1. ACLI Configuration Guide
  2. IWF Services
  3. IWF Privacy Extensions for Asserted Identity in Untrusted Networks

IWF Privacy Extensions for Asserted Identity in Untrusted Networks

For IWF privacy, the Oracle® Enterprise Session Border Controller supports:

  • IWF caller privacy on unsecure networks—A variant of RFC 3325, where the P-Asserted-Id is inserted when the presentation indicator is set to allowed. This feature enables bi-directional SIP/H.323 IWF support for CPID hiding by using the presentation indicators in the Calling Party Number information element forH.323 signaling, and RFC 3325-based privacy support for SIP signaling. It allows the Oracle® Enterprise Session Border Controller to insert the P-Asserted-Identity and the Privacy header in the INVITE when the presentation indicator is set to restricted.

    The presence, or absence, of P-Asserted-Identity and Privacy headers in the SIP INVITE informs the remote SIP proxy or endpoint to either block or advertise the CPID.

  • IWF caller privacy on secure connections—When the H.323 endpoint sends a SETUP with presentation indicator set to allowed, the Oracle® Enterprise Session Border Controller does not insert the P-Asserted-Identity in the INVITE. The SIP INVITE needs the P-Asserted-Identity header to support calling line identification presentation (CLIP) to calling line identification restriction (CLIR) in an IP multimedia subsystem (IMS) solution. This feature allows the Oracle® Enterprise Session Border Controller to insert the P-Asserted-Identity in the INVITE when the presentation indicator is set to allowed.

Now the Oracle® Enterprise Session Border Controller supports an enhancement to IWF caller privacy where the P-Preferred-Identity is inserted instead of the P-Asserted-Identity.

In this implementation, when the incoming H.323 Setup message has a presentation indicator set to restricted and the ingress H.323 session agent has the new PPreferredId option configured, the Oracle® Enterprise Session Border Controller sends the Privacy header with P-Preferred-Identity (instead of P-Asserted-Identity).

IWF Call Originating in H.323

This section shows an example H.323 Setup that arrives from an H.323 endpoint, and how the Oracle® Enterprise Session Border Controller adds the P-Preferred-Identity header (which has calling party number information) and the Privacy header to the SIP INVITE.

Sample H.323 Setup from a Remote Endpoint

Q.931
    Protocol discriminator: Q.931
    Call reference value length: 2
    Call reference flag: Message sent from originating side
    Call reference value: 2FB6
    Message type: SETUP (0x05)
    Bearer capability
        Information element: Bearer capability
        Length: 3
        ...0 1000 = Information transfer capability: Unrestricted digital information (0x08)
        .00. .... = Coding standard: ITU-T standardized coding (0x00)
        1... .... = Extension indicator: last octet
        ...1 0011 = Information transfer rate: 384 kbit/s (0x13)
        .00. .... = Transfer mode: Circuit mode (0x00)
        1... .... = Extension indicator: last octet
...0 0101 = User information layer 1 protocol: Recommendation H.221 and H.242 (0x05)
        1... .... = Extension indicator: last octet
    Display  'rdoe\000'
        Information element: Display
        Length: 9
        Display information: jdoe\000
    Calling party number: '42343'
        Information element: Calling party number
        Length: 6
        .... 0001 = Numbering plan: E.164 ISDN/telephony numbering (0x01)
        .000 .... = Number type: Unknown (0x00)
        0... .... = Extension indicator: information continues through the next octet
        .... ..00 = Screening indicator: User-provided, not screened (0x00)
        .01. .... = Presentation indicator: Presentation restricted (0x01)
        1... .... = Extension indicator: last octet
        Calling party number digits: 42343
E.164 Calling party number digits: 42343
    Called party number: '780'
        Information element: Called party number
        Length: 4
        .... 0001 = Numbering plan: E.164 ISDN/telephony numbering (0x01)
        .000 .... = Number type: Unknown (0x00)
        1... .... = Extension indicator: last octet
        Called party number digits: 780
        E.164 Called party number digits: 780
User-user
        Information element: User-user
        Length: 161
        Protocol discriminator: X.208 and X.209 coded user information

Sample SIP INVITE from the SBC to a SIP Endpoint

Aug 29 15:46:25.214 On [0:0]192.168.200.68:5060 sent to 192.168.200.6:5060
INVITE sip:780@192.168.200.6:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.200.68:5060;branch=z9hG4bK6810pr20205h2akqe381.1
Contact: "Anonymous"<sip:anonymous@192.168.200.68:5060;transport=udp>
Supported: 100rel
From: "Anonymous"<sip:anonymous@anonymous.invalid>;tag=SDfd9sa01-000000ba00023280
To: <sip:780@192.168.200.6:5060>
Call-ID: SDfd9sa01-6f93292521b83a0980647f34451c5afd-06ahc21
CSeq: 2 INVITE
P-Preferred-Identity: "rdoe"<sip:42343@192.168.200.68:5060>
<b>Privacy: id<\b>
Content-Length: 180
Content-Type: application/sdp
Max-Forwards: 70
v=0
o=IWF 5 5 IN IP4 192.168.200.5
s=H323 Call
c=IN IP4 192.168.200.65
t=0 0
m=audio 5010 RTP/AVP 0
a=rtpmap:0 PCMU/8000/1
m=video 5014 RTP/AVP 31
a=rtpmap:31 H261/9000/1

Before You Configure

Before you configure your Oracle® Enterprise Session Border Controller to support this feature, note the following considerations:

  • The ingress H.323 session agent cannot be configured with the NoPAssertedId option
  • For use in Release 4.1.1 and higher, the global SIP configuration should be configured with the disable-ppi-to-pai option; the older disable-privacy option will also work

P-Preferred-Identity Configuration

To enable the inclusion of P-Preferred-Identity:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type session-agent and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(session-router)# session-agent
ORACLE(session-agent)#
  4. Select the session agent where you want to apply this feature. 
    ORACLE(session-agent)# select
<hostname>:
1: 204.12.60.5      realm=private
2: 124.21.5.3       realm=public
selection:1
ORACLE(session-agent)#
  5. options—Set the options parameter by typing options, a Space, the option name preceded by a plus sign (+) (PPreferredId), and then press Enter. 
    ORACLE(realm-config)# options +PPreferredId

    If you type options PPreferredId, you will overwrite any previously configured options. In order to append the new option to the session agent’s options list, you must prepend the new option with a plus sign as shown in the previous example.

  6. Save and activate your configuration.