WO2022147693A1 - 一种呼叫处理方法、相关设备以及通信系统 - Google Patents

一种呼叫处理方法、相关设备以及通信系统 Download PDF

Info

Publication number
WO2022147693A1
WO2022147693A1 PCT/CN2021/070520 CN2021070520W WO2022147693A1 WO 2022147693 A1 WO2022147693 A1 WO 2022147693A1 CN 2021070520 W CN2021070520 W CN 2021070520W WO 2022147693 A1 WO2022147693 A1 WO 2022147693A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication server
authentication
enterprise
call
network
Prior art date
Application number
PCT/CN2021/070520
Other languages
English (en)
French (fr)
Inventor
左俊
林宏达
叶进洲
郭晓龙
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN202180087694.5A priority Critical patent/CN116746185A/zh
Priority to EP21916751.7A priority patent/EP4247032A4/en
Priority to PCT/CN2021/070520 priority patent/WO2022147693A1/zh
Publication of WO2022147693A1 publication Critical patent/WO2022147693A1/zh
Priority to US18/347,092 priority patent/US20230353569A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/42025Calling or Called party identification service
    • H04M3/42034Calling party identification service
    • H04M3/42042Notifying the called party of information on the calling party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present application relates to the field of communication, and in particular, to a call processing method, related equipment and communication system.
  • the IP multimedia subsystem is a brand-new multimedia service form, which can meet the needs of more novel and diversified multimedia services. IMS is an important way to solve the integration of mobile and fixed networks and introduce differentiated services such as triple integration of voice, data, and video.
  • the calling user when a calling user inside the enterprise makes a call to a called user outside the enterprise, the calling user can send information related to the calling user to the called user, but the reliability of the information related to the calling user is compared. Low.
  • the first aspect of the embodiments of the present invention provides a call processing method, related equipment, and communication system, which can establish a trust security alliance between an operator network, an enterprise, and a calling user, and can ensure that when the called device rings, all The information displayed on the calling card is authentic.
  • a first aspect of the embodiments of the present invention provides a call processing method, the method includes: a network authentication server receives a call request message from a calling device, the calling device is a device used by a calling user, the The call request message includes the first user identity and the call authentication identity of the calling user; the network authentication server sends a call authentication request to the enterprise authentication server corresponding to the first user identity, and the call authentication The request includes the call authentication identifier; the network authentication server receives a call authentication success indication from the enterprise authentication server, and the call authentication success indication is used to indicate that the authentication is passed; the network authentication server Send target data to the called device, where the called device is the device used by the called user, and the target data includes the identity information of the calling user and/or the information of the enterprise to which the calling user belongs .
  • the target data sent by the network authentication server to the called device comes from the enterprise authentication server and/or the enterprise account opening data, not the calling user, which effectively ensures the reliability of the target data sent to the called device.
  • the calling user can use the service provided by the operator network to call the called user without opening an account on the operator network, thereby avoiding the slow online call of the calling user caused by the calling user opening an account on the operator network, and the calling user The problem of exposure of users' personal privacy information.
  • the above-mentioned call authentication success indication is used to indicate that the call authentication is passed.
  • the call authentication success indication includes a second user identity
  • the network authentication server sending the target data to the called device includes: the network authentication server determining the If the first user identifier and the second user identifier are the same, that is, the network authentication server passes the authentication, the target data is sent to the called device.
  • the network authentication server only sends the target data to the called device when it determines that the call authentication identifier has passed the authentication and that the first user identifier and the second user identifier are the same, so that the network authentication server can pass the authentication.
  • the calling user performs the process of making a call to the called user.
  • the network authentication server sending the target data to the called device includes: the network authentication server obtains the target data from the enterprise authentication server, and sends the target data to the called device. The called device sends the target data.
  • the target data shown in this aspect comes from the enterprise authentication server instead of the calling user, which effectively ensures the reliability of the target data sent to the called device.
  • the network authentication server sending the target data to the called device includes: the network authentication server sending the call request message to the called device, the The call request message includes the target data.
  • the network authentication server sending the target data to the called device includes: the network authentication server sending the target data to the called device through a media plane device .
  • the network authentication server sending the target data to the called device includes: the network authentication server acquiring the target data from the enterprise authentication server, Typesetting is performed on the target data, and the typesetting target data is sent to the called device.
  • the sending, by the network authentication server, the target data to the called device includes: the network authentication server acquiring the target data from the enterprise authentication server; the The network authentication server sends notification information to the media plane device, where the notification information is used to instruct the media plane device or the application server to typeset the target data, and send the typeset target data to the called device .
  • the method further includes: the network authentication server receives the call request message from the calling device.
  • the registration request message includes the first user ID and the registration authentication ID; the network authentication server sends an authentication request to the enterprise authentication server corresponding to the first user ID, and the The authentication request includes the registration authentication identifier; the network authentication server receives a registration authentication success indication from the enterprise authentication server, and the registration authentication success indication is used to indicate that the authentication passes;
  • the network authentication server obtains initial data, where the initial data includes the identity information of the calling user and/or the information of the enterprise to which the calling user belongs.
  • the registration process is performed first. Based on the registration process, the operator network can directly use the initial The data is sent to the called user without generating initial data during the call, which shortens the call processing delay, improves the call efficiency, and can create a process of authenticating the calling user shown by the trust security alliance.
  • the above-mentioned registration authentication success indication is used to indicate that the registration authentication is passed.
  • the registration authentication success indication includes a third user identifier
  • the method further includes: determining, by the network authentication server, the first user identifier and the third user identifier. If the three user IDs are the same, it is determined that the authentication is passed. It can be seen that the network authentication server obtains the initial data only after determining that the authentication is passed and that the first user ID and the third user ID are the same, so that when the subsequent calling user calls the called user, the operator network can directly The initial data is sent to the called device, and there is no need to generate initial data during the call, which shortens the call processing delay and improves the call efficiency.
  • the network authentication server sending the target data to the called device includes: if the network authentication server determines the call authentication identifier and the registration authentication identifier If the same, the network authentication server determines that the target data is the initial data.
  • the initial data can be sent to the called device without generating initial data during the call, which shortens the call processing delay and improves the call efficiency.
  • the network authentication server sending the target data to the called device includes: if the network authentication server determines the call authentication identifier and the registration authentication identifier If not, the network authentication server receives the target data from the enterprise authentication server, and the target data and the initial data are different from each other.
  • the network authentication device determines that the call authentication identifier is different from the registration authentication identifier, it needs to obtain the target data from the enterprise authentication server again, and then send the target data to the called device.
  • the method further includes: the network authentication server receiving a first electronic authentication service CA certificate corresponding to the device certificate of the enterprise authentication server; the network authentication server The authorization server uses the first CA certificate to create a transport layer protocol TLS secure connection between the network authentication server and the enterprise authentication server, and the network authentication server communicates with the enterprise through the TLS secure connection The authentication server performs data exchange.
  • a second aspect of the embodiments of the present invention provides a call processing method, the method includes: an enterprise authentication server receives a call authentication request from a network authentication server, where the call authentication request includes a call authentication identifier; The enterprise authentication server determines that the authentication is passed according to the call authentication identifier, then the enterprise authentication server sends a call authentication success indication and target data to the network authentication server, and the call authentication success indication is used for Indicates that the call authentication identifier has passed the authentication, and the target data includes the identity information of the calling user, and/or the information of the enterprise to which the calling user belongs.
  • the method further includes: the enterprise authentication server receives the call authentication request from the network authentication server.
  • the authentication request of the authentication server the authentication request includes the registration authentication identifier; if the enterprise authentication server determines that the authentication is passed according to the registration authentication identifier, the enterprise authentication server authenticates the network to the network.
  • the authorization server sends a registration authentication success indication and initial data, where the initial data includes the identity information of the calling user and/or the information of the enterprise to which the calling user belongs.
  • the enterprise authentication server sends the target data to the network authentication server , the target data and the initial data are different from each other.
  • the method further includes: the enterprise authentication server receiving a second electronic authentication service CA certificate corresponding to the device certificate of the network authentication server; the enterprise authentication server The authorization server uses the second CA certificate to create a transport layer protocol TLS secure connection between the enterprise authentication server and the network authentication server, and the enterprise authentication server communicates with the network through the TLS secure connection The authentication server performs data exchange.
  • the method further includes: if the enterprise authentication server If the authentication identifier determines that the authentication is not passed, the enterprise authentication server sends the authentication invalid notification information to the network authentication server, and the authentication invalid notification information is used to indicate that the authentication is not passed.
  • the method further includes: the enterprise authentication server receives the call authentication request from the main The first user identification of the calling device, the first user identification is the identification of the calling user; the enterprise authentication server sends the call authentication corresponding to the first user identification to the calling device logo.
  • the method further includes: receiving, by the enterprise authentication server, an authentication request from the calling party The first user identification of the device, the first user identification is the identification of the calling user; the enterprise authentication server sends the registration authentication identification corresponding to the first user identification to the calling device .
  • a third aspect of the embodiments of the present invention provides a call processing method, the method includes: a calling device obtains a registration authentication identifier of a calling user from an enterprise authentication server, and the calling device sends a registration request to an IMS network, The registration request includes the first user identity of the calling user and the registration authentication identity; the calling device receives a response message of successful authentication sent by the IMS network.
  • the method further includes: the calling device authenticates to the enterprise The server sends a login request, where the login request includes the first user identifier.
  • a fourth aspect of the embodiments of the present invention provides a call processing method, the method includes: a calling device sends a call request message to an IMS network, where the call request message includes a first caller of a calling user using the calling device User ID and call authentication ID; the calling device receives a call response message from the called device, and the called device is the device used by the called user; the calling device is connected according to the call response message call with the called device.
  • a fourth aspect of the present invention provides a call processing method, wherein the application server receives the identity information of the calling user and/or the information of the enterprise to which the calling user belongs from the network authentication server; the application server obtains the calling card, the The calling card includes the calling card of the calling user's identity information and/or the information of the enterprise to which the calling user belongs.
  • the application server acquiring the calling card includes: the application server receiving the calling user identity information, the enterprise to which the calling user belongs from the network authentication server information and the layout method of the calling card; the application server forwards the identity information of the calling user, the information of the enterprise to which the calling user belongs, and the layout method of the calling card to the media plane device, and the media plane device uses Typesetting is performed on the identity information of the calling user and the information of the enterprise to which the calling user belongs according to the typesetting manner of the calling card to obtain the calling card.
  • the obtaining, by the application server, the calling card includes: the application server receiving the calling card from the network authentication server.
  • a fifth aspect of the embodiments of the present invention provides a network authentication server, including a processor and a memory coupled to each other, the memory stores computer program codes, and the processor calls and executes the computer program codes in the memory , so that the processor executes the method according to any one of the first aspect above.
  • a sixth aspect of the embodiments of the present invention provides an enterprise authentication server, including a processor and a memory coupled to each other, where computer program codes are stored in the memory, and the processor calls and executes the computer program codes in the memory , causing the processor to execute the method according to any one of the above second aspects.
  • a seventh aspect of an embodiment of this aspect provides a calling device, including a processor and a memory coupled to each other, the memory stores computer program code, the processor calls and executes the computer program code in the memory, The processor is caused to perform the method according to any one of the above third aspects.
  • An eighth aspect of an embodiment of this aspect provides an application server, including a processor and a memory coupled to each other, the memory stores computer program codes, and the processor calls and executes the computer program codes in the memory, so that The processor executes the method according to any one of the fourth aspect above.
  • a ninth aspect of an embodiment of this aspect provides a communication system, including a network authentication server and an enterprise authentication server, where the network authentication server is as shown in the fifth aspect, and the enterprise authentication server is as shown in the sixth aspect shown.
  • the communication system further includes a calling device and an application server, the calling device is as shown in the seventh aspect, and the application server is as shown in the eighth aspect .
  • FIG. 1 is an exemplary structural diagram of an embodiment of a communication system provided by the application
  • FIG. 2 is a flowchart of an embodiment of the process of opening an account in the communication system provided by the present application
  • FIG. 3 is a flowchart of an embodiment of the process of performing registration in the communication system provided by the present application.
  • FIG. 4 is a flowchart of steps of an embodiment of a process for performing a call in the communication system provided by the present application
  • FIG. 5 is a flow chart of steps of another embodiment of the process of performing a call in the communication system provided by the present application.
  • FIG. 6 is a flowchart of another embodiment of the process of performing registration in the communication system provided by the present application.
  • FIG. 7 is a flowchart of another embodiment of the process of performing a call in the communication system provided by the present application.
  • FIG. 8 is a flow chart of steps of another embodiment of the process of performing a call in the communication system provided by the present application.
  • FIG. 9 is an exemplary structural diagram of an embodiment of the network device provided by the application.
  • FIG. 10 is a structural example diagram of another embodiment of the network device provided by this application.
  • the application provides a call processing method.
  • the following first describes the structure of the communication system to which the method shown in the application is applied with reference to FIG. 1 :
  • the communication system shown in this embodiment includes an operator management device 111, an operator network 120, and an enterprise network 130 that are connected in sequence.
  • This embodiment does not limit the specific network type of the operator network 120.
  • the operator network 120 The type of network is IMS, 3rd generation partnership project (3GPP) or China Communications Standards Association (CCSA), and any network architecture that will appear in the future.
  • the following embodiments of the present application take the operator network 120 as an IMS as an example.
  • each network element included in the operator network 120 will be described below. It should be clear that the description of each network element type in this embodiment is optional and exemplary, and is not limited.
  • the operator network 120 shown in this embodiment includes a network authentication server 121, and the network authentication server shown in this embodiment may also be referred to as a third-party account management (third party account management, TAM) device.
  • TAM third party account management
  • the network authentication server 121 is connected with a network element 122, a network element 123 and a network element 124, wherein the network element 122 is integrated with a multimedia resource function controller (multimedia resource function controller, MRFC) and a multimedia resource function processor (multimedia resource function processor). , MRFP).
  • the network element 123 is an application server (application server, AS).
  • the network element 124 is integrated with an interrogating-call session control function (I-CSCF) and a serving-call session control function (S-CSCF).
  • I-CSCF interrogating-call session control function
  • S-CSCF serving-call session control function
  • the network element may be referred to as a device.
  • the network element 124 is connected with a network element 125 and a network element 126, wherein the network element 125 is an interworking session border controller (interconnect-session border controller, I-SBC), and the network element 126 is integrated with an access session border controller ( access-session border controller, A-SBC) and proxy-call session control function (proxy-call session control function, P-CSCF).
  • I-SBC interworking session border controller
  • A-SBC access-session border controller
  • proxy-call session control function proxy-call session control function
  • the structure of the enterprise network 130 shown in this embodiment will be described below. It should be clarified that the description of the enterprise network 130 in this embodiment is an optional example, which is not limited.
  • the enterprise network 130 specifically includes an enterprise authentication server 131 , an enterprise access proxy device 132 and a calling terminal 133 , wherein the enterprise authentication server 131 is connected to the network authentication server 121 , the enterprise access proxy device 132 and the calling terminal 133 respectively. connect.
  • the enterprise access proxy device 132 is connected to the network element 125 or the network element 126
  • the calling terminal 133 is connected to the network element 126 .
  • the calling terminal 133 may be any device in an intelligent terminal and a computer.
  • the calling terminal has a built-in IMS software development kit (software development kit, SDK) to realize the call processing flow shown in this application.
  • IMS software development kit software development kit, SDK
  • the calling card when the calling user makes a call to the called user, the calling card can be sent to the called user, and when the called device used by the called user is ringing, the calling card can be displayed.
  • Call business card The calling card includes information related to the calling user, and/or the calling card includes information related to the enterprise to which the calling user belongs, and the specific content of the calling card is not limited.
  • the present application can ensure that when the calling user calls the called user, the calling card sent to the called user is credible, so as to prevent the called user from receiving unreliable data.
  • the call processing method shown in this application can create a trust security alliance, where the trust security alliance refers to an operator network authentication enterprise, an enterprise authentication
  • the calling user (it can be understood that the calling user is an employee of the enterprise), it can be seen that if the enterprise is authenticated by the operator network and the calling user is authenticated by the enterprise, then the operator network can trust the information from the enterprise.
  • Data the enterprise can trust the data from the calling user, and the operator network can construct a trusted calling card based on the trusted data from the enterprise, thus ensuring the credibility of the calling card sent by the operator network to the called user .
  • the TSA may also refer to the operator network authentication third-party network, and the third-party network authentication.
  • Enterprise the enterprise authenticates the calling user, wherein the third-party network may be a network leased by the enterprise for performing call-related services, for example, the third-party network may be software-as-a-service (SaaS) platform.
  • SaaS software-as-a-service
  • the third-party network is authenticated by the operator's network
  • the enterprise is authenticated by the third-party network
  • the calling user is authenticated by the enterprise
  • the operator's network can trust the data from the third-party network
  • the third-party network can Trust the data from the enterprise
  • the enterprise can trust the data from the calling user
  • the operator network can construct a trusted calling card based on the trusted data from the third-party network, so as to ensure that the information sent by the operator network to the called user is guaranteed. Call the credibility of business cards.
  • the trust security alliance refers to the operator network authentication enterprise, and the enterprise authenticates the calling user:
  • This embodiment describes the process of opening an enterprise account based on the communication system shown in FIG. 1.
  • the process of opening an enterprise account shown in this embodiment it is possible to create the process of the operator network authentication enterprise shown by the Trust Security Alliance, Specifically, please refer to FIG. 2 , wherein FIG. 2 is a flow chart of steps of an embodiment of the process of opening an account in the communication system provided by the present application.
  • Step 201 The operator management device receives the account opening application data from the enterprise.
  • the enterprise when the enterprise determines that it needs to send a trusted calling card to the called user based on the above-mentioned trust security alliance, the enterprise opens an account at the operator in advance, and the process of opening an account means that the enterprise applies to the operator's business hall for authentication , submit the enterprise's account opening application materials, and the operator's operator will pass the authentication after verification, and open the enterprise account in the operator's management device.
  • This embodiment does not limit the account opening application materials, as long as the operator of the operator can authenticate whether the enterprise is trustworthy based on the account opening application materials.
  • Step 202 The operator management device sends the enterprise account opening data to the network authentication server.
  • the operator of the operator sends the enterprise account opening data to the network authentication server through the operator management device, and the enterprise account opening data may include one or more of the following:
  • the domain name of the enterprise authentication the first electronic certification authority (CA) certificate corresponding to the device certificate of the enterprise authentication server, the enterprise trusted information, the business information signed by the enterprise, the layout method of the calling card, and the initial filtering criteria of the enterprise ( initial filter criteria, iFC) information, etc.
  • CA electronic certification authority
  • the enterprise credible information may be an enterprise name, an enterprise trademark (LOGO), a picture related to the enterprise, an audio related to the enterprise, or a video related to the enterprise.
  • the business information contracted by the enterprise can be the default call authority of the enterprise, and the default call authority can be the authority of employees within the enterprise to have the authority to make inbound calls or the authority to make outbound calls. Incoming and outgoing calls are authorized for outgoing calls between employees inside the enterprise and those outside the enterprise.
  • iFC information can be an iFC template ID (ID) or iFC content.
  • ID iFC template ID
  • the iFC template ID corresponds to the iFC content. That is, when the iFC template ID is obtained, the corresponding iFC content can be obtained.
  • the iFC content is used for operator network triggering.
  • Corresponding services for example, supplementary services, intelligent services, color ringtone services, color ringtone services, etc.
  • the layout method of the calling card refers to, in the generated calling card, the display method and display position of the identity information of the calling user, and/or the display method and display position of the information of the enterprise to which the calling user belongs. Location.
  • the information of the enterprise to which the calling user belongs may be one or more of the following:
  • Company name company LOGO
  • pictures related to the company pictures related to the company, audio related to the company or video related to the company.
  • the identity information of the calling user can be one or more of the following:
  • the company name, company LOGO, company-related pictures, company-related audios, company-related videos, the calling user's name, job number, avatar and other information can be confirmed. How and where it is displayed in the call card.
  • the relevant information of the enterprise and the relevant information of the calling user can be typeset according to the typesetting method of the calling card to obtain the calling card.
  • Step 203 The enterprise authentication server configures preset call information.
  • the enterprise after the enterprise is authenticated by the operator network, the enterprise inputs a configuration instruction in the enterprise authentication server, and the enterprise authentication server can configure the preset call information according to the configuration instruction, and the preset call information may include One or more of the following:
  • the first CA certificate corresponding to the device certificate of the network authentication server, the correspondence between the user ID (User ID) of the employee within the enterprise and the outgoing number, and the calling authority of the employee within the enterprise.
  • call rights of employees within the enterprise different call rights can be configured for different employees. For example, employee A only has the right to make inbound and outbound calls with employees in the enterprise. For another example, employee B has the right to communicate with the enterprise There are no specific restrictions on the internal call and external authority between the external called users.
  • This embodiment illustrates that, based on the communication system shown in FIG. 1 , when a calling user inside the enterprise calls a called user outside the enterprise, a registration processing flow is performed first, and based on the registration processing flow, the identity information of the calling user is included. and/or the initial data of the information of the enterprise to which the calling user belongs, is typeset according to the typesetting method of the calling card to obtain the initial calling card, so that when the subsequent calling user calls the called user, the operator network can directly call the initial calling card.
  • the business card is sent to the called user, and there is no need to obtain the initial call card during the call, which saves the amount of information exchanged between the operator network and the enterprise authentication server during the call, shortens the call connection delay, and improves the call efficiency.
  • FIG. 3 A flow chart of the steps of an embodiment of the process.
  • Step 301 The calling device sends a login request to the enterprise authentication server.
  • the calling device shown in this embodiment may be a calling terminal or an enterprise access proxy device.
  • the calling terminal can run an enterprise application program (APP), and through the enterprise APP, the calling terminal can implement the process performed by the calling device in the call processing method shown in this application.
  • APP enterprise application program
  • the login request may be sent to the enterprise authentication server through the calling device, where the login request includes the first user identifier of the calling user.
  • the first user identifier (also referred to as UserID) shown in this embodiment may be the email address of the calling user, for example, zhangsan@xxx.com.
  • the first user identity shown in this embodiment is different from the existing E.164 number of the operator's network. It can be seen that the first user identity is a heterogeneous identity to the operator's network.
  • the calling user shown in this application In the process of making a call to the called user, instead of the E.164 number, the first user identifier (ie, the email address of the calling user) provided as a heterogeneous identifier provided in this embodiment is used.
  • Step 302 The calling device receives the registration authentication identifier from the enterprise authentication server.
  • the enterprise authentication server shown in this embodiment can assign a registration authentication identifier to the first user identifier, and the registration authentication identifier is used to register with the operator network.
  • This embodiment does not limit the registration authentication identifier, and this embodiment takes the registration authentication identifier as a token (token) as an example for illustrative description.
  • Step 303 The calling device sends a registration request to the S-CSCF.
  • the registration request includes the first user identifier of the calling user and the registration authentication identifier.
  • the registration request shown in this embodiment is a session initiation protocol (session initiation protocol, SIP) registration (REGISTER) message, and the registration request needs to carry the calling user's first user identifier and the registration authentication identifier.
  • SIP session initiation protocol
  • REGISTER session initiation protocol
  • the SIP user identification format used by the SIP REGISTER message shown in this embodiment may be ⁇ UserID>@ ⁇ fixed domain name>.
  • the first user identifier UserID shown in this embodiment takes zhangsan@xxx.com as an example.
  • the SIP user identifier is used to carry the first user identifier, and the SIP user identifier can be zhangsan@xxx.com@2b.ims. ⁇ operator>.com, where 2b.ims. ⁇ operator>.com is a fixed domain name uniformly defined by the operator network for accessing the operator network based on the heterogeneous identity (ie, the first user identity).
  • the calling device can escape the "@" in the UserID (such as zhangsan@xxx.com).
  • the specific rules for escape in this embodiment are The description of is an optional example without limitation, for example, the calling device escapes "@" in UserID as "%40".
  • the token shown in this embodiment can use an encoding format based on 64 printable characters to represent binary data (Base64), and the token can be carried through an Authorization header field and an extended authentication method (such as Bearer), such as a message
  • the format can be: Authorization:Bearer ⁇ Base64( ⁇ token>)>.
  • the SIP REGISTER message can be as follows:
  • the calling terminal 133 sends the registration request to the network element 126 (specifically, the P-CSCF), and the P-CSCF then forwards the registration request to the network element 124 (specifically the I-CSCF), the I-CSCF then forwards the registration request to the S-CSCF, wherein the P-CSCF and the I-CSCF process the SIP REGISTER message according to the standard process of SIP user registration (see 3GPP TS 24.229) and forward it to the S-CSCF.
  • the network element 126 specifically, the P-CSCF
  • the I-CSCF forwards the registration request to the network element 124 (specifically the I-CSCF)
  • the I-CSCF forwards the registration request to the S-CSCF, wherein the P-CSCF and the I-CSCF process the SIP REGISTER message according to the standard process of SIP user registration (see 3GPP TS 24.229) and forward it to the S-CSCF.
  • Step 304 the S-CSCF sends the first user identifier and the registration authentication identifier to the network authentication server.
  • the S-CSCF When judging that the registration request uses the Bearer authentication method, the S-CSCF sends the first user identifier and the registration authentication identifier to the network authentication server to request the network authentication server to use the registration authentication identifier to authenticate the calling user.
  • the S-CSCF shown in this embodiment sends the first user identifier and the registration authentication identifier to the network authentication server through a hypertext transfer protocol over secure socket layer (HTTPS) request message, and the HTTPS request message can be is as follows:
  • HTTPS POST uniform resource identifier TAMBaseRealm/zhangsan%40xxx.com@2b.ims. ⁇ operator>.com/open-authorize ⁇ "token" ⁇
  • TAMBaseRealm in the message is used to instruct the network authentication server to perform the registration process shown in this embodiment on this message
  • "zhangsan%40xxx.com” is the first user identifier
  • “token” is the registration authentication identifier.
  • Step 305 The network authentication server sends an authentication request to the enterprise authentication server.
  • the network authentication server shown in this embodiment receives the first user identifier, it can determine the corresponding enterprise authentication server according to the first user identifier.
  • the first user identifier shown in this embodiment is the user's email address (for example, zhangsan@xxx.com), and the network authentication server can obtain the enterprise domain name (for example, xxx.xxx.com) from the first user identifier. com). The network authentication server can query the address of the enterprise authentication server according to the enterprise domain name.
  • the network authentication server shown in this step is determining the corresponding enterprise according to the first user ID.
  • the enterprise authentication server restores the escaped first user identifier (zhangsan%40xxx.com) to obtain the restored and escaped first user identifier (zhangsan@xxx.com).
  • the network authentication server can query the address of the corresponding enterprise authentication server according to the recovered and escaped first user identifier.
  • the authentication request sent by the network authentication server shown in this embodiment to the enterprise authentication server includes a registration authentication identifier.
  • the authentication request may be sent through HTTPS.
  • the network shown in this embodiment in order to ensure the security of the messages exchanged between the network authentication server and the enterprise authentication server, and improve the security of the process of executing the call processing method shown in this application, the network shown in this embodiment
  • a transport layer security (TLS) secure connection can be created between the authentication server and the enterprise authentication server. Based on the TLS connection, the interaction between the network authentication server and the enterprise authentication server is effectively guaranteed. message security.
  • TLS transport layer security
  • the network authentication server receives the first CA certificate corresponding to the device certificate of the enterprise authentication server, and the enterprise authentication server receives the second CA certificate corresponding to the device certificate of the network authentication server.
  • the first CA shown in this embodiment The certificate may be sent by the operator management device to the network authentication server in the first embodiment.
  • the network authentication server uses the first CA certificate, and the enterprise authentication server uses the second CA certificate to create a TLS secure connection between the enterprise authentication server and the network authentication server to The security of the messages exchanged between the network authentication server and the enterprise authentication server is guaranteed.
  • the authentication request can be as follows:
  • HTTPS GET URI BaseRealm/zhangsan%40xxx.com@2b.ims. ⁇ operator>.com/token
  • the "token" in the message is the registration authentication identifier.
  • Step 306 the enterprise authentication server judges whether the registration authentication identifier is valid, if not, execute step 307 , if yes, execute step 308 .
  • the registration authentication identifier shown in this embodiment is a token
  • the enterprise authentication server can determine whether the token is within the validity period, and the validity period can be an absolute validity period.
  • the start time of the validity period is A1
  • the validity period ends The time is A2, and the A1 time and the A2 time can be any two different times. If the enterprise authentication server determines that the token is within the validity period, the enterprise authentication server determines that the token is valid. If the enterprise authentication server determines that the token is outside the validity period, the enterprise authentication server determines that the token is invalid.
  • the validity period can be the remaining valid period. It can be seen that if the remaining valid period corresponding to the registration authentication identifier still has remaining time, the enterprise authentication server determines that the token is valid. If the time is left, the enterprise authentication server determines that the token is invalid.
  • Step 307 The enterprise authentication server sends a notification that the authentication identifier is invalid to the network authentication server.
  • the enterprise authentication server shown in this embodiment sends the authentication token invalid notification to the network authentication server through the TLS secure connection, and the authentication token invalid notification is used to indicate that the registration authentication token (token) is invalid .
  • the network authentication server receives the invalidation notification of the authentication identifier, it will no longer execute the related process of registration with the calling user.
  • Step 308 The enterprise authentication server sends an authentication success indication to the network authentication server.
  • the authentication success indication shown in this embodiment includes an authentication token valid notification, and the authentication token valid notification is used to indicate that the registration authentication token (token) is valid.
  • the authentication success indication shown in this embodiment further includes a third user identifier.
  • the enterprise authentication server pre-creates the correspondence between different user identifiers and different authentication identifiers, and determines the registration authentication at the enterprise authentication server.
  • the enterprise authentication server may send the third user identifier corresponding to the valid registration authentication identifier to the network authentication server.
  • the enterprise authentication server shown in this embodiment may send the authentication success indication through the HTTPS protocol.
  • tokenTimeout “XXX” is used to indicate the validity period of the registration authentication identifier
  • employeeName “zhangsan” means that the name of the calling user is zhangsan
  • employeeAyatarUri "http:123.123.123234.jpg” can be Refers to the download address of the avatar of the calling user. It should be clear that the authentication success indication includes the download address of the avatar of the calling user as an example. In other examples, other information may also be included, which is not specifically limited.
  • calloutRight "true” means that the calling user has the right to make outgoing calls.
  • Step 309 The network authentication server sends initial data to the application server.
  • the network authentication server when the network authentication server determines that the calling user has passed the authentication, the network authentication server can send the acquired initial data to the application server.
  • the initial data in this embodiment includes the identity information of the calling user and the information of the enterprise to which the calling user belongs.
  • the identity information of the calling user comes from the enterprise authentication server.
  • the following describes an optional way for the network authentication server to obtain the information of the enterprise to which the calling user belongs:
  • the network authentication server can determine and The enterprise account opening data corresponding to the enterprise authentication server is used to determine part or all of the information in the enterprise account opening data as the information of the enterprise to which the calling user belongs.
  • the network authentication server shown in this mode receives the information of the enterprise to which the calling user belongs from the enterprise authentication server.
  • the enterprise authentication server shown in this embodiment can obtain the information of the enterprise to which the calling user belongs during the enterprise account opening stage shown in the first embodiment, and the enterprise authentication server can also pre-store the information of the enterprise to which the calling user belongs. , and when the enterprise authentication server determines that the registration authentication identifier is valid, the information of the enterprise to which the calling user belongs is sent to the network authentication server.
  • the network authentication server determines that the authentication is passed, and one condition is to receive a valid notification of the authentication identifier. Another condition is that the network authentication server determines that the first user identification and the third user identification are the same.
  • the initial data shown in this embodiment is used by the application server to trigger the calling user to call the called user, wherein the user data of the calling user includes but is not limited to: calling authority, external number, and name of the calling user etc. (related messages follow 3GPP standard protocol 29.562).
  • the authentication request sent by the network authentication server to the enterprise authentication server also includes the first user identifier, and the enterprise authentication server is judging that the registration authentication identifier is valid and the first user identifier and the If the third user identifier is the same, a successful registration authentication indication is sent to the network authentication server.
  • the network authentication server determines that the calling user has passed the authentication, it caches the identity information of the calling user, and returns an authentication success response to the S-CSCF, where the authentication success response includes the validity period of the token.
  • the authentication identifier valid notification shown in this embodiment may be an HTTPS 200 message, and the description of the specific message type is an optional example and is not limited.
  • the HTTPS 200 may be: HTTPS 200 ⁇ "tokenTimeOut”:"XXX” ⁇ , where "tokenTimeout”:"XXX” is used to indicate the validity period of the registration authentication identifier.
  • the S-CSCF interacts with the network authentication server to complete the registration of the calling user to the operator network, and the S-CSCF downloads the iFC information from the network authentication server (relevant messages follow 3GPP standard protocol 29.562).
  • the S-CSCF returns a registration success response to the calling device through the P-CSCF, where the registration success response is used to indicate that the calling user has successfully registered with the operator network.
  • the S-CSCF sends a third-party registration request to the application server according to the iFC information.
  • the application server downloads the initial data from the network authentication server according to the third-party registration request.
  • Step 310 The application server obtains the initial call card.
  • the initial calling business card shown in this embodiment is business card information formed by typesetting the initial data according to the typesetting method of the calling business card.
  • the application server receives the identity information of the calling user, the information of the enterprise to which the calling user belongs, and the layout method of the calling card from the network authentication server, and converts the identity information of the calling user, the information of the enterprise to which the calling user belongs, and the calling card.
  • the layout method of the business card is forwarded to the media plane device (the network element 122 shown in FIG. 1 ).
  • the media plane device can typeset the identity information of the calling user and the information of the enterprise to which the calling user belongs according to the typesetting method of the calling card to obtain the initial calling card.
  • the external number is the E.164 number of the calling user.
  • the call intent is used to indicate an overview of the calling user's intent to call the called user. Specifically, when the method shown in this embodiment is applied to different scenarios, the call intent is different, which is not specifically limited in this embodiment. .
  • the call intention may be: "recommend information for sale of real estate A”.
  • the network authentication server may determine that the calling authority corresponding to the calling user is the default calling authority of the enterprise, and the default calling authority
  • the calling authority may be the default calling authority of the enterprise.
  • Enterprise trusted information business information contracted by the enterprise, typesetting method of calling business cards, or iFC information of the enterprise.
  • business information contracted by the enterprise business information contracted by the enterprise
  • typesetting method of calling business cards business information contracted by the enterprise
  • iFC information of the enterprise for specific descriptions of each information, please refer to Embodiment 1, and details will not be repeated.
  • the media plane device sends the generated initial call card to the file server for storage, and sends the storage address of the initial call card to the application server.
  • the application server can also directly typeset the calling user identity information and the information of the enterprise to which the calling user belongs according to the typesetting method of the calling card to obtain the initial calling card, and the application server will generate the call card.
  • the initial calling business card of the original calling card is sent to the file server for storage, and the storage address of the initial calling business card is recorded locally.
  • the network authentication server obtains the identity information of the calling user, the information of the enterprise to which the calling user belongs, and the layout method of the calling card, and analyzes the identity information of the calling user and the layout method of the calling card according to the layout method of the calling card.
  • the information of the business is typeset to generate the initial call business card.
  • the network authentication server sends the initial call card to the application server in a manner that the network authentication server stores the initial call card in the file server, the network authentication server sends the storage address of the initial call card to the application server, and the application The server can download the initial call card from the file server according to the address.
  • the registration process flow is first performed. Based on the registration process flow, the identity information of the calling user and/or the calling The initial data of the information of the enterprise to which the user belongs is typeset according to the typesetting method of the calling card to obtain the initial calling card, so that when the subsequent calling user calls the called user, the operator network can directly send the initial calling card to the called party.
  • the user does not need to generate a calling card during the call process, which shortens the call processing delay and improves the call efficiency.
  • the process of enterprise authentication of the calling user shown by the Trust Security Alliance can be created. .
  • the calling user can use the service provided by the operator network to call the called user without opening an account on the operator network. It can be seen that in the method shown in this embodiment, the calling user It can realize the call to the called user without opening an account, solve the problem of enterprise employees (ie calling users) opening an account in the enterprise leased operator network, and avoid the calling caused by the calling user opening an account in the operator network. The user goes online slowly, and the personal privacy information of the calling user is exposed.
  • FIG. 4 is a flowchart of steps of an embodiment of the communication system provided by the present application for performing a call.
  • Step 401 The calling device sends a first call request message to the S-CSCF.
  • the calling user may send a first call request message to the S-CSCF through the calling device to trigger the calling user to call the called user.
  • the first call request message may be a SIP INVITE message, and the SIP INVITE message includes the first user identity and the call authentication identity of the calling user.
  • the SIP INVITE message includes the first user identity and the call authentication identity of the calling user.
  • the description of the first user identity and the call authentication identity please refer to Implementation The description of the user ID and the registration authentication ID of the calling user shown in Example 2 will not be repeated in detail.
  • the calling device sends the SIP INVITE message to the P-CSCF, and the P-CSCF processes the SIP INVITE message according to the standard procedures for SIP user-originated calls (see 3GPP TS 24.229 and 3GPP TS 26.114) and forwards it to the S-CSCF.
  • Step 402 when the S-CSCF judges that the call authentication identifier satisfies the first preset condition, execute step 403, when the S-CSCF judges that the call authentication identifier satisfies the second preset condition, execute step 404, the S-CSCF judges that the call authentication identifier satisfies the second preset condition When the identifier satisfies the third preset condition, step 408 is performed.
  • the target authentication identifier is the registration authentication identifier cached by the S-CSCF in the registration phase shown in the second embodiment, or the authentication identifier used by the calling user in the previous call.
  • the S-CSCF determines that the call authentication identifier and the target authentication identifier are the same, and the target authentication identifier is valid, it is determined that the call authentication identifier satisfies the second preset condition.
  • the S-CSCF determines that the call authentication identifier and the target authentication identifier are different, the S-CSCF determines that the call authentication identifier is a registration authentication identifier that is not stored in the S-CSCF during the registration phase, or the The call authentication identifier is not the authentication identifier used in the calling user's previous call, and the S-CSCF determines that the call authentication identifier satisfies the third preset condition.
  • Step 403 The S-CSCF rejects the call requested by the first call request message.
  • the calling user cannot implement the call to the called user based on the first call request message.
  • Step 404 the S-CSCF sends a first call request message to the application server.
  • the S-CSCF has created a corresponding relationship between the first user ID of the calling user and the iFC, and the first user ID shown in this embodiment is shown in the calling user registration stage shown in the second embodiment.
  • the iFC please refer to the second embodiment, and details are not repeated.
  • the S-CSCF shown in this embodiment sends the first call request message to the application server according to the iFC information.
  • Step 405 The application server determines that the calling user has the right to make outbound calls, and forwards the modified first call request message to the S-CSCF.
  • the application server creates a correspondence between the calling user's first user identifier and the calling authority. It can be seen that when the application server receives the calling user's first user identifier, The corresponding call authority can be determined, and this embodiment is exemplified by taking the call authority corresponding to the first user ID of the calling user including the outgoing call authority as an example.
  • the application server can add the Display Name parameter to the From header field of the first call request message.
  • the value of the Display Name parameter is the name of the enterprise and the name of the calling user.
  • the value of the Display Name parameter can also be added to the calling party. User ID and other information.
  • the application server may also change the user identity of the calling user in the From and (P-Asserted-Identity, PAI) header fields of the first call request message to the external number of the calling user.
  • Step 406 the S-CSCF sends the first call request message to the called device.
  • the S-CSCF forwards the first call request message to the operator network to which the called device belongs, and the operator network to which the called device belongs then sends the first call request message to the called device.
  • the first call request message shown in this embodiment includes the storage address of the latest call card, and the latest call card may be the initial call card shown in the second embodiment, or the call card generated by the calling user's previous call.
  • Step 407 The called device displays the latest calling card.
  • the operator network sends the latest calling card to the called device.
  • the application server controls the media plane device to send the latest calling card in chromatic image format to the called device.
  • the called device when the called device is ringing, if the called device does not support the video call function, the called device displays the latest call card, which is the content of the Display Name parameter carried in the first call request message.
  • the operator network pushes the storage address of the latest calling card to the called device, and the called device downloads the latest calling card according to the storage address of the latest calling card.
  • the called device displays the latest calling business card in chromatic image format.
  • the called device when the called device is ringing, if the called device does not support the video call function, the called device displays the latest call card, which is the content of the Display Name parameter carried in the first call request message.
  • Step 408 the S-CSCF sends a second call request message to the network authentication server.
  • the S-CSCF determines that the call authentication identifier satisfies the third preset condition, and the S-CSCF determines that the second call request message uses the Bearer authentication method, for example, the second call
  • the request message includes Authorization:Bearer ⁇ Base64( ⁇ token>)>
  • the S-CSCF sends a second call request message including the first user identifier and the call authentication identifier to the network authentication server to request the network authentication server to use
  • the call authentication identifier authenticates the calling user.
  • Step 409 The network authentication server sends a call authentication request to the enterprise authentication server.
  • the call authentication request shown in this embodiment is used for the calling user to implement a call to the called user.
  • Step 410 The enterprise authentication server judges whether the call authentication identifier is valid, if not, executes step 411, if yes, executes step 412.
  • step 410 For the specific execution process of step 410 shown in this embodiment, please refer to the process of the enterprise authentication server judging whether the registration authentication identifier is valid as shown in step 306 of the second embodiment, and details are not repeated.
  • Step 411 The enterprise authentication server sends a notification of invalid call authentication identifier to the network authentication server.
  • the enterprise authentication server shown in this embodiment sends the call authentication identifier invalid notification to the network authentication server through the TLS secure connection, where the call authentication identifier invalid notification is used to indicate that the call authentication identifier is invalid.
  • the network authentication server receives the invalid notification of the call authentication identifier, it will no longer execute the relevant process of the calling user calling the called user.
  • Step 412 The enterprise authentication server sends a call authentication success indication to the network authentication server.
  • the call authentication success indication shown in this embodiment includes a call authentication identifier valid notification, and the call authentication identifier valid notification is used to indicate that the call authentication identifier is valid.
  • the call authentication success indication shown in this embodiment also includes the second user identifier.
  • the enterprise authentication server determines that the call authentication identifier is valid, the enterprise authentication server can correspond to the valid call authentication identifier.
  • the second user identification is sent to the network authentication server.
  • Step 413 The network authentication server sends the target data to the application server.
  • the network authentication server when the network authentication server determines that the calling user has passed the authentication, the network authentication server can send the acquired target data to the application server.
  • the target data in this embodiment includes the identity information of the calling user and the information of the enterprise to which the calling user belongs.
  • the identity information of the calling user comes from the enterprise authentication server.
  • the process of obtaining the information of the enterprise to which the calling user belongs by the network authentication server shown in this embodiment please refer to step 309 of Embodiment 2 for details, and details are not repeated.
  • the network authentication server determines that the authentication is passed, and one condition is to receive a valid notification of the call authentication identifier. Another condition is that the network authentication server determines that the first user identification and the second user identification are the same.
  • the authentication request sent by the network authentication server to the enterprise authentication server also includes the first user identifier, and the enterprise authentication server is judging that the call authentication identifier is valid and the first user identifier and the If the second user identifier is the same, the call authentication success indication is sent to the network authentication server.
  • Step 414 The network authentication server sends the change notification information to the application server.
  • the change notification information shown in this embodiment is used to indicate that the target data stored by the network authentication server is changed.
  • Step 415 The application server obtains the target calling card.
  • the application server when the application server determines that the target data of the calling user has changed according to the change notification information, the application server can obtain the changed target data of the calling user (relevant messages follow 3GPP standard protocol 29.562).
  • the target calling business card shown in this embodiment is business card information formed by typesetting the target data according to the typesetting method of the calling business card, wherein the target data includes the identity information of the calling user and the information of the enterprise to which the calling user belongs. .
  • step 310 for the typesetting method of the calling card and the specific description of the target data, please refer to step 310 in the second embodiment, and details are not described in this embodiment.
  • Step 416 the S-CSCF sends a second call request message to the application server.
  • Step 417 The application server determines that the calling user has the right to make outgoing calls, and forwards the modified second call request message to the S-CSCF.
  • Step 418 The S-CSCF sends the second call request message to the called device.
  • steps 404 to 406 for details, and details are not repeated.
  • Step 419 The called device displays the target calling card.
  • a trust security alliance is established among the operator's network, the enterprise, and enterprise employees (calling users) to ensure that when the called device rings, the displayed calling card information is credible, and the calling card Meet the layout method of the call card to ensure that the information presented by the call card can meet the needs of enterprise customization, and the style of the call card is unified.
  • the personal privacy information of the calling user is prevented from being exposed at the operator, and in the process of calling the called user, the calling card displayed on the The information of the calling user may not involve the personal privacy information of the calling user, which effectively ensures the security of the personal privacy information of the calling user.
  • All the information included in the calling card displayed by the called device shown in this embodiment comes from the enterprise authentication server and/or the enterprise account opening data, not the calling user.
  • the chain of trust formed by the security alliance conducts traceability and accountability.
  • the calling user when the calling user makes a call to the called user, the calling user does not need to pre-register to the operator's network.
  • the following is a case where the calling user does not need to pre-register to the operator's network as shown in FIG. 5 .
  • Step 501 The calling device sends a third call request message to the S-CSCF.
  • the calling user can send a third call request message to the S-CSCF through the calling device to trigger the calling user to call the called user.
  • the third call request message may be a SIP INVITE message, and the SIP INVITE message includes the first user identity and the call authentication identity of the calling user.
  • the SIP INVITE message includes the first user identity and the call authentication identity of the calling user.
  • the description of the first user identity and the call authentication identity please refer to the implementation The description of the first user identity and the call authentication identity of the calling user shown in Example 3 will not be repeated in detail.
  • Step 502 the S-CSCF sends a third call request message to the application server.
  • the S-CSCF determines that the call authentication identifier included in the third call request message is different from the target authentication identifier used by the calling user in the previous call, and the S-CSCF determines that the third call request message
  • the S-CSCF sends a third call request message including the first user ID and the call authentication ID to the network authentication server, so as to request the network authentication server to use the call authentication ID to Ask the user to authenticate.
  • the authentication method of Bearer please refer to the third embodiment, and details are not repeated.
  • Step 503 The network authentication server sends a call authentication request to the enterprise authentication server.
  • step 409 in the third embodiment For the process of sending the call authentication request by the network authentication server to the enterprise authentication server shown in this embodiment, please refer to step 409 in the third embodiment, and details are not repeated.
  • Step 504 the enterprise authentication server judges whether the call authentication identifier is valid, if not, execute step 505, if yes, execute step 506.
  • step 504 For the specific execution process of step 504 shown in this embodiment, please refer to step 410 shown in Embodiment 3, and details will not be repeated.
  • Step 505 The enterprise authentication server sends a notification of invalid call authentication identifier to the network authentication server.
  • Step 506 The enterprise authentication server sends a call authentication success indication to the network authentication server.
  • Step 507 The network authentication server sends the target data to the application server.
  • step 505 to step 507 shown in this embodiment please refer to step 411 to step 413 shown in Embodiment 3 for details, and the specific execution process will not be repeated.
  • Step 508 The application server obtains the target calling card.
  • the application server obtains the target data from the network authentication server.
  • the target calling business card shown in this embodiment is business card information formed by typesetting the target data according to the typesetting method of the calling business card, wherein the target data includes the identity information of the calling user and the information of the enterprise to which the calling user belongs. , for the specific description of the target data, please refer to Embodiment 3, and details are not repeated.
  • Step 509 the S-CSCF sends a third call request message to the application server.
  • Step 510 The application server determines that the calling user has the right to make outgoing calls, and forwards the modified third call request message to the S-CSCF.
  • Step 511 the S-CSCF sends the third call request message to the called device.
  • Step 512 The called device displays the target calling card.
  • step 416 to step 419 shown in Embodiment 3 for details, and the specific execution process is not repeated.
  • the calling user when the calling user makes a call to the called user, the calling user does not need to register with the operator network in advance, so as to avoid the need to register in advance in the process of the calling user calling the called user.
  • the efficiency of the calling user calling the called user is improved, and the consumption of registration-related resources is reduced at the same time.
  • the establishment of a trust security alliance between the operator network, enterprise, and enterprise employees (calling users) can ensure that when the called device rings, the displayed calling card information is credible, and the calling card meets the calling card requirements.
  • the typesetting method ensures that the information presented by the call card can meet the customized needs of the enterprise, and the style of the call card is unified.
  • the personal privacy information of the calling user is prevented from being exposed at the operator, and in the process of calling the called user, the calling card displayed on the The information of the calling user may not involve the personal privacy information of the calling user, which effectively ensures the security of the personal privacy information of the calling user.
  • All the information included in the calling card displayed by the called device shown in this embodiment comes from the enterprise authentication server and/or the enterprise account opening data, not the calling user.
  • the chain of trust formed by the security alliance conducts traceability and accountability.
  • the operator network is taken as an example of the IMS network.
  • the specific network type of the operator network is not limited.
  • the operator network shown in this embodiment may be applicable to A telecommunication network with any architecture, and the specific network type is not limited in this embodiment.
  • This embodiment illustrates that when a calling user inside the enterprise makes a call to a called user outside the enterprise, the registration process flow is first performed.
  • the initial data of the information is typeset according to the typesetting method of the calling card to obtain the initial calling card, so that when the subsequent calling user calls the called user, the operator network can directly send the initial calling card to the called user without calling
  • the initial call card is obtained during the call process, which saves the amount of information exchanged between the operator network and the enterprise authentication server during the call process, shortens the call connection delay, and improves the call efficiency.
  • method which can create the process of enterprise authentication calling user shown in the trust security alliance, specifically referring to Fig. 6, wherein Fig. 6 is another embodiment step flow of the process of performing registration in the communication system provided by this application. picture.
  • Step 601 The calling device sends a login request to the enterprise authentication server.
  • Step 602 The calling device receives the registration authentication identifier from the enterprise authentication server.
  • steps 301 to 302 of the second embodiment for the description of the execution process of steps 601 to 602 shown in this embodiment, please refer to steps 301 to 302 of the second embodiment for details, and details are not repeated.
  • Step 603 The calling device sends a registration request to the operator network.
  • step 303 of Embodiment 2 For a specific description of the registration request shown in this embodiment, please refer to step 303 of Embodiment 2 for details, and details are not repeated.
  • Step 604 The operator network sends an authentication request to the enterprise authentication server.
  • step 305 of Embodiment 2 For a specific description of the authentication request shown in this embodiment, please refer to step 305 of Embodiment 2 for details, and details will not be repeated.
  • the specific network element is not limited.
  • Step 605 The enterprise authentication server determines whether the registration authentication identifier is valid, if not, executes step 606, if yes, executes step 607.
  • Step 606 The enterprise authentication server sends an invalidation notification of the authentication identifier to the operator network.
  • Step 607 The enterprise authentication server sends a registration authentication success indication to the operator network.
  • step 306 to step 308 for the description of the execution process of step 605 to step 607 shown in this embodiment, please refer to step 306 to step 308 for details, and the specific execution process will not be repeated.
  • Step 608 The operator network obtains the initial call business card.
  • Embodiment 5 For the description of the specific type of the operator network shown in this embodiment, please refer to Embodiment 5 for details. The details are not repeated in this embodiment.
  • This embodiment describes that based on the method shown in FIG. How to use the calling device to implement a call to the called user when the calling user has been registered to the operator network. Specifically, refer to FIG. 7 , wherein FIG. 7 is a flowchart of steps of another embodiment of the communication system provided by the present application for performing a call.
  • Step 701 The calling device sends a first call request message to the operator network.
  • step 401 shown in Embodiment 3 for details, and details are not repeated.
  • Step 702 When the operator network determines that the call authentication identifier satisfies the first preset condition, step 703 is performed. When the operator network determines that the call authentication identifier meets the second preset condition, step 704 is performed, and the operator network determines that the call authentication identifier satisfies the second preset condition. When the identifier satisfies the third preset condition, step 706 is performed.
  • step 702 in the operator network shown in this embodiment please refer to step 402 shown in Embodiment 3 for details, and the specific execution process will not be repeated.
  • Step 703 The operator network rejects the call requested by the first call request message.
  • step 403 in Embodiment 3 for details.
  • the specific network elements executed by the operator network in this embodiment are not Do limit.
  • Step 704 The operator network sends the first call request message to the called device.
  • steps 404 to 406 shown in the third embodiment for details.
  • the specific execution process will not be repeated.
  • the specific network elements are not limited.
  • Step 705 The called device displays the latest calling card.
  • step 704 For the description of the execution process of step 704 shown in this embodiment, please refer to step 407 shown in Embodiment 3 for details, and the specific execution process will not be repeated.
  • Step 706 The operator network sends a call authentication request to the enterprise authentication server.
  • step 706 For the description of the execution process of step 706 shown in this embodiment, please refer to steps 408 to 409 shown in Embodiment 3 for details, and the specific execution process will not be repeated.
  • Step 707 The enterprise authentication server judges whether the call authentication identifier is valid, if not, executes step 708, if yes, executes step 709.
  • Step 708 The enterprise authentication server sends a notification of invalid call authentication identifier to the operator network.
  • Step 709 The enterprise authentication server sends a call authentication success indication to the operator network.
  • Step 710 The operator network sends the second call request message to the called device.
  • step 410 to step 418 for details, and details are not repeated, and this embodiment does not limit the specific network elements executed by the operator network.
  • Step 711 The called device displays the target calling card.
  • step 419 For the description of the execution process of step 711 shown in this embodiment, please refer to step 419 for details, and details are not repeated.
  • the calling user is making a call to the called user.
  • the calling user does not need to pre-register to the operator network.
  • the following describes the process of the calling user calling the called user in the case that the calling user does not need to pre-register to the operator network as shown in Figure 8:
  • Step 801 The calling device sends a third call request message to the operator network.
  • Step 802 The operator network sends a call authentication request to the enterprise authentication server.
  • step 501 to step 503 shown in Embodiment 4 for details, and details will not be repeated. Yuan is not limited.
  • Step 803 The enterprise authentication server judges whether the call authentication identifier is valid, if not, executes step 804, if yes, executes step 805.
  • Step 804 The enterprise authentication server sends a call authentication identifier invalid notification to the operator network.
  • Step 805 The enterprise authentication server sends a call authentication success indication to the operator network.
  • step 504 to step 506 shown in Embodiment 4 for details, and details will not be repeated. Yuan is not limited.
  • Step 806 the operator network obtains the target calling business card.
  • step 806 For the description of the execution process of step 806 shown in this embodiment, please refer to step 507 to step 508 shown in Embodiment 4 for details, and details are not repeated. This embodiment does not describe the specific network elements executed by the operator network. limited.
  • Step 807 The operator network sends the third call request message to the called device.
  • step 807 For the description of the execution process of step 807 shown in this embodiment, please refer to step 509 to step 511 shown in Embodiment 4 for details, and details are not repeated, and this embodiment does not describe the specific network elements executed by the operator network limited.
  • Step 808 The called device displays the target calling card.
  • step 512 For the description of the execution process of step 808 shown in this embodiment, please refer to step 512 for details, and details are not repeated.
  • Embodiment 5 to Embodiment 7 shown in this embodiment please refer to Embodiment 2 to Embodiment 4, and details are not repeated.
  • This embodiment describes the structure of a network device that executes the above call processing method with reference to FIG. 9 :
  • the network device 900 specifically includes: a processing unit 901 and a transceiver unit 902 , wherein the processing unit 901 is connected to the transceiver unit 902 .
  • the processing unit 901 is configured to execute the processing functions performed by the network authentication server in any of Embodiments 2 to 4, and the transceiver unit 902 It is used to perform the sending and receiving function performed by the network authentication server in any one of Embodiments 2 to 4.
  • the processing unit 901 is configured to execute the processing functions performed by the enterprise authentication server in any of Embodiments 2 to 8, and the transceiver unit 902 It is used to perform the sending and receiving function performed by the enterprise authentication server in any one of Embodiments 2 to 8.
  • the processing unit 901 is configured to perform the processing functions performed by the S-CSCF in any of Embodiments 2 to 4, and the transceiver unit 902 is configured to perform The transceiver function performed by the S-CSCF in any of the second embodiment to the fourth embodiment is performed.
  • the processing unit 901 is configured to execute the processing functions performed by the application server in any of Embodiments 2 to 4, and the transceiver unit 902 is configured to execute the processing function.
  • the sending and receiving function is performed by the application server.
  • the processing unit 901 is configured to execute the processing functions performed by the calling device in any of Embodiments 2 to 8, and the transceiver unit 902 is configured to The transceiver function performed by the calling device in any of the second embodiment to the eighth embodiment is performed.
  • the processing unit 901 is configured to execute the processing functions performed by the operator network in any of Embodiments 5 to 7, and the transceiver unit 902 is configured to Perform the transceiver function performed by the operator network in any of the fifth embodiment to the seventh embodiment.
  • the network device 1000 specifically includes: a processor 1001 , a memory 1002 , a bus 1003 , a transceiver 1004 and a network interface 1006 .
  • memory 1002 may include computer storage media in the form of volatile and/or non-volatile memory, such as read-only memory and/or random access memory.
  • Memory 1002 may store operating systems, application programs, other program modules, executable code, and program data.
  • the transceiver 1004 can be used to input commands and information to the network device, and the transceiver 1004 can be connected to the processor 1001 through the bus 1003 . Transceiver 1004 may also be used to output information from network devices, such as selected placeholder servers and/or placeholder virtual machines.
  • the network device may be connected to the communication network through the network interface 1006.
  • the computer-executed instructions stored in the network device may be stored in a remote storage device, rather than being limited to local storage.
  • the network device can perform the method operations of any one of the above method embodiments. For the specific execution process, refer to the above method embodiments. No longer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明实施例提供了一种呼叫处理方法、相关设备以及通信系统,其能够保证主叫设备呼叫被叫设备时,被叫设备振铃时所显示的与主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息是可信的。方法包括:网络鉴权服务器接收来自主叫设备的呼叫请求消息,呼叫请求消息包括主叫用户的第一用户标识和呼叫鉴权标识;网络鉴权服务器向第一用户标识对应的企业鉴权服务器发送呼叫鉴权请求,呼叫鉴权请求包括呼叫鉴权标识;网络鉴权服务器接收来自企业鉴权服务器的呼叫鉴权成功指示,呼叫鉴权成功指示用于指示鉴权通过;网络鉴权服务器向被叫设备发送目标数据,目标数据包括主叫用户的身份信息,和/或,主叫用户所属的企业的信息。

Description

一种呼叫处理方法、相关设备以及通信系统 技术领域
本申请涉及通信领域,尤其涉及一种呼叫处理方法、相关设备以及通信系统。
背景技术
IP多媒体子系统(IP multimedia subsystem,IMS)是一种全新的多媒体业务形式,它能够满足更新颖、更多样化多媒体业务的需求。IMS是解决移动与固网融合,引入语音、数据、视频三重融合等差异化业务的重要方式。
基于IMS,企业内部的主叫用户向企业外部的被叫用户呼叫时,主叫用户可向被叫用户发送与主叫用户相关的信息,但是,与主叫用户相关的信息的可信度比较低。
发明内容
本发明实施例第一方面提供了一种呼叫处理方法、相关设备以及通信系统,其能够在运营商网络、企业、主叫用户之间建立信任安全联盟,可保证被叫设备振铃时,所显示的呼叫名片的信息是可信的。
本发明实施例第一方面提供了一种呼叫处理方法,所述方法包括:网络鉴权服务器接收来自主叫设备的呼叫请求消息,所述主叫设备为主叫用户所使用的设备,所述呼叫请求消息包括所述主叫用户的第一用户标识和呼叫鉴权标识;所述网络鉴权服务器向所述第一用户标识对应的企业鉴权服务器发送呼叫鉴权请求,所述呼叫鉴权请求包括所述呼叫鉴权标识;所述网络鉴权服务器接收来自所述企业鉴权服务器的呼叫鉴权成功指示,所述呼叫鉴权成功指示用于指示鉴权通过;所述网络鉴权服务器向被叫设备发送目标数据,所述被叫设备为被叫用户所使用的设备,所述目标数据包括所述主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息。
可见,网络鉴权服务器向被叫设备所发送的目标数据来自企业鉴权服务器和/或企业开户数据,而非主叫用户,有效保证了向被叫设备所发送的目标数据的可信性。而且主叫用户无需在运营商网络开户的情况下,即可使用运营商网络提供的呼叫被叫用户的业务,从而避免了主叫用户在运营商网络开户所导致的主叫用户上线慢,主叫用户的个人隐私信息暴露的问题。
在一个可选地实现方式中,上述呼叫鉴权成功指示用于指示呼叫鉴权通过。
基于第一方面,一种可选地实现方式中,所述呼叫鉴权成功指示包括第二用户标识,所述网络鉴权服务器向被叫设备发送目标数据包括:所述网络鉴权服务器确定所述第一用户标识和所述第二用户标识相同,即网络鉴权服务器鉴权通过,则向所述被叫设备发送目标数据。
可见,网络鉴权服务器在确定呼叫鉴权标识鉴权通过,且确定第一用户标识和第二用户标识相同,才会向被叫设备发送目标数据,从而使得网络鉴权服务器能够对鉴权通过的主叫用户执行向被叫用户进行呼叫的过程。
基于第一方面,一种可选地实现方式中,所述网络鉴权服务器向被叫设备发送目标数据包括:所述网络鉴权服务器向所述企业鉴权服务器获取所述目标数据,向所述被叫设备 发送所述目标数据。
可见,本方面所示的目标数据来自企业鉴权服务器,而非主叫用户,有效保证了向被叫设备所发送的目标数据的可信性。
基于第一方面,一种可选地实现方式中,所述网络鉴权服务器向被叫设备发送目标数据包括:所述网络鉴权服务器向所述被叫设备发送所述呼叫请求消息,所述呼叫请求消息包括所述目标数据。
基于第一方面,一种可选地实现方式中,所述网络鉴权服务器向被叫设备发送目标数据包括:所述网络鉴权服务器通过媒体面设备向所述被叫设备发送所述目标数据。
基于第一方面,一种可选地实现方式中,所述网络鉴权服务器向被叫设备发送目标数据包括:所述网络鉴权服务器向所述企业鉴权服务器获取所述目标数据,对所述目标数据进行排版,向所述被叫设备发送排版后的所述目标数据。
基于第一方面,一种可选地实现方式中,所述网络鉴权服务器向被叫设备发送目标数据包括:所述网络鉴权服务器向所述企业鉴权服务器获取所述目标数据;所述网络鉴权服务器向媒体面设备发送通知信息,所述通知信息用于指示所述媒体面设备或应用服务器对所述目标数据进行排版,并向所述被叫设备发送排版后的所述目标数据。
基于第一方面,一种可选地实现方式中,所述网络鉴权服务器接收来自主叫设备的呼叫请求消息之前,所述方法还包括:所述网络鉴权服务器接收来自所述主叫设备的注册请求消息,所述注册请求消息包括所述第一用户标识和注册鉴权标识;所述网络鉴权服务器向所述第一用户标识对应的所述企业鉴权服务器发送鉴权请求,所述鉴权请求包括所述注册鉴权标识;所述网络鉴权服务器接收来自所述企业鉴权服务器的注册鉴权成功指示,所述注册鉴权成功指示用于指示所述鉴权通过;所述网络鉴权服务器获取初始数据,所述初始数据包括所述主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息。
可见,企业内部的主叫用户向企业外部的被叫用户呼叫时,先执行注册处理流程,基于该注册处理流程,以便于后续主叫用户呼叫被叫用户时,运营商网络能够直接将该初始数据发送至被叫用户,无需在呼叫的过程中生成初始数据,缩短了呼叫处理时延,提高了呼叫效率,而且能够创建信任安全联盟所示的企业鉴权主叫用户的过程。
在一个可选地实现方式中,上述注册鉴权成功指示用于指示注册鉴权通过。
基于第一方面,一种可选地实现方式中,所述注册鉴权成功指示包括第三用户标识,所述方法还包括:所述网络鉴权服务器确定所述第一用户标识和所述第三用户标识相同,则确定鉴权通过。可见,网络鉴权服务器在确定鉴权通过,且确定第一用户标识和第三用户标识相同,才会获取该初始数据,以便于后续主叫用户呼叫被叫用户时,运营商网络能够直接将该初始数据发送至被叫设备,无需在呼叫的过程中生成初始数据,缩短了呼叫处理时延,提高了呼叫效率。
基于第一方面,一种可选地实现方式中,所述网络鉴权服务器向被叫设备发送目标数据包括:若所述网络鉴权服务器确定所述呼叫鉴权标识和所述注册鉴权标识相同,则所述网络鉴权服务器确定所述目标数据为所述初始数据。
可见,网络鉴权设备确定呼叫鉴权标识和所述注册鉴权标识相同,则能够将该初始数 据发送至被叫设备,无需在呼叫的过程中生成初始数据,缩短了呼叫处理时延,提高了呼叫效率。
基于第一方面,一种可选地实现方式中,所述网络鉴权服务器向被叫设备发送目标数据包括:若所述网络鉴权服务器确定所述呼叫鉴权标识和所述注册鉴权标识不相同,则所述网络鉴权服务器接收来自所述企业鉴权服务器的所述目标数据,所述目标数据和所述初始数据互不相同。
可见,网络鉴权设备确定呼叫鉴权标识和所述注册鉴权标识不相同,则需要重新向企业鉴权服务器获取目标数据,进而将该目标数据发送至被叫设备。
基于第一方面,一种可选地实现方式中,所述方法还包括:所述网络鉴权服务器接收所述企业鉴权服务器的设备证书对应的第一电子认证服务CA证书;所述网络鉴权服务器使用所述第一CA证书创建所述网络鉴权服务器和所述企业鉴权服务器之间的安全传输层协议TLS安全连接,所述网络鉴权服务器通过所述TLS安全连接与所述企业鉴权服务器进行数据交互。
可见,在网络鉴权服务器和企业鉴权服务器之间创建TLS安全连接,有效地保证网络鉴权服务器和企业鉴权服务器之间所交互的消息的安全性,提升执行本方面所示的呼叫处理方法的过程的安全性。
本发明实施例第二方面提供了一种呼叫处理方法,所述方法包括:企业鉴权服务器接收来自网络鉴权服务器的呼叫鉴权请求,所述呼叫鉴权请求包括呼叫鉴权标识;若所述企业鉴权服务器根据所述呼叫鉴权标识确定鉴权通过,则所述企业鉴权服务器向所述网络鉴权服务器发送呼叫鉴权成功指示和目标数据,所述呼叫鉴权成功指示用于指示所述呼叫鉴权标识鉴权通过,所述目标数据包括所述主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息。
本方面所示的有益效果的说明,请参加上述第一方面所示,具体不做赘述。
基于第二方面,一种可选地实现方式中,所述企业鉴权服务器接收来自网络鉴权服务器的呼叫鉴权请求之前,所述方法还包括:所述企业鉴权服务器接收来自所述网络鉴权服务器的鉴权请求,所述鉴权请求包括注册鉴权标识;若所述企业鉴权服务器根据所述注册鉴权标识确定鉴权通过,则所述企业鉴权服务器向所述网络鉴权服务器发送注册鉴权成功指示和初始数据,所述初始数据包括所述主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息。
基于第二方面,一种可选地实现方式中,若所述呼叫鉴权标识和所述注册鉴权标识不相同,则所述企业鉴权服务器向所述网络鉴权服务器发送所述目标数据,所述目标数据和所述初始数据互不相同。
基于第二方面,一种可选地实现方式中,所述方法还包括:所述企业鉴权服务器接收所述网络鉴权服务器的设备证书对应的第二电子认证服务CA证书;所述企业鉴权服务器使用所述第二CA证书创建所述企业鉴权服务器和所述网络鉴权服务器之间的安全传输层协议TLS安全连接,所述企业鉴权服务器通过所述TLS安全连接与所述网络鉴权服务器进行数据交互。
基于第二方面,一种可选地实现方式中,所述企业鉴权服务器接收来自网络鉴权服务器的呼叫鉴权请求之后,所述方法还包括:若所述企业鉴权服务器根据所述呼叫鉴权标识确定鉴权未通过,则所述企业鉴权服务器向所述网络鉴权服务器发送鉴权无效通知信息,所述鉴权无效通知信息用于指示鉴权未通过。
基于第二方面,一种可选地实现方式中,所述企业鉴权服务器接收来自网络鉴权服务器的呼叫鉴权请求之前,所述方法还包括:所述企业鉴权服务器接收来自所述主叫设备的第一用户标识,所述第一用户标识为所述主叫用户的标识;所述企业鉴权服务器向所述主叫设备发送与所述第一用户标识对应的所述呼叫鉴权标识。
基于第二方面,一种可选地实现方式中,所述企业鉴权服务器接收来自网络鉴权服务器的鉴权请求之前,所述方法还包括:所述企业鉴权服务器接收来自所述主叫设备的第一用户标识,所述第一用户标识为所述主叫用户的标识;所述企业鉴权服务器向所述主叫设备发送与所述第一用户标识对应的所述注册鉴权标识。
本发明实施例第三方面提供了一种呼叫处理方法,所述方法包括:主叫设备从企业鉴权服务器获取主叫用户的注册鉴权标识,所述主叫设备向IMS网络发送注册请求,所述注册请求包括所述主叫用户的第一用户标识和所述注册鉴权标识;所述主叫设备接收所述IMS网络发送的鉴权成功的响应消息。
本方面所示的有益效果的说明,请参见上述第一方面所示,具体不做赘述。
基于第三方面,一种可选地实现方式中,所述主叫设备从企业鉴权服务器获取主叫用户的注册鉴权标识之前,所述方法还包括:所述主叫设备向企业鉴权服务器发送登录请求,所述登录请求包括所述第一用户标识。
本发明实施例第四方面提供了一种呼叫处理方法,所述方法包括:主叫设备向IMS网络发送呼叫请求消息,所述呼叫请求消息包括使用所述主叫设备的主叫用户的第一用户标识和呼叫鉴权标识;所述主叫设备接收来自被叫设备的呼叫响应消息,所述被叫设备为被叫用户所使用的设备;所述主叫设备根据所述呼叫响应消息接通与所述被叫设备之间的呼叫。
本发明第四方面提供了一种呼叫处理的方法,应用服务器接收来自网络鉴权服务器的主叫用户的身份信息和/或所述主叫用户所属的企业的信息;应用服务器获取呼叫名片,所述呼叫名片包括所述主叫用户的身份信息和/或所述主叫用户所属的企业的信息的呼叫名片。
基于第四方面,一种可选地实现方式中,所述应用服务器获取呼叫名片包括:所述应用服务器接收来自网络鉴权服务器的所述主叫用户身份信息、所述主叫用户所属的企业的信息以及呼叫名片的排版方式;所述应用服务器将所述主叫用户身份信息、所述主叫用户所属的企业的信息以及呼叫名片的排版方式转发给媒体面设备,所述媒体面设备用于对所述主叫用户身份信息和所述主叫用户所属的企业的信息按照所述呼叫名片的排版方式进行排版以获取呼叫名片。
基于第四方面,一种可选地实现方式中,所述应用服务器获取呼叫名片包括:所述应用服务器接收来自所述网络鉴权服务器的所述呼叫名片。
本发明实施例第五方面提供了一种网络鉴权服务器,包括相互耦合的处理器和存储器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如上述第一方面任一项所述的方法。
本发明实施例第六方面提供了一种企业鉴权服务器,包括相互耦合的处理器和存储器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如上述第二方面任一项所述的方法。
本方面实施例第七方面提供了一种主叫设备,包括相互耦合的处理器和存储器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如上述第三方面任一项所述的方法。
本方面实施例第八方面提供了一种应用服务器,包括相互耦合的处理器和存储器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如上述第四方面任一项所述的方法。
本方面实施例第九方面提供了一种通信系统,包括网络鉴权服务器以及企业鉴权服务器,所述网络鉴权服务器如上述第五方面所示,所述企业鉴权服务器如上述第六方面所示。
基于第九方面,一种可选地实现方式,所述通信系统还包括主叫设备和应用服务器,所述主叫设备如上述第七方面所示,所述应用服务器如上述第八方面所示。
附图说明
图1为本申请所提供的通信系统的一种实施例结构示例图;
图2为本申请所提供的通信系统执行开户的过程的一种实施例步骤流程图;
图3为本申请所提供的通信系统执行注册的过程的一种实施例步骤流程图;
图4为本申请所提供的通信系统执行呼叫的过程的一种实施例步骤流程图;
图5为本申请所提供的通信系统执行呼叫的过程的另一种实施例步骤流程图;
图6为本申请所提供的通信系统执行注册的过程的另一种实施例步骤流程图;
图7为本申请所提供的通信系统执行呼叫的过程的另一种实施例步骤流程图;
图8为本申请所提供的通信系统执行呼叫的过程的另一种实施例步骤流程图;
图9为本申请所提供的网络设备的一种实施例结构示例图;
图10为本申请所提供的网络设备的另一种实施例结构示例图。
具体实施方式
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
本申请中出现的术语“和/或”,可以是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。
本申请提供了一种呼叫处理方法,为更好的理解本申请所提供的呼叫处理方法,以下首先结合图1所示对本申请所示的方法所应用的通信系统的结构进行说明:
本实施例所示的通信系统包括依次连接的运营商管理设备111、运营商网络120以及企业网络130,本实施例对运营商网络120的具体网络类型不做限定,例如,该运营商网络120的网络类型为IMS、第三代合作伙伴计划(3rd generation partnership project,3GPP)或中国通信标准化协会(china communications standards association,CCSA),以及未来出现的任意网络架构。以下本申请各实施例以运营商网络120为IMS为例。
以下对该运营商网络120所包括的各个网元进行说明,需明确的是,本实施例对各个网元类型的说明为可选地示例性,不做限定。
本实施例所示的运营商网络120包括网络鉴权服务器121,本实施例所示的网络鉴权服务器还可称之为第三方账号管理(thirdparty account management,TAM)设备。
网络鉴权服务器121连接有网元122、网元123以及网元124,其中,网元122集成有多媒体资源功能控制器(multimedia resource function controller,MRFC)以及多媒体资源功能处理器(multimedia resource function processor,MRFP)。网元123为应用服务器(application server,AS)。网元124集成有查询-呼叫会话控制功能(interrogating-call session control function,I-CSCF)以及服务-呼叫会话控制功能(serving-call session control function,S-CSCF)。其中,网元可以称为设备。
网元124连接有网元125以及网元126,其中,该网元125为互通会话边界控制器(interconnect-session border controller,I-SBC),该网元126集成有接入会话边界控制器(access-session border controller,A-SBC)以及代理-呼叫会话控制功能(proxy-call session control function,P-CSCF)。
以下对本实施例所示的企业网络130的结构进行说明,需明确的是,本实施例对该企业网络130的说明为可选地示例,不做限定。
该企业网络130具体包括企业鉴权服务器131、企业接入代理设备132以及主叫终端133,其中,企业鉴权服务器131分别与网络鉴权服务器121、企业接入代理设备132以及主叫终端133连接。该企业接入代理设备132与网元125或网元126连接,该主叫终端133与网元126连接。
其中,该主叫终端133可为智能终端、计算机中的任一设备。该主叫终端内置IMS软件开发工具包(software development kit,SDK),以实现本申请所示的呼叫处理流程。
基于图1所示的通信系统,以下对该通信系统执行呼叫处理方法的各个实施例进行说明,为更好的理解本申请所示的各个实施例,首先对本申请所示的呼叫处理方案所要实现的目的进行概述性说明:
本申请所示的呼叫处理方法,主叫用户在对被叫用户进行呼叫的时候,可向被叫用户发送呼叫名片,被叫用户所使用的被叫设备在振铃的时候,即可显示该呼叫名片。该呼叫名片包括与主叫用户相关的信息,和/或,该呼叫名片包括与主叫用户所属的企业相关的信息,对呼叫名片的具体内容不做限定。本申请能够保证在主叫用户呼叫被叫用户的过程中,向被叫用户发送的该呼叫名片是可信的,避免被叫用户接收到不可信的数据。
为保证主叫用户向被叫用户所发送的呼叫名片的可信性,则本申请所示的呼叫处理方法能够创建信任安全联盟,该信任安全联盟是指,运营商网络鉴权企业,企业鉴权主叫用户(可以理解,该主叫用户为该企业的员工),可见,若企业被运营商网络鉴权通过,主叫用户被企业鉴权通过,那么,运营商网络可信任来自企业的数据,企业可信任来自主叫用户的数据,运营商网络基于可信任的来自企业的数据即可构造可信任的呼叫名片,从而保证运营商网络向被叫用户所发送的呼叫名片的可信性。
需明确的是,上述对信任安全联盟所包括的对象的说明为可选地示例,不做限定,例如,该信任安全联盟还可指,运营商网络鉴权第三方网络,第三方网络鉴权企业,企业鉴权主叫用户,其中,该第三方网络可为企业租用的用于执行呼叫相关业务的网络,例如,该第三方网络可为软件即服务(software-as-a-service SaaS)平台。可见,若第三方网络被运营商网络鉴权通过,企业被第三方网络鉴权通过,主叫用户被企业鉴权通过,那么,运营商网络可信任来自第三方网络的数据,第三方网络可信任来自企业的数据,企业可信任来自主叫用户的数据,运营商网络基于可信任的来自第三方网络的数据即可构造可信任的呼叫名片,从而保证运营商网络向被叫用户所发送的呼叫名片的可信性。
下述各个实施例以信任安全联盟是指运营商网络鉴权企业,企业鉴权主叫用户为例进行说明:
实施例一
本实施例说明基于图1所示的通信系统,对企业开户的过程进行说明,通过本实施例所示的企业开户的过程,能够创建信任安全联盟所示的运营商网络鉴权企业的过程,具体参见图2所示,其中,图2为本申请所提供的通信系统执行开户的过程的一种实施例步骤流程图。
步骤201、运营商管理设备接收来自企业的开户申请资料。
本实施例中,在企业确定需要基于上述信任安全联盟向被叫用户发送可信任的呼叫名片的情况下,企业预先在运营商处开户,开户的过程是指企业到运营商营业厅申请鉴权,提交企业的开户申请资料,运营商运营人员核实后通过鉴权,在运营商管理设备内开通企业账户。
本实施例对开户申请资料不做限定,只要运营商运营人员能够基于该开户申请资料对该企业是否可信任进行鉴权即可。
步骤202、运营商管理设备向网络鉴权服务器发送企业开户数据。
运营商运营人员通过运营商管理设备向网络鉴权服务器发送企业开户数据,该企业开户数据可包括如下所示的一项或多项:
企业认证的域名、企业鉴权服务器的设备证书对应的第一电子认证服务(certificate  authority,CA)证书、企业可信信息、企业签约的业务信息、呼叫名片的排版方式、企业的初始过滤准则(initial filter criteria,iFC)信息等。
其中,企业可信信息可为企业名称、企业商标(LOGO)、与企业相关的图片、与企业相关的音频、或与企业相关的视频等。企业签约的业务信息可为企业默认的呼叫权限,该默认的呼叫权限可为企业内的员工具有内呼的权限或企业外呼的权限,企业内呼的权限是指企业内员工之间的呼入和呼出,企业外呼的权限为企业内部的员工和企业外部的人员之间的呼入和呼出。iFC信息可为iFC模板标识(ID)或iFC内容,iFC模板ID与iFC内容对应,即在获取到iFC模板ID的情况下,即可获取到对应的iFC内容,iFC内容用于运营商网络触发对应的业务,例如,补充业务、智能业务、彩铃业务、彩振业务等。
该呼叫名片的排版方式是指,所生成的呼叫名片中,所述主叫用户的身份信息的显示方式以及显示位置,和/或,所述主叫用户所属的企业的信息的显示方式以及显示位置。
其中,主叫用户所属的企业的信息可为如下所示的一项或多项:
企业名称、企业LOGO、与企业相关的图片、与企业相关的音频或与企业相关的视频。
主叫用户的身份信息可为如下所示的一项或多项:
主叫用户的名称、工号、头像、主叫用户的职位信息等,其中,该主叫用户的名称可为主叫用户的姓名,也可为主叫用户的昵称等,具体在本实施例中不做限定。
可见,基于该呼叫名片的排版方式,即可确认企业名称、企业LOGO、与企业相关的图片、与企业相关的音频、与企业相关的视频、主叫用户的名称、工号、头像等信息,在呼叫名片中的显示方式以及显示位置。在生成呼叫名片的过程中,即可将企业相关信息和主叫用户相关信息,按照呼叫名片的排版方式进行排版以获取该呼叫名片。
步骤203、企业鉴权服务器配置预设呼叫信息。
本实施例中,企业在运营商网络的鉴权通过后,企业在企业鉴权服务器输入配置指令,企业鉴权服务器即可根据配置指令进行预设呼叫信息的配置,该预设呼叫信息可包括如下所示的一项或多项:
网络鉴权服务器的设备证书对应的第一CA证书、企业内部的员工的用户标识(User ID)与外呼号码的对应关系、企业内部的员工的呼叫权限。
针对企业内部的员工的呼叫权限,可针对不同的员工配置不同的呼叫权限,例如,员工A仅具有与企业内部的员工之间的内呼和外呼的权限,又如,员工B具有与企业外部的被叫用户之间的内呼和外部的权限等,具体不做限定。
实施例二
本实施例说明基于图1所示的通信系统,企业内部的主叫用户为向企业外部的被叫用户呼叫时,先执行注册处理流程,基于该注册处理流程,将包括主叫用户的身份信息和/或主叫用户所属的企业的信息的初始数据,按照呼叫名片的排版方式进行排版以获取初始呼叫名片,以便于后续主叫用户呼叫被叫用户时,运营商网络能够直接将该初始呼叫名片发送至被叫用户,无需在呼叫的过程中获取该初始呼叫名片,节省了呼叫过程中运营商网络与企业鉴权服务器之间所交互的信息量,缩短了呼叫接续时延,提高了呼叫效率,而且基于 本实施例所示的方法,能够创建信任安全联盟所示的企业鉴权主叫用户的过程,具体参见图3所示,其中,图3为本申请所提供的通信系统执行注册的过程的一种实施例步骤流程图。
步骤301、主叫设备向企业鉴权服务器发送登录请求。
本实施例所示的主叫设备可为主叫终端或企业接入代理设备。该主叫终端可运行企业应用程序(APP),该主叫终端通过该企业APP能够实现本申请所示的呼叫处理方法中,由主叫设备执行的流程。
主叫用户对企业外部的被叫用户进行呼叫时,可通过主叫设备向企业鉴权服务器发送该登录请求,该登录请求包括该主叫用户的第一用户标识。
本实施例所示的第一用户标识(也可称之为UserID)可为该主叫用户的邮箱地址,例如,zhangsan@xxx.com。本实施例所示的第一用户标识有别于运营商网络现有的E.164号码,可见,该第一用户标识对运营商网络而言属于异构标识,本申请所示的主叫用户向被叫用户进行呼叫的过程,所使用的不是E.164号码,而是本实施例所提供的作为异构标识的第一用户标识(即主叫用户的邮箱地址)。
步骤302、主叫设备接收来自企业鉴权服务器的注册鉴权标识。
本实施例所示的企业鉴权服务器接收到该第一用户标识,即可为该第一用户标识分配注册鉴权标识,该注册鉴权标识用于注册至运营商网络。
本实施例对注册鉴权标识不做限定,本实施例以该注册鉴权标识为令牌(token)为例进行示例性说明。
步骤303、主叫设备向S-CSCF发送注册请求。
其中,所述注册请求包括所述主叫用户的第一用户标识和所述注册鉴权标识。
本实施例所示的注册请求为会话发起协议(session initiation protocol,SIP)注册(REGISTER)消息,该注册请求需要携带主叫用户的第一用户标识和所述注册鉴权标识。
以下对本实施例所示的SIP REGISTER消息进行说明:
本实施例所示的该SIP REGISTER消息所使用的SIP用户标识格式可为<UserID>@<固定域名>。
本实施例所示的第一用户标识UserID以zhangsan@xxx.com为例,本示例通过SIP用户标识用于携带第一用户标识,该SIP用户标识可为zhangsan@xxx.com@2b.ims.<operator>.com,其中,2b.ims.<operator>.com为运营商网络为基于异构标识(即第一用户标识)接入运营商网络的统一定义的固定域名。
因SIP协议所规定的消息中不能够包括两个“@”,则主叫设备可对UserID(如zhangsan@xxx.com)中的“@”进行转义,本实施例对转义的具体规则的说明为可选地示例,不做限定,例如,主叫设备将UserID中的“@”转义为“%40”。
本实施例所示的token可使用基于64个可打印字符来表示二进制数据(Base64)的编码格式,该token可通过授权(Authorization)头域和扩展的鉴权方式(如Bearer)携带,如消息格式可为:Authorization:Bearer<Base64(<token>)>。
例如,该SIP REGISTER消息具体可为如下所示:
SIP REGISTER:2b.ims.<operator>.com
From/To:SIP zhangsan%40xxx.com@2b.ims.<operator>.com
Authorization:Bearer<Base64(<token>)>
以下对主叫设备向S-CSCF发送注册请求的过程进行说明:
参见图1所示,以主叫设备为主叫终端133为例,主叫终端133向网元126(具体地为P-CSCF)发送该注册请求,P-CSCF再转发该注册请求至网元124(具体为I-CSCF),I-CSCF再转发该注册请求至S-CSCF,其中,P-CSCF和I-CSCF按照SIP用户注册的标准流程(参见3GPP TS 24.229)处理SIP REGISTER消息后转发给S-CSCF。
步骤304、S-CSCF向网络鉴权服务器发送第一用户标识和注册鉴权标识。
S-CSCF判断注册请求使用Bearer的鉴权方式时,向网络鉴权服务器发送第一用户标识和注册鉴权标识,以请求网络鉴权服务器利用注册鉴权标识对主叫用户进行鉴权。
本实施例所示的S-CSCF通过超文本传输安全协议(hyper text transfer protocol over secure socket layer,HTTPS)请求消息向网络鉴权服务器发送第一用户标识和注册鉴权标识,该HTTPS请求消息可为如下所示:
HTTPS POST统一资源标识符(uniform resource identifier,URI)=TAMBaseRealm/zhangsan%40xxx.com@2b.ims.<operator>.com/open-authorize{“token”}
其中,消息中的“TAMBaseRealm”用于指示网络鉴权服务器对本消息执行本实施例所示的注册流程,“zhangsan%40xxx.com”为第一用户标识,“token”为注册鉴权标识。
步骤305、网络鉴权服务器向企业鉴权服务器发送鉴权请求。
本实施例所示的网络鉴权服务器接收到该第一用户标识的情况下,即可根据该第一用户标识确定出对应的企业鉴权服务器。
由上述示例可知,本实施例所示的第一用户标识为用户的邮箱地址(例如,zhangsan@xxx.com),则网络鉴权服务器即可在第一用户标识中获得企业域名(例如xxx.com)。网络鉴权服务器根据该企业域名即可查询出企业鉴权服务器的地址。
具体地,由上述所示可知,网络鉴权服务器从S-CSCF接收到的第一用户标识为zhangsan%40xxx.com,本步骤所示的网络鉴权服务器在根据第一用户标识确定对应的企业鉴权服务器的过程中,企业鉴权服务器对被转义的第一用户标识(zhangsan%40xxx.com)进行恢复以获取到恢复转义后的第一用户标识(zhangsan@xxx.com)。可见,网络鉴权服务器即可根据恢复转义后的第一用户标识查询出对应的企业鉴权服务器的地址。
本实施例所示的网络鉴权服务器向所述企业鉴权服务器所发送的鉴权请求包括注册鉴权标识。
可选地,本实施例所示可通过HTTPS发送所述鉴权请求。
本实施例中,为保证网络鉴权服务器和企业鉴权服务器之间所交互的消息的安全性,提升执行本申请所示的呼叫处理方法的过程的安全性,则本实施例所示的网络鉴权服务器和企业鉴权服务器之间可创建传输层安全性协议(transport layer security,TLS)安全连接,基于该TLS连接,有效地保证了网络鉴权服务器和企业鉴权服务器之间所交互的消息的安全性。
以下对网络鉴权服务器和企业鉴权服务器之间创建TLS安全连接的过程进行示例性说 明:
网络鉴权服务器接收企业鉴权服务器的设备证书对应的第一CA证书,企业鉴权服务器接收网络鉴权服务器的设备证书对应的第二CA证书,具体地,本实施例所示的第一CA证书可为实施例一中,由运营商管理设备向网络鉴权服务器发送的。
所述网络鉴权服务器使用所述第一CA证书,所述企业鉴权服务器使用所述第二CA证书,创建所述企业鉴权服务器和所述网络鉴权服务器之间的TLS安全连接,以保障网络鉴权服务器和企业鉴权服务器之间所交互的消息的安全性。
例如,该鉴权请求可为如下所示:
HTTPS GET URI=BaseRealm/zhangsan%40xxx.com@2b.ims.<operator>.com/token
其中,消息中的“token”为注册鉴权标识。
步骤306、企业鉴权服务器判断注册鉴权标识是否有效,若否,则执行步骤307,若是,则执行步骤308。
本实施例所示的注册鉴权标识为token,则企业鉴权服务器即可判断该token是否位于有效期内,该有效期可为绝对有效期,例如,该有效期的起始时刻为A1,该有效期的终止时刻为A2,该A1时刻和A2时刻可为任意互不相同的两个时刻。若企业鉴权服务器判断出该token位于该有效期内,则企业鉴权服务器确定该token有效,若企业鉴权服务器判断出该token位于该有效期之外,则企业鉴权服务器确定该token无效。
又如,该有效期可为剩余有效时长,可见,若注册鉴权标识对应的剩余有效时长还有剩余时间,则企业鉴权服务器判断该token有效,若注册鉴权标识对应的剩余有效时长已无剩余时间,则企业鉴权服务器判断该token失效。
步骤307、企业鉴权服务器向网络鉴权服务器发送鉴权标识无效通知。
具体地,本实施例所示的企业鉴权服务器通过该TLS安全连接,向网络鉴权服务器发送该鉴权标识无效通知,该鉴权标识无效通知用于指示该注册鉴权标识(token)无效。网络鉴权服务器接收到该鉴权标识无效通知的情况下,则不再执行与主叫用户注册的相关流程。
步骤308、企业鉴权服务器向网络鉴权服务器发送鉴权成功指示。
本实施例所示的鉴权成功指示包括鉴权标识有效通知,该鉴权标识有效通知用于指示该注册鉴权标识(token)有效。
本实施例所示的鉴权成功指示还包括第三用户标识,具体地,企业鉴权服务器预先创建不同的用户标识和不同的鉴权标识的对应关系,在企业鉴权服务器确定该注册鉴权标识有效的情况下,企业鉴权服务器即可将该有效的注册鉴权标识对应的第三用户标识发送至网络鉴权服务器。
可选地,本实施例所示的企业鉴权服务器可通过HTTPS协议发送所述鉴权成功指示。
本实施例所示的鉴权成功指示可为如下所示:
HTTPS 200{“tokenTimeout”:“XXX”,“employeeName”:“zhangsan”,“employeeAyatarUri”:“http:123.123.123234.jpg”“employeeId”:“123234”,“calloutRight”:“true”}
其中,“tokenTimeout”:“XXX”用于指示注册鉴权标识的有效期,“employeeName”: “zhangsan”是指主叫用户的名称是zhangsan,“employeeAyatarUri”:“http:123.123.123234.jpg”可指,主叫用户的头像的下载地址,需明确的是,该鉴权成功指示包括主叫用户的头像的下载地址为例,在其他示例中,还可包括其他信息,具体不做限定,“calloutRight”:“true”是指,该主叫用户具有外呼的权限。
步骤309、网络鉴权服务器向应用服务器发送初始数据。
本实施例中,在网络鉴权服务器确定主叫用户通过鉴权的情况下,网络鉴权服务器即可将已获取到的初始数据向应用服务器发送。
本实施例所述的初始数据包括所述主叫用户的身份信息以及所述主叫用户所属的企业的信息。其中,所述主叫用户的身份信息来自所述企业鉴权服务器。
以下对网络鉴权服务器获取主叫用户所属的企业的信息的可选方式进行说明:
方式1:
因在实施例一所示的企业开户的阶段,经由步骤202所示,网络鉴权服务器已接收到来自运营商管理设备的企业开户数据,则本实施例中,网络鉴权服务器即可确定与该企业鉴权服务器对应的企业开户数据,以确定企业开户数据中的部分或全部信息为主叫用户所属的企业的信息。
方式2:
本方式所示的网络鉴权服务器从企业鉴权服务器接收主叫用户所属的企业的信息。
本实施例所示的企业鉴权服务器可在实施例一所示的企业开户阶段,获取该主叫用户所属的企业的信息,企业鉴权服务器也可预先存储该主叫用户所属的企业的信息,并在企业鉴权服务器判断注册鉴权标识有效的情况下,向网络鉴权服务器发送该主叫用户所属的企业的信息。
本实施例所示的网络鉴权服务器确定主叫用户通过鉴权的方式有可选地两种:
方式1:
所述网络鉴权服务器确定通过鉴权的条件有两个,一个条件是根据已接收到鉴权标识有效通知。另一个条件是该网络鉴权服务器确定第一用户标识和第三用户标识相同。
本实施例所示的所述初始数据用于应用服务器触发主叫用户对被叫用户的呼叫,其中,该主叫用户的用户数据包括但不限于:呼叫权限、对外号码、主叫用户的名称等(相关的消息遵循3GPP标准协议29.562)。
方式2:
所述网络鉴权服务器向企业鉴权服务器发送的鉴权请求同时包括所述第一用户标识,所述企业鉴权服务器在判断所述注册鉴权标识有效且所述第一用户标识和所述第三用户标识相同,则向网络鉴权服务器发送注册鉴权成功指示。
以下对网络鉴权服务器向应用服务器发送初始数据的具体过程进行说明:
首先,网络鉴权服务器判断主叫用户通过鉴权时,缓存主叫用户的身份信息,并向S-CSCF返回鉴权成功响应,该鉴权成功响应包括该token的有效期。
本实施例所示的鉴权标识有效通知可为HTTPS 200消息,对具体消息类型的说明为可选地示例,不做限定。
例如,该HTTPS 200可为:HTTPS 200{“tokenTimeOut”:“XXX”},其中,“tokenTimeout”:“XXX”用于指示注册鉴权标识的有效期。
其次,S-CSCF与网络鉴权服务器交互完成主叫用户注册至运营商网络,S-CSCF从网络鉴权服务器下载iFC信息(相关的消息遵循3GPP标准协议29.562)。
再次,S-CSCF通过P-CSCF向主叫设备返回注册成功响应,所述注册成功响应用于指示所述主叫用户已成功注册至运营商网络。
再次,S-CSCF根据iFC信息向应用服务器发送第三方注册请求。
再次,应用服务器根据第三方注册请求从网络鉴权服务器下载所述初始数据。
步骤310、应用服务器获取初始呼叫名片。
本实施例所示的初始呼叫名片为初始数据按照呼叫名片的排版方式进行排版所形成的名片信息。
所述呼叫名片的排版方式、所述主叫用户的身份信息以及所述主叫用户所属的企业的信息的具体说明,请详见实施例一所示,具体在本实施例中不做赘述。
以下对本实施例所示的应用服务器获取该初始呼叫名片的几种可选地方式进行示例性说明:
方式1:
应用服务器接收来自网络鉴权服务器的所述主叫用户身份信息、主叫用户所属的企业的信息以及呼叫名片的排版方式,并将主叫用户身份信息、主叫用户所属的企业的信息以及呼叫名片的排版方式转发给媒体面设备(如图1所示的网元122)。
所述媒体面设备即可对主叫用户身份信息和主叫用户所属的企业的信息按照呼叫名片的排版方式进行排版以获取初始呼叫名片。
本实施例所示的主叫用户的身份信息可为如下所示的一项或多项:
主叫用户的姓名、主叫用户的头像、主叫用户的工号、主叫用户的呼叫权限、主叫用户对应的对外号码、主叫用户的呼叫意图等。其中,该对外号码为主叫用户的E.164号码。
该呼叫意图用于指示主叫用户呼叫被叫用户的意图的概述,具体在本实施例所示的方法应用至不同的场景下,该呼叫意图有所不同,具体在本实施例中不做限定。例如,若主叫用户所属的企业为房产公司,则该呼叫意图可为:“推荐A楼盘的待出售信息”。
若本实施例所述的主叫用户的身份信息不包括该主叫用户的呼叫权限,则网络鉴权服务器可确定该主叫用户对应的呼叫权限为企业默认的呼叫权限,对默认的呼叫权限的说明,请详见实施例一所示,具体在本实施例中不做赘述。
本实施例所示的主叫用户所属的企业的信息可为如下所示的一项或多项:
企业可信信息、企业签约的业务信息、呼叫名片的排版方式、或企业的iFC信息,对各信息的具体说明请参见实施例一的所示,具体不做赘述。
媒体面设备将已生成的初始呼叫名片发送至文件服务器进行存储,并将初始呼叫名片的存储地址发送给应用服务器。
可选地,在其他示例中,也可由应用服务器直接对主叫用户身份信息和主叫用户所属的企业的信息按照呼叫名片的排版方式进行排版以获取初始呼叫名片,所述应用服务器将 已生成的初始呼叫名片发送至文件服务器进行存储,并本地记录该初始呼叫名片的存储地址。
方式2:
本方式中,网络鉴权服务器获取所述主叫用户身份信息、主叫用户所属的企业的信息以及呼叫名片的排版方式,并按照呼叫名片的排版方式对主叫用户身份信息和主叫用户所属的企业的信息进行排版以生成初始呼叫名片。
本实施例所示的网络鉴权服务器获取呼叫名片的排版方式的具体过程,可参见上述所示的网络鉴权服务器获取所述主叫用户所属的企业的信息的过程,具体不做赘述。
网络鉴权服务器向应用服务器发送该初始呼叫名片方式可为,网络鉴权服务器将所述初始呼叫名片存储至文件服务器,网络鉴权服务器将初始呼叫名片的存储地址发送给应用服务器,所述应用服务器即可根据该地址从文件服务器下载该初始呼叫名片。
采用本实施例所示的方法,企业内部的主叫用户向企业外部的被叫用户呼叫时,先执行注册处理流程,基于该注册处理流程,将包括主叫用户的身份信息和/或主叫用户所属的企业的信息的初始数据,按照呼叫名片的排版方式进行排版以获取初始呼叫名片,以便于后续主叫用户呼叫被叫用户时,运营商网络能够直接将该初始呼叫名片发送至被叫用户,无需在呼叫的过程中生成呼叫名片,缩短了呼叫处理时延,提高了呼叫效率,而且基于本实施例所示的方法,能够创建信任安全联盟所示的企业鉴权主叫用户的过程。
而且本实施例所示的方法,主叫用户无需在运营商网络开户的情况下,即可使用运营商网络提供的呼叫被叫用户的业务,可见,本实施例所示的方法,主叫用户能够在免开户的情况下实现对被叫用户的呼叫,解决企业租用运营商网络存在的企业员工(即主叫用户)开户问题,从而避免了主叫用户在运营商网络开户所导致的主叫用户上线慢,主叫用户的个人隐私信息暴露的问题。
实施例三
本实施例说明基于图3所示的方法,在主叫用户已注册至运营商网络的情况下,主叫用户如何使用主叫设备实现对被叫用户的呼叫。具体参见图4所示,其中,图4为本申请所提供的通信系统执行呼叫的一种实施例步骤流程图。
步骤401、主叫设备向S-CSCF发送第一呼叫请求消息。
在主叫用户确定需要呼叫被叫用户时,所述主叫用户即可通过该主叫设备向S-CSCF发送第一呼叫请求消息,以触发主叫用户对被叫用户的呼叫。
所述第一呼叫请求消息可为SIP INVITE消息,该SIP INVITE消息包括所述主叫用户的第一用户标识和呼叫鉴权标识,对第一用户标识和呼叫鉴权标识的说明,请参见实施例二所示的对主叫用户的用户标识和注册鉴权标识的说明,具体不做赘述。
以下对主叫设备向S-CSCF发送第一呼叫请求消息的过程进行说明:
主叫设备向P-CSCF发送该SIP INVITE消息,P-CSCF按照SIP用户始发呼叫的标准流程(参见3GPP TS 24.229和3GPP TS 26.114)处理该SIP INVITE消息后转发给S-CSCF。
本实施例所示的SIP INVITE消息的格式示例可参见如下所示:
INVITE tel:+86139XXXXXXXXX
From:<sip:zhangsan%40xxx.com@2b.ims.<operator>.com>
To:<tel:+86139XXXXXXXXX>
Authorization:Bearer<Base64(<token>)>
其中,“+86139XXXXXXXXX”为被叫用户的号码,对SIP INVITE消息其他内容的说明,请参见实施例二所示,具体在实施例中不做赘述。
步骤402、S-CSCF判断呼叫鉴权标识满足第一预设条件时,执行步骤403,S-CSCF判断呼叫鉴权标识满足第二预设条件时,执行步骤404,S-CSCF判断呼叫鉴权标识满足第三预设条件时,执行步骤408。
若所述S-CSCF判断呼叫鉴权标识和目标鉴权标识相同,且所述目标鉴权标识已失效,确定该呼叫鉴权标识满足该第一预设条件。该目标鉴权标识为所述S-CSCF在实施例二所示的注册阶段所缓存的注册鉴权标识,或为主叫用户前一次呼叫中所使用的鉴权标识。
若所述S-CSCF判断呼叫鉴权标识和目标鉴权标识相同,且所述目标鉴权标识有效,确定该呼叫鉴权标识满足该第二预设条件。
若所述S-CSCF判断呼叫鉴权标识和目标鉴权标识不相同,则所述S-CSCF判断该呼叫鉴权标识为未在注册阶段存储至S-CSCF上的注册鉴权标识,或该呼叫鉴权标识未在主叫用户前一次呼叫中所使用的鉴权标识,所述S-CSCF确定该呼叫鉴权标识满足该第三预设条件。
步骤403、S-CSCF拒绝第一呼叫请求消息所请求的呼叫。
在所述S-CSCF拒绝第一呼叫请求消息所请求的呼叫的情况下,所述主叫用户无法基于该第一呼叫请求消息实现对被叫用户的呼叫。
步骤404、S-CSCF向应用服务器发送第一呼叫请求消息。
具体地,S-CSCF在注册阶段,已创建主叫用户的第一用户标识和iFC的对应关系,本实施例所示的第一用户标识为实施例二所示的主叫用户注册阶段所示的用户标识,对iFC的具体说明,请详见实施例二所示,具体不做赘述。
本实施例所示的S-CSCF根据iFC信息发送第一呼叫请求消息给应用服务器。
步骤405、应用服务器判断主叫用户具有外呼权限,则将修改后的第一呼叫请求消息转发给S-CSCF。
在主叫用户注册至运营商网络的情况下,应用服务器创建主叫用户的第一用户标识和呼叫权限的对应关系,可见,在应用服务器接收到主叫用户的第一用户标识的情况下,即可确定对应的呼叫权限,本实施例以与主叫用户的第一用户标识对应的呼叫权限包括外呼权限为例进行示例性说明。
以下对应用服务器修改第一呼叫请求消息的方式进行示例性说明:
应用服务器可将第一呼叫请求消息的From头域增加Display Name参数,Display Name参数的取值为企业的名称和主叫用户的名称,可选地,Display Name参数的取值还可追加主叫用户的工号等信息。
应用服务器还可将第一呼叫请求消息的From和(P-Asserted-Identity,PAI)头域中的主叫用户的用户标识变更为主叫用户的对外号码。
步骤406、S-CSCF将第一呼叫请求消息发送给被叫设备。
具体地,S-CSCF将第一呼叫请求消息转发至被叫设备所属的运营商网络,被叫设备所属的运营商网络再将该第一呼叫请求消息发送给被叫设备。
本实施例所示的第一呼叫请求消息包括最新呼叫名片的存储地址,所述最新呼叫名片可为实施例二所示的初始呼叫名片,或主叫用户前一次呼叫所生成的呼叫名片。
步骤407、被叫设备显示最新呼叫名片。
运营商网络向被叫设备发送最新呼叫名片。
例如,在被叫设备振铃的过程中,若被叫设备支持视频通话功能,则应用服务器控制媒体面设备向被叫设备发送彩像格式的最新呼叫名片。
又如,在被叫设备振铃的过程中,若被叫设备不支持视频通话功能,被叫设备显示最新呼叫名片,该最新呼叫名片为第一呼叫请求消息所携带的Display Name参数的内容。
可选地,运营商网络将最新呼叫名片的存储地址推送至被叫设备,被叫设备根据最新呼叫名片的存储地址下载该最新呼叫名片。
例如,在被叫设备振铃的过程中,若被叫设备支持视频通话功能,则所述被叫设备显示彩像格式的最新呼叫名片。
又如,在被叫设备振铃的过程中,若被叫设备不支持视频通话功能,被叫设备显示最新呼叫名片,该最新呼叫名片为第一呼叫请求消息所携带的Display Name参数的内容。
步骤408、S-CSCF向网络鉴权服务器发送第二呼叫请求消息。
本实施例中,若所述S-CSCF判断该呼叫鉴权标识满足该第三预设条件的情况下,S-CSCF判断第二呼叫请求消息使用Bearer的鉴权方式时,例如,第二呼叫请求消息包括Authorization:Bearer<Base64(<token>)>,所述S-CSCF向网络鉴权服务器发送包括第一用户标识和呼叫鉴权标识的第二呼叫请求消息,以请求网络鉴权服务器利用呼叫鉴权标识对主叫用户进行鉴权。
步骤409、网络鉴权服务器向企业鉴权服务器发送呼叫鉴权请求。
本实施例所示的网络鉴权服务器向企业鉴权服务器发送该呼叫鉴权请求的过程,请参见实施例二的步骤305所示的网络鉴权服务器向企业鉴权服务器发送的鉴权请求的过程,具体不做赘述。
本实施例所示的呼叫鉴权请求用于主叫用户实现对被叫用户的呼叫。
步骤410、企业鉴权服务器判断呼叫鉴权标识是否有效,若否,则执行步骤411,若是,则执行步骤412。
本实施例所示的步骤410的具体执行过程,请参见实施例二的步骤306所示的企业鉴权服务器判断注册鉴权标识是否有效的过程,具体不做赘述。
步骤411、企业鉴权服务器向网络鉴权服务器发送呼叫鉴权标识无效通知。
具体地,本实施例所示的企业鉴权服务器通过TLS安全连接,向网络鉴权服务器发送该呼叫鉴权标识无效通知,该呼叫鉴权标识无效通知用于指示该呼叫鉴权标识无效。网络鉴权服务器接收到该呼叫鉴权标识无效通知的情况下,则不再执行主叫用户呼叫被叫用户的相关流程。
步骤412、企业鉴权服务器向网络鉴权服务器发送呼叫鉴权成功指示。
本实施例所示的呼叫鉴权成功指示包括呼叫鉴权标识有效通知,该呼叫鉴权标识有效通知用于指示呼叫鉴权标识有效。
本实施例所示的企业鉴权服务器发送呼叫鉴权成功指示的过程,请参见步骤308所示的企业鉴权服务器向网络鉴权服务器发送呼叫鉴权成功指示的过程,具体在本实施例中不做赘述。
本实施例所示的呼叫鉴权成功指示还包括第二用户标识,在企业鉴权服务器确定该呼叫鉴权标识有效的情况下,企业鉴权服务器即可将该有效的呼叫鉴权标识对应的第二用户标识发送至网络鉴权服务器。
步骤413、网络鉴权服务器向应用服务器发送目标数据。
本实施例中,在网络鉴权服务器确定主叫用户通过鉴权的情况下,网络鉴权服务器即可将已获取到的目标数据向应用服务器发送。
本实施例所述的目标数据包括所述主叫用户的身份信息以及所述主叫用户所属的企业的信息。其中,所述主叫用户的身份信息来自所述企业鉴权服务器。本实施例所示对网络鉴权服务器获取主叫用户所属的企业的信息的过程,请详见实施例二的步骤309所示,具体不做赘述。
本实施例所示的网络鉴权服务器确定主叫用户通过鉴权的方式有可选地两种:
方式1:
所述网络鉴权服务器确定通过鉴权的条件有两个,一个条件是根据已接收到呼叫鉴权标识有效通知。另一个条件是该网络鉴权服务器确定第一用户标识和第二用户标识相同。
方式2:
所述网络鉴权服务器向企业鉴权服务器发送的鉴权请求同时包括所述第一用户标识,所述企业鉴权服务器在判断所述呼叫鉴权标识有效且所述第一用户标识和所述第二用户标识相同,则向网络鉴权服务器发送呼叫鉴权成功指示。
本实施例所示对网络鉴权服务器向应用服务器发送目标数据的具体过程,请参见实施例三的步骤309所示的网络鉴权服务器向应用服务器发送初始数据的过程,具体不做赘述。
步骤414、网络鉴权服务器向应用服务器发送变更通知信息。
本实施例所示的变更通知信息用于指示所述网络鉴权服务器已存储的目标数据出现变更。
步骤415、应用服务器获取目标呼叫名片。
本实施例中,在应用服务器根据变更通知信息确定主叫用户的目标数据出现变更的情况下,应用服务器即可获取变更后的主叫用户的目标数据(相关的消息遵循3GPP标准协议29.562)。
本实施例所示的目标呼叫名片为目标数据按照呼叫名片的排版方式进行排版所形成的名片信息,其中,目标数据包括所述主叫用户的身份信息以及所述主叫用户所属的企业的信息。
所述呼叫名片的排版方式以及目标数据的具体说明,请参见实施例二的步骤310所示, 具体在本实施例中不做赘述。
对本实施例所示的应用服务器获取该目标呼叫名片的几种可选地方式,请参见上述步骤310所示的获取初始呼叫名片的说明,具体不做赘述。
步骤416、S-CSCF向应用服务器发送第二呼叫请求消息。
步骤417、应用服务器判断主叫用户具有外呼权限,则将修改后的第二呼叫请求消息转发给S-CSCF。
步骤418、S-CSCF将第二呼叫请求消息发送给被叫设备。
本实施例所示的步骤416至步骤418的执行过程的说明,请详见步骤404至步骤406所示,具体不做赘述。
步骤419、被叫设备显示目标呼叫名片。
本实施例所示的被叫设备显示目标呼叫名片的过程,请参见步骤407所示的被叫设备显示最新呼叫名片的过程,具体不做赘述。
本实施例中,在运营商网络、企业、企业员工(主叫用户)之间建立信任安全联盟,可保证被叫设备振铃时,所显示的呼叫名片的信息是可信的,而且呼叫名片满足呼叫名片的排版方式,以保证呼叫名片所呈现的各项信息能够符合企业定制的需求,且呼叫名片的风格统一。
在呼叫处理的过程中,因主叫用户无需直接在运营商网络开户,则避免主叫用户的个人隐私信息在运营商处暴露,而且在对被叫用户进行呼叫的过程中,呼叫名片所显示的信息也可不涉及主叫用户的个人隐私信息,有效地保证了主叫用户的个人隐私信息的安全。
本实施例所示的被叫设备所显示的呼叫名片所包括的各个信息全部来自企业鉴权服务器和/或企业开户数据,而非主叫用户,如果呼叫名片存在造假的问题,则可以基于信任安全联盟形成的信任链进行溯源和追责。
实施例四
本实施例所示主叫用户在对被叫用户进行呼叫的过程中,主叫用户无需预先注册至运营商网络,以下结合图5所示对主叫用户无需预先注册至运营商网络的情况下,对主叫用户呼叫被叫用户的过程进行说明:
步骤501、主叫设备向S-CSCF发送第三呼叫请求消息。
在主叫用户确定需要呼叫被叫用户时,所述主叫用户即可通过该主叫设备向S-CSCF发送第三呼叫请求消息,以触发主叫用户对被叫用户的呼叫。
所述第三呼叫请求消息可为SIP INVITE消息,该SIP INVITE消息包括所述主叫用户的第一用户标识和呼叫鉴权标识,对第一用户标识和呼叫鉴权标识的说明,请参见实施例三所示的对主叫用户的第一用户标识和呼叫鉴权标识的说明,具体不做赘述。
步骤502、S-CSCF向应用服务器发送第三呼叫请求消息。
本实施例中,若S-CSCF确定该第三呼叫请求消息所包括的呼叫鉴权标识与主叫用户前一次呼叫中所使用的目标鉴权标识不相同,而且S-CSCF判断第三呼叫请求消息使用Bearer的鉴权方式时,所述S-CSCF向网络鉴权服务器发送包括第一用户标识和呼叫鉴权标识的第 三呼叫请求消息,以请求网络鉴权服务器利用呼叫鉴权标识对主叫用户进行鉴权。对Bearer的鉴权方式的具体说明,请详见实施例三所示,具体不做赘述。
步骤503、网络鉴权服务器向企业鉴权服务器发送呼叫鉴权请求。
本实施例所示的网络鉴权服务器向企业鉴权服务器发送该呼叫鉴权请求的过程,请参见实施例三的步骤409所示,具体不做赘述。
步骤504、企业鉴权服务器判断呼叫鉴权标识是否有效,若否,则执行步骤505,若是,则执行步骤506。
本实施例所示的步骤504的具体执行过程,请参见实施例三的步骤410所示,具体不做赘述。
步骤505、企业鉴权服务器向网络鉴权服务器发送呼叫鉴权标识无效通知。
步骤506、企业鉴权服务器向网络鉴权服务器发送呼叫鉴权成功指示。
步骤507、网络鉴权服务器向应用服务器发送目标数据。
本实施例所示的步骤505至步骤507的具体执行过程,请详见实施例三所示的步骤411至步骤413所示,具体执行过程不做赘述。
步骤508、应用服务器获取目标呼叫名片。
本实施例中,应用服务器从网络鉴权服务器获取目标数据。本实施例所示的目标呼叫名片为目标数据按照呼叫名片的排版方式进行排版所形成的名片信息,其中,目标数据包括所述主叫用户的身份信息以及所述主叫用户所属的企业的信息,对所述目标数据的具体说明,请参见实施例三所示,具体不做赘述。
步骤509、S-CSCF向应用服务器发送第三呼叫请求消息。
步骤510、应用服务器判断主叫用户具有外呼权限,则将修改后的第三呼叫请求消息转发给S-CSCF。
步骤511、S-CSCF将第三呼叫请求消息发送给被叫设备。
步骤512、被叫设备显示目标呼叫名片。
本实施例所示的步骤509至步骤512之间的执行过程的说明,请详见实施例三所示的步骤416至步骤419所示,具体执行过程不做赘述。
本实施例中,主叫用户在对被叫用户进行呼叫的过程中,主叫用户无需预先注册至运营商网络,避免在主叫用户呼叫被叫用户的过程中,需要预先进行注册的步骤,提高了主叫用户呼叫被叫用户的效率,同时减少了注册相关资源的消耗。
而且在运营商网络、企业、企业员工(主叫用户)之间建立信任安全联盟,可保证被叫设备振铃时,所显示的呼叫名片的信息是可信的,而且呼叫名片满足呼叫名片的排版方式,以保证呼叫名片所呈现的各项信息能够符合企业定制的需求,且呼叫名片的风格统一。
在呼叫处理的过程中,因主叫用户无需直接在运营商网络开户,则避免主叫用户的个人隐私信息在运营商处暴露,而且在对被叫用户进行呼叫的过程中,呼叫名片所显示的信息也可不涉及主叫用户的个人隐私信息,有效地保证了主叫用户的个人隐私信息的安全。
本实施例所示的被叫设备所显示的呼叫名片所包括的各个信息全部来自企业鉴权服务器和/或企业开户数据,而非主叫用户,如果呼叫名片存在造假的问题,则可以基于信任安 全联盟形成的信任链进行溯源和追责。
实施例五
在实施例二至实施例四中,运营商网络以IMS网络为例,本实施例中,对运营商网络的具体网络类型不做限定,例如,本实施例所示的运营商网络可适用于任意架构的电信网络,具体网络类型在本实施例中不做限定。
本实施例说明企业内部的主叫用户向企业外部的被叫用户呼叫时,先执行注册处理流程,基于该注册处理流程,将包括主叫用户的身份信息和/或主叫用户所属的企业的信息的初始数据,按照呼叫名片的排版方式进行排版以获取初始呼叫名片,以便于后续主叫用户呼叫被叫用户时,运营商网络能够直接将该初始呼叫名片发送至被叫用户,无需在呼叫的过程中获取该初始呼叫名片,节省了呼叫过程中运营商网络与企业鉴权服务器之间所交互的信息量,缩短了呼叫接续时延,提高了呼叫效率,而且基于本实施例所示的方法,能够创建信任安全联盟所示的企业鉴权主叫用户的过程,具体参见图6所示,其中,图6为本申请所提供的通信系统执行注册的过程的另一种实施例步骤流程图。
步骤601、主叫设备向企业鉴权服务器发送登录请求。
步骤602、主叫设备接收来自企业鉴权服务器的注册鉴权标识。
本实施例所示的步骤601至步骤602的执行过程的说明,请详见实施例二的步骤301至步骤302所示,具体不做赘述。
步骤603、主叫设备向运营商网络发送注册请求。
本实施例所示的注册请求的具体说明,请详见实施例二的步骤303所示,具体不做赘述。
步骤604、运营商网络向企业鉴权服务器发送鉴权请求。
本实施例所示的鉴权请求的具体说明,请详见实施例二的步骤305所示,具体不做赘述。
本实施例所示的运营商网络根据注册请求向企业鉴权服务器发送鉴权请求的具体过程的说明,请参见实施例二的步骤303至步骤305所示,本实施例对运营商网络执行的具体网元不做限定。
步骤605、企业鉴权服务器判断注册鉴权标识是否有效,若否,则执行步骤606,若是,则执行步骤607。
步骤606、企业鉴权服务器向运营商网络发送鉴权标识无效通知。
步骤607、企业鉴权服务器向运营商网络发送注册鉴权成功指示。
本实施例所示的步骤605至步骤607的执行过程的说明,请详见步骤306至步骤308所示,具体执行过程不做赘述。
步骤608、运营商网络获取初始呼叫名片。
本实施例所示的运营商网络获取初始呼叫名片的过程,请参见步骤309至步骤310所示,本实施例对运营商网络执行的具体网元不做限定。
实施例六
本实施例所示的运营商网络的具体类型的说明,请详见实施例五所示,具体在本实施 例中不做赘述,本实施例说明基于图6所示的方法,在主叫用户已注册至运营商网络的情况下,主叫用户如何使用主叫设备实现对被叫用户的呼叫。具体参见图7所示,其中,图7为本申请所提供的通信系统执行呼叫的另一种实施例步骤流程图。
步骤701、主叫设备向运营商网络发送第一呼叫请求消息。
对第一呼叫请求消息的具体说明,请详见实施例三所示的步骤401所示,具体不做赘述。
步骤702、运营商网络判断呼叫鉴权标识满足第一预设条件时,执行步骤703,运营商网络判断呼叫鉴权标识满足第二预设条件时,执行步骤704,运营商网络判断呼叫鉴权标识满足第三预设条件时,执行步骤706。
本实施例所示的运营商网络执行步骤702的具体过程的说明,请详见实施例三所示的步骤402所示,具体执行过程不做赘述。
步骤703、运营商网络拒绝第一呼叫请求消息所请求的呼叫。
本实施例所示的运营商网络拒绝第一呼叫请求消息所请求的呼叫的具体过程的说明,请详见实施例三的步骤403所示,本实施例对运营商网络执行的具体网元不做限定。
步骤704、运营商网络将第一呼叫请求消息发送给被叫设备。
本实施例所示的运营商网络执行步骤704的具体过程的说明,请详见实施例三所示的步骤404至步骤406所示,具体执行过程不做赘述,本实施例对运营商网络执行的具体网元不做限定。
步骤705、被叫设备显示最新呼叫名片。
本实施例所示的步骤704的执行过程的说明,请详见实施例三所示的步骤407所示,具体执行过程不做赘述。
步骤706、运营商网络向企业鉴权服务器发送呼叫鉴权请求。
本实施例所示的步骤706的执行过程的说明,请详见实施例三所示的步骤408至步骤409所示,具体执行过程不做赘述。
步骤707、企业鉴权服务器判断呼叫鉴权标识是否有效,若否,则执行步骤708,若是,则执行步骤709。
步骤708、企业鉴权服务器向运营商网络发送呼叫鉴权标识无效通知。
步骤709、企业鉴权服务器向运营商网络发送呼叫鉴权成功指示。
步骤710、运营商网络将第二呼叫请求消息发送给被叫设备。
本实施例所示的步骤707至步骤710的执行过程的说明,请详见步骤410至步骤418所示,具体不做赘述,本实施例对运营商网络执行的具体网元不做限定。
步骤711、被叫设备显示目标呼叫名片。
本实施例所示的步骤711的执行过程的说明,请详见步骤419所示,具体不做赘述。
实施例七
本实施例所示的运营商网络的具体类型的说明,请详见实施例五所示,具体在本实施例中不做赘述,本实施例所示主叫用户在对被叫用户进行呼叫的过程中,主叫用户无需预先注册至运营商网络,以下结合图8所示对主叫用户无需预先注册至运营商网络的情况下, 对主叫用户呼叫被叫用户的过程进行说明:
步骤801、主叫设备向运营商网络发送第三呼叫请求消息。
步骤802、运营商网络向企业鉴权服务器发送呼叫鉴权请求。
本实施例所示的步骤801至步骤802的执行过程的说明,请详见实施例四所示的步骤501至步骤503所示,具体不做赘述,本实施例对运营商网络执行的具体网元不做限定。
步骤803、企业鉴权服务器判断呼叫鉴权标识是否有效,若否,则执行步骤804,若是,则执行步骤805。
步骤804、企业鉴权服务器向运营商网络发送呼叫鉴权标识无效通知。
步骤805、企业鉴权服务器向运营商网络发送呼叫鉴权成功指示。
本实施例所示的步骤803至步骤805的执行过程的说明,请详见实施例四所示的步骤504至步骤506所示,具体不做赘述,本实施例对运营商网络执行的具体网元不做限定。
步骤806、运营商网络获取目标呼叫名片。
本实施例所示的步骤806的执行过程的说明,请详见实施例四所示的步骤507至步骤508所示,具体不做赘述,本实施例对运营商网络执行的具体网元不做限定。
步骤807、运营商网络将第三呼叫请求消息发送给被叫设备。
本实施例所示的步骤807的执行过程的说明,请详见实施例四所示的步骤509至步骤511所示,具体不做赘述,本实施例对运营商网络执行的具体网元不做限定。
步骤808、被叫设备显示目标呼叫名片。
本实施例所示的步骤808的执行过程的说明,请详见步骤512所示,具体不做赘述。
本实施例所示的实施例五至实施例七所示的有益效果的说明,请参见实施例二至实施例四所示,具体不做赘述。
实施例八
本实施例结合图9所示对执行上述呼叫处理方法的网络设备的结构进行说明:
网络设备900具体包括:处理单元901和收发单元902,其中,处理单元901与收发单元902连接。
若本实施例所示的网络设备900为网络鉴权服务器,则处理单元901用于执行实施例二至实施例四中,任一实施例中由网络鉴权服务器执行的处理功能,收发单元902用于执行实施例二至实施例四中,任一实施例中由网络鉴权服务器执行的收发功能。
若本实施例所示的网络设备900为企业鉴权服务器,则处理单元901用于执行实施例二至实施例八中,任一实施例中由企业鉴权服务器执行的处理功能,收发单元902用于执行实施例二至实施例八中,任一实施例中由企业鉴权服务器执行的收发功能。
若本实施例所示的网络设备900为S-CSCF,则处理单元901用于执行实施例二至实施例四中,任一实施例中由S-CSCF执行的处理功能,收发单元902用于执行实施例二至实施例四中,任一实施例中由S-CSCF执行的收发功能。
若本实施例所示的网络设备900为应用服务器,则处理单元901用于执行实施例二至实施例四中,任一实施例中由应用服务器执行的处理功能,收发单元902用于执行实施例二至 实施例四中,任一实施例中由应用服务器执行的收发功能。
若本实施例所示的网络设备900为主叫设备,则处理单元901用于执行实施例二至实施例八中,任一实施例中由主叫设备执行的处理功能,收发单元902用于执行实施例二至实施例八中,任一实施例中由主叫设备执行的收发功能。
若本实施例所示的网络设备900为运营商网络,则处理单元901用于执行实施例五至实施例七中,任一实施例中由运营商网络执行的处理功能,收发单元902用于执行实施例五至实施例七中,任一实施例中由运营商网络执行的收发功能。
实施例九
本实施例结合图10所示,从实体硬件角度,对执行上述呼叫处理方法的网络设备的结构进行说明:
网络设备1000具体包括:处理器1001、存储器1002、总线1003、收发器1004以及网络接口1006。
具体的,存储器1002可以包括以易失性和/或非易失性存储器形式的计算机存储媒体,如只读存储器和/或随机存取存储器。存储器1002可以存储操作系统、应用程序、其他程序模块、可执行代码和程序数据。
收发器1004可以用于向网络设备输入命令和信息,该收发器1004可以通过总线1003连接至处理器1001。收发器1004还可以用于网络设备输出信息,例如所选定的占位服务器和/或占位虚拟机。
网络设备可以通过网络接口1006连接到通信网络中,在联网环境下,网络设备中存储的计算机执行指令可以存储在远程存储设备中,而不限于在本地存储。
当网络设备中的处理器1001执行存储器1002中存储的可执行代码或应用程序时,网络设备可以执行以上方法实施例中的任一侧的方法操作,具体执行过程参见上述方法实施例,在此不再赘述。
以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。

Claims (22)

  1. 一种呼叫处理方法,其特征在于,所述方法包括:
    网络鉴权服务器接收来自主叫设备的呼叫请求消息,所述主叫设备为主叫用户所使用的设备,所述呼叫请求消息包括所述主叫用户的第一用户标识和呼叫鉴权标识;
    所述网络鉴权服务器向所述第一用户标识对应的企业鉴权服务器发送呼叫鉴权请求,所述呼叫鉴权请求包括所述呼叫鉴权标识;
    所述网络鉴权服务器接收来自所述企业鉴权服务器的呼叫鉴权成功指示,所述呼叫鉴权成功指示用于指示鉴权通过;
    所述网络鉴权服务器向被叫设备发送目标数据,所述被叫设备为被叫用户所使用的设备,所述目标数据包括所述主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息。
  2. 根据权利要求1所述的方法,其特征在于,所述呼叫鉴权成功指示包括第二用户标识,所述网络鉴权服务器向被叫设备发送目标数据包括:
    所述网络鉴权服务器确定所述第一用户标识和所述第二用户标识相同,向所述被叫设备发送所述目标数据。
  3. 根据权利要求1所述的方法,其特征在于,所述网络鉴权服务器向被叫设备发送目标数据包括:
    所述网络鉴权服务器向所述企业鉴权服务器获取所述目标数据,向所述被叫设备发送所述目标数据。
  4. 根据权利要求1所述的方法,其特征在于,所述网络鉴权服务器向被叫设备发送目标数据包括:
    所述网络鉴权服务器向所述被叫设备发送所述呼叫请求消息,所述呼叫请求消息包括所述目标数据。
  5. 根据权利要求1所述的方法,其特征在于,所述网络鉴权服务器向被叫设备发送目标数据包括:
    所述网络鉴权服务器通过媒体面设备向所述被叫设备发送所述目标数据。
  6. 根据权利要求1至5任一项所述的方法,其特征在于,所述网络鉴权服务器向被叫设备发送目标数据包括:
    所述网络鉴权服务器向所述企业鉴权服务器获取所述目标数据,对所述目标数据进行排版,向所述被叫设备发送排版后的所述目标数据。
  7. 根据权利要求1至5任一项所述的方法,其特征在于,所述网络鉴权服务器向被叫设备发送目标数据包括:
    所述网络鉴权服务器向所述企业鉴权服务器获取所述目标数据;
    所述网络鉴权服务器向媒体面设备发送通知信息,所述通知信息用于指示所述媒体面设备或应用服务器对所述目标数据进行排版,并向所述被叫设备发送排版后的所述目标数据。
  8. 根据权利要求1至7任一项所述的方法,其特征在于,所述网络鉴权服务器接收来自主叫设备的呼叫请求消息之前,所述方法还包括:
    所述网络鉴权服务器接收来自所述主叫设备的注册请求消息,所述注册请求消息包括所述第一用户标识和注册鉴权标识;
    所述网络鉴权服务器向所述第一用户标识对应的所述企业鉴权服务器发送鉴权请求,所述鉴权请求包括所述注册鉴权标识;
    所述网络鉴权服务器接收来自所述企业鉴权服务器的注册鉴权成功指示,所述注册鉴权成功指示用于指示鉴权通过;
    所述网络鉴权服务器获取初始数据,所述初始数据包括所述主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息。
  9. 根据权利要求8所述的方法,其特征在于,所述注册鉴权成功指示包括第三用户标识,所述方法还包括:
    所述网络鉴权服务器确定所述第一用户标识和所述第三用户标识相同,则确定鉴权通过。
  10. 根据权利要求8所述的方法,其特征在于,所述网络鉴权服务器向被叫设备发送目标数据包括:
    若所述网络鉴权服务器确定所述呼叫鉴权标识和所述注册鉴权标识相同,则所述网络鉴权服务器确定所述目标数据为所述初始数据。
  11. 根据权利要求8所述的方法,其特征在于,所述网络鉴权服务器向被叫设备发送目标数据包括:
    若所述网络鉴权服务器确定所述呼叫鉴权标识和所述注册鉴权标识不相同,则所述网络鉴权服务器接收来自所述企业鉴权服务器的所述目标数据,所述目标数据和所述初始数据互不相同。
  12. 根据权利要求1至11任一项所述的方法,其特征在于,所述方法还包括:
    所述网络鉴权服务器接收所述企业鉴权服务器的设备证书对应的第一电子认证服务CA证书;
    所述网络鉴权服务器使用所述第一CA证书创建所述网络鉴权服务器和所述企业鉴权服务器之间的安全传输层协议TLS安全连接,所述网络鉴权服务器通过所述TLS安全连接 与所述企业鉴权服务器进行数据交互。
  13. 一种呼叫处理方法,其特征在于,所述方法包括:
    企业鉴权服务器接收来自网络鉴权服务器的呼叫鉴权请求,所述呼叫鉴权请求包括呼叫鉴权标识;
    若所述企业鉴权服务器根据所述呼叫鉴权标识确定鉴权通过,则所述企业鉴权服务器向所述网络鉴权服务器发送呼叫鉴权成功指示和目标数据,所述呼叫鉴权成功指示用于指示鉴权通过,所述目标数据包括所述主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息。
  14. 根据权利要求13所述的方法,其特征在于,所述企业鉴权服务器接收来自网络鉴权服务器的呼叫鉴权请求之前,所述方法还包括:
    所述企业鉴权服务器接收来自所述网络鉴权服务器的鉴权请求,所述鉴权请求包括注册鉴权标识;
    若所述企业鉴权服务器根据所述注册鉴权标识确定鉴权通过,则所述企业鉴权服务器向所述网络鉴权服务器发送注册鉴权成功指示和初始数据,所述注册鉴权成功指示用于指示鉴权通过,所述初始数据包括所述主叫用户的身份信息,和/或,所述主叫用户所属的企业的信息。
  15. 根据权利要求14所述的方法,其特征在于,若所述呼叫鉴权标识和所述注册鉴权标识不相同,则所述企业鉴权服务器向所述网络鉴权服务器发送所述目标数据,所述目标数据和所述初始数据互不相同。
  16. 根据权利要求13至15任一项所述的方法,其特征在于,所述方法还包括:
    所述企业鉴权服务器接收所述网络鉴权服务器的设备证书对应的第二电子认证服务CA证书;
    所述企业鉴权服务器使用所述第二CA证书创建所述企业鉴权服务器和所述网络鉴权服务器之间的安全传输层协议TLS安全连接,所述企业鉴权服务器通过所述TLS安全连接与所述网络鉴权服务器进行数据交互。
  17. 根据权利要求13至16任一项所述的方法,其特征在于,所述企业鉴权服务器接收来自网络鉴权服务器的呼叫鉴权请求之后,所述方法还包括:
    若所述企业鉴权服务器根据所述呼叫鉴权标识确定鉴权未通过,则所述企业鉴权服务器向所述网络鉴权服务器发送鉴权无效通知信息,所述鉴权无效通知信息用于指示鉴权未通过。
  18. 根据权利要求13至17任一项所述的方法,其特征在于,所述企业鉴权服务器接 收来自网络鉴权服务器的呼叫鉴权请求之前,所述方法还包括:
    所述企业鉴权服务器接收来自所述主叫设备的第一用户标识,所述第一用户标识为所述主叫用户的标识;
    所述企业鉴权服务器向所述主叫设备发送与所述第一用户标识对应的所述呼叫鉴权标识。
  19. 根据权利要求13至17任一项所述的方法,其特征在于,所述企业鉴权服务器接收来自网络鉴权服务器的鉴权请求之前,所述方法还包括:
    所述企业鉴权服务器接收来自所述主叫设备的第一用户标识,所述第一用户标识为所述主叫用户的标识;
    所述企业鉴权服务器向所述主叫设备发送与所述第一用户标识对应的所述注册鉴权标识。
  20. 一种网络鉴权服务器,其特征在于,包括相互耦合的处理器和存储器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如权利要求1-12任一项所述的方法。
  21. 一种企业鉴权服务器,其特征在于,包括相互耦合的处理器和存储器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如权利要求13-19任一项所述的方法。
  22. 一种通信系统,其特征在于,包括网络鉴权服务器以及企业鉴权服务器,所述网络鉴权服务器如权利要求20所述,所述企业鉴权服务器如权利要求21所述。
PCT/CN2021/070520 2021-01-06 2021-01-06 一种呼叫处理方法、相关设备以及通信系统 WO2022147693A1 (zh)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN202180087694.5A CN116746185A (zh) 2021-01-06 2021-01-06 一种呼叫处理方法、相关设备以及通信系统
EP21916751.7A EP4247032A4 (en) 2021-01-06 2021-01-06 CALL PROCESSING METHOD, ASSOCIATED DEVICE AND COMMUNICATION SYSTEM
PCT/CN2021/070520 WO2022147693A1 (zh) 2021-01-06 2021-01-06 一种呼叫处理方法、相关设备以及通信系统
US18/347,092 US20230353569A1 (en) 2021-01-06 2023-07-05 Call processing method, related device, and communications system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/070520 WO2022147693A1 (zh) 2021-01-06 2021-01-06 一种呼叫处理方法、相关设备以及通信系统

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/347,092 Continuation US20230353569A1 (en) 2021-01-06 2023-07-05 Call processing method, related device, and communications system

Publications (1)

Publication Number Publication Date
WO2022147693A1 true WO2022147693A1 (zh) 2022-07-14

Family

ID=82357006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/070520 WO2022147693A1 (zh) 2021-01-06 2021-01-06 一种呼叫处理方法、相关设备以及通信系统

Country Status (4)

Country Link
US (1) US20230353569A1 (zh)
EP (1) EP4247032A4 (zh)
CN (1) CN116746185A (zh)
WO (1) WO2022147693A1 (zh)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106795A (zh) * 2006-07-12 2008-01-16 华为技术有限公司 一种ims域隐含注册的方法
US20150063552A1 (en) * 2011-07-24 2015-03-05 Emue Holdings Pty Ltd. Call authentification methods and systems
CN104717180A (zh) * 2013-12-13 2015-06-17 中国电信股份有限公司 Ims网络中抑制被叫业务触发的方法和系统
CN108235314A (zh) * 2016-12-09 2018-06-29 中国电信股份有限公司 身份认证方法、装置和系统
CN109246319A (zh) * 2018-10-26 2019-01-18 深圳市云昱科技有限公司 一种主叫名片业务实现方法、装置、设备及存储介质

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10986501B2 (en) * 2019-01-08 2021-04-20 T-Mobile Usa, Inc. Secure telephone identity (STI) certificate management system
US11133938B2 (en) * 2019-04-17 2021-09-28 Verizon Patent And Licensing Inc. Validating and securing caller identification to prevent identity spoofing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106795A (zh) * 2006-07-12 2008-01-16 华为技术有限公司 一种ims域隐含注册的方法
US20150063552A1 (en) * 2011-07-24 2015-03-05 Emue Holdings Pty Ltd. Call authentification methods and systems
CN104717180A (zh) * 2013-12-13 2015-06-17 中国电信股份有限公司 Ims网络中抑制被叫业务触发的方法和系统
CN108235314A (zh) * 2016-12-09 2018-06-29 中国电信股份有限公司 身份认证方法、装置和系统
CN109246319A (zh) * 2018-10-26 2019-01-18 深圳市云昱科技有限公司 一种主叫名片业务实现方法、装置、设备及存储介质

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
3GPP STANDARD PROTOCOL 29.562
3GPP TS 24.229
3GPP TS 26.114
See also references of EP4247032A4

Also Published As

Publication number Publication date
EP4247032A4 (en) 2024-01-17
US20230353569A1 (en) 2023-11-02
CN116746185A (zh) 2023-09-12
EP4247032A1 (en) 2023-09-20

Similar Documents

Publication Publication Date Title
US10819757B2 (en) System and method for real-time communication by using a client application communication protocol
US20220337632A1 (en) System and method for connecting a communication to a client
US9648006B2 (en) System and method for communicating with a client application
RU2418389C2 (ru) Способ и устройство доступа к подсистеме ip-мультимедиа
KR101333164B1 (ko) Sip 메세지에 대한 신뢰를 결정하는 시스템 및 방법
US11063990B2 (en) Originating caller verification via insertion of an attestation parameter
US9854508B2 (en) Downloadable ISIM
JP2006295673A (ja) 通話システム、代理ダイヤルサーバ装置及びそれらに用いる代理ダイヤル方法並びにそのプログラム
US9832252B2 (en) Systems, methods, and computer program products for third party authentication in communication services
US10057307B2 (en) Distributed programmable connection method to establish peer-to-peer multimedia interactions
WO2013044649A1 (zh) 电信网络向互联网提供会话服务的方法及系统
US20110173687A1 (en) Methods and Arrangements for an Internet Multimedia Subsystem (IMS)
JP5470402B2 (ja) 移動通信ネットワークにおけるチャット/VoIPサービスの提供方法並びにネットワークサーバ及び移動ユーザ装置
WO2013155939A1 (zh) 因特网与运营商网络业务共享方法、服务方及网页网关
JP4778282B2 (ja) 通信接続方法及びシステム並びにプログラム
US20130019012A1 (en) IMS Guest Registration for Non-IMS Users
JP5933838B2 (ja) Imsネットワークに少なくとも1つの公開アドレスを登録する方法およびアプリケーション
WO2023051679A1 (zh) 一种呼叫处理的方法、相关设备以及存储介质
WO2022147693A1 (zh) 一种呼叫处理方法、相关设备以及通信系统
US20150050914A1 (en) Method and apparatus for verifying a device during provisioning through caller id
JP4945591B2 (ja) 認証システム、認証方法、および仮パスワード発行装置
JP2012509005A (ja) 通信サービスを制御するための方法及び装置
KR100974998B1 (ko) 기등록된 아이디, 패스워드를 이용한 아이엠에스 네트워크인증 방법 및 장치
WO2024099887A1 (en) Call handling systems and methods
US10158681B2 (en) Method of, a system and device for initializing a communication session in a communications network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21916751

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021916751

Country of ref document: EP

Effective date: 20230615

WWE Wipo information: entry into national phase

Ref document number: 202180087694.5

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE