摘要: 以基于身份的非对称加密技术为核心,引入身份证书和更具灵活性的XML格式属性证书,解决用户身份认证、私钥分发和安全实现增值服务问题。与话者在通话时,利用证书向PKDC进行身份认证,获取私钥,用于加密传输会话密钥。在信令协商过程中,CPL服务器通过验证用户的属性证书提取用户属性,更加便捷地实现增值服务。
关键词:
XML语言,
属性证书,
私钥分发中心
Abstract: To solve the problems of authentication of user identity, private-key distribution and secure realization of increment service, a new scheme is proposed by taking the public-key algorithm based on identity as the core. The identity certificate and the flexible XML attribute certificate are used in the new scheme. Participants use their identity certificates to authenticate themselves to PKDC, and obtain the private-key, which are used to encrypt and transmit the session key. And in the process of signaling negotiation, the increment service is realized expediently by CPL server authenticating the user attribute certificate and picking up the user attribute.
Key words:
XML,
attribute certificate,
private-key distribution center
中图分类号:
刘 刚;覃 嘉;廖 伟;刘 强;吕玉琴. 基于SIP协议的网络电话安全方案及实现[J]. 计算机工程, 2008, 34(11): 140-142.
LIU Gang; QIN Jia; LIAO Wei; LIU Qiang; LV Yu-qin. Security Mechanism and Realization for SIP-based Network Telephone[J]. Computer Engineering, 2008, 34(11): 140-142.