CN1913432B - Method and system of card number service using SIP authentication - Google Patents

Abstract

Translated fromChinese

本发明公开了卡号业务使用SIP鉴权的方法和系统，本发明通过客户端接收到来自应用服务器发出的验证信息后，发送包括鉴权信息的请求信息给应用服务器，应用服务器对该信息进行鉴权，从而简化用户的拨号流程，有利于运营商开展业务。

The invention discloses a method and a system for card number business using SIP authentication. After the client receives verification information from an application server, the invention sends request information including authentication information to the application server, and the application server authenticates the information. rights, thereby simplifying the user's dial-up process, which is conducive to the operator's business development.

Description

Translated fromChinese

卡号业务使用SIP鉴权的方法和系统Method and system for card number service using SIP authentication

技术领域technical field

本发明涉及SIP鉴权技术，尤其涉及基于互联网的卡号业务使用SIP鉴权的方法和系统。The invention relates to SIP authentication technology, in particular to a method and system for using SIP authentication for Internet-based card number services.

背景技术Background technique

随着互联网技术的快速发展，使得基于互联网使用语音业务成为可能。因卡号业务的身份标识为卡号，而不是电话号码，卡号业务的应用不仅具有很大的灵活性，而且还可以节约电话号码资源。With the rapid development of Internet technology, it becomes possible to use voice services based on the Internet. Because the identity of the card number service is the card number instead of the phone number, the application of the card number service not only has great flexibility, but also saves phone number resources.

现有的一种基于互联网的卡号业务鉴权方法为，用户首先输入电话号码和密码，在软交换通过认证后，然后用户按媒体资源服务器提供的语音提示，输入卡号，密码，通过认证后，软交换将呼叫路由到被叫。An existing Internet-based authentication method for card number services is as follows: the user first inputs the phone number and password, and after the softswitch passes the authentication, the user then presses the voice prompt provided by the media resource server to input the card number and password, and after passing the authentication, The softswitch routes the call to the called party.

请参考图1，为现有技术使用SIP鉴权方法流程图，包括：Please refer to Figure 1, which is a flow chart of the SIP authentication method used in the prior art, including:

A1.用户在软终端上输入主叫电话号码、电话密码，点击发送。A1. The user enters the calling phone number and phone password on the soft terminal, and clicks send.

A2.软终端向软交换发起SIP(Session Initiation Protocol，会话初始化协议)的Register注册请求。A2. The soft terminal initiates a SIP (Session Initiation Protocol, Session Initiation Protocol) Register registration request to the soft switch.

A3.软交换返回带验证字的401Unauthorized信息，要求软终端将主叫号码+密码+验证字加密后，再通过Register携带加密后的信息送到软交换。A3. The softswitch returns the 401Unauthorized message with the verification word, requiring the soft terminal to encrypt the calling number + password + verification word, and then send the encrypted information to the softswitch through the Register.

A4.软交换验证通过后，返回200OK正常响应，软终端登陆成功。A4. After the verification of the soft switch is passed, a normal response of 200 OK is returned, and the soft terminal login is successful.

A5.用户在软终端上拨打200，该200为预付费卡号接入码，软终端将200通过INVITE消息送到软交换。A5. The user dials 200 on the soft terminal, which is the access code of the prepaid card number, and the soft terminal sends 200 to the soft switch through the INVITE message.

A6.软交换根据路由信息将该INVITE(请求)消息转发到AS(ApplicationServer，应用服务器)，触发AS上的200业务。A6. The soft switch forwards the INVITE (request) message to the AS (Application Server, application server) according to the routing information, and triggers the 200 service on the AS.

A7.AS指示MRS(Media Resource Server，媒体资源服务器)建立与软终端的媒体通道RTP(Real-time Transport Protocol，实时传输协议)，播放提示用户输入200卡号的语音；用户在软终端的键盘上输入卡号，卡号通过DTMF(Dual-Tone Multi Frequency，双音多频)信号传送到MRS、MRS识别出卡号后返回给AS预付费业务。A7. AS instructs MRS (Media Resource Server, Media Resource Server) to establish a media channel RTP (Real-time Transport Protocol, Real-time Transport Protocol) with the soft terminal, and play a voice prompting the user to enter the 200 card number; Enter the card number, the card number is sent to the MRS through the DTMF (Dual-Tone Multi Frequency) signal, and the MRS recognizes the card number and returns it to the AS prepaid service.

A8.200业务继续提示用户输入密码(200卡号密码)；用户输入密码后，200业务根据卡号、密码鉴权，鉴权通过后语音提示用户输入被叫号码。A8. The 200 service continues to prompt the user to enter the password (200 card number password); after the user enters the password, the 200 service authenticates according to the card number and password, and the voice prompts the user to enter the called number after the authentication is passed.

A9.用户根据提示输入被叫后，200业务进行后续被叫处理，并在呼叫过程中，进行监控，如主叫挂机、被叫挂机、通话时长是否到达等。A9. After the user enters the called number according to the prompt, the 200 service performs subsequent called processing, and monitors during the calling process, such as whether the calling party hangs up, the called party hangs up, and whether the call duration is reached.

从上述现有技术可以看出，首先要在软交换上注册主叫号码，认证成功后，通过RTP承载DTMF信号收集用户卡号、密码和被叫号码等信息，每个呼叫都要使用MRS；这样，不仅软终端与MRS进行语音交互时需要交换更多的SIP消息，占用系统资源，而且，用户按语音提示输入一连串的号码，使用该业务相当麻烦，不利于运营商开展业务。It can be seen from the above prior art that the calling number must first be registered on the softswitch. After the authentication is successful, information such as user card number, password, and called number is collected through RTP carrying DTMF signals, and MRS is used for each call; Not only does the soft terminal need to exchange more SIP messages when interacting with the MRS, which takes up system resources, but also the user enters a series of numbers according to the voice prompts, which is quite troublesome to use this service, which is not conducive to the operator's business development.

发明内容Contents of the invention

本发明要解决的技术问题是提供能简化用户拨号流程，减少SIP信令交互的基于互联网的卡号业务使用SIP鉴权的方法和系统。The technical problem to be solved by the present invention is to provide a method and system for using SIP authentication for Internet-based card number services that can simplify user dialing procedures and reduce SIP signaling interaction.

为解决上述技术问题，本发明通过以下技术方案实现：In order to solve the problems of the technologies described above, the present invention is realized through the following technical solutions:

一种卡号业务鉴权的方法，应用在使用会话初始化协议的呼叫过程中，包括：应用服务器接收到来自客户端发出的第一请求消息后，向所述客户端返回响应消息，所述响应消息中携带包括验证字和加密算法的验证信息；所述客户端根据用户卡号、用户密码和所述验证字、加密算法进行加密运算，获得包括加密字符串的鉴权信息，并向所述应用服务器发送第二请求消息，所述第二请求消息中携带所述鉴权信息；所述应用服务器根据所述用户卡号查询该用户卡号在数据库中的密码，根据所述用户卡号、所述查询到的密码和所述验证字进行加密运算，获得加密字符串；所述应用服务器将该加密字符串与所述应用服务器接收到的加密字符串进行比较，如果相同，鉴权通过，否则，鉴权不通过。A method for card number service authentication, applied in a call process using a session initiation protocol, comprising: after an application server receives a first request message from a client, returning a response message to the client, the response message Carry verification information including verification words and encryption algorithms; the client performs encryption operations according to the user card number, user password, the verification words, and encryption algorithms to obtain authentication information including encrypted character strings, and send the authentication information to the application server Send a second request message, the second request message carries the authentication information; the application server queries the password of the user card number in the database according to the user card number, and according to the user card number, the queried The password and the verification word are encrypted to obtain an encrypted string; the application server compares the encrypted string with the encrypted string received by the application server, and if they are the same, the authentication passes; otherwise, the authentication fails pass.

优选的，所述客户端发送第一请求消息进一步包括被叫号码；所述应用服务器在鉴权通过后，发送所述被叫号码给软交换设备，软交换设备将呼叫接续到所述被叫号码。Preferably, the first request message sent by the client further includes the called number; after the application server passes the authentication, it sends the called number to the softswitch, and the softswitch connects the call to the called Number.

优选的，在建立呼叫连接之前，应用服务器依据用户卡号余额预算出通话时长；在建立呼叫连接之后，应用服务器通过所述通话时长监控呼叫，在通话时长到达时，释放呼叫。Preferably, before the call connection is established, the application server estimates the call duration according to the balance of the user's card number; after the call connection is established, the application server monitors the call through the call duration, and releases the call when the call duration reaches.

优选的，所述客户端与应用服务器之间交互的信息通过软交换设备透传。Preferably, the information exchanged between the client and the application server is transparently transmitted through the softswitch.

优选的，客户端获得的加密字符串根据信息摘要算法MD5进行加密运算获得。Preferably, the encrypted character string obtained by the client is obtained by performing an encryption operation according to the information digest algorithm MD5.

一种基于互联网使用会话初始化协议SIP的卡号业务鉴权的方法，包括：客户端控件发送第一请求消息到软交换设备，软交换设备透传所述第一请求消息给应用服务器；应用服务器返回包括代理鉴权请求信息的响应消息到软交换设备，软交换设备透传所述响应消息给所述客户端控件，所述代理鉴权请求信息包含验证字、加密算法和域；所述客户端控件根据用户卡号、用户密码和所述验证字、加密算法进行加密运算，获得加密字符串，发送第二请求消息到软交换设备，所述第二请求消息包含加密字符串，软交换设备透传所述第二请求消息给所述应用服务器；所述应用服务器对所述加密字符串进行鉴权。A method for card number service authentication based on the Internet using Session Initiation Protocol SIP, comprising: a client control sends a first request message to a soft switch device, and the soft switch device transparently transmits the first request message to an application server; the application server returns A response message including proxy authentication request information is sent to the softswitch device, and the softswitch device transparently transmits the response message to the client control, and the proxy authentication request information includes a verification word, an encryption algorithm and a domain; the client The control performs an encryption operation according to the user card number, the user password, the verification word, and the encryption algorithm to obtain an encrypted character string, and sends a second request message to the softswitch device. The second request message contains an encrypted character string, which is transparently transmitted by the softswitch device The second request message is sent to the application server; the application server authenticates the encrypted string.

一种使用会话初始化协议的卡号业务鉴权的系统，包括客户端控件模块和应用服务器：所述客户端控件模块用于向所述应用服务器发送请求消息，并根据所述应用服务器返回包括验证信息的响应信息，进行加密运算获得加密字符串，并将包括所述加密字符串的请求消息发送给所述应用服务器；所述应用服务器用于向所述客户端控件模块返回包括验证字和加密算法的响应信息，并对所述字符串进行鉴权。A system for card number service authentication using session initiation protocol, including a client control module and an application server: the client control module is used to send a request message to the application server, and return verification information according to the application server The response information is encrypted to obtain an encrypted character string, and the request message including the encrypted character string is sent to the application server; the application server is used to return the verification word and encryption algorithm to the client control module The response information of the string and authenticate the string.

优选的，还包括软交换设备：所述软交换设备用于透传所述客户端控件模块与所述应用服务器之间交互的信息。Preferably, a soft switch device is further included: the soft switch device is used for transparently transmitting the information interacted between the client control module and the application server.

以上技术方案可以看出，由于在本发明中，客户端接收到来自应用服务器发出的验证消息后，发送包括鉴权信息的请求信息给应用服务器，应用服务器对该信息进行鉴权；本发明不需要发送注册信息给软交换，避免了软交换对主叫号码的鉴权，不需要媒体资源服务器提供语音交互，从而减少SIP信令交互，提高系统性能，简化用户拨号流程，有利于运营商开展业务。It can be seen from the above technical solutions that in the present invention, after the client receives the verification message from the application server, it sends request information including authentication information to the application server, and the application server authenticates the information; the present invention does not Registration information needs to be sent to the softswitch, which avoids the authentication of the calling number by the softswitch, and does not require the media resource server to provide voice interaction, thereby reducing SIP signaling interaction, improving system performance, and simplifying the user dialing process, which is beneficial for operators to carry out business.

附图说明Description of drawings

图1为现有技术使用SIP鉴权方法流程图；Fig. 1 is the flow chart of prior art using SIP authentication method;

图2为本发明使用SIP鉴权方法流程图；Fig. 2 is a flowchart of the SIP authentication method used in the present invention;

图3为本发明实施例使用SIP鉴权方法流程图；Fig. 3 is a flow chart of the SIP authentication method used in the embodiment of the present invention;

图4为本发明系统示意图。Fig. 4 is a schematic diagram of the system of the present invention.

具体实施方式Detailed ways

本发明提供了应用于互联网卡号业务使用SIP鉴权的方法和系统，其基本思想是不使用软交换对主叫号码进行鉴权，也不使用MRS进行语音交互，而是由客户端控件发送包括鉴权信息的INVITE信息给应用服务器，应用服务器对该信息进行鉴权，从而简化用户的拨号流程。The present invention provides a method and system for using SIP authentication for Internet card number services. Its basic idea is not to use softswitch to authenticate the calling number, nor to use MRS for voice interaction, but to send the information including The INVITE information of the authentication information is sent to the application server, and the application server authenticates the information, thereby simplifying the dial-up process of the user.

请参考图2，为本发明使用SIP鉴权方法流程图，包括：Please refer to Fig. 2, use SIP authentication method flowchart for the present invention, including:

D1.应用服务器接收到来自客户端发出的第一请求消息后，向所述客户端返回响应消息，所述响应消息中携带验证信息；D1. After the application server receives the first request message from the client, it returns a response message to the client, and the response message carries verification information;

D2.所述客户端根据接收到所述响应消息中的验证信息获得鉴权信息，并向所述应用服务器发送第二请求消息，所述第二请求消息中携带所述鉴权信息；D2. The client obtains authentication information according to the verification information received in the response message, and sends a second request message to the application server, and the second request message carries the authentication information;

D3.应用服务器对所述鉴权信息进行鉴权。D3. The application server authenticates the authentication information.

为进一步理解本发明，以下通过具体实施方式对本技术方案进行详细的描述。In order to further understand the present invention, the technical solution will be described in detail below through specific embodiments.

请参考图3，为本发明实施例使用SIP鉴权方法流程图，包括：Please refer to FIG. 3, which is a flow chart of the SIP authentication method used in the embodiment of the present invention, including:

B1.在客户端控件输入用户卡号、用户密码和被叫号码。当用户要使用基于互联网的卡号业务，首先向运营商购买或通过其它渠道获得卡号和密码，然后安装客户端控件。所述客户端控件为SIP客户端，通常由ActiveX实现，但不限定一种实现技术，可包括Client方式。安装控件的方式很多，比如，用户通过浏览器访问运营商指定的网址，选择“Web拨号”，浏览器自动下载软电话控件。客户端控件可以看成为支持SIP协议的多媒体终端，安装在PC机上，配合耳机和麦克能为用户提供语音业务，如果配上摄像头还能为用户提供视频通信业务。B1. Enter the user card number, user password and called number in the client control. When the user wants to use the card number service based on the Internet, he must first purchase the card number and password from the operator or obtain the card number and password through other channels, and then install the client control. The client control is a SIP client, usually implemented by ActiveX, but not limited to one implementation technology, which may include a Client method. There are many ways to install the control. For example, the user accesses the website designated by the operator through a browser, selects "Web dial-up", and the browser automatically downloads the softphone control. The client control can be regarded as a multimedia terminal supporting the SIP protocol. It is installed on a PC and can provide voice services for users with earphones and microphones. If it is equipped with a camera, it can also provide video communication services for users.

控件安装完后，按提示输入预付费卡号及密码；如控件提供记忆功能，用户选择记忆卡号、密码，下次登陆时则无需再次输入。After the control is installed, enter the prepaid card number and password according to the prompts; if the control provides a memory function, the user selects the memory card number and password, and there is no need to enter it again when logging in next time.

用户设置完卡号密码后，在浏览器页面中看到类似电话键盘的软键盘，供用户输入被叫号码，此时用户输入被叫号码，并点击“拨出”按钮。After the user has set the card number and password, he will see a soft keyboard similar to a telephone keyboard on the browser page for the user to input the called number. At this time, the user enters the called number and clicks the "Call" button.

B2.客户端控件根据内部设置的软交换地址，发送请求INVITE消息到软交换，软交换将此INVITE消息转发到AS。B2. The client control sends a request INVITE message to the soft switch according to the soft switch address set internally, and the soft switch forwards the INVITE message to the AS.

所述INVITE为SIP信息，用来在不同的参与者中创建会话使用。一个会话由一组参与者，他们之间用于交流的媒体流组成。The INVITE is SIP information, which is used to create a session among different participants. A session consists of a group of participants and the media streams between them for communication.

所述软交换地址一般不需终端用户手工设置，在下载安装运营商提供的SIP客户端时，自动根据运营商的情况设置目的地址。Generally, the softswitch address does not need to be manually set by the terminal user, and the destination address is automatically set according to the situation of the operator when the SIP client provided by the operator is downloaded and installed.

所述软交换是NGN(Next Generation Network，下一代网络)的核心设备，主要完成呼叫控制、媒体网关接入控制、资源分配、协议处理、路由、认证(鉴权)、计费等功能，并可向用户提供基本语音业务、移动业务、多媒体业务以及API接口。The soft switch is the core equipment of NGN (Next Generation Network, next-generation network), which mainly completes functions such as call control, media gateway access control, resource allocation, protocol processing, routing, authentication (authentication), billing, and It can provide users with basic voice services, mobile services, multimedia services and API interfaces.

所述AS(Application Server，应用服务器)负责各种增值业务和智能网业务的逻辑产生和管理，是一个独立的组件，它与网络控制层的软交换设备无关，从而实现了业务与呼叫控制的分离，有利于补充业务的引入。Described AS (Application Server, application server) is responsible for the logical generation and management of various value-added services and intelligent network services, is an independent component, and it has nothing to do with the soft switch equipment of network control layer, thus has realized the business and call control Separation is conducive to the introduction of supplementary services.

在本实施例中，所述发送的请求INVITE为特殊SIP消息，其中FROM域填写为“AnonymousCard”，Request-URI为接入码+被叫号码。Request-URI为50200+13977770003，接入码50200对应AS上的200业务，为内部接入码，对用户不可见，13977770003为被叫号码。In this embodiment, the sent request INVITE is a special SIP message, in which the FROM field is filled with "AnonymousCard", and the Request-URI is an access code + called number. The Request-URI is 50200+13977770003, the access code 50200 corresponds to the 200 service on the AS, and is an internal access code that is invisible to users, and 13977770003 is the called number.

所述FROM域包含了请求发起者的逻辑标志。在本具体实施方式中，采用特殊的字符串“AnonymousCard”，为客户端与AS、软交换三者之间的约定，实际应用中可采用任意字符串。The FROM field contains the logical identification of the originator of the request. In this specific implementation manner, a special character string "AnonymousCard" is used, which is an agreement between the client, the AS, and the softswitch, and any character string can be used in practical applications.

正常情况下软交换是不会处理未经过注册REGISTER的SIP客户端，软交换根据“AnonymousCard”判断INVITE为特殊INVITE，不需要注册，将此消息透传给AS。Under normal circumstances, the softswitch will not process SIP clients that have not registered with the REGISTER. The softswitch judges that the INVITE is a special INVITE based on the "AnonymousCard" and does not need to register, and transparently transmits this message to the AS.

所述Request-URI为SIP信息，标志了这个请求所用到的用户或者服务的地址。在本实施例中，Request-URI为卡号业务接入码+被叫号码。The Request-URI is SIP information, which marks the address of the user or service used by the request. In this embodiment, the Request-URI is the card number service access code + called number.

本例发送的SIP INVITE如下所示：The SIP INVITE sent in this example is as follows:

INVITE sip：5020013977770003@10.18.200.50；user＝phone SIP/2.0INVITE sip: 5020013977770003@10.18.200.50; user＝phone SIP/2.0

Via：SIP/2.0/UDP 10.18.200.100：5061；branch＝z9hG4bK0a81de4eeVia: SIP/2.0/UDP 10.18.200.100:5061; branch=z9hG4bK0a81de4ee

Call-ID：294fc131df273bf15998189d0a81de4e@10.18.200.100Call-ID: 294fc131df273bf15998189d0a81de4e@10.18.200.100

From：<sip:AnonymousCard@10.18.6.112；user＝phone>；tag＝0a81de4eFrom: <sip:AnonymousCard@10.18.6.112; user=phone>; tag=0a81de4e

To：<sip:5020013977770003@10.18.200.100；user＝phone>To: <sip:5020013977770003@10.18.200.100; user=phone>

CSeq：1INVITECSeq: 1 INVITE

Contact：<sip:AnonymousCard@10.18.6.112；user＝phone>Contact: <sip:AnonymousCard@10.18.6.112; user=phone>

Supported：100relSupported: 100rel

Max-Forwards：70Max-Forwards: 70

Allow：Allow:

INVITE，ACK，CANCEL，OPTIONS，BYE，REGISTER，PRACK，INFO，UPDATE，SUBSCRIBE，NOTIFY，MESSAGE，REFERINVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, PRACK, INFO, UPDATE, SUBSCRIBE, NOTIFY, MESSAGE, REFER

B3.AS根据所述接入码触发相应的业务，在本例中触发预付费卡号业务，业务根据AnonymousCard识别此INVITE消息为Web拨号控件所发，而且还未通过呼叫鉴权，则通过407Proxy Authentication Required(代理鉴权请求)消息发送验证字(nonce)、算法(algorithm)、域(realm)给软交换，软交换转发上述信息给客户端控件。在这里，软交换只做透传，不对信息进行处理。B3. AS triggers the corresponding service according to the access code. In this example, it triggers the prepaid card number service. The service recognizes that the INVITE message is sent by the Web dialer control according to the AnonymousCard, and the call authentication has not yet been passed. Then pass 407Proxy Authentication The Required (proxy authentication request) message sends the verification word (nonce), algorithm (algorithm), and domain (realm) to the softswitch, and the softswitch forwards the above information to the client control. Here, the softswitch only performs transparent transmission and does not process information.

所述407Proxy Authentication Required为响应消息，标志了客户端应当首先通过认证。通过Proxy-Authenticate头域指定Digest鉴权方式，并指定以下参数：The 407 Proxy Authentication Required is a response message, which indicates that the client should first pass the authentication. Specify the Digest authentication method through the Proxy-Authenticate header field, and specify the following parameters:

nonce＝″mHw1.037″   //验证字随机数，用于加密算法nonce=″mHw1.037″ //Verification word random number, used for encryption algorithm

algorithm＝MD5        //加密算法，指示SIP客户端按照此加密算法加密，MD5为Message-Digest Algorithm 5(信息-摘要算法)algorithm=MD5 //Encryption algorithm, instructing the SIP client to encrypt according to this encryption algorithm, MD5 is Message-Digest Algorithm 5 (information-digest algorithm)

realm＝″example.com″//域名称，用于客户端提示用户输入正确卡号、密码realm = "example.com"//domain name, used by the client to prompt the user to enter the correct card number and password

本例发送的SIP 407如下所示：TheSIP 407 sent in this example is as follows:

SIP/2.0407Proxy Authentication RequiredSIP/2.0407 Proxy Authentication Required

Allow：INVITE，ACK，BYE，CANCEL，OPTIONS，REGISTER，SUB SCRIBE，NOTIFY，PRACK，UPDATE，INFOAllow: INVITE, ACK, BYE, CANCEL, OPTIONS, REGISTER, SUB SCRIBE, NOTIFY, PRACK, UPDATE, INFO

Call-ID：294fc131df273bf15998189d0a81de4e@10.18.200.100Call-ID: 294fc131df273bf15998189d0a81de4e@10.18.200.100

Content-Length：0Content-Length: 0

CSeq：1INVITECSeq: 1 INVITE

From：<sip:AnonymousCard@10.18.6.112；user＝phone>；tag＝0a81de4eOrganization：ExampleFrom: <sip:AnonymousCard@10.18.6.112; user=phone>; tag=0a81de4eOrganization: Example

Proxy-Authenticate：digestProxy-Authenticate: digest

nonce＝″mHw1.037″，algorithm＝MD5，realm＝″example.com″nonce="mHw1.037", algorithm=MD5, realm="example.com"

Supported：100relSupported: 100rel

To：To:

<sip:5020013977770003@10.18.200.100；user＝phone>；tag＝XeJS.1836Y.000null10.18.200.50<sip:5020013977770003@10.18.200.100; user=phone>; tag=XeJS.1836Y.000null10.18.200.50

Via：SIP/2.0/UDP 10.18.200.100：5061；branch＝z9hG4bK0a81de4eeVia: SIP/2.0/UDP 10.18.200.100:5061; branch=z9hG4bK0a81de4ee

B4.客户端控件将卡号、密码及验证字按照指定算法加密后(response)，得到加密字符串，通过INVITE消息将卡号(username)、验证字、加密算法、域等信息发送给软交换，软交换再转发给AS。B4. The client control encrypts the card number, password and verification word according to the specified algorithm (response) to obtain an encrypted string, and sends the card number (username), verification word, encryption algorithm, domain and other information to the softswitch through the INVITE message, and the softswitch The exchange is then forwarded to the AS.

所述INVITE的Proxy-Authenticate头域带以下参数：The Proxy-Authenticate header field of the INVITE carries the following parameters:

username＝″99999999999″//用户卡号username="99999999999"//user card number

realm＝″example.com″  //同上realm = "example.com" //same as above

nonce＝″mHw1.037″     //同上，但AS可以不使用此nonce。nonce=″mHw1.037″ //Same as above, but AS can not use this nonce.

uri＝″sip：5020013977770003@10.18.200.100：5060″//防止Proxy将SIPRequst-URI改变。uri="sip:5020013977770003@10.18.200.100:5060"//Prevent Proxy from changing SIPRequst-URI.

response＝″3a1427fc8d73538d80b6e2b49fc9f4ad″，algorithm＝MD5response="3a1427fc8d73538d80b6e2b49fc9f4ad", algorithm=MD5

//SIP客户端，将卡号+密码、验证字使用MD5加密算法加密后，生成的加密字符串结果。//SIP client, after encrypting the card number + password and verification word using the MD5 encryption algorithm, the encrypted string result generated.

本例发送的SIP INVITE如下所示：The SIP INVITE sent in this example is as follows:

INVITE sip：5020013977770003@10.18.200.50；user＝phone SIP/2.0INVITE sip: 5020013977770003@10.18.200.50; user＝phone SIP/2.0

Via：SIP/2.0/UDP 10.18.200.100：5061；branch＝z9hG4bK6b443beb2Via: SIP/2.0/UDP 10.18.200.100:5061; branch=z9hG4bK6b443beb2

Call-ID：294fc131df273bf15998189d0a81de4e@10.18.200.100Call-ID: 294fc131df273bf15998189d0a81de4e@10.18.200.100

From：<sip:AnonymousCard@10.18.6.112；user＝phone>；tag＝6b443bebFrom: <sip:AnonymousCard@10.18.6.112; user=phone>; tag=6b443beb

To：<sip:5020013977770003@10.18.200.100；user＝phone>To: <sip:5020013977770003@10.18.200.100; user=phone>

CSeq：2INVITECSeq: 2 INVITE

Contact：<sip:AnonymousCard@10.18.6.112；user＝phone>Contact: <sip:AnonymousCard@10.18.6.112; user=phone>

Supported：100relSupported: 100rel

Proxy-Authorization：Digest usemame＝″99999999999″，realm＝″example.com″.Proxy-Authorization: Digest usemame="99999999999", realm="example.com".

nonce＝″mHw1.037″，uri＝″sip：5020013977770003@10.18.200.100：5060″，nonce="mHw1.037", uri="sip:5020013977770003@10.18.200.100:5060",

response＝″3a1427fc8d73538d80b6e2b49fc9f4ad″，algorithm＝MD5response="3a1427fc8d73538d80b6e2b49fc9f4ad", algorithm=MD5

Max-Forwards：70Max-Forwards: 70

Allow：Allow:

INVITE，ACK，CANCEL，OPTIONS，BYE，REGISTER，PRACK，INFO，UPDATE，SUBSCRIBE，NOTIFY，MESSAGE，REFERINVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, PRACK, INFO, UPDATE, SUBSCRIBE, NOTIFY, MESSAGE, REFER

B5.AS将该消息转给相应的业务处理，业务根据INVITE消息中的卡号(一般为明文)、上一步中发送给控件的的验证字、根据卡号在AS数据库中查询到的密码进行加密运算后，得到加密字符串，与INVITE中控件加密字符串相比较，相同则认为鉴权通过；否则认为鉴权不通过。B5. AS transfers the message to the corresponding business processing, and the business performs encryption operations based on the card number (usually in plain text) in the INVITE message, the verification word sent to the control in the previous step, and the password queried in the AS database according to the card number After that, get the encrypted string, compare it with the encrypted string of the control in INVITE, if they are the same, then the authentication is considered successful; otherwise, it is considered that the authentication fails.

B6.如果鉴权不通过，AS返回401错误。B6. If the authentication fails, the AS returns a 401 error.

B7.鉴权通过后，预付费卡号业务剥离Requst-URI(5020013977770003)剥离接入码(50200)，剩下的即为被叫号码(13977770003)，业务根据卡号当前余额预算出可以通话时长，然后发起INVITE被叫号码到软交换，AS监控呼叫通话时长，当呼叫时长到达后，AS可以主动释放呼叫。B7. After the authentication is passed, the prepaid card number service strips the Requst-URI (5020013977770003) and strips the access code (50200), and the rest is the called number (13977770003). The service estimates the call duration according to the current balance of the card number, and then Initiate an INVITE called number to the softswitch, and the AS monitors the duration of the call. When the duration of the call is reached, the AS can actively release the call.

B8.软交换将呼叫接续到所述被叫号码，主叫号码通过AS设置，被叫振铃、摘记后，建立呼叫连接，主叫(客户端控件)和被叫开始通话。B8. The softswitch connects the call to the called number. The calling number is set through the AS. After the called rings and takes notes, the call connection is established, and the calling (client control) and the called start talking.

B9.主叫或被叫挂机，呼叫完成。B9. The calling or called party hangs up, and the call is completed.

请参考图4，为本发明的系统示意图，包括客户端控件模块100、软交换设备200和应用服务器300：Please refer to FIG. 4, which is a schematic diagram of the system of the present invention, including aclient control module 100, asoftswitch device 200 and an application server 300:

所述客户端控件模块100用于向所述应用服务器300发送请求消息，并根据所述应用服务器300返回包括验证信息的响应信息，进行加密运算获得加密字符串，并将包括所述加密字符串的请求消息发送给所述应用服务器300；Theclient control module 100 is used to send a request message to theapplication server 300, and according to the response information returned by theapplication server 300 including verification information, perform an encryption operation to obtain an encrypted string, and include the encrypted string Send the request message to theapplication server 300;

所述应用服务器300用于向所述客户端控件模块100返回包括验证信息的响应信息，并对所述字符串进行鉴权。Theapplication server 300 is configured to return a response message including verification information to theclient control module 100, and authenticate the character string.

所述软交换设备200用于透传所述客户端控件模块100与所述应用服务器300之间交互的信息。Thesoft switch device 200 is used for transparently transmitting the information interacted between theclient control module 100 and theapplication server 300 .

所述客户端控件模块100发送第一请求(INVITE)信息到软交换设备200，软交换设备200将所述信息转发给所述应用服务器300。应用服务器300接收到该请求信息后，发送407(代理鉴权请求)信息给软交换设备200，软交换设备200转发所述信息给所述客户端控件模块100。客户端控件模块100在接收到该407(代理鉴权请求)信息后，发送包括鉴权信息的第二请求信息给软交换设备200，软交换设备200转发所述信息给所述应用服务器300。应用服务器300对所述鉴权信息进行鉴权，如果通过认证，返回200通过信息，否则，返回401错误信息。Theclient control module 100 sends a first request (INVITE) message to thesoft switch device 200 , and thesoft switch device 200 forwards the message to theapplication server 300 . After receiving the request information, theapplication server 300 sends 407 (proxy authentication request) information to thesoft switch device 200, and thesoft switch device 200 forwards the information to theclient control module 100. After receiving the 407 (Proxy Authentication Request) information, theclient control module 100 sends the second request information including authentication information to thesoftswitch device 200, and thesoftswitch device 200 forwards the information to theapplication server 300. Theapplication server 300 authenticates the authentication information, and returns a 200 pass message if the authentication is passed, or returns a 401 error message.

以上对本发明所提供的卡号业务使用SIP鉴权的方法和系统进行了详细介绍，本文中应用了具体个例对本发明的原理及实施方式进行了阐述，以上实施例的说明只是用于帮助理解本发明的方法；同时，对于本领域的一般技术人员，依据本发明的思想，在具体实施方式及应用范围上均会有改变之处，综上所述，本说明书内容不应理解为对本发明的限制。The method and system for using SIP authentication for the card number service provided by the present invention have been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. The description of the above embodiments is only used to help understand the present invention. method of the invention; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. limit.

Claims (7)

1. the method for a card number service authentication is applied in the calling procedure that uses conversation initialized protocol, it is characterized in that, comprising:

Application server returns response message to described client after receiving first request message that sends from client, carries the authorization information that comprises authenticator and cryptographic algorithm in the described response message;

Described client is carried out cryptographic calculation according to user's card number, user cipher and described authenticator, cryptographic algorithm, acquisition comprises the authentication information of encrypted characters string, and send second request message to described application server, carry described authentication information in described second request message;

Described application server is inquired about the password of this user's card number in database according to described user's card number, carries out cryptographic calculation according to described user's card number, the described password that inquires and described authenticator, obtains the encrypted characters string;

Described application server compares the encrypted characters string that this encrypted characters string and described application server receive, if identical, authentication is passed through, otherwise authentication is not passed through.

2. method according to claim 1 is characterized in that, described client sends first request message and further comprises called number;

Described application server sends described called number to Softswitch after authentication is passed through, Softswitch arrives described called number with call proceeding.

3. method according to claim 2 is characterized in that, before setting up the calling connection, application server is calculated the duration of call in advance according to user's card number remaining sum;

After setting up the calling connection, application server is called out by described duration of call monitoring, when the duration of call arrives, and call release.

4. according to one of them described method of claim 1～3, it is characterized in that information mutual between described client and the application server is by the Softswitch transparent transmission.

5. according to one of them described method of claim 1～3, it is characterized in that the encrypted characters string that client obtains carries out cryptographic calculation according to message digest algorithm MD5 and obtains.

6. the method based on the card number service authentication of the Internet use Session initiation protocol SIP is characterized in that, comprising:

The client control sends first request message to Softswitch, and described first request message of Softswitch transparent transmission is given application server;

Application server returns and comprises the response message of acting on behalf of authentication request information to Softswitch, and the described response message of Softswitch transparent transmission is given described client control, and the described authentication request information of acting on behalf of comprises authenticator, cryptographic algorithm and territory;

Described client control carries out cryptographic calculation according to user's card number, user cipher and described authenticator, cryptographic algorithm, obtain the encrypted characters string, send second request message to Softswitch, described second request message comprises the encrypted characters string, and described second request message of Softswitch transparent transmission is given described application server;

Described application server carries out authentication to described encrypted characters string.

7. a system that uses the card number service authentication of conversation initialized protocol is characterized in that, comprises client control module and application server:

Described client control module is used for sending a request message to described application server, and return the response message that comprises authorization information according to described application server, carry out cryptographic calculation and obtain the encrypted characters string, and will comprise that the request message of described encrypted characters string sends to described application server;

Described application server is used for returning the response message that comprises authorization information to described client control module, and described character string is carried out authentication;

Also comprise Softswitch:

Described Softswitch is used for mutual information between described client control module of transparent transmission and the described application server.

Images