CN1972290A - Modification method for authentication password based on SIP, subscriber proxy server and subscriber proxy client - Google Patents
Modification method for authentication password based on SIP, subscriber proxy server and subscriber proxy client Download PDFInfo
- Publication number
- CN1972290A CN1972290A CNA2006101380978A CN200610138097A CN1972290A CN 1972290 A CN1972290 A CN 1972290A CN A2006101380978 A CNA2006101380978 A CN A2006101380978A CN 200610138097 A CN200610138097 A CN 200610138097A CN 1972290 A CN1972290 A CN 1972290A
- Authority
- CN
- China
- Prior art keywords
- authentication password
- authentication
- password
- user agent
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
This invention relates to authorization codes repair method, user agent servo and customer end based on SIP, wherein, the user agent servo repairs the authorization codes according to user agent customer end information and processes authorization according to repaired codes in processing authorization. This invention customer end can repair user agent servo stored authorization codes and clears user agent customer end for repair flow on user agent servo authorization codes.
Description
Technical field
The present invention relates to the network communications technology field, be specifically related to a kind of modification method for authentication password, subscriber proxy server and User Agent Client based on SIP.
Background technology
The networking diagram in SIP territory as shown in Figure 1.Among Fig. 1, the logic entity that sends request message is called UAC (User Agent Client, User Agent Client), and the message that accepts request and the logic entity that sends response message are called UAS (User Agent Server, subscriber proxy server).
When UAS receives a request message, if desired this request message is carried out authentication, will check whether carry authentication information (credentials) in the request message.When UAS determines not carry authentication information in the request message, to UAC send 401 not authentication (Unauthorized) response message or send 407 to UAC and act on behalf of the response message of authentication request (Proxy Authentication Required), and carry authentication parameter in the response message.Authentication parameter in the UAC root a tree name response message regenerates authentication information, and places it in and issue UAS in the request message, and UAS carries out authentication again according to the authentication information in the request message.
Can't make amendment to the authentication password of UAS at present,, then can not realize if the user need revise the authentication password of SIP phone.The authorizing procedure of SIP also needs further perfect.
Summary of the invention
The objective of the invention is to, a kind of modification method for authentication password based on SIP, subscriber proxy server and User Agent Client are provided, clear and definite User Agent Client authentication is by the back, to the flow process that the authentication password of subscriber proxy server is made amendment, the perfect authorizing procedure of SIP.
For achieving the above object, a kind of modification method for authentication password based on SIP provided by the invention comprises:
User Agent Client is revised message transmission to subscriber proxy server with authentication;
The subscriber proxy server authentication modification information that transmission comes according to User Agent Client is carried out the modification of authentication password.
Following method and technology scheme is optional technical scheme.
Described authentication modification information comprises: revise authentication password action type, old authentication password and new authentication password, and described subscriber proxy server carries out the step that authentication password revises and comprises:
The subscriber proxy server modification authentication password action type that transmission comes according to the User Agent Client old authentication password that transmission comes to User Agent Client carries out authentication, and after confirming old authentication password authentication success, old authentication password is revised as the new authentication password that the User Agent Client transmission comes;
Perhaps described authentication modification information comprises: revise authentication password action type and new authentication password, and described subscriber proxy server carries out the step that authentication password revises and comprises:
Subscriber proxy server transmits at definite User Agent Client revises authentication password action type information and User Agent Client when online, and the old authentication password of User Agent Client is revised as the new authentication password that the User Agent Client transmission comes.
Old authentication password in the described authentication modification information is: the old authentication password after the encryption; And/or
New authentication password in the described authentication modification information is: the new authentication password after the encryption;
When described new authentication password is: during new authentication password after the encryption, described authentication is revised information and is also comprised: the encryption type of new authentication password.
The step that described subscriber proxy server carries out the authentication password modification comprises:
User Agent Client obtains the encryption key of old authentication password, the encryption type of new authentication password;
User Agent Client is encrypted, according to the encryption type of new authentication password new authentication password is encrypted old authentication password according to the encryption key of old authentication password, and the authentication password after will encrypting or will revise the authentication password action type and encryption after authentication password transfer to subscriber proxy server;
Subscriber proxy server is revised as new authentication password with old authentication password after confirming that old authentication password authentication is correct, preserve the encryption type of new authentication password, and returns authentication password to User Agent Client and revise successful message;
The step that perhaps described subscriber proxy server carries out the authentication password modification comprises:
User Agent Client obtains the encryption type of new authentication password;
User Agent Client is encrypted new authentication password according to the encryption type of new authentication password, and the authentication password after will encrypting or will revise the authentication password action type and encryption after authentication password transfer to subscriber proxy server;
Subscriber proxy server is revised as new authentication password with old authentication password, preserves the encryption type of new authentication password, and returns authentication password to User Agent Client and revise successful message.
The described step of obtaining the encryption type of new authentication password comprises:
User Agent Client will be revised the authentication password action type and be carried on and transfer to subscriber proxy server in the login request message;
Subscriber proxy server is receiving when revising the authentication password action type, with the encryption type of new authentication password or will revise the authentication password action type and newly the encryption type of authentication password be carried in the response message of login request message and transfer to User Agent Client.
The described step that old authentication password is revised as new authentication password is specially:
Subscriber proxy server is decrypted new authentication password according to the encryption type of new authentication password, and old authentication password is revised as new authentication password after the deciphering; Or
Subscriber proxy server is revised as new authentication password after the encryption with old authentication password.
Described modification authentication password action type, old authentication password, new authentication password are carried in the authentication challenge parameter or authentication challenge responses parameter of authentication header field.
Described method also comprises:
Subscriber proxy server returns authentication password to User Agent Client and revises failure when confirming old authentication password failed authentication;
After authentication password is revised failure, and need carry out authentication process to User Agent Client the time, subscriber proxy server carries out authentication according to original authentication password.
The present invention also provides a kind of subscriber proxy server, is provided with the authentication password modified module in the described subscriber proxy server; Be provided with authentication password modified module and authentication module in the perhaps described subscriber proxy server;
Authentication password modified module: be used to receive the authentication modification information that the User Agent Client transmission comes, and revise information according to authentication authentication password is made amendment;
Authentication module: be used for User Agent Client being carried out authentication process according to the amended authentication password of authentication password modified module.
The technical scheme of following subscriber proxy server is optional technical scheme.
The old authentication password that authentication module is revised in the information authentication modification information that transmission comes to User Agent Client according to authentication carries out authentication, and after confirming old authentication password authentication success, notice authentication password modified module; After the authentication password modified module receives the notice of authentication module, old authentication password is revised as new authentication password in the authentication modification information that User Agent Client transmission comes; Perhaps
The authentication password modified module is when definite User Agent Client is online, and the authentication of coming according to User Agent Client transmission is revised information the old authentication password of User Agent Client is revised as new authentication password in the authentication modification information that the User Agent Client transmission comes.
The present invention also provides a kind of User Agent Client, is provided with the request modified module in the described User Agent Client;
Request modified module: be used for authentication modification information is sent to subscriber proxy server.
The technical scheme of following User Agent Client is optional technical scheme.
The request modified module obtains the encryption key of old authentication password, the encryption type of new authentication password, and according to the encryption key of old authentication password old authentication password is encrypted, according to the encryption type of new authentication password new authentication password is encrypted, and the authentication password after will encrypting or will revise the authentication password action type and encryption after authentication password transfer to subscriber proxy server; Perhaps
The request modified module obtains the encryption type of new authentication password, and according to the encryption type of new authentication password new authentication password is encrypted, and the authentication password after will encrypting or will revise the authentication password action type and encrypt after authentication password transfer to subscriber proxy server.
Description by technique scheme as can be known, the present invention revises transmission of Information by the authentication password between User Agent Client and the subscriber proxy server, User Agent Client can be made amendment to the authentication password of storing in the subscriber proxy server, clear and definite User Agent Client authentication has satisfied the demand of user's modification authentication password by the back, to the flow process that the authentication password of subscriber proxy server is made amendment; In revising the authentication password process,, guaranteed the fail safe in the authentication password modification process by the old authentication password after transmission is encrypted between User Agent Client and the subscriber proxy server, new authentication password; Authentication password of the present invention is revised information-bearing in the authentication header field of message, has made things convenient for the modification implementation procedure of authentication password; Thereby the authorizing procedure of SIP, the purpose of raising user satisfaction have been realized improving by technical scheme provided by the invention.
Description of drawings
Fig. 1 is the networking diagram schematic diagram in SIP territory;
Fig. 2 is the flow chart that the authentication password in the SIP registration process of embodiment of the present invention one is revised;
Fig. 3 is the flow chart that the authentication password of embodiment of the present invention two is revised.
Embodiment
The technical scheme that embodiment of the present invention is provided is further described below.
In embodiment of the present invention, can adopt direct connected mode between User Agent Client and the subscriber proxy server, also can adopt indirect connected mode.
The subscriber proxy server of embodiment of the present invention at first needs authentication is revised message transmission to subscriber proxy server when revising authentication password, and authentication modification information comprises: revise authentication password action type, old authentication password and new authentication password.When new authentication password was the new authentication password of encrypting, authentication was revised information and is also comprised: the encryption type of new authentication password.The modification here is the modification in the broader sense, refer to that not only the multidigit authentication password that will be provided with originally is revised as other multidigit authentication password, also comprise: under original situation that is provided with authentication password, delete the authentication password of original setting, under original situation that authentication password is not set, increase authentication password etc. is set.
Can utilize authentication challenge required parameter and authentication challenge responses parameter to realize the modification of authentication password between User Agent Client in the embodiment of the present invention and the subscriber proxy server.Like this, above-mentioned authentication is revised information and can be carried in the authentication header field.When carrying authentication challenge required parameter in the message, this message can be called authentication challenge request message.When carrying authentication challenge responses parameter in the message, this message can be called authentication challenge responses message.Embodiment of the present invention can be expanded challenge parameter of the authentication in the authentication header field and authentication challenge responses parameter, promptly in authentication challenge parameter, increase the encryption type of revising authentication password action type and new authentication password, in authentication challenge responses parameter, increase encryption type and the new authentication password of revising authentication password action type, new authentication password.
In the authentication header field, the authentication challenge parameter after the expansion can be following form:
challenge=″Digest″digest-challenge
digest-challenge=1#(realm|[domain]|nonce|
[opaque]|[stale]|[algorithm]|
[qop-options]|[auth-param])
[passwordop]|[passwordencmethod])
Wherein: passwordop is for revising the authentication password action type, and passwordencmethod is the encryption type of new authentication password.Passwordop and passwordencmethod are the parameter that increases newly.
In the authentication header field, the authentication challenge responses parameter after the expansion can be following form:
credentials=″Digest″digest-response
digest-response=1#(username|realm|nonce|digest-uri
|response|[algorithm]|[cnonce]|
[opaque]|[message-qop]|
[nonce-count]|[auth-param]|
[passwordop]|[passwordnew])
passwordop =″passwordop″″=″operation-tags
operation-tags =″add″/″change″/″delete″
passwordencmethod?=″passwordencmethod″″=″encryption-method
encryption-method?=″XOR″/″DES″/″3DES″/″RC5″/″AES″/″NONE″
passwordnew =″passwordnew″″=″quoted-string
Wherein, passwordop is for revising the authentication password action type, and passwordencmethod is the encryption type of new authentication password, the new authentication password after passwordnew represents to encrypt.Passwordop, passwordencmethod and passwordnew are the parameter that increases newly.
The value of Passwordop can be for increasing (add), modification (change), deletion (delete) etc.; The encryption type that the value of passwordencmethod can only can both be supported for UAC and UAS, when the encryption type of new authentication password when not encrypting, the value of passwordencmethod is NONE.
Be example below with the register flow path, the flow process of the modification authentication password of 2 pairs of embodiment of the present invention one is described in conjunction with the accompanying drawings.
Carry parameter p asswordop at step 3-1, UAC in the REGISTER request message, expression needs to revise authentication password.
Authentication parameter in the REGISTER request message can be following form:
Authorization:Digest?username=″7770000″,realm=″huawei.com″,
uri=″sip:182.20.90.100:5060″,integrity-protected=no,
passwordop=change
UAC with the REGISTER request message transmission to UAS.
Determine UAC needs modification password to step 3-2, UAS according to the passwordop=change in the REGISTER request message, the authentication challenge parameter that UAS will carry passwordop and passwordencmethod transfers to UAC.The value of Passwordop is change, and the modification to authentication password is confirmed in expression, and the passwordencmethod parameter carries the encryption type of new authentication password.
Authentication challenge parameter can be following form:
WWW-Authenticate:Digest?realm=″huawei.com″,
nonce=″073fcad97db5e337495e0a91bb2faafe″,domain=″sip:huawei.com″,
stale=false,algorithm=MD5,passwordop=change,passwordencmethod=XOR
Wherein: the encryption type of new authentication password is XOR (XOR).
In above-mentioned steps 3-2, UAS transfers in the authentication challenge parameter of UAC also can not comprise Passwordop.
To step 3-3, UAC root a tree name nonce old authentication password is encrypted, root a tree name passwordencmethod encrypts new authentication password, and the REGISTER request message that will carry authentication challenge responses parameters such as nonce and passwordencmethod is sent to UAS once more.REGISTER request message in this step can be called authentication challenge responses message.
Authentication challenge responses parameter in the REGISTER request message can be following form:
Authorization:Digest?username=″7770000″,realm=″huawei.com″,
nonce=″073fcad97db5e337495e0a91bb2faafe″,uri=″sip:182.20.90.100:5060″,
response=″96e6a45b003a1f32e496a9b72354b2b1″,integrity-protected=no,
passwordop=change,passwordnew=″09090909″
Wherein, the new authentication password after the encryption is 09090909.
In above-mentioned steps 3-3, UAC transfers in the authentication challenge responses parameter of UAS also can not comprise Passwordop.
When step 3-4, UAS receive the REGISTER request message once more, this REGISTER request message is carried out authentication process, promptly whether the old authentication password of checking is correct earlier, after old authentication password checking is correct, agrees the modification to authentication password.The UAS directly encryption type of the new authentication password of basis is decrypted new authentication password, with the new authentication password replace old authentication password after the deciphering, and preserve the encryption type of new authentication password, UAS can not be decrypted new authentication password in the process of revising authentication password yet, directly with the new authentication password replace old authentication password after encrypting, and preserve the encryption type of new authentication password, in the authentication process afterwards again the encryption type according to new authentication password new authentication password is decrypted.
UAS responds 200 message to UAC after authentication password is revised successfully.
UAC is after receiving 200 message, and the process that authentication password is revised finishes.After this, when UAC and UAS need authentication once more, should carry out authentication process according to amended authentication password.
In step 3-4, if owing to reasons such as old authentication password authentication faileds, when the UAS refusal is made amendment to old authentication password, UAS can send the information that authentication password is revised failure to UAC, after this, when UAC and UAS need authentication once more, still carry out authentication process according to former setting, unmodified authentication password.
Above embodiment in be example to realizing that the authentication password modification process describes with REGISTER message, also can revise information between UAC in the embodiment of the present invention and the UAS by carrying authentication in other message, and the modification process of the mutual realization authentication password by one or more request messages, and, embodiment of the present invention also can be carried authentication modification information by expanding other header field parameters, it realizes that substantially principle is all identical, only be separated into example at this embodiment of the present invention is described, other execution modes are not described in detail with old authentication password checking procedure and authentication password modification process.
In the superincumbent execution mode, the modification process of old authentication password checking procedure and authentication password is based on that the transmission of same message realizes.In the execution mode two below, old authentication password checking procedure and KI modification process be divided into two the step finish, promptly earlier old authentication password is carried out verification, verification succeeds represents that User Agent Client is online, then, under the online situation of User Agent Client, older authentication password is made amendment.The specific implementation flow process of embodiment of the present invention two as shown in Figure 3.
Among Fig. 3, step 4-1, UAC send the RFGISTER request message, do not carry parameter p asswordop in the REGISTER request message, perhaps do not carry Authorization (authentication) header field in the REGISTER request message.
Authentication challenge responses parameter in the REGISTER request message can be following form:
Authorization:Digest?username=″7770000″,realm=″huawei.com″,
uri=″sip:182.20.90.100:5060″.
To step 4-2, UAS receive the REGISTER request message, and determine not carry authentication information in the REGISTER request message after, return 401 response messages of authentication not to UAC, require UAC to carry out authentication.401 do not carry cryptographic algorithm (algorithm parameter), encrypted random number (nonce parameter) in the response message of authentication.
401 not the authentication parameter in the response message of authentication can be following form:
WWW-Authenticate:Digest?realm=″huawei.com″,
nonce=″073fcad97db5e337495e0a91bb2faafe″,domain=″sip:huawei.com″,
stale=false,algorithm=MD5
Receive 401 not behind the response message of authentication to step 4-3, UAC, old authentication password is encrypted, then, the old authentication password after encrypting is sent to UAS by the REGISTER request message.
At this moment, the authentication parameter in the REGISTER request message can be following form:
Authorization:Digest?username=″7770000″,realm=″huawei.com″,
nonce=″073fcad97db5e337495e0a91bb2faafe″,uri=″sip:182.20.90.100:5060″,
response=″96e6a45b003a1f32e496a9b72354b2b1″
Wherein, the response parameter is the old authentication password after encrypting.
After receiving the REGISTER request message once more to step 4-4, UAS, old authentication password is carried out verification, after the cryptographic check success, to 200 message of UAC back-checking success, UAC succeeds in registration.
Under the situation that UAC succeeds in registration and UAC is online, UAC can directly make amendment to authentication password.
Send the REGISTER request message to step 4-5, UAC, carry parameter p asswordop in this REGISTER request message, need to revise authentication password with expression.Call-ID in the REGISTER request message of Call-ID in the REGISTER request message and step 4-1 is consistent, and UAC is online with expression.
Authentication challenge responses parameter in the REGISTER request message can be following form:
Authorization:Digest?username=″7770000″,realm=″huawei.com″,
uri=″sip:182.20.90.100:5060″,
passwordop=change
Call-ID:eal5d9a8110b07786af504b01fbda18b
Determine UAC needs modification authentication password to step 4-6, UAS according to the passwordop=change in the REGISTER request message that receives, under the online situation of UAC, the authentication challenge parameter that UAS will carry passwordop and passwordencmethod transfers to UAC.Wherein, the value of Passwordop is change, and the modification to authentication password is confirmed in expression, and the passwordencmethod parameter carries the encryption type of new authentication password.
Authentication challenge parameter can be following form:
WWW-Authenticate:Digest?realm=″huawei.com″,
domain=″sip:huawei.com″,stale=false,
passwordop=change,passwordencmethod=XOR
In above-mentioned steps 4-6, UAS transfers in the authentication challenge parameter of UAC also can not comprise Passwordop.
New authentication password is encrypted according to the passwordencmethod in the authentication challenge message to step 4-7, UAC, and the REGISTER request message is sent to UAS once more, carry the new authentication password passwordnew after the encryption in the REGISTER request message.
Authentication challenge responses parameter in the REGISTER request message can be following form:
Authorization:Digest?username=″7770000″,realm=″huawei.com″,
uri=″sip:182.20.90.100:5060″,
passwordop=change,passwordnew=″09090909″
In above-mentioned steps 4-7, UAC transfers in the authentication challenge responses parameter of UAS also can not comprise Passwordop.
From the REGISTER request message that receives, obtain new authentication password to step 4-8, UAS, under the online situation of UAC, new authentication password is preserved, finish modification, respond 200 message to UAC to authentication password.The new authentication password that UAS preserves can be the new authentication password after the deciphering, also can be the new authentication password after encrypting.
Subscriber proxy server and User Agent Client to embodiment of the present invention is described below.
Be provided with authentication password modified module and authentication module in the subscriber proxy server, be provided with the request modified module in the User Agent Client.
The request modified module is mainly used in authentication modification information is sent to subscriber proxy server.The authentication that the request modified module sends is revised information and can be comprised: revise authentication password action type, old authentication password and new authentication password; In some cases, as when User Agent Client is online, authentication is revised information and also can be comprised: revise authentication password action type and new authentication password.
The request modified module can be revised information with authentication and transfer to subscriber proxy server by login request message.The request modified module can be revised authentication information and be sent to subscriber proxy server together, also authentication can be revised the information gradation and transfer to subscriber proxy server.
The authentication password modified module is mainly used in and receives the authentication modification information that the transmission of request modified module comes, and revises information according to the authentication that receives the authentication password of User Agent Client is made amendment.After the authentication password modified module was successfully revised authentication password, authentication module was carried out authentication process according to amended authentication password to User Agent Client; After the authentication password modified module was revised failure to authentication password, authentication module was carried out authentication process according to unmodified authentication password to User Agent Client.
Flow process with two concrete modification authentication passwords is that example describes each module in the embodiment of the present invention below.
Execution mode one: at first, the REGISTER request message that the request modified module will carry passwordop=change is sent to the authentication password modified module.
The authentication password modified module is determined UAC needs modification password according to the passwordop=change in the REGISTER request message, and the response message that the authentication password modified module will carry the REGISTER request message of authentications challenge parameters such as passwordop and passwordencmethod transfers to UAC.Wherein, the value of Passwordop is change, and the modification to authentication password is confirmed in expression, and the passwordencmethod parameter carries the encryption type of new authentication password.The authentication password modified module is sent in the response message of REGISTER request message of User Agent Client also can not comprise passwordop.
The request modified module is after User Agent Client receives back authentication challenge parameter, old authentication password is encrypted, and root a tree name passwordencmethod encrypts new authentication password, then, the REGISTER request message of asking modified module will carry authentication challenge responses parameters such as nonce and passwordencmethod is sent to UAS.
Authentication module is carried out authentication process to the REGISTER request message after UAS receives the REGISTER request message, promptly whether the old authentication password of checking is correct earlier, and after old authentication password checking was correct, notice authentication password modified module was made amendment to authentication password.
The authentication password modified module is after receiving the notice of authentication module, encryption type according to the new authentication password in the REGISTER request message is decrypted new authentication password, with the new authentication password replace old authentication password after the deciphering, and preserve the encryption type of new authentication password; The authentication password modified module can not be decrypted new authentication password in the process of revising authentication password yet, directly with the new authentication password replace old authentication password after encrypting, and preserve the encryption type of new authentication password, like this, in the later authentication process of authentication module, new authentication password is decrypted by the encryption type of authentication module according to new authentication password.
The authentication password modified module responds 200 message to User Agent Client after authentication password is revised successfully.After this, when authentication module need be carried out authentication to User Agent Client, should carry out authentication process according to the amended authentication password of authentication password modified module.
If owing to reasons such as old authentication password authentication faileds, authentication password modified module refusal is made amendment to old authentication password, then the authentication password modified module sends the information that authentication password is revised failure to User Agent Client, after this, when authentication module need be carried out authentication to User Agent Client, still carry out authentication process according to former setting, unmodified authentication password.
Execution mode two: under the online situation of User Agent Client, revise authentication password.
Under the online situation of User Agent Client, the request modified module sends the REGISTER request message to subscriber proxy server, carries parameter p asswordop in this REGISTER request message, needs to revise authentication password with expression.Call-ID in the REGISTER request message represents that User Agent Client is online.
The authentication password modified module is determined UAC needs modification authentication password according to the passwordop=change in the REGISTER request message of subscriber proxy server reception, the authentication password modified module is being determined under the online situation of User Agent Client, the authentication challenge parameter that carries passwordop and passwordencmethod is being transferred to User Agent Client.Wherein, the value of Passwordop is change, and the modification to authentication password is confirmed in expression, and the passwordencmethod parameter carries the encryption type of new authentication password.The authentication password modified module is sent in the response message of REGISTER request message of User Agent Client also can not comprise passwordop.
The authentication password modified module is encrypted new authentication password according to the passwordencmethod in the authentication challenge message, and the REGISTER request message is sent to subscriber proxy server once more, carry the new authentication password passwordnew after the encryption in the REGISTER request message.
The authentication password modified module obtains new authentication password from the REGISTER request message that subscriber proxy server receives once more, new authentication password is preserved, and finishes the modification to authentication password, responds 200 message to User Agent Client.The new authentication password that the authentication password modified module is preserved can be the new authentication password after the deciphering, also can be the new authentication password after encrypting.After this, when authentication module need be carried out authentication to User Agent Client, should carry out authentication process according to the amended authentication password of authentication password modified module.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, and the claim of application documents of the present invention comprises these distortion and variation.
Claims (12)
1, a kind of modification method for authentication password based on SIP is characterized in that, comprising:
User Agent Client is revised message transmission to subscriber proxy server with authentication;
The subscriber proxy server authentication modification information that transmission comes according to User Agent Client is carried out the modification of authentication password.
2, the method for claim 1 is characterized in that:
Described authentication modification information comprises: revise authentication password action type, old authentication password and new authentication password, and described subscriber proxy server carries out the step that authentication password revises and comprises:
The subscriber proxy server modification authentication password action type that transmission comes according to the User Agent Client old authentication password that transmission comes to User Agent Client carries out authentication, and after confirming old authentication password authentication success, old authentication password is revised as the new authentication password that the User Agent Client transmission comes;
Perhaps described authentication modification information comprises: revise authentication password action type and new authentication password, and described subscriber proxy server carries out the step that authentication password revises and comprises:
Subscriber proxy server transmits at definite User Agent Client revises authentication password action type information and User Agent Client when online, and the old authentication password of User Agent Client is revised as the new authentication password that the User Agent Client transmission comes.
3, method as claimed in claim 2 is characterized in that:
Old authentication password in the described authentication modification information is: the old authentication password after the encryption; And/or
New authentication password in the described authentication modification information is: the new authentication password after the encryption;
When described new authentication password is: during new authentication password after the encryption, described authentication is revised information and is also comprised: the encryption type of new authentication password.
4, method as claimed in claim 3 is characterized in that:
The step that described subscriber proxy server carries out the authentication password modification comprises:
User Agent Client obtains the encryption key of old authentication password, the encryption type of new authentication password;
User Agent Client is encrypted, according to the encryption type of new authentication password new authentication password is encrypted old authentication password according to the encryption key of old authentication password, and the authentication password after will encrypting or will revise the authentication password action type and encryption after authentication password transfer to subscriber proxy server;
Subscriber proxy server is revised as new authentication password with old authentication password after confirming that old authentication password authentication is correct, preserve the encryption type of new authentication password, and returns authentication password to User Agent Client and revise successful message;
The step that perhaps described subscriber proxy server carries out the authentication password modification comprises:
User Agent Client obtains the encryption type of new authentication password;
User Agent Client is encrypted new authentication password according to the encryption type of new authentication password, and the authentication password after will encrypting or will revise the authentication password action type and encryption after authentication password transfer to subscriber proxy server;
Subscriber proxy server is revised as new authentication password with old authentication password, preserves the encryption type of new authentication password, and returns authentication password to User Agent Client and revise successful message.
5, method as claimed in claim 4 is characterized in that, the described step of obtaining the encryption type of new authentication password comprises:
User Agent Client will be revised the authentication password action type and be carried on and transfer to subscriber proxy server in the login request message;
Subscriber proxy server is receiving when revising the authentication password action type, with the encryption type of new authentication password or will revise the authentication password action type and newly the encryption type of authentication password be carried in the response message of login request message and transfer to User Agent Client.
6, method as claimed in claim 4 is characterized in that, the described step that old authentication password is revised as new authentication password is specially:
Subscriber proxy server is decrypted new authentication password according to the encryption type of new authentication password, and old authentication password is revised as new authentication password after the deciphering; Or
Subscriber proxy server is revised as new authentication password after the encryption with old authentication password.
7, method as claimed in claim 2 is characterized in that, described modification authentication password action type, old authentication password, new authentication password are carried in the authentication challenge parameter or authentication challenge responses parameter of authentication header field.
8, method as claimed in claim 2 is characterized in that, described method also comprises:
Subscriber proxy server returns authentication password to User Agent Client and revises failure when confirming old authentication password failed authentication;
After authentication password is revised failure, and need carry out authentication process to User Agent Client the time, subscriber proxy server carries out authentication according to original authentication password.
9, a kind of subscriber proxy server is characterized in that, is provided with the authentication password modified module in the described subscriber proxy server; Be provided with authentication password modified module and authentication module in the perhaps described subscriber proxy server;
Authentication password modified module: be used to receive the authentication modification information that the User Agent Client transmission comes, and revise information according to authentication authentication password is made amendment;
Authentication module: be used for User Agent Client being carried out authentication process according to the amended authentication password of authentication password modified module.
10, subscriber proxy server as claimed in claim 9 is characterized in that:
The old authentication password that authentication module is revised in the information authentication modification information that transmission comes to User Agent Client according to authentication carries out authentication, and after confirming old authentication password authentication success, notice authentication password modified module; After the authentication password modified module receives the notice of authentication module, old authentication password is revised as new authentication password in the authentication modification information that User Agent Client transmission comes; Perhaps
The authentication password modified module is when definite User Agent Client is online, and the authentication of coming according to User Agent Client transmission is revised information the old authentication password of User Agent Client is revised as new authentication password in the authentication modification information that the User Agent Client transmission comes.
11, a kind of User Agent Client is characterized in that, is provided with the request modified module in the described User Agent Client;
Request modified module: be used for authentication modification information is sent to subscriber proxy server.
12, User Agent Client as claimed in claim 11 is characterized in that:
The request modified module obtains the encryption key of old authentication password, the encryption type of new authentication password, and according to the encryption key of old authentication password old authentication password is encrypted, according to the encryption type of new authentication password new authentication password is encrypted, and the authentication password after will encrypting or will revise the authentication password action type and encryption after authentication password transfer to subscriber proxy server; Perhaps
The request modified module obtains the encryption type of new authentication password, and according to the encryption type of new authentication password new authentication password is encrypted, and the authentication password after will encrypting or will revise the authentication password action type and encrypt after authentication password transfer to subscriber proxy server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101380978A CN1972290B (en) | 2005-11-07 | 2006-11-07 | Modification method for authentication password based on SIP, subscriber proxy server and subscriber proxy client |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510115578.2 | 2005-11-07 | ||
| CN200510115578 | 2005-11-07 | ||
| CN2006101380978A CN1972290B (en) | 2005-11-07 | 2006-11-07 | Modification method for authentication password based on SIP, subscriber proxy server and subscriber proxy client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1972290A true CN1972290A (en) | 2007-05-30 |
| CN1972290B CN1972290B (en) | 2011-02-16 |
Family
ID=38112875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101380978A Expired - Fee Related CN1972290B (en) | 2005-11-07 | 2006-11-07 | Modification method for authentication password based on SIP, subscriber proxy server and subscriber proxy client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1972290B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215235A (en) * | 2011-06-10 | 2011-10-12 | 北京工业大学 | SIP (session initiation protocol) safety certification method capable of modifying authentication password |
| CN101488945B (en) * | 2008-01-14 | 2012-09-19 | 北京大唐高鸿数据网络技术有限公司 | Authentication method oriented to SIP |
| CN106452752A (en) * | 2016-10-24 | 2017-02-22 | 北京明华联盟科技有限公司 | Method and system of modifying cipher, client, server and smart device |
| CN109446793A (en) * | 2018-09-21 | 2019-03-08 | 广州江南科友科技股份有限公司 | A kind of account based on Windows agent changes decryption method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5719941A (en) * | 1996-01-12 | 1998-02-17 | Microsoft Corporation | Method for changing passwords on a remote computer |
-
2006
- 2006-11-07 CN CN2006101380978A patent/CN1972290B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5719941A (en) * | 1996-01-12 | 1998-02-17 | Microsoft Corporation | Method for changing passwords on a remote computer |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101488945B (en) * | 2008-01-14 | 2012-09-19 | 北京大唐高鸿数据网络技术有限公司 | Authentication method oriented to SIP |
| CN102215235A (en) * | 2011-06-10 | 2011-10-12 | 北京工业大学 | SIP (session initiation protocol) safety certification method capable of modifying authentication password |
| CN102215235B (en) * | 2011-06-10 | 2013-08-21 | 北京工业大学 | SIP (session initiation protocol) safety certification method capable of modifying authentication password |
| CN106452752A (en) * | 2016-10-24 | 2017-02-22 | 北京明华联盟科技有限公司 | Method and system of modifying cipher, client, server and smart device |
| CN106452752B (en) * | 2016-10-24 | 2019-05-24 | 北京明华联盟科技有限公司 | Method, system and the client of Modify password, server and smart machine |
| CN109446793A (en) * | 2018-09-21 | 2019-03-08 | 广州江南科友科技股份有限公司 | A kind of account based on Windows agent changes decryption method and device |
| CN109446793B (en) * | 2018-09-21 | 2021-07-20 | 广州江南科友科技股份有限公司 | Account encryption method and device based on Windows agent |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1972290B (en) | 2011-02-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104579694B (en) | A kind of identity identifying method and system | |
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| EP1500226B1 (en) | System and method for storage and retrieval of a cryptographic secret from a plurality of network enabled clients | |
| CN101156352B (en) | Authentication method, system and authentication center based on mobile network P2P communication | |
| CA2518032A1 (en) | Methods and software program product for mutual authentication in a communications network | |
| CN108243176B (en) | Data transmission method and device | |
| WO2009155813A1 (en) | Method for storing encrypted data in client and system thereof | |
| CN101194529A (en) | Method for agreeing on a security key between at least one first and one second communications station for securing a communications link | |
| CN1716953B (en) | Method for identifying conversation initial protocol | |
| JP2000078124A (en) | Method for establishing key while using aerial communication and password, and password protocol | |
| CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| CN109660330B (en) | Method and system for identity authentication on block chain | |
| TWI501614B (en) | Symmetric Dynamic Authentication and Key Exchange System and Its | |
| CN105491015B (en) | A kind of communication of data and storage method | |
| CN115396121A (en) | Security authentication method for security chip OTA data packet and security chip device | |
| CN111275440A (en) | Remote secret key downloading method and system | |
| CN1972290B (en) | Modification method for authentication password based on SIP, subscriber proxy server and subscriber proxy client | |
| CN100450305C (en) | Safety service communication method based on general authentification frame | |
| CN102215235B (en) | SIP (session initiation protocol) safety certification method capable of modifying authentication password | |
| Liou et al. | T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs | |
| CN102404363B (en) | A kind of access method and device | |
| CN111553686A (en) | Data processing method and device, computer equipment and storage medium | |
| Barker et al. | Sp 800-57. recommendation for key management, part 1: General (revised) | |
| CN113965327B (en) | Key grouping method and key grouping management system of hardware password equipment | |
| KR101314435B1 (en) | Method for security roaming of mobile node and foreign agent apparatus thereof and security roaming system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110216 Termination date: 20121107 |