CN104113511A - IMS network access method, system, and correlative device - Google Patents
IMS network access method, system, and correlative device Download PDFInfo
- Publication number
- CN104113511A CN104113511A CN201310134316.5A CN201310134316A CN104113511A CN 104113511 A CN104113511 A CN 104113511A CN 201310134316 A CN201310134316 A CN 201310134316A CN 104113511 A CN104113511 A CN 104113511A
- Authority
- CN
- China
- Prior art keywords
- call
- token
- rtc
- browser
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses an IMS network access method, system, and correlative device. The method comprises that a browser initiates a calling request to a real-time communication RTC server according to user operation; that the browser receives a calling response from the RTC server, wherein the calling response carries information of a RTC media gateway; that the browser transmits a media channel establishment request to the RTC media gateway according to the calling response, establishes a media channel between the browser and the RTC media gateway, and performs communication via an IP multimedia subsystem (IMS) network. The IMS network access method is suitable for scenes integrating private WEB service and third-party service. A service token rather than IMS account number information is issued through the browser such that sensitive information can be prevented from disclosing. In addition, the IMS network access method uses a mechanism that respectively authorizes the service token and a using token such that flexible combination of a RTCWEB service authorization mechanism and a third-party service authorization mechanism can be achieved.
Description
Technical field
The present invention relates to real time communication field, relate in particular to a kind of method, system and relevant apparatus of access IP Multimedia System (IP Multimedia Subsystem, IMS) network.
Background technology
RTCWEB (Real-Time Communications WEB) refers to the API that the WEB application that operates on browser provides by calling browser, realize the transmission of the data such as real time communication establishment of connection and audio frequency and video between browser, utilize RTCWEB technology, can expand IMS network accessibility, support IMS user to access the ability of WEB page use IMS business by general browser; By the integrated IMS business of the mode with RTCWEB, can be third party's WEB service the ability of the real time communication including existing network intercommunication is provided.
Concrete access scene type, can analyze from three aspects:
Aspect 1: business ownership is the own business of IMS network or third party's business; Difference is the point-to-point video traffic that comprises RTCWEB of IMS operator development user, or the user of being developed by third party, and IMS operator only provides the interoperability of access IMS and existing network for it.For latter event, probably personal user is also ignorant to IMS Internet service provider.
Aspect 2: user type is personal user or enterprise customer; Difference is for individual independent accounting at charge mode, is also available to that certain user group's entirety adjusts.
Aspect 3: interface presents, is that IMS network provides UI to present, or open UI program capability utilizes JS Script Programming SDK to carry out Secondary Development of Interface to third party.
Based on this, analyze from general general knowledge, at least have following four kinds of application scenarioss:
1) own business+personal user+own interface: for IMS personal user provides the mode based on general browser access IMS business.IMS Operational Visit door (portal) website is built by IMS operator, the JS shell script of distribution RTCWEB function.User, by logining after portal site certificate, can utilize IMS people's account to carry out Operational Visit by webpage.
2) own business+enterprise customer+own interface: for IMS enterprise customer provides the mode based on general browser access enterprise communication business.IMS operator provides the Operational Visit portal of customization for enterprise customer.User, by the login portal of enterprise website, utilizes the IMS of enterprise account to carry out Operational Visit.The IMS of enterprise account can be at different user not multiplexing between access instances in the same time.
3) third party business+enterprise customer+third party interface: for third party enterprise customer provides the mode based on general browser access IMS business.IMS operator embeds RTCWEB and realizes JS script in third party's business portal webpage, and user carries out IMS Operational Visit by third party portal website.
4) third party business+personal user+third party interface: for third party personal user provides the mode based on general browser access IMS business.IMS operator embeds RTCWEB and realizes JS script in third party's business portal webpage, and user carries out IMS Operational Visit by third party portal website.
Based on above-mentioned analysis, on the one hand, under own business and third party's integrated service scene, for personal user, enterprise customer and casual user's different demands, tackle own equipment complicated and changeable or third party device deployed environment, unified solution need to be provided, have flexibility demand; On the other hand, towards third party's browser WEB access scene, need to guarantee the safety of personal user or enterprise customer's IMS account information, have security requirement.
At present, the Single Sign-On Technology Used of realizing under service aggregating scene mainly contains Single Sign On mechanism and the API authentication mechanism towards other service servers, concrete:
The core concept of Single Sign On scheme is: utilize the foundation of other service server authentication results as the certification of this service-user and authentication, between this service server and other service authentication server, keep the shared key of regular update, after other service authentication server certifications are passed through, utilize shared key to carry out authorization message processing and issue client, client submits to authorization message to this service server, after the latter utilizes shared key to be verified, IMS account authentication information corresponding this user is pushed to this service customer end being embedded in other service customer ends for follow-up IMS account authentication.Due to the particularity of WEB application, RTCWEB JS script operates in general browser environment also insincere, the way that is directly pushed to JS script (browser client) by IMS account information is unsafe, therefore this scheme be not suitable for RTCWEB third party's business integration scene.
In addition, the OAuth certification that click to dial system adopts under third party's business integration scene is an example of API certification.But it should be noted that, although under this scene, there is third party's Service Integrator, but actual there are business relations remain personal user and IMS network, the explicit Authorized operation finishing service authentication that depends on personal user's IMS service order relation and apply for third party.There is essential distinction with third party/enterprise customer scene of RTCWEB access IMS, be not suitable for equally RTCWEB third party's business integration scene.
In sum, prior art does not propose to be applicable to the correlation technique of the access IMS network under own WEB service and third party's business integration scene.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method, system and relevant apparatus of the IMS of access network, can be applicable to own WEB service and third party's business integration scene, and possess higher flexibility and fail safe.
For achieving the above object, technical scheme of the present invention is achieved in that
A method that accesses IMS network, comprising:
Browser operates to the request of making a call of real time communication RTC server according to user;
Browser receives the call from RTC server, and described call carries RTC medium gateway information;
Browser sends media channel according to described call to RTC media gateway and sets up request, sets up media channel, and communicate by IP Multimedia System IMS network with RTC media gateway.
The method also comprises:
Browser operates after the request of making a call of RTC server according to user, RTC server is verified business token corresponding to described call request, be verified and determine when this calling need to be used IMS account, for use token is issued in this calling, the call property descriptor binding of described use token and this calling, described call property descriptor at least comprises: calling terminal information, called end information and user IMS account;
RTC server uses described user IMS account to initiate SIP call request to IMS network, and called end information is carried in described SIP call request;
RTC server receives after the call from described called end, revise described call, make described call point to RTC media gateway, and carry the call identification into this call distribution, amended call is returned to browser, and, be synchronized to RTC media gateway by calling out corresponding use token with this.
The method also comprises: browser obtains business token to third-party server, is specially:
When user passes through browser access third-party server, described third-party server returns to business token to described browser; Or when user passes through browser logging on third party server, described third-party server carries out, after login authentication, returning to business token to described browser to described user,
Accordingly,
Described business token is carried in described call request,
Described RTC server is verified as the corresponding business token of described call request: the business token that described RTC server carries described call request is verified.
The method also comprises: browser obtains business token to third-party server, is specially:
When user passes through browser access third-party server, described third-party server is that described user issues business token, and described business token is synchronized to RTC server; Or when user passes through browser logging on third party server, described third-party server carries out after login authentication described user, for described user issues business token, and described business token is synchronized to RTC server,
Described RTC server is verified as the corresponding business token of described call request: described RTC server is searched corresponding business token and verifies according to described call request.
The method also comprises:
Browser is after RTC media gateway sends media channel foundation request, the RTC media gateway call property descriptor that the request of setting up is carried according to described media channel determines whether this locality stores the corresponding token that effectively uses, definite this locality stores the corresponding token that effectively uses, respond described media channel and set up request, and according to described use token, initiate corresponding SIP to IMS network and call out media channel foundation request; The corresponding use token that corresponding use token or this storage are not stored in definite this locality lost efficacy, and returned to refusal response to described browser, and the call property descriptor that the request of setting up of described media channel is carried at least comprises call identification.
Described business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times.
A kind of browser, comprising: sending module and receiver module; Wherein,
Described sending module, for operating to the request of making a call of RTC server according to user; And the call receiving according to receiver module sends media channel foundation request to RTC media gateway;
Described receiver module, for receiving the call from RTC server, described call carries RTC medium gateway information.
This browser also comprises business token acquisition module,
Described business token acquisition module, for obtain business token to third-party server, described business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times.
A kind of RTC server, comprising: receiver module, authentication module, determination module, use token are issued module and sending module; Wherein,
Described receiver module, for receiving the call request from browser; And reception is from the call of called end;
Described authentication module, for verifying business token corresponding to described call request;
Described determination module, whether for after receiving at receiver module and passing through from the call request of browser or business token corresponding to authentication module checking call request, determining that this is called out needs to use IMS account;
Described use token is issued module, for business token authentication corresponding to call request being passed through at authentication module, and determination module is determined when this calling need to be used IMS account, for use token is issued in this calling, the call property descriptor binding of described use token and this calling, described call property descriptor at least comprises: calling terminal information, called end information and user IMS account;
Described sending module, for using described user IMS account to initiate SIP call request to IMS network, called end information is carried in described SIP call request; And receive after the call from called end at receiver module, revise described call, make described call point to RTC media gateway, and carry the call identification into this call distribution, amended call is returned to browser, and, be synchronized to RTC media gateway by calling out corresponding use token with this.
Described authentication module, verifies specifically for the business token that call request is carried, or, search corresponding business token and verify according to described call request.
A kind of third-party server, comprising: business token is issued module and sending module; Wherein,
Described business token is issued module, for in the time that user passes through browser access third-party server, for described user issues business token, described business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times;
Described sending module, for returning to the described business token of issuing browser or be synchronized to RTC server.
This third-party server also comprises authentication module,
Described authentication module, in the time that user passes through browser logging on third party server, carries out login authentication to described user, and after certification is passed through, it is that described user issues business token that informing business token is issued module.
A kind of RTC media gateway, comprising: receiver module, determination module and sending module; Wherein,
Described receiver module, sets up request for receiving from the media channel of browser; And receive the use token of RTC server sync and store;
Described determination module, determine for the call property descriptor that the request of setting up is carried according to described media channel whether this locality stores the corresponding token that effectively uses, and the call property descriptor that the request of setting up of described media channel is carried at least comprises call identification;
Described sending module, corresponding while effectively using token for determining that at determination module this locality stores, respond described media channel and set up request, and according to described use token, initiate corresponding SIP to IMS network and call out media channel and set up request; In the time that determination module determines that the corresponding use token of local not storage corresponding use token or this storage lost efficacy, return to refusal response to browser.
A system that accesses IMS network, comprising: browser, RTC server, third-party server and RTC media gateway; Wherein,
Described browser is above-mentioned browser;
Described RTC server is above-mentioned RTC server;
Described third-party server is above-mentioned third-party server;
Described RTC media gateway is above-mentioned RTC media gateway.
The present invention accesses method, system and the relevant apparatus of IMS network, and browser operates to the request of making a call of RTC server according to user; Browser receives the call from RTC server, and described call carries RTC medium gateway information; Browser sends media channel according to described call to RTC media gateway and sets up request, sets up media channel, and communicate by IMS network with RTC media gateway.The present invention can be applicable to own WEB service and third party's business integration scene, and, by browser (WEB client) issuing service token instead of IMS account information, thereby can avoid sensitive information leakage; And the present invention adopts business token and uses token licensing scheme respectively, thereby can realize the flexible combination of RTCWEB service authorization and third party's service authorization mechanism.
Brief description of the drawings
Fig. 1 is a kind of method flow schematic diagram that accesses IMS network of the embodiment of the present invention;
Fig. 2 is a kind of browser structure schematic diagram of the embodiment of the present invention;
Fig. 3 is also a kind of RTC server architecture schematic diagram of the embodiment of the present invention;
Fig. 4 is a kind of third-party server structural representation of the embodiment of the present invention;
Fig. 5 is a kind of RTC media gateway architectures of embodiment of the present invention schematic diagram;
Fig. 6 is a kind of system configuration schematic diagram that accesses IMS network of the embodiment of the present invention;
Fig. 7 is the detailed process schematic diagram of the access IMS network described in the embodiment of the present invention 1.
Embodiment
Basic thought of the present invention is: browser operates to the request of making a call of RTC server according to user; Browser receives the call from RTC server, and described call carries RTC medium gateway information; Browser sends media channel according to described call to RTC media gateway and sets up request, sets up media channel, and communicate by IMS network with RTC media gateway.
Fig. 1 is a kind of method that accesses IMS network of the embodiment of the present invention, and as shown in Figure 1, the method comprises:
Step 101: browser operates to the request of making a call of real time communication RTC server according to user;
Step 102: browser receives the call from RTC server, and described call carries RTC medium gateway information;
Step 103: browser sends media channel according to described call to RTC media gateway and sets up request, sets up media channel, and communicate by IP Multimedia System IMS network with RTC media gateway.
Optionally, the method also comprises:
Browser operates after the request of making a call of RTC server according to user, RTC server is verified business token corresponding to described call request, be verified and determine when this calling need to be used IMS account, for use token is issued in this calling, the call property descriptor binding of described use token and this calling, described call property descriptor at least comprises: calling terminal information, called end information and user IMS account, for example, call property descriptor specifically comprises: caller IP address and port numbers, called IP address and port numbers, user IMS account, code/decode type, use the term of validity, license the information such as number of times.
RTC server uses described user IMS account to initiate SIP call request to IMS network, and called end information is carried in described SIP call request;
RTC server receives after the call from described called end, revise described call, make described call point to RTC media gateway, and carry the call identification into this call distribution, amended call is returned to browser, and, be synchronized to RTC media gateway by calling out corresponding use token with this.It should be noted that, call identification (call id) is for the relationship map of subsequent media request and call authorization.
It should be noted that, business token is verified can be: whether checking business token is signed and issued by the third-party server with contract signing relationship and before the deadline; Determine whether this calling needs to use IMS account to be: whether browser login is online to determine called end user, and called end user does not login online by browser, needs to use IMS account; If the login of called end user browser is online, do not need to call out by IMS network, can be directly to called browser forwarded call request, utilize and support two browsers of RTCWEB function to carry out the point-to-point communication of medium surface.
It should be noted that, RTC server can be safeguarded chartered IMS account resource pool, in the time that needs are issued use token, with reference to corresponding IMS account management regulation (such as, according to IMS operator and third party service provider's signing type, may to the concurrent IMS number of calls of this business have static state, at times, the restriction of the number of state Network Based) issue use token.If cause using token to issue failure because the concurrent IMS calling/account number of corresponding third party's business has reached the signing upper limit, the call request of RTC server refusal browser, returns to error message to user browser and/or third-party server.
It should be noted that, the called end information in RTC server concrete modification call, makes it point to RTC media gateway, returns to afterwards calling terminal browser.
It should be noted that, RTC server is synchronized to use token after RTC media gateway, and RTC media gateway can, to the reserved resource of corresponding calling, be obtained follow-up calling media request simultaneously and process the mandate of transferring with called media.
Optionally, the method also comprises: browser obtains business token to third-party server, is specially:
When user passes through browser access third-party server, described third-party server returns to business token to described browser; Or when user passes through browser logging on third party server, described third-party server carries out after login authentication described user, return to business token to described browser, for example, under the scene of access online customer service, third-party server does not need user to carry out login authentication.
Accordingly,
Described business token is carried in described call request, concrete, user operates after (as selected good friend and clicking voice/video call button) by RTCWEB page control, realize page script JS (Java Script) program of RTCWEB function and submit call request to RTC server, application medium surface uses token, a kind of implementation can be: generate after offer message at browser, page script JS program is revised offer message by call back function, embedding business token information, sends to RTC server.Page script JS program described here can offer third-party server by IMS operator, then in user's access or login, is issued to user browser by third-party server.
Described RTC server is verified as the corresponding business token of described call request: the business token that described RTC server carries described call request is verified.
It should be noted that, for the source authenticity (whether really from portal) of indirect verification browser submission business token, can consider business token to adopt portal signature scheme to protect.Optional signature scheme comprises: adopt shared key cipher mode, portal private key signature mode etc. between portal and RTC server.For ensureing sensitive information transmission security, portal and browser, and can adopt the security protocols such as SSL to be encrypted protection between browser and RTC server.
Optionally, the method also comprises: browser obtains business token to third-party server, is specially:
When user passes through browser access third-party server, described third-party server is that described user issues business token, and described business token is synchronized to RTC server; Or when user passes through browser logging on third party server, described third-party server carries out after login authentication described user, for described user issues business token, and described business token is synchronized to RTC server,
Described RTC server is verified as the corresponding business token of described call request: described RTC server is searched corresponding business token and verifies according to described call request, for example, business token and following one or more information are bound: random nonce, portal user name, client ip address, accordingly, in call request, also carry following one or more information: random nonce, portal user name, client ip address, carry out business token authentication for RTC server.
It should be noted that, following one or more modes can be considered in the source of random nonce: time, browser client and portal generate respectively random number and adopt DF agreement to carry out key agreement etc. again.For ensureing sensitive information transmission security, between portal and RTC server, can adopt the security protocols such as SSL to be encrypted protection.
Optionally, the method also comprises:
Browser is after RTC media gateway sends media channel foundation request, the RTC media gateway call property descriptor that the request of setting up is carried according to described media channel determines whether this locality stores the corresponding token that effectively uses, definite this locality stores the corresponding token that effectively uses, respond described media channel and set up request, and according to described use token, initiate corresponding SIP to IMS network and call out media channel foundation request; The corresponding use token that corresponding use token or this storage are not stored in definite this locality lost efficacy, and returned to refusal response to described browser, and the call property descriptor that the request of setting up of described media channel is carried at least comprises call identification.
Here, RTC media gateway determines whether this locality stores the corresponding token that effectively uses and can be: RTC media gateway is searched local use token, whether unanimously with the call property descriptor that uses token to bind judge that media channel is set up the call property descriptor comprising in request, if consistent, further determine whether this use token exceedes to use the term of validity and whether exceed to license number of times.
RTC media gateway determines whether this locality stores the corresponding token that effectively uses, respond the request of browser media, and according to use preserve in token from the original call attribute description information in the call of called end, Dai Qixiang IMS network is initiated corresponding SIP and is called out media channel and set up request; Otherwise refusal browse request, returns to error message to user browser and/or third-party server.
Optionally, business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times.
The embodiment of the present invention has also correspondingly proposed a kind of browser, and as shown in Figure 2, this browser comprises: sending module 21 and receiver module 22; Wherein,
Sending module 21, for operating to the request of making a call of RTC server according to user; And the call receiving according to receiver module 22 sends media channel foundation request to RTC media gateway;
Receiver module 22, for receiving the call from RTC server, described call carries RTC medium gateway information.
Optionally, this browser also comprises business token acquisition module,
Described business token acquisition module, for obtain business token to third-party server, described business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times.
The embodiment of the present invention has also correspondingly proposed a kind of RTC server, and as shown in Figure 3, this RTC server comprises: receiver module 31, authentication module 32, determination module 33, use token are issued module 34 and sending module 35; Wherein,
Receiver module 31, for receiving the call request from browser; And reception is from the call of called end;
Authentication module 32, for verifying business token corresponding to described call request;
Determination module 33, whether for after receiving at receiver module 31 and verifying that from the call request of browser or authentication module 32 business token corresponding to call request passes through, determining that this is called out needs to use IMS account;
Use token to issue module 34, for business token authentication corresponding to call request being passed through at authentication module 32, and determination module 33 is determined when this calling need to be used IMS account, for use token is issued in this calling, the call property descriptor binding of described use token and this calling, described call property descriptor at least comprises: calling terminal information, called end information and user IMS account;
Sending module 35, for using described user IMS account to initiate SIP call request to IMS network, called end information is carried in described SIP call request; And receive after the call from called end at receiver module 31, revise described call, make described call point to RTC media gateway, and carry the call identification into this call distribution, amended call is returned to browser, and, be synchronized to RTC media gateway by calling out corresponding use token with this.
Optionally, authentication module 32, verifies specifically for the business token that call request is carried, or, search corresponding business token and verify according to described call request.
The embodiment of the present invention has also correspondingly proposed a kind of third-party server, and as shown in Figure 4, this third-party server comprises: business token is issued module 41 and sending module 42; Wherein,
Business token is issued module 41, for in the time that user passes through browser access third-party server, for described user issues business token, described business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times;
Sending module 42, for returning to the described business token of issuing browser or be synchronized to RTC server.
Optionally, this third-party server also comprises authentication module,
Described authentication module, in the time that user passes through browser logging on third party server, carries out login authentication to described user, and after certification is passed through, it is that described user issues business token that informing business token is issued module.
The embodiment of the present invention has also correspondingly proposed a kind of RTC media gateway, and as shown in Figure 5, this RTC media gateway comprises: receiver module 51, determination module 52 and sending module 53; Wherein,
Receiver module 51, sets up request for receiving from the media channel of browser; And receive the use token of RTC server sync and store;
Determination module 52, determines for the call property descriptor that the request of setting up is carried according to described media channel whether this locality stores the corresponding token that effectively uses, and the call property descriptor that the request of setting up of described media channel is carried at least comprises call identification;
Sending module 53, while effectively using token accordingly, responds described media channel foundation and asks for storing in the definite this locality of determination module 52, and according to described use token, initiates corresponding SIP calling media channel set up request to IMS network; In the time that determination module determines that the corresponding use token of local not storage corresponding use token or this storage lost efficacy, return to refusal response to browser.
The embodiment of the present invention has also correspondingly proposed a kind of system of the IMS of access network, and as shown in Figure 6, this system comprises: browser 61, RTC server 62, third-party server 63 and RTC media gateway 64; Wherein,
Browser 61 is the browser shown in Fig. 2;
RTC server 62 is the RTC server shown in Fig. 3;
Third-party server 63 is the third-party server shown in Fig. 4;
RTC media gateway 64 is the RTC media gateway shown in Fig. 5.
Below by specific embodiment, the present invention is described in further detail.
Embodiment 1
Fig. 7 is the detailed process schematic diagram of the access IMS network described in the embodiment of the present invention 1, and as shown in Figure 7, this flow process specifically comprises:
Step 701: user initiates the request of service network website access, and username and password information is carried in this request.
Step 702: browser sends the page according to user's request and obtains request to corresponding business website, described username and password information is carried in the request of obtaining of the described page.
Step 703: RTCWEB shell script and business token are returned to browser by business website, wherein, described business token and random number, service identification, IP address, the term of validity, access times binding.
Optionally, business website can be synchronized to RTC server by described business token.
Step 704: user operates after the request of making a call by control, adds business token, and amended business token is sent to RTC server in the offer that shell script generates at browser.
Step 705:RTC server is verified business token, after being verified, distributes corresponding IMS account.
Step 706:RTC server correspondingly sends SIP INVITE to IMS network, and described SIPINVITE message is carried RTC media gateway IP address, port numbers and other callings and medium property.
Step 707:IMS network returns to call to RTC server, carries called IP address, port numbers and and other callings and medium property.
Step 708:RTC server sends call to browser, and described call carries: RTC media gateway IP address, port numbers and other callings and medium property (comprising call identification).And use token is synchronized to RTC media gateway.
Step 709: browser sends to RTC media gateway the media channel request (comprising call identification) of setting up.
The media channel request of setting up is revised and forwarded to step 710:RTC media gateway after checking that according to call identification corresponding use token effectively.
The present invention is directed to RTCWEB access third party business scenario, experience consistency for ensureing third party's service-user, keep the transparency of IMS entitlement certification for user: on the one hand third party website portal certification and the certification of IMS account are separated, IMS account is logged in particular user simultaneously and use account to be separated, service flexibility is to greatest extent provided.On the other hand, by responsive IMS account and authentication information and the isolation of incredible browser client environment, design is simultaneously issued mechanism with the authorization token of call descriptor binding, guarantees the fail safe that IMS account is licensed.
The mode that the present invention adopts signaling plane binding SDP information TRANSFER OF AUTHORIZATION medium surface to differentiate, is applicable to the deployment scenario that SGW and media gateway set up separately.Compared with G3 call scheme, the present invention has protected the fail safe of IMS account authentication sensitive information, and these information are kept at RTC server this locality of being disposed by IMS operator all the time, can't reveal to insincere client code execution environment.Compared with click to dial scheme, the present invention does not need user directly to input IMS account and authentication information, carries out the explicit mandate of RTCWEB business, the fail safe of yet protecting IMS account convenient for users.
The above, be only preferred embodiment of the present invention, is not intended to limit protection scope of the present invention.
Claims (14)
1. a method that accesses IMS network, is characterized in that, the method comprises:
Browser operates to the request of making a call of real time communication RTC server according to user;
Browser receives the call from RTC server, and described call carries RTC medium gateway information;
Browser sends media channel according to described call to RTC media gateway and sets up request, sets up media channel, and communicate by IP Multimedia System IMS network with RTC media gateway.
2. method according to claim 1, is characterized in that, the method also comprises:
Browser operates after the request of making a call of RTC server according to user, RTC server is verified business token corresponding to described call request, be verified and determine when this calling need to be used IMS account, for use token is issued in this calling, the call property descriptor binding of described use token and this calling, described call property descriptor at least comprises: calling terminal information, called end information and user IMS account;
RTC server uses described user IMS account to initiate SIP call request to IMS network, and called end information is carried in described SIP call request;
RTC server receives after the call from described called end, revise described call, make described call point to RTC media gateway, and carry the call identification into this call distribution, amended call is returned to browser, and, be synchronized to RTC media gateway by calling out corresponding use token with this.
3. method according to claim 2, is characterized in that, the method also comprises: browser obtains business token to third-party server, is specially:
When user passes through browser access third-party server, described third-party server returns to business token to described browser; Or when user passes through browser logging on third party server, described third-party server carries out, after login authentication, returning to business token to described browser to described user,
Accordingly,
Described business token is carried in described call request,
Described RTC server is verified as the corresponding business token of described call request: the business token that described RTC server carries described call request is verified.
4. method according to claim 2, is characterized in that, the method also comprises: browser obtains business token to third-party server, is specially:
When user passes through browser access third-party server, described third-party server is that described user issues business token, and described business token is synchronized to RTC server; Or when user passes through browser logging on third party server, described third-party server carries out after login authentication described user, for described user issues business token, and described business token is synchronized to RTC server,
Described RTC server is verified as the corresponding business token of described call request: described RTC server is searched corresponding business token and verifies according to described call request.
5. method according to claim 2, is characterized in that, the method also comprises:
Browser is after RTC media gateway sends media channel foundation request, the RTC media gateway call property descriptor that the request of setting up is carried according to described media channel determines whether this locality stores the corresponding token that effectively uses, definite this locality stores the corresponding token that effectively uses, respond described media channel and set up request, and according to described use token, initiate corresponding SIP to IMS network and call out media channel foundation request; The corresponding use token that corresponding use token or this storage are not stored in definite this locality lost efficacy, and returned to refusal response to described browser, and the call property descriptor that the request of setting up of described media channel is carried at least comprises call identification.
6. according to the method described in claim 2 to 5 any one, it is characterized in that described business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times.
7. a browser, is characterized in that, this browser comprises: sending module and receiver module; Wherein,
Described sending module, for operating to the request of making a call of RTC server according to user; And the call receiving according to receiver module sends media channel foundation request to RTC media gateway;
Described receiver module, for receiving the call from RTC server, described call carries RTC medium gateway information.
8. browser according to claim 7, is characterized in that, this browser also comprises business token acquisition module,
Described business token acquisition module, for obtain business token to third-party server, described business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times.
9. a RTC server, is characterized in that, this RTC server comprises: receiver module, authentication module, determination module, use token are issued module and sending module; Wherein,
Described receiver module, for receiving the call request from browser; And reception is from the call of called end;
Described authentication module, for verifying business token corresponding to described call request;
Described determination module, whether for after receiving at receiver module and passing through from the call request of browser or business token corresponding to authentication module checking call request, determining that this is called out needs to use IMS account;
Described use token is issued module, for business token authentication corresponding to call request being passed through at authentication module, and determination module is determined when this calling need to be used IMS account, for use token is issued in this calling, the call property descriptor binding of described use token and this calling, described call property descriptor at least comprises: calling terminal information, called end information and user IMS account;
Described sending module, for using described user IMS account to initiate SIP call request to IMS network, called end information is carried in described SIP call request; And receive after the call from called end at receiver module, revise described call, make described call point to RTC media gateway, and carry the call identification into this call distribution, amended call is returned to browser, and, be synchronized to RTC media gateway by calling out corresponding use token with this.
10. RTC server according to claim 9, is characterized in that,
Described authentication module, verifies specifically for the business token that call request is carried, or, search corresponding business token and verify according to described call request.
11. 1 kinds of third-party server, is characterized in that, this third-party server comprises: business token is issued module and sending module; Wherein,
Described business token is issued module, for in the time that user passes through browser access third-party server, for described user issues business token, described business token and following one or more information binding: third party's service identification, User IP mark, the service authorization term of validity, service authorization number of times;
Described sending module, for returning to the described business token of issuing browser or be synchronized to RTC server.
12. third-party server according to claim 11, is characterized in that, this third-party server also comprises authentication module,
Described authentication module, in the time that user passes through browser logging on third party server, carries out login authentication to described user, and after certification is passed through, it is that described user issues business token that informing business token is issued module.
13. 1 kinds of RTC media gateway, is characterized in that, this RTC media gateway comprises: receiver module, determination module and sending module; Wherein,
Described receiver module, sets up request for receiving from the media channel of browser; And receive the use token of RTC server sync and store;
Described determination module, determine for the call property descriptor that the request of setting up is carried according to described media channel whether this locality stores the corresponding token that effectively uses, and the call property descriptor that the request of setting up of described media channel is carried at least comprises call identification;
Described sending module, corresponding while effectively using token for determining that at determination module this locality stores, respond described media channel and set up request, and according to described use token, initiate corresponding SIP to IMS network and call out media channel and set up request; In the time that determination module determines that the corresponding use token of local not storage corresponding use token or this storage lost efficacy, return to refusal response to browser.
14. 1 kinds are accessed the system of IMS network, it is characterized in that, this system comprises: browser, RTC server, third-party server and RTC media gateway; Wherein,
Described browser is the browser described in claim 7 or 8;
Described RTC server is the RTC server described in claim 9 or 10;
Described third-party server is the third-party server described in claim 11 or 12;
Described RTC media gateway is the RTC media gateway described in claim 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310134316.5A CN104113511B (en) | 2013-04-17 | 2013-04-17 | A kind of method, system and relevant apparatus for accessing IMS network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310134316.5A CN104113511B (en) | 2013-04-17 | 2013-04-17 | A kind of method, system and relevant apparatus for accessing IMS network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104113511A true CN104113511A (en) | 2014-10-22 |
| CN104113511B CN104113511B (en) | 2018-03-23 |
Family
ID=51710145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310134316.5A Active CN104113511B (en) | 2013-04-17 | 2013-04-17 | A kind of method, system and relevant apparatus for accessing IMS network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104113511B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104869101A (en) * | 2014-02-21 | 2015-08-26 | 华为技术有限公司 | Channel establishing method and device |
| WO2017028804A1 (en) * | 2015-08-19 | 2017-02-23 | 中兴通讯股份有限公司 | Web real-time communication platform authentication and access method and device |
| CN112953925A (en) * | 2021-02-05 | 2021-06-11 | 广州启智信息科技有限公司 | Real-time audio and video communication system and method based on SIP (Session initiation protocol) and RTC (real time communication) network |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838790A (en) * | 2005-03-22 | 2006-09-27 | 中兴通讯股份有限公司 | PTT service realizing system and method based on VoIP technique |
| WO2010001118A1 (en) * | 2008-07-01 | 2010-01-07 | Ceramaspeed Limited | Radiant electric heater |
| CN101841550A (en) * | 2009-03-16 | 2010-09-22 | 中国移动通信集团公司 | Communication method, system and centralized control entity of IMS network |
| US20110067091A1 (en) * | 2009-09-16 | 2011-03-17 | Avaya Inc. | Next generation integration between different domains, such as, exterprise and service provider using sequencing applications and ims peering |
| CN102088445A (en) * | 2009-12-03 | 2011-06-08 | 中国移动通信集团公司 | Method, system and device for realizing peer-to-peer technology |
| CN102594782A (en) * | 2011-01-14 | 2012-07-18 | 中国移动通信集团公司 | Authentication method and system of IP (Internet Protocol) multi-media subsystem as well as server |
| CN102984045A (en) * | 2012-12-05 | 2013-03-20 | 网神信息技术(北京)股份有限公司 | Access method of Virtual Private Network and Virtual Private Network client |
-
2013
- 2013-04-17 CN CN201310134316.5A patent/CN104113511B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838790A (en) * | 2005-03-22 | 2006-09-27 | 中兴通讯股份有限公司 | PTT service realizing system and method based on VoIP technique |
| WO2010001118A1 (en) * | 2008-07-01 | 2010-01-07 | Ceramaspeed Limited | Radiant electric heater |
| CN101841550A (en) * | 2009-03-16 | 2010-09-22 | 中国移动通信集团公司 | Communication method, system and centralized control entity of IMS network |
| US20110067091A1 (en) * | 2009-09-16 | 2011-03-17 | Avaya Inc. | Next generation integration between different domains, such as, exterprise and service provider using sequencing applications and ims peering |
| CN102088445A (en) * | 2009-12-03 | 2011-06-08 | 中国移动通信集团公司 | Method, system and device for realizing peer-to-peer technology |
| CN102594782A (en) * | 2011-01-14 | 2012-07-18 | 中国移动通信集团公司 | Authentication method and system of IP (Internet Protocol) multi-media subsystem as well as server |
| CN102984045A (en) * | 2012-12-05 | 2013-03-20 | 网神信息技术(北京)股份有限公司 | Access method of Virtual Private Network and Virtual Private Network client |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104869101A (en) * | 2014-02-21 | 2015-08-26 | 华为技术有限公司 | Channel establishing method and device |
| CN104869101B (en) * | 2014-02-21 | 2018-02-23 | 华为技术有限公司 | A kind of method and apparatus of Path Setup |
| US10250646B2 (en) | 2014-02-21 | 2019-04-02 | Huawei Technologies Co., Ltd. | Method and device for establishing channel |
| WO2017028804A1 (en) * | 2015-08-19 | 2017-02-23 | 中兴通讯股份有限公司 | Web real-time communication platform authentication and access method and device |
| CN112953925A (en) * | 2021-02-05 | 2021-06-11 | 广州启智信息科技有限公司 | Real-time audio and video communication system and method based on SIP (Session initiation protocol) and RTC (real time communication) network |
| CN112953925B (en) * | 2021-02-05 | 2022-08-16 | 广州启智信息科技有限公司 | Real-time audio and video communication system and method based on SIP (Session initiation protocol) and RTC (real time communication) network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104113511B (en) | 2018-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111767527B (en) | Block chain-based data authority control method and device and computer equipment | |
| US11218460B2 (en) | Secure authentication for accessing remote resources | |
| KR102424055B1 (en) | Apparatus and Method for Providing API Authentication using Two API Tokens | |
| CN102457507B (en) | Cloud computing resources secure sharing method, Apparatus and system | |
| WO2017202312A1 (en) | Message permission management method and device, and storage medium | |
| KR101419984B1 (en) | System and method for sharing content suing nfc in cloud circumstance | |
| WO2017129016A1 (en) | Resource access method, apparatus and system | |
| CN102457509B (en) | Cloud computing resources safety access method, Apparatus and system | |
| CN105897668A (en) | Third party account authorization method, device, server and system | |
| CN105917630A (en) | Redirect to inspection proxy using single-sign-on bootstrapping | |
| CN103220259A (en) | Using method, call method, device and system of Oauth application programming interface (API) | |
| CN102821085A (en) | Third party authorization login method, open platform and system | |
| JP6572750B2 (en) | Authentication control program, authentication control device, and authentication control method | |
| CN111131416B (en) | Service providing method and device, storage medium and electronic device | |
| CN102546648A (en) | Resource access authorization method | |
| CN101990183A (en) | Method, device and system for protecting user information | |
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| CN105187431A (en) | Log-in method, server, client and communication system for third party application | |
| US20220327536A1 (en) | Account binding method and apparatus, computer device, and storage medium | |
| JP2015194879A (en) | Authentication system, method, and provision device | |
| US20110307939A1 (en) | Account issuance system, account server, service server, and account issuance method | |
| US9553863B2 (en) | Computer implemented method and system for an anonymous communication and computer program thereof | |
| CN107645474B (en) | Method and device for logging in open platform | |
| CN112565236B (en) | Information authentication method, device, computer equipment and storage medium | |
| CN104113511A (en) | IMS network access method, system, and correlative device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |