Call Today 716.688.4675

SIP User Authentication

There are two forms of authentication in SIP – authentication of a user agent (UA) by a proxy, redirect, or registration server and authentication of one UA by another. With Transport Layer Security (TLS), mutual authentication of proxies or a proxy and UA is accomplished using certificates. Authentication is used to allow only authorized access to a service or feature and prevent malicious or unauthorized use by other applications.

Digest Authentication

Digest authentication is a simple challenge/response method based on HTTP. For RFC 2069, it employs a MD5 hash algorithm to encode the username, realm, password, digest URI, and server generated nonce as follows:

  • H1 = MD5(username : realm : password)
  • H2 = MD5(method : digestURI)
  • Response = MD5(H1 : nonce : H2)

RFC 2617 added a client generated nonce and quality of protection (QoP) to improve security as follows:

  • Response = MD5(H1 : nonce : nonceCount : nonceClient : QoP : H2)

SIP Proxy and User Authentication

As depicted in the figure, the message flow for both proxy and user agent authentication is illustrated. The initial INVITE is challenged with a 407 Proxy authorization required. The UA responds with an ACK and then reissues the INVITE containing the authentication credentials. The next proxy server or end UA responds with a 401 Unauthorized message back to the source UA to again reissue the INVITE with the proper authentication credentials and complete the authentication process.

SIP Authentication Challenge Improves User Security

Features

  • RFC 3261 SIPv2 Compliant
  • Supports end-to-end and hop-by-hop authentication

SIP Software

VOCAL’s embedded libraries include a complete range of ETSI / ITU / IEEE compliant algorithms, in addition to many other standard and proprietary algorithms. Our SIP source code is optimized for execution on ANSI C  and leading DSP architectures  from TI, ADI, AMD, Intel, ARM, MIPS, and other vendors. The SIP software libraries  are modular and can be executed as a single task under a variety of operating systems or standalone with its own microkernel.

supported-platforms

VOCAL Technologies, Ltd.
520 Lee Entrance, Suite 202
Amherst New York 14228
Phone: +1-716-688-4675
Fax: +1-716-639-0713
Email: sales@vocal.com