CN111163465A - Method and device for connecting user terminal and local terminal and call center system - Google Patents
Method and device for connecting user terminal and local terminal and call center systemDownload PDFInfo
- Publication number
- CN111163465A CN111163465ACN201811317737.0ACN201811317737ACN111163465ACN 111163465 ACN111163465 ACN 111163465ACN 201811317737 ACN201811317737 ACN 201811317737ACN 111163465 ACN111163465 ACN 111163465A
- Authority
- CN
- China
- Prior art keywords
- sbc
- information
- user terminal
- determining
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription44
- 238000013507mappingMethods0.000claimsdescription18
- 230000011664signalingEffects0.000claimsdescription18
- 238000012795verificationMethods0.000claimsdescription11
- 230000006399behaviorEffects0.000abstractdescription2
- 230000008569processEffects0.000description16
- 230000003993interactionEffects0.000description14
- 238000012545processingMethods0.000description9
- 230000004044responseEffects0.000description9
- 238000010586diagramMethods0.000description8
- 229920006132styrene block copolymerPolymers0.000description5
- 230000005540biological transmissionEffects0.000description3
- 238000012986modificationMethods0.000description3
- 230000004048modificationEffects0.000description3
- 238000004148unit processMethods0.000description3
- 238000005516engineering processMethods0.000description2
- 230000000977initiatory effectEffects0.000description2
- 238000012546transferMethods0.000description2
- 238000013519translationMethods0.000description2
- 238000013459approachMethods0.000description1
- 230000009286beneficial effectEffects0.000description1
- 238000010276constructionMethods0.000description1
- 230000007812deficiencyEffects0.000description1
- 238000013461designMethods0.000description1
- 238000011161developmentMethods0.000description1
- 230000000694effectsEffects0.000description1
- 230000006872improvementEffects0.000description1
- 230000008520organizationEffects0.000description1
- 238000006467substitution reactionMethods0.000description1
- 239000013589supplementSubstances0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for connecting a user terminal and a local terminal, and a call center system.
Background
With the development of internet technology, for voice transmission, various internet access modes used by users are ideal in speed and reliability. Thus, businesses often wish to open call center services on the internet, such as phone registration, incoming subscriber calls, outgoing customer service personnel calls, and the like.
Fig. 1 is a schematic diagram of a call center architecture in the prior art. As shown in fig. 1, the user telephones IP Phone1 and IP Phone2 are connected to the local telephone IP Phone3 via a firewall, a session Border controller SBC (session Border controller), and an IP signaling eXchange IP PBX (Internet Protocol Private Branch eXchange), wherein the SBC has a network Address translation nat (network Address translation) function. In addition to being exposed on the internet, in addition to using firewalls, it is common for call centers to encrypt signaling and media during transmission to improve system security.
In the process of implementing the invention, the inventor finds that the prior art has at least the following problems:
1. the scalability is poor. Specifically, if a single SBC is used to provide services, system capacity is limited; if multiple SBCs are used to provide services, multiple domain names are required and client logic becomes complex.
2. The safety is not ideal enough. The firewall deals with traditional network attacks more, but cannot effectively prevent malicious attacks (such as malicious pirates, malicious incoming calls and the like) specific to the call center. In addition, encrypted signaling and media transmission are used, so that the information is guaranteed not to be tampered midway, and the call center cannot be guaranteed not to be attacked.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for connecting a user terminal and a local terminal, and a call center system, which can improve the expandability of the system, break through the capacity limitation of a single SBC, improve the security of the system, and prevent malicious attack behaviors for the call center.
To achieve the above object, according to one aspect of the present invention, there is provided a method of connecting a user terminal and a local terminal.
The method for connecting the user terminal and the local terminal comprises the following steps: after establishing a secure connection with a user terminal, receiving an information submission request sent by the user terminal; the information submitting request carries current characteristic information of the user terminal; determining a border control device SBC corresponding to the characteristic information in a plurality of local session border control devices SBC, and returning the address of the SBC and the interception port to the user terminal; determining routing information corresponding to the characteristic information; and receiving a session request sent by the user terminal through the SBC corresponding to the address and the interception port, determining a local terminal by using the SBC and the routing information, and establishing connection between the local terminal and the user terminal.
Optionally, the establishing a secure connection with the user terminal specifically includes: establishing a secure connection with a user terminal by using a local portal unit; the characteristic information includes: identity information and service scene descriptive information of the user; and, the method further comprises: and before determining the address and the interception port of the SBC corresponding to the characteristic information, performing authority verification according to the identity information of the user.
Optionally, the determining the routing information corresponding to the feature information specifically includes: determining routing information corresponding to the service scene descriptive information in the characteristic information; the determining, in at least one local session border control device SBC, an address and an interception port of the SBC corresponding to the feature information specifically includes: determining an SBC domain name corresponding to the service scene descriptive information in the characteristic information; and determining the address and the interception port of the SBC corresponding to the domain name of the SBC according to the mapping relation between the domain name and the address and the interception port which are pre-stored in the entrance unit.
Optionally, the session request carries a session identifier; the method further comprises: when the address of the SBC corresponding to the characteristic information and the interception port are returned to the user terminal, generating a token number according to the SBC domain name and the routing information and returning the token number to the user terminal, and storing the SBC domain name and the corresponding relation between the routing information and the token number locally; wherein the token number is a target number of the session request; the method further comprises: after receiving a session request sent by a user terminal, judging whether an SBC domain name and routing information which correspond to a target number of the session request and are not associated with any session identifier are stored locally: if yes, the SBC domain name and the routing information are associated with the session identifier in the session request, and a local terminal is determined according to the routing information.
Optionally, the determining a local terminal by using the SBC and the routing information specifically includes: determining an IP signaling switch IP PBX by using the SBC, and determining a local terminal through the IP PBX and the routing information; the method further comprises: when the local terminal is connected with the user terminal through the SBC, starting a new port of the SBC as a current interception port; updating the mapping relation between the domain name and the address stored in the entrance unit and the interception port, and sending an option message carrying the current interception port information to the user terminal connected to the SBC; establishing a new connection between the SBC and a user terminal connected to the SBC and closing the original connection; the routing information comprises routing point information and skill set information, and the user terminal and the local terminal are IP telephones.
To achieve the above object, according to another aspect of the present invention, there is provided an apparatus for connecting a user terminal and a local terminal.
The device for connecting the user terminal and the local terminal of the embodiment of the invention can comprise: the receiving module is used for receiving an information submission request sent by the user terminal after the secure connection is established with the user terminal; the information submitting request carries current characteristic information of the user terminal; . The SBC determining module is used for determining the address and the interception port of the SBC corresponding to the characteristic information in the local session border control equipment SBC and returning the address and the interception port to the user terminal; determining routing information corresponding to the characteristic information; and the connection module is used for receiving a session request sent by the user terminal through the SBC corresponding to the address and the interception port, determining a local terminal by using the SBC and the routing information, and establishing connection between the local terminal and the user terminal.
To achieve the above object, according to still another aspect of the present invention, a call center system is provided.
The call center system of the embodiment of the invention can comprise: at least one session border control device SBC, at least one IP signaling switch IP PBX, an entry unit and an authentication unit; wherein the inlet unit is configured to: after establishing a secure connection with a user telephone, receiving an information submission request sent by the user telephone, and sending current characteristic information of the user telephone carried in the information submission request to an authentication unit; the authentication unit is used for: determining that the SBC domain name corresponding to the characteristic information is sent to an entrance unit, and determining routing information corresponding to the characteristic information; after the authentication unit sends the SBC domain name to the entrance unit, the entrance unit determines an address and an interception port corresponding to the SBC domain name to return to a user telephone according to a mapping relation of the domain name, the address and the interception port which are stored in advance; the SBC corresponding to this address and listening port is used to: and receiving a session request sent by a user telephone, determining an IP PBX and a local telephone by using the routing information, and connecting the local telephone with the user telephone through the IP PBX.
Optionally, the feature information includes: identity information and service scene descriptive information of the user; and the authentication unit may be further operable to: after the characteristic information is received, authority verification is carried out according to the identity information of the user in the characteristic information; after the authority passes the verification, determining an SBC domain name and routing information corresponding to the service scene descriptive information in the feature information, generating a token number according to the SBC domain name and the routing information, sending the token number to an entrance unit, and storing the corresponding relation between the SBC domain name, the routing information and the token number; after receiving the token number, the entrance unit sends the token number to the user telephone; the token number is a target number of the session request.
Optionally, any session request carries a session identifier; either SBC may be further used for: after receiving any session request, sending the session identifier and the target number in the session request to an authentication unit; and the authentication unit may be further operable to: judging whether the SBC domain name and the routing information which correspond to the target number and are not associated with any session identifier are stored: if yes, the SBC domain name and the routing information are associated with the session identifier.
Optionally, any SBC may be further configured to: when the local telephone is connected with the user telephone through the SBC, starting a new port as a current interception port; updating the mapping relation between the domain name and the address stored in the entrance unit and the interception port, and sending an option message carrying the current interception port information to the subscriber telephone connected to the SBC; establishing a new connection with the subscriber's telephone connected to the SBC and closing the original connection; the routing information comprises routing point information and skill set information, the user telephone and the local telephone are IP telephones, and the system further comprises a firewall.
According to the technical scheme of the invention, one embodiment of the invention has the following advantages or beneficial effects:
firstly, the entrance unit is set as a unified entrance of the system, and the entrance unit directly interacts with the user terminal, so that the introduction of a plurality of SBCs for providing services becomes possible, and the expandability of the system is improved. Specifically, after the secure connection is established between the access unit and the user terminal, the current characteristic information of the user terminal may be received through an information submission request sent by the user terminal, and the system determines the address and the interception port of the SBC corresponding to the characteristic information, that is, the SBC providing the service for the user terminal.
Secondly, in the signaling interaction and media interaction process related by the invention, dynamically generated token numbers are used as calling target numbers, and the target numbers of two different calls are completely different, thereby reducing the possibility of being cracked. The real target number, the service scene information and the routing information are not transmitted in the public network, so that the leakage risk does not exist, and the system safety is improved.
Thirdly, in the technical scheme of the invention, a process of verifying the identity information of the user terminal and the calling target number is introduced to supplement the deficiency of the security of the original protocol. In the operation process of the SBC, the interception port can be dynamically changed, and the connected user terminal adjusts the signaling interaction port through an OPTION message (OPTION message), so that the possibility of port attack can be reduced, and the security performance of the system is further improved.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of a prior art call center architecture;
fig. 2 is a schematic diagram of the main steps of a method for connecting a user terminal and a local terminal according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a system architecture corresponding to a method for connecting a user terminal and a local terminal in an embodiment of the present invention;
FIG. 4 is a flow chart illustrating the processing of an information submission request by an entry unit in an embodiment of the present invention;
FIG. 5 is a flowchart illustrating the authentication unit processing feature information according to an embodiment of the present invention;
figure 6 is a flow diagram illustrating the processing of session requests by the SBC and the authentication unit in an embodiment of the present invention;
fig. 7 is a schematic diagram of a part of an apparatus for connecting a user terminal and a local terminal according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It should be noted that the embodiments of the present invention and the technical features of the embodiments may be combined with each other without conflict.
Fig. 2 is a schematic diagram of the main steps of a method for connecting a user terminal and a local terminal according to an embodiment of the present invention.
As shown in fig. 2, the method for connecting a user terminal and a local terminal according to the embodiment of the present invention may be specifically executed according to the following steps:
step S201: after the secure connection is established with the user terminal, an information submission request sent by the user terminal is received.
In the embodiment of the invention, the existing call center system can be improved, the inlet unit is introduced to be used as a uniform inlet to interact with the user terminal (such as an IP telephone in a software or hardware form for calling from a public network), and the authentication service is introduced to perform authentication according to the characteristic information of the user terminal and the preset rule. Fig. 3 is a schematic diagram of a system architecture corresponding to the method for connecting the user terminal and the local terminal in the embodiment of the present invention, as shown in fig. 3, the entry unit is used as a unique entry of the system to interact with the user terminal IP Phone and determine an SBC corresponding to the current feature information of the user terminal, and the authentication unit is used to authenticate the feature information and generate routing information corresponding to the feature information. Then, the SBC may determine the corresponding IP PBX according to the generated routing information, and further determine the local terminal (e.g., an IP phone in the call center), and finally implement the connection between the local terminal and the user terminal.
In practical application, before step S201, the user terminal first establishes a Secure connection with the portal unit, for example, a connection based on the hypertext Transfer security Protocol https (hyper Text Transfer Protocol over Secure socket layer), and inputs account information such as a user name and a password. The entrance unit verifies the legality of the account information: if the information is legal, returning login success information and marking the session as legal; if the information is illegal, the login failure information is returned.
And then, the user terminal sends an information submission request to the entrance unit, wherein the information submission request carries the current characteristic information of the user terminal. Generally, the above feature information may include identity information of a user level and the like and service scenario descriptive information for embodying the purpose of the session. After receiving the information submission request, the entrance unit sends the feature information in the request to the authentication unit for authentication.
Step S202: determining the address and the interception port of the SBC corresponding to the characteristic information in at least one local session border control device (SBC), and returning the address and the interception port to the user terminal; and determining the routing information corresponding to the characteristic information.
In this step, the address and the listening port of the SBC corresponding to the feature information may be determined through cooperation of the entry unit and the authentication unit. Specifically, after receiving the feature information sent by the entry unit, the authentication unit first performs authority verification on the identity information therein, and after the verification is passed, the SBC domain name and the routing information corresponding to the service scenario descriptive information in the feature information can be determined. The routing information can comprise routing point information and skill group information, the routing point can be used for introducing the call into a preset telephone, a preset seat or a reserved record, and the skill group is a logic organization formed by customer service personnel with certain skills.
After the SBC domain name is determined, the authentication unit may send the SBC domain name to the entry unit, and the entry unit may determine the address and the interception port of the SBC corresponding to the SBC domain name according to the stored mapping relationship between the domain name and the address and the interception port, thereby locating the SBC providing service for the call. In specific implementation, the mapping relationship between the domain name and the address and the interception port can be maintained in real time through the entry unit. Generally, the mapping relationship between the domain name, the address, and the sniffing port is stored in a data table of the ingress unit, and each SBC can transmit and store the domain name, the address, and the sniffing port information to the ingress unit at the time of initialization. In a specific application, the address may be a uniform Resource locator url (uniform Resource locator) or an internet protocol ip (internet protocol) address.
It is understood that steps S201 and S202 describe a process in which the portal unit processes a data reporting request sent by the user terminal via the authentication unit, and the process can be referred to fig. 4. As shown in fig. 4, the specific steps of the ingress unit processing the data reporting request are as follows:
1. the user terminal sends an information reporting request to the entry unit, wherein the information carries the current characteristic information of the user terminal (namely the characteristic information of the call). In practical applications, the information reporting request may be a POST request for submitting data. After receiving the information reporting request, the entrance unit sends the feature information to the authentication unit, and the authentication unit processes the feature information and generates a response.
Fig. 5 is a schematic flow chart of the authentication unit processing the feature information according to the embodiment of the present invention. As shown in fig. 5, the specific steps of the authentication unit for processing the feature information are as follows:
(1) the authentication unit receives characteristic information including identity information of a user and service scene descriptive information, and judges whether the user has the authority to initiate the call according to the identity information. If the user does not have the authority, returning an error response to the entrance unit; and if the user has the authority, inquiring the SBC domain name and the routing information corresponding to the service scene descriptive information.
(2) After the SBC domain name and the routing information corresponding to the service scene descriptive information are inquired, the authentication unit generates a unique token number corresponding to the call according to the SBC domain name and the routing information, and stores the corresponding relation between the SBC domain name and the routing information and the token number in a hash table by taking the token number as a main key. It will be appreciated that the token number is used to mark the call and is invalidated after the call is completed.
(3) The authentication unit returns the token number and the SBC domain name to the entry unit.
The above is the specific step of the authentication unit processing the feature information, and the following goes back to the above step 1 of the portal unit processing the data submission request. In step 1, the portal unit sends the feature information to the authentication unit, and after the authentication unit processes the feature information and generates a response, the portal unit continues to perform the following steps:
2. if the authentication unit returns an error response to the entrance unit, the entrance unit returns an error response to the user terminal and ends the call. If the authentication unit returns the SBC domain name and the token number to the entrance unit, the entrance unit inquires a domain name, an address and an interception port mapping table which are stored in advance, determines the SBC address and the interception port corresponding to the returned SBC domain name, and returns the determined SBC address, the interception port and the token number to the user terminal, so that the user terminal can conveniently initiate a call to the SBC.
Step S203: and receiving a session request sent by the user terminal through the SBC corresponding to the address and the interception port, determining a local terminal by using the SBC and the routing information, and establishing connection between the local terminal and the user terminal.
In the embodiment of the invention, the user terminal sends the session request to the SBC according to the SBC address, the interception port and the token number returned by the access unit. The session request may be an INVITE request based on a session initiation protocol sip (session initiation protocol). The SBC processes the session request by means of the authentication unit, and further determines the IP PBX and the local terminal that provide services to the user terminal, thereby implementing connection between the local terminal and the user terminal. Figure 6 is a schematic flow chart of the SBC and the authentication unit processing the session request in the embodiment of the present invention, which includes the following specific steps:
1. the user terminal sends a session request to the SBC corresponding to the address and the listening port determined in step S202; the session request carries a Call ID for marking the session, and the destination number of the session request is a token number returned by the entry unit to the user terminal. The SBC receives the session request and sends the token number and the session identifier to the authentication unit for authentication.
2. The authentication unit first determines whether the token number, i.e. the destination number of the session request, is valid. Specifically, the authentication unit determines whether the SBC domain name and the routing information corresponding to the token number are stored locally: if yes, the token number is valid; otherwise, the token number is invalid.
3. And when the token number is judged to be invalid, the authentication unit returns an error response to the entrance unit. When the SBC domain name and the routing information corresponding to the token number are locally stored, the authentication unit detects whether the SBC domain name and the routing information are associated with any session identifier (since the SBC domain name and the routing information correspond to the token number, that is, the destination number of the session request, the association relationship between the SBC domain name and the routing information and the session identifier is equal to the association relationship between the token number and the session identifier or the association relationship between the destination number and the session identifier). And if the SBC domain name and the routing information are not associated with any session identifier, associating the SBC domain name and the routing information with the session identifier in the current session request, and returning the routing information to the SBC. If the SBC domain name and the routing information are already associated with the session identifier in the current session request, the routing information is returned to the SBC. And if the SBC domain name and the routing information are associated with the session identifier different from the session identifier in the current session request, returning an error response to the SBC.
And 4, after receiving the error response returned by the authentication unit, the SBC ends the call. After receiving the routing information returned by the authentication unit, the SBC returns a temporary response to the user terminal and keeps the call continuing. Then, the SBC determines the IP PBX and the local terminal providing services to the user terminal according to the routing information, and establishes a connection between the local terminal and the user terminal, thereby implementing subsequent signaling interaction and media interaction.
In practical application, in order to effectively prevent malicious attacks against a call center, an SBC may dynamically update an interception port through the following steps, which are specifically executed as follows:
the SBC updates the listening port periodically and stores the latest mapping relation between the domain name and address of the SBC and the port in a data table of the entrance unit. In practical application, when the local terminal is connected to the user terminal through the SBC, the SBC starts a new port as a current listening port, and notifies the entry unit to update the mapping relationship between the stored domain name and address and the listening port.
And 2, the SBC sends an OPTION message (such as an OPTION message based on an SIP protocol) carrying current interception port information to a user terminal connected with the SBC, the user terminal receives the OPTION message, waits for a random time length, then disconnects the original connection with the SBC and establishes a new connection, and the SBC closes the original connection after a certain time length. Thus, dynamic updating of the listening port can be realized.
In specific application, when the user terminal finishes the call, the corresponding SBC notifies the authentication unit that the call associated with the token number is finished, the authentication unit marks the token number as a failure state, and deletes the previously stored correspondence between the token number, the SBC domain name, and the routing information.
In the technical scheme of the embodiment of the invention, the entrance unit is set as the uniform entrance of the system and directly interacts with the user terminal, so that the introduction of a plurality of SBCs for providing services is possible, and the expandability of the system is improved. In the signaling interaction and media interaction process related by the invention, dynamically generated token numbers are used as calling target numbers, and the target numbers of two different calls are completely different, so that the possibility of being cracked is reduced; the real target number, the service scene information and the routing information are not transmitted in the public network, so that the leakage risk does not exist, and the system safety is improved. In addition, the lack of the safety of the original protocol is supplemented by introducing the process of verifying the identity information of the user terminal and the calling target number; in the operation process of the SBC, the interception port can be dynamically changed, and the connected user terminal can adjust the signaling interaction port through the option message, so that the possibility of port attack can be reduced, and the system security performance is further improved.
It should be noted that, for the convenience of description, the foregoing method embodiments are described as a series of acts, but those skilled in the art will appreciate that the present invention is not limited by the order of acts described, and that some steps may in fact be performed in other orders or concurrently. Moreover, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no acts or modules are necessarily required to implement the invention.
To facilitate a better implementation of the above-described aspects of embodiments of the present invention, the following also provides relevant means for implementing the above-described aspects.
Referring to fig. 7, anapparatus 700 for connecting a user terminal and a local terminal according to an embodiment of the present invention may include: a receivingmodule 701, anSBC determining module 702, and a connectingmodule 703.
The receivingmodule 701 may be configured to receive an information submission request sent by a user terminal after establishing a secure connection with the user terminal; wherein, the information submitting request carries the current characteristic information of the user terminal.
TheSBC determining module 702 may be configured to determine, in at least one local session border control device SBC, an address and an interception port of the SBC corresponding to the feature information, and return the address and the interception port to the user terminal; and determining the routing information corresponding to the characteristic information.
Theconnection module 703 may be configured to receive, through the SBC corresponding to the address and the interception port, a session request sent by the user terminal, determine a local terminal by using the SBC and the routing information, and establish a connection between the local terminal and the user terminal.
In this embodiment of the present invention, the receivingmodule 701 is further configured to: establishing a secure connection with a user terminal by using a local portal unit; the feature information may include: identity information and service scene descriptive information of the user; theSBC determination module 702 may be further configured to: and before determining the address and the interception port of the SBC corresponding to the characteristic information, performing authority verification according to the identity information of the user.
As a preferred approach, theSBC determination module 702 may be further configured to: determining routing information corresponding to the service scene descriptive information in the characteristic information; determining an SBC domain name corresponding to the service scene descriptive information in the characteristic information; and determining the address and the interception port of the SBC corresponding to the domain name of the SBC according to the mapping relation between the domain name and the address and the interception port which are pre-stored in the entrance unit.
Preferably, in the embodiment of the present invention, the session request carries a session identifier; theSBC determination module 702 may be further configured to: when the address of the SBC corresponding to the characteristic information and the interception port are returned to the user terminal, generating a token number according to the SBC domain name and the routing information and returning the token number to the user terminal, and storing the SBC domain name and the corresponding relation between the routing information and the token number locally; wherein the token number is a target number of the session request; theconnection module 703 may be further configured to: after receiving a session request sent by a user terminal, judging whether an SBC domain name and routing information which correspond to a target number of the session request and are not associated with any session identifier are stored locally: if yes, the SBC domain name and the routing information are associated with the session identifier in the session request, and a local terminal is determined according to the routing information.
Furthermore, in the embodiment of the present invention, theconnection module 703 may be further configured to: determining an IP signaling switch IP PBX by using the SBC, and determining a local terminal through the IP PBX and the routing information; thedevice 700 may further comprise: the port updating module is used for starting a new port of the SBC as a current interception port when the local terminal is connected with the user terminal through the SBC; updating the mapping relation between the domain name and the address stored in the entrance unit and the interception port, and sending an option message carrying the current interception port information to the user terminal connected to the SBC; establishing a new connection between the SBC and a user terminal connected to the SBC and closing the original connection; the routing information may include routing point information and skill set information, and the user terminal and the local terminal may be IP phones.
In the technical scheme of the embodiment of the invention, the entrance unit is set as the uniform entrance of the system and directly interacts with the user terminal, so that the introduction of a plurality of SBCs for providing services is possible, and the expandability of the system is improved. In the signaling interaction and media interaction process related by the invention, dynamically generated token numbers are used as calling target numbers, and the target numbers of two different calls are completely different, so that the possibility of being cracked is reduced; the real target number, the service scene information and the routing information are not transmitted in the public network, so that the leakage risk does not exist, and the system safety is improved. In addition, the lack of the safety of the original protocol is supplemented by introducing the process of verifying the identity information of the user terminal and the calling target number; in the operation process of the SBC, the interception port can be dynamically changed, and the connected user terminal can adjust the signaling interaction port through the option message, so that the possibility of port attack can be reduced, and the system security performance is further improved.
A call center system of an embodiment of the present invention is described below. The call center system has the same structure as that shown in fig. 3, except that in the call center system, the user terminal is a user telephone (i.e., an IP telephone of the user terminal), and the local terminal is an IP telephone inside the call center system.
The call center system of the embodiment of the invention can comprise: at least one session border control device SBC, at least one IP signaling switch IP PBX, an entry unit and an authentication unit.
Wherein the inlet unit is operable to: after establishing a secure connection with the user telephone, receiving an information submission request sent by the user telephone, and sending the current characteristic information of the user telephone carried in the information submission request to an authentication unit.
The authentication unit can be used for determining that the SBC domain name corresponding to the characteristic information is sent to the entrance unit and determining the routing information corresponding to the characteristic information; after the authentication unit sends the SBC domain name to the entrance unit, the entrance unit determines the address and the interception port corresponding to the SBC domain name to return to the user telephone according to the mapping relation of the domain name, the address and the interception port which are stored in advance.
The SBC corresponding to this address and listening port is available to: and receiving a session request sent by a user telephone, determining an IP PBX and a local telephone by using the routing information, and connecting the local telephone with the user telephone through the IP PBX.
In an embodiment of the present invention, the feature information includes: identity information and service scene descriptive information of the user; and the authentication unit may be further operable to: after the characteristic information is received, authority verification is carried out according to the identity information of the user in the characteristic information; after the authority passes the verification, determining an SBC domain name and routing information corresponding to the service scene descriptive information in the feature information, generating a token number according to the SBC domain name and the routing information, sending the token number to an entrance unit, and storing the corresponding relation between the SBC domain name, the routing information and the token number; after receiving the token number, the entrance unit sends the token number to the user telephone; the token number is a target number of the session request.
As a preferred scheme, any session request carries a session identifier; either SBC may be further used for: after receiving any session request, sending the session identifier and the target number in the session request to an authentication unit; and the authentication unit may be further operable to: judging whether the SBC domain name and the routing information which correspond to the target number and are not associated with any session identifier are stored: if yes, the SBC domain name and the routing information are associated with the session identifier.
Preferably, any SBC may further be used to: when the local telephone is connected with the user telephone through the SBC, starting a new port as a current interception port; informing the entrance unit to update the mapping relation between the stored domain name and address and the interception port, and sending an option message carrying the current interception port information to the subscriber telephone connected to the SBC; establishing a new connection with the subscriber's telephone connected to the SBC and closing the original connection; the routing information comprises routing point information and skill set information, the user telephone and the local telephone are IP telephones, and the system further comprises a firewall.
In the technical scheme of the embodiment of the invention, the entrance unit is set as the uniform entrance of the system and directly interacts with the user terminal, so that the introduction of a plurality of SBCs for providing services is possible, and the expandability of the system is improved. In the signaling interaction and media interaction process related by the invention, dynamically generated token numbers are used as calling target numbers, and the target numbers of two different calls are completely different, so that the possibility of being cracked is reduced; the real target number, the service scene description information and the routing information are not transmitted in the public network, so that the leakage risk does not exist, and the system safety is improved. In addition, the lack of the safety of the original protocol is supplemented by introducing the process of verifying the identity information of the user terminal and the calling target number; in the operation process of the SBC, the interception port can be dynamically changed, and the connected user terminal can adjust the signaling interaction port through the option message, so that the possibility of port attack can be reduced, and the system security performance is further improved.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for connecting a user terminal and a local terminal, comprising:
after establishing a secure connection with a user terminal, receiving an information submission request sent by the user terminal; the information submitting request carries current characteristic information of the user terminal;
determining the address and the interception port of the SBC corresponding to the characteristic information in at least one local session border control device (SBC), and returning the address and the interception port to the user terminal; determining routing information corresponding to the characteristic information; and
and receiving a session request sent by the user terminal through the SBC corresponding to the address and the interception port, determining a local terminal by using the SBC and the routing information, and establishing connection between the local terminal and the user terminal.
2. The method of claim 1,
the establishing of the secure connection with the user terminal specifically includes: establishing a secure connection with a user terminal by using a local portal unit;
the characteristic information includes: identity information and service scene descriptive information of the user;
and, the method further comprises: and before determining the address and the interception port of the SBC corresponding to the characteristic information, performing authority verification according to the identity information of the user.
3. The method according to claim 2, wherein the determining the routing information corresponding to the feature information specifically includes: determining routing information corresponding to the service scene descriptive information in the characteristic information; and
the determining, in at least one local session border control device SBC, an address and an interception port of the SBC corresponding to the feature information specifically includes:
determining an SBC domain name corresponding to the service scene descriptive information in the characteristic information;
and determining the address and the interception port of the SBC corresponding to the domain name of the SBC according to the mapping relation between the domain name and the address and the interception port which are pre-stored in the entrance unit.
4. The method of claim 3,
the session request carries a session identifier;
the method further comprises: when the address of the SBC corresponding to the characteristic information and the interception port are returned to the user terminal, generating a token number according to the SBC domain name and the routing information and returning the token number to the user terminal, and storing the SBC domain name and the corresponding relation between the routing information and the token number locally; wherein the token number is a target number of the session request; and
the method further comprises: after receiving a session request sent by a user terminal, judging whether an SBC domain name and routing information which correspond to a target number of the session request and are not associated with any session identifier are stored locally: if yes, the SBC domain name and the routing information are associated with the session identifier in the session request, and a local terminal is determined according to the routing information.
5. The method according to claim 3 or 4,
the determining a local terminal by using the SBC and the routing information specifically includes: determining an IP signaling switch IP PBX by using the SBC, and determining a local terminal through the IP PBX and the routing information;
the method further comprises: when the local terminal is connected with the user terminal through the SBC, starting a new port of the SBC as a current interception port; updating the mapping relation between the domain name and the address stored in the entrance unit and the interception port, and sending an option message carrying the current interception port information to the user terminal connected to the SBC; establishing a new connection between the SBC and a user terminal connected to the SBC and closing the original connection; and
the routing information comprises routing point information and skill set information, and the user terminal and the local terminal are IP telephones.
6. An apparatus for connecting a user terminal to a local terminal, comprising:
the receiving module is used for receiving an information submission request sent by the user terminal after the secure connection is established with the user terminal; the information submitting request carries current characteristic information of the user terminal;
the SBC determining module is used for determining the address and the interception port of the SBC corresponding to the characteristic information in at least one local session border control device (SBC) and returning the address and the interception port to the user terminal; determining routing information corresponding to the characteristic information; and
and the connection module is used for receiving a session request sent by the user terminal through the SBC corresponding to the address and the interception port, determining a local terminal by using the SBC and the routing information, and establishing connection between the local terminal and the user terminal.
7. A call center system, comprising: at least one session border control device SBC, at least one IP signaling switch IP PBX, an entry unit and an authentication unit; wherein,
the inlet unit is used for: after establishing a secure connection with a user telephone, receiving an information submission request sent by the user telephone, and sending current characteristic information of the user telephone carried in the information submission request to an authentication unit;
the authentication unit is used for: determining that the SBC domain name corresponding to the characteristic information is sent to an entrance unit, and determining routing information corresponding to the characteristic information; after the authentication unit sends the SBC domain name to the entrance unit, the entrance unit determines an address and an interception port corresponding to the SBC domain name to return to a user telephone according to a mapping relation of the domain name, the address and the interception port which are stored in advance;
the SBC corresponding to this address and listening port is used to: and receiving a session request sent by a user telephone, determining an IP PBX and a local telephone by using the routing information, and connecting the local telephone with the user telephone through the IP PBX.
8. The system of claim 7, wherein the feature information comprises: identity information and service scene descriptive information of the user; and the authentication unit is further configured to:
after the characteristic information is received, authority verification is carried out according to the identity information of the user in the characteristic information;
after the authority passes the verification, determining an SBC domain name and routing information corresponding to the service scene descriptive information in the feature information, generating a token number according to the SBC domain name and the routing information, sending the token number to an entrance unit, and storing the corresponding relation between the SBC domain name, the routing information and the token number; after receiving the token number, the entrance unit sends the token number to the user telephone; the token number is a target number of the session request.
9. The system according to claim 8, wherein any session request carries a session identifier; either SBC is further used to: after receiving any session request, sending the session identifier and the target number in the session request to an authentication unit; and the authentication unit is further configured to:
judging whether the SBC domain name and the routing information which correspond to the target number and are not associated with any session identifier are stored: if yes, the SBC domain name and the routing information are associated with the session identifier.
10. The system according to any one of claims 7 to 9,
either SBC is further used to: when the local telephone is connected with the user telephone through the SBC, starting a new port as a current interception port; updating the mapping relation between the domain name and the address stored in the entrance unit and the interception port, and sending an option message carrying the current interception port information to the subscriber telephone connected to the SBC; establishing a new connection with the subscriber's telephone connected to the SBC and closing the original connection; and
the routing information comprises routing point information and skill set information, the user telephone and the local telephone are IP telephones, and the system further comprises a firewall.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811317737.0ACN111163465B (en) | 2018-11-07 | 2018-11-07 | Method and device for connecting user terminal and local terminal and call center system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811317737.0ACN111163465B (en) | 2018-11-07 | 2018-11-07 | Method and device for connecting user terminal and local terminal and call center system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111163465Atrue CN111163465A (en) | 2020-05-15 |
| CN111163465B CN111163465B (en) | 2022-11-08 |
Family
ID=70555081
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811317737.0AActiveCN111163465B (en) | 2018-11-07 | 2018-11-07 | Method and device for connecting user terminal and local terminal and call center system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111163465B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117650965A (en)* | 2024-01-26 | 2024-03-05 | 北京天维信通科技股份有限公司 | Method and device for realizing SD-WAN management network based on uCPE original port |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1980229A (en)* | 2005-12-01 | 2007-06-13 | 中国移动通信集团公司 | Method for obtaining network protocolmulti-media subsystem terminal accessing-point information |
| CN102511146A (en)* | 2011-11-23 | 2012-06-20 | 华为技术有限公司 | Implementation method of session border controller pool and session border controller |
| CN103051484A (en)* | 2013-01-06 | 2013-04-17 | 中国联合网络通信集团有限公司 | Method and system for processing session service and session border controller |
| CN103188217A (en)* | 2011-12-28 | 2013-07-03 | 中国移动通信集团公司 | SBC selection method, SBC selection device, user equipment and SBC equipment |
| US20150055647A1 (en)* | 2009-07-28 | 2015-02-26 | Centurylink Intellectual Property Llc | System and Method for Registering an IP Telephone |
- 2018
- 2018-11-07CNCN201811317737.0Apatent/CN111163465B/enactiveActive
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1980229A (en)* | 2005-12-01 | 2007-06-13 | 中国移动通信集团公司 | Method for obtaining network protocolmulti-media subsystem terminal accessing-point information |
| US20150055647A1 (en)* | 2009-07-28 | 2015-02-26 | Centurylink Intellectual Property Llc | System and Method for Registering an IP Telephone |
| CN102511146A (en)* | 2011-11-23 | 2012-06-20 | 华为技术有限公司 | Implementation method of session border controller pool and session border controller |
| CN103188217A (en)* | 2011-12-28 | 2013-07-03 | 中国移动通信集团公司 | SBC selection method, SBC selection device, user equipment and SBC equipment |
| CN103051484A (en)* | 2013-01-06 | 2013-04-17 | 中国联合网络通信集团有限公司 | Method and system for processing session service and session border controller |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117650965A (en)* | 2024-01-26 | 2024-03-05 | 北京天维信通科技股份有限公司 | Method and device for realizing SD-WAN management network based on uCPE original port |
| CN117650965B (en)* | 2024-01-26 | 2024-04-19 | 北京天维信通科技股份有限公司 | Method and device for realizing SD-WAN management network based on uCPE original ports |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111163465B (en) | 2022-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2449744B1 (en) | Restriction of communication in voip address discovery system | |
| US10038779B2 (en) | Intercepting voice over IP communications and other data communications | |
| US7739196B2 (en) | Policy control and billing support for call transfer in a session initiation protocol (SIP) network | |
| EP2181545B1 (en) | Using pstn reachability to verify voip call routing information | |
| US8024785B2 (en) | Method and data processing system for intercepting communication between a client and a service | |
| CA2636780C (en) | Method and device for anonymous encrypted mobile data and speech communication | |
| CN102160357B (en) | Key Management in Communication Networks | |
| US8072967B2 (en) | VoIP call routing information registry including hash access mechanism | |
| US9065684B2 (en) | IP phone terminal, server, authenticating apparatus, communication system, communication method, and recording medium | |
| US8228903B2 (en) | Integration of VoIP address discovery with PBXs | |
| US10893414B1 (en) | Selective attestation of wireless communications | |
| JP2022538736A (en) | A method, system, and computer-readable medium for establishing a communication session between a public switched telephone network (PSTN) endpoint and a web real-time communication (WEBRTC) endpoint | |
| US20140007220A1 (en) | Use of telephony features and phones to enable and disable secure remote access | |
| US8437254B2 (en) | Dynamic configuration of VoIP trunks | |
| US9654520B1 (en) | Internet SIP registration/proxy service for audio conferencing | |
| US9485361B1 (en) | Internet SIP registration/proxy service for audio conferencing | |
| CN111163465B (en) | Method and device for connecting user terminal and local terminal and call center system | |
| JP4965499B2 (en) | Authentication system, authentication device, communication setting device, and authentication method | |
| CN101296085B (en) | Authentication method and system based on bifurcation, and bifurcation authentication system | |
| CN1913432B (en) | Method and system of card number service using SIP authentication | |
| JP2006270431A (en) | Call control apparatus, terminal, program thereof, and communication channel establishment method | |
| CN114630000A (en) | A kind of authentication information management, identity verification method, equipment and storage medium | |
| CN113905021A (en) | Communication method and device for fixed telephone, electronic equipment and storage medium | |
| Al Saidat et al. | Develop a secure SIP registration mechanism to avoid VoIP threats | |
| KR20120011154A (en) | VIP service authentication password management system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |