CN117318989A - Fixed telephone identity verification method, device, equipment and storage medium - Google Patents

Fixed telephone identity verification method, device, equipment and storage medium Download PDF

Info

Publication number
CN117318989A
CN117318989A CN202311077608.XA CN202311077608A CN117318989A CN 117318989 A CN117318989 A CN 117318989A CN 202311077608 A CN202311077608 A CN 202311077608A CN 117318989 A CN117318989 A CN 117318989A
Authority
CN
China
Prior art keywords
user
account
authentication
information
dhcp server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311077608.XA
Other languages
Chinese (zh)
Inventor
曾彬
蒋鸣
张波
魏乾奕
汤婷婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202311077608.XA priority Critical patent/CN117318989A/en
Publication of CN117318989A publication Critical patent/CN117318989A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/006Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
    • H04M7/0078Security; Fraud detection; Fraud prevention

Abstract

The embodiment of the application relates to the technical field of network security, in particular to a method, a device, equipment and a storage medium for verifying the identity of a fixed phone, aiming at ensuring the security of the fixed phone call. The method comprises the following steps: the user terminal corresponding to the user sends a call request to the session network, wherein the call request carries first account verification information of the user, and the first account verification information comprises: a VOIP account number, a LOID and a terminal MAC address; the session network sends a verification request to the DHCP server, wherein the verification request carries first account verification information; the DHCP server performs identity authentication on the user according to the first account authentication information and second account authentication information of the user, wherein the second account authentication information at least comprises: a VOIP account number, LOID, terminal MAC address; in response to authentication passing, the DHCP server sends authentication passing information to the session network; in response to receiving the authentication pass information, the session network performs a session flow for the user.

Description

Fixed telephone identity verification method, device, equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of network security, in particular to a method, a device, equipment and a storage medium for verifying the identity of a fixed phone.
Background
Today, a user can log in an IMS (IP Multimedia Subsystem, IP multimedia system) network to make a fixed phone call, and communicate with a target object, and under the condition that the account number and password of the user are known, the user can log in the IMS network to send a call request to the IMS network, and the IMS network executes a fixed phone call flow.
When the third party knows the account password of the user, the third party can also log in the IMS network to carry out the fixed telephone call by the identity of the user, the safety of the fixed telephone call can not be ensured, and the loss is easily caused to the user and the platform.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment and a storage medium for verifying the identity of a fixed telephone, aiming at ensuring the safety of the fixed telephone call.
An embodiment of the present application provides a method for authenticating a fixed phone, where the method includes:
responding to a fixed telephone dialing operation of a user, sending a call request to a session network by a user terminal corresponding to the user, wherein the call request carries first account verification information of the user, and the first account verification information at least comprises: the user first VOIP account, the user first LOID and the user first terminal MAC address;
The session network sends a verification request to a DHCP server, wherein the verification request carries the first account verification information;
the DHCP server performs identity verification on the user according to the first account verification information and the second account verification information of the user, wherein the second account verification information at least comprises: a second VOIP account of the user, a second LOID of the user, a second terminal MAC address of the user;
in response to authentication passing, the DHCP server sends authentication passing information to the session network;
in response to receiving the authentication pass information, the session network performs a session flow for the user.
Optionally, when the user does not register with the session network, acquiring, from the DHCP server, a network address of a voice device of the session network, including:
the user terminal sends a voice equipment network address request to the DHCP server, wherein the voice equipment network address request carries the first account verification information;
the DHCP server performs identity authentication on the user according to the first account authentication information and the second account authentication information;
And the DHCP server sends the network address of the voice equipment to the user terminal in response to the user terminal passing the verification.
Optionally, in a case that the user is not registered in the session network, performing user registration in the session network includes:
responding to a session network registration operation initiated by a user, wherein the user terminal sends a registration request to the session network, and the registration request at least carries the first account verification information;
the session network sends the verification request to the DHCP server;
the DHCP server performs identity authentication on the user according to the first account authentication information and the second account authentication information contained in the authentication request;
in response to authentication passing, the DHCP server sends authentication passing information to the session network;
in response to receiving the authentication pass information, the session network performs a registration procedure of the user.
Optionally, the user completes the operation of opening an account in advance at the server, including:
responding to the account opening operation of the user, and sending an account opening request to the server by the user terminal;
The server side obtains LOID, VOIP account number and terminal MAC address corresponding to the user;
the server adds the LOID, the VOIP account number and the terminal MAC address into a work order;
and the server sends the work order to the DHCP server so that the DHCP server stores the work order.
Optionally, the DHCP server performs authentication on the user according to the first account authentication information and the second account authentication information of the user, including:
the DHCP server compares the first VOIP account with the second VOIP account;
the DHCP server compares the first LOID with the second LOID;
the DHCP server compares the first terminal MAC address with the second terminal MAC address.
Optionally, configuring the optical cat and the OLT corresponding to the user terminal in advance includes:
starting a first function parameter on the cat, wherein the first function parameter requires the user terminal to carry the first VOIP account when sending a request;
and starting a second function parameter on the OLT, wherein the second function parameter requires the user terminal to carry the first LOID when sending a request.
Optionally, the method further comprises:
responding to the user as a non-authentication user, forwarding the call request of the user to an abnormal telephone traffic control platform;
the abnormal telephone traffic control platform intercepts and judges the call request according to a preset telephone traffic control strategy;
responding to the interception judgment passing, the abnormal telephone traffic control platform sends the call request to the session network;
and the session network executes the session flow of the user.
A second aspect of embodiments of the present application provides a fixed phone identity verification apparatus, the apparatus including:
the call request sending module is used for responding to the fixed telephone dialing operation of a user, the user terminal corresponding to the user sends a call request to a session network, the call request carries first account verification information of the user, and the first account verification information at least comprises: the user first VOIP account, the user first LOID and the user first terminal MAC address;
the authentication request sending module is used for sending an authentication request to the DHCP server by the session network, wherein the authentication request carries the first account authentication information;
The authentication module is used for the DHCP server to authenticate the user according to the first account authentication information and the second account authentication information of the user, and the second account authentication information at least comprises: a second VOIP account of the user, a second LOID of the user, a second terminal MAC address of the user;
the authentication passing information sending module is used for responding to the authentication passing, and the DHCP server sends authentication passing information to the session network;
and the first session flow executing module is used for responding to the received verification passing information and executing the session flow of the user by the session network.
Optionally, the apparatus further includes a network address acquisition module, the module including:
the network address request sending module is used for sending a voice equipment network address request to the DHCP server by the user terminal, wherein the voice equipment network address request carries the first account verification information;
the first identity verification sub-module is used for the DHCP server to carry out identity verification on the user according to the first account verification information and the second account verification information;
And the address sending sub-module is used for responding to the authentication of the user terminal, and the DHCP server sends the network address of the voice equipment to the user terminal.
Optionally, the apparatus further comprises a user registration module, the module comprising:
a registration request sending sub-module, configured to respond to a session network registration operation initiated by a user, where the user terminal sends a registration request to the session network, where the registration request at least carries the first account verification information;
a verification request sending sub-module, configured to send the verification request to the DHCP server by using the session network;
the second identity verification sub-module is used for carrying out identity verification on the user according to the first account verification information and the second account verification information contained in the verification request by the DHCP server;
a verification passing sub-module, configured to respond to authentication passing, and the DHCP server sends verification passing information to the session network;
and the registration flow execution sub-module is used for responding to the received verification passing information and executing the registration flow of the user by the session network.
Optionally, the device sea includes an account opening module, the module including:
The account opening request sending submodule is used for responding to the account opening operation of the user, and the user terminal sends out an account opening request to the server;
the information acquisition sub-module is used for acquiring the LOID, the VOIP account number and the terminal MAC address corresponding to the user by the server;
the work order generation sub-module is used for adding the LOID, the VOIP account number and the terminal MAC address into a work order by the server;
and the work order sending sub-module is used for sending the work order to the DHCP server by the server side so that the DHCP server can store the work order.
Optionally, the identity verification module includes:
a first information verification sub-module, configured to compare the first VOIP account with the second VOIP account by using the DHCP server;
a second information verification sub-module, configured to compare the first LOID with the second LOID by using the DHCP server;
and the third information verification sub-module is used for comparing the first terminal MAC address with the second terminal MAC address by the DHCP server.
Optionally, the apparatus further comprises a device configuration module, the module comprising:
a first function parameter opening module, configured to open a first function parameter on the optical modem, where the first function parameter requires the user terminal to carry the first VOIP account when sending a request;
And the second function parameter starting module is used for starting a second function parameter on the OLT, and the second function parameter requires the user terminal to carry the first LOID when sending a request.
Optionally, the apparatus further comprises:
the call request forwarding module is used for forwarding the call request of the user to the abnormal telephone traffic control platform in response to the user being a non-authentication user;
the call request judging module is used for intercepting and judging the call request according to a preset telephone traffic control strategy by the abnormal telephone traffic control platform;
the interception judgment passing module is used for responding to the interception judgment passing, and the abnormal telephone traffic control platform sends the call request to the session network;
and the second session flow executing module is used for executing the session flow of the user by the session network.
A third aspect of the embodiments of the present application provides a readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method as described in the first aspect of the present application.
A fourth aspect of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the method described in the first aspect of the present application when the processor executes the computer program.
By adopting the fixed phone authentication method provided by the application, in response to a fixed phone dialing operation of a user, a user terminal corresponding to the user sends a call request to a session network, wherein the call request carries first account authentication information of the user, and the first account authentication information at least comprises: the user first VOIP account, the user first LOID and the user first terminal MAC address; the session network sends a verification request to a DHCP server, wherein the verification request carries the first account verification information; the DHCP server performs identity verification on the user according to the first account verification information and the second account verification information of the user, wherein the second account verification information at least comprises: a second VOIP account of the user, a second LOID of the user, a second terminal MAC address of the user; in response to authentication passing, the DHCP server sends authentication passing information to the session network; in response to receiving the authentication pass information, the session network performs a session flow for the user. In the method, when a user opens an account, a cat of the user is set in advance, a VOIP (voice over internet protocol) account of the user, an LOID (logic number) and a terminal MAC (Media Access Control Address, network address) on user OLT (optical line terminal ) equipment are recorded in a DHCP (Dynamic Host Configuration Protocol ) server, when the user terminal sends a call request to a session network, the call request carries the current VOIP account, the LOID and the terminal MAC of the user, namely first account verification information, the session network sends a verification request carrying the first account verification information to a DHCP server, the DHCP server compares the second account verification information of the user which is already stored when opening the account with the first account verification information, when the first account verification information is identical to the second account verification information, verification passing information is sent to the session network, the session flow is executed after the session network receives the verification passing information, otherwise, the session flow is not executed, so that the user is ensured to use the user equipment corresponding to use the user to perform a fixed call, and the identity of the user is effectively ensured to be verified when the user is ensured to be safe.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a method for authenticating a fixed phone according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a call authentication procedure according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a user registration process according to an embodiment of the present application;
fig. 4 is a schematic diagram of a session network registration address obtaining procedure according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a fixed phone dialing system according to an embodiment of the present application;
fig. 6 is a schematic diagram of a call control flow according to an embodiment of the present application;
FIG. 7 is a schematic diagram of an abnormal traffic control platform according to an embodiment of the present disclosure;
fig. 8 is a schematic diagram of a fixed-line authentication device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without undue burden, are within the scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of a method for authenticating a fixed phone according to an embodiment of the present application.
As shown in fig. 1, the method comprises the steps of:
s11: responding to a fixed telephone dialing operation of a user, sending a call request to a session network by a user terminal corresponding to the user, wherein the call request carries first account verification information of the user, and the first account verification information at least comprises: the user first VOIP account, the user first LOID, the user first terminal MAC address.
In this embodiment, the user is a user registered in advance at the service end of the network service provider. The user terminal is a fixed telephone device used by the user and connected with the network. Session network (IMS) is a network that provides session services for users. And when a call is requested, a request sent by a user to the session network is used for carrying out network communication with the target equipment. The first account verification information comprises a first VOIP account, a first LOID and a first terminal MAC address, wherein the first VOIP account is an account of the network telephone which sends the call request, the first LOID is a device number of the OLT which sends the call request, and the first terminal MAC address is a network address of the device which sends the call request.
In this embodiment, when a user needs to dial a fixed phone, a fixed phone dialing operation is performed at a user terminal, after the user terminal detects that the user performs the fixed phone dialing operation, the user terminal sends a call request to a network address of a session network, the user terminal sends the call request to the session network through an OUN (Optical Network Unit, optical modem), the call request includes at least first account verification information of the user, the call request also includes necessary information required for performing a session, such as an object of the call, and after the session network receives the call request, an SBC (session border controller) in the session network receives the call request and performs a subsequent operation.
The session NETWORK is an IMS core NETWORK, and when the fixed-line IMS terminal OUN initiates a session procedure to the IMS NETWORK, an INVITE message is sent, where the header field P-ACCESS-NETWORK of the message has a newly added LOID field and a MAC address field, and the INVITE message further includes a VOIP account of the user.
S12: and the session network sends an authentication request to a DHCP server, wherein the authentication request carries the authentication information of the first account.
In this embodiment, the DNHC server controls a section of IP address range by the server, and when the client logs in to the server, the client can automatically obtain the IP address and the subnet mask allocated by the server, and the DHCP server is the server that automatically allocates the IP address and the subnet mask to the computer. The authentication request (authentication request) is a request sent by the session network to the DHCP server for verifying the authenticity of the user identity.
In this embodiment, when receiving a call request sent by a user, the session network sends a verification request to the DHCP server, where the sent verification request carries first account verification information, and an interface for performing data transmission with the DHCP is newly added to a call session controller (SBC) in the session network, so that the session network interfaces with the DHCP, thereby facilitating information transmission.
S13: the DHCP server performs identity verification on the user according to the first account verification information and the second account verification information of the user, wherein the second account verification information at least comprises: and the second VOIP account of the user, the second LOID of the user and the second terminal MAC address of the user.
In this embodiment, the second account verification information is user information stored by the DHCP server when the user opens an account, the second VOIP account is a VOIP account when the user opens an account, the second LOID enables the device number of the OLT when the user opens an account, and the second terminal MAC is a terminal MAC when the user opens an account.
In this embodiment, after receiving an authentication request sent by a session network, the DHCP server performs identity authentication on a user according to first account authentication information and pre-stored second account authentication information, and specifically includes the steps of:
S13-1: the DHCP server compares the first VOIP account with the second VOIP account.
In this embodiment, the DHCP server compares the first VOIP account in the received first account verification information with the second VOIP account when the user opens an account, so as to obtain a comparison result. When the two VOIP account numbers are the same, the network telephone used by the user is the network telephone used when the user opens an account.
S13-2: the DHCP server compares the first LOID with the second LOID.
In this embodiment, the DHCP server compares the first LOID in the received first account verification information with the second LOID when the user opens an account, to obtain a comparison result. When the two LOIDs are the same, it is explained that the OLT device used by the user is the device used when the user opens an account.
S13-3: the DHCP server compares the first terminal MAC address with the second terminal MAC address.
In this embodiment, the DHCP server compares the first terminal MAC address in the received first account verification information with the second terminal MAC address when the user opens an account, to obtain a comparison result. When the two terminal MAC addresses are the same, the terminal address used currently by the user is the same as that used when the user opens an account.
When the data in the first account verification information is identical to the data in the second account verification information, the call is executed by the user.
S14: in response to authentication passing, the DHCP server sends authentication passing information to the session network.
In this embodiment, the authentication passing information is information sent by the DHCP server to the session network in the case that the user identity passes, and is used to notify the session network that the user identity is true.
In this embodiment, when the DHCP authentication passes, authentication passing information is sent to the session network.
And when the authentication of the DHCP fails, sending authentication failure information to the session network.
Illustratively, the authentication passing information is "a user identity passing authentication", and the authentication failing information is "a user identity authentication failing".
S15: in response to receiving the authentication pass information, the session network performs a session flow for the user.
In this embodiment, after receiving the authentication passing information sent by the DHCP server, the session network executes the session flow of the user.
Referring to fig. 2, fig. 2 is a schematic diagram of a call verification flow proposed in an embodiment of the present application, as shown in fig. 2, a call session controller SBC located in a session network receives an INVITE (call request) sent by a user terminal, the SBC sends an AUT REQ (verification request) to a DHCP, the DHCP returns an AUT RES (verification result) to the SBC, when authentication is passed, the SBC sends the INVITE to the CSCF, executes a corresponding session flow, and when authentication is not passed, the SBC returns CANCEL information to the user terminal.
In this embodiment, the SBC newly added interface in the session network interfaces with the DHCP server, and when the user makes a fixed-line call, the authentication judgment of the LOID and the MAC of the user is newly added, and the VOIP of the user is also judged, so that the security of the fixed-line call made by the user is ensured.
In another embodiment of the present application, when the user does not register with the session network, acquiring, from the DHCP server, a network address of a voice device of the session network, including:
s21: and the user terminal sends a voice equipment network address request to the DHCP server, wherein the voice equipment network address request carries the first account verification information.
In this embodiment, when the user does not register the session network, the user needs to apply for obtaining the network address of the session network from the DHCP server first, and then register the user of the session network.
In this embodiment, the voice device network address request is a request sent by the user terminal to the DHCP server for requesting a registration address of the voice device in the session network, the voice device being the call session controller SBC.
In this embodiment, the user terminal sends a voice device network address request to the DHCP under the condition that the user terminal does not register the session network, where the voice device network address request carries the first account verification information. When the optical modem OUN of the user is started, the user terminal acquires the address of the session network IMS where the voice equipment SBC is located from the DHCP server. The issued request carries first account verification information (VOIP, LOID, MAC).
S22: and the DHCP server performs identity authentication on the user according to the first account authentication information and the second account authentication information.
In this embodiment, the DHCP server compares the first account verification information with the second account verification information when the user opens an account at the server, and determines that the user is a legitimate user when the first account verification information is identical to each item of information in the second account verification information, and determines that the user is an illegitimate user when the first account verification information is not identical to the second account verification information.
S23: and the DHCP server sends the network address of the voice equipment to the user terminal in response to the user terminal passing the verification.
In this embodiment, when the authentication of the user terminal passes, the DHCP server sends the voice device network address to the user terminal.
In this embodiment, in the process that the user obtains the IMS SBC from the DHCP server, the DHCP server adds a new judging mechanism to query whether the LOID of the user account number in opening the account is consistent with the LOID carried by the DHCP when the terminal is opened, whether the MAC address of the terminal in opening the account is consistent with the MAC carried in practice, and whether the VOIP account number carried by the optical modem OUN is consistent with the VOIP account number recorded in the DHCP when the user opens the account. The method ensures that the illegal user cannot acquire the registration address of the voice equipment, and ensures the safety of the user call.
In another embodiment of the present application, the user registering in the session network without registering in the session network includes:
s31: and responding to a session network registration operation initiated by a user, wherein the user terminal sends a registration request to the session network, and the registration request at least carries the first account verification information.
In this embodiment, when the user is not registered on the voice device of the session network type, registration in the session network is required.
In this embodiment, the registration request is a request sent by the subscriber to the session network for registering the subscriber information to the voice device SBC in the session network.
In this embodiment, when a user initiates a session network registration operation at a user terminal, the user terminal sends a registration request to the session network, where the initial measurement request includes at least first account verification information.
For example, the user terminal initiates a registration procedure to the IMS core NETWORK through the optical modem OUN, and adds the LOID field and the MAC field in the header field P-ACCESS-NETWORK of the registration request. The registration message of the terminal also carries a VOIP account number (for example, sip: +8628 @ sc. Ctims. Cn, terminal ip (ue ip= 189.221.181.86), and LOID =.
S32: the session network sends the authentication request to the DHCP server.
In this embodiment, after receiving the session network registration request, the session network sends a verification request to the DHCP server, where the verification request is used to verify whether the identity of the user is true.
S33: and the DHCP server performs identity authentication on the user according to the first account authentication information and the second account authentication information contained in the authentication request.
In this embodiment, after receiving the verification request, the DHCP server determines the current VOIP account, the LOID and the terminal MAC address of the user according to the first account verification information included in the verification request, compares the current VOIP account, the LOID and the terminal MAC address with account opening information in the second account verification information, and performs identity verification on the user. When the data in the first account verification information is identical to the data in the second account verification information, the user identity is indicated to be true, and when the data in the first account verification information is not identical to the data in the second account verification information, the user identity is indicated to be false.
S34: in response to authentication passing, the DHCP server sends authentication passing information to the session network.
In this embodiment, when the user authentication passes, the DHCP server transmits authentication passing information to the session network.
S35: in response to receiving the authentication pass information, the session network performs a registration procedure of the user.
In this embodiment, after receiving the authentication passing information sent by the DHCP server, the session network executes the registration procedure of the user.
Referring to fig. 3, fig. 3 is a schematic diagram of a user registration procedure according to an embodiment of the present application, where, as shown in fig. 3, a user terminal sends a REGISTER (registration request) to an SBC, the SBC sends an AUT REQ (authentication request) to a DHCP server, the DHCP server returns an AUT RES (authentication result) to the SBC, when authentication passes, the SBC forwards registration information to the CSCF to continue to perform the registration procedure, and when authentication fails, the SBC returns 403 fortdden (unsuccessful registration) information to the user terminal.
In this embodiment, authentication judgment of the user location LOID and the MAC address and consistency judgment of the VOIP account are newly added in the registration stage, so that the user can be prevented from initiating registration from other nodes in the network under the condition of illegally acquiring the user account and the password, and the security of the user account is ensured.
In another embodiment of the present application, the user completes the operation of opening an account in advance at the server, including:
S41: and responding to the account opening operation of the user, and sending an account opening request to the server by the user terminal.
In this embodiment, the user needs to open an account, i.e. register, in advance at the IT system server providing the network service.
In this embodiment, the server is a background terminal of an IT system that provides network services, and is used for managing the entire IT system. The account opening request is sent to the server by the user terminal and is used for registering the user information to the server.
In this embodiment, when the user needs to open an account, an operation is performed at the user terminal, and when the user terminal detects that the user performs the operation, the user terminal sends an opening request to the server.
S42: and the server acquires the LOID, the VOIP account number and the terminal MAC address corresponding to the user.
In this embodiment, after receiving an account opening request from a user, the server obtains VOIP corresponding to the optical modem OUN of the user, a logical number LOID on OLT equipment of the user, an installed address of the user corresponding to the LOID, and a terminal MAC address of the user.
S43: and the server adds the LOID, the VOIP account number and the terminal MAC address to a work order.
In this embodiment, the server adds the LOID, the VOIP account, and the terminal MAC address corresponding to the user to the worksheet.
S44: and the server sends the work order to the DHCP server so that the DHCP server stores the work order.
In this embodiment, the server sends the work order to the DHCP server, and after receiving the work order, the DHCP server stores the work order for subsequent verification of the user identity.
In this embodiment, when the user opens an account at the server, the LOID, the VOIP account and the terminal MAC address corresponding to the user are obtained, and the obtained LOID, VOIP account and terminal MAC address are issued as a worksheet to the DHCP server, so that the DHCP server is ensured to verify the user identity.
In another embodiment of the present application, configuring the optical cat and the OLT corresponding to the user terminal in advance includes:
s51: and starting a first function parameter on the photo cat, wherein the first function parameter requires the user terminal to carry the first VOIP account when sending a request.
In this embodiment, the optical cat OUN is configured to convert an optical fiber signal into an ethernet signal. The function parameters are used for controlling various functions of the optical modem OUN, starting different function parameters, and carrying different data during data transmission. The first function parameter is used to require the user to carry the first VOIP account when sending the request.
In this embodiment, a first function parameter is started on the optical modem OUN, where the first function parameter requires that the user terminal carries the first VOIP account, i.e. the current VOIP account of the user, when sending the request.
Illustratively, the encapsulation format of the DHCP packet in the UDP layer is shown in table 1:
TABLE 1
The Options column is an extension column, a format can be set by itself, new parameters are added, and in the setting, the cat OUN is set to carry the VOIP account in the Options of the DHCP message.
The first function parameter is 60, and after the 60 parameters are started, list 2 is added into list 1:
TABLE 2
Where the CODE is 60 and the length LEN is at least 1.
And S52, starting a second function parameter on the OLT, wherein the second function parameter requires the user terminal to carry the first LOID when sending a request.
In this embodiment, the second function parameter is used to request the user terminal to carry the first LOID when sending the request, that is, the LOID of the current OLT apparatus of the user.
In this embodiment, a second function parameter is started on the OLT apparatus, where the second function parameter requires the ue to carry the first LOID when sending the request.
Illustratively, the second functional parameter is 82, and table 3 is added to table 1, as shown in the following table:
TABLE 3 Table 3
Where code=82 represents option82 option;
Subopt=1 indicates CID sub option (Agent Circuit ID Sub-option).
Subopt=2 represents RID sub-option (Agent Remote ID Sub-option).
Setting the format of the DHCP Option82 Option to the format of table 3, i.e. the request sent by the user terminal may carry the LOID.
Based on the above embodiment, the flow of acquiring the network address of the voice device by the optical modem OUN corresponding to the user terminal is shown in fig. 4, fig. 4 is a schematic diagram of the session network registration address acquiring flow provided in an embodiment of the present application, in fig. 4, the user is started, the OUN starts the OPTION60 parameter, the OLT starts the OPTION82 parameter, after sending the request for the network address of the voice device, the DHCP judges the VIOP account number, the LOID, and the terminal MAC of the user, and when the identity of the user is judged to be true, the corresponding IP address is allocated to the user, and when the identity of the user is judged to be false, the user is refused to acquire the IP address.
In this embodiment, corresponding functional parameters are started in the optical modem OUN and the OLT, so that the user can carry corresponding authentication information when sending a request, and the security of the user account is ensured.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a fixed phone dialing system according to an embodiment of the present application, where the fixed phone dialing system includes an IT server, an OUN, a beam splitter, an OLT, a BARS (Broadband Remote Access Server, broadband access server), an IMS core network (session network), an SBC, a DHCP server, and an ITMS (Integrated Terminal Management System, terminal integrated manager). Communication is established between the user terminal OUN and the SBC as well as between the DHCP server and between the SBC and the DHCP, and between the DHCP server and the IT server, so as to execute the user identity verification flow and the call flow in the above embodiments.
In another embodiment of the present application, the method further comprises:
s61: and responding to the user as a non-authentication user, and forwarding the call request of the user to an abnormal telephone traffic control platform.
In this embodiment, the non-authenticated user is a user authenticated by a non-network service provider, such as a hotel telephone user, a public telephone user of a public telephone of a unit. The abnormal telephone traffic platform is used for controlling the call of the non-authentication user, judging whether the call behavior is legal or not, and then selecting to put through or block the call.
In this embodiment, when the user is a non-authenticated user, the non-authenticated user is also referred to as a relay user, and the relay user typically enters the IMS core network (session network) through an MGCF (Media Gateway Control Function, multimedia gateway control unit) or an IBAC gateway, and the MGCF/IBAC forwards the call request to the abnormal traffic control platform.
S62: and the abnormal telephone traffic control platform intercepts and judges the call request according to a preset telephone traffic control strategy.
In this embodiment, the traffic control policy is a policy that is pre-established to control the call.
In this embodiment, after receiving a call request, the abnormal traffic control platform intercepts and determines the call request according to a preset traffic control policy.
Illustratively, the call management policies are as shown in Table 4:
the call control strategy of table 4 may also be modified according to practical situations, and is not limited herein.
Referring to fig. 6, fig. 6 is a schematic diagram of a call control flow provided in an embodiment of the present application, where an abnormal traffic control platform controls a call according to the flow in the figure.
S63: and the abnormal telephone traffic control platform sends the call request to the session network in response to the interception judgment.
In this embodiment, when the interception determination passes, the abnormal traffic control platform tells you to the session network the call request.
S64: and the session network executes the session flow of the user.
In this embodiment, after receiving the call request, the session network does not need to perform authentication through the DHCP server, and directly executes the session flow.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an abnormal traffic control platform according to an embodiment of the present application, where, as shown in fig. 7, the abnormal traffic control platform includes a service subsystem, an access subsystem, and a call record storage module and a call processing module included in the access subsystem, where a control policy is stored in the service subsystem, and is connected to a comprehensive network manager through an alarm interface. When the relay group is accessed into the fixed network IMS, the call request is forwarded to an abnormal telephone traffic management and control platform, the abnormal telephone traffic management and control platform judges whether the call request is released or not according to a management and control strategy, when the call request is released, the call request is sent to the session network IMS, the IMS executes a corresponding session flow, and when the call request is not released, the service subsystem can also alarm to the comprehensive network manager through an alarm interface.
In the embodiment of the application, the authentication is performed in the stages of the terminal obtaining IP address process, the terminal registering process, the terminal calling session process and the like, the authentication is performed by using the account opening information of the terminal, the actual position information of the terminal, the MAC address and the VOIP account information, the identity of the user is effectively verified, and the solidified illegal access is prevented. A new interface is established between the SBC and the DHCP server, thereby facilitating the transmission of the authentication data and improving the speed of the authentication. Aiming at the call request of the non-authenticated user, the abnormal telephone traffic management and control platform is used for managing and controlling the call request, so that the safety of the call is ensured, and the loss of the user and the platform is reduced.
Based on the same inventive concept, an embodiment of the present application provides a fixed phone identity verification device. Referring to fig. 8, fig. 8 is a schematic diagram of a fixed phone authentication device 80 according to an embodiment of the present application. As shown in fig. 8, the apparatus includes:
a call request sending module 801, configured to respond to a fixed phone dialing operation of a user, where a user terminal corresponding to the user sends a call request to a session network, where the call request carries first account verification information of the user, where the first account verification information at least includes: the user first VOIP account, the user first LOID and the user first terminal MAC address;
A verification request sending module 802, configured to send a verification request to a DHCP server by using the session network, where the verification request carries the first account verification information;
the authentication module 803 is configured to perform authentication on the user according to the first account authentication information and second account authentication information of the user, where the second account authentication information at least includes: a second VOIP account of the user, a second LOID of the user, a second terminal MAC address of the user;
a verification passing information sending module 804, configured to send verification passing information to the session network by using the DHCP server in response to the authentication passing;
a first session flow execution module 805, configured to, in response to receiving the authentication pass information, execute a session flow of the user by the session network.
Optionally, the apparatus further includes a network address acquisition module, the module including:
the network address request sending module is used for sending a voice equipment network address request to the DHCP server by the user terminal, wherein the voice equipment network address request carries the first account verification information;
The first identity verification sub-module is used for the DHCP server to carry out identity verification on the user according to the first account verification information and the second account verification information;
and the address sending sub-module is used for responding to the authentication of the user terminal, and the DHCP server sends the network address of the voice equipment to the user terminal.
Optionally, the apparatus further comprises a user registration module, the module comprising:
a registration request sending sub-module, configured to respond to a session network registration operation initiated by a user, where the user terminal sends a registration request to the session network, where the registration request at least carries the first account verification information;
a verification request sending sub-module, configured to send the verification request to the DHCP server by using the session network;
the second identity verification sub-module is used for carrying out identity verification on the user according to the first account verification information and the second account verification information contained in the verification request by the DHCP server;
a verification passing sub-module, configured to respond to authentication passing, and the DHCP server sends verification passing information to the session network;
And the registration flow execution sub-module is used for responding to the received verification passing information and executing the registration flow of the user by the session network.
Optionally, the device sea includes an account opening module, the module including:
the account opening request sending submodule is used for responding to the account opening operation of the user, and the user terminal sends out an account opening request to the server;
the information acquisition sub-module is used for acquiring the LOID, the VOIP account number and the terminal MAC address corresponding to the user by the server;
the work order generation sub-module is used for adding the LOID, the VOIP account number and the terminal MAC address into a work order by the server;
and the work order sending sub-module is used for sending the work order to the DHCP server by the server side so that the DHCP server can store the work order.
Optionally, the identity verification module includes:
a first information verification sub-module, configured to compare the first VOIP account with the second VOIP account by using the DHCP server;
a second information verification sub-module, configured to compare the first LOID with the second LOID by using the DHCP server;
and the third information verification sub-module is used for comparing the first terminal MAC address with the second terminal MAC address by the DHCP server.
Optionally, the apparatus further comprises a device configuration module, the module comprising:
a first function parameter opening module, configured to open a first function parameter on the optical modem, where the first function parameter requires the user terminal to carry the first VOIP account when sending a request;
and the second function parameter starting module is used for starting a second function parameter on the OLT, and the second function parameter requires the user terminal to carry the first LOID when sending a request.
Optionally, the apparatus further comprises:
the call request forwarding module is used for forwarding the call request of the user to the abnormal telephone traffic control platform in response to the user being a non-authentication user;
the call request judging module is used for intercepting and judging the call request according to a preset telephone traffic control strategy by the abnormal telephone traffic control platform;
the interception judgment passing module is used for responding to the interception judgment passing, and the abnormal telephone traffic control platform sends the call request to the session network;
and the second session flow executing module is used for executing the session flow of the user by the session network.
Based on the same inventive concept, another embodiment of the present application provides a readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the method for authenticating a fixed phone according to any of the embodiments of the present application.
Based on the same inventive concept, another embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the steps in the method for authenticating a fixed phone according to any one of the foregoing embodiments of the present application.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present embodiments have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the present application.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The method, the device, the equipment and the storage medium for verifying the identity of the fixed telephone provided by the application are described in detail, and specific examples are applied to the description of the principle and the implementation mode of the application, and the description of the examples is only used for helping to understand the method and the core idea of the application; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (10)

1. A method for authenticating a fixed telephone, the method comprising:
responding to a fixed telephone dialing operation of a user, sending a call request to a session network by a user terminal corresponding to the user, wherein the call request carries first account verification information of the user, and the first account verification information at least comprises: the user first VOIP account, the user first LOID and the user first terminal MAC address;
the session network sends a verification request to a DHCP server, wherein the verification request carries the first account verification information;
the DHCP server performs identity verification on the user according to the first account verification information and the second account verification information of the user, wherein the second account verification information at least comprises: a second VOIP account of the user, a second LOID of the user, a second terminal MAC address of the user;
In response to authentication passing, the DHCP server sends authentication passing information to the session network;
in response to receiving the authentication pass information, the session network performs a session flow for the user.
2. The method according to claim 1, wherein the obtaining, by the DHCP server, the network address of the voice device of the session network without user registration by the session network, comprises:
the user terminal sends a voice equipment network address request to the DHCP server, wherein the voice equipment network address request carries the first account verification information;
the DHCP server performs identity authentication on the user according to the first account authentication information and the second account authentication information;
and the DHCP server sends the network address of the voice equipment to the user terminal in response to the user terminal passing the verification.
3. The method of claim 1, wherein the user registering in the session network without registering in the session network comprises:
responding to a session network registration operation initiated by a user, wherein the user terminal sends a registration request to the session network, and the registration request at least carries the first account verification information;
The session network sends the verification request to the DHCP server;
the DHCP server performs identity authentication on the user according to the first account authentication information and the second account authentication information contained in the authentication request;
in response to authentication passing, the DHCP server sends authentication passing information to the session network;
in response to receiving the authentication pass information, the session network performs a registration procedure of the user.
4. The method of claim 1, wherein the user completes the operation of opening an account at the server in advance, comprising:
responding to the account opening operation of the user, and sending an account opening request to the server by the user terminal;
the server side obtains LOID, VOIP account number and terminal MAC address corresponding to the user;
the server adds the LOID, the VOIP account number and the terminal MAC address into a work order;
and the server sends the work order to the DHCP server so that the DHCP server stores the work order.
5. The method according to claim 1, wherein the DHCP server performs authentication on the user according to the first account authentication information and the second account authentication information of the user, including:
The DHCP server compares the first VOIP account with the second VOIP account;
the DHCP server compares the first LOID with the second LOID;
the DHCP server compares the first terminal MAC address with the second terminal MAC address.
6. The method of claim 1, wherein configuring the optical cat and the OLT corresponding to the user terminal in advance includes:
starting a first function parameter on the cat, wherein the first function parameter requires the user terminal to carry the first VOIP account when sending a request;
and starting a second function parameter on the OLT, wherein the second function parameter requires the user terminal to carry the first LOID when sending a request.
7. The method according to claim 1, wherein the method further comprises:
responding to the user as a non-authentication user, forwarding the call request of the user to an abnormal telephone traffic control platform;
the abnormal telephone traffic control platform intercepts and judges the call request according to a preset telephone traffic control strategy;
responding to the interception judgment passing, the abnormal telephone traffic control platform sends the call request to the session network;
And the session network executes the session flow of the user.
8. A fixed telephone authentication apparatus, the apparatus comprising:
the call request sending module is used for responding to the fixed telephone dialing operation of a user, the user terminal corresponding to the user sends a call request to a session network, the call request carries first account verification information of the user, and the first account verification information at least comprises: the user first VOIP account, the user first LOID and the user first terminal MAC address;
the authentication request sending module is used for sending an authentication request to the DHCP server by the session network, wherein the authentication request carries the first account authentication information;
the authentication module is used for the DHCP server to authenticate the user according to the first account authentication information and the second account authentication information of the user, and the second account authentication information at least comprises: a second VOIP account of the user, a second LOID of the user, a second terminal MAC address of the user;
the authentication passing information sending module is used for responding to the authentication passing, and the DHCP server sends authentication passing information to the session network;
And the session flow executing module is used for responding to the received verification passing information and executing the session flow of the user by the session network.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 7.
10. An electronic device includes a memory, a processor, and a memory storage device that is operable to process data
Computer program running on a processor, characterized in that, when said computer program is executed by said processor,
steps for carrying out the method according to any one of claims 1 to 7.
CN202311077608.XA 2023-08-24 2023-08-24 Fixed telephone identity verification method, device, equipment and storage medium Pending CN117318989A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311077608.XA CN117318989A (en) 2023-08-24 2023-08-24 Fixed telephone identity verification method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311077608.XA CN117318989A (en) 2023-08-24 2023-08-24 Fixed telephone identity verification method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117318989A true CN117318989A (en) 2023-12-29

Family

ID=89285589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311077608.XA Pending CN117318989A (en) 2023-08-24 2023-08-24 Fixed telephone identity verification method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117318989A (en)

Similar Documents

Publication Publication Date Title
KR101507632B1 (en) Method and apparatus for remote access to a local network
US8108677B2 (en) Method and apparatus for authentication of session packets for resource and admission control functions (RACF)
JP4567729B2 (en) Subscriber identity
US9992183B2 (en) Using an IP multimedia subsystem for HTTP session authentication
US8191109B2 (en) Application verification
US20110194553A1 (en) Non-validated emergency calls for all-ip 3gpp ims networks
US20080219241A1 (en) Subscriber access authorization
KR101001555B1 (en) Network ID based federation and Single Sign On authentication method
US20090043891A1 (en) Mobile WiMax network system including private network and control method thereof
CN103391539B (en) The account-opening method of internet protocol multi-media sub-system IMS, Apparatus and system
WO2007051406A1 (en) A control system and method for terminal using network and device therefore
US9143494B2 (en) Method and apparatus for accessing a network
CN103166962A (en) Method for safely calling session initiation protocol (SIP) terminal based on bound number authentication mechanism
JP4778282B2 (en) Communication connection method, system, and program
JP4965499B2 (en) Authentication system, authentication device, communication setting device, and authentication method
CN117318989A (en) Fixed telephone identity verification method, device, equipment and storage medium
CN111163465B (en) Method and device for connecting user terminal and local terminal and call center system
WO2011063562A1 (en) Method, system and device for user dial authentication
JP2009267638A (en) Terminal authentication/access authentication method, and authentication system
CN102055744A (en) Implementing system and method of IP (Internet Protocol) multimedia subsystem emergency call service
WO2007056925A1 (en) A session control method and equipment in ims network
WO2022247938A1 (en) Terminal device registration method, related device, system, and storage medium
JP7327636B2 (en) Public key authentication device, public key authentication system, public key authentication method and program
CN111770048B (en) Method for preventing SIP equipment from being attacked, calling equipment and called equipment
CN113765905B (en) Data communication method based on trusted service agent

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination