CN112118108B - SIP anti-theft verification method and system - Google Patents
SIP anti-theft verification method and system Download PDFInfo
- Publication number
- CN112118108B CN112118108B CN202010832910.1A CN202010832910A CN112118108B CN 112118108 B CN112118108 B CN 112118108B CN 202010832910 A CN202010832910 A CN 202010832910A CN 112118108 B CN112118108 B CN 112118108B
- Authority
- CN
- China
- Prior art keywords
- sip
- registration
- server
- encryption
- call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
Abstract
The application relates to a method and a system for checking SIP burglary prevention, wherein a SIP server acquires a registration application of a SIP registration module, and the SIP server reads a registration encryption ciphertext and a registration number string applied by the SIP registration module to a hash encryption server; the SIP server sends the registration encryption ciphertext and the registration number string to the hash encryption server for verification; the SIP server reads the verification result of the hash encryption server on the registration encryption ciphertext and the registration number string, and returns the verification result to the SIP registration module, so that the problems that the encryption is complicated through TLS, and the network message condition cannot be directly analyzed on the system after the encryption are solved, the encryption mode of anti-theft is simpler and safer, and the communication performance of the communication system is improved.
Description
Technical Field
The application relates to the field of communication, in particular to an SIP anti-theft verification method and system.
Background
Session initiation protocol (Session Initiation Protocol, SIP) is a communication protocol standard, and is widely used in various internet communication industries. Because SIP is a unified standard, in a communication system, a SIP pirate event often occurs, which reduces the call performance of the communication system.
In the related art, the whole SIP message is encrypted through a secure transport layer protocol (Transport Layer Security, abbreviated as TLS) to prevent the SIP from being stolen, but the method is complicated, meanwhile, the condition of the network message cannot be directly analyzed on the system after encryption, and the analysis problem is less helpful.
At present, aiming at the problems that the encryption mode is complicated and the network message condition cannot be directly analyzed on a system after the encryption by TLS encryption in the related technology, an effective solution is not proposed yet.
Disclosure of Invention
The embodiment of the application provides an SIP anti-theft verification method and an SIP anti-theft verification system, which at least solve the problems that in the related art, encryption is complicated through TLS encryption, and network message conditions cannot be directly analyzed on the system after encryption.
In a first aspect, an embodiment of the present application provides a method for verifying SIP anti-theft verification, where the method includes:
the SIP server acquires a registration application of the SIP registration module, and reads a registration encryption ciphertext applied by the SIP registration module to the hash encryption server;
the SIP server sends the registration encryption ciphertext and the registration number string to the hash encryption server for verification;
and the SIP server reads the verification result of the hash encryption server on the registration encryption ciphertext and the registration number string, and returns the verification result to the SIP registration module.
In some of these embodiments, after the SIP server returns the verification result to the SIP registration module, in the case that the verification result is successful, the method includes:
the SIP server acquires a call application of the SIP call module, and reads a call encryption ciphertext applied by the SIP call module to the hash encryption server;
the SIP server sends the call encryption ciphertext and the call number string to the hash encryption server for verification;
the SIP server reads the verification result of the hash encryption server on the call encryption ciphertext and the call number string, and returns the verification result to the SIP call module;
and under the condition that the verification result is successful, the SIP server checks whether the address port of the SIP calling module call is the same as the address port registered by the SIP registration module.
In some embodiments, the registration number string or the call number string is a number string agreed in session initiation protocol.
In some embodiments, when the SIP registration module and the SIP call module apply for the encrypted ciphertext to the hash encryption server, the encrypted ciphertext is carried in the encrypted domain name of the SIP plaintext message.
In some of these embodiments, the applying, by the SIP registration module and the SIP call module, the encrypted ciphertext to the hash encryption server includes:
and each single character in the number character string searches a character mapping table to generate a new character string a, the new character string a is randomly and randomly combined in an disordered way to form a new character string b, and the new character string b and the random character string generated along with time are subjected to hash MD5 encryption to generate the call encryption ciphertext and the registration encryption ciphertext.
In a second aspect, an embodiment of the present application provides a SIP anti-theft verification system, where the system includes: SIP server, SIP registration module and hash encryption server:
the SIP server acquires a registration application of the SIP registration module, and reads a registration encryption ciphertext applied by the SIP registration module to the hash encryption server;
the SIP server sends the registration encryption ciphertext and the registration number string to the hash encryption server for verification;
and the SIP server reads the verification result of the hash encryption server on the registration encryption ciphertext and the registration number string, and returns the verification result to the SIP registration module.
In some embodiments, the system further includes a SIP call module, after the SIP server returns the verification result to the SIP registration module, if the verification result is successful, the SIP server obtains a call application of the SIP call module, and the SIP server reads a call encryption ciphertext applied by the SIP call module to the hash encryption server;
the SIP server sends the call encryption ciphertext and the call number string to the hash encryption server for verification;
the SIP server reads the verification result of the hash encryption server on the call encryption ciphertext and the call number string, and returns the verification result to the SIP call module;
and under the condition that the verification result is successful, the SIP server checks whether the address port of the SIP calling module call is the same as the address port registered by the SIP registration module.
In some embodiments, the registration number string or the call number string is a number string agreed in session initiation protocol.
In some embodiments, when the SIP registration module and the SIP call module apply for the encrypted ciphertext to the hash encryption server, the encrypted ciphertext is carried in the encrypted domain name of the SIP plaintext message.
In some of these embodiments, the applying, by the SIP registration module and the SIP call module, the encrypted ciphertext to the hash encryption server includes:
and each single character in the number character string searches a character mapping table to generate a new character string a, the new character string a is randomly and randomly combined in an disordered way to form a new character string b, and the new character string b and the random character string generated along with time are subjected to hash MD5 encryption to generate the call encryption ciphertext and the registration encryption ciphertext.
Compared with the related art, the SIP anti-theft verification method provided by the embodiment of the application obtains the registration application of the SIP registration module through the SIP server, and the SIP server reads the registration encryption ciphertext of the SIP registration module applied to the hash encryption server; the SIP server sends the registration encryption ciphertext and the registration number string to the hash encryption server for verification; the SIP server reads the verification result of the hash encryption server on the registration encryption ciphertext and the registration number string, and returns the verification result to the SIP registration module, so that the problems that the encryption is complicated through TLS, and the network message condition cannot be directly analyzed on the system after the encryption are solved, the encryption mode of anti-theft is simpler and safer, and the communication performance of the communication system is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a block diagram of a SIP anti-theft verification system according to an embodiment of the present application;
FIG. 2 is a block diagram of another SIP anti-theft verification system according to an embodiment of the present application;
fig. 3 is a flow diagram of a SIP register application according to an embodiment of the present application;
fig. 4 is a flow diagram of a SIP call application according to an embodiment of the present application;
fig. 5 is a schematic diagram of a SIP computing encryption ciphertext flow according to an embodiment of the present application;
fig. 6 is a flowchart of a SIP anti-theft verification method according to an embodiment of the present application;
fig. 7 is a flow diagram of a SIP encryption mechanism according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described and illustrated below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden on the person of ordinary skill in the art based on the embodiments provided herein, are intended to be within the scope of the present application. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the embodiments described herein can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar terms herein do not denote a limitation of quantity, but rather denote the singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "connected," "coupled," and the like in this application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein means greater than or equal to two. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., "a and/or B" may mean: a exists alone, A and B exist together, and B exists alone. The terms "first," "second," "third," and the like, as used herein, are merely distinguishing between similar objects and not representing a particular ordering of objects.
The application provides a SIP anti-theft verification system, fig. 1 is a structural block diagram of the SIP anti-theft verification system according to an embodiment of the application, and as shown in fig. 1, the system comprises a SIP registration module 11, a hash encryption server 12 and a SIP server 13:
the SIP registration module 11 is configured to apply for registering an encrypted ciphertext to the hash encryption server 12, initiate a registration application to the SIP server 13, and when a user first calls for trial, register the encrypted ciphertext to the hash encryption server 12 before registering, so that the SIP plaintext message encrypted domain name carries the registered encrypted ciphertext, and when data is transmitted between the browser and the server, in order to ensure that the data is sent by the real server but not packaged, and meanwhile ensure that the transmitted data is not tampered by a person, the SIP plaintext needs to be encrypted;
the hash encryption server 12 is configured to provide a registration encryption ciphertext and a registration number string, verify the registration encryption ciphertext and the registration number string sent from the SIP server 13, and send a verification result to the SIP server 13.Hash is called "hashing," which may also be referred to as "hashing," and is the conversion of an arbitrary length input (also called pre-map) into a fixed length output, the Hash value, by a hashing algorithm. This conversion is a compressed mapping, since the space of Hash values is typically much smaller than the space of inputs, and different inputs may be hashed to the same output, so it is not possible to uniquely determine an input value from a Hash value, hash is a function of compressing a message of arbitrary length to a message digest of some fixed length. The hash encryption server 12 compares the encrypted domain name of the SIP plaintext message sent by the SIP server 13 with the registered encrypted ciphertext applied before the domain name, if the comparison result is the same, the verification is successful, and if the comparison result is different, the verification is failed;
the SIP server 13 is configured to obtain a registration application of the SIP registration module 11, read a registration encryption ciphertext carried in an SIP plaintext message encrypted domain name in the SIP registration module 11, send the registration encryption ciphertext and a registration number string to the hash encryption server 12 for verification, return a verification result to the SIP registration module 11, and if the verification is successful, the registration is successful, and if the verification is failed, the registration is failed. Session initiation protocol (Session Initiation Protocol, abbreviated SIP) is a multimedia communication protocol established by the internet engineering task force (Internet Engineering Task Force, abbreviated IETF). The verification process is the authentication process of the true identity, and when the SIP server 13 receives the registration application, the encrypted SIP header Wen Baowen is sent to the hash encryption server 12 for verification.
Compared with the prior art that the whole SIP message is encrypted through TLS encryption, the system prevents the SIP from being stolen, and the system can not only meet the SIP anti-theft and anti-theft effect by encrypting the domain name of the SIP message, but also is simpler and safer, and can directly analyze the condition of the network message on the system by encrypting the domain name of the SIP message.
In some embodiments, the call application is further performed after the registration is successful, fig. 2 is a block diagram of another SIP anti-theft verification system according to an embodiment of the present application, and as shown in fig. 2, the system further includes a SIP call module 21; the SIP call module 21 is configured to apply for a call encryption ciphertext to the hash encryption server 12, and initiate a call application to the SIP server 13. After the SIP registration module 11 is successfully registered, the SIP call module 21 applies for the call encryption ciphertext to the hash encryption server 12, the SIP server 13 obtains the call application of the SIP call module, and sends the call encryption ciphertext and the call number string to the hash encryption server 12 for verification, the SIP server 13 reads the verification result of the hash encryption server 12 on the call encryption ciphertext and the call number string, returns the verification result to the SIP call module 21, if the verification result is failure, returns the call failure to the SIP call module 21, if the verification result is success, the SIP server 13 verifies whether the address port of the call of the SIP call module 21 is the same as the address port registered by the SIP registration module 11, if not, returns the call failure to the SIP call module 21, and if the call failure is the same, the call is successful.
When the registered client performs a call, in order to ensure that the data of the call is sent by a real server and not wrapped, and meanwhile ensure that the transmitted data is not tampered by a person, the domain name of the SIP plaintext message during the call is encrypted, and when the hash encryption server 12 successfully verifies the domain name of the encrypted SIP plaintext message, the SIP server 13 checks whether the address port called by the SIP call module 21 is the same as the address port registered by the SIP registration module 11, so that the registered address port is prevented from being falsified.
The application also provides a method for checking the anti-theft of the SIP, and fig. 3 is a schematic flow diagram of the SIP registration application according to an embodiment of the application, as shown in fig. 3, and the flow comprises the following steps:
step S301, the IP registration module 11 applies for registration encryption ciphertext to the hash encryption server 12, where the SIP plaintext message encrypted domain name carries the registration encryption ciphertext, and does not encrypt the entire SIP message, but only encrypts the domain name of the SIP message;
step S302, after receiving the registration message of the SIP registration module 11, the SIP server 13 reads the registration encryption ciphertext contained in the encryption domain name in the SIP clear text message, and sends the registration encryption ciphertext and the registration number string to the hash encryption server 12 for verification, and through verification, the data is effectively prevented from being dropped or tampered, when the data is dropped or tampered, the verification fails, and when the data is not dropped or tampered, the verification is successful;
in step S303, the SIP server 13 reads the verification result of the hash encryption server 12, returns the verification result to the SIP registration module 11, returns a registration failure if the verification fails, and returns a registration success if the verification succeeds.
Through the steps S301 to S303, compared with the prior art, the whole SIP message is encrypted through TLS encryption, the problem that the network message condition cannot be directly analyzed on the system after the SIP message is encrypted due to the fact that the SIP is prevented from being stolen and beaten by the encryption mode is complicated is solved, the system can not only meet the requirement of SIP anti-theft and beaten by encrypting the domain name of the SIP message, but also encrypt the domain name of the SIP message, and therefore the network message condition can be directly analyzed on the system.
Fig. 4 is a schematic flow chart of a SIP call application according to an embodiment of the present application, as shown in fig. 4, the flow includes the following steps:
step S401, when the registration is successful, the SIP calling module 21 applies for the call encryption ciphertext to the hash encryption server 12, and at this time, the SIP plaintext message encryption domain name carries the call encryption ciphertext;
step S402, after receiving the call message of the SIP call module 21, the SIP server 13 reads the call encryption ciphertext contained in the encrypted domain name in the SIP clear text message, and sends the call encryption ciphertext and the call number string to the hash encryption server 12 for verification;
step S403, the SIP server 13 reads the verification result of the hash encryption server 12, returns the verification result to the SIP call module 21, if the verification fails, returns the call failure, if the verification succeeds, proceeds to the next step;
in step S404, when the verification is successful, the SIP server 13 checks whether the address port of the SIP call module 21 is the same as the address port registered by the SIP registration module 11, if not, the call fails, and if so, the call is successful.
Through the steps S401 to S404, the client end that completes registration can make a call, when making a call, in order to ensure that the data of the call is sent by the real server instead of being packaged, and at the same time, ensure that the transmitted data is not tampered by a person, encrypt the domain name of the SIP plaintext message when making a call, and when the hash encryption server 12 verifies the domain name of the encrypted SIP plaintext message successfully, the SIP server 13 checks whether the address port called by the SIP call module 21 is the same as the address port registered by the SIP registration module 11, so as to prevent the registered address port from being falsified.
It should be further noted that the registration number string or the call number string is a number character string agreed in the session initiation protocol. The encrypted ciphertext is a number character string sent to the hash encryption server 12, and is calculated by the hash encryption server 12 in combination with an encryption flow, and fig. 5 is a schematic diagram of a flow of calculating the encrypted ciphertext by using the SIP according to an embodiment of the present application, as shown in fig. 5, the number character string is decomposed into a single character, the single character corresponds to a mapping table of the check character, a new character string a is mapped and generated, the new character string a is randomly and randomly combined in order to form a new character string b, and the new character string b and the random character string generated with time are encrypted by using the hash MD5 to generate a call encrypted ciphertext and a registration encrypted ciphertext. MD5 is a widely used cryptographic hash function that generates a 128 bit (16 byte) hash value to ensure that the information transfer is completely consistent.
It should be noted that the steps illustrated in the above-described flow or flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order other than that illustrated herein.
The following describes embodiments of the present invention in detail with reference to specific application scenarios, and fig. 6 is a schematic flow chart of a SIP anti-theft verification method according to an embodiment of the present application, as shown in fig. 6, including the following steps:
s1, before initiating registration, a SIP registration module 11 applies a registration encryption ciphertext to a hash encryption server 12;
s2, the SIP registration module 11 initiates registration to the SIP server 13, and the SIP plaintext message encrypted domain name carries the registration encrypted ciphertext of the step 1;
s3, after receiving the SIP registration message, the SIP server 13 reads a registration encryption ciphertext contained in an encryption domain name in the SIP plaintext message;
s4, the SIP server 13 sends the registration encryption ciphertext and the registration number string to the hash encryption server 12 for verification;
s5, the hash encryption server 12 checks the registration number string and the registration encryption ciphertext, if successful, the SIP server 13 is returned to check successfully, and if failed, the SIP server 13 is returned to check failed;
s6, after receiving feedback from the hash encryption server 12, the SIP server 13 responds to the success or failure of registration to the SIP registration module 11;
s7, the SIP calling module 21 applies a call encryption ciphertext to the hash encryption server 12 before initiating a call;
s8, the SIP calling module 21 initiates a call to the SIP server 13, and the SIP plaintext message encrypted domain name carries the call encrypted ciphertext of the step 7;
s9, after receiving the SIP call message, the SIP server 13 reads the call encryption ciphertext contained in the encryption domain name in the SIP clear message;
s10, the SIP server 13 sends the call encryption ciphertext and the call number string to the hash encryption server 12 for verification;
s11, the hash encryption server 12 checks the call number string and the call encryption ciphertext, if successful, the SIP server 13 is returned to check success, and if failed, the SIP server 13 is returned to check failure;
s12, the SIP server 13 receives the feedback from the hash encryption server 12, and responds to the SIP call module 21 with a success or failure of the call.
By the SIP anti-theft verification method based on the hash, a simple encryption process of the SIP protocol combined with the hash is explained, and the SIP message is effectively prevented from being stolen.
The following describes embodiments of the present invention in detail with reference to specific application scenarios, where the embodiments provide an encryption mechanism of a hash-based SIP anti-theft verification method, fig. 7 is a schematic flow diagram of an SIP encryption mechanism according to an embodiment of the present application, as shown in fig. 7,
the encryption mechanism of registration includes:
and decomposing each single character from the number character string, checking a character mapping table by each single character, generating n characters to form a new character string a, randomly and randomly combining the new character string a to form a new character string b, encrypting the new character string b and the random character string generated along with time by using a hash MD5 to generate an encrypted ciphertext, and finally storing the encrypted ciphertext by using the number character string as a hash key value, wherein the life cycle of the storage is set to be m seconds.
The encryption mechanism of the call includes:
and decomposing each single character from the number character string, checking a character mapping table by each single character, generating n characters to form a new character string a, randomly and randomly combining the new character string a to form a new character string b, encrypting the new character string a and the random character string generated along with time by using a hash MD5 to generate an encrypted ciphertext, and finally, storing the encrypted ciphertext by using the number character string as a hash key value, wherein the life cycle of the storage is set to be m seconds. And if the hash key value is used, covering the encrypted ciphertext stored by the original hash key value. After the SIP server 13 reads the encrypted ciphertext, it checks whether the address port of the call is the same as the registered address port, and if so, the call is passed, otherwise, the call is rejected.
The above-described respective modules may be functional modules or program modules, and may be implemented by software or hardware. For modules implemented in hardware, the various modules described above may be located in the same processor; or the above modules may be located in different processors in any combination.
It should be understood by those skilled in the art that the technical features of the above-described embodiments may be combined in any manner, and for brevity, all of the possible combinations of the technical features of the above-described embodiments are not described, however, they should be considered as being within the scope of the description provided herein, as long as there is no contradiction between the combinations of the technical features.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (6)
1. A method for verifying SIP anti-theft, the method comprising:
the SIP server acquires a registration application of the SIP registration module, and reads a registration encryption ciphertext applied by the SIP registration module to the hash encryption server;
the SIP server sends the registration encryption ciphertext and the registration number string to the hash encryption server for verification;
the SIP server reads the verification result of the hash encryption server on the registration encryption ciphertext and the registration number string, and returns the verification result to the SIP registration module;
after the SIP server returns the verification result to the SIP registration module, if the verification result is successful, the method includes:
the SIP server acquires a call application of the SIP call module, and reads a call encryption ciphertext applied by the SIP call module to the hash encryption server;
the SIP server sends the call encryption ciphertext and the call number string to the hash encryption server for verification;
the SIP server reads the verification result of the hash encryption server on the call encryption ciphertext and the call number string, and returns the verification result to the SIP call module;
if the verification result is successful, the SIP server checks whether the address port of the SIP calling module call is the same as the address port registered by the SIP registration module;
when the SIP registration module applies for registering the encrypted message to the hash encryption server, the SIP plaintext message encrypted domain name carries a registration encrypted ciphertext, and when the SIP call module applies for calling the encrypted message to the hash encryption server, the SIP plaintext message encrypted domain name carries a call encrypted ciphertext.
2. The method of claim 1, wherein the registration number string or call number string is a number string agreed upon in a session initiation protocol.
3. The method of claim 2, wherein the SIP registration module and the SIP call module applying for the encrypted ciphertext from the hash encryption server comprises:
and each single character in the number character string searches a character mapping table to generate a new character string a, the new character string a is randomly and randomly combined in an disordered way to form a new character string b, and the new character string b and the random character string generated along with time are subjected to hash MD5 encryption to generate the call encryption ciphertext and the registration encryption ciphertext.
4. A SIP anti-theft verification system, the system comprising: SIP server, SIP registration module and hash encryption server:
the SIP server acquires a registration application of the SIP registration module, and reads a registration encryption ciphertext applied by the SIP registration module to the hash encryption server;
the SIP server sends the registration encryption ciphertext and the registration number string to the hash encryption server for verification;
the SIP server reads the verification result of the hash encryption server on the registration encryption ciphertext and the registration number string, and returns the verification result to the SIP registration module; the system also comprises an SIP calling module, wherein after the SIP server returns a verification result to the SIP registration module, the SIP server acquires a calling application of the SIP calling module under the condition that the verification result is successful, and the SIP server reads a calling encryption ciphertext applied by the SIP calling module to a hash encryption server;
the SIP server sends the call encryption ciphertext and the call number string to the hash encryption server for verification;
the SIP server reads the verification result of the hash encryption server on the call encryption ciphertext and the call number string, and returns the verification result to the SIP call module;
if the verification result is successful, the SIP server checks whether the address port of the SIP calling module call is the same as the address port registered by the SIP registration module;
when the SIP registration module applies for registering the encrypted message to the hash encryption server, the SIP plaintext message encrypted domain name carries a registration encrypted ciphertext, and when the SIP call module applies for calling the encrypted message to the hash encryption server, the SIP plaintext message encrypted domain name carries a call encrypted ciphertext.
5. The system of claim 4, wherein the registration number string or call number string is a number string agreed upon in a session initiation protocol.
6. The system of claim 5, wherein the SIP registration module and the SIP call module applying for the ciphertext from the hash encryption server comprises:
and each single character in the number character string searches a character mapping table to generate a new character string a, the new character string a is randomly and randomly combined in an disordered way to form a new character string b, and the new character string b and the random character string generated along with time are subjected to hash MD5 encryption to generate the call encryption ciphertext and the registration encryption ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010832910.1A CN112118108B (en) | 2020-08-18 | 2020-08-18 | SIP anti-theft verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010832910.1A CN112118108B (en) | 2020-08-18 | 2020-08-18 | SIP anti-theft verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112118108A CN112118108A (en) | 2020-12-22 |
| CN112118108B true CN112118108B (en) | 2023-06-30 |
Family
ID=73804908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010832910.1A Active CN112118108B (en) | 2020-08-18 | 2020-08-18 | SIP anti-theft verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112118108B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006116921A1 (en) * | 2005-04-30 | 2006-11-09 | Huawei Technologies Co., Ltd. | A method for authenticating user terminal in ip multimedia sub-system |
| CN103200200A (en) * | 2013-04-15 | 2013-07-10 | 广东天波信息技术股份有限公司 | Illegal dialing prevention method of SIP terminal and SIP server |
| CN110943987A (en) * | 2019-11-28 | 2020-03-31 | 迈普通信技术股份有限公司 | Communication method, access gateway and system based on session initiation protocol SIP |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8072967B2 (en) * | 2007-07-20 | 2011-12-06 | Cisco Technology, Inc. | VoIP call routing information registry including hash access mechanism |
| US7970916B2 (en) * | 2007-07-25 | 2011-06-28 | Cisco Technology, Inc. | Register clustering in a sip-based network |
| CN102868665B (en) * | 2011-07-05 | 2016-07-27 | 华为软件技术有限公司 | The method of data transmission and device |
| US9363288B2 (en) * | 2012-10-25 | 2016-06-07 | Verisign, Inc. | Privacy preserving registry browsing |
-
2020
- 2020-08-18 CN CN202010832910.1A patent/CN112118108B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006116921A1 (en) * | 2005-04-30 | 2006-11-09 | Huawei Technologies Co., Ltd. | A method for authenticating user terminal in ip multimedia sub-system |
| CN103200200A (en) * | 2013-04-15 | 2013-07-10 | 广东天波信息技术股份有限公司 | Illegal dialing prevention method of SIP terminal and SIP server |
| CN110943987A (en) * | 2019-11-28 | 2020-03-31 | 迈普通信技术股份有限公司 | Communication method, access gateway and system based on session initiation protocol SIP |
Non-Patent Citations (1)
| Title |
|---|
| 基于应用层的SIP安全机制设计;龙昭华;李明哲;;计算机工程与设计(第15期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112118108A (en) | 2020-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757635B2 (en) | Client authentication and access token ownership validation | |
| US5825890A (en) | Secure socket layer application program apparatus and method | |
| US8646104B2 (en) | Stateless challenge-response broadcast protocol | |
| US7512975B2 (en) | Hardware-assisted credential validation | |
| CN110430065B (en) | Application service calling method, device and system | |
| CN107517194B (en) | Return source authentication method and device of content distribution network | |
| CN113872932B (en) | SGX-based micro-service interface authentication method, system, terminal and storage medium | |
| CN110855624A (en) | Safety verification method based on web interface and related equipment | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CA2981202C (en) | Hashed data retrieval method | |
| CN109614789A (en) | A kind of verification method and equipment of terminal device | |
| CN113055357B (en) | Method and device for verifying credibility of communication link by single packet, computing equipment and storage medium | |
| WO2023036348A1 (en) | Encrypted communication method and apparatus, device, and storage medium | |
| CN112118108B (en) | SIP anti-theft verification method and system | |
| CN115604034A (en) | Encryption and decryption method and system for communication connection and electronic equipment | |
| CN115955320A (en) | Video conference identity authentication method | |
| CN111385258A (en) | Data communication method, device, client, server and storage medium | |
| Miculan et al. | Automated verification of Telegram’s MTProto 2.0 in the symbolic model | |
| CN112926983A (en) | Block chain-based deposit certificate transaction encryption system and method | |
| CN116708039B (en) | Access method, device and system based on zero-trust single-package authentication | |
| CN113872769B (en) | Device authentication method and device based on PUF, computer device and storage medium | |
| CN115242392B (en) | Method and system for realizing industrial information safety transmission based on safety transmission protocol | |
| CN116760608A (en) | Data message processing method, system, computer equipment and storage medium | |
| CN115459930A (en) | API interface security verification processing method and device | |
| CN114372294A (en) | Double-mapping method for medical image on-chain representation and under-chain safe edge storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |