CA2365856C - Key management between a cable telephony adapter and associated signaling controller - Google Patents
Key management between a cable telephony adapter and associated signaling controller Download PDFInfo
- Publication number
- CA2365856C CA2365856C CA2365856A CA2365856A CA2365856C CA 2365856 C CA2365856 C CA 2365856C CA 2365856 A CA2365856 A CA 2365856A CA 2365856 A CA2365856 A CA 2365856A CA 2365856 C CA2365856 C CA 2365856C
- Authority
- CA
- Canada
- Prior art keywords
- signaling controller
- cta
- key
- ticket
- signaling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/102—Gateways
- H04L65/1043—Gateway controllers, e.g. media gateway control protocol [MGCP] controllers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
Abstract
A highly scalable key management architecture for secure client-server systems used in IP telephony network, wherein cryptographic state needs to be saved only by the clients. This architecture takes advantage of existing key management protocols, Kerberos with the PKINIT (public key) extension, to provide an IP telephony system having a high degree of scalability. In the case of lost security associations, the architecture provides for lightweight rekeying operations that allow clients to quickly re-establish the lost association or switch to a different server. The key management architecture includes a method for establishing a secure channel between an IP telephony endpoint and Server in an IP telephony network. The endpoint is coupled to a user and the Server is coupled to the IP telephony network. The method comprises steps of transmitting from the endpoint to a key distribution center a request for a security ticket, receiving the security ticket from the key distribution center, transmitting from the endpoint to the Server a request for a sub-key, receiving the sub-key from the Server, and establishing a secure channel between the endpoint and the Server using the sub-key.
Description
KEY MANAGEMENT BETWEEN A CABLE TELEPHONY ADAPTER AND
ASSOCIATED SIGNALING CONTROLLER
FIELD OF THE INVENTION
This invention relates generally to secure communication based on key management in Client-Server systems, and more particularly, to a scalable key management system for use in IP telephony networks.
BACKGROUND OF THE INVENTION
In an Internet Protocol (IP) telephony network, a network server may be responsible for setting up phone calls with up to 100,000 clients. The clients may be coupled to the telephony network via cable telephony adapter (CTA) devices. In order to secure call signaling, an Internet Protocol Security (IPSec) association is set up between each client and the server. This has to be done in a timely fashion to minimize the CPU overhead at the server and to minimize the call setup delay.
In order to handle large numbers of clients, key management needs to be as fast as possible. For example, security associations might be lost when a server goes down or become too busy to handle all of its clients. The lost security associations must then be re-established again when needed. Manual administration of clients is unsuitable because of the high overhead costs and lack of scalability. Other techniques used in architectures unrelated to IP telephony are also not suitable, since they do not provide the desired scalability and low administration overhead.
SUMMARY OF THE INVENTION
The present invention includes a highly scalable key management architecture for secure client-server systems used in an IP telephony network, wherein cryptographic state needs to be saved only by the clients. This architecture takes advantage of existing key management protocols, Kerberos with the PKINIT (public key) extension, to provide an IP telephony system having a high degree of scalability. In the case of lost security associations, the architecture provides for lightweight rekeying operations that allow clients to quickly re-establish the lost association or switch to a different server.
In accordance with one aspect of the invention, there is provided a secure IP
telephony system. The system includes a signaling controller within an IP
telephony network and in communication with at least one Cable Telephony Adapter (CTA), and configured to generate a symmetric sub-key in response to a request from the at least one CTA. The request includes a signaling controller ticket comprising a signaling controller session key, an identity of the at least one CTA, and an identity of the signaling controller. The signaling controller is further configured to distribute the symmetric sub-key to the at least one CTA in response to the signaling controller ticket. The signaling controller further includes a Key Distribution Center (KDC) within the IP telephony network and coupled to the signaling controller, and configured to generate and distribute the signaling controller ticket and the signaling controller session key to the at least one CTA using public key encryption.
The at least one CTA generates an additional symmetric key specific for a given call based on the symmetric sub-key provided by the signaling controller that is utilized for the given call for CTA to CTA signaling or bearer channel communication.
The signaling controller may be configured to generate and distribute the symmetric sub-key in response to a Kerberos request from the at least one CTA.
The signaling controller may distribute the sub-key encrypted with the signaling controller session key.
The signaling controller may receive from the at least one CTA the signaling controller ticket, wherein a portion of the signaling controller ticket may be encrypted with a signaling controller server key.
The request may comprise a Kerberos Application Request having the signaling controller ticket and encrypted data including a name of the at least one CTA.
ASSOCIATED SIGNALING CONTROLLER
FIELD OF THE INVENTION
This invention relates generally to secure communication based on key management in Client-Server systems, and more particularly, to a scalable key management system for use in IP telephony networks.
BACKGROUND OF THE INVENTION
In an Internet Protocol (IP) telephony network, a network server may be responsible for setting up phone calls with up to 100,000 clients. The clients may be coupled to the telephony network via cable telephony adapter (CTA) devices. In order to secure call signaling, an Internet Protocol Security (IPSec) association is set up between each client and the server. This has to be done in a timely fashion to minimize the CPU overhead at the server and to minimize the call setup delay.
In order to handle large numbers of clients, key management needs to be as fast as possible. For example, security associations might be lost when a server goes down or become too busy to handle all of its clients. The lost security associations must then be re-established again when needed. Manual administration of clients is unsuitable because of the high overhead costs and lack of scalability. Other techniques used in architectures unrelated to IP telephony are also not suitable, since they do not provide the desired scalability and low administration overhead.
SUMMARY OF THE INVENTION
The present invention includes a highly scalable key management architecture for secure client-server systems used in an IP telephony network, wherein cryptographic state needs to be saved only by the clients. This architecture takes advantage of existing key management protocols, Kerberos with the PKINIT (public key) extension, to provide an IP telephony system having a high degree of scalability. In the case of lost security associations, the architecture provides for lightweight rekeying operations that allow clients to quickly re-establish the lost association or switch to a different server.
In accordance with one aspect of the invention, there is provided a secure IP
telephony system. The system includes a signaling controller within an IP
telephony network and in communication with at least one Cable Telephony Adapter (CTA), and configured to generate a symmetric sub-key in response to a request from the at least one CTA. The request includes a signaling controller ticket comprising a signaling controller session key, an identity of the at least one CTA, and an identity of the signaling controller. The signaling controller is further configured to distribute the symmetric sub-key to the at least one CTA in response to the signaling controller ticket. The signaling controller further includes a Key Distribution Center (KDC) within the IP telephony network and coupled to the signaling controller, and configured to generate and distribute the signaling controller ticket and the signaling controller session key to the at least one CTA using public key encryption.
The at least one CTA generates an additional symmetric key specific for a given call based on the symmetric sub-key provided by the signaling controller that is utilized for the given call for CTA to CTA signaling or bearer channel communication.
The signaling controller may be configured to generate and distribute the symmetric sub-key in response to a Kerberos request from the at least one CTA.
The signaling controller may distribute the sub-key encrypted with the signaling controller session key.
The signaling controller may receive from the at least one CTA the signaling controller ticket, wherein a portion of the signaling controller ticket may be encrypted with a signaling controller server key.
The request may comprise a Kerberos Application Request having the signaling controller ticket and encrypted data including a name of the at least one CTA.
The request may include a timestamp.
The signaling controller may authenticate the at least one CTA using the signaling controller ticket.
The signaling controller may communicate with the CTA in an IPsec ESP
session in response to receiving a valid signaling controller ticket.
The KDC may generate and distribute the signaling controller ticket in a Kerberos exchange with the at least one CTA.
The system may further include a Provisioning Certificate Authority (CA) in communication with the IP telephony network configured to receive a manufacturer signed CTA certificate and distribute an operator network-specific certificate to the at least one CTA.
The signaling controller ticket may include a Kerberos ticket.
The signaling controller ticket may further include an expiration time.
The KDC may distribute to the at least one CTA the signaling controller ticket and a copy of the session key outside of the signaling controller ticket encrypted with a CTA public key.
The KDC may distribute the signaling controller ticket to the at least one CTA, and may also distribute to the at least one CTA a copy of the session key outside of the signaling controller ticket encrypted using a shared secret derived from a Diffie-Hellman exchange.
The additional symmetric key may be valid for a single call.
The signaling controller may authenticate the at least one CTA using the signaling controller ticket.
The signaling controller may communicate with the CTA in an IPsec ESP
session in response to receiving a valid signaling controller ticket.
The KDC may generate and distribute the signaling controller ticket in a Kerberos exchange with the at least one CTA.
The system may further include a Provisioning Certificate Authority (CA) in communication with the IP telephony network configured to receive a manufacturer signed CTA certificate and distribute an operator network-specific certificate to the at least one CTA.
The signaling controller ticket may include a Kerberos ticket.
The signaling controller ticket may further include an expiration time.
The KDC may distribute to the at least one CTA the signaling controller ticket and a copy of the session key outside of the signaling controller ticket encrypted with a CTA public key.
The KDC may distribute the signaling controller ticket to the at least one CTA, and may also distribute to the at least one CTA a copy of the session key outside of the signaling controller ticket encrypted using a shared secret derived from a Diffie-Hellman exchange.
The additional symmetric key may be valid for a single call.
A further understanding of various aspects, features and advantages of the invention disclosed herein may be realized by reference to the specific embodiments described in the remaining portions of the specification and the attached drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows a telephony network constructed in accordance with the present invention;
FIG. 2 shows message exchange diagram for establishing a secure communication channel in accordance with the present invention; and FIG. 3 shows a method for establishing a secure communication channel using the messages shown in FIG. 2.
DETAILED DESCRIPTION OF SPECIFIC EMBODIMENTS
Embodiments of the present invention provide for establishing a secure channel between an Ili telephony endpoint and a Server in an lP telephony network.
In the embodiments discussed herein, a cable telephony adapter (CTA) device is representative of the IP telephony endpoint and a Signaling Controller (SC) is representative of the Server. However, the present invention is suitable for use with other types of network endpoints and Servers not discussed herein.
FIG. 1 shows a portion of a telephony network 100 constructed in accordance with the present invention. To access the telephony network, CTA 102 provides access to a user 104 via a Hybrid Fiber/Coax (HFC) head-end 106. The HFC head-end 106 has the capacity to provide access to other users as shown at 108. The HFC
head-end is also coupled to a Signaling Controller (SC) 110 which is coupled to a telephony network backbone 114. The Signaling Controller is used to control the CTA's access to the telephony network. A key distribution center (KDC) 112, is also coupled to the telephony network backbone 114. The KDC 112 issues Kerberos tickets, which are in turn used to generate sub-keys for secure connection protocols, such as the IPSec encapsulating security payload (ESP) protocol, or other secure connections. The network 100 also includes a customer service representative (CSR) center 116, a provisioning certification authority (CA) 118 and a billing host 120.
Thus, in the network 100 it is possible for the user 104 to access the telephony backbone 114 via the CTA 102 using a secure protocol.
Embodiments of the present invention include the use of the Kerberos protocol with the public key PKINIT extension for key management. This protocol is based on 5 Kerberos tickets, which may becookies, encrypted with the particular server's key.
The Kerberos ticket is used to both authenticate a client to a server and to establish a session key, which is contained in the ticket. Accessing Kerberos services can be done using the Generic Security Service Application Program Interface (GSS-API) standard.
In one embodiment of the present invention, two-way authentication with public key certificates is used by the CTA to obtain a security ticket in the form of a Signaling Controller ticket from the KDC. A corresponding session key is delivered to the CTA sealed with either the CTA's public key or with a secret derived from a Diffie-Hellman exchange. The Signaling Controller ticket is kept for a relatively long period of time, for example, days or weeks. The length of this period can be adjusted based on network performance requirements. In addition, the Signaling Controller ticket is used to establish a symmetric session key, which is in turn used to establish a set of keys for use with the IPSec ESP mode. The keys used by IPSec are not derived from the session key itself. Instead, another random key (i.e., a sub-key) is generated for each phone call and then used to derive the IPSec keys. Thus, the Signaling Controller does not have to keep state. After it derives all the required keys from the sub-key and exchanges signaling messages with the CTA, the Signaling Controller can throw away the ticket along with all of the associated keys.
The use of the Kerberos protocol with the PKINIT extension in embodiments of the present invention provides several advantages. For example, the Signaling Controller is not required to keep state - Kerberos tickets need to be kept only by the endpoints (CTAs). Also, IPSec Security Associations can be torn down when no longer needed and quickly re-established with efficient key management based on the Kerberos tickets. The protocol runs over both TCP and UDP protocols, and is a widely available standard, with multiple vendors providing support for both Kerberos and PKINIT.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows a telephony network constructed in accordance with the present invention;
FIG. 2 shows message exchange diagram for establishing a secure communication channel in accordance with the present invention; and FIG. 3 shows a method for establishing a secure communication channel using the messages shown in FIG. 2.
DETAILED DESCRIPTION OF SPECIFIC EMBODIMENTS
Embodiments of the present invention provide for establishing a secure channel between an Ili telephony endpoint and a Server in an lP telephony network.
In the embodiments discussed herein, a cable telephony adapter (CTA) device is representative of the IP telephony endpoint and a Signaling Controller (SC) is representative of the Server. However, the present invention is suitable for use with other types of network endpoints and Servers not discussed herein.
FIG. 1 shows a portion of a telephony network 100 constructed in accordance with the present invention. To access the telephony network, CTA 102 provides access to a user 104 via a Hybrid Fiber/Coax (HFC) head-end 106. The HFC head-end 106 has the capacity to provide access to other users as shown at 108. The HFC
head-end is also coupled to a Signaling Controller (SC) 110 which is coupled to a telephony network backbone 114. The Signaling Controller is used to control the CTA's access to the telephony network. A key distribution center (KDC) 112, is also coupled to the telephony network backbone 114. The KDC 112 issues Kerberos tickets, which are in turn used to generate sub-keys for secure connection protocols, such as the IPSec encapsulating security payload (ESP) protocol, or other secure connections. The network 100 also includes a customer service representative (CSR) center 116, a provisioning certification authority (CA) 118 and a billing host 120.
Thus, in the network 100 it is possible for the user 104 to access the telephony backbone 114 via the CTA 102 using a secure protocol.
Embodiments of the present invention include the use of the Kerberos protocol with the public key PKINIT extension for key management. This protocol is based on 5 Kerberos tickets, which may becookies, encrypted with the particular server's key.
The Kerberos ticket is used to both authenticate a client to a server and to establish a session key, which is contained in the ticket. Accessing Kerberos services can be done using the Generic Security Service Application Program Interface (GSS-API) standard.
In one embodiment of the present invention, two-way authentication with public key certificates is used by the CTA to obtain a security ticket in the form of a Signaling Controller ticket from the KDC. A corresponding session key is delivered to the CTA sealed with either the CTA's public key or with a secret derived from a Diffie-Hellman exchange. The Signaling Controller ticket is kept for a relatively long period of time, for example, days or weeks. The length of this period can be adjusted based on network performance requirements. In addition, the Signaling Controller ticket is used to establish a symmetric session key, which is in turn used to establish a set of keys for use with the IPSec ESP mode. The keys used by IPSec are not derived from the session key itself. Instead, another random key (i.e., a sub-key) is generated for each phone call and then used to derive the IPSec keys. Thus, the Signaling Controller does not have to keep state. After it derives all the required keys from the sub-key and exchanges signaling messages with the CTA, the Signaling Controller can throw away the ticket along with all of the associated keys.
The use of the Kerberos protocol with the PKINIT extension in embodiments of the present invention provides several advantages. For example, the Signaling Controller is not required to keep state - Kerberos tickets need to be kept only by the endpoints (CTAs). Also, IPSec Security Associations can be torn down when no longer needed and quickly re-established with efficient key management based on the Kerberos tickets. The protocol runs over both TCP and UDP protocols, and is a widely available standard, with multiple vendors providing support for both Kerberos and PKINIT.
In one embodiment, within the PKJNIT protocol, RSA is used for both key delivery and authentication. In another embodiment a PKINIT option may be used wherein Diffie-Hellman is used for the key exchange and RSA is used for authentication. In general, embodiments of the present invention are suitable for use with any public key algorithms within PKINIT for both authentication and key exchanges.
FIG. 2 shows a message exchange diagram 200 illustrating how the CTA uses Kerberos to obtain the sub-key, which in turn, is used to derive IPSec ESP
keys for the CTA-to-Signaling Controller signaling messages. In the exchange diagram.
200, only some of the information carried in the messages is provided in order to present a clear description of the protocol. The exchange diagram 200 shows messages transmitted or received at the CTA, 102 at line 220, the KDC 112 at line 222, and the Signaling Controller 110 at line 224, FIG. 3 shows a flow diagram 300 illustrating how the messages of FIG. 2 are exchanged in accordance with the present invention.
At block 302, a PKINIT Request requesting a security ticket, which could be of the form of the Kerberos ticket detailed above, is sent from the CTA 102 to the KDC 112 as shown by message 202. This request includes the CTA signature and certificate - used by the KDC to authenticate the CTA. This request also carries the current time - used by the KDC to verify that this message is not a replay or a retransmission of an old message. The PKTNIT Request also contains a random value (called a nonce) that will be used to bind a subsequent PKINIT Reply message to this request. In the case that a Diffie-Hellman exchange is used, the CTA will also include its Diffie-Hellman parameters and public value in the PKINIT Request.
At block 304, the KDC 112 receives and verifies the PKINTT Request and then issues to the CTA a security ticket for the Signaling Controller (also referred to as a Signalling Controller ticket) encrypted with the Signaling Controller's service key. Inside this encrypted ticket are a symmetric session key, its validity period and the CTA identity. Also in this step, this ticket will be sent back to the CTA
102 inside a PKINIT Reply, shown by message 204. The PKINIT Reply message also contains KDC's certificate and signature for authenticating the KDC, along with the nonce from the PKINIT Request to protect against replays. If a Diffie-Hellman exchange is used, the KDC also places its Dille-Hellman public value into this message.
The PKINIT Reply also contains a second copy of the session key and its validity period found in the ticket - intended to be decrypted and used by the CTA.
This second copy of the session key and its associated attributes are either encrypted with a Diffie-Hellman-derived secret or enveloped with the CTA's public key.
Here, enveloped means that the session key along with its associated attributes are not encrypted directly with the CTA's public key. Within the PKINTT Reply the /
public key is used to encrypt a random symmetric key that is in turn used to encrypt another symmetric key which is then finally used to encrypt the session key and its attributes.
This embodiment uses the PKINIT standard as is, even though in this case, simplifications to the PKINIT Reply seem possible. If a Diffie-Hellman exchange is not used, then the Reply contains message items as shown at 226.
At block 306, an application (AP) Request requesting a sub-key is sent from the CTA 102 to the Signaling Controller 110 as shown by message 206, Here, a CTA
has already obtained a Signaling Controller ticket and now initiates key management with the Signaling Controller by sending it an AP Request message. The AP
Request contains the Signaling Controller ticket along with the CTA name, time-stamp and a message hash - all encrypted with the SC session key. The timestamp is used to check for replays of old AP Request messages.
At block 308, the Signaling Controller 110 receives an AP Request. It first decrypts and validates the ticket with its service key. It then takes the session key out of the ticket and uses it to decrypt and validate the rest of the AP Request.
Then, the Signaling Controller generates a random sub-key and encrypts it along with the current timestamp with the session key. It places this information into an AP
Reply message 208 and sends it back to the CTA.
At block 310, the CTA receives and validates the AP Reply, after which it shares the sub-key with the Signaling Controller. Both sides independently derive (with some one-way function) a set of IPSec encryption and authentication keys from this sub-key. After that, all signaling messages between the CTA and the Signaling Controller will be protected with an IPSec channel. This establishment of the IPSec channel is symbolically illustrated in FIG. 2 at 210 - even though this step does not involve an exchange of messages.
In the embodiment of the invention depicted in FIGS. 2 and 3, the PKTNIT
exchange is performed at long intervals in order to obtain an intermediate symmetric session key. This session key is shared between the CTA and the Signaling Controller (via the Signaling Controller Ticket).
In this embodiment, the PKINIT Request/Reply messages, shown at 202 and 204, are sent over a TCP/IP connection. This is because a single PK.INNIT
Request or Reply message, containing public key and Diffie-Hellman information may be too large to fit into a single UDP packet. The use of TCP instead of UDP may have some impact on performance, but since the PKINIT exchange occurs at infrequent intervals (days or weeks apart) and is not tied to the phone calls, the impact on performance is not significant.
The session key is used in the AP Request and AP Reply messages shown at 206,208, which are exchanged for each phone call, to establish a symmetric sub-key.
This sub-key is used to derive all of the IPSec ESP keys and starting sequence numbers, used for both directions. The AP Request and AP Reply messages are small enough to fit into a single LJDP packet, and thus will run over UDP.
The present invention provides a highly scalable key management architecture for secure client-server systems used i a IP telephony networks. It will be apparent to those with skill in the art that modifications to the above methods and embodiments can occur without deviating from the scope of the present invention.
Accordingly, the disclosures and descriptions herein are intended to be illustrative, but not limiting, of the scope of the invention which is set forth in the following claims.
FIG. 2 shows a message exchange diagram 200 illustrating how the CTA uses Kerberos to obtain the sub-key, which in turn, is used to derive IPSec ESP
keys for the CTA-to-Signaling Controller signaling messages. In the exchange diagram.
200, only some of the information carried in the messages is provided in order to present a clear description of the protocol. The exchange diagram 200 shows messages transmitted or received at the CTA, 102 at line 220, the KDC 112 at line 222, and the Signaling Controller 110 at line 224, FIG. 3 shows a flow diagram 300 illustrating how the messages of FIG. 2 are exchanged in accordance with the present invention.
At block 302, a PKINIT Request requesting a security ticket, which could be of the form of the Kerberos ticket detailed above, is sent from the CTA 102 to the KDC 112 as shown by message 202. This request includes the CTA signature and certificate - used by the KDC to authenticate the CTA. This request also carries the current time - used by the KDC to verify that this message is not a replay or a retransmission of an old message. The PKTNIT Request also contains a random value (called a nonce) that will be used to bind a subsequent PKINIT Reply message to this request. In the case that a Diffie-Hellman exchange is used, the CTA will also include its Diffie-Hellman parameters and public value in the PKINIT Request.
At block 304, the KDC 112 receives and verifies the PKINTT Request and then issues to the CTA a security ticket for the Signaling Controller (also referred to as a Signalling Controller ticket) encrypted with the Signaling Controller's service key. Inside this encrypted ticket are a symmetric session key, its validity period and the CTA identity. Also in this step, this ticket will be sent back to the CTA
102 inside a PKINIT Reply, shown by message 204. The PKINIT Reply message also contains KDC's certificate and signature for authenticating the KDC, along with the nonce from the PKINIT Request to protect against replays. If a Diffie-Hellman exchange is used, the KDC also places its Dille-Hellman public value into this message.
The PKINIT Reply also contains a second copy of the session key and its validity period found in the ticket - intended to be decrypted and used by the CTA.
This second copy of the session key and its associated attributes are either encrypted with a Diffie-Hellman-derived secret or enveloped with the CTA's public key.
Here, enveloped means that the session key along with its associated attributes are not encrypted directly with the CTA's public key. Within the PKINTT Reply the /
public key is used to encrypt a random symmetric key that is in turn used to encrypt another symmetric key which is then finally used to encrypt the session key and its attributes.
This embodiment uses the PKINIT standard as is, even though in this case, simplifications to the PKINIT Reply seem possible. If a Diffie-Hellman exchange is not used, then the Reply contains message items as shown at 226.
At block 306, an application (AP) Request requesting a sub-key is sent from the CTA 102 to the Signaling Controller 110 as shown by message 206, Here, a CTA
has already obtained a Signaling Controller ticket and now initiates key management with the Signaling Controller by sending it an AP Request message. The AP
Request contains the Signaling Controller ticket along with the CTA name, time-stamp and a message hash - all encrypted with the SC session key. The timestamp is used to check for replays of old AP Request messages.
At block 308, the Signaling Controller 110 receives an AP Request. It first decrypts and validates the ticket with its service key. It then takes the session key out of the ticket and uses it to decrypt and validate the rest of the AP Request.
Then, the Signaling Controller generates a random sub-key and encrypts it along with the current timestamp with the session key. It places this information into an AP
Reply message 208 and sends it back to the CTA.
At block 310, the CTA receives and validates the AP Reply, after which it shares the sub-key with the Signaling Controller. Both sides independently derive (with some one-way function) a set of IPSec encryption and authentication keys from this sub-key. After that, all signaling messages between the CTA and the Signaling Controller will be protected with an IPSec channel. This establishment of the IPSec channel is symbolically illustrated in FIG. 2 at 210 - even though this step does not involve an exchange of messages.
In the embodiment of the invention depicted in FIGS. 2 and 3, the PKTNIT
exchange is performed at long intervals in order to obtain an intermediate symmetric session key. This session key is shared between the CTA and the Signaling Controller (via the Signaling Controller Ticket).
In this embodiment, the PKINIT Request/Reply messages, shown at 202 and 204, are sent over a TCP/IP connection. This is because a single PK.INNIT
Request or Reply message, containing public key and Diffie-Hellman information may be too large to fit into a single UDP packet. The use of TCP instead of UDP may have some impact on performance, but since the PKINIT exchange occurs at infrequent intervals (days or weeks apart) and is not tied to the phone calls, the impact on performance is not significant.
The session key is used in the AP Request and AP Reply messages shown at 206,208, which are exchanged for each phone call, to establish a symmetric sub-key.
This sub-key is used to derive all of the IPSec ESP keys and starting sequence numbers, used for both directions. The AP Request and AP Reply messages are small enough to fit into a single LJDP packet, and thus will run over UDP.
The present invention provides a highly scalable key management architecture for secure client-server systems used i a IP telephony networks. It will be apparent to those with skill in the art that modifications to the above methods and embodiments can occur without deviating from the scope of the present invention.
Accordingly, the disclosures and descriptions herein are intended to be illustrative, but not limiting, of the scope of the invention which is set forth in the following claims.
Claims (15)
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A secure IP telephony system, the system comprising:
a signaling controller within an IP telephony network and in communication with at least one Cable Telephony Adapter (CTA), and configured to generate a symmetric sub-key in response to a request from the at least one CTA, the request including a signaling controller ticket;
wherein the signaling controller ticket comprises a signaling controller session key, an identity of the at least one CTA, and an identity of the signaling controller;
the signaling controller further configured to distribute the symmetric sub-key to the at least one CTA in response to the signaling controller ticket; and a Key Distribution Center (KDC) within the IP telephony network and coupled to the signaling controller, and configured to generate and distribute the signaling controller ticket and said signaling controller session key to the at least one CTA using public key encryption, wherein said at least one CTA generates an additional symmetric key specific for a given call based on the symmetric sub-key provided by the signaling controller that is utilized for the given call for CTA to CTA signaling or bearer channel communication.
a signaling controller within an IP telephony network and in communication with at least one Cable Telephony Adapter (CTA), and configured to generate a symmetric sub-key in response to a request from the at least one CTA, the request including a signaling controller ticket;
wherein the signaling controller ticket comprises a signaling controller session key, an identity of the at least one CTA, and an identity of the signaling controller;
the signaling controller further configured to distribute the symmetric sub-key to the at least one CTA in response to the signaling controller ticket; and a Key Distribution Center (KDC) within the IP telephony network and coupled to the signaling controller, and configured to generate and distribute the signaling controller ticket and said signaling controller session key to the at least one CTA using public key encryption, wherein said at least one CTA generates an additional symmetric key specific for a given call based on the symmetric sub-key provided by the signaling controller that is utilized for the given call for CTA to CTA signaling or bearer channel communication.
2. The system of claim 1, wherein the signaling controller is configured to generate and distribute the symmetric sub-key in response to a Kerberos request from the at least one CTA.
3. The system of claim 1, wherein the signaling controller distributes the sub-key encrypted with the signaling controller session key.
4. The system of claim 1, wherein the signaling controller receives from the at least one CTA the signaling controller ticket, wherein a portion of the signaling controller ticket is encrypted with a signaling controller server key.
5. The system of claim 1, wherein the request comprises a Kerberos Application Request having the signaling controller ticket and encrypted data including a name of the at least one CTA.
6. The system of claim 1, wherein the request includes a timestamp.
7. The system of claim 1, wherein the signaling controller authenticates the at least one CTA using the signaling controller ticket.
8. The system of claim 1, wherein the signaling controller communicates with the CTA in an IPsec ESP session in response to receiving a valid signaling controller ticket.
9. The system of claim 1, wherein the KDC generates and distributes the signaling controller ticket in a Kerberos exchange with the at least one CTA.
10. The system of claim 9, further comprising a Provisioning Certificate Authority (CA) in communication with the IP telephony network configured to receive a manufacturer signed CTA certificate and distribute an operator network-specific certificate to the at least one CTA.
11. The system of claim 1, wherein the signaling controller ticket comprises a Kerberos ticket.
12. The system of claim 1, wherein the signaling controller ticket further comprises an expiration time.
13. The system of claim 1, wherein the KDC distributes to the at least one CTA
the signaling controller ticket and a copy of the session key outside of the signaling controller ticket encrypted with a CTA public key.
the signaling controller ticket and a copy of the session key outside of the signaling controller ticket encrypted with a CTA public key.
14. The system of claim 1, wherein the KDC distributes the signaling controller ticket to the at least one CTA, and also distributes to the at least one CTA a copy of the session key outside of the signaling controller ticket encrypted using a shared secret derived from a Diffie-Hellman exchange.
15. The system of claim 1, wherein said additional symmetric key is valid for a single call.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12877299P | 1999-04-09 | 1999-04-09 | |
US60/128,772 | 1999-04-09 | ||
PCT/US2000/009323 WO2000062507A1 (en) | 1999-04-09 | 2000-04-07 | Key management between a cable telephony adapter and associated signaling controller |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2365856A1 CA2365856A1 (en) | 2000-10-19 |
CA2365856C true CA2365856C (en) | 2011-11-01 |
Family
ID=22436900
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002370471A Abandoned CA2370471A1 (en) | 1999-04-09 | 2000-04-07 | Built-in manufacturer's certificates for a cable telephony adapter to provide device and service certification |
CA2365856A Expired - Lifetime CA2365856C (en) | 1999-04-09 | 2000-04-07 | Key management between a cable telephony adapter and associated signaling controller |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002370471A Abandoned CA2370471A1 (en) | 1999-04-09 | 2000-04-07 | Built-in manufacturer's certificates for a cable telephony adapter to provide device and service certification |
Country Status (9)
Country | Link |
---|---|
US (2) | US7568223B2 (en) |
EP (2) | EP1169833B1 (en) |
CN (1) | CN1127835C (en) |
AT (1) | ATE313200T1 (en) |
AU (2) | AU4213600A (en) |
CA (2) | CA2370471A1 (en) |
DE (1) | DE60024800T2 (en) |
HK (1) | HK1045917B (en) |
WO (2) | WO2000062519A2 (en) |
Families Citing this family (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1127835C (en) * | 1999-04-09 | 2003-11-12 | 通用器材公司 | Key management between a cable telephony adapter and associated signaling controller |
US20030021417A1 (en) * | 2000-10-20 | 2003-01-30 | Ognjen Vasic | Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data |
US6966003B1 (en) * | 2001-01-12 | 2005-11-15 | 3Com Corporation | System and method for switching security associations |
US8156223B2 (en) * | 2001-03-20 | 2012-04-10 | Microsoft Corporation | Distribution of binary executables and content from peer locations/machines |
US8555062B1 (en) * | 2001-03-26 | 2013-10-08 | Access Co., Ltd. | Protocol to prevent replay attacks on secured wireless transactions |
US7181620B1 (en) * | 2001-11-09 | 2007-02-20 | Cisco Technology, Inc. | Method and apparatus providing secure initialization of network devices using a cryptographic key distribution approach |
KR100415117B1 (en) * | 2002-03-04 | 2004-01-13 | 삼성전자주식회사 | Apparatus and method for called compulsive on multi call into internet protocol phone in an internet protocol telephony system |
US7565537B2 (en) * | 2002-06-10 | 2009-07-21 | Microsoft Corporation | Secure key exchange with mutual authentication |
FR2845226B1 (en) * | 2002-10-01 | 2004-12-10 | France Telecom | METHOD AND INSTALLATION FOR CONTROLLING THE IDENTITY OF THE TRANSMITTER OF A TELEPHONE CALL ON AN INTERNET NETWORK AND TELEPHONY TERMINAL FOR SUCH AN INSTALLATION |
JP4397675B2 (en) * | 2003-11-12 | 2010-01-13 | 株式会社日立製作所 | Computer system |
JP4559794B2 (en) * | 2004-06-24 | 2010-10-13 | 株式会社東芝 | Microprocessor |
US8613048B2 (en) | 2004-09-30 | 2013-12-17 | Citrix Systems, Inc. | Method and apparatus for providing authorized remote access to application sessions |
US7711835B2 (en) | 2004-09-30 | 2010-05-04 | Citrix Systems, Inc. | Method and apparatus for reducing disclosure of proprietary data in a networked environment |
US7748032B2 (en) * | 2004-09-30 | 2010-06-29 | Citrix Systems, Inc. | Method and apparatus for associating tickets in a ticket hierarchy |
US7464267B2 (en) * | 2004-11-01 | 2008-12-09 | Innomedia Pte Ltd. | System and method for secure transmission of RTP packets |
US7917764B2 (en) * | 2005-01-24 | 2011-03-29 | Panasonic Corporation | Signature generation device and signature verification device |
US7890634B2 (en) * | 2005-03-18 | 2011-02-15 | Microsoft Corporation | Scalable session management |
US7650505B1 (en) * | 2005-06-17 | 2010-01-19 | Sun Microsystems, Inc. | Methods and apparatus for persistence of authentication and authorization for a multi-tenant internet hosted site using cookies |
US7545810B2 (en) * | 2005-07-01 | 2009-06-09 | Cisco Technology, Inc. | Approaches for switching transport protocol connection keys |
WO2007062392A2 (en) * | 2005-11-23 | 2007-05-31 | Riverain Medical Group, Llc | Computer-aided diagnosis using dual-energy subtraction images |
WO2007062672A1 (en) * | 2005-11-30 | 2007-06-07 | Telecom Italia S.P.A. | Method and system for automated and secure provisioning of service access credentials for on-line services to users of mobile communication terminals |
KR100652017B1 (en) * | 2005-12-08 | 2006-12-01 | 한국전자통신연구원 | Method for security of docsis cable modem against physical security attacks |
US7706381B2 (en) * | 2006-01-10 | 2010-04-27 | Cisco Technology, Inc. | Approaches for switching transport protocol connection keys |
US8140851B1 (en) * | 2006-02-24 | 2012-03-20 | Cisco Technology, Inc. | Approaches for automatically switching message authentication keys |
US8732279B2 (en) * | 2006-08-18 | 2014-05-20 | Cisco Technology, Inc. | Secure network deployment |
US8533846B2 (en) | 2006-11-08 | 2013-09-10 | Citrix Systems, Inc. | Method and system for dynamically associating access rights with a resource |
CA2571891C (en) * | 2006-12-21 | 2015-11-24 | Bce Inc. | Device authentication and secure channel management for peer-to-peer initiated communications |
CN101790867A (en) * | 2007-04-30 | 2010-07-28 | 惠普开发有限公司 | The system and method for distribution node configuration information |
CN102916808B (en) | 2007-09-17 | 2015-11-18 | 爱立信电话股份有限公司 | Method and apparatus in telecommunication system |
US8171483B2 (en) | 2007-10-20 | 2012-05-01 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
CN101286840B (en) * | 2008-05-29 | 2014-07-30 | 西安西电捷通无线网络通信股份有限公司 | Key distributing method and system using public key cryptographic technique |
US7877503B2 (en) * | 2008-07-02 | 2011-01-25 | Verizon Patent And Licensing Inc. | Method and system for an intercept chain of custody protocol |
US8776238B2 (en) * | 2008-07-16 | 2014-07-08 | International Business Machines Corporation | Verifying certificate use |
KR101255987B1 (en) * | 2008-12-22 | 2013-04-17 | 한국전자통신연구원 | Paring method between SM and TP in downloadable conditional access system, Setopbox and Authentication device using this |
US20110013762A1 (en) * | 2009-07-18 | 2011-01-20 | Gregg Bieser | Notification apparatus & method |
EP2484084B1 (en) | 2009-09-30 | 2019-03-27 | Orange | Method and devices allowing communication secure against denial of services (dos) and against flooding attacks in a telecommunications network |
US20110302416A1 (en) * | 2010-03-15 | 2011-12-08 | Bigband Networks Inc. | Method and system for secured communication in a non-ctms environment |
EP2387262B1 (en) * | 2010-05-10 | 2015-04-29 | BlackBerry Limited | System and method for multi-certificate and certificate authority strategy |
US8347080B2 (en) | 2010-05-10 | 2013-01-01 | Research In Motion Limited | System and method for multi-certificate and certificate authority strategy |
US8566596B2 (en) * | 2010-08-24 | 2013-10-22 | Cisco Technology, Inc. | Pre-association mechanism to provide detailed description of wireless services |
US8938619B2 (en) | 2010-12-29 | 2015-01-20 | Adobe Systems Incorporated | System and method for decrypting content samples including distinct encryption chains |
US8843737B2 (en) * | 2011-07-24 | 2014-09-23 | Telefonaktiebolaget L M Ericsson (Publ) | Enhanced approach for transmission control protocol authentication option (TCP-AO) with key management protocols (KMPS) |
EP2759158A2 (en) | 2011-10-28 | 2014-07-30 | NEC Corporation | Secure method for mtc device triggering |
US9026784B2 (en) * | 2012-01-26 | 2015-05-05 | Mcafee, Inc. | System and method for innovative management of transport layer security session tickets in a network environment |
US9762569B2 (en) * | 2012-10-15 | 2017-09-12 | Nokia Solutions And Networks Oy | Network authentication |
US9515996B1 (en) * | 2013-06-28 | 2016-12-06 | EMC IP Holding Company LLC | Distributed password-based authentication in a public key cryptography authentication system |
US9553982B2 (en) * | 2013-07-06 | 2017-01-24 | Newvoicemedia, Ltd. | System and methods for tamper proof interaction recording and timestamping |
JP6278651B2 (en) * | 2013-09-27 | 2018-02-14 | キヤノン株式会社 | Network system, management server system, control method and program |
FR3018371B1 (en) * | 2014-03-10 | 2016-05-06 | Commissariat Energie Atomique | REMOTE KEY DATA ENCRYPTION / ENCRYPTION METHOD AND SYSTEM AND PRIOR CHECK CHECK |
US20170163607A1 (en) * | 2015-12-03 | 2017-06-08 | Microsoft Technology Licensing, Llc | Establishing a Communication Event Using Secure Signalling |
US10263788B2 (en) * | 2016-01-08 | 2019-04-16 | Dell Products, Lp | Systems and methods for providing a man-in-the-middle proxy |
US10009380B2 (en) | 2016-01-08 | 2018-06-26 | Secureworks Corp. | Systems and methods for security configuration |
US20180123782A1 (en) * | 2016-10-27 | 2018-05-03 | Motorola Solutions, Inc. | Method for secret origination service to distribute a shared secret |
EP3501654B1 (en) | 2017-12-22 | 2021-08-25 | Tecan Trading Ag | Pipetting apparatus with a pipette tube and method for detecting a liquid within an intermediate section of pipette tube |
US10771269B2 (en) * | 2018-03-09 | 2020-09-08 | Cisco Technology, Inc. | Automated intelligent node for hybrid fiber-coaxial (HFC) networks |
US10630467B1 (en) | 2019-01-04 | 2020-04-21 | Blue Ridge Networks, Inc. | Methods and apparatus for quantum-resistant network communication |
US11063753B2 (en) | 2019-03-20 | 2021-07-13 | Arris Enterprises Llc | Secure distribution of device key sets over a network |
US11743242B2 (en) * | 2020-07-27 | 2023-08-29 | Charter Communications Operating, Llc | Establishing an encrypted communications channel without prior knowledge of the encryption key |
CN112492004B (en) * | 2020-11-17 | 2023-02-17 | 深圳市晨北科技有限公司 | Method, device, system and storage medium for establishing local communication link |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5235642A (en) | 1992-07-21 | 1993-08-10 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using locally cached authentication credentials |
DE69312328T2 (en) * | 1993-09-20 | 1998-01-08 | Ibm | SYSTEM AND METHOD FOR CHANGING THE KEY OR PASSWORD IN A COMMUNICATION NETWORK WITH KEY DISTRIBUTION |
US5544322A (en) * | 1994-05-09 | 1996-08-06 | International Business Machines Corporation | System and method for policy-based inter-realm authentication within a distributed processing system |
IL113259A (en) * | 1995-04-05 | 2001-03-19 | Diversinet Corp | Apparatus and method for safe communication handshake and data transfer |
US5602918A (en) * | 1995-12-22 | 1997-02-11 | Virtual Open Network Environment Corp. | Application level security system and method |
SE506775C2 (en) * | 1996-06-04 | 1998-02-09 | Ericsson Telefon Ab L M | Ways and devices for simultaneous telephone and Internet connection on a telephone line |
US5796830A (en) * | 1996-07-29 | 1998-08-18 | International Business Machines Corporation | Interoperable cryptographic key recovery system |
US5864665A (en) * | 1996-08-20 | 1999-01-26 | International Business Machines Corporation | Auditing login activity in a distributed computing environment |
US5867495A (en) * | 1996-11-18 | 1999-02-02 | Mci Communications Corporations | System, method and article of manufacture for communications utilizing calling, plans in a hybrid network |
US5917817A (en) * | 1996-12-06 | 1999-06-29 | International Business Machines Corporation | User invocation of services in public switched telephone network via parallel data networks |
US5923756A (en) * | 1997-02-12 | 1999-07-13 | Gte Laboratories Incorporated | Method for providing secure remote command execution over an insecure computer network |
CN1271491A (en) | 1997-04-15 | 2000-10-25 | Mci全球通讯公司 | System, method and article of manufacture for switched telephone communication |
US5999612A (en) * | 1997-05-27 | 1999-12-07 | International Business Machines Corporation | Integrated telephony and data services over cable networks |
CN1127835C (en) * | 1999-04-09 | 2003-11-12 | 通用器材公司 | Key management between a cable telephony adapter and associated signaling controller |
KR20040014400A (en) * | 2000-09-22 | 2004-02-14 | 제너럴 인스트루먼트 코포레이션 | Internet protocol telephony security architecture |
US20030163693A1 (en) * | 2002-02-28 | 2003-08-28 | General Instrument Corporation | Detection of duplicate client identities in a communication system |
-
2000
- 2000-04-07 CN CN00806089A patent/CN1127835C/en not_active Expired - Lifetime
- 2000-04-07 EP EP00921875A patent/EP1169833B1/en not_active Expired - Lifetime
- 2000-04-07 EP EP00920214A patent/EP1171989A2/en not_active Withdrawn
- 2000-04-07 DE DE60024800T patent/DE60024800T2/en not_active Expired - Lifetime
- 2000-04-07 AU AU42136/00A patent/AU4213600A/en not_active Abandoned
- 2000-04-07 WO PCT/US2000/009318 patent/WO2000062519A2/en active Search and Examination
- 2000-04-07 CA CA002370471A patent/CA2370471A1/en not_active Abandoned
- 2000-04-07 AT AT00921875T patent/ATE313200T1/en not_active IP Right Cessation
- 2000-04-07 AU AU40792/00A patent/AU4079200A/en not_active Abandoned
- 2000-04-07 CA CA2365856A patent/CA2365856C/en not_active Expired - Lifetime
- 2000-04-07 WO PCT/US2000/009323 patent/WO2000062507A1/en active IP Right Grant
-
2002
- 2002-10-02 HK HK02107229.6A patent/HK1045917B/en not_active IP Right Cessation
-
2004
- 2004-07-15 US US10/893,047 patent/US7568223B2/en not_active Expired - Lifetime
-
2009
- 2009-06-23 US US12/490,124 patent/US8544077B2/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
US8544077B2 (en) | 2013-09-24 |
EP1169833B1 (en) | 2005-12-14 |
US20050027985A1 (en) | 2005-02-03 |
US7568223B2 (en) | 2009-07-28 |
HK1045917A1 (en) | 2002-12-13 |
US20090323954A1 (en) | 2009-12-31 |
WO2000062519A9 (en) | 2002-02-21 |
WO2000062519A2 (en) | 2000-10-19 |
WO2000062519A3 (en) | 2001-02-08 |
HK1045917B (en) | 2004-09-10 |
AU4079200A (en) | 2000-11-14 |
CN1346563A (en) | 2002-04-24 |
CA2370471A1 (en) | 2000-10-19 |
CN1127835C (en) | 2003-11-12 |
DE60024800T2 (en) | 2006-07-06 |
EP1171989A2 (en) | 2002-01-16 |
AU4213600A (en) | 2000-11-14 |
ATE313200T1 (en) | 2005-12-15 |
DE60024800D1 (en) | 2006-01-19 |
EP1169833A1 (en) | 2002-01-09 |
CA2365856A1 (en) | 2000-10-19 |
WO2000062507A1 (en) | 2000-10-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2365856C (en) | Key management between a cable telephony adapter and associated signaling controller | |
US11477037B2 (en) | Providing forward secrecy in a terminating SSL/TLS connection proxy using ephemeral Diffie-Hellman key exchange | |
KR101013427B1 (en) | End-to-end protection of media stream encryption keys for voice-over-IP systems | |
US8505088B2 (en) | Key exchange for a network architecture | |
US20110188659A1 (en) | Method of integrating quantum key distribution with internet key exchange protocol | |
JP2004254027A (en) | Server device, key managing device, and encryption communication method and program | |
CA2546553A1 (en) | System and method for provisioning and authenticating via a network | |
US7222234B2 (en) | Method for key agreement for a cryptographic secure point—to—multipoint connection | |
EP1933498A1 (en) | Method, system and device for negotiating about cipher key shared by ue and external equipment | |
WO2009143766A1 (en) | Method, system for distributing key and method, system for online updating public key | |
KR20060134774A (en) | Device for realizing security function in mac of portable internet system and authentication method using the device | |
CN106789057B (en) | Key negotiation method and system under satellite communication protocol | |
WO2009082950A1 (en) | Key distribution method, device and system | |
EP2244420B1 (en) | Method and apparatus for recovering the connection | |
EP3216163B1 (en) | Providing forward secrecy in a terminating ssl/tls connection proxy using ephemeral diffie-hellman key exchange | |
KR20070006913A (en) | Fast and secure connectivity for a mobile node | |
EP1623527A1 (en) | A process for secure communication over a wireless network, related network and computer program product | |
WO2006062345A1 (en) | Method of distributing keys over epon | |
JP2017135527A (en) | Communication device | |
CN117062056A (en) | End-to-end encryption method and system for 5G network service data based on IPSEC technology | |
CN116015907A (en) | Online private key distribution method of Internet of things based on SM9 identification cryptographic algorithm | |
Schwiderski-Grosche et al. | Public key based network access | |
Mihai | Packet Cable Security Architecture | |
Annex | IPCablecom Admin guidelines & best practices | |
Backbone | 4 Conventions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20200407 |