WO2021031741A1 - Procédé de traitement voip, dispositif et terminal - Google Patents

Procédé de traitement voip, dispositif et terminal Download PDF

Info

Publication number
WO2021031741A1
WO2021031741A1 PCT/CN2020/101612 CN2020101612W WO2021031741A1 WO 2021031741 A1 WO2021031741 A1 WO 2021031741A1 CN 2020101612 W CN2020101612 W CN 2020101612W WO 2021031741 A1 WO2021031741 A1 WO 2021031741A1
Authority
WO
WIPO (PCT)
Prior art keywords
blockchain
terminal
certificate
calling terminal
signature information
Prior art date
Application number
PCT/CN2020/101612
Other languages
English (en)
Chinese (zh)
Inventor
刘福文
杨波
王珂
Original Assignee
中国移动通信有限公司研究院
中国移动通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信有限公司研究院, 中国移动通信集团有限公司 filed Critical 中国移动通信有限公司研究院
Publication of WO2021031741A1 publication Critical patent/WO2021031741A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1104Session initiation protocol [SIP]

Definitions

  • the present disclosure relates to the field of communication technology, and in particular to a method, device, and terminal for processing Internet calls.
  • IP Internet Protocol address IP access to the public switched telephone network PSTN
  • IP-based client protocols such as Session Initiation Protocol SIP
  • traditional telephone services such as Integrated Services Digital Network ISDN
  • VoIP Voice over IP
  • the security mechanism in VoIP is to identify the identity of the initiator of the SIP request.
  • the identification process is as follows:
  • SIP client A sends a SIP invitation message to the authentication server.
  • the authentication server signs the header of the SIP invitation message, and puts the signature and the address indicating the authentication server certificate into the newly defined identity field.
  • the authentication server sends the signed invitation message to the authentication server.
  • the authentication server connects to the public key infrastructure PKI according to the address of the authentication server certificate to obtain the authentication server certificate.
  • the verification server uses the public key in the certificate of the verification server to verify the signature. After the verification is successful, the verification server sends a SIP invitation message to SIP client B.
  • the SIP client must trust the authentication server and the authentication server. As such, there is a problem of mutual trust between CAs in multiple certificate authentication centers.
  • the purpose of the present disclosure is to provide a method, device and terminal for processing Internet calls, which solves the current problem of mutual trust among multiple CAs in Internet calls.
  • the embodiments of the present disclosure provide a method for processing Internet calls, which is applied to a called terminal, and includes:
  • the first signature information is verified according to the public key in the blockchain certificate of the calling terminal, and an Internet phone connection with the calling terminal is established when the verification passes.
  • the querying the blockchain certificate of the calling terminal according to the identification information of the calling terminal includes:
  • the called terminal is a user terminal storing a complete block chain
  • the called terminal is a user terminal that stores a lightweight blockchain
  • it after it is linked to a trusted terminal that stores a complete blockchain, it will be stored in the complete blockchain according to the identification information of the calling terminal. Query the blockchain certificate of the calling terminal.
  • the identification information of the calling terminal includes a user name of the calling terminal, and the user name is complete identity information or a hash value of the complete identity information;
  • the querying the blockchain certificate of the calling terminal in the stored complete blockchain according to the identification information of the calling terminal includes:
  • a query of the blockchain certificate of the calling terminal is initiated to the complete blockchain.
  • the blockchain certificate includes: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the embodiments of the present disclosure provide a method for processing Internet calls, which is applied to a calling terminal, and includes:
  • the method before sending the network call invitation message to the called terminal, the method further includes:
  • the user name in the blockchain certificate of the calling terminal is complete identity information
  • use the private key of its account on the blockchain to sign the blockchain certificate of the calling terminal to obtain the second signature information
  • the private key of the account on the blockchain is used to compare the blockchain certificate of the calling terminal and the The complete identity information is signed to obtain the third signature information, and the blockchain certificate, the complete identity information, and the third signature information are broadcast on the blockchain network, and the accounting node of the blockchain will The blockchain certificate of the second terminal is stored in the blockchain.
  • the embodiments of the present disclosure provide a method for processing Internet calls, which is applied to a network terminal, and the network terminal is a billing node of a blockchain, including:
  • the blockchain certificate of the user terminal is stored in the blockchain, and the blockchain certificate is used to verify the signature information in the invitation message of the network call sent by the user terminal.
  • the initiating identity verification to the user terminal includes:
  • the external short message transceiver device is triggered to send a short message verification code to the user terminal according to the complete identity information of the user terminal.
  • the blockchain certificates all include: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the user name is complete identity information or a hash value of the complete identity information.
  • a network telephone processing device applied to a called terminal includes:
  • the receiving module is configured to receive an invitation message for a network call sent by a calling terminal, the message carrying first signature information and identification information of the calling terminal, and the first signature information is an invitation message for a network call Signature information to be signed at the head of the
  • the query module is used to query the blockchain certificate of the calling terminal according to the identification information of the calling terminal;
  • the first processing module is configured to verify the first signature information according to the public key in the blockchain certificate of the calling terminal, and establish an Internet phone connection with the calling terminal when the verification passes.
  • the query module is also used to:
  • the called terminal is a user terminal storing a complete block chain
  • the called terminal is a user terminal that stores a lightweight blockchain
  • it after it is linked to a trusted terminal that stores a complete blockchain, it will be stored in the complete blockchain according to the identification information of the calling terminal. Query the blockchain certificate of the calling terminal.
  • the identification information of the calling terminal includes a user name of the calling terminal, and the user name is complete identity information or a hash value of the complete identity information;
  • the query module is also used for:
  • a query of the blockchain certificate of the calling terminal is initiated to the complete blockchain.
  • the blockchain certificate includes: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • a network phone processing device which is applied to a calling terminal, and includes:
  • the second processing module is used to sign the header of the invitation message of the network call to obtain the first signature information
  • the sending module is used to send an invitation message for a network call to the called terminal, the message carries the first signature information and the identification information of the calling terminal, and the identification information is used for the called terminal to query The blockchain certificate of the calling terminal and verify the first signature information;
  • the third processing module is used to establish a network phone connection with the called terminal when the verification is passed.
  • the device further includes:
  • Generating module used to generate the blockchain certificate of the calling terminal
  • the first storage processing module is configured to, if the user name in the blockchain certificate of the calling terminal is complete identity information, use the private key of its account on the blockchain to compare the blockchain of the calling terminal.
  • the certificate is signed to obtain the second signature information, and the blockchain certificate of the calling terminal and the second signature information are broadcast on the blockchain network, and the calling terminal is sent to the billing node of the blockchain.
  • the blockchain certificate is stored in the blockchain;
  • the second storage processing module is used for if the user name in the blockchain certificate of the calling terminal is the hash value of the complete identity information, the private key of the account on the blockchain is used for the calling terminal Signing the blockchain certificate and the complete identity information to obtain the third signature information, and broadcast the blockchain certificate, the complete identity information and the third signature information on the blockchain network,
  • the accounting node of the block chain stores the block chain certificate of the second terminal in the block chain.
  • the embodiments of the present disclosure provide a network phone processing device, which is applied to a network terminal, and the network terminal is a billing node of a blockchain, including:
  • the obtaining module is used to obtain the block chain certificate and the second signature information broadcast by the user terminal on the block chain network; or, the block chain certificate, the complete identity information and the third signature information;
  • the fourth processing module is used to verify that the second signature information or the third signature information is passed, and the blockchain certificate corresponding to the user terminal or the blockchain certificate corresponding to the user terminal is not stored in the blockchain. If the corresponding blockchain certificate is invalid, initiate identity verification to the user terminal;
  • the fifth processing module is configured to store the blockchain certificate of the user terminal in the blockchain after the identity verification is successful, and the blockchain certificate is used for the network call invitation message sent by the user terminal To verify the signature information.
  • the fourth processing module is further configured to:
  • the blockchain certificates all include: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the user name is complete identity information or a hash value of the complete identity information.
  • the embodiments of the present disclosure provide a user terminal, where the user terminal is a called terminal and includes: a transceiver and a processor;
  • the transceiver is used to receive an invitation message for a network call sent by a calling terminal, and the message carries first signature information and identification information of the calling terminal, and the first signature information is an invitation to the network call Signature information for signing the header of the message;
  • the processor is configured to query the blockchain certificate of the calling terminal according to the identification information of the calling terminal;
  • the processor is further configured to verify the first signature information according to the public key in the blockchain certificate of the calling terminal, and establish an Internet phone connection with the calling terminal when the verification passes.
  • the processor is further configured to:
  • the called terminal is a user terminal storing a complete block chain
  • the called terminal is a user terminal that stores a lightweight blockchain
  • it after it is linked to a trusted terminal that stores a complete blockchain, it will be stored in the complete blockchain according to the identification information of the calling terminal. Query the blockchain certificate of the calling terminal.
  • the identification information of the calling terminal includes a user name of the calling terminal, and the user name is complete identity information or a hash value of the complete identity information;
  • the processor is also used for:
  • a query of the blockchain certificate of the calling terminal is initiated to the complete blockchain.
  • the blockchain certificate includes: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the embodiments of the present disclosure provide a user terminal, where the user terminal is a calling terminal and includes a transceiver and a processor;
  • the processor is configured to sign the header of the invitation message of the network call to obtain the first signature information
  • the transceiver is used to send an invitation message for a network call to a called terminal, the message carries the first signature information and identification information of the calling terminal, and the identification information is used for the called terminal Query the blockchain certificate of the calling terminal and verify the first signature information;
  • the processor is further configured to establish a network telephone connection with the called terminal when the verification is passed.
  • the processor is further configured to:
  • the user name in the blockchain certificate of the calling terminal is complete identity information
  • use the private key of its account on the blockchain to sign the blockchain certificate of the calling terminal to obtain the second signature information
  • the private key of the account on the blockchain is used to compare the blockchain certificate of the calling terminal and the The complete identity information is signed to obtain the third signature information, and the blockchain certificate, the complete identity information, and the third signature information are broadcast on the blockchain network, and the accounting node of the blockchain will The blockchain certificate of the calling terminal is stored in the blockchain.
  • the embodiments of the present disclosure provide a network terminal, where the network terminal is a billing node of a blockchain and includes: a transceiver and a processor;
  • the transceiver is used to obtain the block chain certificate and the second signature information broadcast by the user terminal on the block chain network; or, the block chain certificate, the complete identity information and the third signature information;
  • the processor is configured to verify that the second signature information or the third signature information is passed, and the blockchain certificate corresponding to the user terminal or the corresponding blockchain certificate of the user terminal is not stored in the blockchain. In the case that the blockchain certificate is invalid, initiate identity verification to the user terminal;
  • the processor is further configured to store the block chain certificate of the user terminal in the block chain after the identity verification is successful, and the block chain certificate is used for the network call invitation message sent by the user terminal To verify the signature information.
  • the processor is further configured to:
  • the external short message transceiver device is triggered to send a short message verification code to the user terminal according to the complete identity information of the user terminal.
  • the blockchain certificates all include: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the user name is complete identity information or a hash value of the complete identity information.
  • the embodiments of the present disclosure provide a communication terminal, including: a processor, a memory, and a computer program stored on the memory and capable of running on the processor; the processor executes the computer
  • the program implements the Internet phone processing method as applied to the called terminal, or the Internet phone processing method as applied to the calling terminal, or the Internet phone processing method as applied to the network terminal.
  • the embodiments of the present disclosure provide a computer-readable storage medium on which a computer program is stored, and the computer program, when executed by a processor, implements the Internet phone processing method applied to the called terminal as described above, or, The above is applied to the Internet phone processing method of the calling terminal, or the steps in the Internet phone processing method as applied to the network terminal.
  • the method of the embodiment of the present disclosure is applied to the called terminal.
  • After receiving the calling terminal's network call invitation message it will query the blockchain corresponding to the calling terminal according to the identification information of the calling terminal carried in the message Certificate, so that after querying the blockchain certificate of the calling terminal, use the public key in the blockchain certificate to verify the first signature information carried in the message, and establish a communication between the caller and the called party when the verification passes.
  • Internet phone connection In this way, using the blockchain to store certificates, there is no trusted third party in the blockchain, which can realize the direct trust between the user terminals of the Internet phone, and solve the problem of mutual trust among multiple CAs.
  • Figure 1 is a schematic diagram of a process flow of Internet telephony in related technologies
  • FIG. 2 is a flowchart of a method for processing an Internet phone call applied to a called terminal according to an embodiment of the disclosure
  • Figure 3 is a schematic diagram of a blockchain certificate in an embodiment of the disclosure.
  • FIG. 4 is a schematic diagram of a process flow of Internet telephony using the method of an embodiment of the present disclosure
  • FIG. 5 is a flowchart of a method for processing an Internet call applied to a calling terminal according to an embodiment of the disclosure
  • FIG. 6 is a flowchart of a method for processing Internet calls applied to a network terminal according to an embodiment of the disclosure
  • FIG. 7 is a structural diagram of a network phone processing device applied to a called terminal according to an embodiment of the disclosure.
  • FIG. 8 is a structural diagram of a network phone processing device applied to a calling terminal according to an embodiment of the disclosure.
  • FIG. 9 is a structural diagram of a network phone processing device applied to a network terminal according to an embodiment of the disclosure.
  • FIG. 10 is a structural diagram of a called terminal according to an embodiment of the disclosure.
  • Figure 11 is a structural diagram of a calling terminal according to an embodiment of the disclosure
  • FIG. 12 is a structural diagram of a network terminal according to an embodiment of the disclosure.
  • FIG. 13 is a structural diagram of a communication terminal according to an embodiment of the disclosure.
  • B corresponding to A means that B is associated with A, and B can be determined according to A.
  • determining B according to A does not mean determining B only according to A, and B can also be determined according to A and/or other information.
  • an embodiment of the present disclosure provides a method for processing Internet calls, which is applied to a called terminal, and includes:
  • Step 201 Receive an invitation message for a network call sent by a calling terminal, where the message carries first signature information and identification information of the calling terminal, and the first signature information is the header of the invitation message for the network call. Ministry of signature information.
  • the called terminal will receive the network call invitation message sent by the calling terminal.
  • the first signature information carried in the message is obtained by the calling terminal signing the header of the invitation message of the network call. Specifically, the DATA field, the FROM field, and the TO field in the header of the invitation message of the network call are signed.
  • the FROM field contains the identity of the inviter (SIP uniform resource identifier URI or phone number), the TO field contains the identity of the invitee (SIP URI or phone number), and the DATA field contains the timestamp of sending the SIP invitation message.
  • the signature on the FROM field can ensure the authenticity of the inviter's identity, the signature on the TO field can ensure that the identity of the invitee has not been tampered with, and the signature on the DATA field can prevent replay attacks.
  • the identification information of the calling terminal carried in the message will be used to query the blockchain certificate of the calling terminal.
  • Step 202 Query the blockchain certificate of the calling terminal according to the identification information of the calling terminal.
  • the user terminal stores the certificate used for its own identity verification in the blockchain, and uses the blockchain to ensure the authenticity and reliability of the certificate. Therefore, in this step, after receiving the network call invitation message sent by the calling terminal in step 201, it will query the calling terminal’s blockchain certificate according to the calling terminal’s identification information carried in the network call invitation message In order to use certificates for verification.
  • Step 203 Verify the first signature information according to the public key in the blockchain certificate of the calling terminal, and establish an Internet phone connection with the calling terminal when the verification passes.
  • the public key in the blockchain certificate queried in step 202 is used to verify the first signature information, so as to establish a connection between the called terminal and the calling terminal when the verification of the calling terminal is completed.
  • Internet phone connection considering the existence and validity of the certificate, the public key of the blockchain certificate will be used when the blockchain certificate of the calling terminal is queried and the blockchain certificate is valid.
  • the method of the embodiment of the present disclosure is applied to the called terminal.
  • the calling terminal's network call invitation message After receiving the calling terminal's network call invitation message, it will query the corresponding calling terminal according to the calling terminal's identification information carried in the message.
  • Call the terminal’s blockchain certificate so that after querying the calling terminal’s blockchain certificate, use the public key in the blockchain certificate to verify the first signature information carried in the message, and establish it when the verification passes Internet phone connection between the caller and the called.
  • the user terminal in order to facilitate identity verification during the Internet phone connection process, the user terminal will generate their respective blockchain certificates and store them in the blockchain. Therefore, before the calling terminal sends the invitation message for the network call, it will generate its own blockchain certificate; if the user name in the generated blockchain certificate is complete identity information, it will use its private account on the blockchain.
  • the key signs the block chain certificate of the calling terminal to obtain the second signature information, and broadcasts the block chain certificate of the calling terminal and the second signature information on the block chain network.
  • the account node stores the block chain certificate of the calling terminal in the block chain; if the user name in the generated block chain certificate is the hash value of the complete identity information, the private account of the account on the block chain is used.
  • the key signs the blockchain certificate and complete identity information of the calling terminal to obtain the third signature information, and broadcasts the blockchain certificate, complete identity information and the third signature information of the calling terminal on the blockchain network , Storing the blockchain certificate of the second terminal in the blockchain via the accounting node of the blockchain.
  • the calling terminal will first generate its own blockchain certificate. Since the user name in the blockchain certificate can be the complete identity information of the terminal, such as SIP URI or phone number, or the hash value of the complete identity information of the terminal, in order to ensure the correct storage of the certificate by the accounting node, After the blockchain certificate is generated, the specific implementation of the user name in the blockchain certificate will be treated differently: if the user name is complete identity information, only the private key of the account on the blockchain will be used for the blockchain Certificate signature, broadcast the blockchain certificate and the corresponding signature information obtained on the blockchain network, and then store the blockchain certificate in the blockchain through the accounting node of the blockchain; if the user name is complete The hash value of the identity information uses the private key of its account on the blockchain to sign the blockchain certificate and complete identity information, and the blockchain certificate, complete identity information and the corresponding signature information obtained Broadcast on the blockchain network, and then store the blockchain certificate in the blockchain through the accounting node of the blockchain.
  • the user name in the blockchain certificate can be the complete identity information of the terminal, such as SIP
  • the accounting node is determined through the blockchain consensus mechanism. Based on the content broadcast by the terminal on the blockchain network, the accounting node will verify the signature information, and the blockchain certificate corresponding to the terminal is not stored in the blockchain or the blockchain certificate corresponding to the terminal is invalid In this case, an identity verification request is initiated to the terminal, and after the identity verification is successful, the blockchain certificate corresponding to the terminal is stored in the blockchain.
  • the accounting node can ensure the integrity of the blockchain certificate and the user name of the terminal by verifying the signature information.
  • the accounting node will search whether the user name of the existing blockchain certificate on the blockchain is the same as the user name of the blockchain certificate to be stored. If there is a duplicate name, and the status of the latest certificate with the same name on the blockchain is valid, the accounting node will reject the storage application of the blockchain certificate to be stored; if there is a duplicate name, but the same name on the blockchain If the status of the latest certificate is invalid, or there is no duplicate name, an identity verification request is initiated to the terminal.
  • the accounting node embeds a short message sending and receiving device such as a short message service SMS module in the blockchain system, and the short message sending and receiving device sends a short message verification to the terminal according to the complete identity information of the terminal Code, and then compare the short message verification code sent back by the terminal.
  • the complete identity information of the terminal on which the short message verification code is sent may be carried in the blockchain certificate or directly broadcast on the network.
  • the accounting node After successfully verifying the identity of the blockchain certificate, the accounting node writes the blockchain certificate into the block, and after the waiting time required by the system ends, writes the block into the blockchain. If the user name is the hash value of the complete identity information, the accounting node only writes the blockchain certificate into the block, and the complete identity information of the user terminal is not written into the block.
  • the calling terminal storing its own blockchain certificate in the blockchain
  • the called terminal will also use the same implementation method to store its own blockchain certificate in the blockchain, which will not be repeated here.
  • the blockchain certificate 300 includes: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the blockchain certificate generated by the calling terminal mainly includes the user name type, user name nature, user name, public key, validity period, certificate status, and extension items. specific:
  • User name type a mark used to distinguish different user types, such as phone number, SIP URI, etc.
  • User name nature used to distinguish whether the user name is anonymous or real. Anonymity of user names is to protect the privacy of users.
  • Username The name used by the user to apply for the blockchain certificate.
  • the user name is a real name
  • the user name is the user name in the FROM field in the SIP invitation message, which is the complete identity information of the terminal; if the user name is anonymous, the user name is the hash of the user name in the FROM field value.
  • Public key generated by the certificate applicant, and its corresponding private key is kept secret by the certificate applicant.
  • the certificate applicant adopts the Elliptical Curve Cryptography (ECC) when generating the public-private key pair.
  • ECC Elliptical Curve Cryptography
  • Validity period the time when the certificate can be used and the time when it is no longer valid.
  • the status of the certificate two statuses: valid and invalid.
  • a standard format such as the standard X.509 format can be used to generate a blockchain certificate, but because there is no trusted third party in the blockchain network, the certificate signature uses a self-signed, rather than a third-party digital signature.
  • the blockchain certificate can also use a custom format, because the authenticity and reliability of the blockchain certificate is guaranteed by the blockchain instead of a third-party digital signature, and it does not exist in the blockchain network.
  • a trusted third party, the biggest difference between the custom format and the X.509 format is that the format does not include the signature of the certificate information. And when the user terminal generates the blockchain certificate, the certificate status will be marked as valid.
  • step 202 includes:
  • the called terminal is a user terminal storing a complete block chain
  • the called terminal is a user terminal that stores a lightweight blockchain
  • it after it is linked to a trusted terminal that stores a complete blockchain, it will be stored in the complete blockchain according to the identification information of the calling terminal. Query the blockchain certificate of the calling terminal.
  • the called terminal can directly query the calling terminal’s blockchain certificate in the stored complete blockchain based on the calling terminal’s identification information; for storage light weight A called terminal of a level blockchain, the called terminal needs to be linked to a trusted terminal that stores a complete blockchain, and the trusted terminal can query the blockchain certificate of the calling terminal in the complete blockchain stored in the trusted terminal.
  • the identification information of the calling terminal includes a user name of the calling terminal, and the user name is complete identity information or a hash value of the complete identity information;
  • step 202 includes:
  • a query of the blockchain certificate of the calling terminal is initiated to the complete blockchain.
  • the identification information is the user name located in the FROM field of the SIP message. Specifically, if the user name is the complete identity information of the terminal, the called terminal uses the user name on the local blockchain or the remote blockchain to initiate a query If the user name to be queried is not retrieved on the blockchain, the hash value of the user name in the FROM field in the SIP message is used again to initiate a query on the local blockchain or stored in the remote blockchain. If the user name is the hash value of the terminal's complete identity information, directly use the hash value on the local blockchain or the remote blockchain to initiate a query.
  • the query is terminated and an error message is returned to the user (the certificate does not exist). If it exists, check the latest blockchain certificate corresponding to the username. If the status of the certificate is invalid, error information is returned to the user (the certificate exists but the status is invalid); if the status of the certificate is valid but the validity period has passed, the error information is returned to the user (the certificate exists but the validity period has expired); If the status of the certificate is valid and within the validity period, it is the blockchain certificate of the calling terminal that the called terminal wants to obtain.
  • user terminal A sends an invitation message (SIP invitation message) for a network call to user terminal B (called terminal), and user terminal A responds to the DATA field in the header of the SIP invitation message. , FROM field, TO field for signing.
  • user terminal A stores a valid blockchain certificate generated by itself in the blockchain.
  • user terminal B uses the identification information of the calling terminal in the message to initiate a query on the local blockchain or a remote blockchain. After querying that user terminal A is in the area
  • the blockchain certificate stored in the blockchain can use the public key in the certificate to verify the signature information in the message based on the blockchain certificate. If the verification succeeds, it proves the authenticity of the identity of the user terminal A, and When the verification is successful, an Internet phone connection between the caller and the called is established to realize the Internet phone.
  • the method of the embodiment of the present disclosure is applied to the called terminal.
  • After receiving the calling terminal’s network call invitation message it will query the calling terminal according to the calling terminal’s identification information carried in the message.
  • the terminal’ s blockchain certificate, so that after the calling terminal’s blockchain certificate is inquired, the public key in the blockchain certificate is used to verify the first signature information carried in the message, and the master is established when the verification passes.
  • Internet phone connection between called and called In this way, using the blockchain to store certificates, there is no trusted third party in the blockchain, which can realize direct trust between VoIP user terminals and solve the problem of mutual trust among multiple CAs.
  • an embodiment of the present disclosure also provides a method for processing Internet calls, which is applied to a calling terminal, and includes:
  • Step 501 Sign the header of the invitation message of the network call to obtain first signature information.
  • the DATA field, the FROM field, and the TO field in the header of the invitation message of the network call are signed.
  • the FROM field contains the identity of the inviter (SIP uniform resource identifier URI or phone number)
  • the TO field contains the identity of the invitee (SIP URI or phone number)
  • the DATA field contains the timestamp of sending the SIP invitation message.
  • the signature on the FROM field can ensure the authenticity of the inviter's identity
  • the signature on the TO field can ensure that the identity of the invitee has not been tampered with
  • the signature on the DATA field can prevent replay attacks.
  • Step 502 Send an invitation message for a network call to the called terminal, where the message carries the first signature information and identification information of the calling terminal, and the identification information is used by the called terminal to query the The blockchain certificate of the calling terminal verifies the first signature information.
  • the calling terminal sends an invitation message for the network call to the called terminal.
  • the message includes the first signature information obtained by signing in step 501 and the identification information of the calling terminal, so that after receiving the message, the called terminal can query the blockchain certificate based on the identification information of the calling terminal, and Use the public key in the blockchain certificate to verify the first signature information to complete the identity verification of the calling terminal.
  • Step 503 Establish an Internet phone connection with the called terminal when the verification is passed.
  • the called terminal completes the identity verification of the calling terminal, that is, the verification is passed, the network telephone connection between the calling terminal and the called terminal can be established.
  • the blockchain to store certificates, there is no trusted third party in the blockchain, which can realize the direct trust between the user terminals of the Internet phone, and solve the problem of mutual trust among multiple CAs.
  • step 502 it further includes:
  • the user name in the blockchain certificate of the calling terminal is complete identity information
  • use the private key of its account on the blockchain to sign the blockchain certificate of the calling terminal to obtain the second signature information
  • the private key of the account on the blockchain is used to compare the blockchain certificate of the calling terminal and the The complete identity information is signed to obtain the third signature information, and the blockchain certificate, the complete identity information, and the third signature information are broadcast on the blockchain network, and the accounting node of the blockchain will The blockchain certificate of the calling terminal is stored in the blockchain.
  • the calling terminal will first generate its own blockchain certificate. Since the user name in the blockchain certificate can be the complete identity information of the terminal, such as SIP URI or phone number, or the hash value of the complete identity information of the terminal, in order to ensure the correct storage of the certificate by the accounting node, After the blockchain certificate is generated, the specific implementation of the user name in the blockchain certificate will be treated differently: if the user name is complete identity information, only the private key of the account on the blockchain will be used for the blockchain Certificate signature, broadcast the blockchain certificate and the corresponding signature information obtained on the blockchain network, and then store the blockchain certificate in the blockchain through the accounting node of the blockchain; if the user name is complete The hash value of the identity information uses the private key of its account on the blockchain to sign the blockchain certificate and complete identity information, and the blockchain certificate, complete identity information and the corresponding signature information obtained Broadcast on the blockchain network, and then store the blockchain certificate in the blockchain through the accounting node of the blockchain.
  • the user name in the blockchain certificate can be the complete identity information of the terminal, such as SIP
  • the accounting node is determined through the blockchain consensus mechanism. Based on the content broadcast by the terminal on the blockchain network, the accounting node will verify the signature information, and the blockchain certificate corresponding to the terminal is not stored in the blockchain or the blockchain certificate corresponding to the terminal is invalid In this case, an identity verification request is initiated to the terminal, and after the identity verification is successful, the blockchain certificate corresponding to the terminal is stored in the blockchain.
  • the accounting node can ensure the integrity of the blockchain certificate and the user name of the terminal by verifying the signature information.
  • the accounting node will search whether the user name of the existing blockchain certificate on the blockchain is the same as the user name of the blockchain certificate to be stored. If there is a duplicate name, and the status of the latest certificate with the same name on the blockchain is valid, the accounting node will reject the storage application of the blockchain certificate to be stored; if there is a duplicate name, but the same name on the blockchain If the status of the latest certificate is invalid, or there is no duplicate name, an identity verification request is initiated to the terminal.
  • the accounting node embeds a short message sending and receiving device such as a short message service SMS module in the blockchain system, and the short message sending and receiving device sends a short message verification to the terminal according to the complete identity information of the terminal Code, and then compare the short message verification code sent back by the terminal.
  • the complete identity information of the terminal on which the short message verification code is sent may be carried in the blockchain certificate or directly broadcast on the network.
  • the accounting node After successfully verifying the identity of the blockchain certificate, the accounting node writes the blockchain certificate into the block, and after the waiting time required by the system ends, writes the block into the blockchain. If the user name is the hash value of the complete identity information, the accounting node only writes the blockchain certificate into the block, and the complete identity information of the user terminal is not written into the block.
  • the blockchain certificate includes: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • User name type a mark used to distinguish different user types, such as phone number, SIP URI, etc.
  • User name nature used to distinguish whether the user name is anonymous or real. Anonymity of user names is to protect the privacy of users.
  • Username The name used by the user to apply for the blockchain certificate.
  • the user name is a real name
  • the user name is the user name in the FROM field in the SIP invitation message, which is the complete identity information of the terminal; if the user name is anonymous, the user name is the hash of the user name in the FROM field value.
  • Public key generated by the certificate applicant, and its corresponding private key is kept secret by the certificate applicant.
  • the certificate applicant adopts the Elliptical Curve Cryptography (ECC) when generating the public-private key pair.
  • ECC Elliptical Curve Cryptography
  • Validity period the time when the certificate can be used and the time when it is no longer valid.
  • the status of the certificate two statuses: valid and invalid.
  • this method cooperates with the above-mentioned Internet phone processing method applied to the called terminal to realize the direct verification of the caller's identity using the blockchain certificate, and overcomes the problem of multi-CA trust.
  • the implementation manner of the embodiment of the terminal's Internet phone processing method is applicable to this method, and the same technical effect can also be achieved.
  • an embodiment of the present disclosure provides a method for processing Internet calls, which is applied to a network terminal, and the network terminal is a billing node of a blockchain, including:
  • Step 601 Obtain the blockchain certificate and second signature information broadcast by the user terminal on the blockchain network; or, the blockchain certificate, complete identity information, and third signature information.
  • the second signature information is obtained by using the private key of its account on the blockchain to sign the blockchain certificate
  • the third signature information is using the private key of its account on the blockchain to pair the blockchain certificate and the user
  • the complete identity information of the terminal is signed.
  • Step 602 after the verification of the second signature information or the third signature information is passed, and the blockchain certificate corresponding to the user terminal or the block corresponding to the user terminal is not stored in the blockchain If the chain certificate is invalid, initiate identity verification to the user terminal;
  • Step 603 After the identity verification is successful, store the blockchain certificate of the user terminal in the blockchain, and the blockchain certificate is used for the signature information in the network call invitation message sent by the user terminal authenticating.
  • the accounting node will verify the corresponding signature information (second signature information or third signature information), and it is not stored in the blockchain
  • the blockchain certificate corresponding to the user terminal or the blockchain certificate corresponding to the user terminal is invalid
  • a further identity verification request for the user terminal is initiated to the user terminal to avoid malicious tampering of the certificate.
  • the authentic and valid blockchain certificate of the user terminal can be stored in the blockchain.
  • the blockchain certificate can then be obtained by the called terminal based on the invitation message of the network call in the case that the invitation message of the network call sent by the calling terminal is sent to the called terminal, so that the blockchain certificate can be used to achieve matching Direct verification of the caller's identity overcomes the problem of multi-CA trust.
  • a network terminal applying the method of the embodiment of the present disclosure can ensure the integrity of the blockchain certificate and the complete identity information of the terminal by verifying the user terminal broadcast signature information.
  • the accounting node will search whether the user name of the existing blockchain certificate on the blockchain is the same as the user name of the blockchain certificate to be stored. If there is a duplicate name, and the status of the latest certificate with the same name on the blockchain is valid, the accounting node will reject the storage application of the blockchain certificate to be stored; if there is a duplicate name, but the same name on the blockchain If the status of the latest certificate is invalid, or there is no duplicate name, an identity verification request is initiated to the terminal.
  • step 602 initiating identity verification to the user terminal includes:
  • the external short message transceiver device is triggered to send a short message verification code to the user terminal according to the complete identity information of the user terminal.
  • the billing node embeds a short message sending and receiving device such as an SMS module in the blockchain system, and the short message sending and receiving device sends a short message verification code to the terminal according to the complete identity information of the terminal, and then Compare the short message verification code sent back by the terminal.
  • the complete identity information of the terminal on which the short message verification code is sent may be carried in the blockchain certificate or directly broadcast on the network.
  • the accounting node After successfully verifying the identity of the blockchain certificate, the accounting node writes the blockchain certificate into the block, and after the waiting time required by the system ends, writes the block into the blockchain. If the user name is the hash value of the complete identity information, the accounting node only writes the blockchain certificate into the block, and the complete identity information of the user terminal is not written into the block.
  • the blockchain certificates all include: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the user name is complete identity information or a hash value of the complete identity information.
  • this method cooperates with the above-mentioned Internet phone processing method applied to the user terminal to store the blockchain certificate of the user terminal, and the blockchain certificate can subsequently be sent to the calling terminal to send an invitation to the network call
  • the message reaches the called terminal, it is obtained by the called terminal based on the invitation message of the network call, so as to realize the direct verification of the caller's identity using the blockchain certificate and overcome the problem of multi-CA trust.
  • the above is applied to the user
  • the implementation manner of the embodiment of the terminal's Internet phone processing method is applicable to this method, and the same technical effect can also be achieved.
  • an embodiment of the present disclosure provides a network phone processing device applied to a called terminal, including:
  • the receiving module 710 is configured to receive an invitation message for a network call sent by a calling terminal, the message carrying first signature information and identification information of the calling terminal, and the first signature information is an invitation to the network call Signature information for signing the header of the message;
  • the query module 720 is configured to query the blockchain certificate of the calling terminal according to the identification information of the calling terminal;
  • the first processing module 730 is configured to verify the first signature information according to the public key in the blockchain certificate of the calling terminal, and establish an Internet phone connection with the calling terminal when the verification passes.
  • the query module is also used to:
  • the called terminal is a user terminal storing a complete block chain
  • the called terminal is a user terminal that stores a lightweight blockchain
  • it after it is linked to a trusted terminal that stores a complete blockchain, it will be stored in the complete blockchain according to the identification information of the calling terminal. Query the blockchain certificate of the calling terminal.
  • the identification information of the calling terminal includes a user name of the calling terminal, and the user name is complete identity information or a hash value of the complete identity information;
  • the query module is also used for:
  • a query of the blockchain certificate of the calling terminal is initiated to the complete blockchain.
  • the blockchain certificate includes: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the device is applied to the called terminal. After receiving the invitation message of the calling terminal's network call, it will query the blockchain certificate corresponding to the calling terminal according to the identification information of the calling terminal carried in the message. After reaching the blockchain certificate of the calling terminal, use the public key in the blockchain certificate to verify the first signature information carried in the message, and establish an Internet phone connection between the calling and the called when the verification is passed. In this way, using the blockchain to store certificates, there is no trusted third party in the blockchain, which can realize the direct trust between the user terminals of the Internet phone, and solve the problem of mutual trust among multiple CAs.
  • the device is an implementation of the above-mentioned method for processing Internet calls applied to the called terminal, and the same technology can be achieved when applied to this device. effect.
  • an embodiment of the present disclosure provides a network phone processing device applied to a calling terminal, including:
  • the second processing module 810 is configured to sign the header of the invitation message of the network call to obtain the first signature information
  • the sending module 820 is configured to send an invitation message for a network call to the called terminal, the message carries the first signature information and the identification information of the calling terminal, and the identification information is used for the called terminal Query the blockchain certificate of the calling terminal and verify the first signature information;
  • the third processing module 830 is configured to establish a network phone connection with the called terminal when the verification is passed.
  • the device further includes:
  • Generating module used to generate the blockchain certificate of the calling terminal
  • the first storage processing module is configured to, if the user name in the blockchain certificate of the calling terminal is complete identity information, use the private key of its account on the blockchain to compare the blockchain of the calling terminal.
  • the certificate is signed to obtain the second signature information, and the blockchain certificate of the calling terminal and the second signature information are broadcast on the blockchain network, and the calling terminal is sent to the billing node of the blockchain.
  • the blockchain certificate is stored in the blockchain;
  • the second storage processing module is used for if the user name in the blockchain certificate of the calling terminal is the hash value of the complete identity information, the private key of the account on the blockchain is used for the calling terminal Signing the blockchain certificate and the complete identity information to obtain the third signature information, and broadcast the blockchain certificate, the complete identity information and the third signature information on the blockchain network,
  • the accounting node of the block chain stores the block chain certificate of the second terminal in the block chain.
  • the device is applied to the calling terminal.
  • the header of the invitation message of the network call is signed to obtain the first signature information, and then the invitation message of the network call is sent to the called terminal so that the called terminal is based on the calling terminal carried in the message.
  • the identification information of the terminal is queried to the blockchain certificate, and the public key in the blockchain certificate is used to verify the first signature information, so that when the called terminal completes the identity verification of the calling terminal, that is, the verification is passed, the calling party can be established.
  • Internet phone connection between calls In this way, using the blockchain to store certificates, there is no trusted third party in the blockchain, which can realize the direct trust between the user terminals of the Internet phone, and solve the problem of mutual trust among multiple CAs.
  • the device is an implementation of the above-mentioned method for processing Internet calls applied to the calling terminal, and the same technology can be achieved when applied to this device. effect.
  • an embodiment of the present disclosure provides a network phone processing device, which is applied to a network terminal, and the network terminal is a billing node of a blockchain, including:
  • the obtaining module 910 is used to obtain the blockchain certificate and the second signature information broadcast by the user terminal on the blockchain network; or, the blockchain certificate, the complete identity information and the third signature information;
  • the fourth processing module 920 is configured to verify that the second signature information or the third signature information is passed, and the blockchain certificate corresponding to the user terminal is not stored in the blockchain or is connected to the user terminal In the case where the corresponding blockchain certificate is invalid, initiate identity verification to the user terminal;
  • the fifth processing module 930 is configured to store the blockchain certificate of the user terminal in the blockchain after the identity verification is successful, and the blockchain certificate is used for the invitation to the network call sent by the user terminal The signature information in the message is verified.
  • the fourth processing module is further configured to:
  • the external short message transceiver device is triggered to send a short message verification code to the user terminal according to the complete identity information of the user terminal.
  • the blockchain certificates all include: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the user name is complete identity information or a hash value of the complete identity information.
  • This device based on the content broadcast by the user terminal on the blockchain network, will pass the verification of the corresponding signature information, and the blockchain does not store the blockchain certificate corresponding to the user terminal or the zone corresponding to the user terminal.
  • the user terminal is further initiated an identity verification request for the user terminal to avoid malicious tampering of the certificate. In this way, after the identity verification of the user terminal is successful, the authentic and valid blockchain certificate of the user terminal can be stored in the blockchain.
  • the blockchain certificate can then be obtained by the called terminal based on the invitation message of the network call in the case that the invitation message of the network call sent by the calling terminal is sent to the called terminal, so that the blockchain certificate can be used to achieve matching Direct verification of the caller's identity overcomes the problem of multi-CA trust.
  • this device is an implementation method of the embodiment of the above-mentioned Internet phone processing method applied to a network terminal, and the same technical effect can be achieved when applied to this device.
  • an embodiment of the present disclosure provides a user terminal.
  • the user terminal is a called terminal 1000, and includes a transceiver 1010 and a processor 1020.
  • the transceiver 1010 is configured to receive an invitation message for a network call sent by a calling terminal, the message carries first signature information and identification information of the calling terminal, and the first signature information is for the network call Signature information for signing the header of the invitation message;
  • the processor 1020 is configured to query the blockchain certificate of the calling terminal according to the identification information of the calling terminal;
  • the processor 1020 is further configured to verify the first signature information according to the public key in the blockchain certificate of the calling terminal, and establish an Internet phone connection with the calling terminal when the verification passes.
  • processor 1020 is further configured to:
  • the called terminal is a user terminal storing a complete block chain
  • the called terminal is a user terminal that stores a lightweight blockchain
  • it after it is linked to a trusted terminal that stores a complete blockchain, it will be stored in the complete blockchain according to the identification information of the calling terminal. Query the blockchain certificate of the calling terminal.
  • the identification information of the calling terminal includes a user name of the calling terminal, and the user name is complete identity information or a hash value of the complete identity information;
  • the processor 1020 is further configured to:
  • a query of the blockchain certificate of the calling terminal is initiated to the complete blockchain.
  • the blockchain certificate includes: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the called terminal After the called terminal receives the calling terminal’s network call invitation message, it will query the blockchain certificate corresponding to the calling terminal based on the calling terminal’s identification information carried in the message, so that the calling terminal will be inquired
  • the block chain certificate of the calling terminal After the block chain certificate of the calling terminal is used, the public key in the block chain certificate is used to verify the first signature information carried in the message, and when the verification is passed, an Internet phone connection between the calling party and the called party is established.
  • the blockchain to store certificates, there is no trusted third party in the blockchain, which can realize the direct trust between the user terminals of the Internet phone, and solve the problem of mutual trust among multiple CAs.
  • an embodiment of the present disclosure provides a user terminal.
  • the user terminal is a calling terminal 1100 and includes a transceiver 1110 and a processor 1120.
  • the processor 1120 is configured to sign the header of the invitation message of the network call to obtain the first signature information
  • the transceiver 1110 is configured to send an invitation message for a network call to the called terminal, and the message carries the first signature information and identification information of the calling terminal, and the identification information is used for the called terminal.
  • the terminal queries the blockchain certificate of the calling terminal and verifies the first signature information;
  • the processor 1120 is further configured to establish a network phone connection with the called terminal when the verification is passed.
  • processor 1120 is further configured to:
  • the user name in the blockchain certificate of the calling terminal is complete identity information
  • use the private key of its account on the blockchain to sign the blockchain certificate of the calling terminal to obtain the second signature information
  • the private key of the account on the blockchain is used to compare the blockchain certificate of the calling terminal and the The complete identity information is signed to obtain the third signature information, and the blockchain certificate, the complete identity information, and the third signature information are broadcast on the blockchain network, and the accounting node of the blockchain will The blockchain certificate of the calling terminal is stored in the blockchain.
  • the calling terminal first signs the header of the invitation message of the network call to obtain the first signature information, and then sends the invitation message of the network call to the called terminal, so that the called terminal is based on the identity of the calling terminal carried in the message
  • the information is queried to the blockchain certificate, and the public key in the blockchain certificate is used to verify the first signature information, so that when the called terminal completes the identity verification of the calling terminal, that is, the verification is passed, the caller and called party can be established Internet phone connection.
  • the blockchain to store certificates, there is no trusted third party in the blockchain, which can realize the direct trust between the user terminals of the Internet phone, and solve the problem of mutual trust among multiple CAs.
  • the network terminal is a billing node of a blockchain and includes a transceiver 1210 and a processor 1220;
  • the transceiver 1210 is used to obtain the blockchain certificate and the second signature information broadcast by the user terminal on the blockchain network; or, the blockchain certificate, the complete identity information and the third signature information;
  • the processor 1220 is configured to verify that the second signature information or the third signature information is passed, and the blockchain certificate corresponding to the user terminal or the blockchain certificate corresponding to the user terminal is not stored in the blockchain. In case the corresponding blockchain certificate is invalid, initiate identity verification to the user terminal;
  • the processor 1220 is further configured to store the blockchain certificate of the user terminal in the blockchain after the identity verification is successful, and the blockchain certificate is used for the invitation to the network call sent by the user terminal The signature information in the message is verified.
  • processor 1220 is further configured to:
  • the external short message transceiver device is triggered to send a short message verification code to the user terminal according to the complete identity information of the user terminal.
  • the blockchain certificates all include: user name type, user name nature, user name, public key, validity period, certificate status, and extension items.
  • the user name is complete identity information or a hash value of the complete identity information.
  • the network device based on the content broadcast by the user terminal on the blockchain network, will pass the verification of the corresponding signature information, and the blockchain does not store the blockchain certificate corresponding to the user terminal or the corresponding user terminal In the case that the blockchain certificate is invalid, a further identity verification request for the user terminal is initiated to the user terminal to avoid malicious tampering of the certificate. In this way, after the identity verification of the user terminal is successful, the authentic and valid blockchain certificate of the user terminal can be stored in the blockchain.
  • the blockchain certificate can then be obtained by the called terminal based on the invitation message of the network call in the case that the invitation message of the network call sent by the calling terminal is sent to the called terminal, so that the blockchain certificate can be used to achieve matching Direct verification of the caller's identity overcomes the problem of multi-CA trust.
  • a communication terminal includes: a processor 1300, a memory 1320, and a computer program stored on the memory 1320 and running on the processor 1300;
  • the processor 1300 executes the computer program, it implements the Internet phone processing method applied to the called terminal, or the Internet phone processing method applied to the calling terminal, or the Internet phone processing method applied to the network terminal as described above.
  • the communication terminal further includes a transceiver 1310 for receiving and sending data under the control of the processor 1300.
  • the bus architecture may include any number of interconnected buses and bridges. Specifically, one or more processors represented by the processor 1300 and various circuits of the memory represented by the memory 1320 are linked together.
  • the bus architecture can also link various other circuits such as peripherals, voltage regulators, power management circuits, etc., which are all known in the art, and therefore, no further descriptions are provided herein.
  • the bus interface provides the interface.
  • the transceiver 1310 may be a plurality of elements, that is, including a transmitter and a receiver, and provide a unit for communicating with various other devices on the transmission medium.
  • the processor 1300 is responsible for managing the bus architecture and general processing, and the memory 1320 can store data used by the processor 1300 when performing operations.
  • a computer-readable storage medium has a computer program stored thereon, and the computer program, when executed by a processor, implements the Internet phone processing method applied to the called terminal as described above, or applied to the calling terminal as described above.
  • the VoIP processing method, or the steps in the VoIP processing method applied to the network terminal as above can achieve the same technical effect. To avoid repetition, it will not be repeated here.
  • the computer-readable storage medium such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk, etc.
  • user terminals described in this specification include but are not limited to smart phones, tablet computers, etc., and many of the described functional components are called modules, in order to more particularly emphasize the independence of their implementation methods.
  • an identified executable code module may include one or more physical or logical blocks of computer instructions, for example, it may be constructed as an object, process, or function. Nevertheless, the executable code of the identified module does not need to be physically located together, but can include different instructions stored in different bits. When these instructions are logically combined together, they constitute a module and implement the requirements of the module. purpose.
  • the executable code module may be a single instruction or many instructions, and may even be distributed on multiple different code segments, distributed in different programs, and distributed across multiple memory devices.
  • operational data can be identified within the module, and can be implemented in any suitable form and organized in any suitable type of data structure. The operating data may be collected as a single data set, or may be distributed in different locations (including on different storage devices), and at least partly may exist only as electronic signals on the system or network.
  • the hardware circuits include conventional very large-scale integration (VLSI) circuits or gate arrays, as well as semiconductors or other discrete components in related technologies such as logic chips and transistors.
  • VLSI very large-scale integration
  • Modules can also be implemented with programmable hardware devices, such as field programmable gate arrays, programmable array logic, programmable logic devices, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un procédé de traitement VoIP, un dispositif et un terminal, se rapportant au domaine technique des communications. Le procédé est applicable à une borne de réception d'appel et comprend les étapes consistant à : recevoir un message d'invitation d'un appel VoIP envoyé par un terminal appelant, le message transportant des premières informations de signature et des informations d'identifiant du terminal appelant et les premières informations de signature étant utilisées pour signer une partie d'en-tête du message d'invitation de l'appel VoIP ; interroger un certificat de chaîne de blocs du terminal appelant en fonction des informations d'identifiant du terminal appelant ; et authentifier les premières informations de signature en fonction d'une clé publique dans le certificat de chaîne de blocs du terminal appelant et si l'authentification réussit, établir une connexion VoIP avec le terminal appelant.
PCT/CN2020/101612 2019-08-19 2020-07-13 Procédé de traitement voip, dispositif et terminal WO2021031741A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910763086.6 2019-08-19
CN201910763086.6A CN112398798B (zh) 2019-08-19 2019-08-19 一种网络电话处理方法、装置及终端

Publications (1)

Publication Number Publication Date
WO2021031741A1 true WO2021031741A1 (fr) 2021-02-25

Family

ID=74603335

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/101612 WO2021031741A1 (fr) 2019-08-19 2020-07-13 Procédé de traitement voip, dispositif et terminal

Country Status (2)

Country Link
CN (1) CN112398798B (fr)
WO (1) WO2021031741A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338795A (zh) * 2021-12-23 2022-04-12 杭州趣链科技有限公司 一种区块链客户端的数据通信方法及装置
US20220141326A1 (en) * 2020-11-03 2022-05-05 Mcafee, Llc System for authenticating a phone number using a phone number certificate

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114845301A (zh) * 2022-04-28 2022-08-02 微位(深圳)网络科技有限公司 基于超级sim卡的号码验证方法、终端及系统
CN115396165B (zh) * 2022-08-15 2024-05-14 中国联合网络通信集团有限公司 一种文件管理方法、装置、电子设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180227429A1 (en) * 2017-02-07 2018-08-09 Neustar, Inc. Non-geographic numbering and call routing
CN108769142A (zh) * 2018-05-11 2018-11-06 中国联合网络通信集团有限公司 交易信息处理方法及区块生成节点
CN108810120A (zh) * 2018-05-31 2018-11-13 中国联合网络通信集团有限公司 区块链节点通信方法、装置及区块链节点
US10341485B1 (en) * 2018-05-16 2019-07-02 Fmr Llc Caller identity and authentication service

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7240366B2 (en) * 2002-05-17 2007-07-03 Microsoft Corporation End-to-end authentication of session initiation protocol messages using certificates
US10356059B2 (en) * 2015-06-04 2019-07-16 Nagravision S.A. Methods and systems for communication-session arrangement on behalf of cryptographic endpoints
CN106789089B (zh) * 2017-02-23 2019-10-08 腾讯科技(深圳)有限公司 管理证书的方法、装置、和系统以及服务器
CN108632037B (zh) * 2017-03-17 2020-04-14 中国移动通信有限公司研究院 公钥基础设施的公钥处理方法及装置
CN109861946B (zh) * 2017-11-30 2021-07-23 中国电信股份有限公司 主叫号码验真的方法、系统以及呼叫接收设备
CN110086608B (zh) * 2019-03-21 2022-03-25 深圳壹账通智能科技有限公司 用户认证方法、装置、计算机设备及计算机可读存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180227429A1 (en) * 2017-02-07 2018-08-09 Neustar, Inc. Non-geographic numbering and call routing
CN108769142A (zh) * 2018-05-11 2018-11-06 中国联合网络通信集团有限公司 交易信息处理方法及区块生成节点
US10341485B1 (en) * 2018-05-16 2019-07-02 Fmr Llc Caller identity and authentication service
CN108810120A (zh) * 2018-05-31 2018-11-13 中国联合网络通信集团有限公司 区块链节点通信方法、装置及区块链节点

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220141326A1 (en) * 2020-11-03 2022-05-05 Mcafee, Llc System for authenticating a phone number using a phone number certificate
US11516331B2 (en) * 2020-11-03 2022-11-29 Mcafee, Llc System for authenticating a phone number using a phone number certificate
CN114338795A (zh) * 2021-12-23 2022-04-12 杭州趣链科技有限公司 一种区块链客户端的数据通信方法及装置

Also Published As

Publication number Publication date
CN112398798B (zh) 2022-10-14
CN112398798A (zh) 2021-02-23

Similar Documents

Publication Publication Date Title
WO2021031741A1 (fr) Procédé de traitement voip, dispositif et terminal
JP4673364B2 (ja) エンティティの第1のidおよび第2のidの検証方法
CN109905405B (zh) 用于合法拦截的安全方法
JP2020080530A (ja) データ処理方法、装置、端末及びアクセスポイントコンピュータ
US6892308B1 (en) Internet protocol telephony security architecture
CN112583596B (zh) 一种基于区块链技术的完全跨域身份认证方法
JP2007528650A5 (fr)
WO2009065356A1 (fr) Procédé, système et dispositif de réseau pour une authentification mutuelle
JP2019185775A (ja) ブロックチェーン基盤の権限認証方法、端末及びこれを利用したサーバ
KR20140009105A (ko) 무한 중첩된 해시 체인들에 의한 1회용 패스워드 인증
US10826711B2 (en) Public key infrastructure and method of distribution
TW202037112A (zh) 驗證網路通話身份的方法及相關裝置
US9398024B2 (en) System and method for reliably authenticating an appliance
US20090300197A1 (en) Internet Protocol Communication System, Server Unit, Terminal Device, and Authentication Method
WO2011144081A2 (fr) Procédé, système et serveur pour l'authentification d'un service d'abonné
CN115021958B (zh) 一种雾计算与区块链融合的智能家居身份认证方法与系统
CN111797138A (zh) 一种可信前置链上数据查询方法和系统
KR20120091618A (ko) 연쇄 해시에 의한 전자서명 시스템 및 방법
CN115841330B (zh) 一种区块链跨域身份管理及控制系统和方法
EP1320975B1 (fr) Architecture de securite telephonique de protocole internet
EP4252384B1 (fr) Procédés, dispositifs et système liés à un registre distribué et à un attribut d'identité d'utilisateur
US7480801B2 (en) Method for securing data traffic in a mobile network environment
CN111723347B (zh) 身份认证方法、装置、电子设备及存储介质
Liu et al. A blockchain based scheme for authentic telephone identity
CN113114463B (zh) 一种证书注册方法、验证方法及设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20854248

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20854248

Country of ref document: EP

Kind code of ref document: A1