CN114979980B - Communication method of SIP message, terminal equipment and network equipment thereof - Google Patents

Communication method of SIP message, terminal equipment and network equipment thereof Download PDF

Info

Publication number
CN114979980B
CN114979980B CN202111528684.9A CN202111528684A CN114979980B CN 114979980 B CN114979980 B CN 114979980B CN 202111528684 A CN202111528684 A CN 202111528684A CN 114979980 B CN114979980 B CN 114979980B
Authority
CN
China
Prior art keywords
authentication
verification information
sbc
information
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111528684.9A
Other languages
Chinese (zh)
Other versions
CN114979980A (en
Inventor
颜艺志
胡文辉
郑敏
梅忱
李颖
徐世民
吴家淮
刁家伟
巫博超
陈阳杰
陈佩珍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Internet Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202111528684.9A priority Critical patent/CN114979980B/en
Publication of CN114979980A publication Critical patent/CN114979980A/en
Application granted granted Critical
Publication of CN114979980B publication Critical patent/CN114979980B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration

Abstract

The embodiment of the invention provides a communication method of a Session Initiation Protocol (SIP) message, which comprises the following steps: the UE sends a first registration request message to the SBC through a second port, wherein the first registration request message carries first authentication verification information; receiving a first response message returned by the SBC, wherein the first response message carries second authentication verification information, and the second authentication verification information is generated by the SBC according to the first authentication verification information; after the authentication is successful according to the second authentication verification information, a second registration request message is sent to the SBC through the second port, wherein the second registration request message carries third authentication verification information, and the third authentication verification information is used for indicating the SBC and the UE to communicate through the second port; and receiving a second response message sent by the SBC, wherein the second response message carries fourth authentication check information, and carrying out authentication according to the fourth authentication check information, and the fourth authentication check information is produced by the third authentication check information.

Description

Communication method of SIP message, terminal equipment and network equipment thereof
Technical Field
The present invention relates to the field of mobile communications technologies, and in particular, to a method for communicating SIP messages, and a terminal device and a network device thereof.
Background
Currently, when the terminal equipment UE communicates with the session border controller (english: session border controller, abbreviated: SBC), a case of disordered session initiation protocol (english: session Initiation Protocol, abbreviated: SIP) messages may occur due to network delay, at this time, the SBC may return 404 or 410 response due to disordered SIP messages, and when the terminal equipment receives 410 or 404 response, the network side response may be considered to fail, so that erroneous judgment processing occurs, resulting in stagnation of message processing.
Therefore, a method for processing a message is needed to improve the processing efficiency of the message.
Disclosure of Invention
The embodiment of the invention aims to provide a message processing method and a message processing system thereof, which can effectively improve the message processing efficiency.
In order to solve the technical problems, the embodiment of the invention is realized as follows:
in a first aspect, a method for communicating a session initiation protocol SIP message is provided, including:
after a first port for the terminal equipment UE to communicate with a session border controller SBC is closed, the UE sends a first registration request message to the SBC through a second port, wherein the first registration request message carries first authentication verification information; receiving a first response message returned by the SBC, wherein the first response message carries second authentication verification information, and the second authentication verification information is generated by the SBC according to the first authentication verification information; after the authentication is successful according to the second authentication verification information, a second registration request message is sent to the SBC through the second port, wherein the second registration request message carries third authentication verification information, and the third authentication verification information is used for indicating the SBC and the UE to communicate through the second port; and receiving a second response message sent by the SBC, wherein the second response message carries fourth authentication verification information, and carrying out authentication according to the fourth authentication verification information, and the fourth authentication verification information is produced by the third authentication verification information.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the method further includes: and after authentication fails according to the second authentication verification information, the UE initiates an initial registration process with the SBC through the second port again.
With reference to the first aspect and the foregoing implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the method further includes: and after the fourth authentication information is successfully authenticated, sending a service request to the SBC, wherein the service request carries fifth authentication verification information, the fifth authentication verification information is generated by the fourth authentication verification, and the fifth authentication verification information is used for indicating the SBC to authenticate the service request.
With reference to the first aspect and the foregoing implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the first authentication check message includes: next random number next nonce, protection quality message-qop, initial random number cnancer, random number nonce-count, response-auth.
Specifically, the above concept is explained as follows: after the authentication server completes authentication of the client, when a registration success response (200 OK) is constructed, an identity authentication information authenticationInfo header field is added. Which contains a parameter nextnocene indicating that the server wishes to use this value in a further subsequent request message by the client, such as a refresh registration, etc. The non-repeated random value nonce parameter used once in the Authorization header in the previous request message must not be identical for security reasons.
message-qop: the protection quality is represented, the computation of response is influenced, three conditions of empty, auth and auth-int exist, qop is empty, the protection quality is low, qop is high in auth-int protection quality, and an authentication server determines what value to use according to self capacity or configuration strategies.
cnance: the cnance value in the Authorization header in the request message is taken.
nonce-count: the nonce-count value in the Authorization header in the request message is taken.
response-auth: the value is a response generated by the authentication server, and after receiving the registration success response message, the client side also calculates a response value, and compares the response value with the response value, and if the response value is inconsistent, the network is considered to be unreliable.
In a second aspect, a method for communicating a SIP message is provided, including: receiving a first registration request message sent by a second port by UE, wherein the first registration request message carries first authentication verification information; after the first authentication verification information is successfully authenticated, a first response message is sent to the UE, wherein the first response message carries second authentication verification information, and the second authentication verification information is generated according to the first authentication verification information; after the authentication of the UE is successful according to the second authentication verification information, receiving a second registration request message sent by the UE through the second port, wherein the second registration request message carries third authentication verification information, and the third authentication verification information is used for indicating the SBC to communicate with the UE through the second port; and after the authentication of the third verification information is successful, a second response message is sent to the UE, wherein the response message carries fourth authentication verification information, the fourth authentication verification information is produced by the third authentication verification information, and the fourth authentication verification information is used for the authentication of the UE.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the method further includes: and after the UE successfully authenticates the fourth authentication information, receiving a service request sent by the UE, wherein the service request carries fifth authentication verification information, the fifth authentication verification information is generated by the fourth authentication verification, and authenticating the service request according to the fifth authentication verification information.
With reference to the second aspect and the foregoing implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the first authentication check message includes: next random number next nonce, protection quality message-qop, initial random number cnancer, random number nonce-count, response-auth.
In a third aspect, there is provided a terminal device for SIP message communication, comprising: the processing and sending unit is used for sending a first registration request message to the SBC through a second port after a first port for communicating with the session border controller SBC by the terminal equipment is closed, wherein the first registration request message carries first authentication and verification information; the receiving unit is used for receiving a first response message returned by the SBC, wherein the first response message carries second authentication verification information, and the second authentication verification information is generated by the SBC according to the first authentication verification information; the sending processing unit is further configured to send a second registration request message to the SBC through the second port after authentication according to the second authentication check information is successful, where the second registration request message carries third authentication check information, where the third authentication check information is used to instruct the SBC to communicate with the terminal device through the second disconnection; the receiving unit is further configured to receive a second response message sent by the SBC, where the second response message carries fourth authentication verification information, and perform authentication according to the fourth authentication verification information, where the fourth authentication verification information is produced by the third authentication verification information.
With reference to the third aspect, in an implementation manner of the third aspect, the sending processing unit is further configured to initiate an initial registration procedure with the SBC through the second port again after authentication according to the second authentication verification information fails.
The terminal device provided in the third aspect is configured to implement the first aspect or the method steps of any one of the first aspects.
In a fourth aspect, there is provided a network device comprising: the receiving unit is used for receiving a first registration request message sent by the UE through the second port, wherein the first registration request message carries first authentication verification information; the processing and transmitting unit is used for transmitting a first response message to the UE after the first authentication and check information is successfully authenticated, wherein the first response message carries second authentication and check information, and the second authentication and check information is generated according to the first authentication and check information; when the authentication of the UE is successful according to the second authentication verification information, the receiving unit is further configured to receive a second registration request message sent by the UE through the second port, where the second registration request message carries third authentication verification information, and the third authentication verification information is used to instruct the SBC to communicate with the UE through the second port; the processing and transmitting unit is further configured to send a second response message to the UE after the authentication of the third verification information is successful, where the response message carries fourth authentication verification information, the fourth authentication verification information is produced by the third authentication verification information, and the fourth authentication verification information is used for the UE to authenticate.
The network device provided in the fourth aspect is configured to implement the second aspect or the method steps of any one of the second aspects.
In a fifth aspect, a communication system for SIP messages is provided, comprising a terminal device for implementing the method steps of the first aspect or any of the first aspects, and a network device for implementing the method steps of the second aspect or any of the second aspects.
In a sixth aspect, an embodiment of the present invention provides a network device, including a processor, a communication interface, a memory, and a communication bus; the processor, the communication interface and the memory complete communication with each other through a bus; the memory is used for storing a computer program; the processor is configured to execute a program stored on the memory, and implement the method steps according to the first aspect or the second aspect.
In a fourth aspect, embodiments of the present invention provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method steps according to the first or second aspects.
As can be seen from the technical solutions provided by the embodiments of the present invention, in the embodiments of the present invention, the message signaling between the terminal device and the network device carries authentication verification information, and the terminal device and the network device re-determine the communication port and the communication path between the terminal device and the network device through mutual authentication, so that the terminal device generates erroneous judgment after the network device fails to respond due to the out-of-order sending of the SIP message.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a method according to the prior art provided in an embodiment of the present invention.
Fig. 2 shows a schematic flow chart of a method of an embodiment of the present application.
Fig. 3 shows a schematic flow chart of a method of another embodiment of the present application.
Fig. 4 shows a schematic flow chart of a method of a further embodiment of the present application.
Fig. 5 shows a schematic flow chart of a method of a further embodiment of the present application.
Fig. 6 shows a schematic flow chart of a method of another embodiment of the present application.
Fig. 7 is a schematic block diagram of a terminal device for one embodiment of the present application.
Fig. 8 is a schematic block diagram of a network device according to another embodiment of the present application.
Fig. 9 is a schematic structural diagram of a network device according to an embodiment of the present application.
Detailed Description
The embodiment of the invention provides a network resource configuration method, a network resource configuration device and network equipment.
In order to make the technical solution of the present invention better understood by those skilled in the art, the technical solution of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, shall fall within the scope of the invention.
Fig. 1 shows a schematic flow chart of the prior art of one embodiment of the present application, as shown in fig. 1, a terminal UE uses port1 in socket1 connection, initiates registration success, and an SBC records that the terminal port is port1 (port 1); when the registration refresh time is up, the terminal UE initiates refresh registration; due to poor network quality, after a period of time is sent out by refreshing registration, socket1 connection is closed; then the terminal establishes socket2 connection with the SBC, initiates registration by using port2 (port 2), and the SBC updates the terminal port to port 2; subsequently, the arriving refresh registration request is delayed to arrive at the SBC, and the SBC updates the terminal port to be the port 1; and the terminal initiates an activation group request at a socket2 connection using port2, and if the SBC detects that the terminal port is not the locally recorded port1, a failure response is returned (404), and the terminal misreports 'user group quit'.
Therefore, in the prior art, there is often a situation that the SIP message may be out of order due to network delay, at this time, the SBC may return 404 or 410 a response due to the out of order SIP message, and when the terminal device receives 410 or 404 a response, the network side response may be considered to fail, so that misjudgment processing occurs, and the message processing is stopped.
Based on the technical problems, the application provides a message processing method which can effectively improve the efficiency of message processing.
Fig. 2 shows a schematic flow chart of a method of an embodiment of the present application, as shown in fig. 2, the method 200 includes:
step 210, after a first port for a terminal device UE to communicate with a session border controller SBC is closed, the UE sends a first registration request message to the SBC through a second port, where the first registration request message carries first authentication verification information;
step 220, receiving a first response message returned by the SBC, where the first response message carries second authentication verification information, where the second authentication verification information is generated by the SBC according to the first authentication verification information; after the authentication is successful according to the second authentication verification information, a second registration request message is sent to the SBC through the second port, wherein the second registration request message carries third authentication verification information, and the third authentication verification information is used for indicating the SBC and the UE to communicate through the second port;
Step 230, receiving a second response message sent by the SBC, where the second response message carries fourth authentication verification information, and performing authentication according to the fourth authentication verification information, where the fourth authentication verification information is produced by the third authentication verification information.
Optionally, as an embodiment of the present application, the method further includes: and after authentication fails according to the second authentication verification information, the UE initiates an initial registration process with the SBC through the second port again.
Optionally, as an embodiment of the present application, the method further includes: and after the fourth authentication information is successfully authenticated, sending a service request to the SBC, wherein the service request carries fifth authentication verification information, the fifth authentication verification information is generated by the fourth authentication verification, and the fifth authentication verification information is used for indicating the SBC to authenticate the service request.
With reference to the first aspect and the foregoing implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the first authentication check message includes: next random number next nonce, protection quality message-qop, initial random number cnancer, random number nonce-count, response-auth.
Specifically, the Digest Authentication has an Authentication-Info function, abbreviated as AuthInfo function. The specific description is as follows:
the AuthenticationInfo is mainly used for authentication. For Digest authentication, when the server receives a request sent by the UE terminal (including a registration request Register of the user, and a service request such as subscribe, invite), the server completes authentication of the user request. After the Authentication of the user request is successful, an Authentication success response is returned, and meanwhile, authentication-Info information (an Authentication-Info header field in the response to the registration request and a corresponding Proxy-Authentication-Info header field in the response to the per-service request) is inserted into the response message.
The Authentication-Info information may include a next nonce and a response-auth. After receiving the successful response of the request, the terminal can utilize response-auth to authenticate the network, and can use next nonce in the subsequent request message, so that the signaling interaction flow can be reduced.
The following mainly describes the Authentication-Info and Proxy-Authentication-Info header fields:
the Authentication-Info is a SIP header field, which is used for the Authentication server to use the header field to carry certain information to the client during DIGEST Authentication, and the client can use the information to complete Authentication on the network.
The parameters of the AuthenticationInfo header field are as follows:
AuthenticationInfo="Authentication-Info"":"auth-info
auth-info=1#(nextnonce|[message-qop]
|[response-auth]|[cnonce]
|[nonce-count])
nextnonce="nextnonce""="nonce-value
response-auth="rspauth""="response-digest
response-digest=<">*LHEX<">
(1) next nonce: after the authentication server completes authentication of the client, when a registration success response (200 OK) is constructed, an authenticationInfo header field is added. Which contains a parameter nextnocene indicating that the server wishes to use this value in a further subsequent request message by the client, such as a refresh registration, etc. The nonce parameter in the authentication header in the previous request message must not be the same as that in the next nonce for security reasons.
(2) message-qop: the protection quality is represented, the computation of response is influenced, three conditions of empty, auth and auth-int exist, qop is empty, the protection quality is low, qop is high in auth-int protection quality, and an authentication server determines what value to use according to self capacity or configuration strategies. Currently systems recommend the use of auth.
(3) cnance: the content value in the Authorization header in the request message is taken.
(4) nonce-count: the nonce-count value in the Authorization header in the request message is taken.
(5) response-auth: the value is a response generated by the authentication server, and after receiving the registration success response message, the client side also calculates a response value, and compares the response value with the response value, and if the response value is inconsistent, the network is considered to be unreliable. The response-auth calculation is substantially identical to the request-digest parameter calculation in the Authorization header field in the registration request message, with only the following differences.
The response-auth equation is calculated as follows:
KD(H(A1),unq(nonce-value)
":"nc-value
":"unq(cnonce-value)
":"unq(qop-value)
":"H(A2)
)
wherein the request-digest parameter a2=method "in the Authorization header field is" digest-uri-value ", and the response-auth parameter a2=" of the Authentication-Info is "digest-uri-value". Therefore, the same algorithm is used for calculation, and the difference is that the algorithm is different in parameter, and the difference is a Method. The nonce used for the calculation is the nonce value in the Authorization header field. More intuitively, the response-auth calculation of the AuthenticationInfo differs from the response calculation in the authentication by one entry Method.
The parameters of the Proxy-Authentication-Info header field are identical to those of the Authentication-Info.
The code stream is shown as follows: the 200OK of REGISTER constructs the Authentication-Info field or the 200OK band Proxy-Authentication-Info field in the response per service request.
The platform side authenticates the refreshing registration request initiated by the APP, when the registration request of the APP reaches disorder, the authentication information of the disorder request is inconsistent with the expected value of the platform side, so that the registration is unsuccessful, the corresponding port on the SBC is not updated, and the current active port of the SBC recording terminal side is ensured.
Fig. 3 shows a schematic flow chart of a method of another embodiment of the present application.
As shown in fig. 3, the method 300 includes: step 310, receiving a first registration request message sent by a second port by the UE, where the first registration request message carries first authentication verification information;
step 320, after the authentication of the first authentication verification information is successful, a first response message is sent to the UE, where the first response message carries second authentication verification information, where the second authentication verification information is generated according to the first authentication verification information;
step 330, after the UE successfully authenticates according to the second authentication verification information, receiving a second registration request message sent by the UE through the second port, where the second registration request message carries third authentication verification information, where the third authentication verification information is used to instruct the SBC to communicate with the UE through the second port; and after the authentication of the third verification information is successful, a second response message is sent to the UE, wherein the response message carries fourth authentication verification information, the fourth authentication verification information is produced by the third authentication verification information, and the fourth authentication verification information is used for the authentication of the UE.
Optionally, as an embodiment of the present application, the method further includes: and after the UE successfully authenticates the fourth authentication information, receiving a service request sent by the UE, wherein the service request carries fifth authentication verification information, the fifth authentication verification information is generated by the fourth authentication verification, and authenticating the service request according to the fifth authentication verification information.
Optionally, as an embodiment of the present application, the first authentication check message includes: next random number next nonce, protection quality message-qop, initial random number cnancer, random number nonce-count, response-auth.
Fig. 4 shows a schematic flow chart of a method of a further embodiment of the present application.
Step 401, the terminal uses Port1 in socket1 connection, initiates initial registration and registration successfully, the SBC records that the terminal Port is Port1, that is, after initiating a REGISTER request through session Dialog1 shown in the figure, the SBC returns 401 message to the UE, the UE initiates a REGISTER request through session Dialog2, and the SBC returns 200OK message to the UE, so as to complete the initial registration flow;
step 402, when the registration refresh time is up, the terminal initiates a refresh registration request, and initiates a registration REGISTER through Dialog 1;
step 403, due to poor network quality, after a period of time is sent out by the refresh registration, socket1 connection is closed;
step 404, the terminal establishes socket2 connection with the SBC, and initiates registration by using port 2, and since the response value (carrying the first authentication verification information) in the registration request is null, the SBC returns 401 response to request the terminal to perform challenge registration, and the 401 message returned by the SBC is the first response message, where the first response message carries the second authentication verification information;
Step 405, the arriving refresh registration is delayed to arrive at the SBC, and the SBC returns a 401 response again because the response value carried in the refresh registration request is not calculated using the second authentication verification information responded in step 404, but the 401 response terminal does not actually receive the response value because the socket1 connection is closed;
step 406, the terminal initiates the challenge registration in the socket2 connection, but the response value of the registration request is not calculated by using the second authentication comparison verification information responded by the step 401 in the step 405, the authentication is not passed, and the SBC returns 401 again to require the terminal to perform the challenge registration;
step 407, the terminal initiates a successful challenge registration, and the SBC updates the terminal port to port2 (port 2);
in step 408, the terminal initiates a successful registration subscription.
Fig. 5 shows a schematic flow chart of a method of a further embodiment of the present application.
Step 501, the terminal uses Port1 in socket1 connection, initiates initial registration and registration successfully, the SBC records that the terminal Port is Port1, that is, after initiating a REGISTER request through session Dialog1 shown in the figure, the SBC returns 401 message to the UE, the UE initiates a REGISTER request through session Dialog2, and the SBC returns 200OK message to the UE, thereby completing the initial registration flow;
Step 502, when the registration refresh time is up, the terminal initiates a refresh registration request, and initiates a registration REGISTER through Dialog 1;
step 503, due to poor network quality, after a period of time has passed through the refresh registration, socket1 connection is closed;
step 504, the terminal establishes socket2 connection with the SBC, and initiates registration by using port2, and since the response value (carrying the first authentication verification information) in the registration request is null, the SBC returns 401 response to request the terminal to perform challenge registration, and the 401 message returned by the SBC is the first response message, where the first response message carries the second authentication verification information;
step 505, the terminal initiates a challenge registration authentication success, the SBC updates the terminal Port to be Port2, and returns a 200OK response to the terminal;
step 506, the arriving refresh registration is then delayed to arrive at the SBC, and the SBC returns a 401 response because the response value of the refresh registration request is not calculated according to the 200OK response in step 5, but the 401 response terminal does not actually receive the response because the socket1 connection is closed;
in step 507, the terminal initiates a successful registration subscription.
Fig. 6 shows a schematic flow chart of a method of another embodiment of the present application.
Step 601, the terminal connects with the Port1 at socket1, initiates an initial registration, and REGISTERs successfully, the SBC records that the terminal Port is Port1, that is, after initiating a REGISTER request through session Dialog1 shown in the figure, the SBC returns 401 message to the UE, the UE initiates a REGISTER request through session Dialog2, and the SBC returns 200OK message to the UE, so as to complete the initial registration flow;
Step 602, when the registration refresh time is up, the terminal initiates a refresh registration request, and initiates a registration REGISTER through Dialog 1;
step 603, after a period of time has passed since the network quality is poor, socket1 connection is closed;
step 604, the terminal establishes socket2 connection with the SBC, initiates registration by using Port2, and the SBC updates the terminal Port to be Port2;
step 605, the arriving refresh registration is delayed to arrive at the SBC, which updates the terminal Port to Port1;
step 606, the terminal activates the group, the terminal Port carried by the SBC check request message is Port2, which is not locally recorded Port1, and returns 404 a failure response;
step 607, the terminal receives 404 the response, and reinitiates the refresh registration, and the SBC updates the terminal Port to Port2;
step 608, normal active group and refresh registration process are performed.
Fig. 7 is a schematic block diagram of a terminal device according to an embodiment of the present application, and provides a terminal device 700 for SIP message communication, including: a processing sending unit 710, where the processing sending unit 710 is configured to send, when a first port through which the terminal device communicates with a session border controller SBC is closed, a first registration request message to the SBC through a second port, where the first registration request message carries first authentication verification information; a receiving unit 720, where the receiving unit 720 is configured to receive a first response message returned by the SBC, where the first response message carries second authentication verification information, where the second authentication verification information is generated by the SBC according to the first authentication verification information; the sending processing unit 710 is further configured to send a second registration request message to the SBC through the second port after authentication according to the second authentication check information is successful, where the second registration request message carries third authentication check information, where the third authentication check information is used to instruct the SBC to communicate with the terminal device through the second port; the receiving unit 720 is further configured to receive a second response message sent by the SBC, where the second response message carries fourth authentication verification information, and perform authentication according to the fourth authentication verification information, where the fourth authentication verification information is produced by the third authentication verification information.
Optionally, as an embodiment of the present application, the sending processing unit 710 is further configured to initiate an initial registration procedure with the SBC through the second port again after authentication according to the second authentication verification information fails.
Fig. 8 is a schematic block diagram of a network device according to another embodiment of the present application, and as shown in fig. 8, the network device 800 includes: a receiving unit 810, where the receiving unit 810 is configured to receive a first registration request message sent by the UE through the second port, where the first registration request message carries first authentication verification information; a processing transmitting unit 820, where the processing transmitting unit 820 is configured to transmit a first response message to the UE after the authentication of the first authentication information is successful, where the first response message carries second authentication information, and the second authentication information is generated according to the first authentication information; when the UE successfully authenticates according to the second authentication check information, the receiving unit 810 is further configured to receive a second registration request message sent by the UE through the second port, where the second registration request message carries third authentication check information, and the third authentication check information is used to instruct the SBC to communicate with the UE through the second port; the processing sending unit 820 is further configured to send a second response message to the UE after the authentication of the third verification information is successful, where the response message carries fourth authentication verification information, the fourth authentication verification information is produced by the third authentication verification information, and the fourth authentication verification information is used for the authentication of the UE.
The message processing system provided by the embodiment of the invention can realize each process in the embodiment corresponding to the message processing method, and in order to avoid repetition, the description is omitted here.
It should be noted that, the message processing system provided by the embodiment of the present invention and the message processing method provided by the embodiment of the present invention implement the same beneficial effects based on the same inventive concept, so that the implementation of the embodiment may refer to the implementation and beneficial effects of the foregoing network resource configuration method, and the repetition is omitted.
Fig. 9 is a schematic structural diagram of a network device according to an embodiment of the present application.
The embodiment of the present invention further provides a network device, based on the same technical concept, for executing the method for configuring network resources according to the embodiment of the present invention, and fig. 9 is a schematic structural diagram of a network device implementing the embodiments of the present invention, as shown in fig. 9. The network devices may vary widely in configuration or performance, and may include one or more processors 901 and memory 902, where the memory 902 may store one or more stored applications or data. Wherein the memory 902 may be transient storage or persistent storage. The application programs stored in the memory 902 may include one or more modules (not shown in the figures), each of which may include a series of computer-executable instructions for use in a network device. Still further, the processor 901 may be arranged to communicate with the memory 902 and execute a series of computer executable instructions in the memory 902 on a network device. The network device may also include one or more power supplies 903, one or more wired or wireless network interfaces 904, one or more input output interfaces 905, and one or more keyboards 906.
In this embodiment, the network device includes a processor, a communication interface, a memory, and a communication bus; the processor, the communication interface and the memory complete communication with each other through a bus; the memory is used for storing a computer program; the processor is configured to execute the program stored in the memory, and implement the method steps shown in fig. 2 to 6.
Embodiments of the present application also provide a computer-readable storage medium having stored therein a computer program which, when executed by a processor, implements the method steps shown in fig. 2 to 6.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, the network device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims (6)

1. A method for communicating session initiation protocol, SIP, messages, comprising:
after a first port for the terminal equipment UE to communicate with a session border controller SBC is closed, the UE sends a first registration request message to the SBC through a second port, wherein the first registration request message carries first authentication verification information; the first authentication verification information includes: next random number next nonce, protection quality message-qop, initial random number cnance, random number nonce-count, response-auth;
receiving a first response message returned by the SBC, wherein the first response message carries second Authentication verification information, the second Authentication verification information is generated by the SBC according to the first Authentication verification information in a Digest Authentication mode, and the Digest Authentication has an Authentication-Info function;
after the authentication is successful according to the second authentication verification information, a second registration request message is sent to the SBC through the second port, wherein the second registration request message carries third authentication verification information, and the third authentication verification information is used for indicating the SBC and the UE to communicate through the second port;
Receiving a second response message sent by the SBC, and authenticating according to fourth authentication check information, wherein the second response message carries the fourth authentication check information, and the fourth authentication check information is generated by the SBC according to the third authentication check information;
and after the fourth authentication verification information is successfully authenticated, sending a service request to the SBC, wherein the service request carries fifth authentication verification information, the fifth authentication verification information is generated by the SBC according to the fourth authentication verification information, and the fifth authentication verification information is used for indicating the SBC to authenticate the service request.
2. The communication method according to claim 1, characterized in that the method further comprises:
and after authentication fails according to the second authentication verification information, the UE initiates an initial registration process with the SBC through the second port again.
3. A method of communicating SIP messages, comprising:
receiving a first registration request message sent by a second port by UE, wherein the first registration request message carries first authentication verification information; the first authentication verification information includes: next random number next nonce, protection quality message-qop, initial random number cnance, random number nonce-count, response-auth;
After the first Authentication verification information is successfully authenticated, a first response message is sent to the UE, wherein the first response message carries second Authentication verification information, the second Authentication verification information is generated by an SBC according to the first Authentication verification information in a Digest Authentication mode, and an Authentication-Info function is provided in the Digest Authentication;
after the authentication of the UE is successful according to the second authentication verification information, receiving a second registration request message sent by the UE through the second port, wherein the second registration request message carries third authentication verification information, and the third authentication verification information is used for indicating the SBC to communicate with the UE through the second port;
after the authentication of the third authentication verification information is successful, a second response message is sent to the UE, wherein the response message carries fourth authentication verification information, the fourth authentication verification information is generated by the SBC according to the third authentication verification information, and the fourth authentication verification information is used for the authentication of the UE;
and after the UE successfully authenticates the fourth authentication check information, receiving a service request sent by the UE, wherein the service request carries fifth authentication check information, the fifth authentication check information is generated by the SBC according to the fourth authentication check information, and the service request is authenticated according to the fifth authentication check information.
4. A terminal device for SIP messaging, comprising:
the processing and sending unit is used for sending a first registration request message to the SBC through a second port after a first port for communicating with the session border controller SBC by the terminal equipment is closed, wherein the first registration request message carries first authentication and verification information; the first authentication verification information includes: next random number next nonce, protection quality message-qop, initial random number cnance, random number nonce-count, response-auth;
the receiving unit is used for receiving a first response message returned by the SBC, wherein the first response message carries second Authentication verification information, the second Authentication verification information is generated by the SBC according to the first Authentication verification information in a Digest Authentication mode, and the Digest Authentication has an Authentication-Info function;
the sending processing unit is further configured to send a second registration request message to the SBC through the second port after authentication according to the second authentication check information is successful, where the second registration request message carries third authentication check information, where the third authentication check information is used to instruct the SBC to communicate with the terminal device through the second port;
The receiving unit is further configured to receive a second response message sent by the SBC, where the second response message carries fourth authentication verification information, and performs authentication according to the fourth authentication verification information, where the fourth authentication verification information is generated by the SBC according to the third authentication verification information;
the sending processing unit is further configured to send a service request to the SBC after the fourth authentication check information is successfully authenticated, where the service request carries fifth authentication check information, where the fifth authentication check information is generated by the SBC according to the fourth authentication check information, and the fifth authentication check information is used to instruct the SBC to authenticate the service request.
5. The terminal device of claim 4, wherein the sending processing unit is further configured to initiate an initial registration procedure with the SBC through the second port again after authentication according to the second authentication verification information fails.
6. A network device, comprising:
the receiving unit is used for receiving a first registration request message sent by the UE through the second port, wherein the first registration request message carries first authentication verification information; the first authentication verification information includes: next random number next nonce, protection quality message-qop, initial random number cnance, random number nonce-count, response-auth;
The processing and transmitting unit is used for transmitting a first response message to the UE after the first Authentication and verification information is successfully authenticated, wherein the first response message carries second Authentication and verification information, the second Authentication and verification information is generated by the SBC according to the first Authentication and verification information in a Digest type Authentication mode, and an Authentication-Info function is provided in the Digest type Authentication;
when the authentication of the UE is successful according to the second authentication verification information, the receiving unit is further configured to receive a second registration request message sent by the UE through the second port, where the second registration request message carries third authentication verification information, and the third authentication verification information is used to instruct the SBC to communicate with the UE through the second port;
the processing and transmitting unit is further configured to send a second response message to the UE after the authentication of the third authentication and verification information is successful, where the response message carries fourth authentication and verification information, the fourth authentication and verification information is generated by the SBC according to the third authentication and verification information, and the fourth authentication and verification information is used for authentication of the UE;
The receiving unit is further configured to receive a service request sent by the UE after the UE successfully authenticates the fourth authentication check information, where the service request carries fifth authentication check information, the fifth authentication check information is generated by the SBC according to the fourth authentication check information, and authenticate the service request according to the fifth authentication check information.
CN202111528684.9A 2021-12-14 2021-12-14 Communication method of SIP message, terminal equipment and network equipment thereof Active CN114979980B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111528684.9A CN114979980B (en) 2021-12-14 2021-12-14 Communication method of SIP message, terminal equipment and network equipment thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111528684.9A CN114979980B (en) 2021-12-14 2021-12-14 Communication method of SIP message, terminal equipment and network equipment thereof

Publications (2)

Publication Number Publication Date
CN114979980A CN114979980A (en) 2022-08-30
CN114979980B true CN114979980B (en) 2023-07-21

Family

ID=82975188

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111528684.9A Active CN114979980B (en) 2021-12-14 2021-12-14 Communication method of SIP message, terminal equipment and network equipment thereof

Country Status (1)

Country Link
CN (1) CN114979980B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005149418A (en) * 2003-11-19 2005-06-09 Nippon Telegr & Teleph Corp <Ntt> Application operation method and sbc system device
CN104348784A (en) * 2013-07-29 2015-02-11 携程计算机技术(上海)有限公司 Registration control method of mobile terminal for accessing call center and system thereof
US9571480B1 (en) * 2015-04-08 2017-02-14 Sonus Networks, Inc. Authentication methods and apparatus
WO2017107623A1 (en) * 2015-12-23 2017-06-29 中兴通讯股份有限公司 User registration information processing method and apparatus, and evolved packet data gateway (epdg) device
US9769140B1 (en) * 2015-09-10 2017-09-19 Sonus Networks, Inc. Authentication support for autonomous requests
WO2017157144A1 (en) * 2016-03-14 2017-09-21 华为技术有限公司 Sip over tcp/tls-based communication method and associated device
CN107872588A (en) * 2016-09-28 2018-04-03 华为技术有限公司 Call processing method, relevant apparatus and system
WO2020063585A1 (en) * 2018-09-25 2020-04-02 中兴通讯股份有限公司 Fusion communication system and interaction method therefor

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100508539C (en) * 2006-01-09 2009-07-01 华为技术有限公司 Implement method and system for double-home of session boundary controller

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005149418A (en) * 2003-11-19 2005-06-09 Nippon Telegr & Teleph Corp <Ntt> Application operation method and sbc system device
CN104348784A (en) * 2013-07-29 2015-02-11 携程计算机技术(上海)有限公司 Registration control method of mobile terminal for accessing call center and system thereof
US9571480B1 (en) * 2015-04-08 2017-02-14 Sonus Networks, Inc. Authentication methods and apparatus
US9769140B1 (en) * 2015-09-10 2017-09-19 Sonus Networks, Inc. Authentication support for autonomous requests
WO2017107623A1 (en) * 2015-12-23 2017-06-29 中兴通讯股份有限公司 User registration information processing method and apparatus, and evolved packet data gateway (epdg) device
WO2017157144A1 (en) * 2016-03-14 2017-09-21 华为技术有限公司 Sip over tcp/tls-based communication method and associated device
CN107872588A (en) * 2016-09-28 2018-04-03 华为技术有限公司 Call processing method, relevant apparatus and system
WO2020063585A1 (en) * 2018-09-25 2020-04-02 中兴通讯股份有限公司 Fusion communication system and interaction method therefor

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
呼叫中心会话边界控制的一种设计与实现;郭晨;詹舒波;;软件(11);全文 *

Also Published As

Publication number Publication date
CN114979980A (en) 2022-08-30

Similar Documents

Publication Publication Date Title
US20200092108A1 (en) Data communication method, device and apparatus, and storage medium
US20180176775A1 (en) Network operation and trusted execution environment
EP1779632B1 (en) System and method for dynamically determining the role of a network device in a link authentication protocol exchange
CN101163010A (en) Method of authenticating request message and related equipment
US9503446B2 (en) Authentication within openflow network
US8874919B2 (en) Apparatus and method of a portable terminal authenticating another portable terminal
US10148636B2 (en) Authentication methods and apparatus
US9509778B2 (en) SIP-based method, apparatus and system for secure communication between MTC devices
US20130198353A1 (en) Overload handling through diameter protocol
CN109121135A (en) Client registers and key sharing method, apparatus and system based on GBA
WO2020198991A1 (en) Methods and apparatus relating to authentication of a wireless device
US7591013B2 (en) System and method for client initiated authentication in a session initiation protocol environment
CN108600234A (en) A kind of auth method, device and mobile terminal
CN104753872A (en) Authentication method, authentication platform, service platform, network elements and system
CN111404918A (en) Cloud mobile phone distributed service emergency authentication method, device and system
CN114979980B (en) Communication method of SIP message, terminal equipment and network equipment thereof
CN104580781A (en) Message processing method and system, proxy-call session control function device and server
EP3381208B1 (en) Charging record authentication for anonymized network service utilization
US20200396088A1 (en) System and method for securely activating a mobile device storing an encryption key
US20110302245A1 (en) Realization method and system for participating in a predefined group session
CN113449286B (en) Method, system and equipment for safety check of S-NSSAI (S-NSSAI) sent by UE (user equipment)
CN114281373A (en) Device state updating method and device, computer device and storage medium
CN106911696B (en) Keep-alive message transmission method and device
TWI776982B (en) Reliable server management method and device supporting wireless network switching
WO2021115686A1 (en) Enhancement of authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant