Page 61 / 186 Scroll up to view Page 56 - 60
3-9
Linksys ATA
Administrator Guide
Document Version 3.1
Chapter 3
Configuring Linksys ATAs
Configuring a Dial Plan
Dial Plan Timers
The dial plan functionality is regulated by the following configurable parameters:
Interdigit_Long_Timer
Interdigit_Short_Timer
Dial_Plan ([1] and [2])
Interdigit Long Timer
The <Interdigit_Long_Timer> specifies the default maximum time (in seconds) allowed between dialed
digits, when no candidate digit sequence is as yet complete (see the discussion of the Dial_Plan
parameter for an explanation of candidate digit sequences).
Interdigit Short Timer
The <Interdigit_Short_Timer> specifies the default maximum time (in seconds) allowed between dialed
digits, when at least one candidate digit sequence is complete as dialed (see the following discussion of
Dial_Plan parameters for an explanation of candidate digit sequences).
Dial Plans
The Dial_Plan parameters contain the actual dial plan scripts for each line
n
, where
n
is a number from
1 to 4.
ParName
Interdigit_Long_Timer
Default
10
ParName
Interdigit_Short_Timer
Default
3
ParName
Dial_Plan[n] for Each Line
n
Default
(*xx | [3469]11 | 0 | 00 | <:1408>[2-9]xxxxxx |
1[2-9]xx[2-9]xxxxxx | 011x. )
Page 62 / 186
3-10
Linksys ATA
Administrator Guide
Document Version 3.1
Chapter 3
Configuring Linksys ATAs
Secure Call Implementation
Secure Call Implementation
This section describes secure call implementation with a Linksys ATA. It includes the following topics:
Enabling Secure Calls, page 3-10
Secure Call Details, page 3-10
Using a Mini-Certificate, page 3-11
Generating a Mini-Certificate, page 3-11
Enabling Secure Calls
A secure call is established in two stages. The first stage is no different from normal call setup. The
second stage starts after the call is established in the normal way with both sides ready to stream RTP
packets. I
In the second stage, the two parties exchange information to determine if the current call can switch over
to the secure mode. The information is transported by base64 encoding embedded in the message body
of SIP INFO requests, and responses using a proprietary format. If the second stage is successful, the
Linksys ATA plays a special Secure Call Indication Tone for a short time to indicate to both parties that
the call is secured and that RTP traffic in both directions is being encrypted.
If the user has a phone that supports call waiting caller ID (CIDCW) and that service is enabled, the CID
will be updated with the information extracted from the Mini-Certificate received from the remote party.
The Name field of the CID will be prepended with a ‘$’ symbol. Both parties can verify the name and
number to ensure the identity of the remote party.
The signing agent is implicit and must be the same for all Linksys ATAs that communicate securely with
each other. The public key of the signing agent is pre-configured into the Linksys ATA by the
administrator and is used by the Linksys ATA to verify the Mini-Certificate of its peer. The
Mini-Certificate is valid if it has not expired, and it has a valid signature.
The Linksys ATA can be configured so that, by default, all outbound calls are either secure or not secure.
If secure by default, the user has the option to disable security when making a call by dialing *19 before
dialing the target number. If not secure by default, the user can make a secure outbound call by dialing
*18 before dialing the target number. However, the user cannot force inbound calls to be secure or not
secure; that depends on whether the caller has security enabled or not.
The Linksys ATA will not switch to secure mode if the CID of the called party from its Mini-Certificate
does not agree with the user-id used in making the outbound call. The Linksys ATA performs this check
after receiving the Mini-Certificate of the called party
Secure Call Details
Looking at the second stage of setting up a secure call in greater detail, this stage can be further divided
into two steps.
1.
The caller sends a “Caller Hello” message (base64 encoded and embedded in the message body of
a SIP INFO request) to the called party with the following information:
Message ID (4B)
Version and flags (4B)
SSRC of the encrypted stream (4B)
Page 63 / 186
3-11
Linksys ATA
Administrator Guide
Document Version 3.1
Chapter 3
Configuring Linksys ATAs
Secure Call Implementation
Mini-Certificate (252B)
Upon receiving the Caller Hello, the called party responds with a Callee Hello message (base64
encoded and embedded in the message body of a SIP response to the caller’s INFO request) with
similar information, if the Caller Hello message is valid. The caller then examines the Callee Hello
and proceeds to the next step if the message is valid.
2.
The caller sends the “Caller Final” message to the called party with the following information:
Message ID (4B)
Encrypted Master Key (16B or 128b)
Encrypted Master Salt (16B or 128b)
The Master Key and Master Salt are encrypted with the public key from the called party
mini-certificate. The Master Key and Master Salt are used by both ends for deriving session keys to
encrypt subsequent RTP packets. The called party then responds with a Callee Final message (which
is an empty message).
Using a Mini-Certificate
The Linksys ATA Mini-Certificate (MC) contains the following information:
User Name (32B)
User ID or Phone Number (16B)
Expiration Date (12B)
Public Key (512b or 64B)
Signature (1024b or 512B)
The MC has a 512-bit public key used for establishing secure calls. The administrator must provision
each subscriber of the secure call service with an MC and the corresponding 512-bit private key. The
MC is signed with a 1024-bit private key of the service provider, which acts as the CA of the MC. The
1024-bit public key of the CA signing the MC must also be provisioned for each subscriber.
The CA public key is used by the Linksys ATA to verify the MC received from the other end. If the MC
is invalid, the Linksys ATA will not switch to secure mode. The MC and the 1024-bit CA public key are
concatenated and base64 encoded into the single parameter <Mini Certificate>. The 512-bit private key
is base64 encoded into the <SRTP Private Key> parameter, which should be kept secret, like a password.
Because the secure call establishment relies on exchange of information embedded in message bodies of
SIP INFO requests/responses, the service provider must ensure that the network infrastructure allows
the SIP INFO messages to pass through with the message body unmodified.
Generating a Mini-Certificate
Linksys provides a configuration tool called gen_mc for the generation of MC and private keys with the
following syntax:
gen_mc
ca-key user-name user-id expire-date
Where:
ca-key
is a text file with the base64 encoded 1024-bit CA private/public key pairs for
signing/verifying the MC, such as the following:
Page 64 / 186
3-12
Linksys ATA
Administrator Guide
Document Version 3.1
Chapter 3
Configuring Linksys ATAs
Configuring a Streaming Audio Server
9CC9aYU1X5lJuU+EBZmi3AmcqE9U1LxEOGwopaGyGOh3VyhKgi6JaVtQZt87PiJINKW8XQj3B9Qqe3VgYx
WCQNa335YCnDsenASeBxuMIEaBCYd1l1fVEodJZOGwXwfAde0MhcbD0kj7LVlzcsTyk2TZYTccnZ75TuTj
j13qvYs=
5nEtOrkCa84/mEwl3D9tSvVLyliwQ+u/Hd+C8u5SNk7hsAUZaA9TqH8Iw0J/IqSrsf6scsmundY5j7Z5mK
5J9uBxSB8t8vamFGD0pF4zhNtbrVvIXKI9kmp4vph1C5jzO9gDfs3MF+zjyYrVUFdM+pXtDBxmM+fGUfrp
AuXb7/k=
user-name
is the name of the subscriber, such as “Joe Smith”. Maximum length is 32 characters
user-id
is the User ID of the subscriber, which must match exactly the user-id used in the INVITE
when making the call, such as “14083331234”. The maximum length is 16 characters.
expire-date
is the expiration date of the MC, such as “00:00:00 1/1/34” (34=2034). Internally the
date is encoded as a fixed 12B string: 000000010134
The tool generates the <Mini Certificate> and <SRTP Private Key> parameters that can be provisioned
to the Linksys ATA.
For Example:
gen_mc ca_key “Joe Smith” 14085551234 “00:00:00 1/1/34”
Produces the following Mini Certificate and SRTP Private Key:
<Mini Certificate>
Sm9lIFNtaXRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxNDA4NTU1MTIzNAAAAAAAMDAwMDAwMDEwMTM00OvJakde2v
VMF3Rw4pPXL7lAgIagMpbLSAG2+++YlSqt198Cp9rP/xMGFfoPmDKGx6JFtkQ5sxLcuwgxpxpxkeXvpZKlYlpsb28L
4Rhg5qZA+Gqj1hDFCmG6dffZ9SJhxES767G0JIS+N8lQBLr0AuemotknSjjjOy8c+1lTCd2t44Mh0vmwNg4fDck2Yd
mTMBR516xJt4/uQ/LJQlni2kwqlm7scDvll5k232EvvvVtCK0AYa4eWd6fQOpiESCO9CC9aYU1X5lJuU+EBZmi3Amc
qE9U1LxEOGwopaGyGOh3VyhKgi6JaVtQZt87PiJINKW8XQj3B9Qqe3VgYxWCQNa335YCnDsenASeBxuMIEaBCYd1l1
fVEodJZOGwXwfAde0MhcbD0kj7LVlzcsTyk2TZYTccnZ75TuTjj13qvYs=
<SRTP Private Key>
b/DWc96X4YQraCnYzl5en1CIUhVQQqrvcr6Qd/8R52IEvJjOw/e+Klm4XiiFEPaKmU8UbooxKG36SEdKusp0AQ==
Configuring a Streaming Audio Server
This section describes how to use and configure a streaming audio server (SAS). It includes the
following topics:
Music On Hold, page 3-12
Using a Streaming Audio Server, page 3-13
Using the IVR with an SAS Line, page 3-13
Example SAS with MOH, page 3-14
SAS Line Not Registered with the Proxy Server, page 3-14
Music On Hold
On a connected call, the Linksys ATA may place the remote party on hold by performing a hook-flash
to initiate a three-way call or by swapping two calls during call-waiting. If the remote client indicates
that it can still receive audio while the call is holding, the Linksys ATA can be configured to contact an
auto-answering streaming audio server (SAS) to stream audio to the holding party. When used this way,
the SAS is referred to as an MOH Server.
Page 65 / 186
3-13
Linksys ATA
Administrator Guide
Document Version 3.1
Chapter 3
Configuring Linksys ATAs
Configuring a Streaming Audio Server
Using a Streaming Audio Server
The SAS feature lets you use attach an audio source to one of the Linksys ATA FXS ports (Phone 1 or
Phone 2 on the PAP2T) and use it as a streaming audio source device.
If the
Linksys ATA has multiple
FXS ports, either or both of the associated lines (Line 1 and Line 2 on the PAP2T)
can be configured
as an SAS server
.
To connect an external music source to an FXS port, use a media signal adapter, which provides a line
in from a media source and a RJ-11 port for connecting to the FXS port on the Linksys ATA. The
following is a URL for a device that has been tested with Linksys ATAs:
After installing the music source using the media signal adapter and completing the required
configuration on the Linksys ATA , when the line is called and the FXS port is off hook, the Linksys
ATA answers the call automatically and streams audio to the caller.
If the FXS port is on-hook when the incoming call arrives, the Linksys ATA replies with a SIP 503
response code (Service Not Available). The SAS line will not ring for incoming calls even if the attached
equipment is on-hook.
If an incoming call is auto-answered, but later the FXS port changes to on-hook, the SPA does not
terminate the call but continues to stream silence packets to the caller. If an incoming call arrives when
the SAS line has reached full capacity, the SPA replies with a SIP 486 response (Busy Here).
The SAS line can be set up to refresh each streaming audio session periodically using a SIP re-INVITE
message, which detects if the connection to the caller is down. If the caller does not respond to the
refresh message, the SAS line terminates the call so that the streaming resource can be used for other
callers.
Each SAS server can maintain up to five simultaneous calls. If the second line on the Linksys ATA is
disabled, then the SAS line can maintain up to 10 simultaneous calls. Further incoming calls will receive
a busy signal (SIP 486 Response).
If no calls are in session, battery is removed from tip-and-ring of the FXS port. Some audio source
devices have an LED to indicate the battery status. This can be used as a visual indication as to whether
audio streaming is in progress.
Set up the Proxy and Subscriber Information for the SAS Line as you normally would with a regular user
account.
Call Forwarding, Call Screening, Call Blocking, DND, and Caller-ID Delivery features are not available
on an SAS line.
Using the IVR with an SAS Line
The IVR can still be used on an SAS line, but the user needs to follow the following steps:
Step 1
Power off the Linksys ATA.
Step 2
Connect a phone to the port and make sure the phone is on-hook.
Step 3
Power on the Linksys ATA.
Step 4
Pick up handset and press * * * * to invoke IVR in the usual way.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top