[go: up one dir, main page]

CN120378524A - Method, device, processing equipment and storage medium for determining user identity - Google Patents

Method, device, processing equipment and storage medium for determining user identity

Info

Publication number
CN120378524A
CN120378524A CN202410104258.XA CN202410104258A CN120378524A CN 120378524 A CN120378524 A CN 120378524A CN 202410104258 A CN202410104258 A CN 202410104258A CN 120378524 A CN120378524 A CN 120378524A
Authority
CN
China
Prior art keywords
information
user identity
terminal
determining
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410104258.XA
Other languages
Chinese (zh)
Inventor
刘先
付丽琴
林勤
李晟
刘艳蕊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Chengdu ICT Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Chengdu ICT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Chengdu ICT Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202410104258.XA priority Critical patent/CN120378524A/en
Publication of CN120378524A publication Critical patent/CN120378524A/en
Pending legal-status Critical Current

Links

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a method, a device, processing equipment and a storage medium for determining user identity. The method comprises the steps of sending first information to a registration server, wherein the first information is used for requesting second information, the second information comprises user identity information and user identity digital signature information of the first terminal, receiving the second information sent by the registration server, sending third information to a second terminal, the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal. Compared with a mode of identifying the user identity of the first terminal by using an additional application, the method has the advantages that the application is not required to be downloaded and installed, the database is not required to be updated, unreliable data is not required to be relied on, and therefore the identity identification of the first terminal can be more efficient, quick and reliable.

Description

Method, device, processing equipment and storage medium for determining user identity
Technical Field
The present invention relates to, and is not limited to, the field of information processing, and in particular, to a method, apparatus, processing device, and storage medium for determining a user identity.
Background
In the call scenario, the information of the caller is displayed on the called terminal when ringing, but the displayed information is not necessarily trusted. In the related art, the problem of caller identification can be solved by a technical means. The identification of the caller identity is illustratively performed by a mobile Application (APP) for caller number identification. The operator of the APP establishes a user identity database of telephone numbers in an active labeling or user collection mode, and when a mobile phone calls, the APP queries the database according to the calling numbers to obtain calling identity information of the application and prompts the calling identity at an incoming call interface, such as suspected fraud telephones, express take-out telephones and the like. But this approach has the problems of inconvenient use, untimely data update, and unreliable identification.
Disclosure of Invention
In view of the above, the invention discloses a method, a device, a processing device and a storage medium for determining the identity of a user.
According to a first aspect of embodiments of the present disclosure, there is provided a method of determining a user identity, the method being performed by a first terminal, the method comprising:
the method comprises the steps of sending first information to a registration server, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
Receiving the second information sent by the registration server;
and sending third information to a second terminal, wherein the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal.
In some embodiments, the second information includes the user identity information, the user identity digital signature information, and a registration server signature certificate.
In some embodiments, the first information is sent via a network registration request message, and/or the second information is received via a network registration response message, and/or the third information is sent via a caller request message.
According to a second aspect of embodiments of the present disclosure, there is provided a method of determining a user identity, the method being performed by a registration server, the method comprising:
Receiving first information sent by a first terminal, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
Acquiring the second information;
and sending the second information to the first terminal.
In some embodiments, the second information includes the user identity information, the user identity digital signature information, and a registration server signature certificate.
In some embodiments, the method further comprises:
and establishing an association relation between the user identity information and session initiation service SIP identity ID.
In some embodiments, the first information is received via a network registration request message and/or the second information is sent via a network registration response message.
In some embodiments, the method further comprises:
inquiring the user identity information;
In response to querying the user identity information, generating digital signature information for the user identity information by using a signature key.
In some embodiments, the querying the user identity information includes:
and after the network registration authentication of the first terminal is completed, inquiring the user identity information.
In some embodiments, the method further comprises:
Generating a document to be signed based on preset information, wherein the preset information comprises at least one of user identity information, user identity information format, a Session Initiation Protocol (SIP) Uniform Resource Identifier (URI) of a user, a current time stamp, a random character string and the validity period of the signature;
the generating digital signature information for the user identity information using a signature key includes:
and generating the digital signature information by using the signature secret key and the document to be signed.
In some embodiments, the method further comprises:
Transmitting the signature key to an authentication center CA;
And receiving the registration server signature certificate sent by the CA, wherein the registration server signature certificate is generated based on the signature secret key.
According to a third aspect of embodiments of the present disclosure, there is provided a method of determining a user identity, the method being performed by a second terminal, the method comprising:
Receiving third information sent by a first terminal, wherein the third information is used for calling the second terminal and determining the user identity of the first terminal by the second terminal, and the third information comprises the user identity information and the user identity digital signature information of the first terminal;
Performing a determining operation based on the third information to obtain a determining result, wherein the determining operation comprises at least one of registration server signature certificate verification, user identity information verification and user identity digital signature information verification;
and determining the user identity of the first terminal based on the determination result.
In some embodiments, the second information includes the user identity information, the user identity digital signature information, and a registration server signature certificate.
In some embodiments, the third information is received via a caller request message.
In some embodiments, the performing a determining operation based on the third information to obtain a determination result includes:
Determining that the third information comprises the user identity information, the user identity digital signature information and the registration server signature certificate, and executing a determining operation based on the third information to obtain the determining result.
In some embodiments, the performing a determining operation based on the third information to obtain a determination result includes:
Verifying the registration server signature certificate based on a preset CA certificate;
determining that verification of the registration server signature certificate is successful, and executing verification of the user identity information;
and determining that the user identity information is successfully checked, and executing the user identity digital signature information check to obtain the determination result.
In some embodiments, the method further comprises:
determining that the identity of the first terminal is credible, and displaying the user identity information;
And determining that the identity of the first terminal is not trusted, and not displaying the user identity information.
According to a fourth aspect of embodiments of the present disclosure, there is provided an apparatus for determining a user identity, the apparatus comprising a transceiver module configured to:
the method comprises the steps of sending first information to a registration server, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
Receiving the second information sent by the registration server;
and sending third information to a second terminal, wherein the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal.
According to a fifth aspect of embodiments of the present disclosure, there is provided an apparatus for determining a user identity, the apparatus comprising:
the receiving and transmitting module is configured to receive first information sent by a first terminal, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
An acquisition module configured to acquire the second information;
The transceiver module is configured to send the second information to the first terminal.
According to a sixth aspect of embodiments of the present disclosure, there is provided an apparatus for determining a user identity, the apparatus comprising:
the receiving and transmitting module is configured to receive third information sent by the first terminal, wherein the third information is used for calling the second terminal and is used for determining the user identity of the first terminal by the second terminal, and the third information comprises user identity information and user identity digital signature information of the first terminal;
The determining module is configured to execute a determining operation based on the third information to obtain a determining result, wherein the determining operation comprises at least one of registration server signature certificate verification, user identity information verification and user identity digital signature information verification;
and the determining module is configured to determine the user identity of the first terminal based on the determining result.
According to a seventh aspect of embodiments of the present disclosure, there is provided a processing apparatus including:
a memory for storing an executable program;
And a processor, configured to implement a method according to any one of the embodiments of the present disclosure when executing the executable program stored in the memory.
According to an eighth aspect of embodiments of the present disclosure, there is provided a computer storage medium storing an executable program which, when executed by a processor, implements a method according to any one of the embodiments of the present disclosure.
According to a ninth aspect of embodiments of the present disclosure, there is provided a computer program product comprising a computer program or instructions which, when executed by a processor, implement a method as in any of the embodiments of the present disclosure.
In the embodiment of the disclosure, first information is sent to a registration server, the first information is used for requesting second information, the second information comprises user identity information and user identity digital signature information of the first terminal, and the second information sent by the registration server is received. In this way, the first terminal can acquire the user identity information and the user identity digital signature information of the first terminal from the registration server in a request mode, and the acquired information can be used for subsequent identification of the user identity of the first terminal. And sending third information to a second terminal, wherein the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal. In this way, the second information can be sent to the second terminal during the process of calling the second terminal by the first terminal, so that the second terminal can realize the identification of the user identity of the first terminal based on the second information, compared with a mode of identifying the user identity of the first terminal by using an additional application, the method has the advantages that the application is not required to be downloaded and installed, the database is not required to be updated, unreliable data is not required to be relied on, and therefore the identity identification of the first terminal can be more efficient, quick and reliable.
Drawings
FIG. 1 is a flow chart illustrating a method of determining a user identity according to a first embodiment;
FIG. 2 is a flow chart illustrating a method of determining a user identity according to a second embodiment;
FIG. 3 is a flow chart illustrating a method of determining a user identity according to a third embodiment;
FIG. 4 is a flow chart illustrating a method of determining a user identity according to a fourth embodiment;
Fig. 5 is a flow chart illustrating a network registration flow according to a fifth embodiment;
Fig. 6 is a flow diagram of a calling flow according to a sixth embodiment;
fig. 7 is a flow chart illustrating a method for determining a user identity according to a seventh embodiment;
FIG. 8 is a schematic diagram illustrating the generation of user identity digital signature information according to an eighth embodiment;
fig. 9 is a flowchart of a user identity information verification method according to a ninth embodiment;
FIG. 10 is a schematic diagram showing a signature verification according to a tenth embodiment;
fig. 11 is a schematic diagram of an apparatus for determining a user identity according to an eleventh embodiment.
Fig. 12 is a schematic diagram of an apparatus for determining a user identity according to a twelfth embodiment.
Fig. 13 is a schematic view of an apparatus for determining a user identity according to a thirteenth embodiment.
Detailed Description
The present invention will be further described in detail with reference to the accompanying drawings, for the purpose of making the objects, technical solutions and advantages of the present invention more apparent, and the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by those skilled in the art without making any inventive effort are within the scope of the present invention.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In the following description, the terms "first", "second", "third" and the like are merely used to distinguish similar objects and do not represent a particular ordering of the objects, it being understood that the "first", "second", "third" may be interchanged with a particular order or sequence, as permitted, to enable embodiments of the invention described herein to be practiced otherwise than as illustrated or described herein.
In the following description, references to "greater than" and "less than" are made, and it is noted that "greater than" may be used to indicate "greater than" or "equal to" and "less than" may be used to indicate "less than" or "equal to" in the present disclosure.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
In order to better understand the embodiments of the present disclosure, first, an application scenario of the technical scheme of the present disclosure is described:
In some embodiments, the session initiation protocol (SIP, session Initiation Protocol), RFC3261 protocol, is one of the key communication protocols in the technical fields of IP multimedia system (IMS, IP Multimedia Subsystem) core network, voice over IP (VoIP, voice over Internet Protocol), etc., for initiating a communication session. The embodiments of the present disclosure may be applied to SIP-based telephony scenarios.
In some embodiments, several header fields are included in the session establishment request (INVITE) of the SIP protocol, where the calling party is declared through the FROM (telephone initiator) header field and the called party is declared through the TO (telephone receiver) header field. When receiving the INVITE request, namely ringing, the called party can obtain two pieces of information of the calling party through the FROM header field, namely the display name (DISPLAY NAME) of the calling party and the SIP identity (ID, identity Document) of the calling party, and the information corresponds to the real call scene, and the called terminal can display the calling telephone number when ringing.
In some embodiments, if the called party sees only one telephone number of the caller upon an incoming call, it is not possible to accurately determine the true social identity of the party, such as whether the party is indeed a so-called banking employee, and is therefore also susceptible to being deceptively successful. On the other hand, the frequent occurrence of telecommunication fraud also makes some people particularly distrust the incoming calls, and an event occurs in which the incoming calls of the street office workers hang up as fraud calls. Thus, if the true and reliable caller identity information can be shown in the incoming call information, telecommunication fraud is effectively hit while normal call activities are protected.
In some embodiments, the From header field in the SIP protocol is defined as the display name (DISPLAY NAME) of the calling party plus the SIP ID of the calling party, and these two pieces of information do not include identity information that can help the called party identify the calling party. On the other hand, although the Call-Info header field in the protocol can be used for describing the identity information of the caller additionally, the protocol explicitly requires UA (User Agent) that the information of the header field can be presented to the user only if the trust of the Call-Info information can be verified, and the trust protocol itself for verifying the Call-Info information is not specified.
For the above reasons, the SIP protocol is not complete in terms of transferring and checking the user identity information, so other technical means are presented in the market to solve the problem of caller identification, mainly called mobile phone Application (APP) for caller identification. The operator of the APP establishes a user identity database of telephone numbers in an active labeling or user collection mode, and when a mobile phone calls, the APP queries the database according to the calling numbers to obtain calling identity information of the application, and prompts calling identities at an incoming call interface, such as suspected fraud telephones, express take-out telephones and the like.
The mobile phone APP with caller number identification has the defects that a user is required to download and install the APP, the convenience of use is not high, the second point is that the caller identity data is usually required to be downloaded to a terminal in order to be queried at the moment of caller identification, the problem of untimely data updating is brought, the third point is the most important point, a call request and an identity identification are two separate processes, the call request is a session part of SIP, the caller identity identification is an additional process, and the credibility of caller identity information prompted by the APP is established based on trust of a called user on the APP instead of being established by a technical means.
As shown in fig. 1, in an embodiment of the present disclosure, there is provided a method for determining a user identity, where the method is performed by a first terminal, and the method includes:
step S101, first information is sent to a registration server, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal.
Step S102, receiving the second information sent by the registration server.
Step S103, third information is sent to a second terminal, wherein the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal.
In the embodiment of the present disclosure, the method for determining the user identity may be applied to a scenario of SIP-based call, but is not limited thereto.
In some embodiments, the first terminal may be a cell phone. The first terminal may be a mobile phone as a calling terminal, for example. The second terminal may be a cell phone. The second terminal may be a mobile phone as a called terminal, for example.
In some embodiments, first information is sent to a registration server, the first information being used to request second information including user identity information of the first terminal, user identity digital signature information, and a registration server signature certificate. And receiving the second information sent by the registration server. And sending third information to a second terminal, wherein the third information is used for calling the second terminal, and the third information comprises the second information and is used for determining the user identity of the first terminal by the second terminal.
In some embodiments, third information is used by the second terminal to authenticate the user identity of the first terminal.
In some embodiments, the third information is directly indicative of a user identity of the first terminal.
In some embodiments, the third information is used by the second terminal to determine whether the user identity of the first terminal is trusted.
In some embodiments, the first information is sent via a network registration request message.
In some embodiments, the second information is received via a network registration response message.
In some embodiments, the third information is sent via a caller request message.
In some embodiments, a network registration request message (REGISTER request) is sent to a registration server, the network registration request message containing first information for requesting second information including user identity information and user identity digital signature information of the first terminal. And receiving a network registration response message sent by the registration server, wherein the network registration response message comprises the second information. And sending a calling request message (INVITE request) to a second terminal, wherein the calling request message comprises third information, the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal.
In some embodiments, the network registration response message may include a header field for at least one of:
User-Info header fields;
User-Info-Signature header fields;
Server-Cert header field.
In some embodiments, the main function of the User-Info header field is to return the User identity information authenticated in the identity authentication center, where the content included in the User identity information may be various, and the information format may include various commonly used data formats such as vCard format, JSON format, XML format, and the like.
Illustratively:
User-Info content-type=application/json, content= < { name: "He Maowei", organization: "vendor bank", organization-type: "bank" }.
In some embodiments, the User-Info-Signature header field is used to return the User identity digital Signature information of the User identity in the User-Info, and the header field further includes subject, timestamp, nonce auxiliary fields for enhancing the security of the Signature. The subject field is a session initiation protocol (SIP, session Initiation Protocol) identity (ID, identity document) of the calling user, the timestamp is a timestamp for generating a digital signature of the user identity, the nonce is a set of random strings, the expire is an expiration time of the signature, and the signature field is digital signature information of the user identity.
Illustratively:
User-Info-Signature:nonce="81L9FL14",timestamp="2023-07-27 21:32:00",subject="13091903552@domain.com",expire="2023-07-28 9:32:00",sign-type="SM2",signature="f549485e3ff18ae86388d851eef45ac4".
In some embodiments, a Server-Cert header field is used to return a registration Server signature certificate through which the registration Server returns its own signature certificate when signing based on the sub-certificate of the certificate chain.
Illustratively:
Server-Cert:cert=”MIILkzCCCnugAw......”,cert=”MIIFRjCCAy6gAw......”。
In some embodiments, the first terminal may locally store the information of the 3 header fields after receiving the network registration response message. It will be appreciated that the user identity information, the user identity digital signature information and the registration server signature certificate are stored.
In the embodiment of the disclosure, first information is sent to a registration server, the first information is used for requesting second information, the second information comprises user identity information and user identity digital signature information of the first terminal, and the second information sent by the registration server is received. In this way, the first terminal can acquire the user identity information and the user identity digital signature information of the first terminal from the registration server in a request mode, and the acquired information can be used for subsequent identification of the user identity of the first terminal. And sending third information to a second terminal, wherein the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal. In this way, the second information can be sent to the second terminal during the process of calling the second terminal by the first terminal, so that the second terminal can realize the identification of the user identity of the first terminal based on the second information, compared with a mode of identifying the user identity of the first terminal by using an additional application, the method has the advantages that the application is not required to be downloaded and installed, the database is not required to be updated, unreliable data is not required to be relied on, and therefore the identity identification of the first terminal can be more efficient, quick and reliable.
As shown in fig. 2, in an embodiment of the present disclosure, there is provided a method for determining a user identity, the method being performed by a registration server, the method including:
step S201, receiving first information sent by a first terminal, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal.
Step S202, acquiring the second information.
Step S203, sending the second information to the first terminal.
In the embodiment of the present disclosure, the method for determining the user identity may be applied to a scenario of SIP-based call, but is not limited thereto.
In some embodiments, the first terminal may be a cell phone. The first terminal may be a mobile phone as a calling terminal, for example. The second terminal may be a cell phone. The second terminal may be a mobile phone as a called terminal, for example.
In some embodiments, first information sent by a first terminal is received, the first information being used to request second information, the second information including user identity information, user identity digital signature information, and a registration server signature certificate of the first terminal. And acquiring the second information. And sending the second information to the first terminal.
In some embodiments, a network registration request message sent by a first terminal is received, wherein the network registration request message comprises first information, the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal. And acquiring the second information. And sending a network registration response message to the first terminal, wherein the network registration response message comprises the second information.
In some embodiments, the first terminal (caller) completes the authentication of real-name identity information at home, and the registration server or associated server stores the SIP ID of the caller and corresponding identity information.
In some embodiments, user authentication may be performed by the operator or a trusted party of the operator, the user completing authentication by providing valid identification material.
In some embodiments, to ensure timeliness of the authentication information, each identity authentication is only valid for a certain period, and re-authentication is required after the validity period is exceeded.
In some embodiments, the user who may have identity change can be automatically identified by using user portrait or the like in combination with data of user calling behavior, resident cities and the like, and identity authentication information of the user is invalidated in advance.
In some embodiments, the first terminal establishes an association between the user identity information and a session initiation service SIP identity ID.
In some embodiments, first information sent by a first terminal is received, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal. And inquiring the user identity information. In response to querying the user identity information, generating digital signature information for the user identity information by using a signature key. And acquiring the second information. And sending the second information to the first terminal.
In some embodiments, first information sent by a first terminal is received, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal. After the network registration authentication of the first terminal is completed, inquiring the authenticated user identity information. In response to querying the user identity information, generating digital signature information for the user identity information by using a signature key. And acquiring the second information. And sending the second information to the first terminal.
In some embodiments, first information sent by a first terminal is received, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal. And inquiring the user identity information. And generating a document to be signed based on predetermined information in response to the inquiry of the user identity information, wherein the predetermined information comprises at least one of user identity information, user identity information format, a Session Initiation Protocol (SIP) Uniform Resource Identifier (URI) of a user, a current time stamp, a random character string and the validity period of the current signature. And generating the digital signature information by using the signature secret key and the document to be signed. And acquiring the second information. And sending the second information to the first terminal.
In some embodiments, first information sent by a first terminal is received, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal. And inquiring the user identity information. In response to querying the user identity information, generating digital signature information for the user identity information by using a signature key. And acquiring the second information. And sending the second information to the first terminal. The signature key is sent to an authentication center (CA, CERTIFICATE AUTHORITY). And receiving the registration server signature certificate sent by the CA, wherein the registration server signature certificate is generated based on the signature secret key.
In some embodiments, to enhance the trustworthiness of the registration server signing process, the signing public key of the registration server needs to be submitted to the CA center to issue a public key certificate.
As shown in fig. 3, in an embodiment of the present disclosure, there is provided a method for determining a user identity, the method being performed by a second terminal, the method including:
step S301, receiving third information sent by a first terminal, wherein the third information is used for calling a second terminal and determining the user identity of the first terminal, and the third information comprises user identity information and user identity digital signature information of the first terminal.
And step S302, a determining operation is executed based on the third information to obtain a determining result, wherein the determining operation comprises at least one of registration server signature certificate verification, user identity information verification and user identity digital signature information verification.
Step S303, determining the user identity of the first terminal based on the determination result.
In the embodiment of the present disclosure, the method for determining the user identity may be applied to a scenario of SIP-based call, but is not limited thereto.
In some embodiments, the first terminal may be a cell phone. The first terminal may be a mobile phone as a calling terminal, for example. The second terminal may be a cell phone. The second terminal may be a mobile phone as a called terminal, for example.
In some embodiments, third information sent by a first terminal is received, the third information being used for calling the second terminal and for the second terminal to determine a user identity of the first terminal, the third information including user identity information of the first terminal, user identity digital signature information, and a registration server signature certificate. And executing a determining operation based on the third information to obtain a determining result, wherein the determining operation comprises signature certificate verification of the registration server, user identity information verification and user identity digital signature information verification. And determining the user identity of the first terminal based on the determination result. Here, it may be determined whether the user identity of the first terminal is authentic based on the determination result.
In some embodiments, a calling request message sent by a first terminal is received, wherein the calling request message comprises third information, the third information is used for calling the second terminal and used for determining the user identity of the first terminal by the second terminal, and the third information comprises user identity information, user identity digital signature information and a registration server signature certificate of the first terminal. And executing a determining operation based on the third information to obtain a determining result, wherein the determining operation comprises signature certificate verification of the registration server, user identity information verification and user identity digital signature information verification. And determining the user identity of the first terminal based on the determination result. It should be noted that the determining operation may be an authentication operation, and the determining result may be an authentication result.
In some embodiments, third information sent by a first terminal is received, the third information being used for calling the second terminal and for the second terminal to determine a user identity of the first terminal, the third information including user identity information of the first terminal, user identity digital signature information, and a registration server signature certificate. And determining the third information to comprise the user identity information, the user identity digital signature information and the registration server signature certificate, and executing a determining operation based on the third information to obtain the determining result, wherein the determining operation comprises registration server signature certificate verification, user identity information verification and user identity digital signature information verification. And determining the user identity of the first terminal based on the determination result.
In some embodiments, third information sent by a first terminal is received, the third information being used for calling the second terminal and for the second terminal to determine a user identity of the first terminal, the third information including user identity information of the first terminal, user identity digital signature information, and a registration server signature certificate. And verifying the registration server signature certificate based on a preset CA certificate. And determining that the verification of the sign certificate of the registration server is successful, and executing the verification of the user identity information. And determining that the user identity information is successfully checked, and executing the user identity digital signature information check to obtain the determination result. And determining the user identity of the first terminal based on the determination result.
In some embodiments, third information sent by a first terminal is received, wherein the third information is used for calling the second terminal and used for determining the user identity of the first terminal by the second terminal, and the third information comprises user identity information and user identity digital signature information of the first terminal. And executing a determining operation based on the third information to obtain a determining result, wherein the determining operation comprises at least one of registration server signature certificate verification, user identity information verification and user identity digital signature information verification. And determining the user identity of the first terminal based on the determination result. And determining that the identity of the first terminal is credible, and displaying the user identity information. And determining that the identity of the first terminal is not trusted, and not displaying the user identity information.
For a better understanding of the disclosed embodiments, the disclosure is further illustrated by the following 3 exemplary embodiments:
Example 1:
In the embodiment of the disclosure, based on the existing SIP protocol, a mechanism for verifying (determining or authenticating) the identity information of the SIP user and the identity information is expanded and added, and clear and credible calling identity prompt can be realized in a session initiation stage, so that the telecom fraud risk is effectively reduced.
Referring to fig. 4, a method for determining a user identity is provided, the method comprising:
step S401, user identity information authentication.
In some embodiments, the registration server associates user identity information with the SIP ID.
In some embodiments, the calling User (corresponding to the first terminal, or may also be referred to as a calling client User agent (UAC, user AGENT CLIENT)) completes the authentication of the real-name identity information at home, and the registration server or associated server stores the SIP ID of the calling User and the corresponding User identity information.
Step S402, the calling UAC completes registration.
In some embodiments, the calling UAC obtains user identity information, a user identity digital signature, and a registration server certificate.
In some embodiments, the calling terminal initiates a registration (REGISTER) request (first information), after the registration server completes registration authentication, queries user identity information corresponding to the user, generates a digital signature for the user identity information by using its own signature key, returns the user identity information, the user identity digital signature information and the registration server signature certificate in a header field of a 200OK (indicating that the opposite party phone has been received) response (second information), and locally saves the returned user identity information, the user identity digital signature information and the registration server signature certificate.
Step S403, the calling UAC sends an INVITE request.
In some embodiments, the INVITE request carries user identity information, user identity digital signature information, and a registration server certificate.
In some embodiments, the calling terminal initiates an INVITE request (third information), carrying the user identity information, the user identity digital signature, and the registration server signature certificate through the header field.
Step S404, the called UAS receives the INVITE request.
In some embodiments, caller identity information is checked.
In some embodiments, the called terminal (the second terminal, or called a called server User Agent (UAS), AGENT SERVER) receives the INVITE request, parses the caller's User identity information and corresponding User identity digital signature through the header field, and verifies the User identity digital signature through the registration server signature certificate.
Step S405, after the signature verification (verification, verification or authentication) is successful, the called terminal prompts the calling identity information to the user while ringing.
Step S406, when the signature verification is unsuccessful or INVTIE requests do not contain the header fields expanded by the present disclosure, the called terminal only rings and does not make the calling identity information prompt.
Step S407, executing the subsequent call flow.
In some embodiments, user authentication may be performed by the operator or a trusted party of the operator, the user completing authentication by providing valid identification material. In order to ensure timeliness of authentication information, each identity authentication is only valid for a period of time, and re-authentication is needed after the valid period is exceeded. Meanwhile, the user who is likely to have identity change can be automatically identified by adopting the user portrait and the like according to the data of the calling behavior of the user, the resident city and the like, and the identity authentication information of the user is invalidated in advance.
Example 2
In some embodiments, referring to fig. 5, a method of determining whether a user identity is viable is provided, the method comprising:
Step S501, a calling terminal (first terminal) sends a network registration request (REGISTER request) to a registration server;
step S502, return 401Unauthorized (may not be performed).
Step S503, the calling terminal sends a REGISTER request (carrying an authentication header field) to the registration server.
Step S504, inquiring the user identity information and signing the user identity information.
Step S505 returns 200OK (header field carrying identity information etc.).
In some embodiments, after receiving a REGISTER request of a calling terminal and the user registration authentication is successful, the registration server needs to query whether the user has authenticated user identity information, and if so, a digital signature is generated on the user identity information by using a signature key of the registration server itself. The signature can be performed by adding a current time stamp and a nonce random number together with the user identity information.
Step S505 returns 200OK (header field carrying identity information etc.). The 200OK corresponds to a network registration response message, and the header field of the network registration response message may be referred to the description of the network registration response message part in the foregoing section.
Example 3
In some embodiments, referring to fig. 6, a method of determining whether a user identity is viable is provided, the method comprising:
Step S601, the calling terminal (first terminal) transmits an INVITE request to the called terminal (second terminal).
Step S602, checking user identity information and user identity digital signature information.
Step S603, prompting user identity information.
Step S604, returning to 100Trying.
Step S605 returns 200OK.
In some embodiments, when the calling terminal sends out an INVITE request in step S601, 3 header field information, namely User-Info, user-Info-Signature, server-Cert, returned by the registration server received when the registration is successful is added on the basis of the standard SIP protocol.
In some embodiments, after receiving the INVITE request, the called terminal checks whether 3 header fields of User-Info, user-Info-Signature, server-Cert exist simultaneously, if so, checks the digital signature information of the User identity, and after checking, the called terminal rings the caller identity information, if not, only rings.
In some embodiments, referring to fig. 7, a method of determining whether a user identity is viable is provided, the method comprising:
Step S701, checking whether 3 header fields of User-Info, user-Info-Signature, server-Cert exist.
Step S702, checking user identity signature information.
Step S703, ringing and prompting the identity of the calling User according to the User-info header content.
Step S704, only ringing.
Step S705, executing the subsequent call flow.
Example 4
In some embodiments, please refer to fig. 8, the logic of the User identity information Signature is as shown in fig. 8, and the identity information (content value in the User-Info header field), the identity information format (content-type value in the User-Info header field), the SIP URI (subject value in the User-Info-Signature header field) of the User, the current timestamp (timestamp value in the User-Info-Signature header field), the random string (nonce value in the User-Info-Signature header field), and the validity period time (valid value in the User-Info-Signature header field) of the Signature are spliced into the document to be signed during the Signature, and the Signature string is generated by using the Signature private key of the registration server. The algorithm for the registration server to generate the Signature needs to be set in the sign-type field in the User-Info-Signature header field.
In some embodiments, to enhance the trustworthiness of the registration Server signing process, the registration Server's public signature key needs to be submitted to the CA center to issue a public key certificate, which is added to the SIP message through the Server-Cert header field. The root certificate of CA is preset in the called terminal to verify the public key certificate of the registration server, the root certificate is globally unique, and the sub-certificates of each registration server are different under the condition that a plurality of registration servers exist.
In some embodiments, referring to fig. 9, a method for determining the identity of a user is provided, and when the called terminal receives an INVITE request, it will verify whether the user information is trusted. The caller identity verification process comprises the following steps:
Step S901, verifying a Server signature certificate carried in a Server-Cert header field through a preset CA certificate in a called terminal.
Step S902, comparing whether the subject field value of the User-Info-Signature header field in the INVITE message is consistent with the calling SIP URI in the From header field, if not, the identity information verification fails. Next, step S903 verifies that the signature of the user information passes, and the user identity information passes, so that the identity information is trusted.
Step S903, checking the user identity digital signature information. As shown in fig. 10, the Signature public key used for Signature verification is taken from the Server-Cert header field, and the Signature value is taken from the Signature field value in the User-Info-Signature header field, corresponding to the Signature generation scheme described above.
Step S904, the user identity information verification is successful.
Step S905, the verification of the user identity information fails.
As shown in fig. 11, an embodiment of the present disclosure provides an apparatus for determining a user identity, the apparatus including a transceiver module 111 configured to:
the method comprises the steps of sending first information to a registration server, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
Receiving the second information sent by the registration server;
and sending third information to a second terminal, wherein the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal.
As shown in fig. 12, an embodiment of the present disclosure provides an apparatus for determining a user identity, the apparatus comprising:
A transceiver module 121 configured to receive first information sent by a first terminal, where the first information is used to request second information, and the second information includes user identity information and user identity digital signature information of the first terminal;
An acquisition module 122 configured to acquire the second information;
The transceiver module 121 is configured to send the second information to the first terminal.
As shown in fig. 13, an embodiment of the present disclosure provides an apparatus for determining a user identity, the apparatus comprising:
A transceiver module 131 configured to receive third information sent by a first terminal, where the third information is used for calling the second terminal and is used for the second terminal to determine a user identity of the first terminal, and the third information includes user identity information and user identity digital signature information of the first terminal;
An authentication module 132 configured to perform a determining operation based on the third information to obtain a determining result, wherein the determining operation includes at least one of registration server signature certificate verification, user identity information verification, user identity digital signature information verification;
a determining module 133 is configured to determine whether the user identity of the first terminal is trusted based on the determination result.
The disclosed embodiments provide a processing apparatus including:
a memory for storing an executable program;
And a processor, configured to implement a method according to any one of the embodiments of the present disclosure when executing the executable program stored in the memory.
It will be appreciated that the memory can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. The non-volatile Memory may be, among other things, a Read Only Memory (ROM), a programmable Read Only Memory (PROM, programmable Read-Only Memory), erasable programmable Read-Only Memory (EPROM, erasable Programmable Read-Only Memory), electrically erasable programmable Read-Only Memory (EEPROM, ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory), Magnetic random access Memory (FRAM, ferromagnetic random access Memory), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk-Only Memory (CD-ROM, compact Disc Read-Only Memory), which may be disk Memory or tape Memory. The volatile memory may be random access memory (RAM, random Access Memory) which acts as external cache memory. by way of example and not limitation, many forms of RAM are available, such as static random access memory (SRAM, static Random Access Memory), synchronous static random access memory (SSRAM, synchronous Static Random Access Memory), dynamic random access memory (DRAM, dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, synchronous Dynamic Random Access Memory), and, Double data rate synchronous dynamic random access memory (DDRSDRAM, double Data Rate Synchronous Dynamic Random Access Memory), enhanced synchronous dynamic random access memory (ESDRAM, enhanced Synchronous Dynamic Random Access Memory), synchronous link dynamic random access memory (SLDRAM, syncLink Dynamic Random Access Memory), Direct memory bus random access memory (DRRAM, direct Rambus Random Access Memory). The memory described by embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
The topology structure determining method disclosed by the application can be applied to the processor or realized by the processor. The processor may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the topology determination method may be completed by an integrated logic circuit of hardware in a processor or an instruction in a software form. The Processor may be a general purpose Processor, a digital signal Processor (DSP, digital Signal Processor), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor may implement or perform the methods, steps, and logic blocks disclosed in the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the application can be directly embodied as the execution of the hardware decoding processor or the combined execution of the hardware and software modules in the decoding processor. The software module may be located in a storage medium, where the storage medium is located in a memory, and the processor reads information in the memory, and in combination with its hardware, performs the steps of the topology determination method provided by the embodiment of the present application.
The present application also provides a computer storage medium storing an executable program that, when executed by a processor, implements a method for determining a topology according to any one of the embodiments of the present disclosure. In particular, the computer readable storage medium may be a computer program, for example, comprising a memory storing a computer program executable by a processor of a processing device for performing the steps of the method according to the embodiments of the present application. The computer readable storage medium may be ROM, PROM, EPROM, EEPROM, flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
The disclosed embodiments provide a computer program product comprising a computer program or executable instructions stored in a computer readable storage medium. A processor of a computer device reads the computer program or executable instructions from a computer readable storage medium, and the processor executes the computer program or executable instructions to cause the computer device to perform a method of determining a user identity according to any one of the above-described embodiments of the present disclosure.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (23)

1. A method of determining a user identity, the method being performed by a first terminal, the method comprising:
the method comprises the steps of sending first information to a registration server, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
Receiving the second information sent by the registration server;
and sending third information to a second terminal, wherein the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal.
2. The method of claim 1, wherein the second information comprises the user identity information, the user identity digital signature information, and a registration server signature certificate.
3. The method according to claim 1, wherein the first information is sent via a network registration request message and/or the second information is received via a network registration response message and/or the third information is sent via a caller request message.
4. A method of determining a user identity, the method performed by a registration server, the method comprising:
Receiving first information sent by a first terminal, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
Acquiring the second information;
and sending the second information to the first terminal.
5. The method of claim 4, wherein the second information comprises the user identity information, the user identity digital signature information, and a registration server signature certificate.
6. The method according to claim 4, wherein the method further comprises:
and establishing an association relation between the user identity information and session initiation service SIP identity ID.
7. The method of claim 4, wherein the first information is received via a network registration request message and/or the second information is sent via a network registration response message.
8. The method of claim 5, wherein the method further comprises:
inquiring the user identity information;
In response to querying the user identity information, generating digital signature information for the user identity information by using a signature key.
9. The method of claim 8, wherein querying the user identity information comprises:
and after the network registration authentication of the first terminal is completed, inquiring the user identity information.
10. The method of claim 8, wherein the method further comprises:
Generating a document to be signed based on preset information, wherein the preset information comprises at least one of user identity information, user identity information format, a Session Initiation Protocol (SIP) Uniform Resource Identifier (URI) of a user, a current time stamp, a random character string and the validity period of the signature;
the generating digital signature information for the user identity information using a signature key includes:
and generating the digital signature information by using the signature secret key and the document to be signed.
11. The method of claim 8, wherein the method further comprises:
Transmitting the signature key to an authentication center CA;
And receiving the registration server signature certificate sent by the CA, wherein the registration server signature certificate is generated based on the signature secret key.
12. A method of determining the identity of a user, the method being performed by a second terminal, the method comprising:
Receiving third information sent by a first terminal, wherein the third information is used for calling the second terminal and determining the user identity of the first terminal by the second terminal, and the third information comprises the user identity information and the user identity digital signature information of the first terminal;
performing a determining operation based on the third information to obtain a determining result, wherein the determining operation comprises at least one of checking a registration server signature certificate, checking user identity information, checking user identity digital signature information;
and determining the user identity of the first terminal based on the determination result.
13. The method of claim 12, wherein the second information comprises the user identity information, the user identity digital signature information, and a registration server signature certificate.
14. The method of claim 12, wherein the third information is received via a caller request message.
15. The method of claim 12, wherein the performing a determining operation based on the third information to obtain a determination result comprises:
Determining that the third information comprises the user identity information, the user identity digital signature information and the registration server signature certificate, and executing a determining operation based on the third information to obtain the determining result.
16. The method of claim 12, wherein the performing a determining operation based on the third information to obtain a determination result comprises:
Verifying the registration server signature certificate based on a preset CA certificate;
determining that verification of the registration server signature certificate is successful, and executing verification of the user identity information;
and determining that the user identity information is successfully checked, and executing the user identity digital signature information check to obtain the determination result.
17. The method according to claim 12, wherein the method further comprises:
determining that the identity of the first terminal is credible, and displaying the user identity information;
And determining that the identity of the first terminal is not trusted, and not displaying the user identity information.
18. An apparatus for determining a user identity, the apparatus comprising a transceiver module configured to:
the method comprises the steps of sending first information to a registration server, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
Receiving the second information sent by the registration server;
and sending third information to a second terminal, wherein the third information is used for calling the second terminal, the third information comprises the second information, and the third information is used for determining the user identity of the first terminal by the second terminal.
19. An apparatus for determining the identity of a user, the apparatus comprising:
the receiving and transmitting module is configured to receive first information sent by a first terminal, wherein the first information is used for requesting second information, and the second information comprises user identity information and user identity digital signature information of the first terminal;
An acquisition module configured to acquire the second information;
The transceiver module is configured to send the second information to the first terminal.
20. An apparatus for determining the identity of a user, the apparatus comprising:
The receiving and transmitting module is configured to receive third information sent by the first terminal, wherein the third information is used for calling the second terminal and is used for determining the user identity of the first terminal by the second terminal, and the third information comprises user identity information and user identity digital signature information of the first terminal;
the determining module is configured to execute a determining operation based on the third information to obtain a determining result, wherein the confirming operation comprises at least one of registration server signature certificate verification, user identity information verification and user identity digital signature information verification;
and the determining module is configured to determine the user identity of the first terminal based on the determining result.
21. A processing apparatus, characterized in that the processing apparatus comprises:
a memory for storing an executable program;
a processor for implementing the method of any one of claims 1 to 3, 4 to 11 and/or 12 to 17 when executing an executable program stored in the memory.
22. A computer storage medium storing an executable program which, when executed by a processor, implements the method of any one of claims 1 to 3, 4 to 11 and/or 12 to 17.
23. A computer program product comprising a computer program or instructions which, when executed by a processor, implements the method of any one of claims 1 to 3, 4 to 11 and/or 12 to 17.
CN202410104258.XA 2024-01-23 2024-01-23 Method, device, processing equipment and storage medium for determining user identity Pending CN120378524A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410104258.XA CN120378524A (en) 2024-01-23 2024-01-23 Method, device, processing equipment and storage medium for determining user identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410104258.XA CN120378524A (en) 2024-01-23 2024-01-23 Method, device, processing equipment and storage medium for determining user identity

Publications (1)

Publication Number Publication Date
CN120378524A true CN120378524A (en) 2025-07-25

Family

ID=96440036

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410104258.XA Pending CN120378524A (en) 2024-01-23 2024-01-23 Method, device, processing equipment and storage medium for determining user identity

Country Status (1)

Country Link
CN (1) CN120378524A (en)

Similar Documents

Publication Publication Date Title
US12238243B2 (en) Validating automatic number identification data
US10893138B2 (en) Caller identity and authentication service
US20090046839A1 (en) Verifying authenticity of called party in telephony networks
KR101268702B1 (en) Verifying authenticity of voice mail participants in telephony networks
US20090025075A1 (en) On-demand authentication of call session party information during a telephone call
BR102021024805A2 (en) END-TO-END MANAGEMENT OF AUTHENTICATED COMMUNICATIONS
CA3131418C (en) Validating telephone calls by verifying entity identities using blockchains
US20200313901A1 (en) Method of Identity Authentication for Voice over Internet Protocol Call and Related Device
CN102217280B (en) User service authentication method, system and server
CN113765906B (en) Method, equipment and system for one-key login of terminal application program
US20170104870A1 (en) A method to authenticate calls in a telecommunication system
GB2432278A (en) Transmitting MAC address during SIP registration
US11750593B2 (en) Call authorization and verification via a service provider code
US11290592B2 (en) Call authorization and verification via a service provider code
KR20100038990A (en) Apparatus and method of secrity authenticate in network authenticate system
US7606351B2 (en) Telephone number change notification method and telephone number change notification system
WO2021031741A1 (en) Voip processing method, device, and terminal
US9544424B1 (en) Trust enabled communication system
CN102984335B (en) Dial the identity identifying method of landline telephone, equipment and system
US20090025062A1 (en) Verifying authenticity of conference call invitees
EP1294157B1 (en) Method and apparatus for identifying a voice caller
CN108833105B (en) Electronic signature method and device
CN120378524A (en) Method, device, processing equipment and storage medium for determining user identity
US8627439B2 (en) Processing communication events in a communications system
US9882891B2 (en) Identity verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination