IWF Privacy Extensions for Asserted Identity in Untrusted Networks
For IWF privacy, the Oracle® Enterprise Session Border Controller supports:
- IWF caller privacy on unsecure networks—A variant of RFC 3325, where the P-Asserted-Id is inserted when the presentation indicator is set to allowed. This feature enables bi-directional SIP/H.323 IWF support for CPID hiding by using the presentation indicators in the Calling Party Number information element forH.323 signaling, and RFC 3325-based privacy support for SIP signaling. It allows the
Oracle® Enterprise Session Border Controller to insert the P-Asserted-Identity and the Privacy header in the INVITE when the presentation indicator is set to restricted.
The presence, or absence, of P-Asserted-Identity and Privacy headers in the SIP INVITE informs the remote SIP proxy or endpoint to either block or advertise the CPID.
- IWF caller privacy on secure connections—When the H.323 endpoint sends a SETUP with presentation indicator set to allowed, the Oracle® Enterprise Session Border Controller does not insert the P-Asserted-Identity in the INVITE. The SIP INVITE needs the P-Asserted-Identity header to support calling line identification presentation (CLIP) to calling line identification restriction (CLIR) in an IP multimedia subsystem (IMS) solution. This feature allows the Oracle® Enterprise Session Border Controller to insert the P-Asserted-Identity in the INVITE when the presentation indicator is set to allowed.
Now the Oracle® Enterprise Session Border Controller supports an enhancement to IWF caller privacy where the P-Preferred-Identity is inserted instead of the P-Asserted-Identity.
In this implementation, when the incoming H.323 Setup message has a presentation indicator set to restricted and the ingress H.323 session agent has the new PPreferredId option configured, the Oracle® Enterprise Session Border Controller sends the Privacy header with P-Preferred-Identity (instead of P-Asserted-Identity).
IWF Call Originating in H.323
This section shows an example H.323 Setup that arrives from an H.323 endpoint, and how the Oracle® Enterprise Session Border Controller adds the P-Preferred-Identity header (which has calling party number information) and the Privacy header to the SIP INVITE.
Sample H.323 Setup from a Remote Endpoint
Q.931
Protocol discriminator: Q.931
Call reference value length: 2
Call reference flag: Message sent from originating side
Call reference value: 2FB6
Message type: SETUP (0x05)
Bearer capability
Information element: Bearer capability
Length: 3
...0 1000 = Information transfer capability: Unrestricted digital information (0x08)
.00. .... = Coding standard: ITU-T standardized coding (0x00)
1... .... = Extension indicator: last octet
...1 0011 = Information transfer rate: 384 kbit/s (0x13)
.00. .... = Transfer mode: Circuit mode (0x00)
1... .... = Extension indicator: last octet
...0 0101 = User information layer 1 protocol: Recommendation H.221 and H.242 (0x05)
1... .... = Extension indicator: last octet
Display 'rdoe\000'
Information element: Display
Length: 9
Display information: jdoe\000
Calling party number: '42343'
Information element: Calling party number
Length: 6
.... 0001 = Numbering plan: E.164 ISDN/telephony numbering (0x01)
.000 .... = Number type: Unknown (0x00)
0... .... = Extension indicator: information continues through the next octet
.... ..00 = Screening indicator: User-provided, not screened (0x00)
.01. .... = Presentation indicator: Presentation restricted (0x01)
1... .... = Extension indicator: last octet
Calling party number digits: 42343
E.164 Calling party number digits: 42343
Called party number: '780'
Information element: Called party number
Length: 4
.... 0001 = Numbering plan: E.164 ISDN/telephony numbering (0x01)
.000 .... = Number type: Unknown (0x00)
1... .... = Extension indicator: last octet
Called party number digits: 780
E.164 Called party number digits: 780
User-user
Information element: User-user
Length: 161
Protocol discriminator: X.208 and X.209 coded user information
Sample SIP INVITE from the SBC to a SIP Endpoint
Aug 29 15:46:25.214 On [0:0]192.168.200.68:5060 sent to 192.168.200.6:5060
INVITE sip:780@192.168.200.6:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.200.68:5060;branch=z9hG4bK6810pr20205h2akqe381.1
Contact: "Anonymous"<sip:anonymous@192.168.200.68:5060;transport=udp>
Supported: 100rel
From: "Anonymous"<sip:anonymous@anonymous.invalid>;tag=SDfd9sa01-000000ba00023280
To: <sip:780@192.168.200.6:5060>
Call-ID: SDfd9sa01-6f93292521b83a0980647f34451c5afd-06ahc21
CSeq: 2 INVITE
P-Preferred-Identity: "rdoe"<sip:42343@192.168.200.68:5060>
<b>Privacy: id<\b>
Content-Length: 180
Content-Type: application/sdp
Max-Forwards: 70
v=0
o=IWF 5 5 IN IP4 192.168.200.5
s=H323 Call
c=IN IP4 192.168.200.65
t=0 0
m=audio 5010 RTP/AVP 0
a=rtpmap:0 PCMU/8000/1
m=video 5014 RTP/AVP 31
a=rtpmap:31 H261/9000/1
Before You Configure
Before you configure your Oracle® Enterprise Session Border Controller to support this feature, note the following considerations:
- The ingress H.323 session agent cannot be configured with the NoPAssertedId option
- For use in Release 4.1.1 and higher, the global SIP configuration should be configured with the disable-ppi-to-pai option; the older disable-privacy option will also work