WO2023051679A1 - Procédé de traitement d'appel, dispositif associé et support d'enregistrement - Google Patents

Procédé de traitement d'appel, dispositif associé et support d'enregistrement Download PDF

Info

Publication number
WO2023051679A1
WO2023051679A1 PCT/CN2022/122530 CN2022122530W WO2023051679A1 WO 2023051679 A1 WO2023051679 A1 WO 2023051679A1 CN 2022122530 W CN2022122530 W CN 2022122530W WO 2023051679 A1 WO2023051679 A1 WO 2023051679A1
Authority
WO
WIPO (PCT)
Prior art keywords
calling device
user
data
displayed
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2022/122530
Other languages
English (en)
Chinese (zh)
Inventor
左俊
郭晓龙
林宏达
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2023051679A1 publication Critical patent/WO2023051679A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data

Definitions

  • the present application relates to the communication field, and in particular to a call processing method, related equipment and a communication system.
  • IP multimedia subsystem IP multimedia subsystem
  • IMS IP multimedia subsystem
  • the first user may be counterfeit or tampered.
  • Signature-based handling of asserted information using toKENs (SHAKEN) technology to sign the relevant information of the first user's call request message to generate signature information, which can be called number, called number, time stamp, reputation rating and call source address, etc.
  • the called side verifies the signature information according to the public key.
  • the STIR or SHAKEN technology can only authenticate the number of the first user, but cannot authenticate various identity information of the first user.
  • the certification process does not involve the certification of corporate information.
  • the STIR/SHAKEN technology only involves the encryption and authentication process of information at the signaling level.
  • the invention provides a call processing method, related equipment and storage medium, which are used for sending safe data to be displayed to the second user during the process of the first user calling the second user, and can effectively improve the data to be displayed.
  • the amount of information contained in the data is not limited to, but not limited to, but not limited to, but not limited to, but not limited to, but not limited to, but not limited to, but not limited to, but not limited to, but not limited to, but not limited to, and storage medium, which are used for sending safe data to be displayed to the second user during the process of the first user calling the second user, and can effectively improve the data to be displayed. The amount of information contained in the data.
  • the first aspect of the embodiment of the present invention provides a call processing method, the method includes: the first calling device acquires a signature key; the first calling device acquires the data to be displayed of the first user, and the first A user calls a second calling device through the first calling device, and the data to be displayed includes information corresponding to the first user and/or information corresponding to an enterprise to which the first user belongs; the first The calling device signs the data to be displayed by using the signature key to obtain first verification signature information; the first calling device passes through the media channel between the first calling device and the second calling device, Sending the data to be displayed and the first verification signature information to the second calling device, where the first verification signature information is used to verify the security of the data to be displayed.
  • the first calling device shown in this aspect may be the first terminal used by the first user, or the first calling device may be at least one device included in the calling operator's network, for example, the first calling device may be The calling media server, calling application server AS, calling service-call session control function S-CSCF, calling proxy-call session control function P-CSCF or calling interworking session border controller included in the calling operator network I-SBC.
  • the first verification signature information sent by the first calling device to the second calling device is obtained by signing the data to be displayed, and the second calling device receives the data to be displayed and the first verification signature information, the security of the data to be displayed can be verified according to the first verification signature information, and the second terminal used by the second user can display the data to be displayed during the calling process, so that The second user determines whether the displayed data to be displayed has been tampered with or leaked.
  • the data to be displayed is transmitted via the media channel between the first calling device and the second calling device, the amount of data transmitted by the data to be displayed is effectively increased.
  • the method further includes: The first calling device sends a first indication message to the second calling device, the first indicating message is used to indicate that the first calling device supports the capability of signing the data to be displayed; the first calling device receiving a second indication message from the second calling device, where the second indication message is used to indicate that the second calling device supports a capability of verifying the security of the data to be displayed.
  • the negotiation between the first calling device and the second calling device can be carried out through the first indication message and the second indicating message, and when the second calling device receives the first indication message, it is determined that the first If the calling device supports the ability to sign the data to be displayed, the second calling device can return a second indication message to the first calling device, and the second calling device determines according to the second indication message that the second calling device supports verification of the data to be displayed.
  • the first calling device can send the data to be displayed and the first verification signature information to the second calling device, so as to ensure that the second calling device can verify the data to be displayed according to the first verification signature information security.
  • the acquisition by the first calling device of the data to be displayed of the first user includes: the first calling device receiving a call request message, the call request message carrying the data to be displayed Display Data.
  • the first calling device is a device included in the calling operator's network
  • the first calling device can receive a call request message from the first terminal
  • the call request message carries the data to be displayed
  • the first calling device receives the call request message After calling the request message, the data to be displayed can be obtained.
  • the obtaining, by the first calling device, the data to be displayed of the first user includes: receiving, by the first calling device, a call request message; The data to be displayed corresponding to the call request message.
  • the first calling device is a device included in the calling operator's network, and the first calling device can pre-store the data to be displayed, and after receiving the call request message from the first terminal, the first calling device can obtain the The data to be displayed corresponding to the call request message.
  • the acquiring the signature key by the first calling device includes: the first calling device sending a call request message to the second calling device, and the calling request message is Obtaining the signature key upon request; the first calling device receives a master key and a master salt key from the second calling device, and the master key and the master salt key are used for secure real-time transmission Protocol SRTP: the first calling device generates the signature key according to the master key and the master salt key.
  • the first calling device requests the second calling device to obtain the master key and the master salt key through the call request message, and the first calling device can derive the master key and the master salt key based on the secure real-time transport protocol SRTP
  • the first calling device shown in this aspect can obtain the signature key based on the secure real-time transport protocol SRTP, so as to implement the signature of the data to be displayed.
  • the first calling device receiving the master key and the master salt key from the second calling device includes: the first calling device receiving the master key and the master salt key from the second calling device
  • the signature information of the second calling device, the signature information includes the master key and the master salt key signed by the public key; the first calling device verifies the signature information through the private key to obtain the master key key and the master salt key.
  • the signature information received by the first calling device includes the master key and the master salt key signed by the public key, effectively avoiding the master key and the master salt key. If the master salt key is leaked or tampered with, the security of the data to be displayed is improved.
  • the information corresponding to the first user includes at least one of the following items: the name of the first user, the job number of the first user, the The avatar of the first user, the position information of the first user, the audio and video files related to the first user, or the information of the association to which the first user belongs;
  • the information corresponding to the enterprise to which the first user belongs includes at least one of the following: the name of the enterprise, the trademark of the enterprise, audio and video files related to the enterprise, or the name of the association to which the enterprise belongs. information.
  • the second aspect of the embodiment of the present invention provides a call processing method, the method includes: the second calling device receives the data to be displayed and the first verification signature information from the first calling device, and the first verification signature information is Sign the data to be displayed by using a signature key, and transmit the data to be displayed and the first verification signature information through a media channel between the first calling device and the second calling device, so
  • the data to be displayed includes information corresponding to the first user and/or information corresponding to the enterprise to which the first user belongs;
  • the second calling device signs the data to be displayed by using the signature key to obtain second verification signature information; if the second calling device determines that the first verification signature information is the same as the second verification signature information, determine that the data to be displayed has passed the security verification, and make the data to be displayed show.
  • the second calling device shown in this aspect may be the second terminal used by the second user, or the second calling device may be at least one device included in the network of the called operator, for example, the second calling device may be The called media server, called application server AS, called service-call session control function S-CSCF, called proxy-call session control function P-CSCF or called interworking session border controller included in the called operator network I-SBC.
  • the called media server called application server AS, called service-call session control function S-CSCF, called proxy-call session control function P-CSCF or called interworking session border controller included in the called operator network I-SBC.
  • the method further includes: the second calling device receiving a first indication message from the first calling device, where the first indication message is used to indicate that the first calling device supports the capability of signing the data to be displayed; A calling device sends a second indication message, where the second indication message is used to indicate that the second calling device supports a capability of verifying the security of the data to be displayed.
  • the method further includes: the second calling device sending the data to be displayed to a second terminal, the second terminal is a terminal used by a second user, and the second terminal is used to display the Data to be displayed.
  • the second calling device is a second terminal, and the second terminal is a terminal used by a second user, and if the second calling device determines that the The first verification signature information is the same as the second verification signature information, and after it is determined that the data to be displayed passes the security verification, the method further includes: displaying the data to be displayed by the second calling device.
  • the method further includes: the second calling device sending a notification message to the second terminal, where the notification message is used to indicate that the data to be displayed has passed the security verification.
  • the second calling device determines that the data to be displayed has passed the security verification, it sends notification information indicating that the data to be displayed has passed the security verification to the second terminal, and the second terminal can display the data after receiving the notification information.
  • the notification information is used to indicate that the data to be displayed has passed the security verification, so as to ensure that the second user determines that the displayed data to be displayed is safe according to the notification information displayed by the second terminal.
  • the method further includes: the second calling device receiving a call request message from the first call device, where the call request message is used to request to acquire the signature key; the second call device sends a master key to the first call device according to the call request message key and a master salt key, the master key and the master salt key are used for secure real-time transport protocol SRTP, and the master key and the master salt key are used to generate the verification signature.
  • the sending, by the second calling device, the master key and the master salt key to the first calling device according to the call request message includes: the second calling device signing the master key and the master salt key with a public key to obtain signature information; the second calling device sends the signature information to the first calling device.
  • the method further includes: the second calling device receiving a call request message from the first call device; sending the signature key to the first call device by the second call device according to the call request message.
  • the information corresponding to the first user includes at least one of the following items: the name of the first user, the job number of the first user, the The avatar of the first user, the position information of the first user, the audio and video files related to the first user, or the information of the association to which the first user belongs;
  • the information corresponding to the enterprise to which the first user belongs includes at least one of the following: the name of the enterprise, the trademark of the enterprise, audio and video files related to the enterprise, or information about the association to which the enterprise belongs .
  • the third aspect of the embodiment of the present invention provides a calling device, including: a first acquisition module, configured to acquire a signature key; a second acquisition module, configured to acquire data to be displayed of a first user, the first user being The user corresponding to the calling device, the data to be displayed includes information corresponding to the first user and/or information corresponding to the enterprise to which the first user belongs; a signature module, configured to The key signs the data to be displayed to obtain the first verification signature information; the sending module is configured to send the to-be-displayed data to the other calling device through the media channel between the calling device and another calling device data and the first verification signature information, where the first verification signature information is used to verify the security of the data to be displayed.
  • the sending module is further configured to send a first indication message to the other calling device, where the first indication message is used to indicate that the calling device supports The ability of the data signature to be displayed;
  • the calling device further includes a receiving module, the receiving module is used to receive a second indication message from the other calling device, and the second indication message is used to indicate that the other A calling device supports the ability to verify the security of said data to be displayed.
  • the second acquiring module is specifically configured to receive a call request message, where the call request message carries the data to be displayed.
  • the second acquiring module is specifically configured to receive a call request message; and acquire the data to be displayed corresponding to the call request message.
  • the first obtaining module is specifically configured to send a call request message to the other calling device, where the call request message is used to request to obtain the signature key ; Receive a master key and a master salt key from the other calling device, the master key and the master salt key are used for the secure real-time transport protocol SRTP; according to the master key and the master salt key to generate the signing key.
  • the first obtaining module is specifically configured to receive signature information from the other calling device, where the signature information includes the master secret signed by a public key key and the master salt key; verifying the signature information with a private key to obtain the master key and the master salt key.
  • the information corresponding to the first user includes at least one of the following items:
  • the name of the first user The name of the first user, the job number of the first user, the avatar of the first user, the position information of the first user, the audio and video files related to the first user, or the first user Information about the associations to which the user belongs;
  • the information corresponding to the enterprise to which the first user belongs includes at least one of the following items:
  • the name of the enterprise the trademark of the enterprise, the audio and video files related to the enterprise, or the information of the association to which the enterprise belongs.
  • the fourth aspect of the embodiment of the present invention provides a calling device, including: a receiving module, configured to receive data to be displayed and first verification signature information from another calling device, and the first verification signature information is a signature key Signing the data to be displayed to obtain, the data to be displayed and the first verified signature information are transmitted through the media channel between the other calling device and the calling device, the data to be displayed includes the information related to the first Information corresponding to the user and/or information corresponding to the enterprise to which the first user belongs, the first user is a user corresponding to the other calling device; a signature module, configured to use the signature key to pair the The data to be displayed is signed to obtain the second verification signature information; the verification module is used to determine that the data to be displayed has passed the security verification if it is determined that the first verification signature information is the same as the second verification signature information, so that The data to be displayed is displayed.
  • a receiving module configured to receive data to be displayed and first verification signature information from another calling device, and the first verification signature information is a signature key Signing the data to
  • the receiving module is further configured to receive a first indication message from the other calling device, where the first indication message is used to indicate that the other calling device The device supports the ability to sign the data to be displayed; and sends a second indication message to the other calling device, where the second indication message is used to indicate that the calling device supports the ability to verify the security of the data to be displayed.
  • the calling device further includes a sending module, configured to send the data to be displayed to a second terminal, where the second terminal is a terminal used by a second user, The second terminal is used to display the data to be displayed.
  • the calling device is a second terminal, the second terminal is a terminal used by a second user, and the calling device further includes a display module, and the display module Used to display the data to be displayed.
  • the sending module is further configured to send a notification message to the second terminal, where the notification message is used to indicate that the data to be displayed passes security verification.
  • the receiving module is further configured to receive a call request message from the other calling device, where the call request message is used to request to obtain the signature key;
  • the sending module is further configured to send a master key and a master salt key to the other calling device according to the call request message, the master key and the master salt key are used for secure real-time transport protocol SRTP , the master key and the master salt key are used to generate the verification signature.
  • the sending module is specifically configured to: use a public key to sign the master key and the master salt key to obtain signature information; The device sends the signature information.
  • the receiving module is further configured to receive a call request message from the other calling device; the sending module is further configured to send the call request message to the The other calling device sends the signing key.
  • the fifth aspect of the embodiment of the present invention provides a calling device, including a processor and a memory coupled to each other, where computer program codes are stored in the memory, and the processor invokes and executes the computer program codes in the memory, so that The calling device executes the method described in any one of the above first aspects.
  • the sixth aspect of the embodiment of the present invention provides a calling device, including a processor and a memory coupled to each other, where computer program codes are stored in the memory, and the processor invokes and executes the computer program codes in the memory, so that The calling device executes the method described in any one of the above second aspects.
  • the seventh aspect of the embodiments of the present invention provides a computer-readable storage medium, the storage medium stores a computer program, the computer program includes program instructions, and when the program instructions are executed by a processor, the processor executes The method as described in any one of the first aspect to the second aspect above.
  • the eighth aspect of the embodiment of the present invention provides a communication system, including a first terminal, the calling device shown in the fifth aspect above, the calling device shown in the sixth aspect above, and a second terminal, the first terminal It is a terminal used by the first user, the calling device shown in the fifth aspect is a device included in the calling operator's network, and the calling device shown in the sixth aspect is a device included in the called operator's network, so The second terminal is a terminal used by a second user, and the first user calls the second user.
  • the ninth aspect of the embodiment of the present invention provides a communication system, including the calling device shown in the fifth aspect above, the calling operator network, the called operator network, and the calling device shown in the sixth aspect above, such as
  • the calling device shown in the fifth aspect above is the device used by the first user
  • the calling device shown in the sixth aspect above is the device used by the second user.
  • Fig. 1 is a structural example diagram of an embodiment of the calling communication system provided by the present application.
  • Fig. 2 is a flow chart of steps of an embodiment of the process of performing registration by the calling communication system provided by the present application;
  • Fig. 3 is a flow chart of the steps of an embodiment in which the calling communication system provided by the present application executes a call
  • FIG. 4 is a flow chart of steps in another embodiment of the calling communication system provided by the present application for performing a call
  • FIG. 5 is a flow chart of steps in another embodiment of the calling communication system provided by the present application for performing a call
  • FIG. 6 is a flow chart of steps in another embodiment of the calling communication system provided by the present application for performing a call
  • FIG. 7 is a flow chart of steps in another embodiment of the calling communication system provided by the present application for performing a call
  • FIG. 8 is a structural example diagram of an embodiment of the first calling device provided by the present application.
  • FIG. 9 is a structural example diagram of an embodiment of a second calling device provided by the present application.
  • Fig. 10 is a structural example diagram of an embodiment of a calling device provided in the present application.
  • the present application provides a method for call processing.
  • the structure of the calling communication system to which the method shown in the present application is applied is firstly described below in conjunction with FIG. 1 :
  • the first user can implement a call to the second user based on the calling communication system.
  • FIG. 1 is a structural example diagram of an embodiment of a calling communication system provided by the present application.
  • the calling communication system shown in this embodiment includes an operator management device 111, a calling operator network 120, and an enterprise network 130 connected in sequence.
  • This embodiment does not limit the specific network type of the calling operator network 120, for example , the network type of the calling operator network 120 is IMS, third generation partnership project (3rd generation partnership project, 3GPP) or China Communications Standards Association (china communications standards association, CCSA), and any network architecture that will appear in the future.
  • the calling operator network 120 is an IMS as an example.
  • Each device included in the calling operator network 120 will be described below. It should be clear that the description of each device type in this embodiment is optional and exemplary, and is not limited. The devices shown in this embodiment are also It can be called a network element.
  • the calling operator network 120 shown in this embodiment includes a network authentication server 121, and the network authentication server shown in this embodiment can also be called a third party account management (thirdparty account management, TAM) device.
  • TAM third party account management
  • the calling operator network 120 includes a calling media server 122, and the calling media server 122 can integrate a multimedia resource function processor (multimedia resource function processor, MRFP) and a multimedia resource function controller (multimedia resource function controller, MRFC).
  • the calling operator network 120 also includes a calling application server (application server, AS) 123 and a calling service-call session control function (serving-call session control function, S-CSCF) 124, and the calling S-CSCF 124 also integrates Interrogating-call session control function (interrogating-call session control function, I-CSCF).
  • the network authentication server 121 is respectively connected with the calling media server 122, the calling AS 123 and the calling S-CSCF 124, the calling media server 122 is connected with the calling AS 123, and the calling AS 123 is connected with the calling S-CSCF 124.
  • the calling S-CSCF 124 is respectively connected to the calling proxy-call session control function (proxy-call session control function, P-CSCF) and the calling interworking session border controller (interconnect-session border controller, I-SBC) 125, wherein, The calling P-CSCF126 also integrates an access-session border controller (A-SBC).
  • proxy-call session control function proxy-call session control function
  • I-SBC interworking session border controller
  • the structure of the enterprise network 130 shown in this embodiment will be described below. It should be noted that the description of the enterprise network 130 in this embodiment is an optional example and is not limited.
  • the enterprise network 130 specifically includes an enterprise authentication server 131 , an enterprise access proxy device 132 and a first terminal 133 .
  • the enterprise authentication server 131 is connected to the network authentication server 121 , the enterprise access proxy device 132 and the first terminal 133 respectively.
  • the enterprise access proxy device 132 is connected to the calling I-SBC 125 or the calling P-CSCF, and the first terminal 133 is connected to the calling P-CSCF 126 .
  • the enterprise access proxy device 132 may also be an enterprise voice relay device.
  • the first terminal 133 used by the first user may be any device in a smart terminal or a computer.
  • the first terminal has a built-in IMS software development kit (software development kit, SDK), so as to realize the call processing flow shown in this application.
  • the terminal when the first user calls the second user, he can send the calling card to the second user, and the second user (also called the called user) uses the second card.
  • the terminal When the terminal is ringing, it can display the calling card.
  • the calling card includes data to be displayed after being typesetting according to a preset typesetting method, and the data to be displayed includes at least one of the following items:
  • the information corresponding to the first user or the information corresponding to the enterprise to which the first user belongs.
  • the information corresponding to the first user may include one or more of the following items:
  • the name of the first user The name of the first user, the job number of the first user, the avatar of the first user, the position information of the first user, the audio and video files related to the first user or the information of the association to which the first user belongs, etc., wherein the first user
  • the name of a user may be the name of the first user, or may be a nickname of the first user, etc., which are not specifically limited in this embodiment.
  • the information corresponding to the enterprise to which the first user belongs may include one or more of the following:
  • Company name company trademark (LOGO)
  • pictures related to the company pictures related to the company, audio and video files related to the company, or information about the association to which the company belongs.
  • the information of the association may be the name of the association, the LOGO of the association, related pictures of the association, audio and video files related to the association, and the like.
  • This application does not limit the specific content of the data to be displayed included in the calling card and the specific typesetting method of the data to be displayed. This application can ensure that the calling card sent to the second user is safe during the process of the first user calling the second user, and can also effectively avoid the possibility that the calling card is tampered with or counterfeited, and prevent the second user from receiving Insecure data.
  • the registration processing flow is executed first, and based on the registration processing flow, the data to be displayed is sent to the calling operator network, and the calling operator The merchant network generates a calling card based on the data to be displayed from the first user.
  • the calling operator network has successfully obtained the calling card, and when the subsequent calling operator network calls the second user, the calling operator network does not need to obtain the calling card during the call process, but directly The calling card obtained in the registration phase is sent to the second user, which saves the amount of information exchanged between the calling operator network and the enterprise authentication server during the call process, shortens the call connection delay, and improves call efficiency. See Figure 2 for details.
  • Fig. 2 is a flow chart of an embodiment of the registration process of the calling communication system provided by the present application.
  • Step 201 the first terminal sends a login request to the enterprise authentication server.
  • the first terminal sends a login request to the enterprise authentication server as an example for illustration.
  • the enterprise access proxy device may also send the login request to the enterprise authentication server, which is not limited.
  • the first terminal can run an enterprise application program (APP), and the first terminal can implement the process performed by the first terminal in the call processing method shown in this application through the enterprise APP.
  • APP enterprise application program
  • the first terminal may send the login request to the enterprise authentication server, where the login request includes the first user identifier of the first user.
  • the first user identifier (also referred to as UserID) shown in this embodiment may be the email address of the first user, for example, zhangsan@xxx.com.
  • the first user ID shown in this embodiment is different from the existing E.164 number. It can be seen that the first user ID is a heterogeneous ID for the calling operator network.
  • the first user ID shown in this application is When the second user makes a call, what is used is not the E.164 number, but the first user identifier (that is, the email address of the first user) provided by this embodiment as a heterogeneous identifier.
  • Step 202 the first terminal receives the registration authentication identifier from the enterprise authentication server.
  • the enterprise authentication server shown in this embodiment can assign a registration authentication ID to the first user ID, and the registration authentication ID is used to register to the calling operator network.
  • This embodiment does not limit the registration authentication identifier, and this embodiment takes the registration authentication identifier as a token (token) as an example for illustration.
  • Step 203 the first terminal sends a registration request to the calling S-CSCF.
  • the registration request includes the first user identifier of the first user and the registration authentication identifier.
  • the registration request shown in this embodiment is a session initiation protocol (session initiation protocol, SIP) registration (REGISTER) message, and the registration request needs to carry the first user identifier of the first user and the registration authentication identifier.
  • SIP session initiation protocol
  • REGISTER session initiation protocol
  • the token shown in this embodiment can use an encoding format based on 64 printable characters to represent binary data (Base64).
  • the token can be carried through the Authorization header field and extended authentication methods (such as Bearer), such as message
  • the format can be: Authorization:Bearer ⁇ Base64( ⁇ token>)>.
  • the SIP REGISTER message may specifically be as follows:
  • the first terminal 133 sends the registration request to the calling P-CSCF 126, and the calling P-CSCF forwards the registration request to the calling S-CSCF 124, wherein the calling P-CSCF follows the SIP user registration
  • the standard procedure (see 3GPP TS 24.229) processes the SIP REGISTER message and forwards it to the calling S-CSCF.
  • Step 204 the calling S-CSCF sends the first user ID and the registration authentication ID to the network authentication server.
  • the calling S-CSCF judges that the registration request uses the Bearer authentication mode, it sends the first user ID and the registration authentication ID to the network authentication server to request the network authentication server to use the registration authentication ID to authenticate the first user .
  • Step 205 the network authentication server sends an authentication request to the enterprise authentication server.
  • the network authentication server shown in this embodiment receives the first user identifier, it can determine the corresponding enterprise authentication server according to the first user identifier.
  • the first user ID shown in this embodiment is the user's email address (for example, zhangsan@xxx.com), and then the network authentication server can obtain the enterprise domain name (for example, xxx.com) from the first user ID. com). The network authentication server can query the address of the enterprise authentication server according to the enterprise domain name.
  • the network authentication server shown in this step determines the corresponding
  • the enterprise authentication server restores the escaped first user ID (zhangsan%40xxx.com) to obtain the restored first user ID (zhangsan@xxx.com) .
  • the network authentication server can query the address of the corresponding enterprise authentication server according to the restored and escaped first user ID.
  • the authentication request sent by the network authentication server to the enterprise authentication server shown in this embodiment includes a registration authentication identifier.
  • the authentication request may be sent through a hypertext transfer protocol over securesocket layer (HTTPS).
  • HTTPS securesocket layer
  • Step 206 the enterprise authentication server judges whether the registration authentication identifier is valid, if not, execute step 207, and if yes, execute step 208.
  • the registration authentication identification shown in this embodiment is token, and then the enterprise authentication server can judge whether the token is within the validity period.
  • the validity period can be an absolute validity period.
  • the moment is A2, and the moment A1 and the moment A2 can be any two different moments. If the enterprise authentication server determines that the token is within the validity period, the enterprise authentication server determines that the token is valid; if the enterprise authentication server determines that the token is outside the validity period, the enterprise authentication server determines that the token is invalid.
  • the validity period can be the remaining valid time. It can be seen that if the remaining valid time corresponding to the registration authentication identifier has remaining time, the enterprise authentication server judges that the token is valid. If the remaining valid duration corresponding to the registration authentication identifier is no longer In the remaining time, the enterprise authentication server judges that the token is invalid.
  • Step 207 the enterprise authentication server sends an invalidation notification of the authentication identifier to the network authentication server.
  • the enterprise authentication server shown in this embodiment sends the authentication token invalidation notification to the network authentication server, and the authentication token invalidation notification is used to indicate that the registered authentication token (token) is invalid.
  • the network authentication server receives the notification that the authentication identifier is invalid, it will no longer execute the procedures related to the registration of the first user.
  • Step 208 the enterprise authentication server sends an authentication success indication to the network authentication server.
  • the authentication success indication shown in this embodiment includes a valid authentication token notification, and the valid authentication token notification is used to indicate that the registered authentication token (token) is valid.
  • the authentication success indication shown in this embodiment also includes a second user identifier.
  • the enterprise authentication server pre-creates the corresponding relationship between different user identifiers and different authentication identifiers, and the enterprise authentication server determines the registration authentication If the identifier is valid, the enterprise authentication server can send the second user identifier corresponding to the valid registration authentication identifier to the network authentication server.
  • the authentication success indication shown in this embodiment may include at least one of the following:
  • Step 209 the network authentication server sends the data to be displayed to the calling application server.
  • the network authentication server when the network authentication server determines that the first user has passed the authentication, the network authentication server can send the acquired data to be displayed to the calling application server.
  • the data to be displayed includes information corresponding to the first user and/or information corresponding to the enterprise to which the first user belongs.
  • information corresponding to the first user includes information corresponding to the enterprise to which the first user belongs.
  • FIG. 1 For specific description, please refer to the relevant description in FIG. 1 , and details are not repeated here.
  • the way for the network authentication server to obtain the data to be displayed may be that, when the enterprise authentication server determines that the registered authentication identifier is valid, the enterprise authentication server sends the data to be displayed to the network authentication server.
  • the network authentication server acquires the data to be displayed during the account opening stage of the enterprise.
  • the network authentication server obtains a part of the data to be displayed (such as information related to the first user) from the enterprise authentication server, and the network authentication server obtains another part of the data to be displayed (such as information related to the first user) during the account opening stage of the enterprise. information related to the enterprise), etc., which are not limited in this embodiment.
  • the network authentication server is responsible for authenticating the first user. Specifically, there are two conditions for the network authentication server to determine that the authentication is passed. One condition is that a valid notification of the authentication identifier has been received. Another condition is that the network authentication server determines that the first user ID and the second user ID are the same.
  • the enterprise authentication server is responsible for authenticating the first user, and the enterprise authentication server notifies the network authentication server of the authentication result.
  • the authentication request sent by the network authentication server to the enterprise authentication server includes all The first user ID
  • the enterprise authentication server sends a registration authentication success indication to the network authentication server after judging that the registration authentication ID is valid and the first user ID is the same as the second user ID
  • the network authentication server determines that the first user passes the authentication according to the registration authentication success indication.
  • Step 210 the calling application server obtains the calling card.
  • the calling application server is used to obtain the calling card as an example for illustration.
  • the device used to obtain the calling card may be any device included in the network of the calling operator.
  • the calling application server shown in this embodiment can receive the data to be displayed from the network authentication server, and the calling application server can format the data to be displayed according to the typesetting method of the calling card to obtain the calling card.
  • the typesetting method of the calling card can be sent to the network authentication server during the account opening stage of the enterprise, and for another example, the typesetting method of the calling card can be sent to the calling application server by the network authentication server in the process of step 209, That is, when the network authentication server determines that the first user has passed the authentication, the network authentication server can send the layout of the calling card to the calling application server.
  • the typesetting method of the call card refers to the display method and display position of the information corresponding to the first user and/or the information corresponding to the enterprise to which the first user belongs in the generated call card.
  • the name of the first user For example, the name of the first user, the job number of the first user, the avatar of the first user, the position information of the first user, the audio and video files related to the first user, the information of the association to which the first user belongs, the name of the company, The display method and display position of the enterprise logo, enterprise-related pictures, enterprise-related audio and video files, and association information to which the enterprise belongs, etc., in the calling card.
  • This method takes the calling card stored in the calling application server as an example for illustration.
  • the calling application server After the calling application server obtains the calling card, the calling application server sends the generated calling card to the file server for storage. , and record the storage address of the calling card locally.
  • the network authentication server forwards the data to be displayed and the layout of the calling card to the calling media server 122 .
  • the calling media server 122 typesets the data to be displayed according to the typesetting method of the calling card to obtain the calling card.
  • the calling media server 122 sends the generated calling card to the file server for storage, and sends the storage address of the calling card to the calling application server.
  • the network authentication server acquires the data to be displayed and the typesetting method of the calling card
  • the network authentication server typesets the data to be displayed according to the typesetting method of the calling card to generate the calling card. Then, the network authentication server sends the calling card to the calling application server.
  • the way for the network authentication server to send the calling card to the calling application server may be that the network authenticating server stores the calling card in a file server, and the network authentication server sends the storage address of the calling card to the calling application server, The calling application server can download the calling card from the file server according to the address.
  • the registration processing flow is executed first. Based on the registration processing flow, the calling application server can successfully obtain the calling card, so that When the first user subsequently calls the second user, the calling application server can send the calling card to the second user without performing the step of generating the calling card during the calling process, which shortens the call processing delay and improves the call efficiency. Efficiency, so that when the first user calls the second user, the calling card can be displayed on the second terminal.
  • the process of authenticating the first user by the enterprise represented by the trust security alliance is realized.
  • a trust security alliance can be created as shown in this application.
  • the trust security alliance refers to the calling operator network authentication enterprise, enterprise authentication
  • the first user (it can be understood that the first user is an employee of the enterprise), it can be seen that if the enterprise is authenticated by the calling operator network and the first user is authenticated by the enterprise, then the calling operator network can be trusted Data from the enterprise, the enterprise can trust the data from the first user, and the calling operator network can construct a trusted calling card based on the trusted data from the enterprise, thus ensuring that the calling operator network sends the second user The credibility of the calling card.
  • the enterprise authenticates the first user, wherein the third-party network may be a network leased by the enterprise for performing call-related services, for example, the third-party network may be a software-as-a-service (software-as-a-service) SaaS) platform.
  • the third-party network is authenticated by the calling operator network, the enterprise is authenticated by the third-party network, and the first user is authenticated by the enterprise, then the calling operator network can trust the data from the third-party network.
  • the third-party network can trust the data from the enterprise, the enterprise can trust the data from the first user, and the calling operator network can construct a trusted calling card based on the trusted data from the third-party network, thus ensuring that the calling operator Authenticity of the calling card sent by the network to the second user.
  • the network authentication server trusts the data (such as part or all of the data to be displayed) from the enterprise authentication server, so, it is not necessary for the first user to When the calling operator network opens an account, you can use the service provided by the calling operator network to call the second user. It can be seen that the method shown in this embodiment enables the first user to call the second user without opening an account.
  • the call of two users solves the problem of enterprise employees (that is, the first user) opening an account existing in the enterprise renting the network of the calling operator, thereby avoiding the slow login of the first user caused by the first user opening an account in the network of the calling operator.
  • This embodiment describes how the first user uses the first terminal to implement a call to the second terminal when the first user has registered with the calling operator's network based on the method shown in FIG. 2 . See Figure 3 for details.
  • FIG. 3 is a flow chart of an embodiment of the calling communication system provided by the present application for executing a call.
  • Step 301 the first terminal sends a first call request message to the first calling device.
  • the first calling device shown in this embodiment is used to verify the calling side of the first call request message, and the first calling device can trigger the first user to verify the second User's call.
  • the first calling device shown in this embodiment is the calling S-CSCF included in the calling operator's network as an example for illustration. In other examples, the first calling device may be the calling S-CSCF included in the calling operator's network. Any one of the devices, or the function performed by the first calling device may be performed by at least two devices included in the calling operator's network, which is not specifically limited in this embodiment.
  • the first call request message is a SIP INVITE message, and the first call request message is transmitted based on the control plane, wherein the first call request message is transmitted based on the control plane, and the first call request message is a signal transmitted through the SIP protocol order flow.
  • the SIP INVITE message includes the first user ID and call authentication ID of the first user.
  • the first user ID and call authentication ID please refer to the user ID and call authentication ID of the first user shown in Embodiment 1. Instructions for registering the authentication logo, details are not repeated here.
  • the first terminal sends the SIP INVITE message to the calling P-CSCF, and the calling P-CSCF forwards the SIP INVITE message to the calling S -CSCF.
  • the first user ID UserID shown in this embodiment takes zhangsan@xxx.com as an example.
  • the SIP user ID carries the first user ID.
  • the SIP user ID can be zhangsan@xxx.com@2b.ims. ⁇ operator >.com, wherein 2b.ims. ⁇ operator>.com is a uniformly defined fixed domain name for the calling operator network to access the calling operator network based on the heterogeneous identifier (ie, the first user identifier).
  • the first terminal can escape the "@" in the UserID (such as zhangsan@xxx.com).
  • the specific rules for escape in this embodiment The description in is an optional example without limitation. For example, the first terminal escapes the "@" in the UserID to "%40".
  • the token shown in this embodiment can use an encoding format based on 64 printable characters to represent binary data (Base64).
  • the token can be carried through the Authorization header field and extended authentication methods (such as Bearer), such as message
  • the format can be: Authorization:Bearer ⁇ Base64( ⁇ token>)>.
  • Step 302 the first calling device judges whether the call authentication identifier satisfies a preset condition, if not, execute step 303, and if yes, execute step 304.
  • the first calling device is the calling S-CSCF included in the calling operator network as an example for illustration. In other examples, other S-CSCF included in the calling operator network may also be used. Any device executes step 302 shown in this embodiment. For the description of the execution subject, please refer to the above step 301, and details are not repeated here.
  • the preset condition shown in this embodiment is that the call authentication identifier is the same as the target authentication identifier, and the target authentication identifier is valid. It can be seen that the call authentication identifier meets the preset condition when the calling S-CSCF judges In the case of , the calling S-CSCF can determine that the first call request message has passed the verification of the calling side.
  • the target authentication identifier is the registration authentication identifier cached by the calling S-CSCF in the registration phase shown in the first embodiment.
  • the calling S-CSCF judges that the call authentication identifier is the same as the target authentication identifier, and the target authentication identifier is valid, it is determined that the call authentication identifier satisfies the preset condition.
  • Step 303 the first calling device rejects the call requested by the first call request message.
  • step 302 For the description of the first calling device performing step 303, please refer to step 302, and details are not repeated here.
  • the calling S-CSCF rejects the call requested by the first call request message, the first user cannot call the second user based on the first call request message.
  • Step 304 the first calling device sends a first call request message to the second calling device.
  • the first calling device shown in this embodiment can process the first call request message after determining that the first call request message has been verified by the calling side, and send the processed first call request message to the second call request message.
  • the calling device, the second calling device is any device included in the called operator network or the second calling device may be implemented by at least two devices included in the called operator network, which is not specifically limited.
  • the first calling device that executes step 304 shown in this embodiment may be any device such as the calling S-CSCF included in the calling operator's network. For the description of the execution subject, please refer to the above steps. repeat.
  • step 303 the calling S-CSCF as the first calling device has determined that the first call request message has been verified by the calling side, and the calling S-CSCF processes the first call request message, and the calling S-CSCF - The CSCF may send the processed first call request message to the second calling device.
  • the calling S-CSCF processes the first call request message and the specific process is as follows:
  • the calling S-CSCF can obtain the private key from a secure key store (secure key store, SKS).
  • SKS secure key store
  • the calling S-CSCF obtains the call data of the first call request message, and signs the call data based on the private key to obtain the first signature information, wherein the call data may include the identifier of the first user, the identifier of the second user, Internet protocol (internet protocol, IP) address, port number, etc. of the first terminal, the call data is used to create a media channel between the first calling device and the second calling device.
  • the calling S-CSCF shown in this embodiment may set the first signature information in the header message of the first call request message.
  • creating a media channel between the first calling device and the second calling device refers to that the first calling device sends the first terminal's Internet interaction information for creating the media channel to the second calling device through the first call request message. Even the protocol (internet protocol, IP) address and port number.
  • IP Internet protocol
  • the second calling device returns to the first calling device the IP address and port number of the second terminal used to create the media channel, based on the IP address and port number of the first terminal, and the second terminal's
  • the IP address and port number can create a media channel between the first calling device and the second calling device, that is, one end of the media channel is the IP address and port number of the first calling device, and the other end of the media channel is the second calling device.
  • the IP address and port number of the device are used to implement the transmission of media plane information between the first calling device and the second calling device based on the media channel.
  • the media plane information refers to a message encapsulated by a media plane protocol
  • the media plane protocol may be a secure real-time transport protocol (secure real-time transport protocol, SRTP) or a real-time transport protocol (real-time transport protocol, RTP), etc. .
  • the calling S-CSCF shown in this embodiment can also set a first indication message in the first call request message, the first indication message is used to request a signature key, and the signature key is used to sign the calling card key.
  • the first indication message in this embodiment may also be used to indicate that the first calling device supports the ability to sign a calling card.
  • the first indication message shown in this embodiment may be "Supported: early-media-authentication-with-shaken".
  • the second calling device receives the first indication message, it can be determined according to the first indication message that the first calling device requests a signature key from the second calling device, and that the first calling device supports signing of the calling card. ability.
  • the first call request message shown in this embodiment also includes authentication level information
  • the calling S-CSCF shown in this embodiment pre-creates the correspondence between the identity of the first user and the authentication level information.
  • the S-CSCF receives the identity of the first user, it can determine the corresponding authentication level information.
  • the authentication level information may include level A level information, level B level information and level C level information, wherein level A level information, level B level information and level C level information indicate that the credibility of the first user decreases in turn.
  • the calling S-CSCF sets the destination IP address of the first call request message as the IP address of the second calling device, sets the destination port number of the first call request message as the port number of the second calling device, The calling S-CSCF sends the first call request message to the second calling device according to the destination IP address and destination port number carried in the first call request message, so that the first calling device sends the first call request message to the second calling device the goal of.
  • Step 305 the second calling device sends the first call request message to the second terminal.
  • the second calling device After the second calling device determines that the first call request message has been verified by the called side, it sends the first call request message verified by the called side to the second terminal.
  • the second calling device shown in this embodiment may be any device included in the called operator's network, for example, the second calling device may be the called S-CSCF or the called application included in the called operator's network.
  • the second calling device may be the called S-CSCF or the called application included in the called operator's network.
  • the server or the called P-CSCF for the description of the structure of the called operator's network, refer to the description of the structure of the calling operator's network shown in FIG. 1 , and details will not be repeated.
  • the second calling device is the called S-CSCF as an example for illustration, and the process of the called S-CSCF implementing the verification of the called side of the first call request message is described below:
  • the called S-CSCF After the called S-CSCF receives the first call request message, the called S-CSCF performs signature verification on the first signature information included in the first call request message according to the obtained public key, the public key is passed through the certificate center ( certificate authority, CA) certified public key.
  • certificate center certificate authority, CA
  • the called S-CSCF determines that the first signature information has passed the signature verification. If the called S-CSCF determines that the first signature information has passed the signature verification, the called S-CSCF determines that the first call request message has passed the verification of the called side. After the called S-CSCF determines that the first signature information passes the signature verification, it indicates that the call data is untampered and complete data.
  • the called S-CSCF After the called S-CSCF determines that the first call request message has been verified by the called side, the called S-CSCF sends the first call request message to the second terminal through the called P-CSCF.
  • the called S-CSCF sets the IP address of the first call request message as the IP address of the called P-CSCF, and then sets the destination port number as the port number of the called P-CSCF, and the called S-CSCF according to The destination IP address and destination port number carried in the first call request message send the first call request message to the called P-CSCF.
  • the first call request message carries the identity of the second terminal, and the called P-CSCF acquires the IP address and port number of the corresponding second terminal according to the identity of the second terminal, and the called P-CSCF sends the destination of the first call request message
  • the IP address is set as the IP address of the second terminal, and then the destination port number of the first call request message is changed to the port number of the second terminal, and the called P-CSCF according to the destination IP address and destination port number carried in the first call request message port number, and send the first call request message to the second terminal.
  • Step 306 the second terminal sends a 180 ringing message to the second calling device.
  • the second terminal When the second terminal has successfully received the first call request message, the second terminal can ring according to the first call request message, and if the second terminal rings successfully, it can send 180 to the second calling device A ringing message is used to notify the second terminal that the ringing has occurred.
  • the second terminal may display the authentication level information. For example, if the first call request message carries Class A rating information, then the second terminal may display the Class A rating information while ringing.
  • the 180 ringing message shown in this embodiment also carries the IP address and port number of the second terminal, so as to realize the establishment of a media channel between the first calling device and the second calling device.
  • Step 307 the second calling device sends 180 a ringing message to the first calling device.
  • the second calling device shown in this embodiment may process the 180 ringing message after receiving the 180 ringing message, and forward the processed 180 ringing message to the first calling device.
  • the second calling device sets the master key (S-key) and the master salt key (S-salt) in the 180 ringing message.
  • the master key and the master salt key shown in this embodiment are keys required for SRTP.
  • the second calling device may acquire the master key and the master salt key when the second calling device receives the 180 ringing message as shown in step 307, or the second calling device may In the case of receiving the first call request message from the first calling device, the master key and the master salt key are obtained, which are not specifically limited in this embodiment.
  • the second calling device receives the Obtaining the master key and the master salt key in the case of the first call request message is taken as an example, and the process for the second calling device to obtain the master key and the master salt key is described below:
  • the second calling device determines that the first call request message carries the first indication message, and it can be known from step 304 that the first indication message is used to request a signature key.
  • the second calling device determines according to the first call request message that it needs to acquire the master key and the master salt key for SRTP.
  • the second calling device obtains the corresponding master key and master salt key based on the SRTP key management algorithm.
  • the second call device shown in this embodiment can encrypt the master key and master salt key based on the stored public key. Key to sign to obtain the second signature information.
  • the second calling device sets the second signature information in 180 ringing message.
  • the second calling device shown in this embodiment may also set a second indication message in the 180 ringing message, wherein the second indication message is used to indicate that the second calling device supports the ability to verify the security of the data to be displayed . It can be known that, after receiving the second indication message, the first calling device can send the signed calling card to the second calling device. Based on the negotiation between the first calling device and the second calling device, the purpose of the second terminal displaying the signature via the first calling device and verifying the signature on the calling card via the second calling device can be realized.
  • the second calling device shown in this embodiment may also set the address of the second calling device in the 180 ringing message, wherein the address of the second calling device includes the IP address and port number of the second calling device.
  • the second call device when the second call device receives the first call request message from the first call device, the second call device can obtain the IP address and port number of the first terminal carried in the first call request message .
  • the first calling device receives the 180 ringing message, the first calling device can obtain the IP address and port number of the second terminal, based on the IP address and port number of the first terminal, and the IP address of the second terminal and port number, a media channel between the first calling device and the second calling device can be created.
  • Step 308 the first calling device sends a 180 ringing message to the first terminal.
  • the first calling device After the first calling device receives the 180 ringing message, it can send the 180 ringing message to the first terminal.
  • the 180 ringing message shown in this embodiment can carry the identity of the first user, so as to ensure that the first calling device can obtain the IP address and port number of the first terminal based on the identity of the first user, so as to send the first terminal to the first terminal. 180 ringing message.
  • the first terminal determines that the second terminal has successfully received the first call request message according to the 180 ringing message, and the second terminal has ringing.
  • Step 309 the first calling device obtains the signature key.
  • the first calling device after receiving the 180 ringing message, extracts the second signature information from the 180 ringing message.
  • the first calling device performs signature verification on the second signature information based on the private key to obtain the master key and the master salt key carried in the second signature information.
  • the first calling device calculates the master key and the master salt key through a key derivation function to obtain a signature key.
  • Step 310 the first calling device sends an SRTP protocol message to the second calling device.
  • the first calling device shown in this embodiment is capable of obtaining a calling card.
  • a calling card for specific description, please refer to Embodiment 1, and details are not repeated here.
  • V represents the version number
  • P represents padding bits
  • X represents extension bits
  • CC represents the number of CSRC identifiers
  • M represents the flag used to indicate different payload meanings
  • PT represents the payload type.
  • the payload of the SRTP protocol message shown in this embodiment carries a calling card, and the first calling device signs the payload based on the signature key to obtain the first verification signature information, which is used as the identity verification shown in Table 1 Label (authentication tag).
  • the 180 ringing message shown above already carries the address of the second calling device, and the first calling device sends the SRTP protocol message to the second calling device according to the address of the second calling device. It can be seen that since the SRTP protocol message shown in this embodiment is a message transmitted based on the SRTP protocol, the SRTP protocol message is transmitted between the first calling device and the second calling device based on a media channel.
  • Step 311 the second calling device sends a calling card to the second terminal.
  • the second call device forwards the SRTP protocol message from the first call device to the second call device, and the second call device can obtain the IP address and port number of the second terminal from the SRTP protocol message, and the second call is based on the SRTP protocol
  • the IP address and port number of the second terminal carried in the message send the calling card to the second terminal.
  • Step 312 the second terminal displays the calling card.
  • the second terminal shown in this embodiment can display the calling card during the ringing process and if the second terminal supports the video call function.
  • Step 313 the second calling device judges whether the calling card has passed the security verification, if yes, execute step 314 , if not, execute step 315 .
  • the second calling device After the second calling device obtains the calling card from the SRTP protocol message, the second calling device judges whether the calling card passes the security verification, and how the second calling device judges whether the calling card passes the security verification is as follows. The process of sex verification is explained:
  • the second calling device uses the signature key to sign the calling card to obtain the second verification signature information, if the second calling device judges that the first verification signature information and the second verification signature information carried in the SRTP protocol message If they are the same, it is determined that the calling card has passed the security verification, and step 314 is executed. If the second calling device determines that the first verification signature information carried in the SRTP protocol message is different from the second verification signature information, it determines that the calling card has not passed the security verification, and then executes step 315 .
  • Step 314 the second calling device sends the first notification information to the second terminal.
  • the second calling device determines that the calling card has passed the security verification, it sends to the second terminal the first notification information indicating that the calling card has passed the security verification, and after the second terminal receives the first notification information, it can The first notification information is displayed to ensure that the second user determines that the displayed calling card is safe according to the first notification information displayed by the second terminal.
  • the type of the first notification information is not limited, and the type of the first notification information may be text information, voice information, or video information, etc., and is not specifically limited.
  • Step 315 the second calling device sends second notification information to the second terminal.
  • the second calling device determines that the calling card has not passed the security verification, it sends second notification information indicating that the calling card has not passed the security verification to the second terminal, and after the second terminal receives the second notification information, That is, the second notification information is displayed, so as to ensure that the second user determines that the displayed calling card is unsafe according to the second notification information displayed by the second terminal.
  • step 311 is executed first
  • step 313 is executed as an example for illustration, that is, the second calling device first sends the calling card to the second terminal, and then determines whether the calling card passes the security verification. It can be seen that the second terminal first displays the calling card, and then receives the first notification information or the second notification information from the second calling device, so as to determine whether the displayed calling card is safe.
  • step 313 can also be executed first, and then step 311 is executed, that is, the second calling device first judges whether the calling card has passed the security verification, and if the second calling device determines that the calling card has passed the security verification, then The calling card is sent to the second terminal. It can be seen that the calling card received by the second terminal in this example is safe.
  • the personal private information of the first user is prevented from being exposed at the calling operator network.
  • All the information included in the calling card displayed by the second terminal in this embodiment comes from the enterprise authentication server and/or the network authentication server instead of the first user, which avoids the fraud of the calling card.
  • the calling card displayed by the second terminal is signed by the first calling device and verified by the signature of the second calling device, which improves the security of the calling card, avoids the situation of tampering and leakage of the calling card, and improves the security of the calling card. Safe and trusted.
  • the calling card shown in this embodiment is transmitted based on the media channel, the data volume of the data to be displayed transmitted by the calling card is effectively increased, and the purpose of calling the second user by the first user and the operator can be realized based on the media channel transmission .
  • the first user needs to pre-register with the calling operator's network, and the registration process is as shown in the first embodiment.
  • the process of directly implementing the first user to call the second user under the condition that the first user does not need to pre-register with the calling operator's network will be described below with reference to FIG. 4 .
  • Fig. 4 is a flow chart of steps in another embodiment of the calling communication system provided by the present application for performing a call.
  • Step 401 the first terminal sends a second call request message to the first calling device.
  • the first user can send a second call request message to the first calling device through the first terminal, so as to trigger the first user to call the second user.
  • the second call request message may be a SIP INVITE message, and the SIP INVITE message includes the first user ID and the call authentication ID of the first user.
  • the description of the first user ID and the call authentication ID please refer to the implementation
  • the description of the first user ID and the call authentication ID of the first user shown in Example 2 will not be described in detail.
  • a specific description of the first calling device please refer to Embodiment 2, and details are not repeated here.
  • Step 402 the first calling device sends a call authentication request to the enterprise authentication server.
  • the first calling device is the calling S-CSCF as an example, and the calling S-CSCF sends the second call request message to the calling application server.
  • the calling S-CSCF determines that the call authentication identifier included in the second call request message is the same as the target authentication identifier, and the calling S-CSCF judges that the second call request message uses the Bearer authentication method
  • the The calling S-CSCF sends a second call request message including the first user ID and the call authentication ID to the network authentication server, so as to request the network authentication server to use the call authentication ID to authenticate the first user.
  • the call authentication identifier and the Bearer authentication method please refer to Embodiment 2 for details, and details are not repeated here.
  • the network authentication server receives the first user ID and the call authentication request from the calling S-CSCF, and then sends the authentication request to the enterprise authentication server, please refer to Embodiment 1. As shown in step 205, details are not repeated here.
  • Step 403 the enterprise authentication server judges whether the call authentication identifier is valid, if not, execute step 404 , and if yes, execute step 405 .
  • step 504 For the specific execution process of step 504 shown in this embodiment, please refer to step 206 in the second embodiment, and details are not repeated here.
  • Step 404 the enterprise authentication server sends a call authentication identification invalid notification to the first calling device.
  • the enterprise authentication server shown in this embodiment can send the notification that the call authentication identifier is invalid to the first calling device.
  • the notification that the call authentication identifier is invalid can be sent to the first calling device.
  • Step 405 the enterprise authentication server sends a call authentication success indication to the first calling device.
  • the enterprise authentication server shown in this embodiment can send the call authentication success indication to the first calling device.
  • the call authentication success indication can be sent to the first calling device.
  • Step 406 the first calling device obtains the data to be displayed.
  • the process of obtaining the data to be displayed by the first calling device shown in this embodiment may be performed in Step 209 to Step 210 shown in Embodiment 1, and details are not repeated here.
  • Step 407 the first calling device sends a second call request message to the second calling device.
  • Step 408 the second calling device sends a second call request message to the second terminal.
  • Step 409 the second terminal sends a 180 ringing message to the second calling device.
  • Step 410 the second calling device sends 180 a ringing message to the first calling device.
  • Step 411 the first calling device sends a 180 ringing message to the first terminal.
  • Step 412 the first calling device obtains the signature key.
  • Step 413 the first calling device sends an SRTP protocol message to the second calling device.
  • Step 414 the second calling device sends the calling card to the second terminal.
  • Step 415 the second terminal displays the calling card.
  • Step 416 the second calling device judges whether the calling card passes the security verification, if yes, execute step 417 , if not, execute step 418 .
  • Step 417 the second calling device sends the first notification information to the second terminal.
  • Step 418 the second calling device sends the second notification information to the second terminal.
  • step 407 to step 418 shown in this embodiment please refer to step 304 to step 315 shown in the second embodiment, and details will not be repeated.
  • the first user when the first user makes a call to the second user, the first user does not need to pre-register to the operator's network, avoiding the need for pre-registration steps when the first user calls the second user, The efficiency of calling the second user by the first user is improved, and the consumption of resources related to registration is reduced at the same time.
  • a trusted security alliance is established between the calling operator network, enterprise, and enterprise employees (first users), which can ensure that when the second terminal rings, the displayed calling card information is safe, and the calling card meets the requirements of the calling card.
  • enterprise enterprise employees
  • the style of the call card is uniform.
  • the personal privacy information of the first user is prevented from being exposed at the calling operator, and in the process of calling the second user, the calling card
  • the displayed information may not involve the personal privacy information of the first user, which effectively ensures the security of the first user's personal privacy information.
  • the various information included in the calling card displayed by the second terminal shown in this embodiment all comes from the enterprise authentication server and/or the network authentication server, rather than the first user. Trust the chain of trust formed by the security alliance for traceability and accountability.
  • the first calling device sends an SRTP protocol packet to the second calling device, so that the second terminal displays the calling card.
  • the first call shown in this embodiment may not be based on the SRTP protocol to realize the transmission of the calling card.
  • the method shown in this embodiment is based on the method shown in FIG. 2, and when the first user has registered to the calling operator network Next, how the first user uses the first terminal to make a call to the second terminal. See Figure 5 for details.
  • Fig. 5 is a flow chart of steps in another embodiment of the calling communication system provided by the present application for performing a call.
  • Step 501 the first terminal sends a first call request message to the first calling device.
  • Step 502 the first calling device judges whether the call authentication identifier satisfies a preset condition, if not, execute step 503, and if yes, execute step 504.
  • Step 503 the first calling device rejects the call requested by the first call request message.
  • Step 504 the first calling device sends a first call request message to the second calling device.
  • Step 505 the second calling device sends the first call request message to the second terminal.
  • Step 506 the second terminal sends a 180 ringing message to the second calling device.
  • Step 507 the second calling device sends a 180 ringing message to the first calling device.
  • Step 508 the first calling device sends a 180 ringing message to the first terminal.
  • step 501 to step 508 shown in this embodiment please refer to step 301 to step 308 shown in the second embodiment, and the specific execution process will not be repeated.
  • Step 509 the first calling device obtains the signature key.
  • the verification signature shown in this embodiment can be referred to step 309 shown in Embodiment 2.
  • the signature key shown in this embodiment can also be a pre-selected secure hash Any algorithm included in the secure hash algorithm (SHA) is derived.
  • the signature key shown in this embodiment is derived by the calling operator network according to the pre-selected algorithm SHA1.
  • Step 510 the first calling device sends a media message to the second calling device.
  • the media message shown in this embodiment may use a real-time transport protocol (real-time transport protocol, RTP).
  • RTP real-time transport protocol
  • the RTP protocol provides end-to-end real-time transmission services for various multimedia data such as voice, image, and fax.
  • the media message shown in this embodiment may include a calling card, and the calling operator network (such as the calling media server included in the calling operator network) signs the calling card based on the signature key to obtain the first verification signature information , and set the first verification signature information in the media packet.
  • the RTP protocol is taken as an example for illustration without limitation. In other examples, any media plane protocol may be used to transmit the calling card and signature.
  • Step 511 the second calling device sends a calling card to the second terminal.
  • Step 512 the second terminal displays the calling card.
  • Step 513 the second calling device judges whether the calling card has passed the security verification, if yes, execute step 514 , if not, execute step 515 .
  • Step 514 the second calling device sends the first notification information to the second terminal.
  • Step 515 the second calling device sends the second notification information to the second terminal.
  • step 311 to step 315 For the description of the execution process of step 511 to step 515 shown in this embodiment, please refer to step 311 to step 315, and details are not repeated here.
  • the first user shown in this application can also directly implement the process of the first user calling the second user without pre-registering with the calling operator's network.
  • the specific execution process can be referred to in the third embodiment.
  • the signature key shown can be any algorithm included in the SHA shown in this embodiment, and the specific process will not be repeated.
  • FIG. 6 is a flow chart of steps in another embodiment of the calling communication system provided by the present application for performing a call.
  • Step 601 the first terminal sends a third call request message to the calling operator's network.
  • the specific description of the third call request message shown in this embodiment can refer to the step 301 in the second embodiment, and details will not be repeated.
  • the third call request message shown in this embodiment also includes the first signature information.
  • a specific description of the first signature message may be as follows:
  • the first terminal can obtain the private key.
  • the first terminal obtains the call data, and signs the call data based on the private key to obtain the first signature information, wherein the call data may include the identity of the first user, the identity of the second user, etc., and the call data is used to create the first signature information.
  • the first terminal shown in this embodiment may set the first signature information in the header message of the third call request message. For a specific description of obtaining the first signature message, refer to step 304 in the first embodiment, and details are not repeated here.
  • the third call request message shown in this embodiment also includes a first indication message, and the first indication message is used to request a signature key, and the signature key is a key used to sign a calling card.
  • the first indication message is used to request a signature key
  • the signature key is a key used to sign a calling card.
  • Step 602 the calling operator network judges whether the call authentication identifier meets the preset condition, if not, execute step 603, and if yes, execute step 604.
  • Step 603 the calling operator's network rejects the call requested by the third call request message.
  • Step 604 the calling operator network sends a third call request message to the called operator network.
  • step 602 to step 604 For the description of the execution process of step 602 to step 604 shown in this embodiment, please refer to step 302 to step 304 in the second embodiment, and details are not repeated here.
  • Step 605 the called operator network sends a third call request message to the second terminal.
  • step 606 the second terminal sends a 180 ringing message to the called operator's network after determining that the third call request message has passed the verification of the called side.
  • the second terminal described in this embodiment After receiving the third call request message, the second terminal described in this embodiment verifies the third call request message on the called side, and after confirming that the third call request message has passed the verification on the called side, sends a call to the called operator network Send 180 ringing message.
  • the second terminal performs signature verification on the first signature information included in the third call request message according to the obtained public key.
  • the public key refer to Embodiment 2, and details are not repeated. If the first signature information of the second terminal passes the signature verification, the second terminal determines that the call data carried in the third call request message is untampered and complete data.
  • step 306 in Embodiment 2 For a specific description of the 180 ringing message shown in this embodiment, please refer to step 306 in Embodiment 2, and details are not repeated here.
  • Step 607 the called operator network sends a 180 ringing message to the calling operator network.
  • Step 608 the calling operator network sends a 180 ringing message to the first terminal.
  • Step 609 the first terminal obtains the signature key.
  • Step 610 the first terminal sends an SRTP protocol message to the calling operator's network.
  • the first terminal shown in this embodiment obtains the calling card, and the first terminal carries the calling card through the SRTP protocol message.
  • the first terminal shown in this embodiment refer to the process of the calling operator's network obtaining the SRTP protocol packet shown in step 310 of the second embodiment, and details are not repeated here.
  • Step 611 the calling operator's network sends an SRTP protocol message to the called operator's network.
  • Step 612 the called operator network sends the calling card to the second terminal.
  • Step 613 the second terminal displays the calling card.
  • step 613 For the description of the execution process of step 613 shown in this embodiment, please refer to the step 312 shown in the second embodiment, and details are not repeated here.
  • Step 614 the second terminal judges whether the calling card passes the security verification, if yes, execute step 615 , if not, execute step 616 .
  • Step 615 the second terminal displays the first notification information.
  • Step 616 the second terminal displays the second notification information.
  • step 314 and step 315 of the second embodiment please refer to step 314 and step 315 of the second embodiment, respectively, and details are not repeated here.
  • the first terminal shown in this embodiment is responsible for signing the calling card
  • the second terminal is responsible for verifying the signature and displaying the calling card, which can reduce the computing power resources of the calling operator network and the called operator network .
  • the first terminal and the second terminal perform the signature and signature verification process of the calling card in this embodiment, the first terminal and the second terminal can be applied to any type of operator network, reducing the need for operator network types. limits.
  • the first user needs to pre-register with the calling operator's network, and the registration process is as shown in the first embodiment.
  • the process of the first user calling the second user directly by the first user without pre-registering to the calling operator network will be described below in conjunction with FIG. 7 .
  • the first calling device is used as the first
  • the first terminal used by the user and the second calling device are the second terminal used by the second user as an example.
  • FIG. 7 is a flow chart of steps in another embodiment of the calling communication system provided by the present application for performing a call.
  • Step 701 the first terminal sends a fourth call request message to the calling operator's network.
  • the first user may send a fourth call request message to the calling operator's network through the first terminal, so as to trigger a call from the first user to the second user.
  • the fourth call request message may be a SIP INVITE message, and the SIP INVITE message includes the first user ID and the call authentication ID of the first user.
  • the first user ID and the call authentication ID please refer to the implementation The description of the first user ID and the call authentication ID of the first user shown in Example 2 will not be described in detail.
  • the fourth call request message shown in this embodiment also includes the first signature information.
  • the fourth call request message also includes the first indication message.
  • the description of the first signature message and the first indication message please refer to It is shown in step 601 of the fifth embodiment, and details are not repeated here.
  • Step 702 the calling operator network sends a call authentication request to the enterprise authentication server.
  • Step 703 the enterprise authentication server judges whether the call authentication identifier is valid, if not, execute step 704, and if yes, execute step 705.
  • Step 704 the enterprise authentication server sends a call authentication identifier invalid notification to the first terminal.
  • Step 705 the enterprise authentication server sends a call authentication success indication to the first terminal.
  • Step 706 the first terminal obtains the data to be displayed.
  • the process of obtaining the data to be displayed by the first terminal shown in this embodiment may be performed in steps 209 to 210 shown in the first embodiment, and details are not repeated here.
  • Step 707 the calling operator network sends a fourth call request message to the called operator network.
  • Step 708 the called operator network sends a fourth call request message to the second terminal.
  • Step 709 the second terminal sends a 180 ringing message to the called operator's network.
  • Step 710 the called operator network sends a 180 ringing message to the calling operator network.
  • Step 711 the calling operator network sends a 180 ringing message to the first terminal.
  • Step 712 the first terminal obtains the signature key.
  • Step 713 the first terminal sends an SRTP protocol message to the calling operator's network.
  • Step 714 the calling operator network sends an SRTP protocol message to the called operator network.
  • Step 715 the called operator network sends the calling card to the second terminal.
  • Step 716 the second terminal displays the calling card.
  • Step 717 the second terminal judges whether the calling card has passed the security verification, if yes, execute step 718, if not, execute step 719.
  • Step 718 the second terminal displays the first notification information.
  • Step 719 the second terminal displays the second notification information.
  • Step 707 to Step 719 shown in this embodiment please refer to Step 604 to Step 616 shown in Embodiment 5, and details will not be repeated.
  • the first terminal shown in this embodiment is responsible for signing the calling card
  • the second terminal is responsible for signature verification and display of the signed calling card, which can reduce the calculation of the calling operator network and the called operator network. manpower resources.
  • the first terminal and the second terminal perform the signature and signature verification process of the calling card, so that the first terminal and the second terminal can be applied to any type of operator network, reducing the restrictions on the type of operator network .
  • the calling card shown in Embodiment 5 and Embodiment 6 may not be based on the SRTP protocol to realize the transmission of the calling card.
  • the calling card shown in Embodiment 5 and Embodiment 6 may not be based on the SRTP protocol to realize the transmission of the calling card.
  • the SRTP protocol to realize the transmission of the calling card.
  • the signing process of the calling card can be performed by the first terminal.
  • the process of verifying the signature of the signed calling card can be performed by the second calling device.
  • the signing process of the calling card can be performed by the first calling device.
  • the process of verifying the signature of the signed calling card can be performed by the second terminal Execution, specific description can refer to Embodiment 5 or Embodiment 6, and details will not be repeated.
  • the operator network is an IMS network as an example.
  • This application does not limit the specific network type of the operator network.
  • the operator network shown in this embodiment can be applicable
  • the specific network type is not limited in this embodiment.
  • Fig. 8 is a structural example diagram of an embodiment of the first calling device provided in the present application.
  • the first calling device includes:
  • the second obtaining module 802 is configured to obtain the data to be displayed of the first user, the first user uses the first calling device to call the second calling device, and the data to be displayed includes the data corresponding to the first user information and/or information corresponding to the enterprise to which the first user belongs;
  • a signature module 803, configured to use the signature key to sign the data to be displayed to obtain first verification signature information
  • a sending module 804 configured to send the data to be displayed and the first verification signature information to the second calling device through a media channel between the first calling device and the second calling device, the The first verification signature information is used to verify the security of the data to be displayed.
  • the signature module 803 is connected with the first acquisition module 801 and the second acquisition module 802 respectively, and the signature module 803 is also connected with the sending module 804 .
  • the first calling device shown in this embodiment further includes a judging module 800, and the judging module 800 is used to execute step 302 and step 303.
  • the judging module 800 is connected with the sending module 804 .
  • the sending module 804 is used to execute step 304 and step 308, the first obtaining module 801 is used to execute step 309, and the signature module 803 is used to execute the signature key from the first obtaining module 801 and the signature key from the second
  • the second acquisition module 802 acquires the first verification signature information for the data to be displayed.
  • the sending module 804 is used to execute step 310 .
  • the sending module 804 is also used to perform step 402, and the second obtaining module 802 is used to perform step 406, the sending Module 804 is used to execute step 407 and step 411, the first acquisition module 801 is used to execute step 412, and the signature module 803 is used to perform the signature key from the first acquisition module 801 and the signature key from the second acquisition module
  • the data to be displayed in 802 obtains the first verification signature information.
  • the sending module 804 is configured to execute step 413 .
  • the judging module 800 is used to perform step 502 and step 503, and the sending module 804 is used to perform step 504 and step 508,
  • the first obtaining module 801 is used to execute step 509
  • the signature module 803 is used to obtain the first verification signature information according to the signature key from the first obtaining module 801 and the data to be displayed from the second obtaining module 802 , please refer to step 510 for specific description, and the sending module 804 is configured to execute step 510.
  • the sending module 804 is used to perform step 601
  • the first obtaining module 801 is used to perform step 609
  • the signature module 803 is used to obtain the first verification signature information according to the signature key from the first obtaining module 801 and the data to be displayed from the second obtaining module 802.
  • the sending module 804 is used to Execute step 610.
  • the sending module 804 is used to perform step 701
  • the first obtaining module 801 is used to perform step 712
  • the signature module 803 is used to obtain the first verification signature information according to the signature key from the first obtaining module 801 and the data to be displayed from the second obtaining module 802.
  • the sending module 804 is used to Execute step 713.
  • Fig. 9 is a structural example diagram of an embodiment of the second calling device provided in the present application.
  • the second calling device includes:
  • the receiving module 901 is configured to receive the data to be displayed and the first verification signature information from the first calling device, the first verification signature information is obtained by signing the data to be displayed with a signature key, and the data to be displayed
  • the data and the first verification signature information are transmitted through a media channel between the first calling device and the second calling device, and the data to be displayed includes information corresponding to the first user and/or related to the Information corresponding to the enterprise to which the first user belongs;
  • a signature module 902 configured to use the signature key to sign the data to be displayed to obtain second verification signature information
  • the verification module 903 is configured to, if it is determined that the first verification signature information is the same as the second verification signature information, determine that the data to be displayed passes the security verification, and display the data to be displayed.
  • the receiving module 901 is connected with the signature module 902 and the verification module 903 respectively.
  • the second calling device further includes a sending module 900 that can be connected to a receiving module 901 .
  • the sending module 900 is used to execute step 305 and step 307.
  • the receiving module 901 is used to send the received data to be displayed to the second terminal through the sending module 900.
  • the signature module 902 and the verification module 903 are jointly used to execute step 313 , and the sending module 900 is used to execute steps 314 to 315 .
  • the second calling device shown in this embodiment is applied in Embodiment 3, the second calling device further includes a sending module 900, and the sending module 900 is configured to perform step 408 and step 410, the The receiving module 901 is used to send the received data to be displayed to the second terminal through the sending module 900.
  • the sending module 900 is configured to execute steps 417 to 418.
  • the second calling device shown in this embodiment is applied in Embodiment 4, the second calling device further includes a sending module 900, and the sending module 900 is configured to perform step 505 and step 507, the The receiving module 901 is used to send the received data to be displayed to the second terminal through the sending module 900.
  • the signature module 902 and the verification module 903 are jointly used to execute step 513 , the sending module 900 is configured to execute step 514 to step 515.
  • the second calling device further includes a sending module 900, and the sending module 900 is configured to perform step 606, and the receiving module 901 It is used to receive the data to be displayed from the network of the called operator.
  • the sending module 900 is used to Execute step 615 to step 616.
  • the second calling device shown in this embodiment is applied in Embodiment 6, the second calling device further includes a sending module 900, and the sending module 900 is configured to perform step 709, and the receiving module 901
  • the signature module 902 and the verification module 903 are jointly used to execute step 717
  • the sending module 900 is used to Execute step 718 to step 719.
  • This embodiment describes the structure of the calling device used to execute the above method embodiment from the perspective of physical hardware as shown in FIG. 10: the calling device shown in this embodiment can be the first calling device or the first calling device shown above. Two calling equipment.
  • Fig. 10 is a structural example diagram of an embodiment of a calling device provided in the present application.
  • the calling device 1000 specifically includes: a processor 1001 , a memory 1002 , a bus 1003 , a transceiver 1004 and a network interface 1006 .
  • the memory 1002 may include computer storage media in the form of volatile and/or non-volatile memory, such as read-only memory and/or random access memory.
  • Memory 1002 may store operating systems, application programs, other program modules, executable code, and program data.
  • the transceiver 1004 can be used to input commands and information to the calling device, and the transceiver 1004 can be connected to the processor 1001 through the bus 1003 .
  • the transceiver 1004 may also be used to call out device output information, such as the selected occupancy server and/or occupancy virtual machine.
  • the calling device may be connected to a communication network through the network interface 1006, and in a networked environment, the computer-executed instructions stored in the calling device may be stored in a remote storage device, not limited to local storage.
  • the calling device executes the executable code or application program stored in the memory 1002, the calling device can perform the operations performed by the calling device in any of the above method embodiments.
  • the specific execution process refer to the above method embodiments, here No longer.
  • the present application also provides a communication system, which includes a calling communication system and a called communication system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Dans les modes de réalisation de la présente invention, sont divulgués un procédé de traitement d'appel, ainsi qu'un dispositif associé et un support d'enregistrement, au moyen desquels des données sécurisées à afficher sont envoyées à un second utilisateur pendant le processus d'un premier utilisateur appelant le second utilisateur, et la quantité d'informations comprises dans lesdites données peut être efficacement augmentée. Le procédé comprend les étapes suivantes : un premier dispositif d'appel acquiert une clé de signature ; le premier dispositif d'appel acquiert des données à afficher d'un premier utilisateur ; le premier dispositif d'appel signe lesdites données au moyen de la clé de signature, de manière à acquérir des premières informations de signature de vérification ; et le premier dispositif d'appel envoie lesdites données et les premières informations de signature de vérification à un second dispositif d'appel au moyen d'un canal multimédia entre le premier dispositif d'appel et le second dispositif d'appel, les premières informations de signature de vérification étant utilisées pour vérifier la sécurité desdites données.
PCT/CN2022/122530 2021-09-30 2022-09-29 Procédé de traitement d'appel, dispositif associé et support d'enregistrement Ceased WO2023051679A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111166679.8A CN115915112A (zh) 2021-09-30 2021-09-30 一种呼叫处理的方法、相关设备以及存储介质
CN202111166679.8 2021-09-30

Publications (1)

Publication Number Publication Date
WO2023051679A1 true WO2023051679A1 (fr) 2023-04-06

Family

ID=85750405

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/122530 Ceased WO2023051679A1 (fr) 2021-09-30 2022-09-29 Procédé de traitement d'appel, dispositif associé et support d'enregistrement

Country Status (2)

Country Link
CN (1) CN115915112A (fr)
WO (1) WO2023051679A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117155601B (zh) * 2023-07-14 2024-07-26 中移互联网有限公司 呼叫方法、装置、电子设备及存储介质
CN120301975B (zh) * 2025-04-01 2025-12-30 广东省电子商务认证有限公司 一种可信任名片来电系统及方法

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108886520A (zh) * 2016-01-25 2018-11-23 黑莓有限公司 建立会话发起协议会话
US10154136B1 (en) * 2016-03-22 2018-12-11 Symantec Corporation Call block policy using validated identities and selected attribute sharing
US20200028690A1 (en) * 2018-07-17 2020-01-23 Verizon Patent And Licensing Inc. Validating and securing caller identification to prevent identity spoofing
US20200053136A1 (en) * 2018-08-13 2020-02-13 T-Mobile Usa, Inc. Originating caller verification via insertion of an attestation parameter
US20200336314A1 (en) * 2019-04-17 2020-10-22 Verizon Patent And Licensing Inc. Validating and securing caller identification to prevent identity spoofing
US20220086276A1 (en) * 2020-09-16 2022-03-17 Douglas Ranalli Verified Calling Party Information Display Confirmation System

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108886520A (zh) * 2016-01-25 2018-11-23 黑莓有限公司 建立会话发起协议会话
US10154136B1 (en) * 2016-03-22 2018-12-11 Symantec Corporation Call block policy using validated identities and selected attribute sharing
US20200028690A1 (en) * 2018-07-17 2020-01-23 Verizon Patent And Licensing Inc. Validating and securing caller identification to prevent identity spoofing
US20200053136A1 (en) * 2018-08-13 2020-02-13 T-Mobile Usa, Inc. Originating caller verification via insertion of an attestation parameter
US20200336314A1 (en) * 2019-04-17 2020-10-22 Verizon Patent And Licensing Inc. Validating and securing caller identification to prevent identity spoofing
US20220086276A1 (en) * 2020-09-16 2022-03-17 Douglas Ranalli Verified Calling Party Information Display Confirmation System

Also Published As

Publication number Publication date
CN115915112A (zh) 2023-04-04

Similar Documents

Publication Publication Date Title
US11496319B2 (en) Method of identity authentication for voice over internet protocol call and related device
KR101461455B1 (ko) 인증 방법, 시스템 및 장치
US9648006B2 (en) System and method for communicating with a client application
US10516660B2 (en) Methods, systems, devices and products for authentication
US10893414B1 (en) Selective attestation of wireless communications
CN106658486A (zh) 一种加密通话的呼叫方法、装置及终端
US11979389B1 (en) End-to-end message encryption
EP4319047A1 (fr) Système de messagerie de signature d'expéditeur sécurisé
US11888848B1 (en) Two-factor authentication with public key infrastructure
WO2023051679A1 (fr) Procédé de traitement d'appel, dispositif associé et support d'enregistrement
US10595203B2 (en) Enhanced establishment of IMS session with secure media
WO2017197968A1 (fr) Procédé et dispositif de transmission de données
CN101141251B (zh) 通信系统中消息加密签名的方法及系统和设备
CN102065069B (zh) 一种身份认证方法、装置和系统
CN101577910B (zh) 一种ip多媒体子系统中的注册鉴权方法
KR20180050910A (ko) 통신 시스템에서 발신자를 인증하기 위한 장치 및 방법
US12580914B2 (en) Call processing method, related device, and communications system
CN100561909C (zh) 一种基于tls的ip多媒体子系统接入安全保护方法
Bremler-Barr et al. Unregister attacks in SIP
CN101621505A (zh) 接入认证方法及系统、终端
WO2020037958A1 (fr) Procédé, dispositif, système de partage de clé et enregistrement de client basés sur gba
CN115767527A (zh) 一种均衡安全和效率的改进型5g消息rcs接入鉴权ims-aka机制
CN101540678A (zh) 固定终端及其认证方法
CN114726958A (zh) 身份验证方法、装置、电子设备及可读存储介质
CN117336091A (zh) 接口调用方法、系统及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22875061

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22875061

Country of ref document: EP

Kind code of ref document: A1