CN101640669B - Method, system and device for SIP policy control authentication - Google Patents
Method, system and device for SIP policy control authentication Download PDFInfo
- Publication number
- CN101640669B CN101640669B CN200810134586A CN200810134586A CN101640669B CN 101640669 B CN101640669 B CN 101640669B CN 200810134586 A CN200810134586 A CN 200810134586A CN 200810134586 A CN200810134586 A CN 200810134586A CN 101640669 B CN101640669 B CN 101640669B
- Authority
- CN
- China
- Prior art keywords
- policy
- control authentication
- authentication information
- user agent
- policy control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a method for SIP policy control authentication, which comprises the following steps that: a policy server receives a subscription request from a user agent; the policy server generates policy control authentication information according to the subscription request; and the policy server sends the policy control authentication information to the user agent. In the embodiment of the invention, by performing security enhancement on an SIP policy control mechanism, a policy control authentication mechanism is designed, and a client is ensured to initiate a session request in strict accordance with a policy prescription so that the security of a session is enhanced.
Description
Technical field
The embodiment of the invention relates to communication technical field, relates in particular to a kind of method, system and equipment of SIP policy control authentication.
Background technology
SIP (Session Initial Protocol, session initiation protocol) calling need be carried out policy control, for example, whether uses certain Media Stream coded format or certain Media Stream type according to type of service of calling out or network condition decision.
In the prior art, SIP policy control mechanism is to work out corresponding strategy according to the difference of call request, thereby controls the operation of whole network, and is as shown in Figure 1, may further comprise the steps:
Step 101, the user agent sends solicited message to acting server;
After step 102, acting server are received this solicited message, return 488 responses to the user agent, the prompting user agent needs acquisition strategy information;
Step 103; After the user agent receives 488 responses; According to SDP (Session DescriptionProtocol; Session Description Protocol) message body produces MPDF (Media Policy Dataset Format, Media Stream policy data form) message body, sends the subscribe request of carrying MPDF message body to strategic server then.
Step 104, strategic server returns subscribing notification according to conversation description to the user agent, carries amended MPDF message body in this notice;
Step 105; After the user agent receives this strategy assignment messages; Inspection MPDF message body is also carried out corresponding session parameter modification, in request message, increases the Policy-Id parameter and also sends a request message to acting server again, and wherein Policy-Id is the address of strategic server;
Step 106, acting server check whether Policy-Id is correct, when correct, transmit this solicited message to the purpose user.
Yet; Do not have the policy data authentication mechanism in the said method, sip proxy server can't know whether the solicited message of acquisition has carried out correct policy mechanism, therefore is easy to attack to policy mechanism; For example; The user agent has revised strategies such as confined Media Stream type or bandwidth in the step 105, thereby obtains unlawful interests, harm user or network.
In realizing process of the present invention, the inventor finds to exist in the prior art following shortcoming:
In the prior art, have no tactful authentication mechanism, can't guarantee the authenticity and integrity of policy information.The user can not forge Policy-Id information through the appointment of strategic server, calls out thereby carry out illegal SIP through corresponding acting server; In addition, malicious attacker can be distorted MPDF message body, revises the policy information that strategic server sends, thereby reaches the purpose that endangers user and network security or obtain unlawful interests.
Summary of the invention
The embodiment of the invention provides a kind of method, system and equipment of SIP policy control authentication, to guarantee the safe operation of SIP policy mechanism.
The embodiment of the invention provides a kind of method of SIP policy control authentication, may further comprise the steps:
Strategic server receives the subscribe request from the user agent;
Said strategic server is according to said subscribe request generation strategy control authentication information;
Said strategic server sends to said user agent with said policy control authentication information.
The embodiment of the invention also provides a kind of system of SIP policy control authentication, comprises strategic server, acting server and user agent:
Said strategic server is used to receive the subscribe request from the user agent, according to said subscribe request generation strategy control authentication information, sends said policy control authentication information to said user agent;
Said acting server; Be used to receive the new invitation message that comprises policy control authentication information from said user agent; Said policy control authentication information is verified,, then transmitted said new invitation message to the invitation message recipient if the checking result is correct; If the checking result is a mistake, then send failure response message to said user agent;
Said user agent; Be used to receive the response message that carries policing type from said acting server; Construct said subscribe request according to the said response message that carries policing type; Send said subscribe request to said strategic server, receive policy control authentication information from said strategic server.
The embodiment of the invention also provides a kind of strategic server, comprising:
The subscribe request receiving element is used to receive the subscribe request from the user agent;
The subscribe request processing unit is used for the subscribe request generation strategy control authentication information that receives according to said subscribe request receiving element;
The policy control authentication information transmitting unit is used for sending the policy control authentication information that said subscribe request processing unit generates to said user agent.
The embodiment of the invention also provides a kind of acting server, comprising:
The invitation message receiving element is used to receive the invitation message from the user agent, and said invitation message comprises policy control authentication information;
The invitation message authentication unit; The policy control authentication information of the new invitation message that is used for said invitation message receiving element is received is verified; If the checking result is correct; Then transmit said new invitation message,, then return failure response message to said user agent if the checking result is a mistake to the invitation message recipient.
The embodiment of the invention also provides a kind of network equipment, comprising:
Receiving element is used to receive the response message that carries policing type from acting server;
Structural unit is used for the response message structure subscribe request of carrying policing type that receives according to said receiving element;
Transmitting element is used for sending the subscribe request that said structural unit is constructed to strategic server.
In the embodiments of the invention,, designed policy control authentication mechanism, guaranteed that client initiates a session request in strict accordance with the strategy regulation, has strengthened security of conversation through SIP policy control mechanism has been carried out safe enhancing.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work property, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the method flow diagram that a kind of SIP policy control mechanism is called out in the prior art;
Fig. 2 is the method flow diagram of a kind of SIP policy control authentication in the embodiment of the invention;
Fig. 3 is the concrete grammar flow chart that a kind of SIP policy control mechanism is called out in the embodiment of the invention;
Fig. 4 is a kind of network architecture figure in the embodiment of the invention;
Fig. 5 is a kind of strategic server structure chart in the embodiment of the invention;
Fig. 6 is a kind of acting server structure chart in the embodiment of the invention;
Fig. 7 is a kind of network equipment structure chart in the embodiment of the invention.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
The embodiment of the invention provides a kind of method of SIP policy control authentication, is applied to comprise the user agent, and in the network of acting server and three network entities of strategic server, said method is as shown in Figure 2, may further comprise the steps:
The concrete grammar of SIP policy control mechanism being called out below in conjunction with concrete embodiment is elaborated, and is as shown in Figure 3:
Step 301, the user agent sends invitation message to acting server.
Step 302, acting server are not found the Policy-Id header field after receiving the invitation message that the user agent sends, and then return 488 responses to this user agent, have carried the policing type of strategic server in this response, and the form of this response message is following:
INVITE sip:bobbiloxi.somewhere.com SIP/2.0
Supported:policy
From:Alice<sip:aliceatlanta.example.com>;tag=9fxced76sl
To:Bob<sip:bobbiloxi.somewhere.com>
Call-ID:rt4353gs2egfatlanta.example.com
CSeq:1INVITE
Policy-Contact:<sip:policyatlanta.example.com>;policy=session-spec-policy
Content-Length:0
Step 303; Whether the user agent adds < sip-parameters>label information according to the policing type decision in subscribe request; If policing type is session-spec-policy (a session specific policy); Then label information need be added,, then label information need be do not added if policing type is session-independent-policy (the irrelevant strategy of session).Send subscribe request to strategic server then.< sip-parameters>label information comprises Request-URI (policy server address); From (solicited message promoter); To (solicited message recipient); Method (request type), Contact fields such as (ROL request-online people), the form that < sip-parameters>label information is joined MPDF message body generation subscribe request is following:
<property-set>
<sip-parameters>
<sip-parameter>
<sip-parameter-name>
</sip-parameter-name>
</sip-parameter>
</sip-parameters>
</property-set>
Respectively the SIP header field being filled up in the corresponding label, is (only providing relevant header field) like the invitation message of Fig. 2:
INVITE sip:bobbiloxi.somewhere.com SIP/2.0
From:Alice<sip:aliceatlanta.example.com>;tag=8675309
To:bob<sip:bobbiloxi.somewhere.com>
Call-ID:rt4353gs2eggatlanta.example.com
CSeq:1INVITE
Contact:<sip:aliceatlanta.example.com>
Corresponding tag message is:
SUBSCRIBE sip:policyatalanta.example.com SIP/2.0
From:Alice<sip:aliceatlanta.example.com>;tag=8675309
To:PS<sip:policyatlanta.example.com>
Call-ID:rt4353gs2eggpc.biloxi.example.com
CSeq:1SUBSCRIBE
Contact:<sips:alicepc.biloxi.example.com>
Expires:7200
Event:session-spec-policy
Accept:application/media-policy-dataset+xml
Content-Type:application/media-policy-dataset+xml
Content-Length:...
MPDF message body is:
<property-set>
... (other policing parameter)
<sip-parameters>
<sip-parameter><request-uri> sip:bobbiloxi.somewhere.com</request-uri></sip-parameter>
<sip-parameter><from> sip:alice atlanta.example.com<from></sip-parameter>
<sip-parameter><to>sip:bobbiloxi.somewhere.com</to></sip-parameter>
<sip-parameter><method>INVITE</method></sip-parameter>
<sip-parameter><contact> sip:alice atlanta.example.com</contact></sip-parameter>
</sip-parameters>
... (other policing parameter)
</property-set>
Step 304, strategic server is according to said subscribe request generation strategy control authentication information.
Strategic server is checked the subscribe request that receives, and according to session parameter, network condition etc. MPDF message body is strategically revised, and generates new MPDF message body;
Strategic server generates the Policy-Scope header field according to subscribe request, through calculating signing messages;
Strategic server is according to said new MPDF message body, Policy-Scope header field and signing messages generation strategy control authentication information.
Wherein, policy control authentication information can comprise following content:
Policy-Id: in this header field, added the signature parameter.
Policy-Scope: be worth and be session-spec-policy or session-independent-policy; Calculative different content when two kinds of policing types of corresponding draft-ietf-sip-session-policy-framework definition, corresponding simultaneously signature.Can also also comprise parameter etime, named policer expired time in this header field in addition.
Wherein, the signature calculation formula is signature=DigestAlgorithm (content).Wherein, the content character string of being signed.
If policing type is session-spec-policy,
Content=Request-URI|From|To|Method|Contact|Policy-Id|Pol icy-Scope|SDP message body,
If policing type is session-independent-policy,
Content=Policy-Id|Policy-Scope|SDP message body,
Wherein " | " is concatenation operator, with the synthetic character string of each field.
In the process of compute signature, strategic server can be converted into corresponding SDP message body with new MPDF message body, carries out signature calculation then.
Step 305, strategic server sends subscribing notification to the user agent, comprises policy control authentication information in the subscribing notification.
Subscribing notification according to embodiment of the invention definition (omits irrelevant header field) as follows:
NOTIFY sip:aliceatlanta.example.com SIP/2.0
From:PS<sip:policyatlanta.example.com>;tag=31451098
To:Alice<sip:aliceatlanta.example.com>;tag=8675309
Call-ID:rt4353gs2eggalice.example.com
CSeq:1NOTIFY
Policy-Scope:session-spec-policy;etime=Thu,21Feb 2008 13:05:03 GMT
Policy-Id:
PS<sip:policyatlanta.example.com>;signature=″ZYNBbHC00VMZr2kZt6
VmCvPonWJMGvQTBDqghoWeLxJfzB2a1pxAr3VgrB0SsSAaifsRdiOPoQ
ZYOy2wrVghuhcsMbHWUSFxI6p6q5TOQXHMmz6uEo3svJsSH49thyGnF
VcnyaZ++yRlBYYQTLqWzJ+KVhPKbfU/pryhVn9Yc6U=″
Event:session-spec-policy
Subscription-State:active;expires=7200
Content-Type:application/media-policy-dataset+xml
Content-Length:...
[MPDF policy data (summary)]
Step 306, the user agent comprises according to said policy control authentication information structuring and the new invitation message of policy control authentication information said new invitation message is sent to said acting server.
After the user agent receives subscribing notification; Check that new MPDF message body makes amendment to SDP, the user agent need be with the Policy-Scope in the subscribing notification, and the Policy-Id header field copies in the invitation message; Resend invitation message to acting server then, this request message format is:
INVITE sip:bobbiloxi.somewhere.com SIP/2.0
Supported:policy
From:Alice<sip:aliceatlanta.example.com>;tag=9fxced76sl
To:Bob<sip:bobbiloxi.somewhere.com>
Call-ID:rt4353gs2egfatlanta.example.com
CSeq:1INVITE
Contact:<sip:aliceatlanta.example.com>
Policy-Scope:session-spec-policy;etime=Thu,21Feb 2008 13:05:03 GMT
Policy-Id:<sip:policyatlanta.example.com>;signature=″ZYNBbHC00VMZr
2kZt6VmCvPonWJMGvQTBDqghoWeLxJfzB2a1pxAr3VgrB0SsSAaifsRdi
OPoQZYOy2wrVghuhcsMbHWUSFxI6p6q5TOQXHMmz6uEo3svJsSH49th
yGnFVcnyaZ++yRlBYYQTLqWzJ+KVhPKbfU/pryhVn9Yc6U=″
Content-Type:application/sdp
Content-Length:...
[SDP message body (summary)]
Step 307, acting server receives the new invitation message that comprises policy control authentication information from the user agent, and said policy control authentication information is verified.
Acting server carries out signature calculation according to policy control authentication information earlier, then signing messages is verified.If the checking result correctly then change step 308, the incorrect step 309 of then changeing.
Wherein, the signing messages that carries in the signing messages that acting server obtains said calculating and the said policy control authentication information compares checking, if the result is consistent, then verify correctly, if the result is inconsistent, and authentication error then.
Wherein, to carry out the computing formula of signature calculation consistent with the signature calculation formula of strategic server in the step 304 for acting server.Strategic server and the acting server certificate that uses public-key carries out signature calculation.Acting server possibly need the public key certificate of acquisition strategy server, so that correctly carry out signature calculation.If the acting server result calculated is consistent with signature parameter among the Policy-Id, represent that then the policing parameter that strategic server provides is not distorted, this conversation request is legal.
Step 308, acting server is transmitted said new invitation message to the invitation message recipient.
Step 309, acting server returns failure response message to said user agent.
In the embodiments of the invention; Through a kind of method of SIP policy control authentication is provided, SIP policy control mechanism has been carried out safe enhancing, designed policy control authentication mechanism; Guaranteed that client initiates a session request in strict accordance with the strategy regulation, has strengthened security of conversation.
The embodiment of the invention provides three header field Policy-Id, the define method of Policy-Scope and Policy-Contact, and its grammer is distinguished as follows:
Policy-Id=″Policy-Id″HCOLON policyURI*(COMMA policyURI)
policyURI=(SIP-URI/SIPS-URI/absoluteURI)[SEMI
signature-param]*(SEMI generic-param)
signature-param=″signature=″signature
Policy-Scope=″Policy-Scope″HCOLON policy-scope*(COMMA
policy-scope)
policy-scope=
(″session-spec-policy″/″session-independent-policy″)[SEMI
etime-param]*(SEMI generic-param)
etime-param=″etime=″etime
Policy-Contact=″Policy-Contact″HCOLON policyURI*(COMMA
policyURI)
policyURI=(SIP-URI/SIPS-URI/absoluteURI)[SEMI policy-param]
*(SEMI generic-param)
policy-param=″policy=″policy-value
policy-value=″session-spec-policy″/″session-independent-policy″
The embodiment of the invention also provides a kind of network system, and is as shown in Figure 4, comprise with strategic server 401, and acting server 402, the user agent 403.Strategic server 401 is used to receive the subscribe request from the user agent, according to said subscribe request generation strategy control authentication information, sends said policy control authentication information to said user agent; Acting server 402; Be used to receive the new invitation message that comprises policy control authentication information from said user agent; Said policy control authentication information is verified,, then transmitted said new invitation message to the invitation message recipient if the checking result is correct; If the checking result is a mistake, then send failure response message to said user agent; The user agent 403; Be used to receive the response message that carries policing type from said acting server; Construct said subscribe request according to the said response message that carries policing type; Send said subscribe request to said strategic server, receive the policy control authentication information that said strategic server returns.
Wherein, the user agent 403, also are used for according to the new invitation message of said policy control authentication information structuring said new invitation message being sent to said acting server, receive the failure response message from said acting server.
In the embodiments of the invention,, SIP policy control mechanism has been carried out safe enhancing, designed policy control authentication mechanism, guaranteed that client initiates a session request in strict accordance with the strategy regulation, has strengthened security of conversation through a kind of network system is provided.
The embodiment of the invention also provides a kind of strategic server, and is as shown in Figure 5, comprising: subscribe request receiving element 501 is used to receive the subscribe request from the user agent; Subscribe request processing unit 502 is used for the subscribe request generation strategy control authentication information that receives according to said subscribe request receiving element; Policy control authentication information transmitting unit 503 is used for sending the policy control authentication information that said subscribe request processing unit generates to said user agent.
Wherein, state subscribe request processing unit 502 and comprise: MPDF handles subelement 504, is used for the MPDF information of said subscribe request is made amendment, and generates new MPDF message body; Signature calculation subelement 505 is used for generating the Policy-Scope header field according to said subscribe request, through calculating signing messages; Authentication information generates subelement 506, is used for generating said policy control authentication information according to said new MPDF message body, said Policy-Scope header field and said signing messages.
In the embodiments of the invention, through a kind of strategic server is provided, generated policy control authentication information, guaranteed the successful realization of policy control authentication mechanism according to user agent's subscribe request.
The embodiment of the invention also provides a kind of acting server, and is as shown in Figure 6, comprising: invitation message receiving element 601, be used to receive invitation message from the user agent, and said invitation message comprises the new invitation message of policy control authentication information; Invitation message authentication unit 602; The policy control authentication information of the new invitation message that is used for said invitation message receiving element is received is verified; If the checking result is correct; Then transmit said new invitation message,, then return failure response message to said user agent if the checking result is a mistake to the invitation message recipient.
Wherein, said invitation message authentication unit 602 can comprise: signature calculation subelement 603, be used to carry out signature calculation, and obtain signing messages; Signature verification subelement 604, the signing messages that is used for said signature calculation subelement is obtained compares checking with the signing messages that said policy control authentication information is carried, if the result is consistent, then verifies correctly, if the result is inconsistent, authentication error then.
In the embodiments of the invention,, the policy control authentication information is verified, guaranteed the successful realization of policy control authentication mechanism through a kind of acting server is provided.
The embodiment of the invention also provides a kind of network equipment, and is as shown in Figure 7, comprising: receiving element 701 is used to receive the response message that carries policing type from acting server; Structural unit 702 is used for the response message structure subscribe request of carrying policing type that receives according to said receiving element; Transmitting element 703 is used for sending the subscribe request that said structural unit is constructed to strategic server.
Wherein, said structural unit 702 can also be used for basis from the new invitation message of the policy control authentication information structuring of said strategic server; Said transmitting element 703 can also be used for sending the new invitation message that said structural unit is constructed to said acting server; Said receiving element 701 can also be used to receive the failure response message that said acting server returns.
In the embodiments of the invention,, constituted the new invitation message that comprises policy control authentication information, guaranteed the successful realization of policy control authentication mechanism through a kind of network equipment is provided.
Method, system and the equipment of embodiments of the invention through a kind of SIP policy control authentication is provided; SIP policy control mechanism has been carried out safe enhancing; Designed policy control authentication mechanism, guaranteed that client initiates a session request in strict accordance with the strategy regulation, has strengthened security of conversation
Description through above execution mode; Those skilled in the art can be well understood to the present invention and can realize through hardware, also can realize that based on such understanding technical scheme of the present invention can be come out with the embodied of software product by the mode that software adds necessary general hardware platform; It (can be CD-ROM that this software product can be stored in a non-volatile memory medium; USB flash disk, portable hard drive etc.) in, comprise that some instructions are with so that a computer equipment (can be a personal computer; Server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
In a word, the above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the method for a session initiation protocol SIP policy control authentication is characterized in that, comprising:
Strategic server receives the subscribe request from the user agent;
Said strategic server is according to said subscribe request generation strategy control authentication information;
Said strategic server sends to said user agent with said policy control authentication information;
Said strategic server comprises according to said subscribe request generation strategy control authentication information:
Said strategic server is made amendment to the Media Stream policy data form MPDF message body in the said subscribe request, generates new Media Stream policy data format messages body;
Said strategic server generates the Policy-Scope header field according to said subscribe request, through calculating signing messages;
Said strategic server is according to said new Media Stream policy data format messages body, said Policy-Scope header field and said signing messages generation strategy control authentication information.
2. the method for SIP policy control authentication as claimed in claim 1 is characterized in that, said strategic server receives before the subscribe request from the user agent, also comprises:
Said user agent receives the response message that carries policing type from acting server;
Said user agent constructs said subscribe request according to the said response message that carries policing type;
Said user agent sends said subscribe request to said strategic server.
3. the method for SIP policy control authentication as claimed in claim 2 is characterized in that, said user agent constructs said subscribe request according to the said response message that carries policing type and comprises:
Said user agent determines whether in sending to the subscribe request of said strategic server, to add label information according to said policing type; If said policing type is the session specific policy; Then add said label information; If it is irrelevant tactful that said policing type is session, then do not add said label information.
4. the method for SIP policy control authentication as claimed in claim 1 is characterized in that, saidly comprises through calculating signing messages:
Through label information in said Policy-Scope header field, Policy-Id header field, the said subscribe request and said new MPDF message body are calculated, obtain said signing messages; Or
Through said Policy-Scope header field, Policy-Id header field and said new MPDF message body are calculated, obtain said signing messages.
5. the method for SIP policy control authentication as claimed in claim 1 is characterized in that, said strategic server sends to said policy control authentication information after the said user agent, also comprises:
Said user agent is according to said policy control authentication information, and structure comprises the new invitation message of said policy control authentication information, and said new invitation message is sent to acting server.
6. the method for SIP policy control authentication as claimed in claim 5; It is characterized in that; Said user agent is according to said policy control authentication information; Structure comprises the new invitation message of said policy control authentication information, and said new invitation message is sent to after the said acting server, also comprises:
Said acting server receives the new invitation message from comprising of said user agent of said policy control authentication information, and said policy control authentication information is verified;
If the checking result is correct, said acting server is transmitted said new invitation message to the invitation message recipient;
If the checking result is a mistake, said acting server returns failure response message to said user agent.
7. the method for SIP policy control authentication as claimed in claim 6 is characterized in that, said acting server receives the new invitation message that comprises policy control authentication information from said user agent, said policy control authentication information is verified comprise:
Said acting server carries out signature calculation, obtains signing messages;
The signing messages that carries in the signing messages that said acting server obtains said calculating and the said policy control authentication information compares checking, if the result is consistent, then verifies correctly, if the result is inconsistent, and authentication error then.
8. a network system is characterized in that, comprising:
Strategic server is used to receive the subscribe request from the user agent, according to said subscribe request generation strategy control authentication information, sends said policy control authentication information to said user agent;
Acting server; Be used to receive the new invitation message that comprises policy control authentication information from said user agent; Said policy control authentication information is verified,, then transmitted said new invitation message to the invitation message recipient if the checking result is correct; If the checking result is a mistake, then send failure response message to said user agent;
The user agent is used to receive the response message that carries policing type from said acting server, constructs said subscribe request according to the said response message that carries policing type, sends said subscribe request to said strategic server.
9. like the said network system of claim 8, it is characterized in that said user agent also is used for according to the new invitation message of said policy control authentication information structuring said new invitation message being sent to said acting server.
10. a strategic server is characterized in that, comprising:
The subscribe request receiving element is used to receive the subscribe request from the user agent;
The subscribe request processing unit is used for the subscribe request generation strategy control authentication information that receives according to said subscribe request receiving element;
The policy control authentication information transmitting unit is used for sending the policy control authentication information that said subscribe request processing unit generates to said user agent;
Said subscribe request processing unit comprises:
Media Stream policy data format analysis processing subelement is used for the Media Stream policy data format information of said subscribe request is made amendment, and generates new Media Stream policy data format messages body;
The signature calculation subelement is used for generating the Policy-Scope header field according to said subscribe request, through calculating signing messages;
Authentication information generates subelement, is used for generating said policy control authentication information according to said new Media Stream policy data format messages body, said Policy-Scope header field and said signing messages.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810134586A CN101640669B (en) | 2008-07-29 | 2008-07-29 | Method, system and device for SIP policy control authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810134586A CN101640669B (en) | 2008-07-29 | 2008-07-29 | Method, system and device for SIP policy control authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101640669A CN101640669A (en) | 2010-02-03 |
| CN101640669B true CN101640669B (en) | 2012-08-29 |
Family
ID=41615463
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810134586A Expired - Fee Related CN101640669B (en) | 2008-07-29 | 2008-07-29 | Method, system and device for SIP policy control authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101640669B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270747B (en) * | 2016-12-30 | 2021-08-13 | 杭州华为企业通信技术有限公司 | Authentication method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1716953A (en) * | 2004-06-28 | 2006-01-04 | 华为技术有限公司 | Method for identifying conversation initial protocol |
| CN1889562A (en) * | 2005-06-28 | 2007-01-03 | 华为技术有限公司 | Method for identifying equipment for receiving initial session protocol request information |
| CN1913432A (en) * | 2006-07-27 | 2007-02-14 | 华为技术有限公司 | Method and system of card number service using SIP authentication |
-
2008
- 2008-07-29 CN CN200810134586A patent/CN101640669B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1716953A (en) * | 2004-06-28 | 2006-01-04 | 华为技术有限公司 | Method for identifying conversation initial protocol |
| CN1889562A (en) * | 2005-06-28 | 2007-01-03 | 华为技术有限公司 | Method for identifying equipment for receiving initial session protocol request information |
| CN1913432A (en) * | 2006-07-27 | 2007-02-14 | 华为技术有限公司 | Method and system of card number service using SIP authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101640669A (en) | 2010-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rosenberg et al. | Best current practices for third party call control (3pcc) in the session initiation protocol (SIP) | |
| CN109905405B (en) | Security method for lawful interception | |
| CN100531155C (en) | Method and system for registering and automatically retrieving digital-certificates in voice over internet protocol (voip) communications | |
| US7426271B2 (en) | System and method for establishing secondary channels | |
| US6865681B2 (en) | VoIP terminal security module, SIP stack with security manager, system and security methods | |
| US7752315B2 (en) | Method for extending the use of SIP (session initiated protocol) for providing debug services | |
| Rosenberg et al. | An invite-initiated dialog event package for the session initiation protocol (sip) | |
| US7764945B2 (en) | Method and apparatus for token distribution in session for future polling or subscription | |
| US20130019297A1 (en) | System and Method for Communicating with a Client Application | |
| KR20060045393A (en) | Signing and validating session initiation protocol routing headers | |
| CN105828329B (en) | Mobile terminal authentication management method | |
| MX2007016219A (en) | Secure instant messaging. | |
| US20130097677A1 (en) | Systems, Methods and Computer Program Products Supporting Provision of Web Services Using IMS | |
| TW202037112A (en) | Method of identity authentication for voice over internet protocol call and related device | |
| WO2011131055A1 (en) | Method, system and apparatus for implementing secure call forwarding | |
| CN101141251A (en) | Method, system and equipment of message encryption signature in communication system | |
| CN111949958A (en) | Authorization authentication method and device in Oauth protocol | |
| KR101016277B1 (en) | Method and apparatus for sip registering and establishing sip session with enhanced security | |
| Camarillo et al. | Early media and ringing tone generation in the Session Initiation Protocol (SIP) | |
| US20090113063A1 (en) | Authentication method and apparatus for integrating ticket-granting service into session initiation protocol | |
| EP2071806B1 (en) | Receiving/transmitting agent method of session initiation protocol message and corresponding processor | |
| CN101640669B (en) | Method, system and device for SIP policy control authentication | |
| JP2015091125A (en) | Method of expanding application interface for future application | |
| CN108924142A (en) | A kind of secure voice intercommunication means of communication based on Session Initiation Protocol | |
| Camarillo | The early session disposition type for the Session Initiation Protocol (SIP) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120829 Termination date: 20130729 |