Method and related device for verifying network call identity
阅读说明:本技术 验证网络通话身份的方法及相关装置 (Method and related device for verifying network call identity ) 是由 林耕葆 于 2019-04-15 设计创作,主要内容包括:本发明公开了一种验证网络通话身份的方法,用于支持一会谈启始协议及一区块链数据传输技术的一第一通信装置,该方法包含有:在一会谈建立程序期间,向该会谈建立程序中的一第二通信装置,请求一身份签章;接收该第二通信装置传送的该身份签章,其中该身份签章是由该第二通信装置根据一私钥而产生;通过一区块链服务器查询对应该身份签章的一公钥,其中该区块链服务器储存有一区块链数据;当从该区块链数据取得该公钥时,利用该公钥验证该身份签章,以产生一验证结果;以及根据该验证结果,决定继续或终止该会谈建立程序。(The invention discloses a method for verifying the identity of a network call, which is used for a first communication device supporting a session initiation protocol and a block chain data transmission technology, and comprises the following steps: requesting an identity signature from a second communication device in a session establishment procedure during the session establishment procedure; receiving the identity signature transmitted by the second communication device, wherein the identity signature is generated by the second communication device according to a private key; inquiring a public key corresponding to the identity signature through a block chain server, wherein the block chain server stores block chain data; when the public key is obtained from the block chain data, the public key is used for verifying the identity signature so as to generate a verification result; and determining to continue or terminate the session establishment procedure according to the verification result.)
1. A method for verifying an identity of a network call for a first communication device supporting Session Initiation Protocol (SIP) and block chain data transmission (blockchain) technologies, the method comprising:
requesting an identity signature from a second communication device in a session establishment procedure during the session establishment procedure;
receiving the identity signature transmitted by the second communication device, wherein the identity signature is generated by the second communication device according to a private key;
querying a public key corresponding to the identity signature through a block chain server (block chain server), wherein the block chain server stores block chain data;
when the public key is obtained from the block chain data, the public key is used for verifying the identity signature so as to generate a verification result; and
and determining to continue or terminate the session establishment procedure according to the verification result.
2. The method of claim 1, further comprising:
when the public key is not obtained from the blockchain data, the session establishment procedure is ended or cancelled.
3. The method of claim 1, wherein the step of verifying the identity signature using the public key to generate the verification result when the public key is obtained from the blockchain data comprises:
decrypting the identity signature using the public key;
when the identification signature is successfully decrypted and the decrypted identification signature conforms to a default rule, judging that the verification result is successful; and
and when the identification signature is not successfully decrypted or the identification signature is successfully decrypted but does not accord with the default rule, judging that the verification result is failure.
4. The method of claim 3, wherein the step of determining to continue or terminate the session establishment procedure according to the verification result comprises:
when the verification result is successful, continuing the session establishment procedure; and
when the verification result is failure, the session establishment procedure is ended or cancelled.
5. The method of claim 2 or 4, further comprising:
when the session establishment procedure is ended or cancelled, an alert message is displayed to a user.
6. The method of claim 3, wherein the default rule is a predetermined format related to the identity signature, the predetermined format includes at least one of destination address, source address, time, and session identifier, and the default rule is embedded in a plain text data accompanying the identity signature transmitted by the second communication device.
7. The method of claim 6, further comprising:
performing a check on the plaintext data attached to the identity signature, wherein the checking comprises: judging whether the plaintext data conforms to a default plaintext format;
when the plaintext data does not conform to the default plaintext format, the second communication device is requested again to transmit the identity signature, or the session establishment procedure is terminated.
8. The method of claim 7, wherein querying the public key corresponding to the identity signature by the blockchain server comprises:
when the plaintext data conforms to the default plaintext format, the public key corresponding to the identity signature is queried by the blockchain server.
9. The method of claim 1, wherein requesting the identity signature from the second communication device during the session establishment procedure comprises:
sending a request message of the Session Initiation Protocol (SIP) or a Hyper Text Transfer Protocol (HTTP) to the second communication device, the request message instructing the second communication device to send the identity signature to the first communication device.
10. The method of claim 9, wherein the request message is an INVITE message (INVITE) or an Acknowledgement (ACK) message in session initiation protocol (sip).
11. The method of claim 1 wherein the identity signature transmitted by the second communication device is accompanied by plaintext data, and further comprising:
performing a check on the plaintext data, wherein the checking step comprises:
judging whether the plaintext data conforms to a default plaintext format;
when the plaintext data does not conform to the default plaintext format, the second communication device is requested again to transmit the identity signature, or the session establishment procedure is terminated.
12. The method of claim 1, wherein querying a public key corresponding to the identity signature by the blockchain server comprises:
transmitting a query message to the blockchain server;
receiving a reply message containing the blockchain data from the blockchain server; and
and screening the public key from the block chain data.
13. A first communications device for verifying an identity of a network call, the first communications device supporting Session Initiation Protocol (SIP) and block chain data transmission (blockchain) technologies, the communications device comprising:
a processing unit for executing a program code;
a storage unit, coupled to the processing device, for storing the program code, wherein the program code instructs the processing unit to perform the following steps:
requesting an identity signature from a second communication device in a session establishment procedure during the session establishment procedure;
receiving the identity signature transmitted by the second communication device, wherein the identity signature is generated by the second communication device according to a private key;
querying a public key corresponding to the identity signature through a block chain server (block chain server), wherein the block chain server stores block chain data;
when the public key is obtained from the block chain data, the public key is used for verifying the identity signature so as to generate a verification result; and
and determining to continue or terminate the session establishment procedure according to the verification result.
14. The first communications device of claim 13, wherein the program code further directs the processing unit to terminate or cancel the session establishment procedure when the public key is not obtained from the blockchain data.
15. The first communications device of claim 13, wherein the program code further directs the processing unit to:
decrypting the identity signature using the public key;
when the identification signature is successfully decrypted and the decrypted identification signature conforms to a default rule, judging that the verification result is successful; and
and when the identification signature is not successfully decrypted or the identification signature is successfully decrypted but does not accord with the default rule, judging that the verification result is failure.
16. The first communications device of claim 15, wherein the program code further directs the processing unit to:
when the verification result is judged to be successful, continuing the session establishment procedure; and
and when the verification result is judged to be failed, ending or canceling the session establishment procedure.
17. The first communications device as claimed in claim 14 or 16, wherein the program code further directs the processing unit to:
when the session establishment procedure is ended or cancelled, an alert message is displayed to a user.
18. The first communications device of claim 13, wherein the program code further directs the processing unit to:
sending a request message of the Session Initiation Protocol (SIP) or a Hyper Text Transfer Protocol (HTTP) to the second communication device, the request message instructing the second communication device to send the identity signature to the first communication device.
19. The first communications device of claim 13, wherein the program code further directs the processing unit to:
transmitting a query message to the blockchain server;
receiving a reply message containing the blockchain data from the blockchain server; and
and screening the public key from the block chain data.
20. A first communication device for verifying an identity of a network call, the first communication device comprising: a session initiation protocol unit for performing a session establishment procedure with a second communication device;
a session establishment procedure for establishing a session between the second communication device and the second communication device, wherein the session establishment procedure is performed by the second communication device based on a private key;
a block chain data transmission unit, which is used for inquiring a public key corresponding to the identity signature from a block chain server, wherein the block chain server stores a block chain data; and
a identity signature verification unit for verifying the identity signature by using the identity public key when the blockchain data transmission unit obtains the public key from the blockchain data to generate a verification result.
21. The first communications device as claimed in claim 20, wherein the identity signature verification unit is further configured to:
decrypting the identity signature using the public key;
when the identification signature is successfully decrypted and the decrypted identification signature conforms to a default rule, judging that the verification result is successful; and
and when the identification signature is not successfully decrypted or the identification signature is successfully decrypted but does not accord with the default verification rule, judging that the verification result is failure.
22. The first communications device of claim 21, wherein said identification signature verification unit is further configured to instruct said session initiation protocol unit to continue said session establishment procedure if said verification result is successful, and to instruct said session initiation protocol unit to end or cancel said session establishment procedure if said verification result is unsuccessful.
23. The first communications device of claim 20, wherein the blockchain data transfer unit is further configured to:
transmitting a query message to the blockchain server;
receiving a reply message containing the blockchain data from the blockchain server; and
and screening the public key from the block chain data.
Technical Field
The present invention relates to a method and a related apparatus for verifying an identity of a network call, and more particularly, to a method and a related apparatus for verifying an identity of a network call based on a block chain data transmission technology.
Background
Session Initiation Protocol (SIP) is a network communication Protocol, which is a mainstream Protocol in VoIP technology. Session initiation protocol in the session establishment procedure, six types of information are defined: REGISTER (REGISTER), INVITE (INVITE), Acknowledgement (ACK), CANCEL (CANCEL), end (BYE), and query (OPTIONS). Please refer to fig. 1, which is a diagram illustrating a session establishment procedure in the prior art. When the sender wants to establish a session, the sender transmits an invitation message to the receiver until an acknowledgement message is transmitted, and then a streaming session is started.
In most situations, the caller will not know the current IP address of the receiver, and therefore, mostly requests a Proxy Server (Proxy Server) to forward information, where the Proxy Server stores the user account and the corresponding IP address registered with the Proxy Server, and thus has a routing function. As shown in fig. 2, the originating terminal transmits the invite message to the proxy server, and then the proxy server transmits the invite message to the receiving terminal, thereby implementing the session establishment between the two parties. Therefore, under the session initiation protocol architecture, the session is established between the calling end and the called end through the service provider of the internet phone and the server thereof. However, if the server is hacked or the user's account password is leaked, the problem may result in that the caller or the receiver is not actually the same person.
Disclosure of Invention
Therefore, the present invention is directed to a method and a related device for verifying an identity of a network call, so as to solve the above-mentioned problems.
The invention discloses a method for verifying the identity of a network call, which is used for a first communication device supporting a session initiation protocol and a block chain data transmission technology, and comprises the following steps: requesting an identity signature from a second communication device in a session establishment procedure during the session establishment procedure; receiving the identity signature transmitted by the second communication device, wherein the identity signature is generated by the second communication device according to a private key; inquiring a public key corresponding to the identity signature through a block chain server, wherein the block chain server stores block chain data; when the public key is obtained from the block chain data, the public key is used for verifying the identity signature so as to generate a verification result; and determining to continue or terminate the session establishment procedure according to the verification result.
The present invention also discloses a first communication device for verifying the identity of a network call, the first communication device supporting a session initiation protocol and a blockchain data transmission technique, the first communication device comprising: a processing unit for executing a program code; a storage unit, coupled to the processing device, for storing the program code, wherein the program code instructs the processing unit to perform the following steps: requesting an identity signature from a second communication device in a session establishment procedure during the session establishment procedure; receiving the identity signature transmitted by the second communication device, wherein the identity signature is generated by the second communication device according to a private key; inquiring a public key corresponding to the identity signature through a block chain server, wherein the block chain server stores block chain data; when the public key is obtained from the block chain data, the public key is used for verifying the identity signature so as to generate a verification result; and determining to continue or terminate the session establishment procedure according to the verification result.
The present invention further discloses a first communication device for verifying the identity of a network call, the first communication device comprising: a session initiation protocol unit for performing a session establishment procedure with a second communication device; a session establishment procedure for establishing a session between the second communication device and the second communication device, wherein the session establishment procedure is performed by the second communication device based on a private key; a block chain data transmission unit, which is used for inquiring a public key corresponding to the identity signature from a block chain server, wherein the block chain server stores a block chain data; and a identity signature verification unit for verifying the identity signature by using the identity public key when the blockchain data transmission unit obtains the public key from the blockchain data to generate a verification result.
Drawings
Fig. 1-2 are schematic diagrams of a session establishment procedure in the prior art.
Fig. 3 is a schematic diagram of a communication device according to an embodiment of the invention.
Fig. 4 is a schematic diagram of a network call authentication process according to an embodiment of the present invention.
Fig. 5 is an application architecture diagram of a communication device according to an embodiment of the invention.
Fig. 6 is a schematic diagram of a network call authentication process according to an embodiment of the present invention.
Fig. 7-8 are schematic diagrams illustrating a network session authentication procedure according to an embodiment of the present invention.
Wherein the reference numerals are as follows:
30. 50 communication device
300 processing unit
310 storage unit
320 communication interface unit
314 program code
40. 60 flow path
400-440, 601-607 steps
501 session initiation protocol unit
502 identity signature request unit
503 identification signature verification unit
504 block chain data transmission unit
505 warning information display unit
Detailed Description
Referring to fig. 3, fig. 3 is a schematic diagram of a communication device 30 according to an embodiment of the invention. The communication device 30 can be the caller/receiver or the proxy server shown in fig. 1-2. In detail, the communication device 30 includes a processing unit 300, a storage unit 310, and a communication interface unit 320. The processing unit 300 may be a microprocessor or an application-specific integrated circuit (ASIC). The storage unit 310 may be any data storage device for storing a program code 314, and the program code 314 is read and executed by the processing unit 300. For example, the storage unit 310 may be a Subscriber Identity Module (SIM), a read-only memory (ROM), a random-access memory (RAM), a compact disc-read only memory (CD-ROMs), magnetic tapes (magnetic tapes), floppy disks (floppy disks), an optical data storage device (optical data storage devices), and the like, without being limited thereto. The communication interface unit 320 is used for exchanging signals with another communication device through a wireless communication method.
The communication device 30 supports a block chain data transmission technology (blockchain) and an asymmetric encryption and digital signature (digitalisation) under a Session Initiation Protocol (SIP) architecture. Asymmetric encryption is common public and private key encryption, and content encrypted by a public key can be decrypted only by the private key, otherwise, content encrypted by the private key can be decrypted only by the public key. Digital signatures are an application of public and private keys to verify that the sender of a document is indeed himself. Therefore, the invention adopts the digital signature technology to verify the identities of the two parties in the SIP conversation process. Briefly, a digital signature is a file encrypted with the sender's private key and the recipient decrypts the file with the sender's public key. In a general application scenario, the document content sent by signing with the digital signature is accompanied by plaintext data for the recipient to verify the document content, but if the document content is fixed or predictable, the plaintext data may not be accompanied.
The blockchain is a distributed database formed by all participants, and anyone can inquire data in the blockchain through a public interface, so that system data is very transparent. Another major feature of the block chain is its "non-tampering", in which each piece of data in the block chain cannot be altered once written, and is permanently written into the block once the data is verified. In addition, the data of the blockchain of each client node is the same, so that the data in the blockchain can be easily found if the data is tampered.
It should be noted that, a general SIP call relies on a trusted third party (e.g. a proxy server) for authentication and mediation, so that the data transmission process of the SIP call may cause problems of spoofing a server and tampering packets. Therefore, the blockchain has a decentralized characteristic (i.e., decentralized distributed database), i.e., the dependence on a trusted third party is weakened, so that the network call authentication mechanism based on the blockchain can enhance the security of the network call. In particular, the distributed nature of the blockchain makes it difficult for an attacker to disguise a particular server, and the immutability of the blockchain also makes it difficult for an attacker to tamper with the blockchain data, so the present invention proposes to record the concept of public keys through the blockchain. Since the communication device 30 obtains the public key from the blockchain by itself, rather than passing through the call data, it is difficult for hackers to attack by impersonating the digital signature and the public key. Therefore, the invention can realize the identity authentication of the SIP call and strengthen the security of call data transmission.
Please refer to fig. 4, which is a schematic diagram of a network
step 400: during the session establishment procedure, an identity signature is requested from the second communication device.
Step 410: and receiving the identity signature transmitted by the second communication device, wherein the identity signature is generated by the second communication device according to a private key.
Step 420: a public key corresponding to the identity signature is inquired through a block chain server, wherein the block chain server stores block chain data.
Step 430: when the public key is obtained from the blockchain data, the public key is used for verifying the identity signature so as to generate a verification result.
Step 440: and according to the verification result, deciding to continue or terminate the session establishment procedure.
According to the
Further, the first communication device requests the second communication device for the identity signature by sending a request message in the session initiation protocol (sip) or hypertext transfer protocol (HTTP) to the second communication device, wherein the request message instructs the second communication device to send the identity signature to the first communication device. In one embodiment, the request message may be an invite message or an Acknowledgement (ACK) message in a session initiation protocol.
In other words, the public key of the communication device is recorded on the default block chain, the public key can be generated by the communication device or a host/server managed by an account and uploaded to the block chain, the corresponding private key is stored by the communication device, so that the communication device can use the private key to sign and send the identity signature, and the communication device to verify the identity signature obtains the public key from the block chain to decrypt the identity signature, thereby verifying the identity of the communication device.
Fig. 5 is an application architecture diagram of a
The operation of the communication device 50 (hereinafter referred to as the first communication device) of the present invention can be summarized as the network call authentication process 60, as shown in fig. 6. The session initiation protocol unit of the first communication device transmits/receives invitation information or subsequent information in the session initiation protocol (step 601), and then the identity signature request unit requests the second communication device for an identity signature and waits for receiving the identity signature (step 602). If the identity signature request unit does not successfully receive the identity signature, the identity signature request unit may request the second communication device for the identity signature again (step 603a), or instruct the SIP session initiation protocol unit to terminate the SIP session, and instruct the warning information display unit to display the warning information (step 603 b). On the contrary, if the identification signature request unit successfully receives the identification signature, the identification signature request unit transmits the received identification signature to the identification signature verification unit to perform a preliminary check on the plaintext data attached to the identification signature (step 604). The preliminary check method may be, but is not limited to, determining whether the plaintext data conforms to the default plaintext format requirement. In addition, if the identification signature is not accompanied by plaintext data, the preliminary verification step can be omitted. If the plaintext data conforms to the requirement of the default plaintext format, the identification signature verification unit determines that the preliminary verification is successful, and instructs the blockchain data transmission unit to query the blockchain server and obtain the public key pre-stored in the blockchain (step 605). Otherwise, if the plaintext data does not conform to the default plaintext format requirement, the ID signature verification unit determines that the preliminary verification fails, and instructs the ID signature request unit to request the second communication device for the ID signature again (step 603a), or instructs the session initiation protocol unit to terminate the SIP session, and instructs the warning information display unit to display the warning information (step 603 b).
When the blockchain data transmission unit obtains the public key from the blockchain of the blockchain server, the public key is transmitted to the identification signature verification unit for the identification signature verification unit to verify/decrypt the identification signature (step 606). In one embodiment, if the id signature is successfully decrypted and the decrypted id signature content conforms to the default format/rule, the id signature verification unit instructs the SIP session to continue (step 607); if the identity signature is not successfully decrypted or the identity signature is successfully decrypted but the decrypted identity signature content does not conform to the default format/rule, the identity signature verification unit instructs the session initiation protocol unit to terminate the SIP session and instructs the alert information display unit to display alert information (step 603 b). On the other hand, when the blockchain data transmission unit does not obtain the public key from the blockchain of the blockchain server, the blockchain data transmission unit also instructs the SIP entity to terminate the SIP session and instructs the warning information display unit to display the warning information (step 603 b).
In one embodiment, the default format includes at least one of a destination address, a source address, a time, and a session identifier, and the default rules may be embedded in plaintext data accompanying the identity signature. For example, the identity signature verification unit decrypts the identity signature using the obtained public key, and obtains the following identity signature content:
From:[email protected]
Time:1528037983
InviteId:123456789
when the content of the identity signature conforms to the default format of the communication device, the communication device judges that the identity signature is successfully verified and continues the SIP communication; otherwise, the communication device judges that the identity signature verification fails and terminates the SIP call.
It is noted that the network session authentication process 60 may be triggered by the transmission/reception of invite messages or subsequent messages (e.g., acknowledgement messages or other subsequent messages). If the network call authentication is performed at the stage of transmitting/receiving the invite message, it can be used to verify the identity of the proxy server, and if the network call authentication is performed at the stage of transmitting/receiving the acknowledgement message, it can verify only the identity of the actual call device (i.e., the second communication device). The stage at which the verification of the network session identity begins may be determined by the requirements of the application of the first communication device.
It should be noted that, no matter the sender and the receiver or the proxy server are all communication devices in the SIP session, they can request each other to give the identity signature, and the identity signature is signed and sent by the communication device of the other party using the stored private key, and the public key corresponding to the private key is recorded in the time zone block chain.
In detail, the way the blockchain data transmission unit queries the blockchain server and obtains the public key pre-stored in the blockchain is shown in fig. 7-8. Fig. 7-8 are schematic diagrams illustrating authentication of network calls between communication devices according to embodiments of the present invention. As shown in fig. 7, the first communication device transmits an invitation message to the second communication device, and the second communication device requests an identity signature from the first communication device and receives a returned identity signature. Then, the second communication device transmits the query message of "query blockchain transaction message" to the blockchain server, so that the blockchain server returns the reply message of "return blockchain transaction message" to the second communication device. The second communication device queries the transaction information from the "return blockchain transaction information", filters out the matching data, and finally screens out the public key. The present invention screens the way to find the public key, and is not limited herein.
In addition, after the public key is found by screening, the second communication device verifies the identity signature by using the public key. If the authentication result of the identification signature is failure, the second communication device transmits an end message or a cancel message to the first communication device to immediately terminate the SIP call, and displays a warning message by means of a user interface or plain text, etc. to inform the user that the authentication of the just-existing SIP call object has failed.
In an embodiment, the invention records the public key data through the blockchain, and can also be applied to a transaction scene of the bitcoin blockchain to read the public key data in the blockchain and further verify the identity of the bitcoin transactor.
All the steps described above, including the steps proposed, can be implemented by hardware, firmware (i.e. a combination of hardware devices and computer instructions, where data in the hardware devices are read-only software data), or an electronic system. For example, the hardware may include analog, digital, and hybrid circuits (i.e., microcircuits, microchips, or silicon chips). The electronic system may comprise a System On Chip (SOC), a system in package (SOC)
A system in package (Sip), a Computer On Module (COM), and a communication device 30.
In summary, the present invention is configured to operate on the SIP standard and record public key data through the blockchain, so that the SIP session identity can be verified. In detail, the communication device reads the public key data in the block chain to decrypt the identity signature to confirm the identity of the other communication device. It is worth noting that the characteristic of the block chain is used for the identity authentication of the network call, which can strengthen the information security of the network call and ensure the network call quality and the reliability of both parties of the call.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.