Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for implementing transport layer safety of SIP network based on sharing cryptographic key

A transport layer security and shared key technology, applied in the field of transport layer security implementation in SIP networks, can solve problems such as implementation difficulties, dropped messages, communication failures, etc.

Inactive Publication Date: 2008-12-24
ZTE CORP
View PDF0 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The problem with IPSec access is that NA(P)T (Network Address (Port) Translation) is ubiquitous when accessing in an existing network. When NA(P) works, it is necessary to transfer the IP address from the internal network address to the external network. For address conversion, port mapping is required in some scenarios, so the NA(P)T device will change the source IP of the message and the port number of the transport layer in the IP message, both of which are the objects of IPSec integrity protection , when using IPSec integrity protection, changing the two will cause the receiving end to think that the message has been tampered with when performing integrity verification, resulting in verification failure and discarding the message; if encryption is used, NA(P)T cannot read If the transport layer port information is obtained, port mapping cannot be performed, resulting in communication failure.
However, the current TLS access default key negotiation uses a certificate mechanism, which is very difficult to implement in a network that supports user roaming / nomadic like IMS, because the secure connection is established between the terminal and the access server. However, the access server cannot independently verify the legitimacy of the user certificate, making this method difficult to implement, and the digital certificate authentication method has not been widely used in the SIP network.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing transport layer safety of SIP network based on sharing cryptographic key
  • Method for implementing transport layer safety of SIP network based on sharing cryptographic key
  • Method for implementing transport layer safety of SIP network based on sharing cryptographic key

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0080] This embodiment takes the IMS network as an example, figure 2 Schematic diagram of the system architecture for realizing SIP transport layer security, where SIP TM takes IMS UE (User Equipment) as an example; ASP takes P-CSCF (Proxy Call Session Control Function) in IMS network as an example, between IMS UE and P-CSCF The transport layer security connection is established between CSCFs; the HSP takes the S-CSCF (Serving Call Session Control Function) in the IMS network as an example; the AuC takes the home subscriber server HSS in the IMS network as an example.

[0081] In this embodiment, take the IMS network as an example to realize the flow chart of TLS negotiation, as shown in image 3 As shown, there may be other IMS network elements such as I-CSCF (inquiry call control function) between P-CSCF and S-CSCF in the figure, but this embodiment has no impact and is ignored in the figure. The process includes the following steps:

[0082] Step 301, the IMS UE selects a...

no. 2 example

[0099] Figure 4 Shows the embodiment of the transport layer security negotiation in the ordinary SIP network (referring to the network using SIP as the control protocol except softswitch and IMS), the SIP server in the figure includes figure 1 ASP and HSP in the general framework, process and image 3 basically the same, except image 3 The functions performed by the P-CSCF and the S-CSCF respectively in this embodiment are independently performed by the SIP server.

[0100] As shown, the process includes the following steps:

[0101] Step 401, the SIP terminal initiates a request to the SIP server, and the SIP message contains one or more Security-Client headers, one of which indicates the supported transport layer security parameters, including transmission type, encryption, integrity protection algorithm, client and listening port number, etc.;

[0102] Step 402, the SIP server receives the request, checks whether the algorithm indicated by the Security-Client header i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a realization method for transport layer security in a session initiation protocol (SIP) network based on a shared key. The method comprises the following steps: (a) a shared main key and a derivation algorithm are stored at a SIP terminal and in an authentication center (AuC); (b) the SIP terminal is interacted with a network side device based on a SIP security negotiation standard frame, the support for the security protocol of the transport layer is increased, and the SIP terminal and the SIP network side respectively generate the required encryption and integrity protection keys, so as to realize the transport layer security of the SIP network. By adopting the method, the TCP negotiation in the SIP network can be realized, the method not only can be suitable for the connection transport of the SIP such as TCP, UDP, etc., but also can ensure the security of information transmission in the SIP network; the method not only can be suitable for soft switching and IMS network, but also can be suitable for other networks which adopt the SIP as the control protocol, for example, the SIP-based VoIP network.

Description

technical field [0001] The present invention relates to a network using the Session Initiation Protocol (SIP), hereinafter referred to as the SIP network, in particular to a method for realizing security of the transmission layer in the SIP network. Background technique [0002] Session Initiation Protocol (SIP) is a kind of multimedia communication control protocol, which has been widely used in softswitches, IP Multimedia Subsystem (IMS) and other networks. Since SIP runs on the open IP protocol, its security has always been the focus of attention. At present, the security mechanism that has been standardized on the user access side is IPSec (IP Security) access proposed by 3GPP, and the SIP security solution is TLS (Transport Layer Security) recommended by IETF (Internet Engineering Task Force), but it has not been adopted. Adopted by 3GPP. Both solutions currently have pros and cons. [0003] The problem of IPSec access is: when accessing in the existing network, NA(P...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/30
Inventor 汪军
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products