CN113709730B - Terminal security legitimacy verification method - Google Patents
Terminal security legitimacy verification method Download PDFInfo
- Publication number
- CN113709730B CN113709730B CN202110785074.0A CN202110785074A CN113709730B CN 113709730 B CN113709730 B CN 113709730B CN 202110785074 A CN202110785074 A CN 202110785074A CN 113709730 B CN113709730 B CN 113709730B
- Authority
- CN
- China
- Prior art keywords
- algorithm
- user
- encryption
- branch
- user name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000012795 verification Methods 0.000 title description 6
- 238000013507 mapping Methods 0.000 claims abstract description 14
- 230000011664 signaling Effects 0.000 claims abstract description 9
- 230000008447 perception Effects 0.000 abstract description 2
- 238000012545 processing Methods 0.000 abstract description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
A terminal security validity checking method comprises the following specific steps: firstly, checking the switch state of a software flag bit; the user name part of the service route message in the 200 OK signaling of the defined boundary session controller or the proxy call session control entity responding to the user terminal is obtained by encoding a branch parameter in a Via header domain through an MD5 algorithm; after receiving the 200 OK signaling of successful registration, the user terminal takes the branch parameter in the Via header domain to encode by MD5 algorithm and compares with the user name part of the service route information by adopting encryption mapping algorithm, returns the successful registration consistently, returns the failed network authentication inconsistent, and sends the cancellation message to cancel the user. The invention expands the application field of IMS equipment, improves the compatibility of the equipment and the perception of the service used by the user terminal, does not influence the original processing flow of the equipment, and has the advantages of simple algorithm, high working efficiency and increased adhesiveness and safety used by the user.
Description
Technical Field
The invention belongs to the technical field of ad hoc networks, and particularly relates to a terminal security validity checking method.
Background
Along with the rapid development of the internet, the information security of the terminal and the network is more and more paid attention to, and the requirements on the security of the terminal and the security of the network are higher and higher, so that the adhesion of the terminal and the system equipment is ensured, and meanwhile, the mutual verification of the legitimacy between the terminal and the network equipment is required to be solved in order to better protect the existing investment and the subsequent benefits.
At present, the existing encryption flow is complicated in the process of generating a key by using special encryption equipment and an encryption algorithm, the encryption algorithm is complicated, the process of generating the key is complicated, a large amount of resources are required to be consumed for completion, the key interaction flow for establishing an encryption channel in the data encryption transmission process is complicated, the process of generating the key by using the encryption algorithm is complicated, the encryption process consumes more resources, and the efficiency is low.
Disclosure of Invention
The invention aims to overcome the defect of mutual verification of legitimacy between the existing terminal and network equipment, and provides the terminal safety legitimacy verification method which has the advantages of reasonable design, simple algorithm, high working efficiency and increased adhesiveness and safety used by users.
The technical scheme adopted for solving the technical problems is as follows: 1. the terminal safety validity checking method is characterized by comprising the following steps:
s1, firstly checking the switch state of a software flag bit
The "on" state performs the operation of step S2, and the "off" state is performed according to the normal flow prescribed by the international protocol;
s2, defining a user name part of a service routing message in 200 OK signaling of a boundary session controller or a proxy call session control entity responding to a user terminal to obtain the user name part by encoding a branch parameter in a Via header domain through an MD5 algorithm;
s3, after receiving 200 OK signaling of successful registration, the user terminal takes branch parameters in the Via header domain, encodes the branch parameters by using an MD5 algorithm, compares the branch parameters with a user name part of a service routing message by using an encryption mapping algorithm, returns a consistency of successful registration, returns a non-consistency of failed network authentication, and sends a logout message to logout the user;
as a preferable technical solution, the encryption mapping algorithm in step S3 is as follows: firstly, an encryption mapping table is generated, then, the encryption mapping table is searched character by character according to the branch parameter character string of the via header, the branch parameter character string is encrypted into an encryption string with a fixed length and conforming to the coding rule of UTF-8, and the encryption string is compared with a user name part of the service routing message.
The beneficial effects of the invention are as follows:
the user name in the service routing message is calculated by the branch parameter in the Via header domain through the encryption algorithm, the SIP protocol stack limits the maximum length and special characters of the user name, the encryption algorithm adopts a custom encryption mapping algorithm, the method expands the application field of IMS equipment, improves the compatibility of the equipment and the perception of service used by a user terminal, does not influence the original processing flow of the equipment, and has the advantages of simple algorithm, high working efficiency and increased adhesiveness and safety used by a user.
Drawings
Fig. 1 is a schematic structural view of the present invention.
Fig. 2 is a schematic diagram of a process of checking success of the user terminal.
Fig. 3 is a schematic flow chart of a user terminal verification failure.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, but the present invention is not limited to the following embodiments.
In fig. 1, a terminal security validity checking method of the present embodiment includes the following steps:
s1, checking the on-off state of a software flag bit
The "on" state performs the operation of step S2, and the "off" state is performed according to the normal flow prescribed by the international protocol;
s2, defining a user name part of a service routing message in 200 OK signaling of a boundary session controller or a proxy call session control entity responding to a user terminal to obtain the user name part by encoding a branch parameter in a Via header domain through an MD5 algorithm;
the user terminal checks the content implementation of the user name in the service routing message header in the registered 200 OK signaling as follows:
SIP/2.0 200 OK
From:18600005<sip:18600005@172.16.0.1>;tag=3516545317
To:18600005<sip:18600005@172.16.0.1>;tag=2aaaccb2fb10-10010ac-13da-50029-3e1c12-572d00aa-3e1c12
Call-ID:552234766558456-124515564224869@192.168.1.101
CSeq:523REGISTER
Contact:<sip:term@61.29.161.124:8000>
Expires:60
P-Associated-URI:<sip:18600005@172.16.0.1>
P-Associated-URI:<tel:+8618600005>
P-Associated-URI:<sip:8241621@172.20.200.30>
Via:SIP/2.0/UDP 61.29.161.86:1029;branch=z9hG4bK55599250753656765495
Service-Route:<sip:sbc@61.29.161.124:8000;lr>
Content-Length:0
s3, after receiving 200 OK signaling of successful registration, the user terminal takes branch parameters in the Via header domain, encodes the branch parameters by using an MD5 algorithm, compares the branch parameters with a user name part of a service routing message by using an encryption mapping algorithm, returns a consistency of the branch parameters to 'successful registration', as shown in figure 2, returns a non-consistency of the branch parameters to 'network authentication failure', and sends a cancellation message to cancel the user, as shown in figure 3;
the method for comparing by adopting the encryption mapping algorithm comprises the following steps: firstly, an encryption mapping table is generated, then, the encryption mapping table is searched character by character according to the branch parameter character string of the via header, the branch parameter character string is encrypted into an encryption string with a fixed length and conforming to the coding rule of UTF-8, and the encryption string is used as a user name and is compared with a user name part of the service routing message.
Claims (1)
1. The terminal safety validity checking method is characterized by comprising the following steps:
s1, firstly checking the switch state of the software flag bit
The "on" state performs the operation of step S2, and the "off" state is performed according to the normal flow prescribed by the international protocol;
s2, defining a user name part of a service routing message in a 200 OK signaling of a boundary session controller or a proxy call session control entity response user terminal to be obtained by encoding a branch parameter in a Via header domain through an MD5 algorithm;
s3, after receiving 200 OK signaling of successful registration, the user terminal takes branch parameters in the Via header domain, encodes the branch parameters by using an MD5 algorithm, compares the branch parameters with a user name part of a service routing message by using an encryption mapping algorithm, returns a consistency of successful registration, returns a non-consistency of failed network authentication, and sends a logout message to logout the user;
the encryption mapping algorithm is as follows: firstly, an encryption mapping table is generated, then, the encryption mapping table is searched character by character according to the branch parameter character string of the via header, the branch parameter character string is encrypted into an encryption string with a fixed length and conforming to the coding rule of UTF-8, and the encryption string is compared with a user name part of the service routing message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110785074.0A CN113709730B (en) | 2021-07-12 | 2021-07-12 | Terminal security legitimacy verification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110785074.0A CN113709730B (en) | 2021-07-12 | 2021-07-12 | Terminal security legitimacy verification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113709730A CN113709730A (en) | 2021-11-26 |
| CN113709730B true CN113709730B (en) | 2023-12-01 |
Family
ID=78648463
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110785074.0A Active CN113709730B (en) | 2021-07-12 | 2021-07-12 | Terminal security legitimacy verification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113709730B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114640543B (en) * | 2022-04-22 | 2024-02-13 | 浙江数新网络有限公司 | Method for matching data between cross-network domain data encryption transmission and encryption state |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006054509A (en) * | 2004-08-09 | 2006-02-23 | Ricoh Co Ltd | Communication terminal device |
| CN101695164A (en) * | 2009-09-28 | 2010-04-14 | 华为技术有限公司 | Verification method, device and system for controlling resource access |
| WO2014114088A1 (en) * | 2013-01-25 | 2014-07-31 | 中兴通讯股份有限公司 | Method and service platform for implementing broadband service function in next generation network (ngn) |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8364828B2 (en) * | 2010-07-16 | 2013-01-29 | Telefonaktiebolaget Lm Ericsson (Publ) | SIP-based call session server and message-routing method |
-
2021
- 2021-07-12 CN CN202110785074.0A patent/CN113709730B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006054509A (en) * | 2004-08-09 | 2006-02-23 | Ricoh Co Ltd | Communication terminal device |
| CN101695164A (en) * | 2009-09-28 | 2010-04-14 | 华为技术有限公司 | Verification method, device and system for controlling resource access |
| WO2014114088A1 (en) * | 2013-01-25 | 2014-07-31 | 中兴通讯股份有限公司 | Method and service platform for implementing broadband service function in next generation network (ngn) |
Non-Patent Citations (1)
| Title |
|---|
| 基于SIP协议的电话会议系统安全机制研究;张小花;《硕士电子期刊》;说明书第3.4节、图3.11 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113709730A (en) | 2021-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1305911B1 (en) | Techniques for performing umts-authentication using sip (session initiation protocol) messages | |
| CN105099897B (en) | Method and gateway for communication between browser and telecommunication network | |
| CN101635823B (en) | Method and system of terminal for encrypting videoconference data | |
| US7813509B2 (en) | Key distribution method | |
| WO2015180654A1 (en) | Method and apparatus for achieving secret communications | |
| AU2001278057A1 (en) | Techniques for performing UMTS-authentication using SIP (session initiation protocol) messages | |
| CN103974241A (en) | Voice end-to-end encryption method aiming at mobile terminal with Android system | |
| CN106817341B (en) | A kind of Session Initiation Protocol throttling Transmission system and method towards mobile Internet | |
| US20150089212A1 (en) | Systems and Methods For Utilizing IMS Data Security Mechanisms in a Circuit Switched Network | |
| CN104980395A (en) | Method and system for intercommunication between first system and second system, and media gateway | |
| JP2008199348A (en) | Relay apparatus, relay program, and communication system | |
| KR101369793B1 (en) | Method, devices and computer program product for encoding and decoding media data | |
| CN101379802A (en) | Method, device and computer program product for the encoded transmission of media data between the media server and the subscriber terminal | |
| CN113709730B (en) | Terminal security legitimacy verification method | |
| CN104683291A (en) | IMS system based session key negotiating method | |
| CN104683098A (en) | Implementation method, equipment and system of secure communication service | |
| CN101098336B (en) | IMS terminal configuration server and IMS localization entry point detecting method | |
| CN107846567B (en) | SRTP capability negotiation method and conference terminal | |
| CN100583766C (en) | Multimedia subsystem and apparatus and method for establishing channel | |
| KR20100003085A (en) | Apparatus and method for negotiating a codec dynamically using real-time network monitoring and server therefor | |
| CN101784047B (en) | Processing method of session initial protocol (SIP) message | |
| CN109962910A (en) | Mostly close rolling updates encryption call method | |
| CN115361364B (en) | Data transmission method of communication protocol based on WebRTC | |
| KR20100104136A (en) | Ip calling telesecurity apparatus and method in ims network | |
| CN103139175B (en) | Multimedia messaging service, MMS processing method and multimedia messaging service, MMS treatment system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |