https://blog.wildix.com/understanding-register-method/



https://andrewjprokop.wordpress.com/2014/05/29/understanding-sip-registration/


Nonce stands for Number Once and is an arbitrary number used only once in a cryptographic communication. The recipient of a nonce will use it to encrypt his or her credentials. Number once refers to the fact that encryption with this nonce can only be done one time. If someone were to sniff the LAN and obtain someone’s encrypted password, it won’t do them any good because it can only be used in a single transaction. It becomes stale and useless immediately after its first use


A REGISTER flow is fairly simple and follows these steps:

    A user sends a REGISTER to the SIP registrar. 
      The To and From headers contain the user’s AOR. 
      The user specifies the number of seconds the registration should be valid
       in the Expires header. 
       This value can be later raised or lowered by the registrar.
    The registrar returns a 401 Unauthorized response with a WWW-Authenticate header.  
       This header contains data that must be used to encrypt the user’s communications password. Specifically, it contains a nonce along with the name of the encryption algorithm that the client must use.
    The user sends a second REGISTER to the SIP registrar. 
       This REGISTER contains an Authorization header.   Within Authorization is the user’s encrypted password.
       If the correct password is received by the registrar, a 200 Ok response is sent to signify a successful registration. An Expires header may be present with a different value than what the user requested.  This is the time the registration will be valid as determined by the registrar’s policies.

A registration is removed by sending a REGISTER with an Expires header value of 0 (zero).


dále je tam obrázek
  jako nahoře
  


MD5  

http://www.md5.cz/