[Serusers] multiple registration on one user login

Jan Janak jan at iptel.org
Thu Mar 13 02:04:28 CET 2003 

Hello,

On 12-03 07:22, Ng, Soo Sim wrote:
> Hi,
> 
> I am thinking of locking the user hardphone MAC Address onto Layer 2 Switch level. This way even if the user move around their phone, it will be blocked.
> The disadvantage is that it will create opreration nightmare and will only work in ETTx environment. In a broadband wireless environment, there may be no layer 2 switch in between the network and subsriber.

  It will be a problem ss long as user's credentials are stored in the 
  phone (as opposed to PSTN where in fact the credentials is the phone line 
  that the phone is connected to). Maybe you can use MAC address to lock
  your phone to a particular location, but that depends on type of the
  network used.

  If your users are able to type phone numbers, they should be also able
  to type a simple numeric password and unlock the phone upon startup.

  If they are not able to type such a simple password, then you can
  limit amount of money they can spend per day and allow emergency calls
  only if they exceed the amount.

  But I admit that's not nice. If anybody steals your cell phone, you
  have the same problem unless you lock it by password.

  If you have access to firmware of your phones, maybe you can detect that
  the network cable was pulled out and require password only in this
  case.

    regards, Jan.

> There are 2 categories of subscribers. One is only want to use their home phone just like what the legacy voice network do. They won't bother to know about username/password. (For example illiterate elderly citizen).  I must cater for these kind of users. Yet provide a secure environment for them.
> 
> Another is subscribers who want to have more flexibility. They may have hardphone, softphone, pda, notebook who can logon everywhere in the on-net network.
> These users may have more than one phone number to their home per user account. These users will have to be reseponsile for their username/password.
> 
> I am looking for all possibbilities and limitations there is before drawing any implementation plan.
> 
> So far, my testing is working well. SER, Cisco 7960, ATA186, Cisco Voice Gateway, Softphone/IPAQ w/WLAN, MSN Messenger, etc
> 
> Thanks
> 
> SSng
> 
> -----Original Message-----
> From: Jan Janak [mailto:jan at iptel.org]
> Sent: Tuesday, March 11, 2003 7:30 PM
> To: Ng, Soo Sim
> Cc: Jiri Kuthan; serusers at lists.iptel.org
> Subject: Re: [Serusers] multiple registration on one user login
> 
> 
> Hello,
> 
> do you still need such a restriction ?
> 
>    Jan.
> 
> On 10-03 11:12, Ng, Soo Sim wrote:
> > Thanks to all giving your thought and advice.
> > 
> > SSng
> > 
> > -----Original Message-----
> > From: Jiri Kuthan [mailto:jiri at iptel.org]
> > Sent: Thursday, March 06, 2003 6:49 AM
> > To: Ng, Soo Sim; serusers at lists.iptel.org
> > Subject: RE: [Serusers] multiple registration on one user login
> > 
> > 
> > Hello,
> > 
> > I fear that such a case can't be avoided with allowing only
> > a single registration. If I steal your phone away from your
> > desk, you will not register with it anymore, but I will and
> > we will have exactly one valid registration. Leaving SIP 
> > phones  with hard-wired passwords on your desk has simply the 
> > same potential as leaving your credit-card or cell-phone there.
> > 
> > What can be done about fraud?
> > 
> > User education -- don't leave your money and phone unattended.
> > Hotline -- report stolen phones to lock the account.
> > PIN Lock -- use phones which can log-off and log-on (I'm not aware
> >   of any now -- only 3com used to do that)
> > 
> > -Jiri
> > 
> > ps -- ability to move is a feature. I know people who are very glad 
> > to use Vonage's US phone number and move with their ATAs and the
> > US phone number around in Europe.
> > 
> > At 11:37 PM 3/5/2003, Ng, Soo Sim wrote:
> > >Jiri,
> > >
> > >Scenario is providing IP Telephony to the household.
> > >I am more concern about the security of the Hardphone. I am thinking of auto-provisioned the hardphone (eg C7960, ATA186) without subsriber intervention. What the subscriber know is their phone # (Just like legacy phone system).
> > >
> > >Since the Hardphone is 'hard-coded', the phone can move round the vicinity of the redisential area and still able to make a call. Potentially this will lead to abuse, as someone may take the phone to a different location when owner is not around and make a 'free' call, return back the phone and the billing still charge the original subsriber.
> > >
> > >Any other suggestion to counter this issue is much appreacited.
> > >
> > >SSng 
> > >
> > >-----Original Message-----
> > >From: Jiri Kuthan [mailto:jiri at iptel.org]
> > >Sent: Wednesday, March 05, 2003 12:18 AM
> > >To: Ng, Soo Sim; serusers at lists.iptel.org
> > >Subject: Re: [Serusers] multiple registration on one user login
> > >
> > >
> > >At 03:08 PM 3/4/2003, Ng, Soo Sim wrote:
> > >>I have such requirements. In providing sip-based residential ip telephony, I would like to restrict each home subsriber is only allowed to register one UA per account. This would make easy for billing purposes and for security reasons.
> > >>
> > >>Is there a way to achieve this requirement with SER?
> > >
> > >If that is your desparate wish, it is little overhead to make you happy.
> > >I'm still not sure though, it is a useful thing.
> > >
> > >Maybe an operator can make more revennues if my wife can accept calls at 
> > >any phone in my building and initiate calls in parallel with my doughter.
> > >
> > >What are exactly the billing/security reasons here?
> > >
> > >-Jiri 
> > 
> > --
> > Jiri Kuthan            http://iptel.org/~jiri/ 
> > 
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20030313/ce097518/attachment.pgp>

More information about the sr-users mailing list