conference identity authentication method | |
| CN108282456A (en) | The method that web camera mandate accesses | |
| Sterman et al. | RADIUS extension for digest authentication | |
| Hutzelman et al. | Generic security service application program interface (GSS-API) authentication and key exchange for the secure shell (SSH) protocol | |
| CN107431690B (en) | Method for communication of electronic communication system in open environment | |
| Nikooghadam et al. | Perfect Forward Secrecy in VoIP Networks Through Design a Lightweight and Secure Authenticated Communication Scheme | |
| CN112165503A (en) | Method and device for establishing network connection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111228 Termination date: 20140306 |