WO2022193110A1 - 一种呼叫处理方法、相关设备以及存储介质 - Google Patents
一种呼叫处理方法、相关设备以及存储介质 Download PDFInfo
- Publication number
- WO2022193110A1 WO2022193110A1 PCT/CN2021/080939 CN2021080939W WO2022193110A1 WO 2022193110 A1 WO2022193110 A1 WO 2022193110A1 CN 2021080939 W CN2021080939 W CN 2021080939W WO 2022193110 A1 WO2022193110 A1 WO 2022193110A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- called
- calling
- encrypted
- user
- temporary
- Prior art date
Links
- 238000003672 processing method Methods 0.000 title abstract description 20
- 238000000034 method Methods 0.000 claims abstract description 120
- 230000004044 response Effects 0.000 claims description 49
- 238000012545 processing Methods 0.000 claims description 31
- 238000004891 communication Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 16
- 230000008569 process Effects 0.000 description 54
- 230000006870 function Effects 0.000 description 44
- 238000013478 data encryption standard Methods 0.000 description 6
- 230000000977 initiatory effect Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/75—Temporary identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/57—Arrangements for indicating or recording the number of the calling subscriber at the called subscriber's set
- H04M1/571—Blocking transmission of caller identification to called party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/42025—Calling or Called party identification service
- H04M3/42034—Calling party identification service
- H04M3/42042—Notifying the called party of information on the calling party
Definitions
- the present application relates to the field of communication technologies, and in particular, to a call processing method, related equipment and storage medium.
- the calling user In the process of implementing the calling user to the called user, the calling user needs to send the calling user's calling number and the called user's called number to the audio and video communication network. However, in the process that the calling user calls the called user based on the audio and video communication network, the calling number and the called number are easily leaked, thereby causing leakage of user privacy information.
- Embodiments of the present invention provide a call processing method, a related device, and a storage medium, which are used to avoid leakage of the user's private information in the process of a calling user calling a called user.
- an embodiment of the present invention provides a method for processing a call.
- the method includes: a first device receives an encrypted called identifier, the encrypted called identifier is generated by encrypting the called identifier, and the called identifier is encrypted.
- the identifier is the identifier of the called user; the first device obtains the called temporary identifier corresponding to the encrypted called identifier, and the called temporary identifier is the identifier temporarily allocated for the called user;
- the second device sends the called temporary identification, and the second device is used to call the called device used by the called user according to the called temporary identification.
- the first device receives the encrypted and encrypted called ID, which avoids the possibility of the called ID being leaked. Moreover, in the process of the calling user calling the called user, each device does not need to decrypt the encrypted called party's identity, which avoids the need for each device to decrypt the encrypted called party's identity, which involves the private information of the called user. The risk of leakage of the called ID improves the security of the called ID during the call. In addition, during the calling process, each device does not need to decrypt the encrypted called ID, which improves the calling efficiency.
- the method before the first device obtains the called temporary identity corresponding to the encrypted called identity, the method further includes: the first device obtains the called temporary identity corresponding to the called identity. the called temporary identification; the first device establishes the corresponding relationship between the encrypted called identification and the called temporary identification.
- the called temporary identification does not involve the private information of the called user, for example, the temporary identification information is a series of random characters corresponding to the called user. It can be seen that, if the called temporary identification is leaked, because the called temporary identification does not involve the private information of the called user, the leakage of the private information of the called user can be effectively avoided.
- the first device When the first device establishes the correspondence between the encrypted called ID and the called temporary ID, in the process of the calling user calling the called user, after receiving the encrypted called ID, the first device does not need to
- the corresponding called temporary identification can be obtained by decrypting the encrypted called identification, and the called user can be called based on the called temporary identification.
- the method further includes: the first device receives the encrypted data from the calling device. After the called ID, the encrypted called ID is generated by encrypting the called ID with the first key, and the calling device is the device used by the calling user; the first device uses the first key to pair The encrypted called ID is decrypted to obtain the called ID.
- the method before the first device decrypts the encrypted called identifier by using the first key to obtain the called identifier, the method further includes: the first device The private key and the ephemeral public key from the calling device are calculated by elliptic curve cryptography ECC algorithm to obtain the first key.
- the first device can obtain the called ID by decrypting the encrypted called ID with the first key, so as to establish the corresponding relationship between the encrypted called ID and the called temporary ID, and improve the communication between the calling device and the first device. Security of the called ID transmitted by the device.
- the method before the first device sends the called temporary identifier to the second device, the method further includes: after the first device receives the first encrypted data from the calling device Caller ID, after the first encryption, the caller ID is encrypted by the first key to generate the caller ID, and the caller ID is the ID of the calling user; the first device uses the first key to pair The first encrypted caller ID is decrypted to obtain the caller ID; the first device establishes a corresponding relationship between the encrypted callee ID and the caller ID.
- the method further includes: the first device receives an identification query request from the called device, The identification query request includes the encrypted caller identification; the first device obtains the caller identification corresponding to the encrypted caller identification; the first device sends the caller identification to the called device.
- the first device when the first device establishes the corresponding relationship between the encrypted called ID and the calling ID, the first device can send the calling party to the called device according to the ID query request during the process of calling the called user. ID, the called device can display the calling ID during the ringing process.
- the method further includes: the first device uses a second key to identify the called called The called ID is encrypted to generate the encrypted called ID; the first device sends the encrypted called ID to the calling device.
- the method before the first device sends the called temporary identifier to the second device, the method further includes: after the first device receives the first encrypted data from the calling device Caller ID, after the first encryption, the caller ID is encrypted by the first key to generate the caller ID, and the caller ID is the ID of the calling user; the first device uses the first key to generate the caller ID.
- the encrypted caller ID is decrypted to obtain the caller ID; the first device encrypts the caller ID through the second key to generate a second encrypted caller ID; the first device sends the encrypted caller ID to the recipient.
- the calling device sends the second encrypted caller ID.
- the called device can obtain the calling identity without sending an identity query request to the first device separately, which improves the calling efficiency.
- the caller ID sent by the first device to the called device is encrypted, which improves the security of the caller ID.
- the method further includes: the first device receives a first temporary ID application from the called device, the first A temporary identification application includes the identifier of the user identification card of the called device; the first device allocates the called temporary identification to the called user according to the first temporary identification application; the first device establishes the called identification and The corresponding relationship of the called temporary identification; the first device sends the called temporary identification and the encrypted called identification to the called device.
- the called device can send a first temporary identification application including the identifier of the user identification card to the first device, and the first device according to the first temporary identification application is The called device allocates the called temporary identification, and the called temporary identification does not involve the private information of the called user, thereby ensuring the security of the private information of the called user.
- the method further includes: the first device receives a second temporary identifier application from the called device, and the first device receives a second temporary identifier application from the called device.
- the second temporary identification application includes the called identification; the first device allocates the called temporary identification to the called user according to the second temporary identification application; the first device establishes the correspondence between the called identification and the called temporary identification relationship; the first device sends the called temporary identification to the called device.
- the called device sends a second temporary identification application including the user's identification to the first device, and the first device can apply for the second temporary identification according to the second temporary identification from the called device. , assigns a called temporary identification to the called device, and the called temporary identification does not involve the private information of the called user, thereby ensuring the security of the private information of the called user.
- the method further includes: the first device receives a registration request from the called device, The registration request includes the called temporary identification; the first device sends a random number to the called device; the first device encrypts the random number with a third key to generate a first parameter; the first device receives a random number from The second parameter of the called device, the second parameter is a parameter generated by the called device by encrypting the random number with the third key; if the first device determines the first parameter and the second parameter If they are equal, the first device sends a registration response message to the called device, where the registration response message is used to indicate that the called device is successfully registered.
- the called user does not need to send a registration request containing the privacy information of the called user to the first device.
- the registration request shown in this aspect includes the registration request that does not involve the privacy information of the called user.
- the called temporary identifier is used to effectively ensure the security of the called user's private information during the process of the called user's registration to the first device.
- an embodiment of the present invention provides a call processing method.
- the method includes: a calling device obtains a called identity corresponding to a called user to be called; the calling device encrypts the called identity to obtain The encrypted called identifier; the calling device sends a call request message to the second device, and the call request message includes the encrypted called identifier.
- the calling device encrypting the called identifier to obtain the encrypted called identifier includes: the calling device encrypts the called identifier by using a first key to obtain the encrypted callee ID.
- the method before the calling device sends the call request message to the second device, the method further includes: the calling device encrypts the caller ID by using the first key to obtain The encrypted caller ID, the caller ID is an ID of the calling user, wherein the call request message includes the encrypted caller ID.
- the method further includes: the calling device calculates the temporary private key and the public key from the first device by using an elliptic curve cryptography ECC algorithm to obtain the first key.
- an embodiment of the present invention provides a call processing method, the method includes: the second device receives a called temporary identifier from the first device, where the called temporary identifier is an identifier temporarily allocated to the called user ; the second device sends a call request message to the called device, where the call request message includes the called temporary identification, and the called device is the device used by the called user.
- the second device implements the call to the called user according to the called temporary identification.
- the called temporary identification does not involve the private information of the called user, effectively avoiding the called user. Disclosure of user's private information.
- the second device directly calls the called user according to the called temporary identification without decryption, which improves the efficiency of calling the called user. Because the second device does not obtain the called identity related to the called user's private information, the leakage of the called user's private information at the second device is effectively avoided, and the security of the called user's private information is improved.
- the method before the second device receives the called temporary identifier from the first device, the method further includes: the second device receives a call request message from the calling device, the The call request message includes the encrypted called ID, the encrypted called ID is generated by encrypting the called ID, and the called ID is the ID of the called user; the second device sends a query request to the first device , the query request includes the encrypted called ID, and the query request is used to request to obtain the called temporary ID corresponding to the encrypted called ID.
- the sending of the call request message by the second device to the called device includes: the second device, according to the registered address of the called device corresponding to the called temporary identification, sends the call request message to the called device.
- the called device sends the call request message.
- an embodiment of the present invention provides a first device, including a memory and a transceiver respectively coupled to a processor, the memory stores computer program codes, and the processor calls and executes the computer program codes in the memory , so that the processor executes the steps related to processing according to any one of the first aspect above, and the transceiver is configured to execute the steps related to sending and receiving according to any one of the first aspect above.
- an embodiment of the present invention provides a calling device, including a memory and a transceiver respectively coupled to a processor, the memory stores computer program codes, and the processor calls and executes the computer program codes in the memory , so that the processor executes the steps related to processing according to any one of the above-mentioned second aspect, and the transceiver is configured to execute any one of the above-mentioned steps related to receiving and sending in the second aspect.
- an embodiment of the present invention provides a second device, comprising a memory and a transceiver respectively coupled to a processor, the memory stores computer program codes, and the processor calls and executes the computer program codes in the memory , so that the processor executes the steps related to processing according to any one of the above third aspects, and the transceiver is configured to execute the steps related to receiving and sending according to any one of the above third aspects.
- an embodiment of the present invention provides a communication system, including a calling device, a first device, a second device, and a called device, where the calling device is configured to call the first device and the second device via the first device and the second device.
- the called device, the calling device is shown in the fifth aspect, the first device is shown in the fourth aspect, and the second device is shown in the sixth aspect.
- an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, any one of the first to third aspects can be accomplished the method.
- FIG. 1 is an exemplary structural diagram of an embodiment of a communication system provided by the application
- FIG. 2 is a flow chart of steps of the first embodiment of the call processing method provided by the present application.
- FIG. 3 is a flowchart of steps of the second embodiment of the call processing method provided by the present application.
- FIG. 5 is a flowchart of steps of a fourth embodiment of the call processing method provided by the present application.
- FIG. 6 is an exemplary structural diagram of an embodiment of the network device provided by the application.
- FIG. 7 is a structural example diagram of another embodiment of the network device provided by the present application.
- the application provides a call processing method.
- the following first describes the structure of the communication system to which the method shown in the application is applied with reference to FIG. 1 : Yes, this application does not limit the specific network architecture of the communication system, as long as the calling user can implement a call to the called user based on the communication system, and during the calling process, the calling user's privacy information and information can be effectively guaranteed. The security of the private information of the called user is sufficient.
- the communication system 100 shown in this embodiment includes a calling device used by the calling user.
- the calling device shown in this embodiment may be any device that can call the called user, such as an intelligent terminal and a computer.
- the calling device 110 shown in this embodiment can call the called device 120 used by the called user based on the communication system 100.
- the called device 120 please refer to the description of the calling device 110, and details are not repeated.
- the calling device 110 and the called device 120 are both connected to a transport control function (transport control function, TCF) 130.
- the calling unified control function (UCF) 111 is respectively connected with the calling device 110, the TCF 130, the called UCF 121, the calling service enabler function (SEF) 112 and the calling service user profile function (service user profile function, SUPF) 113 connection.
- the called UCF 121 is respectively connected with the called device 120 , the TCF 130 , the calling UCF 111 , the called SEF 122 and the called SUPF 123 .
- the calling SEF 112 is connected to the calling UCF 111, the calling service and application function (service and application function, SAF) 114 and the calling SUPF 113, respectively.
- the called SEF122 is respectively connected with the called UCF121, the called SAF124 and the called SUPF123.
- the calling SUPF113 is also connected to the called SUPF123.
- the calling bootstrapping server function (BSF) 115 is respectively connected with the calling SUPF113, the calling UCF111 and the calling device 110, and the called BSF215 is connected with the called SUPF123, the called UCF121 and the called device 120 respectively.
- the calling SUPF 113 and the called SUPF 123 can interact through a hypertext transfer protocol over secure socket layer (HTTPS).
- HTTPS hypertext transfer protocol over secure socket layer
- between calling SEF112 and calling UCF111, between calling UCF111 and calling device 110, between calling UCF111 and called UCF121, between calling UCF111 and called UCF121, between called SEF122 and called UCF121, and Both the called UCF 121 and the called device 120 can interact through a session initiation protocol (session initiation protocol, SIP).
- SIP session initiation protocol
- the calling SEF112 and the calling SUPF113 and between the called SUPF123 and the called SEF can communicate through the N71 interface.
- Both the calling UCF111 and the calling SUPF113, and between the called SUPF123 and the called UCF121 can communicate through the N70 interface.
- the calling BSF 115 and the calling device 110 and the called BSF 215 and the called device 120 can interact through HTTPS.
- the functions performed by the calling UCF 111 may include: processing the process of the calling user registering to the communication system through the calling device 110 and the functions of performing identity verification and authorization on the calling user. Interacts with the calling SUPF 113 to store, update, delete and query the calling user's profile, which may be used for registration, authentication and authorization procedures.
- the signaling messages from the calling device 110 are processed, and corresponding signaling routes are determined according to different strategies.
- the corresponding service is triggered according to the user profile obtained from the calling SUPF 113 . Traffic optimization of the media plane is controlled through interaction with the TCF130.
- Interacts with the calling SEF 112 to ensure the provision of services and applications.
- For the description of the function of the called UCF121 please refer to the description of the function of the calling UCF111, and details are not repeated.
- the calling SEF112 will not only perform service-related support functions, but also perform functions such as registration, authentication, and authorization for calling users at the application layer, and be responsible for service and application management.
- functions of the called SEF122 please refer to the description of the calling SEF112, and details are not repeated.
- the calling SUPF 113 is used to provide the maintenance and management functions of the calling user profile, mainly including storing, updating, deleting and querying the related data of the calling user according to the requirements of the calling UCF 111 . For example, a corresponding relationship between a caller identification (ID) and a caller profile is established.
- the calling SUPF 113 can query the calling user configuration file according to the calling user ID, wherein the calling user configuration file can be provided by the operator or the calling user.
- the calling user sends a call request message to the calling UCF through the calling device, and the call request message includes the calling ID (such as the real number of the calling user) and the called ID (such as the real number of the called user).
- the calling UCF sends an addressing request to the calling SUPF, where the addressing request is used to request to obtain the address of the called UCF to which the called device belongs.
- the calling SUPF returns the address of the called UCF to the calling UCF.
- the calling UCF can send a call request message to the called UCF according to the address of the called UCF, and the called UCF forwards the call request message to the called device to implement a call to the called device.
- the call request message includes a caller ID related to the calling user's private information and a called ID related to the called user's private information, and the caller ID included in the call request message and the called ID are included in the call request message.
- Call IDs are sent in clear text.
- the caller ID and the called ID included in the call request message are easy to be maliciously snooped, thereby revealing the private information of the calling user and the called user.
- the existing solutions can also establish a secure connection between devices based on digital certificates, for example, establish a transport layer security (TLS) protocol between the devices.
- TLS transport layer security
- Secure connection ensures the transmission security of the call request message transmitted between the devices, the process of establishing the secure connection is relatively complicated, which greatly delays the efficiency of the calling user calling the called user.
- the call processing method provided by the present application can effectively avoid the leakage of the caller ID and the callee ID involving private information, and can also avoid the establishment of complex security between different devices. connection to improve the efficiency of the calling user calling the called user.
- the call processing method shown in this application involves two stages.
- Stage 1 is the process of assigning the calling temporary identification of the calling user and the called temporary identification of the called user.
- the calling user registers based on the calling temporary identification.
- the called user registers based on the called temporary ID. Wherein, the calling temporary identification does not involve the private information of the calling user, and the called temporary identification does not involve the private information of the called user.
- Stage 2 the calling user calls the called user through the calling temporary ID and the called temporary ID.
- Step 201 The terminal device sends a first temporary identification application to the SUPF.
- the terminal device shown in this embodiment may be the calling device or the called device shown in FIG. 1 , which is not specifically limited in this embodiment. That is, the calling user can obtain the calling temporary identity through the method shown in this embodiment, and the called user can obtain the called temporary identity through the method shown in this embodiment.
- the SUPF shown in this embodiment is the SUPF to which the terminal device belongs. For example, if the terminal device is the calling device, the SUPF is the calling SUPF, and if the terminal device is the called device, the SUPF is the called SUPF.
- the SUPF is used as an example for the device for allocating the temporary identifier to the terminal device. Or the device performs the SUPF function shown in this embodiment.
- the SUPF shown in this embodiment may also be called the first device, and the specific name is not limited.
- the terminal device in the initial stage does not store the identifier of the user who uses the terminal device as an example to illustrate:
- the terminal device shown in this embodiment has already installed the user identification card, and the terminal device with the user identification card installed does not store the identifier of the user who uses the terminal device in the initial stage.
- the subscriber identity card may be a subscriber identity module (subscriber identity module, SIM), a global subscriber identity card (universal subscriber identity module, USIM), or a virtual smart card (embedded-SIM, eSIM) etc., specifically in this embodiment is not limited.
- the terminal device may send the first temporary identification application including the identifier of the subscriber identity card to the SUPF.
- This embodiment does not limit the specific type of the identifier of the user identification card, as long as the identifier of the user identification card can uniquely identify the user. Specifically, if the terminal device is the called device, the identifier of the user identification card can uniquely identify the called user. If the terminal device is the calling device, the identifier of the subscriber identity card can uniquely identify the calling user.
- the identifier of the subscriber identity card may be an international mobile subscriber identity (IMSI), a temporary mobile subscriber identity (TMSI), or a subscription permanent identifier (SUPI) Wait.
- IMSI international mobile subscriber identity
- TMSI temporary mobile subscriber identity
- SUPI subscription permanent identifier
- Step 202 the SUPF sends a temporary identifier to the terminal device.
- the SUPF can apply for assigning a temporary identifier to the user according to the first temporary identifier.
- This embodiment does not limit the specific content of the temporary identification, as long as the temporary identification does not involve the user's private information, and the private information may be the user's name and/or the user's identification, etc., so that even if the temporary identification is leaked , and will not cause the disclosure of users' private information.
- the SUPF receives the first temporary identification application from the user "lisi", the first temporary identification application includes the identifier of the user identification card, and the SUPF determines that the user is "lisi". Specifically, in the process of opening an account by the operator, the SUPF can store the correspondence between the user, the user's identifier, and the identifier of the user identification card allocated to the user.
- the user identifier shown in this embodiment may be the user's real number or the user's email address.
- This embodiment takes the user's identifier as the user's email address as an example for illustrative description. Continuing with the above example, for the user "lisi” , the user's ID is "lisi@bj.cmcc.com".
- SUPF can randomly assign a series of characters to users.
- the temporary ID is "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjfidregls@bj.cmcc.com”.
- any private information of the user (such as the identification of the user or the identifier of the user identification card of the user) will not be leaked, and the security of the private information of the user is effectively guaranteed.
- SUPF also needs to establish a corresponding relationship between the user's identity and the temporary identity, and needs to ensure that SUPF allocates different temporary identities for different users, so as to ensure that the user and the allocated temporary identity have a unique corresponding relationship.
- SUPF can assign the temporary identifier "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjfidregls@bj.cmcc.com” to the user with the user identifier "lisi@bj.cmcc.com”.
- SUPF can also assign a temporary identity "f6T5ALJdUSIfzTH1ecIzft5BmaxujRLyPsQrsMBfidregzs@gd.ct.com” to a user with the user's identity "zhangsan@gd.ct.com”. It can be seen that the temporary identifiers assigned by SUPF to users “lisi” and “zhangsan” are different, and neither involves the private information of users “lisi” and "zhangsan”.
- Step 203 The terminal device sends a registration request to the UCF.
- the UCF shown in this embodiment is the UCF to which the terminal device belongs. Continuing to refer to FIG. 1 , if the terminal device is the called device, the UCF is the called UCF, and if the terminal device is the calling device, the UCF is the main UCF. It's called UCF.
- the terminal device can receive the call request message from the UCF to which it belongs, so as to realize the call connection.
- the functions performed by the UCF shown in this embodiment may also be performed by any other device or device, which is not specifically limited in this embodiment.
- the UCF shown in this embodiment may also be called the second device, and the specific name is not limited.
- the terminal device When the terminal device receives the temporary identifier from the SUPF, the terminal device sends the registration request to the UCF, where the registration request includes the temporary identifier and the registration address of the terminal device.
- the UCF establishes a registered address query list, and the registered address query list stores the corresponding relationship between the temporary identifier and the registered address, so as to be used in the process of subsequent calls.
- the UCF stores the registered address query list as shown in Table 2 below shown:
- the registration address used for calling and corresponding to the temporary identifier is an internet protocol (internet protocol, IP) address as an example.
- IP internet protocol
- the IP address 1 is the registered address of the user "lisi”. If the user needs to call “lisi", the UCF sends a call request message to the IP address 1.
- the IP address 2 is the registered address of the user "zhangsan”. If the user needs to call "zhangsan", the UCF sends a call request message to the IP address 2.
- the registered address is an IP address as an example for illustrative description, and in other examples, the registered address may also be a domain name address or any other type of address.
- Step 204 the UCF sends a registration request to the SUPF.
- Step 205 the SUPF sends a response message to the UCF.
- the SUPF When the SUPF receives the registration request, it can obtain the temporary identifier included in the registration request. SUPF obtains the user's ID corresponding to the temporary ID according to the corresponding relationship shown in Table 1.
- SUPF can query the corresponding user's identifier as "lisi@bj.cmcc.com” based on Table 1.
- SUPF generates a random number, and SUPF encrypts the random number with a third key to generate the first parameter.
- the third key shown in this embodiment is a symmetric-key algorithm (symmetric-key algorithm).
- This embodiment does not limit the specific algorithm of the symmetric key encryption, for example, the algorithm of the symmetric key encryption may be data encryption standard (data encryption standard, DES), triple data encryption standard (3DES), or international data encryption standard Algorithms (international data encryption algorithm, IDEA), etc.
- the SUPF shown in this embodiment sends a response message including the random number to the UCF.
- Step 206 the UCF sends a response message to the terminal device.
- the UCF sends a response message including the random number to the terminal device.
- Step 207 The terminal device sends a re-registration message to the UCF.
- the random number can be encrypted according to the third key stored in the terminal device to generate the second parameter.
- the third key stored in the terminal device shown in this embodiment is the same as the third key stored in the SUPF, and the SUPF and the terminal device perform corresponding encryption and decryption operations on the random number based on the same third key.
- the terminal device sends a re-registration message including the second parameter to the UCF.
- Step 208 the UCF sends a re-registration message to the SUPF.
- Step 209 SUPF judges whether the first parameter and the second parameter are equal, if yes, execute step 210, if not, execute step 212.
- the SUPF determines whether the first parameter and the second parameter are equal.
- step 210 is executed.
- step 212 is executed.
- Step 210 The SUPF sends a registration success response message to the UCF.
- the registration success response message may be sent to the UCF, and the registration success response message is used to indicate that the terminal device is successfully registered with the SUPF.
- step 201 it can be known that the terminal device has installed the user identification card, and the terminal device does not store the identification of the user who uses the terminal device in the initial state.
- the registration success response message sent by the SUPF includes the encrypted identity of the user, so as to ensure that the terminal device can obtain the identity of the user.
- the encryption method of the user's identifier by the SUPF is not limited in this embodiment.
- the SUPF encrypts the user's identifier by using the third key shown above.
- the terminal device decrypts the encrypted identification of the user through the third key, and the terminal device can obtain the identification of the user.
- Step 211 the UCF sends a registration success response message to the terminal device.
- Step 212 the SUPF sends a registration failure response message to the UCF.
- the registration failure response message can be sent to the UCF, and the registration failure response message is used to indicate that the terminal device fails to register.
- Step 213 The UCF sends a registration failure response message to the terminal device.
- the terminal device After the terminal device determines that the registration fails according to the registration failure response message, it can re-register with the SUPF.
- the process of re-registration please refer to the above steps, and the details will not be repeated.
- the terminal device when the terminal device has installed a subscriber identity card, the terminal device sends a first temporary identification application including the identifier of the subscriber identity card to SUPF, and SUPF can A temporary identification application, assigns a temporary identification to the terminal device, and the temporary identification does not involve any user's private information.
- the terminal device registers with the SUPF through the temporary identification to facilitate subsequent calls. It can be seen that in the process of registering a terminal device through a temporary identification, since there is no need to send the real identification of the user to SUPF, such as the real number, email address, etc. involving private information, the security of the user's private information in the registration stage is effectively guaranteed.
- the first embodiment describes the process of how to obtain a temporary identity and how to register to SUPF when the terminal device has installed a user identification card.
- the process of how to obtain a temporary ID and how to register with SUPF is described below in conjunction with Figure 3:
- Step 301 The terminal device sends a second temporary identification application to the SUPF.
- the terminal device shown in this embodiment Since the terminal device shown in this embodiment is not installed with a user identification card, the terminal device has stored the user's identification in the initial state. The terminal device can then send a second temporary identity application including the identity of the user to the SUPF.
- first temporary identification application shown in the first embodiment and the second temporary identification application shown in the second embodiment are the same.
- the messages included in the two temporary identification applications are different, the first temporary identification application includes the identifier of the user identification card, and the second temporary identification application includes the user identification.
- Step 302 the SUPF sends a temporary identifier to the terminal device.
- the SUPF shown in this embodiment can apply for obtaining the user's ID directly according to the second temporary ID, and then allocate a temporary ID according to the ID.
- a temporary ID For the description of the specific process, please refer to the step 202 in the first embodiment. The process of allocating the temporary identifier will not be described in detail in this embodiment.
- Step 303 The terminal device sends a registration request to the UCF.
- Step 304 the UCF sends a registration request to the SUPF.
- Step 305 the SUPF sends a response message to the UCF.
- Step 306 the UCF sends a response message to the terminal device.
- Step 307 The terminal device sends a re-registration message to the UCF.
- Step 308 the UCF sends a re-registration message to the SUPF.
- Step 309 SUPF judges whether the first parameter and the second parameter are equal, if yes, execute step 310, if not, execute step 312.
- step 303 to step 309 shown in this embodiment please refer to step 203 to step 209 shown in FIG. 2 for details, and the specific execution process will not be repeated.
- Step 310 The SUPF sends a registration success response message to the UCF.
- the terminal device since the terminal device does not have a user identification card installed, the terminal device has stored the user's identity in the initial state. It can be seen that the difference between this embodiment and the first embodiment is that the registration success response message shown in this embodiment does not need to carry User's ID. The registration success response message shown in this embodiment is only used to indicate to the terminal device that the terminal device has successfully registered with the SUPF.
- Step 311 The UCF sends a registration success response message to the terminal device.
- Step 312 the SUPF sends a registration failure response message to the UCF.
- Step 313 The UCF sends a registration failure response message to the terminal device.
- step 311 to step 313 shown in this embodiment please refer to step 211 to step 213 shown in FIG. 2 , and the specific execution process will not be repeated.
- the terminal device sends a second temporary identification application including the user's identification to SUPF, and SUPF can use the second temporary identification from the terminal device according to the second temporary identification.
- the terminal device registers with the SUPF through the temporary identification to facilitate subsequent calls. It can be seen that in the process of registering a terminal device through a temporary identification, since there is no need to send the user's real identification to SUPF, such as the real number, email address, etc. involving private information, the security of the user's private information in the registration stage is effectively guaranteed.
- the terminal device has obtained the temporary identity corresponding to the identity of the user. As shown in FIG. 4 , for the second stage shown above, that is, the calling user passes the calling temporary identity and the called The process of calling the called user by calling the temporary ID will be described.
- the calling user "zhangsan" located in Guangdong calls the called user "lisi” located in Beijing as an example for illustration.
- the calling SUPF to which the calling user belongs is the SUPF located in Guangdong
- the called SUPF to which the calling user belongs is the SUPF located in Beijing.
- Step 401 The calling device sends a key request message to the calling SUPF.
- the function performed by the calling SUPF shown in this embodiment may also be performed by any other device or device, which is not specifically limited in this embodiment.
- the calling device sends a key request message to the calling SUPF to which the calling device belongs.
- the key request message shown in this embodiment further includes routing information, where the routing information is used to indicate the IP address of the called SUPF to which the called user belongs.
- Step 402 The calling SUPF sends a key request message to the called SUPF.
- the function performed by the called SUPF shown in this embodiment may also be performed by any other device or device, which is not specifically limited in this embodiment.
- the called SUPF shown in this embodiment may also be called the first device, and the specific name is not limited.
- the calling SUPF sends the key request message to the called SUPF according to the routing information included in the key request message.
- Step 403 The called SUPF sends a key response message to the calling SUPF.
- the called SUPF obtains the called SUPF's own public key according to the key request message, and sends a key response message including the public key to the calling SUPF.
- the called SUPF generates a pair of public key and private key according to the elliptic curve cryptography (ECC) algorithm, the called SUPF retains the private key, and will send the public key to the calling device through a key response message .
- ECC elliptic curve cryptography
- Step 404 The calling SUPF sends a key response message to the calling device.
- Step 405 The calling device sends a first call request message to the calling UCF.
- the function performed by the calling UCF shown in this embodiment may also be performed by any other device or device, which is not specifically limited in this embodiment.
- the first call request message includes the first encrypted calling party identification and the first encrypted called party identification.
- the first encrypted calling ID is generated by encrypting the calling ID with a first key
- the first encrypted called ID is generated by encrypting the called ID with the first key.
- the calling device generates a pair of temporary public key and temporary private key according to the ECC algorithm.
- the pair of public and private keys generated by the called SUPF according to the ECC shown in this embodiment are A1 and A2
- the pair of temporary public and private keys generated by the calling device according to the ECC algorithm are B1 and B2.
- the calling device uses the temporary private key B2 and the public key A1 from the called SUPF to generate the first key.
- A1, A2, B1, and B2 shown in this embodiment satisfy the following conditions:
- the calling device can encrypt the calling ID to generate the first encrypted calling ID, and can also use the first key to perform encryption on the called ID. encryption to generate the first encrypted called party identification.
- the calling device generates the first encrypted calling identity "t5BmaxujRLyPsQrsMBf6T5ALJdUSIfzTH1ecIzffiderzs@gd.ct.com” after encrypting the calling identity "zhangsan@gd.ct.com” with the first key.
- the first encrypted called ID generated after the primary device encrypts the called ID "lisi@bj.cmcc.com” with the first key is "GNADCBiQKBgQCCSqGSIb3DQEBAQUAA4jfidedls@bj.cmcc.com".
- this embodiment does not limit the specific content of the called ID after the first encryption and the calling ID after the first encryption, as long as the calling ID after the first encryption and the called ID after the first encryption are leaked.
- the calling identity of the calling user and the called identity of the called user will not be disclosed, so as to ensure the security of the private information of the calling user and the private information of the called user.
- the first call request message shown in this embodiment also includes the calling temporary identity of the calling user.
- the calling temporary identity please refer to the description of the temporary identity shown in Embodiment 1 or Embodiment 2 for details. No further description is given in this embodiment.
- the first call request message shown in this embodiment further includes the temporary public key generated by the calling device.
- the description of the first key shown in this embodiment is an optional example, and the first key may also be a symmetric key encryption key, so as to ensure that the first key stored by the calling device is the same as that of the called SUPF.
- the stored first key is the same.
- the following is an example of taking the first call request message as a session initiation protocol (session initiation protocol, SIP) message, and the following is the packet header of the SIP message:
- SIP session initiation protocol
- line (1) the object to be sent by the first call request message
- the object to be sent by the first call request message is the first encrypted called ID of the called user
- SIP/2.0 indicates that the version specified in the first call request message is SIP version 2.0.
- Line (2) indicates routing information, which is the IP address of the called SUPF.
- Call-ID is the call identifier, which is a unique identifier that distinguishes a group of messages in a series of messages. user), no matter how many times the first call request message is forwarded by how many devices, all the interaction information includes the call identifier Call-ID.
- the Call-ID is generated by the calling device and is guaranteed to be globally unique in the communication system.
- TO includes the first encrypted called ID of the called user, namely:
- FID-reg includes the calling temporary identification of the calling user, namely:
- pub_key_UE includes the temporary public key generated by the calling device.
- the description of the format of the first call request message in this embodiment is an optional example, and is not limited, as long as the first call request message shown in this embodiment includes the first encrypted caller ID, the third Once encrypted, the called ID, the calling temporary ID and the temporary public key are sufficient.
- the first call request message is a message satisfying SIP as an example for illustrative description.
- the first call request message may also satisfy other protocols, which is not specifically limited in this embodiment.
- Step 406 The calling UCF sends an addressing request to the calling SUPF.
- the calling UCF In order to implement the calling user to the called user, the calling UCF needs to obtain the IP address of the called UCF to which the called user belongs.
- the addressing request shown in this embodiment is used to request to obtain the called UCF address.
- the address of the called UCF is taken as an example for the IP address of the called UCF.
- the address of the called UCF may also be a domain name address or any other type of address. There is no limitation in this embodiment.
- the addressing request includes the first encrypted calling ID, the first encrypted called ID and the temporary public key.
- Step 407 The calling SUPF sends an addressing request to the called SUPF.
- Step 408 The called SUPF sends an addressing response message to the calling SUPF.
- the first encrypted called identifier when the called SUPF receives the first encrypted called identifier included in the addressing request, the first encrypted called identifier can be decrypted by using the first key to obtain the called identifier.
- the called ID of the calling user when the called SUPF receives the first encrypted called identifier included in the addressing request, the first encrypted called identifier can be decrypted by using the first key to obtain the called identifier.
- the called ID of the calling user when the called SUPF receives the first encrypted called identifier included in the addressing request.
- the called SUPF queries the IP address of the called UCF corresponding to the called identity, and sends an addressing response message including the IP address of the called UCF to the calling SUPF.
- the called SUPF generates the first key according to the private key stored by itself and the temporary public key from the calling device.
- the process of generating the first key by SUPF shown in this embodiment please refer to the process of generating the first key by the calling device shown above, and details are not repeated, as long as the process generated by the calling device shown in this embodiment is
- the first key may be the same as the first key generated by the called SUPF.
- the called SUPF can decrypt the first encrypted called identity to obtain the called identity, and can also decrypt the first encrypted calling identity to obtain the calling identity.
- the called SUPF can establish a first query list as shown in Table 3. For details, see Table 3 below:
- step 405 for the specific description of the call identifier, please refer to step 405 for details, and details are not repeated in this embodiment.
- the called SUPF establishes a correspondence between the calling identity and the first encrypted calling identity.
- the called SUPF decrypts the first encrypted calling identity through the first key to obtain the calling identity, and the called SUPF can establish a correspondence between the calling identity and the calling identity.
- the called SUPF establishes a corresponding relationship between the calling ID and the first encrypted called ID.
- the called SUPF decrypts the first encrypted called identity through the first key to obtain the called identity, and the called SUPF can establish a corresponding relationship between the called identity and the calling identity.
- the called device used by the called user can obtain the called temporary ID allocated by the called SUPF.
- the called SUPF has established the called ID and the called temporary ID.
- the corresponding relationship is shown in Table 1. It can be seen that when the called device obtains the called ID, it can obtain the corresponding temporary ID by querying the corresponding relationship shown in Table 1.
- the called SUPF is The corresponding relationship between the calling ID and the called temporary ID can be established.
- the addressing response message shown in this embodiment includes the IP address of the called UCF, the called ID after the first encryption, and the calling ID after the first encryption.
- Step 409 The calling SUPF sends an addressing response message to the calling UCF.
- the calling UCF After the calling UCF receives the addressing response message, the calling UCF can obtain the IP address of the called UCF.
- the calling UCF can also send a service request to the calling SEF to trigger the SEF to execute the corresponding calling service
- the calling service that triggers the SEF to execute can be restricted services and supplementary service capabilities that the calling user calls. etc., which are not specifically limited in this embodiment.
- the calling SEF In the process of triggering the calling service, the calling SEF needs to obtain a configuration file for implementing the calling service. To this end, the calling SEF sends a service request message to the calling SUPF, where the service request message includes the calling party's temporary identity. The calling SUPF queries the calling party identity corresponding to the calling party temporary identity, as shown in Table 1 for details, and details are not repeated.
- the calling SUPF obtains the configuration file of the calling service corresponding to the calling ID, and sends a service response including the configuration file to the calling SEF, and the calling SEF can implement the calling service according to the configuration file.
- the calling SEF when the calling SEF obtains the configuration file of the calling service from the calling SUPF, the calling SEF sends the calling temporary identity to the calling SUPF. It can be seen that the calling SEF does not obtain the identity of the calling user, which avoids the The identity of the calling user may be leaked at the calling SEF, so that even if the calling SEF is in an unsafe state, the calling identity will not be leaked, thereby improving the security of the calling user's private information.
- steps 401 to 409 are executed during the process of calling the calling user to the called user. In other examples, before the calling user calls the called user, the execution shown in this embodiment may be performed in advance. Step 401 to Step 409.
- Step 410 The calling UCF sends a second call request message to the called UCF.
- the function performed by the called UCF shown in this embodiment may also be performed by any other device or device, which is not specifically limited in this embodiment.
- the called UCF shown in this embodiment may also be called the second device, and the specific name is not limited.
- the calling UCF sends a second call request message to the called UCF according to the IP address of the called UCF.
- the calling UCF constructs a second call request message according to the first call request message from the calling device, and the second call request message shown in this embodiment includes the first encrypted caller ID and the first encrypted called callee logo.
- first call request message and the second call request message shown in this embodiment are that both the first call request message and the second call request message include the first encrypted caller ID and the first encrypted callee logo.
- the second call request does not include the caller's temporary identity and the temporary public key included in the first call request message.
- Step 411 The called UCF sends a first query request to the called SUPF.
- the called UCF determines that the called identifier included in the received second call request message is an encrypted identifier
- the called UCF sends the first query request to the called SUPF, where the first query request is A query request includes the first encrypted called party identification.
- the first query request is used to request to obtain a called temporary identity corresponding to the first encrypted called identity.
- Step 412 The called SUPF sends a query response to the called UCF.
- step 408 the called SUPF has created the first query list as shown in Table 3. It can be seen that the first query list has created the corresponding relationship between the called temporary ID and the first encrypted called ID. For a specific description of the first query list, please refer to step 408 for details, and details are not repeated.
- the called temporary identity corresponding to the first encrypted called identity can be determined according to the first query list.
- the called SUPF sends a query response including the called temporary identity to the called UCF.
- Step 413 The called UCF sends a third call request message to the called device.
- step 203 shown in the first embodiment that in the stage of the called device registration, the called UCF has created a registration address query list as shown in Table 2. Please refer to the specific description of the registration address query list. As shown in step 203, details are not repeated in this embodiment.
- the called UCF when the called UCF receives the called temporary ID included in the query response, the called UCF can determine the registration address corresponding to the called temporary ID by querying the registration address query list shown in Table 2. , the called UCF can send a third call request message to the registered address.
- the called temporary ID of the called user "lisi” is "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjfidregls@bj.cmcc.com”
- the called UCF determines from Table 2 that the registered address corresponding to the called temporary ID is IP address 1, then the called UCF
- the third call request message can be sent to IP address 1.
- the third call request message shown in this embodiment includes the called temporary identity.
- the called device When the called device receives the third call request from the called UCF, it can realize the connection to the called device.
- the process of calling the user's identity is exemplified.
- This embodiment takes steps 414 to 415 shown below as an example to realize the display of the caller's identity by the called device. It should be clear that steps 414 to 415 shown in this embodiment are possible The steps to be performed are optional, and in other examples, the called device may not need to display the caller identification.
- Step 414 The called device sends an identity query request to the called SUPF.
- the third call request message sent by the called UCF to the called device further includes the first encrypted calling identity.
- the called device For the called device to display the calling user's calling identity, the called device sends an identity query request to the called SUPF, where the identity query request includes the first encrypted calling identity.
- Step 415 The called SUPF sends the calling ID to the called device.
- the called SUPF When the called SUPF obtains the first encrypted caller ID included in the first query request, it can query the first encrypted caller ID according to the first query list shown in Table 3. Corresponding caller ID.
- the called device sends the first encrypted calling identity to the called SUPF to request to obtain the calling identity as an example.
- the called device may also directly send to the called SUPF.
- the called temporary ID The query stored by the called SUPF is shown in Table 3. Both the called temporary ID and the calling ID correspond to the calling ID. It can be seen that the called SUPF can query the calling party corresponding to the called temporary ID through the called temporary ID. logo.
- the called device When the called device receives the caller ID, it can display the caller ID during the ringing process.
- a secure connection can be established between the called SUPF and the called device, and the called SUPF can send the calling ID to the called device based on the secure connection, thereby effectively improving the efficiency of the called SUPF to the called device.
- Security of the caller ID sent by the device can be established between the called SUPF and the called device, and the called SUPF can send the calling ID to the called device based on the secure connection, thereby effectively improving the efficiency of the called SUPF to the called device.
- the called SUPF sends the calling ID to the called device in plain text
- the calling ID and the called ID involving privacy information are sent in cipher text.
- the method shown in this embodiment does not require between the calling device and the calling SUPF, between the calling device and the calling UCF, between the calling UCF and the called UCF, between the called SUPF and the called UCF, Establishing a secure connection between the called UCF and the called device can effectively avoid the leakage of the calling ID and the called ID, thereby reducing the complexity of interaction between devices and improving call efficiency.
- the intermediate device is the calling SUPF
- the calling The UCF and the called UCF avoid the risk of leakage caused by the intermediate device decrypting the calling ID after the first encryption and the called ID after the first encryption, and improve the calling process, the calling ID and the called ID. security.
- the intermediate device does not need a decryption process, the call efficiency is improved.
- the calling and called identities obtained by the calling UCF and the called UCF shown in this embodiment are encrypted, which avoids the possibility of the calling and called identities being leaked at the calling UCF and the called UCF. It can be seen that even if the calling UCF and the called UCF are in an unsafe state, the calling ID and the called ID will not be leaked.
- the called device needs to display the calling ID
- the called device needs to send an ID query request to the called SUPF alone.
- the called SUPF can send an ID query request to realize the implementation.
- Step 501 The calling device requests a message from the calling SUPF key.
- Step 502 The calling SUPF sends a key request message to the called SUPF.
- Step 503 The called SUPF sends a key response message to the calling SUPF.
- Step 504 The calling SUPF sends a key response message to the calling device.
- Step 505 The calling device sends a first call request message to the calling UCF.
- Step 506 The calling UCF sends an addressing request to the calling SUPF.
- Step 507 The calling SUPF sends an addressing request to the called SUPF.
- step 501 to step 507 shown in this embodiment please refer to step 401 to step 407 in Embodiment 3 for details, and the specific execution process will not be repeated in this embodiment.
- Step 508 The called SUPF sends an addressing response message to the calling SUPF.
- the called SUPF when the called SUPF receives the first encrypted calling ID and the first encrypted called ID included in the addressing request, the first encrypted called ID is processed by the first key.
- Decryption to obtain the called ID of the called user and can also decrypt the first encrypted calling ID through the first key to obtain the calling ID of the calling user, and the called SUPF obtains the first key
- step 408 in Embodiment 3 for details, and details are not repeated in this embodiment.
- the called SUPF queries the IP address of the called UCF corresponding to the called identity, and sends an addressing response message including the IP address of the called UCF to the calling SUPF.
- the called SUPF can establish a second query list as shown in Table 4. For details, see Table 4 below:
- the called SUPF shown in this embodiment encrypts the called identity by using the second key to generate the second encrypted called identity, and the called SUPF also establishes the second encrypted called identity through the second query list shown in Table 4. The correspondence between the called ID and the calling ID.
- the second key is the same as the second key stored by the called device.
- This embodiment does not limit the process for the called SUPF to obtain the second key.
- the called SUPF can receive the second key from the called device.
- the second key shown in this embodiment may be a symmetric key encryption key.
- the symmetric key encryption key please refer to Embodiment 1, which will not be repeated in this embodiment.
- the called SUPF shown in this embodiment encrypts the calling identity by using the second key to generate the second encrypted calling identity, and the called SUPF also establishes the second encryption through the second query list shown in Table 4. The corresponding relationship between the called ID and the calling ID.
- the addressing response message shown in this embodiment includes the IP address of the called UCF, the called ID after the second encryption, and the calling ID after the second encryption.
- Step 509 The calling SUPF sends an addressing response message to the calling UCF.
- step 509 shown in this embodiment please refer to step 409 shown in Embodiment 3 for details, and details are not repeated in this embodiment.
- Step 510 The calling UCF sends a fourth call request message to the called UCF.
- the calling UCF sends a fourth call request message to the called UCF according to the IP address of the called UCF.
- the fourth call request message shown in this embodiment includes the second encrypted calling party identification and the second encrypted called party identification.
- Step 511 The called UCF sends a second query request to the called SUPF.
- the called UCF determines that the called identifier included in the received fourth call request message is an encrypted identifier
- the called UCF sends the second query request to the called SUPF, wherein the fourth call request message is an encrypted identifier.
- the second query request includes the second encrypted called party identifier.
- the second query request is used to request to obtain a called temporary identity corresponding to the second encrypted called identity.
- Step 512 The called SUPF sends a query response to the called UCF.
- step 508 it can be seen that the called SUPF has created the second query list as shown in Table 4. It can be known that the second query list has created the corresponding relationship between the called temporary ID and the second encrypted called ID, and the second query list has created a corresponding relationship between the called temporary ID and the second encrypted called ID. For a specific description of the second query list, please refer to step 508 for details, and details are not repeated.
- the called temporary ID corresponding to the second encrypted called ID can be determined according to the second query list.
- the called SUPF sends a query response including the second encrypted called identifier to the called UCF.
- Step 513 The called UCF sends a fifth call request message to the called device.
- step 203 shown in the first embodiment that in the stage of the called device registration, the called UCF has created a registration address query list as shown in Table 2. Please refer to the specific description of the registration address query list. As shown in step 203, details are not repeated in this embodiment.
- the called UCF when the called UCF receives the called temporary ID included in the query response, the called UCF can determine the registration address corresponding to the called temporary ID by querying the registration address query list shown in Table 2. , the called UCF can send the fifth call request message to the registered address.
- the third call request message shown in this embodiment includes the called temporary ID and the second encrypted calling ID.
- Step 514 The called device receives the fifth call request message.
- the connection to the called device can be realized.
- the called SUPF shown in this embodiment is the same as the second key stored by the called device. It can be known that when the called device receives the second encrypted calling ID, it can pass the encryption key. The second key decrypts the second encrypted caller ID to obtain the caller ID.
- the called device After the called device successfully obtains the decrypted caller ID, the called device can display the caller ID.
- the called device shown in this embodiment can obtain the calling party's identity according to the fifth call request message without sending an identity query request to the called SUPF separately, thereby improving call efficiency.
- the calling ID sent by the called SUPF to the called device shown in this embodiment is also encrypted, which improves the security of the calling ID and avoids the possibility of leakage of the calling ID sent by the called SUPF to the called device. .
- This embodiment describes the structure of the network device that executes the above call processing method with reference to FIG. 6 :
- the network device 600 specifically includes: a processing unit 601 and a transceiver unit 602 , wherein the processing unit 601 is connected to the transceiver unit 602 .
- the processing unit 601 is configured to perform the processing function performed by the UCF in either the first embodiment or the second embodiment.
- the transceiving unit 602 is configured to perform the transceiving function performed by the UCF in either the first embodiment or the second embodiment.
- the processing unit 601 is configured to execute the processing functions performed by the calling UCF in any of the third to fifth embodiments.
- the transceiving unit 602 is configured to perform the transceiving function performed by the calling UCF in any of Embodiments 3 to 5.
- the processing unit 601 is configured to execute the processing functions performed by the called UCF in any of the third to fifth embodiments.
- the transceiver unit 602 is configured to perform the transceiver function performed by the called UCF in any one of the third embodiment to the fifth embodiment.
- the processing unit 601 is configured to perform the processing function performed by the SUPF in either the first embodiment or the second embodiment.
- the transceiving unit 602 is configured to perform the transceiving function performed by the SUPF in either Embodiment 1 or Embodiment 2.
- the processing unit 601 is configured to execute the processing functions performed by the calling SUPF in any of the third to fifth embodiments.
- the transceiving unit 602 is configured to perform the transceiving function performed by the calling SUPF in any one of Embodiments 3 to 5.
- the processing unit 601 is configured to execute the processing function performed by the called SUPF in any of the third to fifth embodiments.
- the transceiver unit 602 is configured to perform the transceiver function performed by the called SUPF in any one of Embodiments 3 to 5.
- the processing unit 601 is configured to execute the processing function performed by the terminal device in any of the first embodiment or the second embodiment.
- the transceiver unit 602 is configured to perform the transceiver function performed by the terminal device in any of the first embodiment or the second embodiment.
- the processing unit 601 is configured to execute the processing functions performed by the calling device in any of the third to fifth embodiments.
- the transceiving unit 602 is configured to perform the transceiving function performed by the calling device in any of Embodiments 3 to 5.
- the processing unit 601 is configured to execute the processing function performed by the called device in any of the third to fifth embodiments.
- the transceiving unit 602 is configured to perform the transceiving function performed by the called device in any of Embodiments 3 to 5.
- the network device specifically includes: a processor 701 , a memory 702 , a bus 703 , a transceiver 704 and a network interface 706 .
- memory 702 may include computer storage media in the form of volatile and/or non-volatile memory, such as read-only memory and/or random access memory.
- Memory 702 may store operating systems, application programs, other program modules, executable code, and program data.
- the transceiver 704 can be used to input commands and information to the network device, and the transceiver 704 can be connected to the processor 701 through the bus 703 . Transceiver 704 may also be used to output information from network devices, such as selected placeholder servers and/or placeholder virtual machines.
- the network device may be connected to the communication network through the network interface 706.
- the computer-executed instructions stored in the network device may be stored in a remote storage device, rather than being limited to local storage.
- the network device executes the executable code or application program stored in the memory 702, the network device can perform the method operations of any one of the above method embodiments.
- the specific execution process refer to the above method embodiments, and here No longer.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
用户的标识 | 临时标识 |
lisi@bj.cmcc.com | CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjfidregls@bj.cmcc.com |
zhangsan@gd.ct.com | f6T5ALJdUSIfzTH1ecIzft5BmaxujRLyPsQrsMBfidregzs@gd.ct.com |
Claims (23)
- 一种呼叫处理的方法,其特征在于,所述方法包括:第一设备接收加密后被叫标识,所述加密后被叫标识为对被叫标识进行加密以生成,所述被叫标识为被叫用户的标识;所述第一设备获取与所述加密后被叫标识对应的被叫临时标识,所述被叫临时标识为临时为所述被叫用户所分配的标识;所述第一设备向第二设备发送所述被叫临时标识,所述第二设备用于根据所述被叫临时标识呼叫所述被叫用户所使用的被叫设备。
- 根据权利要求1所述的方法,其特征在于,所述第一设备获取与所述加密后被叫标识对应的被叫临时标识之前,所述方法还包括:所述第一设备获取与所述被叫标识对应的所述被叫临时标识;所述第一设备建立所述加密后被叫标识和所述被叫临时标识的对应关系。
- 根据权利要求2所述的方法,其特征在于,所述第一设备获取与所述被叫标识对应的所述被叫临时标识之前,所述方法还包括:所述第一设备接收来自主叫设备的所述加密后被叫标识,所述加密后被叫标识为所述被叫标识通过第一密钥进行加密以生成,所述主叫设备为主叫用户所使用的设备;所述第一设备通过所述第一密钥对所述加密后被叫标识进行解密以获取所述被叫标识。
- 根据权利要求3所述的方法,其特征在于,所述第一设备通过所述第一密钥对所述加密后被叫标识进行解密以获取所述被叫标识之前,所述方法还包括:所述第一设备通过椭圆曲线密码编码学ECC算法对私钥和来自所述主叫设备的临时公钥进行计算以获取所述第一密钥。
- 根据权利要求3或4所述的方法,其特征在于,所述第一设备向第二设备发送所述被叫临时标识之前,所述方法还包括:所述第一设备接收来自所述主叫设备的第一加密后主叫标识,所述第一加密后主叫标识为主叫标识通过所述第一密钥进行加密以生成,所述主叫标识为所述主叫用户的标识;所述第一设备通过所述第一密钥对所述第一加密后主叫标识进行解密以获取所述主叫标识;所述第一设备建立所述加密后被叫标识和所述主叫标识的对应关系。
- 根据权利要求5所述的方法,其特征在于,所述第一设备向第二设备发送所述被叫临时标识之后,所述方法还包括:所述第一设备接收来自所述被叫设备的标识查询请求,所述标识查询请求包括所述加密后主叫标识;所述第一设备获取与所述加密后主叫标识对应的所述主叫标识;所述第一设备向所述被叫设备发送所述主叫标识。
- 根据权利要求2所述的方法,其特征在于,所述第一设备获取与所述被叫标识对应的所述被叫临时标识之前,所述方法还包括:所述第一设备通过第二密钥对所述被叫标识进行加密以生成所述加密后被叫标识;所述第一设备向主叫设备发送所述加密后被叫标识。
- 根据权利要求7所述的方法,其特征在于,所述第一设备向第二设备发送所述被叫临时标识之前,所述方法还包括:所述第一设备接收来自所述主叫设备的第一加密后主叫标识,所述第一加密后主叫标识为主叫标识通过第一密钥进行加密以生成,所述主叫标识为主叫用户的标识;所述第一设备通过所述第一密钥对所述第一加密后主叫标识进行解密以获取所述主叫标识;所述第一设备通过所述第二密钥,对所述主叫标识进行加密以生成第二加密后主叫标识;所述第一设备向所述被叫设备发送所述第二加密后主叫标识。
- 根据权利要求1至8任一项所述的方法,其特征在于,所述第一设备接收加密后被叫标识之前,所述方法还包括:所述第一设备接收来自所述被叫设备的第一临时标识申请,所述第一临时标识申请包括所述被叫设备的用户识别卡的标识符;所述第一设备根据所述第一临时标识申请为所述被叫用户分配所述被叫临时标识;所述第一设备建立所述被叫标识和所述被叫临时标识的对应关系;所述第一设备向所述被叫设备发送所述被叫临时标识以及加密后的所述被叫标识。
- 根据权利要求1至8任一项所述的方法,其特征在于,所述第一设备接收加密后被叫标识之前,所述方法还包括:所述第一设备接收来自所述被叫设备的第二临时标识申请,所述第二临时标识申请包括所述被叫标识;所述第一设备根据所述第二临时标识申请为所述被叫用户分配所述被叫临时标识;所述第一设备建立所述被叫标识和所述被叫临时标识的对应关系;所述第一设备向所述被叫设备发送所述被叫临时标识。
- 根据权利要求1至10任一项所述的方法,其特征在于,所述第一设备向所述被叫设备发送所述被叫临时标识之后,所述方法还包括:所述第一设备接收来自所述被叫设备的注册请求,所述注册请求包括所述被叫临时标 识;所述第一设备向所述被叫设备发送随机数;所述第一设备通过第三密钥对所述随机数进行加密以生成第一参数;所述第一设备接收来自所述被叫设备的第二参数,所述第二参数为所述被叫设备通过所述第三密钥对所述随机数进行加密以生成的参数;若所述第一设备确定所述第一参数和所述第二参数相等,则所述第一设备向所述被叫设备发送注册响应消息,所述注册响应消息用于指示所述被叫设备注册成功。
- 一种呼叫处理的方法,其特征在于,所述方法包括:主叫设备获取待呼叫的被叫用户对应的被叫标识;所述主叫设备对所述被叫标识进行加密以获取加密后被叫标识;所述主叫设备向第二设备发送呼叫请求消息,所述呼叫请求消息包括所述加密后被叫标识。
- 根据权利要求12所述的方法,其特征在于,所述主叫设备对所述被叫标识进行加密以获取加密后被叫标识包括:所述主叫设备通过第一密钥对所述被叫标识进行加密以获取加密后被叫标识。
- 根据权利要求12所述的方法,其特征在于,所述主叫设备向第二设备发送呼叫请求消息之前,所述方法还包括:所述主叫设备通过第一密钥对主叫标识进行加密以获取加密后主叫标识,所述主叫标识为主叫用户的标识,其中,所述呼叫请求消息包括所述加密后主叫标识。
- 根据权利要求13或14所述的方法,其特征在于,所述方法还包括:所述主叫设备通过椭圆曲线密码编码学ECC算法对临时私钥和来自第一设备的公钥进行计算以获取所述第一密钥。
- 一种呼叫处理的方法,其特征在于,所述方法包括:第二设备接收来自第一设备的被叫临时标识,所述被叫临时标识为临时为被叫用户所分配的标识;所述第二设备向被叫设备发送呼叫请求消息,所述呼叫请求消息包括所述被叫临时标识,所述被叫设备为被叫用户所使用的设备。
- 根据权利要求16所述的方法,其特征在于,所述第二设备接收来自第一设备的被叫临时标识之前,所述方法还包括:所述第二设备接收来自主叫设备的呼叫请求消息,所述呼叫请求消息包括加密后被叫标识,所述加密后被叫标识为对被叫标识进行加密以生成,所述被叫标识为所述被叫用户 的标识;所述第二设备向所述第一设备发送查询请求,所述查询请求包括所述加密后被叫标识,所述查询请求用于请求获取与所述加密后被叫标识对应的所述被叫临时标识。
- 根据权利要求17所述的方法,其特征在于,所述第二设备向被叫设备发送呼叫请求消息包括:所述第二设备根据所述被叫临时标识对应的所述被叫设备的注册地址,向所述被叫设备发送所述呼叫请求消息。
- 一种第一设备,其特征在于,包括分别与处理器耦合的存储器和收发器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如权利要求1-11任一项与处理相关的步骤,所述收发器用于执行如权利要求1-11任一项与收发相关的步骤。
- 一种主叫设备,其特征在于,包括分别与处理器耦合的存储器和收发器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如权利要求12-15任一项与处理相关的步骤,所述收发器用于执行如权利要求12-15任一项与收发相关的步骤。
- 一种第二设备,其特征在于,包括分别与处理器耦合的存储器和收发器,所述存储器中存储了计算机程序代码,所述处理器调用并执行所述存储器中的计算机程序代码,使得所述处理器执行如权利要求16-18任一项与处理相关的步骤,所述收发器用于执行如权利要求16-18任一项与收发相关的步骤。
- 一种通信系统,其特征在于,包括主叫设备、第一设备、第二设备以及被叫设备,所述主叫设备用于经由所述第一设备以及所述第二设备呼叫所述被叫设备,所述主叫设备如权利要求20所述,所述第一设备如权利要求19所述,所述第二设备如权利要求21所述。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时能够完成权利要求1至18任意一项所述的方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202180095568.4A CN117015957A (zh) | 2021-03-16 | 2021-03-16 | 一种呼叫处理方法、相关设备以及存储介质 |
EP21930706.3A EP4297386A4 (en) | 2021-03-16 | 2021-03-16 | CALL PROCESSING METHOD, RELATED DEVICE AND STORAGE MEDIUM |
PCT/CN2021/080939 WO2022193110A1 (zh) | 2021-03-16 | 2021-03-16 | 一种呼叫处理方法、相关设备以及存储介质 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2021/080939 WO2022193110A1 (zh) | 2021-03-16 | 2021-03-16 | 一种呼叫处理方法、相关设备以及存储介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022193110A1 true WO2022193110A1 (zh) | 2022-09-22 |
Family
ID=83321616
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/080939 WO2022193110A1 (zh) | 2021-03-16 | 2021-03-16 | 一种呼叫处理方法、相关设备以及存储介质 |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP4297386A4 (zh) |
CN (1) | CN117015957A (zh) |
WO (1) | WO2022193110A1 (zh) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101606372A (zh) * | 2007-02-06 | 2009-12-16 | 诺基亚公司 | 支持无uicc呼叫 |
US9973625B1 (en) * | 2016-10-04 | 2018-05-15 | Amazon Technologies, Inc. | System to share and present temporary contact information |
CN109429328A (zh) * | 2017-08-21 | 2019-03-05 | 华为技术有限公司 | 通信方法、相关装置及系统 |
CN111314919A (zh) * | 2020-03-19 | 2020-06-19 | 西安电子科技大学 | 用于在认证服务端保护用户身份隐私的增强5g认证方法 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20110036301A (ko) * | 2009-10-01 | 2011-04-07 | 삼성전자주식회사 | 아이엠에스 시스템에서 임시 그루 생성 방법 및 장치 |
US10993282B2 (en) * | 2017-08-09 | 2021-04-27 | Lenovo (Singapore) Pte. Ltd. | Method and apparatus for short code dialing for restricted services for unauthenticated user equipment |
-
2021
- 2021-03-16 CN CN202180095568.4A patent/CN117015957A/zh active Pending
- 2021-03-16 EP EP21930706.3A patent/EP4297386A4/en active Pending
- 2021-03-16 WO PCT/CN2021/080939 patent/WO2022193110A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101606372A (zh) * | 2007-02-06 | 2009-12-16 | 诺基亚公司 | 支持无uicc呼叫 |
US9973625B1 (en) * | 2016-10-04 | 2018-05-15 | Amazon Technologies, Inc. | System to share and present temporary contact information |
CN109429328A (zh) * | 2017-08-21 | 2019-03-05 | 华为技术有限公司 | 通信方法、相关装置及系统 |
CN111314919A (zh) * | 2020-03-19 | 2020-06-19 | 西安电子科技大学 | 用于在认证服务端保护用户身份隐私的增强5g认证方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4297386A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP4297386A1 (en) | 2023-12-27 |
CN117015957A (zh) | 2023-11-07 |
EP4297386A4 (en) | 2024-04-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10091005B2 (en) | Push notification service | |
US10419895B2 (en) | Method and system for identity management across multiple planes | |
CN109981633B (zh) | 访问服务器的方法、设备及计算机可读存储介质 | |
US7574735B2 (en) | Method and network element for providing secure access to a packet data network | |
JP3263878B2 (ja) | 暗号通信システム | |
US8990569B2 (en) | Secure communication session setup | |
US8104082B2 (en) | Virtual security interface | |
CN101753302B (zh) | 一种保证sip通信安全的方法和系统 | |
EP1374533B1 (en) | Facilitating legal interception of ip connections | |
US11297115B2 (en) | Relaying media content via a relay server system without decryption | |
Festijo et al. | Software-defined security controller-based group management and end-to-end security management | |
US11134088B2 (en) | Secure next-hop communication | |
WO2022193110A1 (zh) | 一种呼叫处理方法、相关设备以及存储介质 | |
US20230199001A1 (en) | Secure streaming media based on updating hypercontent in a secure peer-to-peer data network | |
EP3188402A1 (en) | Method to establish a private and confidential connection | |
JP2008187686A (ja) | トンネル通信システム、制御装置およびトンネル通信装置 | |
CN115499825B (zh) | 基于二次鉴权的5g报文头增强方法、设备和存储介质 | |
WO2024012529A1 (zh) | 密钥管理方法、装置、设备及存储介质 | |
US20240097903A1 (en) | Ipcon mcdata session establishment method | |
RU2517405C2 (ru) | Способ обеспечения сопоставлений безопасности для зашифрованных пакетных данных | |
US10841283B2 (en) | Smart sender anonymization in identity enabled networks | |
CN116711387A (zh) | 利用边缘数据网络进行认证和授权的方法、设备和系统 | |
WO2022048802A1 (en) | Methods and nodes for deactivating server name indication, sni, encryption in a telecommunication network | |
CN115699681A (zh) | 由中间实体实现的用于管理两个通信设备之间的通信的方法 | |
WO2014094223A1 (zh) | 计费方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 202180095568.4 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2021930706 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2021930706 Country of ref document: EP Effective date: 20230919 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21930706 Country of ref document: EP Kind code of ref document: A1 |